<?php echo esc_html( $title ); ?>

` so search engines don't * cache the splash. Optional logo image, configurable heading, message, and * three colours (background, text, accent). * * @package BW_Dev */ class BW_Dev_Module_Maintenance_Mode implements BW_Dev_Module_Interface { const COOKIE_NAME = 'bw_dev_maintenance_bypass'; const QUERY_PARAM = 'bw_preview'; const ALLOWED_MODES = array( 'off', 'coming_soon', 'under_construction', 'maintenance' ); const COLOR_REGEX = '/^#[0-9a-fA-F]{3,8}$/'; public function slug(): string { return 'maintenance_mode'; } public function label(): string { return __( 'Maintenance Mode', 'bw-dev' ); } public function group(): string { return 'frontend'; } public function default_settings(): array { return array( 'mode' => 'off', 'heading' => '', 'message' => '', 'bg_color' => '#f6f7f7', 'text_color' => '#1d2327', 'accent_color' => '#2271b1', 'logo_url' => '', 'bypass_roles' => array(), 'bypass_token' => '', 'retry_after_hours' => 1, ); } public function sanitize( array $data ): array { $mode = isset( $data['mode'] ) ? sanitize_key( (string) $data['mode'] ) : 'off'; if ( ! in_array( $mode, self::ALLOWED_MODES, true ) ) { $mode = 'off'; } $bypass_roles_raw = isset( $data['bypass_roles'] ) && is_array( $data['bypass_roles'] ) ? $data['bypass_roles'] : array(); $bypass_roles = array(); foreach ( $bypass_roles_raw as $role_slug ) { $role_slug = sanitize_key( (string) $role_slug ); if ( '' !== $role_slug ) { $bypass_roles[] = $role_slug; } } $token = isset( $data['bypass_token'] ) ? (string) $data['bypass_token'] : ''; $token = preg_replace( '/[^a-zA-Z0-9]/', '', $token ); // Auto-generate the first time the mode becomes active. if ( 'off' !== $mode && '' === $token ) { $token = wp_generate_password( 32, false, false ); } $retry_hours = isset( $data['retry_after_hours'] ) ? (int) $data['retry_after_hours'] : 1; $retry_hours = max( 1, min( 168, $retry_hours ) ); return array( 'mode' => $mode, 'heading' => isset( $data['heading'] ) ? sanitize_text_field( wp_unslash( (string) $data['heading'] ) ) : '', 'message' => isset( $data['message'] ) ? wp_kses_post( wp_unslash( (string) $data['message'] ) ) : '', 'bg_color' => $this->sanitize_hex( $data['bg_color'] ?? '' ), 'text_color' => $this->sanitize_hex( $data['text_color'] ?? '' ), 'accent_color' => $this->sanitize_hex( $data['accent_color'] ?? '' ), 'logo_url' => isset( $data['logo_url'] ) ? esc_url_raw( wp_unslash( (string) $data['logo_url'] ) ) : '', 'bypass_roles' => array_values( array_unique( $bypass_roles ) ), 'bypass_token' => $token, 'retry_after_hours' => $retry_hours, ); } private function sanitize_hex( $value ): string { $value = strtolower( trim( (string) $value ) ); if ( '' === $value ) { return ''; } return preg_match( self::COLOR_REGEX, $value ) ? $value : ''; } public function register(): void { add_action( 'init', array( $this, 'maybe_set_bypass_cookie' ), 1 ); add_action( 'template_redirect', array( $this, 'maybe_render' ), 1 ); add_action( 'admin_enqueue_scripts', array( $this, 'maybe_enqueue_media' ) ); } public function maybe_enqueue_media( $hook ): void { if ( 'settings_page_' . BW_Dev_Admin_Page::MENU_SLUG !== $hook ) { return; } $query = wp_unslash( $_GET ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended $tab = isset( $query['tab'] ) ? sanitize_key( (string) $query['tab'] ) : 'modules'; if ( $this->slug() !== $tab ) { return; } wp_enqueue_media(); } public function maybe_set_bypass_cookie(): void { $query = wp_unslash( $_GET ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended $raw = isset( $query[ self::QUERY_PARAM ] ) ? (string) $query[ self::QUERY_PARAM ] : ''; if ( '' === $raw ) { return; } $token = preg_replace( '/[^a-zA-Z0-9]/', '', $raw ); if ( '' === $token ) { return; } $stored = (string) bw_dev()->settings()->get( $this->slug(), 'bypass_token', '' ); if ( '' === $stored || ! hash_equals( $stored, $token ) ) { return; } // Session cookie — expires when browser closes. Shared preview links stay short-lived. setcookie( self::COOKIE_NAME, $token, 0, COOKIEPATH ?: '/', COOKIE_DOMAIN ?: '', is_ssl(), true ); } public function maybe_render(): void { $mode = (string) bw_dev()->settings()->get( $this->slug(), 'mode', 'off' ); if ( 'off' === $mode || ! in_array( $mode, self::ALLOWED_MODES, true ) ) { return; } if ( $this->user_can_bypass() ) { return; } $this->render_template( $mode ); } private function user_can_bypass(): bool { // Admin / AJAX / cron contexts always pass through. if ( is_admin() || wp_doing_ajax() || wp_doing_cron() ) { return true; } // wp-login.php must remain reachable. if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) { return true; } // Token cookie set by ?bw_preview=TOKEN. if ( $this->has_valid_bypass_cookie() ) { return true; } // Admin-level capability — typical Bowden Works "agency dev still working" path. if ( is_user_logged_in() && current_user_can( 'manage_options' ) ) { return true; } // Extra roles configured to bypass. if ( is_user_logged_in() && $this->user_in_bypass_roles() ) { return true; } return false; } private function has_valid_bypass_cookie(): bool { $cookies = wp_unslash( $_COOKIE ); $raw = isset( $cookies[ self::COOKIE_NAME ] ) ? (string) $cookies[ self::COOKIE_NAME ] : ''; if ( '' === $raw ) { return false; } $cookie = preg_replace( '/[^a-zA-Z0-9]/', '', $raw ); $stored = (string) bw_dev()->settings()->get( $this->slug(), 'bypass_token', '' ); return '' !== $stored && '' !== $cookie && hash_equals( $stored, $cookie ); } private function user_in_bypass_roles(): bool { $allowed = bw_dev()->settings()->get( $this->slug(), 'bypass_roles', array() ); if ( ! is_array( $allowed ) || empty( $allowed ) ) { return false; } $user = wp_get_current_user(); if ( ! ( $user instanceof WP_User ) || 0 === (int) $user->ID ) { return false; } foreach ( (array) $user->roles as $role ) { if ( in_array( $role, $allowed, true ) ) { return true; } } return false; } private function preset_defaults(): array { return array( 'coming_soon' => array( 'heading' => __( 'Coming Soon', 'bw-dev' ), 'message' => __( 'We\'re putting the finishing touches on the site. Check back soon.', 'bw-dev' ), 'status' => 200, ), 'under_construction' => array( 'heading' => __( 'Under Construction', 'bw-dev' ), 'message' => __( 'The site is being updated. Some pages may be temporarily unavailable.', 'bw-dev' ), 'status' => 200, ), 'maintenance' => array( 'heading' => __( 'Back Shortly', 'bw-dev' ), 'message' => __( 'We\'re performing scheduled maintenance. The site will be back online shortly.', 'bw-dev' ), 'status' => 503, ), ); } private function render_template( string $mode ): void { $presets = $this->preset_defaults(); $preset = $presets[ $mode ]; $s = bw_dev()->settings()->get( $this->slug() ); if ( ! is_array( $s ) ) { $s = array(); } $heading = '' !== trim( (string) ( $s['heading'] ?? '' ) ) ? (string) $s['heading'] : $preset['heading']; $message = '' !== trim( (string) ( $s['message'] ?? '' ) ) ? (string) $s['message'] : $preset['message']; $bg = $this->sanitize_hex( $s['bg_color'] ?? '' ) ?: '#f6f7f7'; $text = $this->sanitize_hex( $s['text_color'] ?? '' ) ?: '#1d2327'; $accent = $this->sanitize_hex( $s['accent_color'] ?? '' ) ?: '#2271b1'; $logo = isset( $s['logo_url'] ) ? (string) $s['logo_url'] : ''; $status = (int) $preset['status']; nocache_headers(); status_header( $status ); if ( 503 === $status ) { $retry = max( 1, (int) ( $s['retry_after_hours'] ?? 1 ) ) * 3600; header( 'Retry-After: ' . $retry ); } header( 'Content-Type: text/html; charset=UTF-8' ); $site_name = get_bloginfo( 'name' ); $title = $heading . ' — ' . $site_name; $logo_markup = '' !== $logo ? '

' : ''; echo '' . "\n"; ?> <?php echo esc_html( $title ); ?>

array( 'src' => true, 'alt' => true ) ) ); ?>

settings()->get( $this->slug() ); if ( ! is_array( $s ) ) { $s = $this->default_settings(); } $mode = (string) ( $s['mode'] ?? 'off' ); $token = (string) ( $s['bypass_token'] ?? '' ); $bypass_roles = isset( $s['bypass_roles'] ) && is_array( $s['bypass_roles'] ) ? array_flip( $s['bypass_roles'] ) : array(); $all_roles = wp_roles()->roles; $base = BW_Dev_Settings::OPTION . '[' . $this->slug() . ']'; $is_active = 'off' !== $mode && in_array( $mode, self::ALLOWED_MODES, true ); $preview_url = $is_active && '' !== $token ? home_url( '/?' . self::QUERY_PARAM . '=' . rawurlencode( $token ) ) : ''; $mode_options = array( 'off' => __( 'Off — site is live', 'bw-dev' ), 'coming_soon' => __( 'Coming Soon (HTTP 200, pre-launch)', 'bw-dev' ), 'under_construction' => __( 'Under Construction (HTTP 200, partial updates in progress)', 'bw-dev' ), 'maintenance' => __( 'Maintenance (HTTP 503, scheduled downtime — search engines + uptime monitors retry)', 'bw-dev' ), ); ?>

' . esc_html( $mode ) . '' ); ?>

$role_data ) : $role_label = isset( $role_data['name'] ) ? translate_user_role( (string) $role_data['name'] ) : (string) $role_slug; $field_name = $base . '[bypass_roles][]'; $is_checked = isset( $bypass_roles[ $role_slug ] ); ?> />