-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathhelpers.php
More file actions
193 lines (168 loc) · 4.69 KB
/
helpers.php
File metadata and controls
193 lines (168 loc) · 4.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
<?php
namespace BEAPI\Maintenance_Mode;
class Helpers {
/**
* Tells when maintenance mode needs to be activated or not.
*
* There are multiple ways to check if the current content is allowed or not to be displayed, if not it's maintenance mode.
*
* Reasons for not maintenance mode :
* - user logged in
* - current ip is from whitelist
* - it is multisite activation process
*
* @return bool
* @author Maxime CULEA
*
*/
public static function is_maintenance_mode() {
$is_maintenance_mode = true;
if ( self::is_user_authenticated() ) {
$is_maintenance_mode = false;
}
if ( self::is_allowed_ip() ) {
$is_maintenance_mode = false;
}
if ( self::is_ms_activate() ) {
$is_maintenance_mode = false;
}
return apply_filters( 'beapi.maintenance_mode.is_maintenance_mode', $is_maintenance_mode );
}
/**
* Check if the current user is authenticated.
* This method handles both regular requests and REST API requests.
*
* @return bool
* @since 2.1.1
*/
public static function is_user_authenticated() {
// For regular requests, check if user is logged in.
if ( is_user_logged_in() ) {
return true;
}
// For REST API requests, we need to check authentication differently
// because is_user_logged_in() may not work correctly at this point.
if ( ! defined( 'REST_REQUEST' ) || ! REST_REQUEST ) {
return false;
}
// Try to get current user (this works even for REST API).
$user = wp_get_current_user();
if ( $user && $user->ID > 0 ) {
return true;
}
// Check if there's a valid authentication cookie.
// This is useful when cookies are sent but not yet processed.
if ( ! defined( 'LOGGED_IN_COOKIE' ) || empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
return false;
}
$cookie = wp_parse_auth_cookie( $_COOKIE[ LOGGED_IN_COOKIE ], 'logged_in' );
if ( empty( $cookie['username'] ) || empty( $cookie['expiration'] ) ) {
return false;
}
// Verify the cookie is still valid by checking expiration.
if ( $cookie['expiration'] <= time() ) {
return false;
}
// Verify the user exists.
$user = get_user_by( 'login', $cookie['username'] );
if ( ! $user || $user->ID <= 0 ) {
return false;
}
return true;
}
/**
* Check if the current IP is in whitelist
*
* @return bool
* @author Maxime CULEA
* @since 1.0.0
*
*/
public static function is_allowed_ip() {
/**
* Allow to add/remove custom ips
*
* @params array $whitelist_ips : Array of allowed ips
*
* @return array
* @author Maxime CULEA
* @since 1.0.0
*
*/
$whitelist_ips = apply_filters( 'beapi.maintenance_mode.whitelist_ips', [] );
if ( empty( $whitelist_ips ) ) { // No whitelist, then nobody is allowed
return false;
}
// Get user IP
$current_ip = isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : '';
if ( empty( $current_ip ) ) {
// No current ip set to check against
return false;
}
$current_ip = preg_replace_callback( '/(\d+)/', [ __CLASS__, 'maintenance_replace_ip' ], $current_ip );
// Loop on each whitelist IP
foreach ( $whitelist_ips as $allowed_ip ) {
$allowed_ip = preg_replace_callback( '/(\d+)/', [ __CLASS__, 'maintenance_replace_ip' ], $allowed_ip );
// Not strict mode check because user ip and whitelist ips could not be the same type
if ( $current_ip === $allowed_ip ) {
// We found a match into the whitelist
return true;
}
}
// No matching ip into the whitelist
return false;
}
/**
* Check if during multisite process to avoid not maintenance mode or not
*
* @return bool
* @author Maxime CULEA
* @since 1.0.0
*
*/
public static function is_ms_activate() {
if ( empty( $_SERVER['SCRIPT_NAME'] ) ) {
return false;
}
return in_array( ltrim( $_SERVER['SCRIPT_NAME'], '/' ), [ 'wp-login.php', 'wp-activate.php' ] );
}
/**
* Make sure we don't depend on the representation by justifying numbers with 3 decimals.
*
* @param $matches
*
* @return string
* @author Nicolas Juen
* @since 1.0.0
*
*/
private static function maintenance_replace_ip( $matches ) {
return sprintf( '%03d', $matches[1] );
}
/**
* Get the maintenance template path
*
* @return string
* @author Maxime CULEA
* @since 1.0.0
*
*/
public static function get_template_path() {
$default = BEAPI_MAINTENANCE_MODE_DIR . 'templates/maintenance.php';
/**
* Filter maintenance template path to add a custom one
*
* @params string $default : The path to the custom template
*
* @return array
* @author Maxime CULEA
* @since 1.0.0
*
*/
$template = apply_filters( 'beapi.maintenance_mode.template.path', $default );
if ( empty( $template ) || ! is_file( $template ) ) {
$template = $default;
}
return $template;
}
}