Google Authenticator - Version 0.44

Version Description

Installation/FAQ section updated.
Simplified Chinese translation by Kaijia Feng added.
Tabindex on loginpage removed, no longer needed, was used by older WordPress installations.
Inputfield renamed to "googleotp".
Defaultdescription changed to "WordPressBlog" to avoid trouble for iPhone users.
Compatibility with Ryan Hellyer's plugin http://geek.ryanhellyer.net/products/deactivate-google-authenticator/
Must enter all 6 code digits.

Release Info

Developer	Henrik.Schack
Plugin	Google Authenticator
Version	0.44
Comparing to
See all releases

Code changes from version 0.43 to 0.44

Files changed (3) hide show

google-authenticator.php +15 -7
lang/google-authenticator-zh_CN.mo +0 -0
readme.txt +31 -10

google-authenticator.php CHANGED Viewed

	@@ -4,9 +4,9 @@ Plugin Name: Google Authenticator
4	Plugin URI: http://henrik.schack.dk/google-authenticator-for-wordpress
5	Description: Two-Factor Authentication for WordPress using the Android/iPhone/Blackberry app as One Time Password generator.
6	Author: Henrik Schack
7	- Version: 0.43
8	Author URI: http://henrik.schack.dk/
9	- Compatibility: WordPress 3.~~4.1~~
10	Text Domain: google-authenticator
11	Domain Path: /lang
12
	@@ -18,10 +18,11 @@ Domain Path: /lang
18	Thanks to Daniel Werl for his usability tips.
19	Thanks to Dion Hulse for his bugfixes.
20	Thanks to Aldo Latino for his Italian translation.

21
22	----------------------------------------------------------------------------
23
24	- Copyright ~~2012~~ Henrik Schack (email : henrik@schack.dk)
25
26	This program is free software; you can redistribute it and/or modify
27	it under the terms of the GNU General Public License as published by
	@@ -76,6 +77,13 @@ function init() {
76	*/
77	function verify( $secretkey, $thistry, $relaxedmode ) {
78







79	// If user is running in relaxed mode, we allow more time drifting
80	// �4 min, as opposed to � 30 seconds in normal mode.
81	if ( $relaxedmode == 'enabled' ) {
	@@ -133,7 +141,7 @@ function create_secret() {
133	function loginform() {
134	echo "\t<p>\n";
135	echo "\t\t<label title=\"".__('If you don\'t have Google Authenticator enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('Google Authenticator code','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
136	- echo "\t\t<input type=\"text\" name=\"~~otp~~\" id=\"user_email\" class=\"input\" value=\"\" size=\"20\" ~~tabindex=\"25\"~~ /></label>\n";
137	echo "\t</p>\n";
138	}
139
	@@ -172,7 +180,7 @@ function check_otp( $user, $username = '', $password = '' ) {
172	$GA_relaxedmode = trim( get_user_option( 'googleauthenticator_relaxedmode', $user->ID ) );
173
174	// Get the verification code entered by the user trying to login
175	- $otp = ~~intval(~~ trim( $_POST[ '~~otp~~' ] ) );
176
177	// Valid code ?
178	if ( $this->verify( $GA_secret, $otp, $GA_relaxedmode ) ) {
	@@ -230,7 +238,7 @@ function profile_personal_options() {
230
231	// Use "WordPress Blog" as default description
232	if ( '' == $GA_description ) {
233	- $GA_description = __( '~~WordPress Blog~~', 'google-authenticator' );
234	}
235
236	echo "<h3>".__( 'Google Authenticator Settings', 'google-authenticator' )."</h3>\n";
	@@ -486,5 +494,5 @@ function ajax_callback() {
486
487	} // end class
488
489	- new GoogleAuthenticator;
490	?>


4	Plugin URI: http://henrik.schack.dk/google-authenticator-for-wordpress
5	Description: Two-Factor Authentication for WordPress using the Android/iPhone/Blackberry app as One Time Password generator.
6	Author: Henrik Schack
7	+ Version: 0.44
8	Author URI: http://henrik.schack.dk/
9	+ Compatibility: WordPress 3.5
10	Text Domain: google-authenticator
11	Domain Path: /lang
12

18	Thanks to Daniel Werl for his usability tips.
19	Thanks to Dion Hulse for his bugfixes.
20	Thanks to Aldo Latino for his Italian translation.
21	+ Thanks to Kaijia Feng for his Simplified Chinese translation.
22
23	----------------------------------------------------------------------------
24
25	+ Copyright 2013 Henrik Schack (email : henrik@schack.dk)
26
27	This program is free software; you can redistribute it and/or modify
28	it under the terms of the GNU General Public License as published by

77	*/
78	function verify( $secretkey, $thistry, $relaxedmode ) {
79
80	+ // Did the user enter 6 digits ?
81	+ if ( strlen( $thistry ) != 6) {
82	+ return false;
83	+ } else {
84	+ $thistry = intval ( $thistry );
85	+ }
86	+
87	// If user is running in relaxed mode, we allow more time drifting
88	// �4 min, as opposed to � 30 seconds in normal mode.
89	if ( $relaxedmode == 'enabled' ) {

141	function loginform() {
142	echo "\t<p>\n";
143	echo "\t\t<label title=\"".__('If you don\'t have Google Authenticator enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('Google Authenticator code','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
144	+ echo "\t\t<input type=\"text\" name=\"googleotp\" id=\"user_email\" class=\"input\" value=\"\" size=\"20\" /></label>\n";
145	echo "\t</p>\n";
146	}
147

180	$GA_relaxedmode = trim( get_user_option( 'googleauthenticator_relaxedmode', $user->ID ) );
181
182	// Get the verification code entered by the user trying to login
183	+ $otp = trim( $_POST[ 'googleotp' ] );
184
185	// Valid code ?
186	if ( $this->verify( $GA_secret, $otp, $GA_relaxedmode ) ) {

238
239	// Use "WordPress Blog" as default description
240	if ( '' == $GA_description ) {
241	+ $GA_description = __( 'WordPressBlog', 'google-authenticator' );
242	}
243
244	echo "<h3>".__( 'Google Authenticator Settings', 'google-authenticator' )."</h3>\n";

494
495	} // end class
496
497	+ $google_authenticator = new GoogleAuthenticator;
498	?>

lang/google-authenticator-zh_CN.mo ADDED Viewed

Binary file

readme.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Contributors: Henrik.Schack
3	Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=henrik%40schack%2edk&lc=US&item_name=Google%20Authenticator&item_number=Google%20Authenticator&no_shipping=0&no_note=1&tax=0&bn=PP%2dDonationsBF&charset=UTF%2d8
4	Tags: authentication,otp,password,security,login,android,iphone,blackberry
5	- Requires at least: 3.~~1.2~~
6	- Tested up to: 3.~~4.1~~
7	- Stable tag: 0.43
8
9	Google Authenticator for your WordPress blog.
10
	@@ -12,7 +12,7 @@ Google Authenticator for your WordPress blog.
12
13	The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.
14
15	- If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on ~~your~~ Gmail ~~or Google Apps account~~.
16
17	The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.
18
	@@ -20,12 +20,13 @@ If You need to maintain your blog using an Android/iPhone app, or any other soft
20	but please note that enabling the App password feature will make your blog less secure.
21
22	== Installation ==
23	-
24	- 1. Install and activate the plugin.
25	- 2. Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
26	- 3. Scan the generated QR code with your phone, or enter the secret manually (remember to pick the time based one).
27	- 4. ~~Remember~~ to ~~hit~~ the Update profile ~~button~~ at ~~the bottom~~ of ~~the~~ ~~page~~ ~~before~~ ~~leaving~~ ~~the~~ ~~Personal~~ ~~options~~ ~~page~~.
28	- 4. ~~That's~~ ~~it,~~ ~~your~~ ~~WordPress~~ ~~blog~~ is ~~now~~ a ~~little~~ ~~more~~ ~~secure~~.

29
30	== Frequently Asked Questions ==
31
	@@ -53,6 +54,15 @@ Another option is to enable "relaxed mode" in the settings for the plugin, this
53
54	Yes, each user has his own Google Authenticator settings.
55









56	== Screenshots ==
57
58	1. The enhanced log-in box.
	@@ -62,6 +72,15 @@ Yes, each user has his own Google Authenticator settings.
62
63	== Changelog ==
64









65	= 0.43 =
66	* It's now possible for an admin to hide the Google Authenticaator settings on a per-user basis. (Feature request by : Skate-O)
67
	@@ -110,3 +129,5 @@ Thanks to:
110	[Dion Hulse](http://dd32.id.au/) for his bugfixes.
111
112	[Aldo Latino](http://profiles.wordpress.org/users/aldolat/) for his Italian translation.


2	Contributors: Henrik.Schack
3	Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=henrik%40schack%2edk&lc=US&item_name=Google%20Authenticator&item_number=Google%20Authenticator&no_shipping=0&no_note=1&tax=0&bn=PP%2dDonationsBF&charset=UTF%2d8
4	Tags: authentication,otp,password,security,login,android,iphone,blackberry
5	+ Requires at least: 3.5
6	+ Tested up to: 3.5
7	+ Stable tag: 0.44
8
9	Google Authenticator for your WordPress blog.
10

12
13	The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.
14
15	+ If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.
16
17	The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.
18

20	but please note that enabling the App password feature will make your blog less secure.
21
22	== Installation ==
23	+ 1. Make sure your webhost is capable of providing accurate time information for PHP/WordPress, ie. make sure a NTP daemon is running on the server.
24	+ 2. Install and activate the plugin.
25	+ 3. Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
26	+ 4. Scan the generated QR code with your phone, or enter the secret manually, remember to pick the time based one.
27	+ You may also want to write down the secret on a piece of paper and store it in a safe place.
28	+ 5. Remember to hit the Update profile button at the bottom of the page before leaving the Personal options page.
29	+ 6. That's it, your WordPress blog is now a little more secure.
30
31	== Frequently Asked Questions ==
32

54
55	Yes, each user has his own Google Authenticator settings.
56
57	+ = During installation I forgot the thing about making sure my webhost is capable of providing accurate time information, I'm now unable to login, please help. =
58	+
59	+ If you have SSH or FTP access to your webhosting account, you can manually delete the plugin from your WordPress installation,
60	+ just delete the wp-content/plugins/google-authenticator directory, and you'll be able to login using username/password again.
61	+
62	+ = I don't own a Smartphone, isn't there another way to generate these secret codes ? =
63	+ Yes, there is a Chrome browser extension you can use : http://4bits.dk/Uwg09z
64	+
65	+
66	== Screenshots ==
67
68	1. The enhanced log-in box.

72
73	== Changelog ==
74
75	+ = 0.44 =
76	+ * Installation/FAQ section updated.
77	+ * Simplified Chinese translation by Kaijia Feng added.
78	+ * Tabindex on loginpage removed, no longer needed, was used by older WordPress installations.
79	+ * Inputfield renamed to "googleotp".
80	+ * Defaultdescription changed to "WordPressBlog" to avoid trouble for iPhone users.
81	+ * Compatibility with Ryan Hellyer's plugin http://geek.ryanhellyer.net/products/deactivate-google-authenticator/
82	+ * Must enter all 6 code digits.
83	+
84	= 0.43 =
85	* It's now possible for an admin to hide the Google Authenticaator settings on a per-user basis. (Feature request by : Skate-O)
86

129	[Dion Hulse](http://dd32.id.au/) for his bugfixes.
130
131	[Aldo Latino](http://profiles.wordpress.org/users/aldolat/) for his Italian translation.
132	+
133	+ [Kaijia Feng](http://www.kaijia.me/) for his Simplified Chinese translation.