Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 4.4

Version Description

  • Google Authenticator (2FA):
  • Compatibility with Limit Login Attempts.
  • New User Interface for login.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 4.4
Comparing to
See all releases

Code changes from version 4.3.4 to 4.4

Files changed (19) hide show
  1. class-customer-setup.php +15 -0
  2. class-miniorange-2-factor-login.php +69 -657
  3. class-miniorange-2-factor-pass2fa-login.php +340 -1428
  4. class-miniorange-2-factor-user-registration.php +1 -1
  5. class-rba-attributes.php +13 -0
  6. class-two-factor-setup.php +14 -0
  7. includes/css/bootstrap.min.css +9 -4
  8. includes/css/front_end_login.css +14 -2
  9. includes/css/hide-login-form.css +7 -0
  10. includes/css/style_settings.css +1 -1
  11. includes/images/miniOrange2.png +0 -0
  12. miniorange_2_factor_common_login.php +696 -488
  13. miniorange_2_factor_configuration.php +2 -5
  14. miniorange_2_factor_frontend_shortcode.php +0 -543
  15. miniorange_2_factor_mobile_configuration.php +3 -21
  16. miniorange_2_factor_settings.php +53 -48
  17. miniorange_2_factor_user_inline_registration.php +0 -964
  18. miniorange_2_factor_woocommerce_login.php +0 -1817
  19. readme.txt +12 -1
class-customer-setup.php CHANGED
@@ -48,6 +48,8 @@ class Customer_Setup{
48
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
49
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
50
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
51
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
52
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
53
  curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'charset: UTF - 8', 'Authorization: Basic' ) );
@@ -98,6 +100,8 @@ class Customer_Setup{
98
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
99
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
100
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
101
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
102
 
103
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -141,7 +145,10 @@ class Customer_Setup{
141
  curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
142
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
143
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
 
 
144
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
145
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
146
 
147
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -225,6 +232,8 @@ class Customer_Setup{
225
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
226
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
227
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
228
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
229
 
230
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -305,6 +314,8 @@ class Customer_Setup{
305
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
306
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
307
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
308
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
309
 
310
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -348,6 +359,8 @@ class Customer_Setup{
348
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
349
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
350
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
351
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
352
 
353
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -385,6 +398,8 @@ class Customer_Setup{
385
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
386
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
387
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
388
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
389
 
390
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
48
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
49
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
50
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
51
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
52
+
53
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
54
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
55
  curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'charset: UTF - 8', 'Authorization: Basic' ) );
100
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
101
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
102
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
103
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
104
+
105
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
106
 
107
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
145
  curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
146
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
147
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
148
+
149
+
150
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
151
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
152
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
153
 
154
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
232
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
233
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
234
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
235
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
236
+
237
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
238
 
239
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
314
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
315
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
316
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
317
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
318
+
319
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
320
 
321
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
359
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
360
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
361
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
362
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
363
+
364
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
365
 
366
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
398
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
399
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
400
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
401
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
402
+
403
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
404
 
405
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
class-miniorange-2-factor-login.php CHANGED
@@ -23,6 +23,8 @@ Contains Request Calls to Customer service.
23
 
24
  **/
25
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
 
 
26
  class Miniorange_Mobile_Login{
27
 
28
  public function miniorange_login_start_session(){
@@ -30,307 +32,6 @@ class Miniorange_Mobile_Login{
30
  session_start();
31
  }
32
  }
33
-
34
- public function my_login_redirect() {
35
-
36
- if (isset($_POST['miniorange_login_nonce'])){
37
- $nonce = $_POST['miniorange_login_nonce'];
38
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
39
- $_SESSION['mo2f-login-message'] = 'Invalid request';
40
- $this->mo_auth_show_error_message();
41
- } else {
42
- $this->miniorange_login_start_session();
43
- //validation and sanitization
44
- $username = '';
45
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
46
- $_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
47
- $this->mo_auth_show_error_message();
48
- return;
49
- } else{
50
- $username = sanitize_text_field( $_POST['mo2fa_username'] );
51
- }
52
-
53
- if ( username_exists( $username ) ){ /*if username exists in wp site */
54
- $user = new WP_User( $username );
55
- if( ! session_id() || session_id() == '' || !isset($_SESSION) ) {
56
- session_start();
57
- }
58
- $_SESSION[ 'mo2f_current_user' ] = serialize($user);
59
- $roles = $user->roles;
60
- $current_role = array_shift($roles);
61
- if(get_option('mo2fa_'.$current_role)){
62
- if(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
63
- if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($user->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
64
- $this->mo2f_login_kba_verification($user);
65
- }else{
66
- $mo2f_second_factor = mo2f_get_user_2ndfactor($user);
67
- if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
68
- $this->mo2f_login_mobile_verification($user);
69
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
70
- $this->mo2f_login_push_oobemail_verification($user,$mo2f_second_factor);
71
- }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
72
- $this->mo2f_login_otp_verification($user,$mo2f_second_factor);
73
- }else if($mo2f_second_factor == 'KBA'){
74
- $this->mo2f_login_kba_verification($user);
75
- }else{
76
- $this->remove_current_activity();
77
- $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
78
- $this->mo_auth_show_success_message();
79
- }
80
- }
81
- }else{
82
- $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
83
- $this->mo_auth_show_success_message();
84
- $this->mo2f_redirectto_wp_login();
85
- }
86
- }else{
87
- $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
88
- $this->mo_auth_show_success_message();
89
- $this->mo2f_redirectto_wp_login();
90
- }
91
- }else{
92
- $this->remove_current_activity();
93
- $_SESSION['mo2f-login-message'] = 'Invalid Username.';
94
- $this->mo_auth_show_error_message();
95
- }
96
- }
97
- }
98
-
99
- if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){ /*check kba validation*/
100
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
101
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
102
- $error = new WP_Error();
103
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
104
- return $error;
105
- }else {
106
- $this->miniorange_login_start_session();
107
- $second_factor = isset($_POST[ 'mo2f_selected_2factor_method' ]) ? $_POST[ 'mo2f_selected_2factor_method' ] : 'KBA';
108
- if($second_factor == 'OTP OVER EMAIL'){
109
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
110
- $id = $current_user->ID;
111
- $customer = new Customer_Setup();
112
- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
113
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
114
- $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
115
- $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
116
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ;
117
- }else{
118
- $_SESSION['mo2f-login-message'] = 'Error occured while sending OTP over your regsitered email. Please try again or select Security Questions (KBA) to login.';
119
- }
120
- }else{
121
- $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
122
- $this->mo2f_login_kba_verification($current_user);
123
- }
124
- }
125
- }
126
-
127
- if(isset($_POST['miniorange_alternate_login_kba_nonce'])){ /*check kba validation*/
128
- $nonce = $_POST['miniorange_alternate_login_kba_nonce'];
129
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
130
- $error = new WP_Error();
131
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
132
- return $error;
133
- }else {
134
- $this->miniorange_login_start_session();
135
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
136
- $this->mo2f_login_kba_verification($currentuser);
137
- }
138
- }
139
-
140
- if(isset($_POST['miniorange_kba_nonce'])){ /*check kba validation*/
141
- $nonce = $_POST['miniorange_kba_nonce'];
142
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
143
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
144
- $this->mo_auth_show_error_message();
145
- } else {
146
- $this->miniorange_login_start_session();
147
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
148
- if(isset($_SESSION[ 'mo2f_current_user' ])){
149
- if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) || MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
150
- return;
151
- }
152
- $otpToken = array();
153
- $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
154
- $otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
155
- $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
156
- $otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
157
- $check_trust_device = sanitize_text_field( $_POST[ 'mo2f_trust_device' ] );
158
-
159
- $kba_validate = new Customer_Setup();
160
- $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $_SESSION[ 'mo2f-login-transactionId' ], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
161
-
162
-
163
- if( username_exists( $currentuser->user_login )) { // user is a member
164
- if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
165
- remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
166
- add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
167
- }else{
168
- $_SESSION[ 'mo2f-login-message' ] = 'The answers you have provided are incorrect.';
169
- }
170
- }else{
171
- $this->remove_current_activity();
172
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
173
- $this->mo_auth_show_error_message();
174
- }
175
- }else{
176
- $this->remove_current_activity();
177
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
178
- $this->mo_auth_show_error_message();
179
- }
180
- }
181
- }
182
-
183
- if(isset($_POST['miniorange_mobile_validation_nonce'])){ /*check mobile validation */
184
- $nonce = $_POST['miniorange_mobile_validation_nonce'];
185
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
186
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
187
- $this->mo_auth_show_error_message();
188
- } else {
189
- $this->miniorange_login_start_session();
190
- $currentuser = unserialize($_SESSION[ 'mo2f_current_user' ]);
191
- $username = $currentuser->user_login;
192
- if( username_exists( $username )) { // user is a member
193
- $checkMobileStatus = new Two_Factor_Setup();
194
- $content = $checkMobileStatus->check_mobile_status($_SESSION[ 'mo2f-login-transactionId' ]);
195
- $response = json_decode($content, true);
196
- if(json_last_error() == JSON_ERROR_NONE) {
197
- if($response['status'] == 'SUCCESS'){
198
- remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
199
- add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
200
- }else{
201
- $this->remove_current_activity();
202
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
203
- $this->mo_auth_show_error_message();
204
- }
205
- }else{
206
- $this->remove_current_activity();
207
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
208
- $this->mo_auth_show_error_message();
209
- }
210
- } else{
211
- $this->remove_current_activity();
212
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
213
- $this->mo_auth_show_error_message();
214
- }
215
- }
216
- }
217
-
218
- if (isset($_POST['miniorange_mobile_validation_failed_nonce'])){ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
219
- $nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
220
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
221
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
222
- $this->mo_auth_show_error_message();
223
- } else {
224
- $this->miniorange_login_start_session();
225
- $this->remove_current_activity();
226
- }
227
- }
228
-
229
- if(isset($_POST['miniorange_forgotphone'])){ /*Click on the link of forgotphone */
230
- $nonce = $_POST['miniorange_forgotphone'];
231
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
232
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
233
- $this->mo_auth_show_error_message();
234
- } else{
235
- $this->miniorange_login_start_session();
236
- $customer = new Customer_Setup();
237
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
238
- $id = $current_user->ID;
239
- if(get_user_meta($id,'mo2f_kba_registration_status',true)){
240
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
241
- unset($_SESSION['mo2f-login-message']);
242
- }else{
243
- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
244
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
245
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
246
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
247
- $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
248
- $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
249
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
250
- $this->mo_auth_show_success_message();
251
- }else{
252
- $_SESSION['mo2f-login-message'] = 'Error:OTP over Email';
253
- $this->mo_auth_show_success_message();
254
- }
255
- }
256
- }
257
- }
258
-
259
- if(isset($_POST['miniorange_softtoken'])){ /*Click on the link of phone is offline */
260
- $nonce = $_POST['miniorange_softtoken'];
261
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
262
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
263
- $this->mo_auth_show_error_message();
264
- } else{
265
- $this->miniorange_login_start_session();
266
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
267
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
268
- $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.';
269
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
270
- }
271
- }
272
-
273
- if (isset($_POST['miniorange_soft_token_nonce'])){ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
274
- $nonce = $_POST['miniorange_soft_token_nonce'];
275
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
276
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
277
- $this->mo_auth_show_error_message();
278
- } else {
279
- $this->miniorange_login_start_session();
280
- $softtoken = '';
281
- if( MO2f_utility::mo2f_check_empty_or_null( $_POST[ 'mo2fa_softtoken' ] ) ) {
282
- $_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed';
283
- $this->mo_auth_show_error_message();
284
- return;
285
- } else{
286
- $softtoken = sanitize_text_field( $_POST[ 'mo2fa_softtoken' ] );
287
- if(!MO2f_utility::mo2f_check_number_length($softtoken)){
288
- $_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
289
- return;
290
- }
291
- }
292
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
293
- if(isset($_SESSION[ 'mo2f_current_user' ])){
294
- $customer = new Customer_Setup();
295
- $content ='';
296
- if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
297
- $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
298
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
299
- $content = json_decode($customer->validate_otp_token( 'SMS', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
300
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
301
- $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
302
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
303
- $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
304
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
305
- $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
306
- }else{
307
- $this->remove_current_activity();
308
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.';
309
- $this->mo_auth_show_error_message();
310
- }
311
-
312
- if( username_exists( $currentuser->user_login )) { // user is a member
313
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
314
- remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
315
- add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
316
- }else{
317
- $message = $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again';
318
- $_SESSION['mo2f-login-message'] = $message;
319
- $this->mo_auth_show_error_message();
320
- }
321
- }else{
322
- $this->remove_current_activity();
323
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
324
- $this->mo_auth_show_error_message();
325
- }
326
- }else{
327
- $this->remove_current_activity();
328
- $_SESSION['mo2f-login-message'] = 'Invalid request.';
329
- $this->mo_auth_show_error_message();
330
- }
331
- }
332
- }
333
- }
334
 
335
  function remove_current_activity(){
336
  unset($_SESSION[ 'mo2f_current_user' ]);
@@ -339,174 +40,67 @@ class Miniorange_Mobile_Login{
339
  unset($_SESSION[ 'mo2f-login-transactionId' ]);
340
  unset($_SESSION[ 'mo2f-login-message' ]);
341
  unset($_SESSION[ 'mo_2_factor_kba_questions' ]);
 
 
 
 
 
342
  }
343
 
344
- function mo2fa_login(){
345
- if(isset($_SESSION[ 'mo2f_current_user' ])){
346
- $currentuser = unserialize($_SESSION[ 'mo2f_current_user' ]);
347
- $user_id = $currentuser->ID;
348
- wp_set_current_user($user_id, $currentuser->user_login);
349
- $this->remove_current_activity();
350
- do_action( 'wp_login', $currentuser->user_login, $currentuser );
351
- wp_set_auth_cookie( $user_id, true );
352
- redirect_user_to($currentuser);
353
- exit;
354
- }else{
355
- $this->remove_current_activity();
356
- }
357
- }
358
-
359
-
360
 
361
  function mo2fa_default_login($user,$username,$password){
 
362
  $currentuser = wp_authenticate_username_password($user, $username, $password);
363
  if (is_wp_error($currentuser)) {
364
  return $currentuser;
365
  }else{
366
  $this->miniorange_login_start_session();
367
- $roles = $currentuser->roles;
368
- $current_role = array_shift($roles);
369
 
370
- if(get_option('mo2fa_'.$current_role)){
 
 
 
 
 
 
371
  if(get_user_meta($currentuser->ID,'mo_2factor_mobile_registration_status',true) == 'MO_2_FACTOR_SUCCESS'){ // for existing users
 
 
 
 
372
  $error = new WP_Error();
373
- $error->add('empty_username', __('<strong>ERROR</strong>: Login with password is disabled for you.Please Login using your phone'));
374
  return $error;
375
- }else if(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
 
 
 
376
  $error = new WP_Error();
377
- $error->add('empty_username', __('<strong>ERROR</strong>: Login with password is disabled for you.Please Login using your phone'));
378
  return $error;
379
  }else{ //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
380
- $this->mo2f_verify_and_authenticate_userlogin($currentuser);
 
381
  }
382
  }else{ //plugin is not activated for non-admin then logged him in
383
- $this->mo2f_verify_and_authenticate_userlogin($currentuser);
 
 
 
384
  }
385
  }
386
  }
387
 
388
- function mo2f_verify_and_authenticate_userlogin($user){
389
 
390
  $user_id = $user->ID;
 
391
  $this->remove_current_activity();
392
- do_action( 'wp_login', $user->user_login, $user );
393
  wp_set_auth_cookie( $user_id, true );
394
- redirect_user_to($user);
 
395
  exit;
396
 
397
  }
398
 
399
- function mo2f_login_push_oobemail_verification($user,$mo2f_second_factor){
400
- $challengeMobile = new Customer_Setup();
401
- $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true),$mo2f_second_factor ,get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
402
- $response = json_decode($content, true);
403
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
404
- if($response['status'] == 'SUCCESS'){
405
- $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
406
- $_SESSION['mo2f-login-message'] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true)) . '. We are waiting for your approval.';
407
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
408
- }else if($response['status'] == 'ERROR' || $response['status'] == 'FAILED' ){
409
- $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
410
- $_SESSION['mo2f-login-message'] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
411
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
412
- }
413
- }else{
414
- $this->remove_current_activity();
415
- $error = new WP_Error();
416
- $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
417
- return $error;
418
- }
419
- }
420
-
421
- function mo2f_login_otp_verification($user,$mo2f_second_factor){
422
- if($mo2f_second_factor == 'SOFT TOKEN'){
423
- $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the <b>miniOrange Authenticator</b> app.';
424
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
425
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
426
- $_SESSION['mo2f-login-message'] = get_user_meta($user->ID,'mo2f_external_app_type',true) == 'AUTHY 2-FACTOR AUTHENTICATION' ? 'Please enter the one time passcode shown in the <b>Authy 2-Factor Authentication</b> app.' : 'Please enter the one time passcode shown in the <b>Google Authenticator</b> app.';
427
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
428
- }else{
429
- $challengeMobile = new Customer_Setup();
430
- $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), $mo2f_second_factor,get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
431
- $response = json_decode($content, true);
432
- if(json_last_error() == JSON_ERROR_NONE) {
433
- if($response['status'] == 'SUCCESS'){
434
- $message = $mo2f_second_factor == 'SMS' ? 'The OTP has been sent to '. MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . '. Please enter the OTP you received to Validate.' : 'You will receive phone call on ' . MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . ' with OTP. Please enter the OTP to Validate.';
435
- $_SESSION['mo2f-login-message'] = $message;
436
- $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
437
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
438
- }else{
439
- $message = $mo2f_second_factor == 'SMS' ? $response['message'] . ' You can click on <b>Forgot your phone</b> link to login via alternate method.' : 'We are unable to send the OTP via phone call on your regsitared phone. You can click on <b>Forgot your phone</b> link to receive OTP to your registered email.';
440
- $_SESSION['mo2f-login-message'] = $message;
441
- $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
442
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
443
- }
444
- }else{
445
- $this->remove_current_activity();
446
- $error = new WP_Error();
447
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
448
- $this->mo_auth_show_error_message();
449
- }
450
- }
451
- }
452
-
453
- function mo2f_login_kba_verification($user){
454
- $challengeKba = new Customer_Setup();
455
- $content = $challengeKba->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), 'KBA',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
456
- $response = json_decode($content, true);
457
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
458
- if($response['status'] == 'SUCCESS'){
459
- $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
460
- $questions = array();
461
- $questions[0] = $response['questions'][0]['question'];
462
- $questions[1] = $response['questions'][1]['question'];
463
- $_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
464
- $_SESSION['mo2f-login-message'] = 'Please answer the following questions:';
465
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
466
- }else if($response['status'] == 'ERROR'){
467
- $this->remove_current_activity();
468
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
469
- $this->mo_auth_show_error_message();
470
- }
471
- }else{
472
- $this->remove_current_activity();
473
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
474
- $this->mo_auth_show_error_message();
475
- }
476
- }
477
-
478
- function mo2f_login_mobile_verification($user){
479
-
480
- $useragent = $_SERVER['HTTP_USER_AGENT'];
481
- if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
482
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
483
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
484
- $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange Authenticator app.';
485
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
486
- }else{
487
- $challengeMobile = new Customer_Setup();
488
- $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), 'MOBILE AUTHENTICATION',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
489
- $response = json_decode($content, true);
490
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
491
- if($response['status'] == 'SUCCESS'){
492
-
493
- $_SESSION[ 'mo2f-login-qrCode' ] = $response['qrCode'];
494
- $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
495
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
496
- }else if($response['status'] == 'ERROR'){
497
- $this->remove_current_activity();
498
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
499
- $this->mo_auth_show_error_message();
500
- }
501
- }else{
502
- $this->remove_current_activity();
503
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
504
- $this->mo_auth_show_error_message();
505
- }
506
- }
507
-
508
- }
509
-
510
  function mo2f_redirectto_wp_login(){
511
  remove_action('login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login'));
512
  add_action('login_dequeue_scripts', array( $this, 'mo_2_factor_show_login'));
@@ -517,14 +111,14 @@ class Miniorange_Mobile_Login{
517
  }
518
  }
519
 
520
- public function custom_login_enqueue_scripts(){
521
  wp_enqueue_script('jquery');
522
  wp_enqueue_script( 'bootstrap_script', plugins_url('includes/js/bootstrap.min.js', __FILE__ ));
523
  }
524
 
525
- public function mo_2_factor_hide_login() {
526
- wp_register_style( 'hide-login', plugins_url( 'includes/css/hide-login.css?version=4.1.3', __FILE__ ) );
527
- wp_register_style( 'bootstrap', plugins_url( 'includes/css/bootstrap.min.css?version=4.1.3', __FILE__ ) );
528
 
529
  wp_enqueue_style( 'hide-login' );
530
  wp_enqueue_style( 'bootstrap' );
@@ -533,15 +127,15 @@ class Miniorange_Mobile_Login{
533
 
534
  function mo_2_factor_show_login() {
535
  if(get_option('mo2f_show_loginwith_phone')){
536
- wp_register_style( 'show-login', plugins_url( 'includes/css/hide-login-form.css?version=4.1.3', __FILE__ ) );
537
  }else{
538
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.1.3', __FILE__ ) );
539
  }
540
  wp_enqueue_style( 'show-login' );
541
  }
542
 
543
  function mo_2_factor_show_login_with_password_when_phonelogin_enabled(){
544
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.1.3', __FILE__ ) );
545
  wp_enqueue_style( 'show-login' );
546
  }
547
 
@@ -556,12 +150,16 @@ class Miniorange_Mobile_Login{
556
  return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
557
  }
558
 
559
- private function mo_auth_show_error_message() {
560
  remove_filter( 'login_message', array( $this, 'mo_auth_success_message') );
561
  add_filter( 'login_message', array( $this, 'mo_auth_error_message') );
 
562
  }
563
 
564
- private function mo_auth_show_success_message() {
 
 
 
565
  remove_filter( 'login_message', array( $this, 'mo_auth_error_message') );
566
  add_filter( 'login_message', array( $this, 'mo_auth_success_message') );
567
  }
@@ -570,43 +168,12 @@ class Miniorange_Mobile_Login{
570
 
571
 
572
  // login form fields
573
- public function miniorange_login_form_fields() {
574
- //$this->miniorange_login_start_session();
575
- $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
576
- $id = isset($current_user) ? $current_user->ID : null;
577
- if(!get_option('mo2f_show_loginwith_phone')){ //Login with phone is alogin with default login form
578
- $login_status = isset($_SESSION[ 'mo_2factor_login_status' ]) ? $_SESSION[ 'mo_2factor_login_status' ] : null;
579
- if($this->miniorange_check_mobile_status($login_status)){
580
- $this->mo_2_factor_show_qr_code();
581
- }else if($this->miniorange_check_otp_status($login_status)){
582
- $this->mo_2_factor_show_otp_token();
583
- }else if($this->miniorange_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
584
- $this->mo_2_factor_show_forgotphone();
585
- }else if($this->miniorange_check_push_oobemail_status($login_status)){ //for push and out of band email.
586
- $this->mo_2_factor_show_push_oobemail($id);
587
- }else if($this->miniorange_login_check_kba_status($login_status)){ // for Kba
588
- $this->mo_2_factor_login_show_kba();
589
- }else if($login_status == 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM'){
590
- $this->mo_2_factor_show_login();
591
- $this->mo_2_factor_show_wp_login_form();
592
- }else{
593
- $this->mo_2_factor_show_login();
594
- $this->mo_2_factor_show_wp_login_form();
595
- }
596
- }else{ //login with phone overwrite default login form
597
-
598
  $login_status_phone_enable = isset($_SESSION[ 'mo_2factor_login_status' ]) ? $_SESSION[ 'mo_2factor_login_status' ] : '';
599
- if($this->miniorange_check_mobile_status($login_status_phone_enable)){
600
- $this->mo_2_factor_show_qr_code();
601
- }else if($this->miniorange_check_otp_status($login_status_phone_enable)){
602
- $this->mo_2_factor_show_otp_token();
603
- }else if($this->miniorange_check_forgotphone_status($login_status_phone_enable)){ // forgot phone page if both KBA and Email are configured.
604
- $this->mo_2_factor_show_forgotphone();
605
- }else if($this->miniorange_login_check_kba_status($login_status_phone_enable)){ // for Kba
606
- $this->mo_2_factor_login_show_kba();
607
- }else if($this->miniorange_check_push_oobemail_status($login_status_phone_enable)){ //for push and out of band email.
608
- $this->mo_2_factor_show_push_oobemail($id);
609
- }else if($login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset($_POST['miniorange_login_nonce']) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' )){
610
  $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
611
  $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
612
  $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
@@ -617,167 +184,31 @@ class Miniorange_Mobile_Login{
617
  $this->mo_2_factor_show_login();
618
  $this->mo_2_factor_show_wp_login_form();
619
  }
620
- }
621
- }
622
-
623
- function miniorange_check_forgotphone_status($login_status){ // after clicking on forgotphone link when both kba and email are configured
624
- if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL'){
625
- $nonce = '';
626
- if(isset($_POST['miniorange_forgotphone'])){
627
- $nonce = $_POST['miniorange_forgotphone'];
628
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
629
- return true;
630
- }
631
- }else if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){
632
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
633
- if ( wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
634
- return true;
635
- }
636
- }
637
- }
638
- return false;
639
- }
640
-
641
- function miniorange_check_push_oobemail_status($login_status){
642
- if($login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL'){
643
- $nonce = '';
644
-
645
- if(isset($_POST['miniorange_login_nonce']) ){
646
- $nonce = $_POST['miniorange_login_nonce'];
647
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
648
- return true;
649
- }
650
- }else if(isset($_POST['miniorange_forgotphone'])){
651
- $nonce = $_POST['miniorange_forgotphone'];
652
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
653
- return true;
654
- }
655
- }
656
- }
657
- return false;
658
- }
659
-
660
- function miniorange_check_mobile_status($login_status){
661
- if($login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION'){
662
- $nonce = '';
663
- if(isset($_POST['miniorange_login_nonce']) ){
664
- $nonce = $_POST['miniorange_login_nonce'];
665
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
666
- return true;
667
- }
668
- }else if(isset($_POST['miniorange_forgotphone'])){
669
- $nonce = $_POST['miniorange_forgotphone'];
670
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
671
- return true;
672
- }
673
- }
674
- }
675
- return false;
676
- }
677
-
678
- function miniorange_check_otp_status($login_status){
679
- if($login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
680
- $nonce = '';
681
 
682
- if(isset($_POST['miniorange_login_nonce']) ){
683
- $nonce = $_POST['miniorange_login_nonce'];
684
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
685
- return true;
686
- }
687
- }
688
- if(isset($_POST['miniorange_softtoken'])){
689
- $nonce = $_POST['miniorange_softtoken'];
690
- if(wp_verify_nonce($nonce,'miniorange-2-factor-softtoken')){
691
- return true;
692
- }
693
- }else if(isset($_POST['miniorange_forgotphone'])){
694
- $nonce = $_POST['miniorange_forgotphone'];
695
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
696
- return true;
697
- }
698
- }else if(isset($_POST['miniorange_soft_token_nonce'])){
699
- $nonce = $_POST['miniorange_soft_token_nonce'];
700
- if(wp_verify_nonce($nonce,'miniorange-2-factor-soft-token-nonce')){
701
- return true;
702
- }
703
- }else if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){
704
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
705
- if ( wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
706
- return true;
707
- }
708
- }
709
- }
710
- return false;
711
- }
712
-
713
- function miniorange_login_check_kba_status($login_status){
714
- if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION'){
715
- $nonce = '';
716
- if(isset($_POST['miniorange_login_nonce']) ){
717
- $nonce = $_POST['miniorange_login_nonce'];
718
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
719
- return true;
720
- }
721
- }else if(isset($_POST['miniorange_kba_nonce']) ){
722
- $nonce = $_POST['miniorange_kba_nonce'];
723
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' )){
724
- return true;
725
- }
726
- }else if(isset($_POST['miniorange_alternate_login_kba_nonce'])){
727
- $nonce = $_POST['miniorange_alternate_login_kba_nonce'];
728
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' )){
729
- return true;
730
- }
731
- }else if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){
732
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
733
- if ( wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
734
- return true;
735
- }
736
- }
737
  }
738
- return false;
739
  }
740
 
741
  function miniorange_login_footer_form(){
742
 
743
- ?>
744
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="" hidden>
745
- <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
746
- </form>
747
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" hidden>
748
- <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
749
- </form>
750
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
751
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
752
- </form>
753
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" action="" style="display:none;">
754
- <input type="hidden" name="miniorange_alternate_login_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-alternate-login-kba-nonce'); ?>" />
755
- </form>
756
- <form name="f" id="mo2f_challenge_forgotphone_form" method="post" action="" style="display:none;">
757
- <input type="hidden" name="mo2f_selected_2factor_method" />
758
- <input type="hidden" name="miniorange_challenge_forgotphone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-challenge-forgotphone-nonce'); ?>" />
759
- </form>
760
- <form name="f" id="mo2f_mobile_validation_form" method="post" action="" hidden>
761
- <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
762
- </form>
763
- <form name="f" id="mo2f_show_qrcode_loginform" method="post" action="" hidden>
764
- <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
765
- <input type="hidden" name="miniorange_login_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-nonce'); ?>" />
766
- </form>
767
- <form name="f" id="mo2f_submitotp_loginform" method="post" action="" hidden>
768
- <input type="text" name="mo2fa_softtoken" id="mo2fa_softtoken" hidden/>
769
- <input type="hidden" name="miniorange_soft_token_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-soft-token-nonce'); ?>" />
770
- </form>
771
- <form name="f" id="mo2f_submitkba_loginform" method="post" action="" style="display:none;">
772
- <input type="text" name="mo2f_answer_1" id="mo2f_answer_1" hidden />
773
- <input type="text" name="mo2f_answer_2" id="mo2f_answer_1" hidden />
774
- <input type="text" name="mo2f_trust_device" id="mo2f_trust_device" hidden />
775
- <input type="hidden" name="miniorange_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-kba-nonce'); ?>" />
776
- </form>
777
-
778
- <?php
779
  }
780
 
 
781
  function mo_2_factor_show_wp_login_form_when_phonelogin_enabled(){
782
  ?>
783
  <script>
@@ -829,24 +260,5 @@ class Miniorange_Mobile_Login{
829
  </script>
830
  <?php
831
  }
832
- public function mo_2_factor_show_push_oobemail($id){
833
- mo2f_getpush_oobemail_response($id);
834
- }
835
-
836
- public function mo_2_factor_show_otp_token(){
837
- mo2f_getotp_form();
838
- }
839
-
840
- public function mo_2_factor_show_qr_code(){
841
- mo2f_getqrcode();
842
- }
843
-
844
- function mo_2_factor_login_show_kba(){
845
- mo2f_getkba_form();
846
- }
847
-
848
- function mo_2_factor_show_forgotphone(){
849
- mo2f_get_forgotphone_form();
850
- }
851
- }
852
  ?>
23
 
24
  **/
25
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
26
+
27
+
28
  class Miniorange_Mobile_Login{
29
 
30
  public function miniorange_login_start_session(){
32
  session_start();
33
  }
34
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
35
 
36
  function remove_current_activity(){
37
  unset($_SESSION[ 'mo2f_current_user' ]);
40
  unset($_SESSION[ 'mo2f-login-transactionId' ]);
41
  unset($_SESSION[ 'mo2f-login-message' ]);
42
  unset($_SESSION[ 'mo_2_factor_kba_questions' ]);
43
+ unset($_SESSION[ 'mo2f_1stfactor_status' ]);
44
+ unset($_SESSION[ 'mo2f_rba_status' ]);
45
+ unset($_SESSION[ 'mo2f_show_qr_code']);
46
+ unset($_SESSION['mo2f_google_auth']);
47
+ unset($_SESSION['mo2f_authy_keys']);
48
  }
49
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
50
 
51
  function mo2fa_default_login($user,$username,$password){
52
+
53
  $currentuser = wp_authenticate_username_password($user, $username, $password);
54
  if (is_wp_error($currentuser)) {
55
  return $currentuser;
56
  }else{
57
  $this->miniorange_login_start_session();
 
 
58
 
59
+ $current_roles = miniorange_get_user_role($currentuser);
60
+
61
+ $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
62
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
63
+
64
+ if($enabled){
65
+
66
  if(get_user_meta($currentuser->ID,'mo_2factor_mobile_registration_status',true) == 'MO_2_FACTOR_SUCCESS'){ // for existing users
67
+
68
+ $_SESSION['mo2f-login-message'] = '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.';
69
+ $this->mo_auth_show_error_message();
70
+ $this->mo2f_redirectto_wp_login();
71
  $error = new WP_Error();
 
72
  return $error;
73
+ } else if(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
74
+ $_SESSION['mo2f-login-message'] = '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.';
75
+ $this->mo_auth_show_error_message();
76
+ $this->mo2f_redirectto_wp_login();
77
  $error = new WP_Error();
 
78
  return $error;
79
  }else{ //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
80
+
81
+ $this->mo2f_verify_and_authenticate_userlogin($currentuser, $redirect_to);
82
  }
83
  }else{ //plugin is not activated for non-admin then logged him in
84
+
85
+
86
+ $this->mo2f_verify_and_authenticate_userlogin($currentuser, $redirect_to);
87
+
88
  }
89
  }
90
  }
91
 
92
+ function mo2f_verify_and_authenticate_userlogin($user, $redirect_to=null){
93
 
94
  $user_id = $user->ID;
95
+ wp_set_current_user($user_id, $user->user_login);
96
  $this->remove_current_activity();
 
97
  wp_set_auth_cookie( $user_id, true );
98
+ do_action( 'wp_login', $user->user_login, $user );
99
+ redirect_user_to($user, $redirect_to);
100
  exit;
101
 
102
  }
103
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
104
  function mo2f_redirectto_wp_login(){
105
  remove_action('login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login'));
106
  add_action('login_dequeue_scripts', array( $this, 'mo_2_factor_show_login'));
111
  }
112
  }
113
 
114
+ function custom_login_enqueue_scripts(){
115
  wp_enqueue_script('jquery');
116
  wp_enqueue_script( 'bootstrap_script', plugins_url('includes/js/bootstrap.min.js', __FILE__ ));
117
  }
118
 
119
+ function mo_2_factor_hide_login() {
120
+ wp_register_style( 'hide-login', plugins_url( 'includes/css/hide-login.css?version=4.4', __FILE__ ) );
121
+ wp_register_style( 'bootstrap', plugins_url( 'includes/css/bootstrap.min.css?version=4.4', __FILE__ ) );
122
 
123
  wp_enqueue_style( 'hide-login' );
124
  wp_enqueue_style( 'bootstrap' );
127
 
128
  function mo_2_factor_show_login() {
129
  if(get_option('mo2f_show_loginwith_phone')){
130
+ wp_register_style( 'show-login', plugins_url( 'includes/css/hide-login-form.css?version=4.4', __FILE__ ) );
131
  }else{
132
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.4', __FILE__ ) );
133
  }
134
  wp_enqueue_style( 'show-login' );
135
  }
136
 
137
  function mo_2_factor_show_login_with_password_when_phonelogin_enabled(){
138
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.4', __FILE__ ) );
139
  wp_enqueue_style( 'show-login' );
140
  }
141
 
150
  return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
151
  }
152
 
153
+ function mo_auth_show_error_message() {
154
  remove_filter( 'login_message', array( $this, 'mo_auth_success_message') );
155
  add_filter( 'login_message', array( $this, 'mo_auth_error_message') );
156
+
157
  }
158
 
159
+
160
+
161
+
162
+ function mo_auth_show_success_message() {
163
  remove_filter( 'login_message', array( $this, 'mo_auth_error_message') );
164
  add_filter( 'login_message', array( $this, 'mo_auth_success_message') );
165
  }
168
 
169
 
170
  // login form fields
171
+ function miniorange_login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null) {
172
+ $this->miniorange_login_start_session();
173
+ if(get_option('mo2f_show_loginwith_phone')){ //login with phone overwrite default login form
174
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
175
  $login_status_phone_enable = isset($_SESSION[ 'mo_2factor_login_status' ]) ? $_SESSION[ 'mo_2factor_login_status' ] : '';
176
+ if($login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset($_POST['miniorange_login_nonce']) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' )){
 
 
 
 
 
 
 
 
 
 
177
  $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
178
  $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
179
  $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
184
  $this->mo_2_factor_show_login();
185
  $this->mo_2_factor_show_wp_login_form();
186
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
187
 
188
+ }else{ //Login with phone is alogin with default login form
189
+
190
+ $this->mo_2_factor_show_login();
191
+ $this->mo_2_factor_show_wp_login_form();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
192
  }
193
+
194
  }
195
 
196
  function miniorange_login_footer_form(){
197
 
198
+ ?>
199
+ <input type="hidden" name="miniorange_login_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-nonce'); ?>" />
200
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
201
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
202
+ </form>
203
+ <form name="f" id="mo2f_show_qrcode_loginform" method="post" action="" hidden>
204
+ <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
205
+ <input type="hidden" name="miniorange_login_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-nonce'); ?>" />
206
+ </form>
207
+ <?php
208
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
209
  }
210
 
211
+
212
  function mo_2_factor_show_wp_login_form_when_phonelogin_enabled(){
213
  ?>
214
  <script>
260
  </script>
261
  <?php
262
  }
263
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
264
  ?>
class-miniorange-2-factor-pass2fa-login.php CHANGED
@@ -23,9 +23,9 @@ Contains Request Calls to Customer service.
23
 
24
  **/
25
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
26
- include_once dirname( __FILE__ ) . '/miniorange_2_factor_user_inline_registration.php';
27
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
28
 
 
29
  class Miniorange_Password_2Factor_Login{
30
 
31
  function remove_current_activity(){
@@ -43,15 +43,15 @@ class Miniorange_Password_2Factor_Login{
43
 
44
  }
45
 
46
- function mo2fa_pass2login(){
47
  if(isset($_SESSION[ 'mo2f_current_user' ]) && isset($_SESSION[ 'mo2f_1stfactor_status' ]) && $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS'){
48
- $currentuser = unserialize($_SESSION[ 'mo2f_current_user' ]);
49
  $user_id = $currentuser->ID;
50
  wp_set_current_user($user_id, $currentuser->user_login);
51
  $this->remove_current_activity();
52
  wp_set_auth_cookie( $user_id, true );
53
  do_action( 'wp_login', $currentuser->user_login, $currentuser );
54
- redirect_user_to($currentuser);
55
  exit;
56
  }else{
57
  $this->remove_current_activity();
@@ -64,8 +64,89 @@ class Miniorange_Password_2Factor_Login{
64
  }
65
  }
66
 
 
67
  public function miniorange_pass2login_redirect() {
68
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
69
  if(isset($_POST['mo2f_trust_device_confirm_nonce'])){ /*register device as rba profile */
70
  $nonce = $_POST['mo2f_trust_device_confirm_nonce'];
71
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
@@ -76,12 +157,13 @@ class Miniorange_Password_2Factor_Login{
76
  } else {
77
  $this->miniorange_pass2login_start_session();
78
  try{
79
- $currentuser = unserialize($_SESSION[ 'mo2f_current_user' ]);
80
  mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
81
  }catch(Exception $e){
82
  echo $e->getMessage();
83
  }
84
- $this->mo2fa_pass2login();
 
85
  }
86
  }
87
 
@@ -93,7 +175,8 @@ class Miniorange_Password_2Factor_Login{
93
  return $error;
94
  } else {
95
  $this->miniorange_pass2login_start_session();
96
- $this->mo2fa_pass2login();
 
97
  }
98
  }
99
 
@@ -105,22 +188,38 @@ class Miniorange_Password_2Factor_Login{
105
  return $error;
106
  }else {
107
  $this->miniorange_pass2login_start_session();
 
 
 
 
108
  $second_factor = isset($_POST[ 'mo2f_selected_2factor_method' ]) ? $_POST[ 'mo2f_selected_2factor_method' ] : 'KBA';
109
- if($second_factor == 'OTP OVER EMAIL'){
110
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
111
- $id = $current_user->ID;
 
112
  $customer = new Customer_Setup();
113
  $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
 
 
 
 
114
  if(strcasecmp($content['status'], 'SUCCESS') == 0) {
115
- $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
116
  $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
117
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ;
 
118
  }else{
119
- $_SESSION['mo2f-login-message'] = 'Error occured while sending OTP over your regsitered email. Please try again or select Security Questions (KBA) to login.';
 
 
 
 
 
 
 
 
 
 
120
  }
121
- }else{
122
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
123
- $this->mo2f_pass2login_kba_verification($current_user);
124
  }
125
  }
126
  }
@@ -133,8 +232,9 @@ class Miniorange_Password_2Factor_Login{
133
  return $error;
134
  }else {
135
  $this->miniorange_pass2login_start_session();
136
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
137
- $this->mo2f_pass2login_kba_verification($currentuser);
 
138
  }
139
  }
140
 
@@ -145,36 +245,43 @@ class Miniorange_Password_2Factor_Login{
145
  $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
146
  return $error;
147
  } else {
 
148
  $this->miniorange_pass2login_start_session();
149
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
 
 
150
  if(isset($_SESSION[ 'mo2f_current_user' ])){
151
  if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) || MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
152
- return;
 
 
153
  }
154
  $otpToken = array();
155
  $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
156
  $otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
157
  $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
158
  $otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
159
- $check_trust_device = sanitize_text_field( $_POST[ 'mo2f_trust_device' ] );
160
 
161
  $kba_validate = new Customer_Setup();
162
  $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $_SESSION[ 'mo2f-login-transactionId' ], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
163
 
164
  if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
165
- if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'true'){
166
  try{
167
  mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
168
  }catch(Exception $e){
169
  echo $e->getMessage();
170
  }
171
- $this->mo2fa_pass2login();
172
  }else{
173
- $this->mo2fa_pass2login();
174
  }
175
  }else{
176
 
177
- $_SESSION[ 'mo2f-login-message' ] = 'The answers you have provided are incorrect.';
 
 
178
  }
179
  }else{
180
  $this->remove_current_activity();
@@ -184,7 +291,6 @@ class Miniorange_Password_2Factor_Login{
184
  }
185
 
186
  if(isset($_POST['miniorange_mobile_validation_nonce'])){ /*check mobile validation */
187
-
188
  $nonce = $_POST['miniorange_mobile_validation_nonce'];
189
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
190
  $error = new WP_Error();
@@ -192,16 +298,18 @@ class Miniorange_Password_2Factor_Login{
192
  return $error;
193
  } else {
194
  $this->miniorange_pass2login_start_session();
195
- $currentuser = unserialize($_SESSION[ 'mo2f_current_user' ]);
 
196
  $checkMobileStatus = new Two_Factor_Setup();
197
  $content = $checkMobileStatus->check_mobile_status($_SESSION[ 'mo2f-login-transactionId' ]);
198
  $response = json_decode($content, true);
199
  if(json_last_error() == JSON_ERROR_NONE) {
200
  if($response['status'] == 'SUCCESS'){
201
  if(get_option('mo2f_deviceid_enabled')){
202
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
 
203
  }else{
204
- $this->mo2fa_pass2login();
205
  }
206
  }else{
207
  $this->remove_current_activity();
@@ -233,619 +341,38 @@ class Miniorange_Password_2Factor_Login{
233
  $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
234
  return $error;
235
  } else{
236
- $this->miniorange_pass2login_start_session();
237
- $customer = new Customer_Setup();
238
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
239
- $id = $current_user->ID;
240
- if(get_user_meta($id,'mo2f_kba_registration_status',true)){
241
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
242
- unset($_SESSION['mo2f-login-message']);
243
- }else{
244
- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
245
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
246
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
247
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
248
- $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
249
- $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
250
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
251
- }else{
252
- $_SESSION['mo2f-login-message'] = 'Error:OTP over Email';
253
- }
254
- }
255
- }
256
- }
257
-
258
- if ( isset($_POST['miniorange_inline_user_reg_nonce'])){
259
-
260
- $nonce = $_POST['miniorange_inline_user_reg_nonce'];
261
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-user-reg-nonce' ) ) {
262
- $error = new WP_Error();
263
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
264
- return $error;
265
- } else {
266
- $this->miniorange_pass2login_start_session();
267
- $email = '';
268
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo_useremail'] )){
269
- $_SESSION['mo2f-login-message'] = 'Please enter email-id to register.';
270
- return;
271
- }else{
272
- $email = sanitize_email( $_POST['mo_useremail'] );
273
- }
274
-
275
- if(!MO2f_Utility::check_if_email_is_already_registered($email)){
276
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
277
- $currentUserId = $current_user->ID;
278
- update_user_meta($currentUserId,'mo_2factor_user_email',$email);
279
-
280
- $enduser = new Two_Factor_Setup();
281
- $check_user = json_decode($enduser->mo_check_user_already_exist($email),true);
282
- if(json_last_error() == JSON_ERROR_NONE){
283
- if($check_user['status'] == 'ERROR'){
284
- $_SESSION['mo2f-login-message'] = $check_user['message'];
285
-
286
- return;
287
- }else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
288
- $_SESSION['mo2f-login-message'] = 'The email you entered is already registered. Please register with another email to set up Two-Factor.';
289
-
290
- return;
291
- }
292
- else if(strcasecmp($check_user['status'], 'USER_FOUND') == 0 || strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
293
-
294
- $enduser = new Customer_Setup();
295
- $content = json_decode($enduser->send_otp_token($email,'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
296
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
297
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
298
- $_SESSION['mo2f-login-message'] = 'An OTP has been sent to <b>' . ( $email ) . '</b>. Please enter the OTP below to verify your email. If you didn\'t get the email, please check your <b>SPAM</b> folder.';
299
- update_user_meta($currentUserId,'mo_2fa_verify_otp_create_account',$content['txId']);
300
- update_user_meta($currentUserId, 'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
301
-
302
- }else{
303
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
304
- $_SESSION['mo2f-login-message'] = 'There was an error in sending OTP over email. Please click on Resend OTP to try again.';
305
- update_user_meta($currentUserId, 'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_FAILURE');
306
- }
307
- }
308
- }
309
- }else{
310
- $_SESSION['mo2f-login-message'] = 'The email is already used by other user. Please register with other email.';
311
-
312
- }
313
- }
314
- }
315
-
316
- if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
317
- $nonce = $_POST['miniorange_inline_two_factor_setup'];
318
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
319
- $error = new WP_Error();
320
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
321
- return $error;
322
- } else {
323
- $this->miniorange_pass2login_start_session();
324
- $_SESSION[ 'mo_2factor_login_status' ] ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
325
- unset($_SESSION['mo2f_google_auth']);
326
- unset($_SESSION['mo2f_authy_keys']);
327
- $_SESSION['mo2f-login-message'] = '';
328
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
329
- delete_user_meta($current_user->ID,'mo2f_selected_2factor_method');
330
- }
331
- }
332
-
333
- if ( isset($_POST['miniorange_inline_resend_otp_nonce'])){ //resend otp during user inline registration
334
-
335
- $nonce = $_POST['miniorange_inline_resend_otp_nonce'];
336
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-resend-otp-nonce' ) ) {
337
- $error = new WP_Error();
338
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
339
- return $error;
340
- } else {
341
- $this->miniorange_pass2login_start_session();
342
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
343
- $currentUserId = $current_user->ID;
344
-
345
- $userkey = '';
346
- if(get_user_meta( $currentUserId,'mo2f_selected_2factor_method',true) == 'SMS'){
347
- $currentMethod = "OTP_OVER_SMS";
348
- $userkey = isset($_SESSION['mo2f_phone']) ? $_SESSION['mo2f_phone'] : null;
349
- $_SESSION['mo2f-login-message'] = isset($_SESSION['mo2f_phone']) ? 'The One Time Passcode has been sent to ' . $userkey . '. Please enter the one time passcode below to verify your number.' : 'Please click on Verifiy button to receive OTP over your phone number.';
350
- }else if(get_user_meta( $currentUserId,'mo2f_selected_2factor_method',true) == 'PHONE VERIFICATION'){
351
- $currentMethod = "PHONE_VERIFICATION";
352
- $userkey = isset($_SESSION['mo2f_phone']) ? $_SESSION['mo2f_phone'] : null;
353
- $_SESSION['mo2f-login-message'] = isset($_SESSION['mo2f_phone']) ? 'You will receive a phone call on this number ' . $userkey . '. Please enter the one time passcode below to verify your number.' : 'Please click on Verifiy button to receive phone call.';
354
- }else{
355
- $currentMethod = 'EMAIL';
356
- $userkey = get_user_meta($currentUserId,'mo_2factor_user_email',true);
357
- $_SESSION['mo2f-login-message'] = 'An OTP has been sent to <b>' . ( $userkey ) . '</b>. Please enter the OTP below to verify your email.';
358
- }
359
-
360
- $customer = new Customer_Setup();
361
- $content = json_decode($customer->send_otp_token($userkey,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
362
-
363
-
364
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
365
- update_user_meta($currentUserId,'mo_2fa_verify_otp_create_account',$content['txId']);
366
- if($currentMethod == 'EMAIL'){
367
- update_user_meta($currentUserId, 'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
368
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
369
- }
370
-
371
- }else{
372
- $_SESSION['mo2f-login-message'] = 'There was an error in sending one time passcode. Please click on Resend OTP to try again.';
373
- if($currentMethod == 'EMAIL'){
374
- update_user_meta($currentUserId, 'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_FAILURE');
375
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
376
- }
377
- }
378
-
379
- }
380
- }
381
-
382
- if ( isset($_POST['mo2f_inline_ga_phone_type_nonce'])){ //select google phone type during user inline registration when google authenticator is selected
383
-
384
- $nonce = $_POST['mo2f_inline_ga_phone_type_nonce'];
385
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-ga-phone-type-nonce' ) ) {
386
- $error = new WP_Error();
387
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
388
- return $error;
389
- } else {
390
- $this->miniorange_pass2login_start_session();
391
- $phone_type = $_POST['google_phone_type'];
392
-
393
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
394
- $google_auth = new Miniorange_Rba_Attributes();
395
- $google_response = json_decode($google_auth->mo2f_google_auth_service(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true)),true);
396
- if(json_last_error() == JSON_ERROR_NONE) {
397
- if($google_response['status'] == 'SUCCESS'){
398
- $mo2f_google_auth = array();
399
- $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
400
- $mo2f_google_auth['ga_secret'] = $google_response['secret'];
401
- $mo2f_google_auth['ga_phone'] = $phone_type;
402
- $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
403
- $_SESSION['mo2f-login-message'] = '';
404
-
405
- }else{
406
- $_SESSION['mo2f-login-message'] = 'Error occurred while registering the user for google authenticator. Please try again.';
407
- }
408
- }else{
409
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.';
410
- }
411
- }
412
- }
413
-
414
- if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
415
- $nonce = $_POST['mo2f_inline_validate_ga_nonce'];
416
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
417
- $error = new WP_Error();
418
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
419
- return $error;
420
- } else {
421
- $this->miniorange_pass2login_start_session();
422
- $otpToken = $_POST['google_auth_code'];
423
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
424
- $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
425
- $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
426
- if(MO2f_Utility::mo2f_check_number_length($otpToken)){
427
- $email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
428
- $google_auth = new Miniorange_Rba_Attributes();
429
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
430
- if(json_last_error() == JSON_ERROR_NONE) {
431
- if($google_response['status'] == 'SUCCESS'){
432
- $enduser = new Two_Factor_Setup();
433
- $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),null,null,null),true);
434
- if(json_last_error() == JSON_ERROR_NONE) {
435
-
436
- if($response['status'] == 'SUCCESS'){
437
-
438
- update_user_meta($current_user->ID,'mo2f_google_authentication_status',true);
439
- update_user_meta($current_user->ID,'mo2f_authy_authentication_status',false);
440
- update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
441
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SETUP_SUCCESS';
442
- unset($_SESSION['mo2f-login-message']);
443
-
444
- }else{
445
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
446
- }
447
- }else{
448
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
449
- }
450
- }else{
451
- $_SESSION['mo2f-login-message'] = 'Error occurred while validating the OTP. Please try again. Possible causes: <br />1. You have enter invalid OTP.<br />2. You App Time is not sync.Go to seetings and tap on Time correction for codes and tap on Sync now .';
452
- }
453
- }else{
454
- $_SESSION['mo2f-login-message'] = 'Error occurred while validating the user. Please try again.';
455
-
456
- }
457
- }else{
458
- $_SESSION['mo2f-login-message'] = 'Only digits are allowed. Please enter again.';
459
-
460
- }
461
- }
462
- }
463
-
464
- if ( isset($_POST['mo2f_inline_authy_configure_nonce'])){ //select google phone type during user inline registration when google authenticator is selected
465
-
466
- $nonce = $_POST['mo2f_inline_authy_configure_nonce'];
467
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-authy-configuration-nonce' ) ) {
468
- $error = new WP_Error();
469
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
470
- return $error;
471
- } else {
472
- $this->miniorange_pass2login_start_session();
473
- $authy = new Miniorange_Rba_Attributes();
474
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
475
- $authy_response = json_decode($authy->mo2f_google_auth_service(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true)),true);
476
- if(json_last_error() == JSON_ERROR_NONE) {
477
- if($authy_response['status'] == 'SUCCESS'){
478
- $mo2f_authy_keys = array();
479
- $mo2f_authy_keys['authy_qrCode'] = $authy_response['qrCodeData'];
480
- $mo2f_authy_keys['authy_secret'] = $authy_response['secret'];
481
- $_SESSION['mo2f_authy_keys'] = $mo2f_authy_keys;
482
- $_SESSION['mo2f-login-message'] = '';
483
- }else{
484
- $_SESSION['mo2f-login-message'] = 'Error occurred while registering the user for authy 2-factor authentication. Please try again.';
485
- }
486
- }else{
487
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.';
488
- }
489
- }
490
- }
491
-
492
- if(isset($_POST['mo2f_inline_validate_authy_authentication_nonce'])){
493
- $nonce = $_POST['mo2f_inline_validate_authy_authentication_nonce'];
494
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-authy-authentication-nonce' ) ) {
495
- $error = new WP_Error();
496
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
497
- return $error;
498
- } else {
499
- $this->miniorange_pass2login_start_session();
500
- $otpToken = isset($_POST['authy_auth_code']) ? $_POST['authy_auth_code'] : null;
501
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
502
- $mo2f_google_auth = isset($_SESSION['mo2f_authy_keys']) ? $_SESSION['mo2f_authy_keys'] : null;
503
- $authy_secret = $mo2f_google_auth != null ? $mo2f_google_auth['authy_secret'] : null;
504
- if(MO2f_Utility::mo2f_check_number_length($otpToken)){
505
- $email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
506
- $google_auth = new Miniorange_Rba_Attributes();
507
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$authy_secret),true);
508
- if(json_last_error() == JSON_ERROR_NONE) {
509
- if($google_response['status'] == 'SUCCESS'){
510
- $enduser = new Two_Factor_Setup();
511
- $response = json_decode($enduser->mo2f_update_userinfo($email,'GOOGLE AUTHENTICATOR',null,null,null),true);
512
- if(json_last_error() == JSON_ERROR_NONE) {
513
-
514
- if($response['status'] == 'SUCCESS'){
515
-
516
- update_user_meta($current_user->ID,'mo2f_authy_authentication_status',true);
517
- update_user_meta($current_user->ID,'mo2f_google_authentication_status',false);
518
- update_user_meta($current_user->ID,'mo2f_external_app_type','AUTHY 2-FACTOR AUTHENTICATION');
519
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SETUP_SUCCESS';
520
- unset($_SESSION['mo2f-login-message']);
521
-
522
- }else{
523
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
524
- }
525
- }else{
526
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
527
- }
528
- }else{
529
- $_SESSION['mo2f-login-message'] = 'Error occurred while validating the OTP. Please try again. Possible causes: <br />1. You have enter invalid OTP.<br />2. You App Time is not sync.Go to seetings and tap on Time correction for codes and tap on Sync now .';
530
- }
531
- }else{
532
- $_SESSION['mo2f-login-message'] = 'Error occurred while validating the user. Please try again.';
533
-
534
- }
535
- }else{
536
- $_SESSION['mo2f-login-message'] = 'Only digits are allowed. Please enter again.';
537
-
538
- }
539
- }
540
- }
541
-
542
- if(isset($_POST['miniorange_inline_validate_user_otp_nonce'])){
543
- $nonce = $_POST['miniorange_inline_validate_user_otp_nonce'];
544
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-user-otp-nonce' ) ) {
545
- $error = new WP_Error();
546
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
547
- return $error;
548
- } else {
549
- $this->miniorange_pass2login_start_session();
550
- $otp_token = '';
551
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
552
- $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
553
- return;
554
- } else{
555
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
556
- }
557
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
558
- $id = $current_user->ID;
559
- if(!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($id,'mo_2factor_user_email',true))){
560
- $customer = new Customer_Setup();
561
- $transactionId = get_user_meta($id,'mo_2fa_verify_otp_create_account',true);
562
- $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
563
- if($content['status'] == 'ERROR'){
564
- $_SESSION['mo2f-login-message'] = $content['message'];
565
- }else{
566
- if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode
567
- $this->mo2f_register_user_inline(get_user_meta($id,'mo_2factor_user_email',true));
568
- delete_user_meta($id,'mo_2fa_verify_otp_create_account');
569
- }else{ // OTP Validation failed.
570
- $_SESSION['mo2f-login-message'] = 'Invalid OTP. Please try again.';
571
- update_user_meta($id,'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_FAILURE');
572
-
573
- }
574
- }
575
-
576
- }else{
577
- $_SESSION['mo2f-login-message'] = 'The email is already used by other user. Please register with other email by clicking on Back button.';
578
-
579
- }
580
- }
581
- }
582
-
583
- if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
584
- $nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
585
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
586
- $error = new WP_Error();
587
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
588
- return $error;
589
- } else {
590
- $this->miniorange_pass2login_start_session();
591
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
592
- $currentUserId = $current_user->ID;
593
- if(get_user_meta($currentUserId,'mo_2factor_user_registration_with_miniorange',true) == 'SUCCESS'){
594
- $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? $_POST['mo2f_selected_2factor_method'] : 'NONE';
595
- update_user_meta( $currentUserId,'mo2f_selected_2factor_method', $selected_method); //status for second factor selected by user
596
- if($selected_method == 'OUT OF BAND EMAIL'){
597
- $enduser = new Two_Factor_Setup();
598
- $enduser->mo2f_update_userinfo(get_user_meta($currentUserId,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,null,null);
599
- update_user_meta($currentUserId,'mo2f_email_verification_status',true);
600
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SETUP_SUCCESS';
601
- }
602
- $_SESSION['mo2f-login-message'] = '';
603
- }else{
604
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.';
605
-
606
- }
607
- }
608
- }
609
-
610
- if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
611
- $nonce = $_POST['miniorange_inline_verify_phone_nonce'];
612
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
613
- $error = new WP_Error();
614
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
615
- return $error;
616
- } else {
617
- $this->miniorange_pass2login_start_session();
618
- $phone = sanitize_text_field( $_POST['verify_phone'] );
619
-
620
- if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
621
- $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
622
- return;
623
- }
624
- $phone = str_replace(' ', '', $phone);
625
- $_SESSION['mo2f_phone'] = $phone;
626
- $user = unserialize($_SESSION[ 'mo2f_current_user' ]);
627
- $current_user = $user->ID;
628
- $customer = new Customer_Setup();
629
-
630
- if(get_user_meta( $current_user,'mo2f_selected_2factor_method',true) == 'SMS'){
631
- $currentMethod = "OTP_OVER_SMS";
632
- }else if(get_user_meta( $current_user,'mo2f_selected_2factor_method',true) == 'PHONE VERIFICATION'){
633
- $currentMethod = "PHONE_VERIFICATION";
634
- }
635
-
636
- $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
637
-
638
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
639
- if($content['status'] == 'ERROR'){
640
- $_SESSION['mo2f-login-message'] = $response['message'];
641
-
642
- }else if($content['status'] == 'SUCCESS'){
643
- $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
644
-
645
- if(get_user_meta( $current_user,'mo2f_selected_2factor_method',true) == 'SMS'){
646
- $_SESSION['mo2f-login-message'] = 'The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.';
647
- }else if(get_user_meta( $current_user,'mo2f_selected_2factor_method',true)== 'PHONE VERIFICATION'){
648
- $_SESSION['mo2f-login-message'] = 'You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below to verify your number.';
649
- }
650
-
651
- }else{
652
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
653
-
654
- }
655
-
656
- }else{
657
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again';
658
-
659
- }
660
- }
661
- }
662
-
663
- if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
664
- $nonce = $_POST['miniorange_inline_validate_otp_nonce'];
665
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
666
- $error = new WP_Error();
667
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
668
- return $error;
669
- } else {
670
- $this->miniorange_pass2login_start_session();
671
- $otp_token = '';
672
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
673
- $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
674
- return;
675
- } else{
676
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
677
- }
678
- $user = unserialize($_SESSION[ 'mo2f_current_user' ]);
679
- $current_user = $user->ID;
680
- $customer = new Customer_Setup();
681
- $content = json_decode($customer->validate_otp_token( get_user_meta( $current_user,'mo2f_selected_2factor_method',true), null, $_SESSION[ 'mo2f_transactionId' ], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
682
- if($content['status'] == 'ERROR'){
683
- $_SESSION['mo2f-login-message'] = $content['message'];
684
-
685
- }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
686
- if(get_user_meta($current_user,'mo2f_user_phone',true) && strlen(get_user_meta($current_user,'mo2f_user_phone',true)) >= 4){
687
- if($_SESSION['mo2f_phone'] != get_user_meta($current_user,'mo2f_user_phone',true) ){
688
- update_user_meta($current_user,'mo2f_mobile_registration_status',false);
689
- }
690
- }
691
- $email = get_user_meta($current_user,'mo_2factor_map_id_with_email',true);
692
- $phone = $_SESSION['mo2f_phone'];
693
-
694
- $enduser = new Two_Factor_Setup();
695
- $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user,'mo2f_selected_2factor_method',true),$phone,null,null),true);
696
- if(json_last_error() == JSON_ERROR_NONE) {
697
-
698
- if($response['status'] == 'ERROR'){
699
- unset($_SESSION[ 'mo2f_phone']);
700
- $_SESSION['mo2f-login-message'] = $response['message'];
701
- $this->mo_auth_show_error_message();
702
- }else if($response['status'] == 'SUCCESS'){
703
- update_user_meta($current_user,'mo2f_otp_registration_status',true);
704
- update_user_meta($current_user,'mo2f_user_phone',$_SESSION[ 'mo2f_phone']);
705
- unset($_SESSION[ 'mo2f_phone']);
706
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SETUP_SUCCESS';
707
- unset($_SESSION['mo2f-login-message']);
708
-
709
- }else{
710
- unset($_SESSION[ 'mo2f_phone']);
711
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
712
-
713
- }
714
- }else{
715
- unset($_SESSION[ 'mo2f_phone']);
716
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again';
717
-
718
- }
719
-
720
- }else{ // OTP Validation failed.
721
- $_SESSION['mo2f-login-message'] = 'Invalid OTP. Please try again.';
722
-
723
- }
724
- }
725
- }
726
-
727
- if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
728
- $nonce = $_POST['miniorange_inline_show_qrcode_nonce'];
729
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
730
- $error = new WP_Error();
731
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
732
- return $error;
733
- } else {
734
- $this->miniorange_pass2login_start_session();
735
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
736
- if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
737
- $email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
738
- $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
739
- }else{
740
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please register with miniOrange before configuring your mobile.';
741
-
742
- }
743
- }
744
- }
745
-
746
-
747
- if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
748
- $nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce'];
749
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
750
- $error = new WP_Error();
751
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
752
- return $error;
753
- } else {
754
- $this->miniorange_pass2login_start_session();
755
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
756
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
757
- unset($_SESSION[ 'mo2f_show_qr_code'] );
758
- $user = unserialize($_SESSION[ 'mo2f_current_user' ]);
759
- $current_user = $user->ID;
760
- $email = get_user_meta($current_user,'mo_2factor_map_id_with_email',true);
761
-
762
- $enduser = new Two_Factor_Setup();
763
- $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user,'mo2f_selected_2factor_method',true),null,null,null),true);
764
-
765
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
766
- if($response['status'] == 'ERROR'){
767
- $_SESSION['mo2f-login-message'] = $response['message'];
768
- }else if($response['status'] == 'SUCCESS'){
769
- update_user_meta($current_user,'mo2f_mobile_registration_status',true);
770
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SETUP_SUCCESS';
771
- unset($_SESSION['mo2f-login-message']);
772
- }else{
773
- $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
774
- }
775
- }else{
776
- $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again';
777
- }
778
- }
779
- }
780
-
781
- if(isset($_POST['mo2f_inline_save_kba_nonce'])){
782
- $nonce = $_POST['mo2f_inline_save_kba_nonce'];
783
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
784
- $error = new WP_Error();
785
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
786
- return $error;
787
- } else {
788
- $this->miniorange_pass2login_start_session();
789
- if(MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_2'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans2'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_3'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans3'] ) ){
790
- $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
791
- return;
792
- }
793
- $kba_q1 = $_POST[ 'mo2f_kbaquestion_1' ];
794
- $kba_a1 = sanitize_text_field( $_POST[ 'mo2f_kba_ans1' ] );
795
- $kba_q2 = $_POST[ 'mo2f_kbaquestion_2' ];
796
- $kba_a2 = sanitize_text_field( $_POST[ 'mo2f_kba_ans2' ] );
797
- $kba_q3 = sanitize_text_field( $_POST[ 'mo2f_kbaquestion_3' ] );
798
- $kba_a3 = sanitize_text_field( $_POST[ 'mo2f_kba_ans3' ] );
799
-
800
- if (strcasecmp($kba_q1, $kba_q2) == 0 || strcasecmp($kba_q2, $kba_q3) == 0 || strcasecmp($kba_q3, $kba_q1) == 0) {
801
- $_SESSION['mo2f-login-message'] = 'The questions you select must be unique.';
802
- return;
803
- }
804
-
805
- $kba_q1 = addcslashes(stripslashes($kba_q1), '"\\');
806
- $kba_a1 = addcslashes(stripslashes($kba_a1), '"\\');
807
- $kba_q2 = addcslashes(stripslashes($kba_q2), '"\\');
808
- $kba_a2 = addcslashes(stripslashes($kba_a2), '"\\');
809
- $kba_q3 = addcslashes(stripslashes($kba_q3), '"\\');
810
- $kba_a3 = addcslashes(stripslashes($kba_a3), '"\\');
811
-
812
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
813
- $email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
814
- $kba_registration = new Two_Factor_Setup();
815
- $kba_reg_reponse = json_decode($kba_registration->register_kba_details($email, $kba_q1,$kba_a1,$kba_q2,$kba_a2,$kba_q3,$kba_a3),true);
816
- if(json_last_error() == JSON_ERROR_NONE) {
817
- if($kba_reg_reponse['status'] == 'SUCCESS'){
818
- if(isset($_POST['mo2f_inline_kba_option']) && $_POST['mo2f_inline_kba_option'] == 'mo2f_inline_kba_registration'){
819
- update_user_meta($current_user->ID,'mo2f_kba_registration_status',true);
820
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SETUP_SUCCESS';
821
- update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
822
- unset($_SESSION['mo2f-login-message']);
823
- }else{
824
- $enduser = new Two_Factor_Setup();
825
- $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),null,null,null),true);
826
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
827
- if($response['status'] == 'ERROR'){
828
- $_SESSION['mo2f-login-message'] = $response['message'];
829
-
830
- }else if($response['status'] == 'SUCCESS'){
831
- update_user_meta($current_user->ID,'mo2f_kba_registration_status',true);
832
- update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
833
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SETUP_SUCCESS';
834
- unset($_SESSION['mo2f-login-message']);
835
- }
836
- }else{
837
- $_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.';
838
- }
839
- }
840
  }else{
841
- $_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.';
842
  }
843
- }else{
844
- $_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.';
845
  }
846
-
 
 
847
  }
848
- }
849
 
850
  if(isset($_POST['miniorange_softtoken'])){ /*Click on the link of phone is offline */
851
  $nonce = $_POST['miniorange_softtoken'];
@@ -857,8 +384,10 @@ class Miniorange_Password_2Factor_Login{
857
  $this->miniorange_pass2login_start_session();
858
  unset($_SESSION[ 'mo2f-login-qrCode' ]);
859
  unset($_SESSION[ 'mo2f-login-transactionId' ]);
860
- $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.';
861
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
 
 
862
  }
863
  }
864
 
@@ -870,30 +399,32 @@ class Miniorange_Password_2Factor_Login{
870
  return $error;
871
  } else {
872
  $this->miniorange_pass2login_start_session();
 
 
873
  $softtoken = '';
874
  if( MO2f_utility::mo2f_check_empty_or_null( $_POST[ 'mo2fa_softtoken' ] ) ) {
875
- $_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed.';
876
- return;
877
  } else{
878
  $softtoken = sanitize_text_field( $_POST[ 'mo2fa_softtoken' ] );
879
  if(!MO2f_utility::mo2f_check_number_length($softtoken)){
880
- $_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
881
- return;
882
  }
883
  }
884
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
885
  if(isset($_SESSION[ 'mo2f_current_user' ])){
886
  $customer = new Customer_Setup();
887
  $content ='';
888
- if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
889
  $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
890
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
891
  $content = json_decode($customer->validate_otp_token( 'SMS', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
892
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
893
  $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
894
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
895
  $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
896
- }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
897
  $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
898
  }else{
899
  $this->remove_current_activity();
@@ -904,14 +435,15 @@ class Miniorange_Password_2Factor_Login{
904
 
905
  if(strcasecmp($content['status'], 'SUCCESS') == 0) {
906
  if(get_option('mo2f_deviceid_enabled')){
907
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
 
908
  }else{
909
- $this->mo2fa_pass2login();
910
  }
911
  }else{
912
 
913
- $message = $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again';
914
- $_SESSION['mo2f-login-message'] = $message;
915
  }
916
 
917
  }else{
@@ -929,459 +461,147 @@ class Miniorange_Password_2Factor_Login{
929
  return $error;
930
  } else {
931
  $this->miniorange_pass2login_start_session();
932
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
933
  delete_user_meta($current_user->ID,'mo2f_selected_2factor_method');
934
  $this->mo2fa_pass2login();
935
  }
936
  }
937
 
938
- if (isset($_POST['miniorange_inline_goto_user_registration_nonce'])){ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
939
- $nonce = $_POST['miniorange_inline_goto_user_registration_nonce'];
940
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-goto-user-registration-nonce' ) ) {
941
  $error = new WP_Error();
942
  $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
943
  return $error;
944
  } else {
945
  $this->miniorange_pass2login_start_session();
946
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
947
- delete_user_meta($current_user->ID,'mo_2factor_user_email');
948
- delete_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account');
949
- delete_user_meta($current_user->ID, 'mo_2factor_user_registration_status');
950
- $_SESSION['mo2f-login-message'] = '';
951
- $_SESSION[ 'mo_2factor_login_status' ] ='MO_2_FACTOR_PROMPT_FOR_USER_REGISTRATION';
952
  }
953
  }
954
  }
955
 
956
 
957
 
958
- function mo2f_check_username_password($user, $username, $password){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
959
 
960
- if (isset($_POST['miniorange_login_nonce'])){
961
- $nonce = $_POST['miniorange_login_nonce'];
962
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
963
- wp_logout();
964
- $error = new WP_Error();
965
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
966
- return $error;
967
- }
968
- else {
969
- $currentuser = wp_authenticate_username_password($user, $username, $password);
970
- if (is_wp_error($currentuser)) {
971
- return $currentuser;
972
- }else{
973
- $this->miniorange_pass2login_start_session();
974
- $_SESSION[ 'mo2f_current_user' ] = serialize($currentuser);
975
- $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
976
- $roles = $currentuser->roles;
977
- $current_role = array_shift($roles);
978
- if(get_option('mo2fa_'.$current_role)){
979
- $email = get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true);
980
- $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
981
- if( $email && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
982
- try{
983
- $mo2f_rba_status = mo2f_collect_attributes($email,stripslashes($attributes)); // Rba flow
984
- $_SESSION[ 'mo2f_rba_status' ] = $mo2f_rba_status;
985
- }catch(Exception $e){
986
- echo $e->getMessage();
987
- }
988
- if($mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag']){
989
- $this->mo2fa_pass2login();
990
- }else{
991
- if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($currentuser->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
992
- $this->mo2f_pass2login_kba_verification($currentuser);
993
- }else{
994
- $mo2f_second_factor = mo2f_get_user_2ndfactor($currentuser);
995
- if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
996
- $this->mo2f_pass2login_mobile_verification($currentuser);
997
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
998
- $this->mo2f_pass2login_push_oobemail_verification($currentuser,$mo2f_second_factor);
999
- }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ){
1000
- $this->mo2f_pass2login_otp_verification($currentuser,$mo2f_second_factor);
1001
- }else if($mo2f_second_factor == 'KBA'){
1002
- $this->mo2f_pass2login_kba_verification($currentuser);
1003
- }else{
1004
- $this->remove_current_activity();
1005
- $error = new WP_Error();
1006
- $error->add('empty_username', __('<strong>ERROR</strong>: Please try again or contact your admin.'));
1007
- return $error;
1008
- }
1009
- }
1010
- }
1011
- }else{ //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
1012
- if(!get_option('mo2f_inline_registration')){
1013
- $this->mo2fa_pass2login();
1014
  }else{
1015
- delete_user_meta($currentuser->ID,'mo2f_selected_2factor_method');
1016
- $_SESSION['mo2f-login-message'] = '';
1017
- if( get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) =='MO_2_FACTOR_INITIALIZE_TWO_FACTOR'){
1018
- $_SESSION[ 'mo_2factor_login_status' ] ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1019
- }else{
1020
- $_SESSION[ 'mo_2factor_login_status' ] ='MO_2_FACTOR_PROMPT_FOR_USER_REGISTRATION';
1021
- }
1022
  }
1023
  }
1024
- }else{ //plugin is not activated for current role then logged him in without asking 2 factor
1025
- $this->mo2fa_pass2login();
1026
  }
 
 
1027
  }
 
 
 
1028
  }
1029
- }else{
1030
- //xmlrpc handle
1031
- if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
1032
- $currentuser = wp_authenticate_username_password($user, $username, $password);
1033
- if (is_wp_error($currentuser)) {
1034
- $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
1035
- return false;
1036
- }else{
1037
- return $currentuser;
1038
- }
1039
- }else{
1040
- $error = new WP_Error();
1041
- return $error;
1042
- }
1043
- }
1044
  }
1045
 
 
1046
  function mo_2_factor_enable_jquery_default_login(){
1047
  wp_enqueue_script('jquery');
1048
- wp_enqueue_script( 'bootstrap_script', plugins_url('includes/js/bootstrap.min.js', __FILE__ ));
1049
- wp_enqueue_script( 'mo_2_factor_admin_settings_phone_script', plugins_url('includes/js/phone.js', __FILE__ ));
1050
-
1051
- }
1052
-
1053
- function mo_2_factor_enable_jquery() {
1054
- wp_enqueue_script('jquery');
1055
- global $post;
1056
- $myaccount_page_id = get_option( 'woocommerce_myaccount_page_id' );
1057
- $id = ( isset( $post->ID ) ? get_the_ID() : NULL );
1058
- if ( $myaccount_page_id == $id) {
1059
- wp_enqueue_script( 'bootstrap_script', plugins_url('includes/js/bootstrap.min.js', __FILE__ ));
1060
- }
1061
- wp_enqueue_script( 'mo_2_factor_admin_settings_phone_script', plugins_url('includes/js/phone.js', __FILE__ ));
1062
-
1063
  }
1064
 
 
1065
 
1066
- function mo_2_factor_pass2login_hide_login() {
1067
- wp_register_style( 'hide-login', plugins_url( 'includes/css/hide-login.css?version=4.1.3', __FILE__ ) );
1068
- wp_enqueue_style( 'hide-login' );
1069
- wp_register_style( 'bootstrap', plugins_url( 'includes/css/bootstrap.min.css?version=4.1.3', __FILE__ ) );
1070
- wp_enqueue_style( 'bootstrap' );
1071
- wp_register_style( 'mo-country-code', plugins_url('includes/css/phone.css', __FILE__));
1072
- wp_enqueue_style( 'mo-country-code' );
1073
- }
1074
-
1075
- function mo_2_factor_pass2login_show_login(){
1076
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.1.3', __FILE__ ) );
1077
- wp_enqueue_style( 'show-login' );
1078
- }
1079
 
1080
- function miniorange_pass2login_form_fields(){
1081
- //$this->miniorange_pass2login_start_session();
1082
- $login_status = isset($_SESSION[ 'mo_2factor_login_status' ]) ? $_SESSION[ 'mo_2factor_login_status' ] : null;
1083
- $user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
1084
- $current_user = isset($user) ? $user->ID : null;
1085
  if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
1086
- $this->mo_2_factor_pass2login_hide_login();
1087
- $this->mo_2_factor_pass2login_show_qr_code();
1088
- }else if($this->miniorange_pass2login_check_otp_status($login_status)){ //for soft-token,otp over email,sms,phone verification
1089
- $this->mo_2_factor_pass2login_hide_login();
1090
- $this->mo_2_factor_pass2login_show_otp_token();
1091
  }else if($this->miniorange_pass2login_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
1092
- $this->mo_2_factor_pass2login_hide_login();
1093
- $this->mo_2_factor_pass2login_show_forgotphone();
1094
  }else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
1095
- $this->mo_2_factor_pass2login_hide_login();
1096
- $this->mo_2_factor_pass2login_show_push_oobemail($current_user);
1097
  }else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
1098
- $this->mo_2_factor_pass2login_hide_login();
1099
- $this->mo_2_factor_pass2login_show_kba();
1100
  }else if($this->miniorange_pass2login_check_trusted_device_status($login_status)){ // trusted device
1101
- $this->mo_2_factor_pass2login_hide_login();
1102
- $this->mo_2_factor_pass2login_show_device_page();
1103
- }else if($this->miniorange_pass2login_check_inline_user_registration($login_status)){ // inline registration started
1104
- $this->mo_2_factor_pass2login_hide_login();
1105
- prompt_user_to_register();
1106
- }else if($this->miniorange_pass2login_check_inline_user_otp($login_status)){ //otp verification after user enter email during inline registration
1107
- $this->mo_2_factor_pass2login_hide_login();
1108
- prompt_user_for_validate_otp();
1109
- }else if($this->miniorange_pass2login_inline_setup_success($login_status)){ //MO_2_FACTOR_SETUP_SUCCESS
1110
- $this->mo_2_factor_pass2login_hide_login();
1111
- prompt_user_for_setup_success($current_user);
1112
- }else if($this->miniorange_pass2login_check_inline_user_2fa_methods($login_status)){ // two-factor methods
1113
- $this->mo_2_factor_pass2login_hide_login();
1114
- $opt = (array) get_option('mo2f_auth_methods_for_users');
1115
- if (sizeof($opt) > 1) {
1116
-
1117
- prompt_user_to_select_2factor_method($current_user);
1118
-
1119
- }else if( in_array("SMS", $opt) || in_array("PHONE VERIFICATION", $opt) ){
1120
- $authtype = array_shift($opt);
1121
- update_user_meta($current_user,'mo2f_selected_2factor_method',$authtype);
1122
- prompt_user_for_phone_setup($current_user);
1123
-
1124
- }else if( in_array("SOFT TOKEN", $opt) || in_array("PUSH NOTIFICATIONS", $opt) || in_array("MOBILE AUTHENTICATION", $opt) ){
1125
- $authtype = array_shift($opt);
1126
- update_user_meta($current_user,'mo2f_selected_2factor_method',$authtype);
1127
- prompt_user_for_miniorange_app_setup($current_user);
1128
-
1129
- }else if( in_array("GOOGLE AUTHENTICATOR", $opt) ){
1130
- update_user_meta($current_user,'mo2f_selected_2factor_method','GOOGLE AUTHENTICATOR');
1131
- prompt_user_for_google_authenticator_setup($current_user);
1132
-
1133
- }else if( in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt) ){
1134
- update_user_meta($current_user,'mo2f_selected_2factor_method','AUTHY 2-FACTOR AUTHENTICATION');
1135
- prompt_user_for_authy_authenticator_setup($current_user);
1136
-
1137
- }else if( in_array("KBA", $opt) ){
1138
- update_user_meta($current_user,'mo2f_selected_2factor_method','KBA');
1139
- prompt_user_for_kba_setup($current_user);
1140
-
1141
- }else{
1142
- update_user_meta($current_user,'mo2f_selected_2factor_method','OUT OF BAND EMAIL');
1143
- prompt_user_for_setup_success($current_user);
1144
- }
1145
-
1146
  }else{ //show login screen
1147
- $this->mo_2_factor_pass2login_show_login();
1148
  $this->mo_2_factor_pass2login_show_wp_login_form();
1149
  }
1150
  }
1151
 
1152
- //woocommerce front end login
1153
- function miniorange_pass2login_form_fields_frontend(){
1154
- //$this->miniorange_pass2login_start_session();
1155
- $login_status = isset($_SESSION[ 'mo_2factor_login_status' ]) ? $_SESSION[ 'mo_2factor_login_status' ] : null;
1156
- $user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize($_SESSION[ 'mo2f_current_user' ]) : null;
1157
- $current_user = isset($user) ? $user->ID : null;
1158
- if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
1159
- mo2f_frontend_getqrcode();
1160
- }else if($this->miniorange_pass2login_check_otp_status($login_status)){ //for soft-token,otp over email,sms,phone verification
1161
- mo2f_frontend_getotp_form();
1162
- }else if($this->miniorange_pass2login_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
1163
- mo2f_frontend_get_forgotphone_form();
1164
- }else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
1165
- mo2f_frontend_getpush_oobemail_response($current_user);
1166
- }else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
1167
- mo2f_frontend_get_kba_form();
1168
- }else if($this->miniorange_pass2login_check_trusted_device_status($login_status)){
1169
- mo2f_frontend_get_trusted_device_form();
1170
- }else if($this->miniorange_pass2login_check_inline_user_registration($login_status)){
1171
- prompt_user_to_register_frontend();
1172
- }else if($this->miniorange_pass2login_check_inline_user_otp($login_status)){
1173
- prompt_user_for_validate_otp_frontend();
1174
- }else if($this->miniorange_pass2login_inline_setup_success($login_status)){ //MO_2_FACTOR_SETUP_SUCCESS
1175
- prompt_user_for_setup_success_frontend($current_user);
1176
- }else if($this->miniorange_pass2login_check_inline_user_2fa_methods($login_status)){
1177
- $opt = (array) get_option('mo2f_auth_methods_for_users');
1178
- if (sizeof($opt) > 1) {
1179
-
1180
- prompt_user_to_select_2factor_method_frontend($current_user);
1181
-
1182
- }else if( in_array("SMS", $opt) || in_array("PHONE VERIFICATION", $opt) ){
1183
- $authtype = array_shift($opt);
1184
- update_user_meta($current_user,'mo2f_selected_2factor_method',$authtype);
1185
- prompt_user_for_phone_setup_frontend($current_user);
1186
-
1187
- }else if( in_array("SOFT TOKEN", $opt) || in_array("PUSH NOTIFICATIONS", $opt) || in_array("MOBILE AUTHENTICATION", $opt) ){
1188
- $authtype = array_shift($opt);
1189
- update_user_meta($current_user,'mo2f_selected_2factor_method',$authtype);
1190
- prompt_user_for_miniorange_app_setup_frontend($current_user);
1191
-
1192
- }else if( in_array("GOOGLE AUTHENTICATOR", $opt) ){
1193
- update_user_meta($current_user,'mo2f_selected_2factor_method','GOOGLE AUTHENTICATOR');
1194
- prompt_user_for_google_authenticator_setup_frontend($current_user);
1195
-
1196
- }else if( in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt) ){
1197
- update_user_meta($current_user,'mo2f_selected_2factor_method','AUTHY 2-FACTOR AUTHENTICATION');
1198
- prompt_user_for_authy_authenticator_setup_frontend($current_user);
1199
-
1200
- }else if( in_array("KBA", $opt) ){
1201
- update_user_meta($current_user,'mo2f_selected_2factor_method','KBA');
1202
- prompt_user_for_kba_setup_frontend($current_user);
1203
-
1204
- }else{
1205
- update_user_meta($current_user,'mo2f_selected_2factor_method','OUT OF BAND EMAIL');
1206
- prompt_user_for_setup_success_frontend($current_user);
1207
- }
1208
- }
1209
- }
1210
-
1211
- function miniorange_pass2login_inline_setup_success($login_status){
1212
- if($login_status == 'MO_2_FACTOR_SETUP_SUCCESS'){
1213
- $nonce = '';
1214
- if(isset($_POST['miniorange_inline_validate_otp_nonce']) ){ //After OTP over SMS and Phone Call Setup
1215
- $nonce = $_POST['miniorange_inline_validate_otp_nonce'];
1216
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' )){
1217
- return true;
1218
- }
1219
- }else if(isset($_POST['mo2f_inline_validate_ga_nonce'])){ // After Google Authenticator Setup
1220
- $nonce = $_POST['mo2f_inline_validate_ga_nonce'];
1221
- if(wp_verify_nonce($nonce,'miniorange-2-factor-inline-google-auth-nonce')){
1222
- return true;
1223
- }
1224
- }else if(isset($_POST['mo2f_inline_validate_authy_authentication_nonce'])){
1225
- $nonce = $_POST['mo2f_inline_validate_authy_authentication_nonce'];
1226
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-authy-authentication-nonce' )){
1227
- return true;
1228
- }
1229
- }else if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce']) ){ // After Soft Token, Push And QR Code Setup
1230
- $nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce'];
1231
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' )){
1232
- return true;
1233
- }
1234
- }else if(isset($_POST['mo2f_inline_save_kba_nonce']) ){ // After KBA Setup
1235
- $nonce = $_POST['mo2f_inline_save_kba_nonce'];
1236
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' )){
1237
- return true;
1238
- }
1239
- }else if(isset($_POST['miniorange_inline_save_2factor_method_nonce']) ){ // After Email Verification Radio button Click
1240
- $nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
1241
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' )){
1242
- return true;
1243
- }
1244
- }if(isset($_POST['miniorange_inline_validate_user_otp_nonce']) ){ // After user email is verified by entering OTP if there is only signle method
1245
- $nonce = $_POST['miniorange_inline_validate_user_otp_nonce'];
1246
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-user-otp-nonce' )){
1247
- return true;
1248
- }
1249
- }
1250
- }
1251
- return false;
1252
- }
1253
-
1254
- function miniorange_pass2login_check_inline_user_2fa_methods($login_status){
1255
-
1256
- if($login_status == 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS'){
1257
- $nonce = '';
1258
- if(isset($_POST['miniorange_inline_validate_user_otp_nonce']) ){ // After email is verified during inline
1259
- $nonce = $_POST['miniorange_inline_validate_user_otp_nonce'];
1260
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-user-otp-nonce' )){
1261
- return true;
1262
- }
1263
- }else if(isset($_POST['miniorange_inline_two_factor_setup'])){
1264
- $nonce = $_POST['miniorange_inline_two_factor_setup'];
1265
- if(wp_verify_nonce($nonce,'miniorange-2-factor-inline-setup-nonce')){
1266
- return true;
1267
- }
1268
- }else if(isset($_POST['miniorange_login_nonce']) ){ // after username + password when only email is verified earlier but 2nd factor is not setup
1269
- $nonce = $_POST['miniorange_login_nonce'];
1270
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
1271
- return true;
1272
- }
1273
- }else if(isset($_POST['miniorange_inline_save_2factor_method_nonce']) ){
1274
- $nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
1275
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' )){
1276
- return true;
1277
- }
1278
- }else if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
1279
- $nonce = $_POST['miniorange_inline_verify_phone_nonce'];
1280
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' )){
1281
- return true;
1282
- }
1283
- }else if(isset($_POST['miniorange_inline_resend_otp_nonce'])){
1284
- $nonce = $_POST['miniorange_inline_resend_otp_nonce'];
1285
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-resend-otp-nonce' )){
1286
- return true;
1287
- }
1288
- }else if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
1289
- $nonce = $_POST['miniorange_inline_validate_otp_nonce'];
1290
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' )){
1291
- return true;
1292
- }
1293
- }else if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
1294
- $nonce = $_POST['miniorange_inline_show_qrcode_nonce'];
1295
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' )){
1296
- return true;
1297
- }
1298
- }else if(isset($_POST['mo2f_inline_ga_phone_type_nonce'])){
1299
- $nonce = $_POST['mo2f_inline_ga_phone_type_nonce'];
1300
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-ga-phone-type-nonce' )){
1301
- return true;
1302
- }
1303
- }else if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
1304
- $nonce = $_POST['mo2f_inline_validate_ga_nonce'];
1305
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' )){
1306
- return true;
1307
- }
1308
- }else if(isset($_POST['mo2f_inline_authy_configure_nonce'])){
1309
- $nonce = $_POST['mo2f_inline_authy_configure_nonce'];
1310
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-authy-configuration-nonce' )){
1311
- return true;
1312
- }
1313
- }else if(isset($_POST['mo2f_inline_validate_authy_authentication_nonce'])){
1314
- $nonce = $_POST['mo2f_inline_validate_authy_authentication_nonce'];
1315
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-authy-authentication-nonce' )){
1316
- return true;
1317
- }
1318
- }
1319
- }
1320
- return false;
1321
- }
1322
-
1323
- function miniorange_pass2login_check_inline_user_otp($login_status){
1324
-
1325
- if($login_status == 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP'){
1326
- $nonce = '';
1327
- if(isset($_POST['miniorange_inline_user_reg_nonce']) ){
1328
- $nonce = $_POST['miniorange_inline_user_reg_nonce'];
1329
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-user-reg-nonce' )){
1330
- return true;
1331
- }
1332
- }else if(isset($_POST['miniorange_inline_validate_user_otp_nonce']) ){
1333
- $nonce = $_POST['miniorange_inline_validate_user_otp_nonce'];
1334
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-user-otp-nonce' )){
1335
- return true;
1336
- }
1337
- }else if(isset($_POST['miniorange_inline_resend_otp_nonce']) ){
1338
- $nonce = $_POST['miniorange_inline_resend_otp_nonce'];
1339
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-resend-otp-nonce' )){
1340
- return true;
1341
- }
1342
- }
1343
- }
1344
- return false;
1345
- }
1346
-
1347
- function miniorange_pass2login_check_inline_user_registration($login_status){
1348
- if($login_status == 'MO_2_FACTOR_PROMPT_FOR_USER_REGISTRATION'){
1349
- $nonce = '';
1350
-
1351
- if(isset($_POST['miniorange_login_nonce']) ){
1352
- $nonce = $_POST['miniorange_login_nonce'];
1353
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
1354
- return true;
1355
- }
1356
- }else if(isset($_POST['miniorange_inline_goto_user_registration_nonce'])){
1357
- $nonce = $_POST['miniorange_inline_goto_user_registration_nonce'];
1358
- if(wp_verify_nonce($nonce,'miniorange-2-factor-inline-goto-user-registration-nonce')){
1359
- return true;
1360
- }
1361
- }else if(isset($_POST['miniorange_inline_user_reg_nonce']) ){
1362
- $nonce = $_POST['miniorange_inline_user_reg_nonce'];
1363
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-user-reg-nonce' )){
1364
- return true;
1365
- }
1366
- }
1367
- }
1368
- return false;
1369
- }
1370
-
1371
  function miniorange_pass2login_check_forgotphone_status($login_status){ // after clicking on forgotphone link when both kba and email are configured
1372
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL'){
1373
- $nonce = '';
1374
- if(isset($_POST['miniorange_forgotphone'])){
1375
- $nonce = $_POST['miniorange_forgotphone'];
1376
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
1377
- return true;
1378
- }
1379
- }else if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){
1380
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
1381
- if ( wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
1382
- return true;
1383
- }
1384
- }
1385
  }
1386
  return false;
1387
  }
@@ -1389,193 +609,42 @@ class Miniorange_Password_2Factor_Login{
1389
  function miniorange_pass2login_check_trusted_device_status($login_status){
1390
 
1391
  if($login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE'){
1392
- $nonce = '';
1393
- if(isset($_POST['miniorange_soft_token_nonce'])){
1394
- $nonce = $_POST['miniorange_soft_token_nonce'];
1395
- if(wp_verify_nonce($nonce,'miniorange-2-factor-soft-token-nonce')){
1396
- return true;
1397
- }
1398
- }else if(isset($_POST['miniorange_mobile_validation_nonce'])){
1399
- $nonce = $_POST['miniorange_mobile_validation_nonce'];
1400
- if(wp_verify_nonce($nonce,'miniorange-2-factor-mobile-validation-nonce')){
1401
- return true;
1402
- }
1403
- }else if(isset($_POST['miniorange_kba_nonce'])){
1404
- $nonce = $_POST['miniorange_kba_nonce'];
1405
- if(wp_verify_nonce($nonce,'miniorange-2-factor-kba-nonce')){
1406
- return true;
1407
- }
1408
- }
1409
  }
1410
  return false;
1411
  }
1412
 
1413
  function miniorange_pass2login_check_push_oobemail_status($login_status){ // for push and out of and email
1414
  if($login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL'){
1415
- $nonce = '';
1416
-
1417
- if(isset($_POST['miniorange_login_nonce']) ){
1418
- $nonce = $_POST['miniorange_login_nonce'];
1419
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
1420
- return true;
1421
- }
1422
- }else if(isset($_POST['miniorange_forgotphone'])){
1423
- $nonce = $_POST['miniorange_forgotphone'];
1424
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
1425
- return true;
1426
- }
1427
- }
1428
  }
1429
  return false;
1430
  }
1431
 
1432
- function miniorange_pass2login_check_otp_status($login_status){
1433
  if($login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
1434
- $nonce = '';
1435
-
1436
- if(isset($_POST['miniorange_login_nonce']) ){
1437
- $nonce = $_POST['miniorange_login_nonce'];
1438
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
1439
- return true;
1440
- }
1441
- }
1442
- if(isset($_POST['miniorange_softtoken'])){
1443
- $nonce = $_POST['miniorange_softtoken'];
1444
- if(wp_verify_nonce($nonce,'miniorange-2-factor-softtoken')){
1445
- return true;
1446
- }
1447
- }else if(isset($_POST['miniorange_forgotphone'])){
1448
- $nonce = $_POST['miniorange_forgotphone'];
1449
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
1450
- return true;
1451
- }
1452
- }else if(isset($_POST['miniorange_soft_token_nonce'])){
1453
- $nonce = $_POST['miniorange_soft_token_nonce'];
1454
- if(wp_verify_nonce($nonce,'miniorange-2-factor-soft-token-nonce')){
1455
- return true;
1456
- }
1457
- }else if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){
1458
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
1459
- if ( wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
1460
- return true;
1461
- }
1462
- }
1463
  }
1464
  return false;
1465
  }
1466
 
1467
  function miniorange_pass2login_check_mobile_status($login_status){ //mobile authentication
1468
  if($login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION'){
1469
- $nonce = '';
1470
- if(isset($_POST['miniorange_login_nonce']) ){
1471
- $nonce = $_POST['miniorange_login_nonce'];
1472
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
1473
- return true;
1474
- }
1475
- }else if(isset($_POST['miniorange_forgotphone'])){
1476
- $nonce = $_POST['miniorange_forgotphone'];
1477
- if(wp_verify_nonce($nonce,'miniorange-2-factor-forgotphone')){
1478
- return true;
1479
- }
1480
- }
1481
  }
1482
  return false;
1483
  }
1484
 
1485
  function miniorange_pass2login_check_kba_status($login_status){
1486
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION'){
1487
- $nonce = '';
1488
- if(isset($_POST['miniorange_login_nonce']) ){
1489
- $nonce = $_POST['miniorange_login_nonce'];
1490
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' )){
1491
- return true;
1492
- }
1493
- }else if(isset($_POST['miniorange_kba_nonce']) ){
1494
- $nonce = $_POST['miniorange_kba_nonce'];
1495
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' )){
1496
- return true;
1497
- }
1498
- }else if(isset($_POST['miniorange_alternate_login_kba_nonce'])){
1499
- $nonce = $_POST['miniorange_alternate_login_kba_nonce'];
1500
- if(wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' )){
1501
- return true;
1502
- }
1503
- }else if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){
1504
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
1505
- if ( wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
1506
- return true;
1507
- }
1508
- }
1509
  }
1510
  return false;
1511
  }
1512
 
1513
  function miniorange_pass2login_footer_form(){
1514
-
1515
- if(isset($_SESSION[ 'mo_2factor_login_status' ])){ //show these forms after default login form
1516
  ?>
1517
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="" style="display:none;">
1518
- <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
1519
- </form>
1520
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" style="display:none;">
1521
- <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
1522
- </form>
1523
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1524
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1525
- </form>
1526
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" action="" style="display:none;">
1527
- <input type="hidden" name="miniorange_alternate_login_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-alternate-login-kba-nonce'); ?>" />
1528
- </form>
1529
- <form name="f" id="mo2f_challenge_forgotphone_form" method="post" action="" style="display:none;">
1530
- <input type="hidden" name="mo2f_selected_2factor_method" />
1531
- <input type="hidden" name="miniorange_challenge_forgotphone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-challenge-forgotphone-nonce'); ?>" />
1532
- </form>
1533
- <?php if(get_option('mo2f_enable_2fa_for_woocommerce') == 1) { ?>
1534
- <form name="f" id="mo2f_2fa_form_close" method="post" style="display:none;">
1535
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1536
- </form>
1537
- <?php }
1538
- }
1539
- if(isset($_SESSION[ 'mo_2factor_login_status' ]) && ($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' || $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' || $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' )){ //show this form when 2nd factor is mobile,email verification,push
1540
- ?>
1541
- <form name="f" id="mo2f_mobile_validation_form" method="post" action="" style="display:none;">
1542
- <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
1543
- </form>
1544
- <?php
1545
- }
1546
- if(isset($_SESSION[ 'mo_2factor_login_status' ]) && ($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION')){ //show this form when 2nd factor is otp over email(forgot phone),otp over sms,phone verification,soft token,google authenticator
1547
- ?>
1548
- <form name="f" id="mo2f_submitotp_loginform" method="post" action="" style="display:none;">
1549
- <input type="text" name="mo2fa_softtoken" id="mo2fa_softtoken" hidden/>
1550
- <input type="hidden" name="miniorange_soft_token_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-soft-token-nonce'); ?>" />
1551
- </form>
1552
- <?php
1553
- }
1554
- if(isset($_SESSION[ 'mo_2factor_login_status' ]) && ($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION')){ //show this form only when 2nd factor is KBA
1555
- ?>
1556
- <form name="f" id="mo2f_submitkba_loginform" method="post" action="" style="display:none;">
1557
- <input type="text" name="mo2f_answer_1" id="mo2f_answer_1" hidden />
1558
- <input type="text" name="mo2f_answer_2" id="mo2f_answer_1" hidden />
1559
- <input type="text" name="mo2f_trust_device" id="mo2f_trust_device" hidden />
1560
- <input type="hidden" name="miniorange_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-kba-nonce'); ?>" />
1561
- </form>
1562
- <?php
1563
- }
1564
- if(get_option('mo2f_deviceid_enabled') && get_option('mo2f_login_policy')){ //show this form and script only rba is on
1565
- if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ){ //show this form only when rba is on and device is not trusted.
1566
- ?>
1567
-
1568
- <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" style="display:none;">
1569
- <input type="hidden" name="mo2f_trust_device_confirm_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-confirm-nonce'); ?>" />
1570
- </form>
1571
- <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" style="display:none;">
1572
- <input type="hidden" name="mo2f_trust_device_cancel_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-cancel-nonce'); ?>" />
1573
- </form>
1574
- <?php
1575
- }
1576
- ?>
1577
-
1578
- <script>
1579
  jQuery(document).ready(function(){
1580
  if(document.getElementById('loginform') != null){
1581
  jQuery('#loginform').on('submit', function(e){
@@ -1589,84 +658,20 @@ class Miniorange_Password_2Factor_Login{
1589
  }
1590
  }
1591
  });
1592
- </script>
1593
- <?php }
1594
- ?>
1595
- <form name="f" id="mo2f_inline_register_user_form" method="post" action="" style="display:none;">
1596
- <input type="text" name="mo_useremail" id="mo2fa_user_email" hidden/>
1597
- <input type="hidden" name="miniorange_inline_user_reg_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-user-reg-nonce'); ?>" />
1598
- </form>
1599
- <form name="f" id="mo2f_inline_register_skip_form" method="post" style="display:none;">
1600
- <input type="hidden" name="miniorange_inline_skip_registration_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-skip-registration-nonce'); ?>" />
1601
- </form>
1602
- <form name="f" id="mo2f_goto_user_registration_form" method="post" action="" style="display:none;">
1603
- <input type="hidden" name="miniorange_inline_goto_user_registration_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-goto-user-registration-nonce'); ?>" />
1604
- </form>
1605
- <form name="f" id="mo2f_inline_user_validate_otp_form" method="post" action="" style="display:none;">
1606
- <input type="hidden" name="otp_token" />
1607
- <input type="hidden" name="miniorange_inline_validate_user_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-user-otp-nonce'); ?>" />
1608
 
1609
- </form>
1610
- <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1611
- <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1612
- </form>
1613
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
1614
- <input type="hidden" name="mo2f_selected_2factor_method" />
1615
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
1616
- </form>
1617
- <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form" style="display:none;">
1618
- <input type="hidden" name="verify_phone" />
1619
- <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1620
- </form>
1621
- <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" style="display:none;">
1622
- <input type="hidden" name="otp_token" />
1623
- <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1624
- </form>
1625
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
1626
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
1627
- </form>
1628
- <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
1629
- <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
1630
- </form>
1631
- <form name="f" method="post" id="mo2f_inline_save_kba_form" action="" style="display:none;">
1632
- <input type="text" name="mo2f_kbaquestion_1" id="mo2f_kbaquestion_1" hidden />
1633
- <input type="text" name="mo2f_kba_ans1" id="mo2f_kba_ans1" hidden />
1634
- <input type="text" name="mo2f_kbaquestion_2" id="mo2f_kbaquestion_2" hidden />
1635
- <input type="text" name="mo2f_kba_ans2" id="mo2f_kba_ans2" hidden />
1636
- <input type="text" name="mo2f_kbaquestion_3" id="mo2f_kbaquestion_3" hidden />
1637
- <input type="text" name="mo2f_kba_ans3" id="mo2f_kba_ans3" hidden />
1638
- <input type="hidden" name="mo2f_inline_kba_option" />
1639
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1640
- </form>
1641
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" style="display:none;">
1642
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1643
- </form>
1644
- <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
1645
- <input type="hidden" name="google_phone_type" />
1646
- <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
1647
- </form>
1648
- <form name="" method="post" id="mo2f_inline_verify_ga_code_form" style="display:none;">
1649
- <input type="hidden" name="google_auth_code" />
1650
- <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
1651
- </form>
1652
- <form name="f" method="post" id="mo2f_inline_authy_configure_form" action="" style="display:none;">
1653
- <input type="hidden" name="mo2f_inline_authy_configure_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-authy-configuration-nonce'); ?>" />
1654
- </form>
1655
- <form name="" method="post" id="mo2f_inline_validate_authy_authentication_form" style="display:none;">
1656
- <input type="hidden" name="authy_auth_code" />
1657
- <input type="hidden" name="mo2f_inline_validate_authy_authentication_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-authy-authentication-nonce'); ?>" />
1658
- </form>
1659
-
1660
- <?php
1661
  }
1662
 
1663
- function mo2f_pass2login_otp_verification($user,$mo2f_second_factor){
1664
  if($mo2f_second_factor == 'SOFT TOKEN'){
1665
- $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the <b>miniOrange Authenticator</b> app.';
1666
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
 
1667
  }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1668
- $_SESSION['mo2f-login-message'] = get_user_meta($user->ID,'mo2f_external_app_type',true) == 'AUTHY 2-FACTOR AUTHENTICATION' ? 'Please enter the one time passcode shown in the <b>Authy 2-Factor Authentication</b> app.' : 'Please enter the one time passcode shown in the <b>Google Authenticator</b> app.';
1669
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
 
1670
  }else{
1671
  $challengeMobile = new Customer_Setup();
1672
  $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), $mo2f_second_factor,get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
@@ -1674,14 +679,20 @@ class Miniorange_Password_2Factor_Login{
1674
  if(json_last_error() == JSON_ERROR_NONE) {
1675
  if($response['status'] == 'SUCCESS'){
1676
  $message = $mo2f_second_factor == 'SMS' ? 'The OTP has been sent to '. MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . '. Please enter the OTP you received to Validate.' : 'You will receive phone call on ' . MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . ' with OTP. Please enter the OTP to Validate.';
1677
- $_SESSION['mo2f-login-message'] = $message;
1678
  $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
1679
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
 
 
 
1680
  }else{
1681
- $message = $mo2f_second_factor == 'SMS' ? $response['message'] . ' You can click on <b>Forgot your phone</b> link to login via alternate method.' : 'We are unable to send the OTP via phone call on your regsitared phone. You can click on <b>Forgot your phone</b> link to receive OTP to your registered email.';
1682
- $_SESSION['mo2f-login-message'] = $message;
1683
  $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
1684
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
 
 
 
1685
  }
1686
  }else{
1687
  $this->remove_current_activity();
@@ -1692,19 +703,23 @@ class Miniorange_Password_2Factor_Login{
1692
  }
1693
  }
1694
 
1695
- function mo2f_pass2login_push_oobemail_verification($user,$mo2f_second_factor){
1696
  $challengeMobile = new Customer_Setup();
1697
  $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true),$mo2f_second_factor ,get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
1698
  $response = json_decode($content, true);
1699
  if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
1700
  if($response['status'] == 'SUCCESS'){
1701
  $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
1702
- $_SESSION['mo2f-login-message'] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true)) . '. We are waiting for your approval.';
1703
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
 
 
1704
  }else if($response['status'] == 'ERROR' || $response['status'] == 'FAILED' ){
1705
  $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
1706
- $_SESSION['mo2f-login-message'] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
1707
- $_SESSION[ 'mo_2factor_login_status' ] = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
 
 
1708
  }
1709
  }else{
1710
  $this->remove_current_activity();
@@ -1714,9 +729,9 @@ class Miniorange_Password_2Factor_Login{
1714
  }
1715
  }
1716
 
1717
- function mo2f_pass2login_kba_verification($user){
1718
  $challengeKba = new Customer_Setup();
1719
- $content = $challengeKba->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), 'KBA',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
1720
  $response = json_decode($content, true);
1721
  if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
1722
  if($response['status'] == 'SUCCESS'){
@@ -1725,8 +740,10 @@ class Miniorange_Password_2Factor_Login{
1725
  $questions[0] = $response['questions'][0]['question'];
1726
  $questions[1] = $response['questions'][1]['question'];
1727
  $_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
1728
- $_SESSION['mo2f-login-message'] = 'Please answer the following questions:';
1729
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
 
 
1730
  }else if($response['status'] == 'ERROR'){
1731
  $this->remove_current_activity();
1732
  $error = new WP_Error();
@@ -1741,13 +758,15 @@ class Miniorange_Password_2Factor_Login{
1741
  }
1742
  }
1743
 
1744
- function mo2f_pass2login_mobile_verification($user){
1745
  $useragent = $_SERVER['HTTP_USER_AGENT'];
1746
  if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
1747
  unset($_SESSION[ 'mo2f-login-qrCode' ]);
1748
  unset($_SESSION[ 'mo2f-login-transactionId' ]);
1749
- $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange Authenticator app.';
1750
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
 
 
1751
  }else{
1752
  $challengeMobile = new Customer_Setup();
1753
  $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), 'MOBILE AUTHENTICATION',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
@@ -1756,7 +775,10 @@ class Miniorange_Password_2Factor_Login{
1756
  if($response['status'] == 'SUCCESS'){
1757
  $_SESSION[ 'mo2f-login-qrCode' ] = $response['qrCode'];
1758
  $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
1759
- $_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
 
 
 
1760
  }else if($response['status'] == 'ERROR'){
1761
  $this->remove_current_activity();
1762
  $error = new WP_Error();
@@ -1776,11 +798,12 @@ class Miniorange_Password_2Factor_Login{
1776
  function mo_2_factor_pass2login_show_wp_login_form(){
1777
  ?>
1778
  <p><input type="hidden" name="miniorange_login_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-nonce'); ?>" />
1779
- <a href="http://miniorange.com/cloud-identity-broker-service" style="display:none;"></a>
1780
- <a href="http://miniorange.com/strong_auth" style="display:none;"></a>
1781
- <a href="http://miniorange.com/single-sign-on-sso" style="display:none;"></a>
1782
- <a href="http://miniorange.com/fraud" style="display:none;"></a>
1783
  </p>
 
1784
  <?php
1785
  if(get_option('mo2f_deviceid_enabled')){
1786
  ?>
@@ -1797,116 +820,5 @@ class Miniorange_Password_2Factor_Login{
1797
  wp_enqueue_script( 'miniorange_script', plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ));
1798
  }
1799
  }
1800
-
1801
- function mo2f_register_user_inline($email){
1802
-
1803
- $enduser = new Two_Factor_Setup();
1804
- $check_user = json_decode($enduser->mo_check_user_already_exist($email),true);
1805
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
1806
- $currentUserId = $current_user->ID;
1807
-
1808
- if(json_last_error() == JSON_ERROR_NONE){
1809
- if($check_user['status'] == 'ERROR'){
1810
- $_SESSION['mo2f-login-message'] = $check_user['message'];
1811
-
1812
- }else{
1813
- if(strcasecmp($check_user['status'], 'USER_FOUND') == 0){
1814
-
1815
- delete_user_meta($currentUserId,'mo_2factor_user_email');
1816
- update_user_meta($currentUserId,'mo_2factor_user_registration_with_miniorange','SUCCESS');
1817
- update_user_meta($currentUserId,'mo_2factor_map_id_with_email',$email);
1818
- update_user_meta($currentUserId,'mo_2factor_user_registration_status','MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
1819
- $_SESSION[ 'mo_2factor_login_status' ] ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1820
- $message = '';
1821
- $_SESSION['mo2f-login-message'] = $message;
1822
-
1823
-
1824
- }else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
1825
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
1826
- if(json_last_error() == JSON_ERROR_NONE) {
1827
- if($content['status'] == 'ERROR'){
1828
- $_SESSION['mo2f-login-message'] = $content['message'];
1829
- }else{
1830
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
1831
- delete_user_meta($currentUserId,'mo_2factor_user_email');
1832
- update_user_meta($currentUserId,'mo_2factor_user_registration_with_miniorange','SUCCESS');
1833
- update_user_meta($currentUserId,'mo_2factor_map_id_with_email',$email);
1834
- update_user_meta($currentUserId,'mo_2factor_user_registration_status','MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
1835
- $enduser->mo2f_update_userinfo(get_user_meta($currentUserId,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,null,null);
1836
- $message = '';
1837
- $_SESSION['mo2f-login-message'] = $message;
1838
-
1839
- $_SESSION[ 'mo_2factor_login_status' ] ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1840
-
1841
- }else{
1842
- $_SESSION['mo2f-login-message'] = 'Error occurred while registering the user. Please try again.';
1843
-
1844
- }
1845
- }
1846
- }else{
1847
- $_SESSION['mo2f-login-message'] = 'Error occurred while registering the user. Please try again or contact your admin.';
1848
-
1849
- }
1850
- }else{
1851
- $_SESSION['mo2f-login-message'] = 'Error occurred while registering the user. Please try again.';
1852
-
1853
- }
1854
- }
1855
- }else{
1856
- $_SESSION['mo2f-login-message'] = 'Error occurred while registering the user. Please try again.';
1857
-
1858
- }
1859
-
1860
- }
1861
-
1862
- function mo2f_inline_get_qr_code_for_mobile($email,$id){
1863
- $registerMobile = new Two_Factor_Setup();
1864
- $content = $registerMobile->register_mobile($email);
1865
- $response = json_decode($content, true);
1866
- if(json_last_error() == JSON_ERROR_NONE) {
1867
- if($response['status'] == 'ERROR'){
1868
- $_SESSION['mo2f-login-message'] = $response['message'];
1869
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
1870
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
1871
- unset($_SESSION[ 'mo2f_show_qr_code']);
1872
- }else{
1873
- if($response['status'] == 'IN_PROGRESS'){
1874
-
1875
- $_SESSION[ 'mo2f-login-qrCode' ] = $response['qrCode'];
1876
- $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
1877
- $_SESSION[ 'mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
1878
- }else{
1879
- $_SESSION['mo2f-login-message'] = "An error occured while processing your request. Please Try again.";
1880
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
1881
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
1882
- unset($_SESSION[ 'mo2f_show_qr_code']);
1883
- }
1884
- }
1885
- }
1886
- }
1887
-
1888
- function mo_2_factor_pass2login_show_qr_code(){ //for mobile authentication
1889
- mo2f_getqrcode();
1890
- }
1891
-
1892
- function mo_2_factor_pass2login_show_otp_token(){ //for soft token,sms,email(forgot phone),phone verification
1893
- mo2f_getotp_form();
1894
- }
1895
-
1896
- function mo_2_factor_pass2login_show_push_oobemail($id){ //for push notification and out of band email
1897
- mo2f_getpush_oobemail_response($id);
1898
- }
1899
-
1900
- function mo_2_factor_pass2login_show_device_page(){
1901
- mo2f_get_device_form();
1902
- }
1903
-
1904
- function mo_2_factor_pass2login_show_kba(){
1905
- mo2f_getkba_form();
1906
- }
1907
-
1908
- function mo_2_factor_pass2login_show_forgotphone(){
1909
- mo2f_get_forgotphone_form();
1910
- }
1911
  }
1912
  ?>
23
 
24
  **/
25
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
 
26
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
27
 
28
+
29
  class Miniorange_Password_2Factor_Login{
30
 
31
  function remove_current_activity(){
43
 
44
  }
45
 
46
+ function mo2fa_pass2login($redirect_to=null){
47
  if(isset($_SESSION[ 'mo2f_current_user' ]) && isset($_SESSION[ 'mo2f_1stfactor_status' ]) && $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS'){
48
+ $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
49
  $user_id = $currentuser->ID;
50
  wp_set_current_user($user_id, $currentuser->user_login);
51
  $this->remove_current_activity();
52
  wp_set_auth_cookie( $user_id, true );
53
  do_action( 'wp_login', $currentuser->user_login, $currentuser );
54
+ redirect_user_to($currentuser, $redirect_to);
55
  exit;
56
  }else{
57
  $this->remove_current_activity();
64
  }
65
  }
66
 
67
+
68
  public function miniorange_pass2login_redirect() {
69
 
70
+ if(!get_option('mo2f_login_policy')){
71
+
72
+ if (isset($_POST['miniorange_login_nonce'])){
73
+ $nonce = $_POST['miniorange_login_nonce'];
74
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
75
+ $this->remove_current_activity();
76
+ $error = new WP_Error();
77
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
78
+ return $error;
79
+ } else {
80
+ $this->miniorange_pass2login_start_session();
81
+ $mobile_login = new Miniorange_Mobile_Login();
82
+ //validation and sanitization
83
+ $username = '';
84
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
85
+ $_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
86
+ $mobile_login->mo_auth_show_error_message();
87
+ return;
88
+ } else{
89
+ $username = sanitize_text_field( $_POST['mo2fa_username'] );
90
+ }
91
+
92
+
93
+
94
+ if ( username_exists( $username ) ){ /*if username exists in wp site */
95
+ $user = new WP_User( $username );
96
+
97
+ $_SESSION[ 'mo2f_current_user' ] = serialize($user);
98
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
99
+
100
+ $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
101
+
102
+ $current_roles = miniorange_get_user_role($user);
103
+ $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
104
+
105
+ if($enabled){
106
+ if(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
107
+ if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($user->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
108
+ $this->mo2f_pass2login_kba_verification($user->ID , $redirect_to);
109
+
110
+ }else{
111
+ $mo2f_second_factor = mo2f_get_user_2ndfactor($user);
112
+ if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
113
+ $this->mo2f_pass2login_mobile_verification($user , $redirect_to);
114
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
115
+ $this->mo2f_pass2login_push_oobemail_verification($user,$mo2f_second_factor, $redirect_to);
116
+ }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
117
+
118
+ $this->mo2f_pass2login_otp_verification($user,$mo2f_second_factor, $redirect_to);
119
+
120
+ }else if($mo2f_second_factor == 'KBA'){
121
+
122
+ $this->mo2f_pass2login_kba_verification($user->ID, $redirect_to);
123
+ }else{
124
+ $this->remove_current_activity();
125
+ $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
126
+ $mobile_login->mo_auth_show_success_message();
127
+ }
128
+ }
129
+ }else{
130
+
131
+ $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
132
+ $mobile_login->mo_auth_show_success_message();
133
+ $mobile_login->mo2f_redirectto_wp_login();
134
+ }
135
+ }else{
136
+ $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
137
+ $mobile_login->mo_auth_show_success_message();
138
+ $mobile_login->mo2f_redirectto_wp_login();
139
+ }
140
+ } else{
141
+ $mobile_login->remove_current_activity();
142
+ $_SESSION['mo2f-login-message'] = 'Invalid Username.';
143
+ $mobile_login->mo_auth_show_error_message();
144
+ }
145
+ }
146
+ }
147
+
148
+ }
149
+
150
  if(isset($_POST['mo2f_trust_device_confirm_nonce'])){ /*register device as rba profile */
151
  $nonce = $_POST['mo2f_trust_device_confirm_nonce'];
152
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
157
  } else {
158
  $this->miniorange_pass2login_start_session();
159
  try{
160
+ $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
161
  mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
162
  }catch(Exception $e){
163
  echo $e->getMessage();
164
  }
165
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
166
+ $this->mo2fa_pass2login($redirect_to);
167
  }
168
  }
169
 
175
  return $error;
176
  } else {
177
  $this->miniorange_pass2login_start_session();
178
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
179
+ $this->mo2fa_pass2login($redirect_to);
180
  }
181
  }
182
 
188
  return $error;
189
  }else {
190
  $this->miniorange_pass2login_start_session();
191
+ $forgot_phone_enable = get_option('mo2f_enable_forgotphone');
192
+ $forgot_phone_kba_enable = get_option('mo2f_enable_forgotphone_kba');
193
+ $forgot_phone_email_enable = get_option('mo2f_enable_forgotphone_email');
194
+
195
  $second_factor = isset($_POST[ 'mo2f_selected_2factor_method' ]) ? $_POST[ 'mo2f_selected_2factor_method' ] : 'KBA';
196
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
197
+ $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
198
+ $id = $current_user->ID;
199
+ if($forgot_phone_enable && $forgot_phone_email_enable && $second_factor == 'OTP OVER EMAIL'){
200
  $customer = new Customer_Setup();
201
  $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
202
+
203
+ $mo2fa_login_message = '';
204
+ $mo2f_login_status = '' ;
205
+
206
  if(strcasecmp($content['status'], 'SUCCESS') == 0) {
 
207
  $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
208
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
209
+ $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ;
210
  }else{
211
+ $mo2fa_login_message = 'Error occured while sending OTP over your regsitered email. Please try again.';
212
+ $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;
213
+ }
214
+ $this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
215
+ }else if($forgot_phone_enable && $forgot_phone_kba_enable){
216
+ if(get_user_meta($id,'mo2f_kba_registration_status',true)){
217
+ $this->mo2f_pass2login_kba_verification($current_user->ID, $redirect_to);
218
+ }else{
219
+ $mo2fa_login_message = 'Your KBA is not configured. Please choose other option to procedd further.';
220
+ $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;
221
+ $this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
222
  }
 
 
 
223
  }
224
  }
225
  }
232
  return $error;
233
  }else {
234
  $this->miniorange_pass2login_start_session();
235
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
236
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
237
+ $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
238
  }
239
  }
240
 
245
  $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
246
  return $error;
247
  } else {
248
+
249
  $this->miniorange_pass2login_start_session();
250
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ): null;
251
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
252
+
253
  if(isset($_SESSION[ 'mo2f_current_user' ])){
254
  if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) || MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
255
+ $mo2fa_login_message = 'Please provide both the answers.';
256
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
257
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
258
  }
259
  $otpToken = array();
260
  $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
261
  $otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
262
  $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
263
  $otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
264
+ $check_trust_device = isset($_POST[ 'mo2f_trust_device' ] ) ? $_POST[ 'mo2f_trust_device' ] : 'false';
265
 
266
  $kba_validate = new Customer_Setup();
267
  $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $_SESSION[ 'mo2f-login-transactionId' ], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
268
 
269
  if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
270
+ if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'on'){
271
  try{
272
  mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
273
  }catch(Exception $e){
274
  echo $e->getMessage();
275
  }
276
+ $this->mo2fa_pass2login($redirect_to);
277
  }else{
278
+ $this->mo2fa_pass2login($redirect_to);
279
  }
280
  }else{
281
 
282
+ $mo2fa_login_message = 'The answers you have provided are incorrect.';
283
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
284
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
285
  }
286
  }else{
287
  $this->remove_current_activity();
291
  }
292
 
293
  if(isset($_POST['miniorange_mobile_validation_nonce'])){ /*check mobile validation */
 
294
  $nonce = $_POST['miniorange_mobile_validation_nonce'];
295
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
296
  $error = new WP_Error();
298
  return $error;
299
  } else {
300
  $this->miniorange_pass2login_start_session();
301
+ $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
302
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
303
  $checkMobileStatus = new Two_Factor_Setup();
304
  $content = $checkMobileStatus->check_mobile_status($_SESSION[ 'mo2f-login-transactionId' ]);
305
  $response = json_decode($content, true);
306
  if(json_last_error() == JSON_ERROR_NONE) {
307
  if($response['status'] == 'SUCCESS'){
308
  if(get_option('mo2f_deviceid_enabled')){
309
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
310
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
311
  }else{
312
+ $this->mo2fa_pass2login($redirect_to);
313
  }
314
  }else{
315
  $this->remove_current_activity();
341
  $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
342
  return $error;
343
  } else{
344
+ $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
345
+ $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
346
+ $mo2fa_login_message = '';
347
+
348
+ $this->miniorange_pass2login_start_session();
349
+
350
+ $customer = new Customer_Setup();
351
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
352
+ $id = $current_user->ID;
353
+ if(get_user_meta($id,'mo2f_kba_registration_status',true)){
354
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
355
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
356
+ $pass2fa_login->mo2f_pass2login_kba_verification($id, $redirect_to);
357
+ }else{
358
+ $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
359
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
360
+ unset($_SESSION[ 'mo2f-login-qrCode' ]);
361
+ unset($_SESSION[ 'mo2f-login-transactionId' ]);
362
+ $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
363
+ $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
364
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
365
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
366
  }else{
367
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
368
  }
369
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
 
370
  }
371
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
372
+
373
+ $pass2fa_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
374
  }
375
+ }
376
 
377
  if(isset($_POST['miniorange_softtoken'])){ /*Click on the link of phone is offline */
378
  $nonce = $_POST['miniorange_softtoken'];
384
  $this->miniorange_pass2login_start_session();
385
  unset($_SESSION[ 'mo2f-login-qrCode' ]);
386
  unset($_SESSION[ 'mo2f-login-transactionId' ]);
387
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
388
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the <b>miniOrange Authenticator</b> app.';
389
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
390
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
391
  }
392
  }
393
 
399
  return $error;
400
  } else {
401
  $this->miniorange_pass2login_start_session();
402
+ $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
403
+ $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
404
  $softtoken = '';
405
  if( MO2f_utility::mo2f_check_empty_or_null( $_POST[ 'mo2fa_softtoken' ] ) ) {
406
+ $mo2fa_login_message = 'Please enter OTP to proceed.';
407
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
408
  } else{
409
  $softtoken = sanitize_text_field( $_POST[ 'mo2fa_softtoken' ] );
410
  if(!MO2f_utility::mo2f_check_number_length($softtoken)){
411
+ $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
412
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
413
  }
414
  }
415
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
416
  if(isset($_SESSION[ 'mo2f_current_user' ])){
417
  $customer = new Customer_Setup();
418
  $content ='';
419
+ if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
420
  $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
421
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
422
  $content = json_decode($customer->validate_otp_token( 'SMS', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
423
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
424
  $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
425
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
426
  $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
427
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
428
  $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
429
  }else{
430
  $this->remove_current_activity();
435
 
436
  if(strcasecmp($content['status'], 'SUCCESS') == 0) {
437
  if(get_option('mo2f_deviceid_enabled')){
438
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
439
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
440
  }else{
441
+ $this->mo2fa_pass2login($redirect_to);
442
  }
443
  }else{
444
 
445
+ $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again';
446
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $message, $redirect_to);
447
  }
448
 
449
  }else{
461
  return $error;
462
  } else {
463
  $this->miniorange_pass2login_start_session();
464
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
465
  delete_user_meta($current_user->ID,'mo2f_selected_2factor_method');
466
  $this->mo2fa_pass2login();
467
  }
468
  }
469
 
470
+ if (isset($_POST['miniorange_attribute_collection_nonce'])){ /*Handling Rba Attributes from other plugins */
471
+ $nonce = $_POST['miniorange_attribute_collection_nonce'];
472
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
473
  $error = new WP_Error();
474
  $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
475
  return $error;
476
  } else {
477
  $this->miniorange_pass2login_start_session();
478
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
479
+ $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
480
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
481
+ $this->miniorange_initiate_2nd_factor($current_user, $attributes, $redirect_to);
 
 
482
  }
483
  }
484
  }
485
 
486
 
487
 
488
+ function mo2f_collect_device_attributes_for_authenticated_user($currentuser, $redirect_to = null){
489
+ if(get_option('mo2f_deviceid_enabled')){
490
+ $this->miniorange_pass2login_start_session();
491
+ $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
492
+ mo2f_collect_device_attributes_handler($redirect_to);
493
+ exit;
494
+ }else {
495
+ $this->miniorange_initiate_2nd_factor($currentuser, null, $redirect_to);
496
+ }
497
+ }
498
+
499
+ function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
500
+ $currentuser = wp_authenticate_username_password($user, $username, $password);
501
+ if (is_wp_error($currentuser)) {
502
+ return $currentuser;
503
+ }else{
504
+
505
+ $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
506
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
507
+ $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
508
+ }
509
+ }
510
+
511
+ function miniorange_initiate_2nd_factor($currentuser, $attributes=null, $redirect_to=null){
512
 
513
+ if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
514
+ return $currentuser;
515
+ } else {
516
+ $this->miniorange_pass2login_start_session();
517
+ $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
518
+ $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
519
+
520
+ $current_roles = miniorange_get_user_role($currentuser);
521
+ $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
522
+
523
+ if($enabled){
524
+ $email = get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true);
525
+ if( $email && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
526
+ try{
527
+ $mo2f_rba_status = mo2f_collect_attributes($email,stripslashes($attributes)); // Rba flow
528
+ $_SESSION[ 'mo2f_rba_status' ] = $mo2f_rba_status;
529
+ }catch(Exception $e){
530
+ echo $e->getMessage();
531
+ }
532
+
533
+ if($mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag']){
534
+ $this->mo2fa_pass2login($redirect_to);
535
+ }else{
536
+ if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($currentuser->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
537
+ $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
538
+ }else{
539
+ $mo2f_second_factor = mo2f_get_user_2ndfactor($currentuser);
540
+ if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
541
+ $this->mo2f_pass2login_mobile_verification($currentuser, $redirect_to);
542
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
543
+ $this->mo2f_pass2login_push_oobemail_verification($currentuser,$mo2f_second_factor, $redirect_to);
544
+ }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ){
545
+ $this->mo2f_pass2login_otp_verification($currentuser,$mo2f_second_factor, $redirect_to);
546
+ }else if($mo2f_second_factor == 'KBA'){
547
+ $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
548
  }else{
549
+ $this->remove_current_activity();
550
+ $error = new WP_Error();
551
+ $error->add('empty_username', __('<strong>ERROR</strong>: Please try again or contact your admin.'));
552
+ return $error;
 
 
 
553
  }
554
  }
 
 
555
  }
556
+ } else {
557
+ $this->mo2fa_pass2login($redirect_to);
558
  }
559
+
560
+ }else{ //plugin is not activated for current role then logged him in without asking 2 factor
561
+ $this->mo2fa_pass2login($redirect_to);
562
  }
563
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
564
  }
565
 
566
+
567
  function mo_2_factor_enable_jquery_default_login(){
568
  wp_enqueue_script('jquery');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
569
  }
570
 
571
+
572
 
573
+ function miniorange_pass2login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null, $redirect_to=null){
 
 
 
 
 
 
 
 
 
 
 
 
574
 
575
+ $login_status = $mo2fa_login_status;
576
+ $login_message = $mo2fa_login_message;
577
+ $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
578
+ $current_user_id = is_null($current_user) ? null : $current_user->ID;
 
579
  if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
580
+ mo2f_getqrcode($login_status, $login_message, $redirect_to);
581
+ exit;
582
+ }else if($this->miniorange_pass2login_check_otp_status($login_status)){ //for soft-token,otp over email,sms,phone verification,google auth
583
+ mo2f_getotp_form($login_status, $login_message, $redirect_to);
584
+ exit;
585
  }else if($this->miniorange_pass2login_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
586
+ mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to);
587
+ exit;
588
  }else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
589
+ mo2f_getpush_oobemail_response($current_user_id, $login_status, $login_message, $redirect_to);
590
+ exit;
591
  }else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
592
+ mo2f_getkba_form($login_status, $login_message, $redirect_to);
593
+ exit;
594
  }else if($this->miniorange_pass2login_check_trusted_device_status($login_status)){ // trusted device
595
+ mo2f_get_device_form($login_status, $login_message, $redirect_to);
596
+ exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
597
  }else{ //show login screen
 
598
  $this->mo_2_factor_pass2login_show_wp_login_form();
599
  }
600
  }
601
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
602
  function miniorange_pass2login_check_forgotphone_status($login_status){ // after clicking on forgotphone link when both kba and email are configured
603
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL'){
604
+ return true;
 
 
 
 
 
 
 
 
 
 
 
605
  }
606
  return false;
607
  }
609
  function miniorange_pass2login_check_trusted_device_status($login_status){
610
 
611
  if($login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE'){
612
+ return true;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
613
  }
614
  return false;
615
  }
616
 
617
  function miniorange_pass2login_check_push_oobemail_status($login_status){ // for push and out of and email
618
  if($login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL'){
619
+ return true;
 
 
 
 
 
 
 
 
 
 
 
 
620
  }
621
  return false;
622
  }
623
 
624
+ function miniorange_pass2login_check_otp_status($login_status,$sso=false){
625
  if($login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
626
+ return true;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
627
  }
628
  return false;
629
  }
630
 
631
  function miniorange_pass2login_check_mobile_status($login_status){ //mobile authentication
632
  if($login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION'){
633
+ return true;
 
 
 
 
 
 
 
 
 
 
 
634
  }
635
  return false;
636
  }
637
 
638
  function miniorange_pass2login_check_kba_status($login_status){
639
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION'){
640
+ return true;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
641
  }
642
  return false;
643
  }
644
 
645
  function miniorange_pass2login_footer_form(){
 
 
646
  ?>
647
+ <script>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
648
  jQuery(document).ready(function(){
649
  if(document.getElementById('loginform') != null){
650
  jQuery('#loginform').on('submit', function(e){
658
  }
659
  }
660
  });
661
+ </script>
662
+ <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
663
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
664
  }
665
 
666
+ function mo2f_pass2login_otp_verification($user,$mo2f_second_factor, $redirect_to){
667
  if($mo2f_second_factor == 'SOFT TOKEN'){
668
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the <b>miniOrange Authenticator</b> app.';
669
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
670
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
671
  }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
672
+ $mo2fa_login_message = get_user_meta($user->ID,'mo2f_external_app_type',true) == 'AUTHY 2-FACTOR AUTHENTICATION' ? 'Please enter the one time passcode shown in the <b>Authy 2-Factor Authentication</b> app.' : 'Please enter the one time passcode shown in the <b>Google Authenticator</b> app.';
673
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
674
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
675
  }else{
676
  $challengeMobile = new Customer_Setup();
677
  $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), $mo2f_second_factor,get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
679
  if(json_last_error() == JSON_ERROR_NONE) {
680
  if($response['status'] == 'SUCCESS'){
681
  $message = $mo2f_second_factor == 'SMS' ? 'The OTP has been sent to '. MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . '. Please enter the OTP you received to Validate.' : 'You will receive phone call on ' . MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . ' with OTP. Please enter the OTP to Validate.';
682
+
683
  $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
684
+
685
+ $mo2fa_login_message = $message;
686
+ $mo2fa_login_status = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
687
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
688
  }else{
689
+ $message = $mo2f_second_factor == 'SMS' ? $response['message'] . ' You can click on <b>Forgot your phone</b> link to login via alternate method.' : 'We are unable to send the OTP via phone call on your registered phone. You can click on <b>Forgot your phone</b> link to receive OTP to your registered email.';
690
+
691
  $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
692
+
693
+ $mo2fa_login_message = $message;
694
+ $mo2fa_login_status = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
695
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
696
  }
697
  }else{
698
  $this->remove_current_activity();
703
  }
704
  }
705
 
706
+ function mo2f_pass2login_push_oobemail_verification($user,$mo2f_second_factor, $redirect_to){
707
  $challengeMobile = new Customer_Setup();
708
  $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true),$mo2f_second_factor ,get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
709
  $response = json_decode($content, true);
710
  if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
711
  if($response['status'] == 'SUCCESS'){
712
  $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
713
+
714
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true)) . '. We are waiting for your approval.';
715
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
716
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
717
  }else if($response['status'] == 'ERROR' || $response['status'] == 'FAILED' ){
718
  $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
719
+
720
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
721
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
722
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
723
  }
724
  }else{
725
  $this->remove_current_activity();
729
  }
730
  }
731
 
732
+ function mo2f_pass2login_kba_verification($user_id, $redirect_to){
733
  $challengeKba = new Customer_Setup();
734
+ $content = $challengeKba->send_otp_token(get_user_meta($user_id,'mo_2factor_map_id_with_email',true), 'KBA',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
735
  $response = json_decode($content, true);
736
  if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
737
  if($response['status'] == 'SUCCESS'){
740
  $questions[0] = $response['questions'][0]['question'];
741
  $questions[1] = $response['questions'][1]['question'];
742
  $_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
743
+
744
+ $mo2fa_login_message = 'Please answer the following questions:';
745
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
746
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
747
  }else if($response['status'] == 'ERROR'){
748
  $this->remove_current_activity();
749
  $error = new WP_Error();
758
  }
759
  }
760
 
761
+ function mo2f_pass2login_mobile_verification($user, $redirect_to){
762
  $useragent = $_SERVER['HTTP_USER_AGENT'];
763
  if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
764
  unset($_SESSION[ 'mo2f-login-qrCode' ]);
765
  unset($_SESSION[ 'mo2f-login-transactionId' ]);
766
+
767
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the <b>miniOrange Authenticator</b> app.';
768
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
769
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
770
  }else{
771
  $challengeMobile = new Customer_Setup();
772
  $content = $challengeMobile->send_otp_token(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true), 'MOBILE AUTHENTICATION',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
775
  if($response['status'] == 'SUCCESS'){
776
  $_SESSION[ 'mo2f-login-qrCode' ] = $response['qrCode'];
777
  $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
778
+
779
+ $mo2fa_login_message = '';
780
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
781
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
782
  }else if($response['status'] == 'ERROR'){
783
  $this->remove_current_activity();
784
  $error = new WP_Error();
798
  function mo_2_factor_pass2login_show_wp_login_form(){
799
  ?>
800
  <p><input type="hidden" name="miniorange_login_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-nonce'); ?>" />
801
+ <a href="http://miniorange.com/cloud-identity-broker-service" style="display:none;"></a>
802
+ <a href="http://miniorange.com/strong_auth" style="display:none;"></a>
803
+ <a href="http://miniorange.com/single-sign-on-sso" style="display:none;"></a>
804
+ <a href="http://miniorange.com/fraud" style="display:none;"></a>
805
  </p>
806
+
807
  <?php
808
  if(get_option('mo2f_deviceid_enabled')){
809
  ?>
820
  wp_enqueue_script( 'miniorange_script', plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ));
821
  }
822
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
823
  }
824
  ?>
class-miniorange-2-factor-user-registration.php CHANGED
@@ -30,7 +30,7 @@ class Miniorange_User_Register{
30
  }
31
 
32
  function plugin_settings_style() {
33
- wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.1.3', __FILE__));
34
  }
35
 
36
  function mo_auth_success_message() {
30
  }
31
 
32
  function plugin_settings_style() {
33
+ wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.4', __FILE__));
34
  }
35
 
36
  function mo_auth_success_message() {
class-rba-attributes.php CHANGED
@@ -52,6 +52,8 @@ class Miniorange_Rba_Attributes{
52
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
53
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
54
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
55
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
56
 
57
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -103,7 +105,10 @@ class Miniorange_Rba_Attributes{
103
  curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
104
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
105
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
 
106
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
107
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
108
 
109
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -155,6 +160,8 @@ class Miniorange_Rba_Attributes{
155
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
156
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
157
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
158
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
159
 
160
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -204,6 +211,8 @@ class Miniorange_Rba_Attributes{
204
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
205
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
206
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
207
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
208
 
209
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -254,6 +263,8 @@ class Miniorange_Rba_Attributes{
254
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
255
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
256
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
257
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
258
 
259
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -306,6 +317,8 @@ class Miniorange_Rba_Attributes{
306
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
307
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
308
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
309
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
310
 
311
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
52
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
53
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
54
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
55
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
56
+
57
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
58
 
59
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
105
  curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
106
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
107
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
108
+
109
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
110
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
111
+
112
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
113
 
114
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
160
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
161
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
162
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
163
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
164
+
165
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
166
 
167
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
211
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
212
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
213
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
214
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
215
+
216
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
217
 
218
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
263
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
264
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
265
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
266
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
267
+
268
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
269
 
270
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
317
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
318
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
319
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
320
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
321
+
322
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
323
 
324
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
class-two-factor-setup.php CHANGED
@@ -62,6 +62,8 @@ class Two_Factor_Setup{
62
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
63
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
64
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
65
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
66
 
67
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -121,6 +123,8 @@ class Two_Factor_Setup{
121
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
122
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
123
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
124
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
125
 
126
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -179,6 +183,8 @@ class Two_Factor_Setup{
179
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
180
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
181
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
182
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
183
 
184
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -238,6 +244,8 @@ class Two_Factor_Setup{
238
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
239
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
240
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
241
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
242
 
243
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -295,6 +303,8 @@ class Two_Factor_Setup{
295
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
296
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
297
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
298
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
299
 
300
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -357,6 +367,8 @@ class Two_Factor_Setup{
357
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
358
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
359
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
360
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
361
 
362
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
@@ -409,6 +421,8 @@ class Two_Factor_Setup{
409
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
410
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
411
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
 
 
412
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
413
 
414
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
62
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
63
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
64
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
65
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
66
+
67
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
68
 
69
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
123
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
124
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
125
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
126
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
127
+
128
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
129
 
130
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
183
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
184
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
185
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
186
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
187
+
188
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
189
 
190
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
244
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
245
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
246
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
247
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
248
+
249
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
250
 
251
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
303
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
304
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
305
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
306
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
307
+
308
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
309
 
310
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
367
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
368
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
369
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
370
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
371
+
372
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
373
 
374
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
421
  curl_setopt( $ch, CURLOPT_ENCODING, "" );
422
  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
423
  curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
424
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false);
425
+
426
  curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
427
 
428
  curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
includes/css/bootstrap.min.css CHANGED
@@ -361,7 +361,7 @@ button.mo2f_close {
361
  right: 0;
362
  bottom: 0;
363
  left: 0;
364
- z-index: 100000 !important;
365
  display: none;
366
  overflow: hidden !important;
367
  -webkit-overflow-scrolling: touch;
@@ -443,7 +443,7 @@ button.mo2f_close {
443
  }
444
 
445
  .mo2f_modal-body {
446
- width:96% !important;
447
  position: relative !important;
448
  padding: 15px !important;
449
  overflow-y:auto !important;
@@ -490,7 +490,7 @@ button.mo2f_close {
490
  width: 300px
491
  }
492
  .mo2f_modal-md{
493
- width: 500px
494
  }
495
  }
496
 
@@ -499,7 +499,7 @@ button.mo2f_close {
499
  width: 900px;
500
  }
501
  .mo2f_modal-md{
502
- width: 500px
503
  }
504
  }
505
 
@@ -507,3 +507,8 @@ button.mo2f_close {
507
 
508
  text-align: center !important;
509
  }
 
 
 
 
 
361
  right: 0;
362
  bottom: 0;
363
  left: 0;
364
+ z-index: 100000 !important;
365
  display: none;
366
  overflow: hidden !important;
367
  -webkit-overflow-scrolling: touch;
443
  }
444
 
445
  .mo2f_modal-body {
446
+ //width:96% !important;
447
  position: relative !important;
448
  padding: 15px !important;
449
  overflow-y:auto !important;
490
  width: 300px
491
  }
492
  .mo2f_modal-md{
493
+ width: 550px
494
  }
495
  }
496
 
499
  width: 900px;
500
  }
501
  .mo2f_modal-md{
502
+ width: 550px
503
  }
504
  }
505
 
507
 
508
  text-align: center !important;
509
  }
510
+ #otpMessage{
511
+ border-radius: 4px;
512
+ padding: 1px 5px;
513
+ background: rgba(1, 145, 191, 0.117647);
514
+ }
includes/css/front_end_login.css CHANGED
@@ -62,12 +62,24 @@
62
  .mo_green{
63
  background:green !important;
64
  border-color:green !important;
65
- width:37% !important;
 
 
 
 
 
 
66
  }
67
  .mo_red{
68
  background:rgb(247, 38, 38) !important;
69
  border-color:rgb(247, 38, 38) !important;
70
- width:37% !important;
 
 
 
 
 
 
71
  }
72
 
73
 
62
  .mo_green{
63
  background:green !important;
64
  border-color:green !important;
65
+ width:26% !important;
66
+ border-width: 1px;
67
+ vertical-align: middle !important;
68
+ border-radius: 3px !important;
69
+ color: white;
70
+ height: 30px;
71
+ cursor:pointer;
72
  }
73
  .mo_red{
74
  background:rgb(247, 38, 38) !important;
75
  border-color:rgb(247, 38, 38) !important;
76
+ width:26% !important;
77
+ border-width: 1px;
78
+ vertical-align: middle !important;
79
+ border-radius: 3px !important;
80
+ color: white;
81
+ height: 30px;
82
+ cursor:pointer;
83
  }
84
 
85
 
includes/css/hide-login-form.css CHANGED
@@ -38,4 +38,11 @@ body.login div#login div#login_error1{
38
  input.button-add{
39
  background: #00a0d2 url(../../includes/images/mo_white_logo.png) no-repeat 10px center !important;
40
  background-size: 16px !important;
 
 
 
 
 
 
 
41
  }
38
  input.button-add{
39
  background: #00a0d2 url(../../includes/images/mo_white_logo.png) no-repeat 10px center !important;
40
  background-size: 16px !important;
41
+ border-color: #00a0d2;
42
+ border-width: 0px;
43
+ vertical-align: middle !important;
44
+ border-radius: 3px !important;
45
+ color: white;
46
+ height: 30px;
47
+ cursor:pointer;
48
  }
includes/css/style_settings.css CHANGED
@@ -208,7 +208,7 @@ margin-left:20.5%;
208
  }
209
 
210
  .mo2f_td_show{
211
- display:grid !important;
212
  }
213
 
214
  .mo2f_td_hide{
208
  }
209
 
210
  .mo2f_td_show{
211
+ display:table-cell;
212
  }
213
 
214
  .mo2f_td_hide{
includes/images/miniOrange2.png CHANGED
Binary file
miniorange_2_factor_common_login.php CHANGED
@@ -1,14 +1,82 @@
1
  <?php
2
- function redirect_user_to($user){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  $roles = $user->roles;
4
- $current_role = array_shift($roles);
 
5
  if($current_role == 'administrator'){
6
- wp_redirect( admin_url() );
 
7
  }else{
8
- wp_redirect( home_url());
 
9
  }
10
  }
11
 
 
 
12
  function mo2f_register_profile($email,$deviceKey,$mo2f_rba_status){
13
 
14
  if(isset($deviceKey) && $deviceKey == 'true'){
@@ -98,42 +166,84 @@
98
  return $mo2f_second_factor;
99
  }
100
 
101
- function mo2f_get_forgotphone_form(){
102
- $random_mo_key = get_option('mo2f_new_customer');
103
- $message = $random_mo_key ? 'Please select the option and click on Continue button' : 'Please choose from below options:';
104
- ?>
105
- <div class="miniorange_soft_auth">
106
-
107
- <div class="miniorange-inner-login-container">
108
 
109
- <h3 class="mo_header_background">How would you like to authenticate yourself</h3>
110
- <br>
111
- <div style="padding-left:10px;padding-right:10px;"><?php echo isset($_SESSION['mo2f-login-message']) ? $_SESSION['mo2f-login-message'] : '';?></div>
112
- <p style="padding-left:10px;padding-right:10px;"><?php echo $message; ?></p><br/>
113
- <div style="padding-left:40px;padding-right:40px;">
114
- <?php if(!$random_mo_key){ ?>
115
- <input type="radio" name="mo2f_selected_forgotphone_option" value="OTP OVER EMAIL" checked="ckecked" />Send a one time passcode to my registered email<br /><br />
116
- <?php } ?>
117
- <input type="radio" name="mo2f_selected_forgotphone_option" value="KBA" />Answer your Security Questions (KBA)
118
 
119
- <br /><br />
120
- <input type="button" name="miniorange_validtae_otp" style="float:right;" value="Continue" class="miniorange-button" onclick="mo2fselectforgotphoneoption();" />
121
-
122
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
123
- </div>
124
- <br><br>
125
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
126
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
127
- <?php }?>
128
 
129
- </div>
 
 
130
 
 
131
 
132
-
133
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
134
  <script>
135
- jQuery("div#login").hide();
136
- jQuery("body.login div#login").before(jQuery('.miniorange_soft_auth'));
137
  function mologinback(){
138
  jQuery('#mo2f_backto_mo_loginform').submit();
139
  }
@@ -143,183 +253,228 @@
143
  jQuery('#mo2f_challenge_forgotphone_form').submit();
144
  }
145
  </script>
146
- <?php }
 
147
 
148
- function mo2f_getkba_form(){
149
  ?>
150
- <div class="miniorange_kba_page">
151
- <center>
152
- <div id="mo_2_factor_kba_page" class="miniorange-inner-kba-login-container">
153
- <span><h2 class="mo_header_background">Validate Security Questions</h2></span>
154
- <div id="kbaSection" style="padding:30px;">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
155
 
156
- <div id="mo_kba_title" style="padding-bottom:20px;">
157
- <h3><?php echo isset($_SESSION['mo2f-login-message']) ? $_SESSION['mo2f-login-message'] : 'Please answer the following questions:'; ?></h3>
158
- </div>
159
- <div id="mo2f_kba_content" style="text-align:left">
160
- <h4><?php if(isset($_SESSION['mo_2_factor_kba_questions'])){
161
- echo $_SESSION['mo_2_factor_kba_questions'][0];
162
- ?></h4>
163
- <input type="text" name="mo2f_answer_1" id="mo2f_answer_1" required="true" autofocus="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed." class="mo2f_kba_textbox" autocomplete="off">
164
- <h4><?php
165
- echo $_SESSION['mo_2_factor_kba_questions'][1];
166
- ?></h4>
167
- <input class="mo2f_kba_textbox" type="text" name="mo2f_answer_2" id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed." autocomplete="off" >
168
- <?php
169
- }
170
- ?>
171
- </div>
172
- <div>
173
- <?php if(get_option('mo2f_login_policy')){
174
- if(get_option('mo2f_deviceid_enabled')){
175
- ?>
176
- <span style="padding-right:80px;"><input type="checkbox" name="miniorange_remember_device" id="miniorange_remember_device" />Remember this device.</span>
177
- <?php
178
- }else{
179
- ?>
180
- <input type="checkbox" name="miniorange_remember_device" id="miniorange_remember_device" style="display:none;" />
181
- <?php
182
- }
183
- }else{
184
- ?>
185
- <input type="checkbox" name="miniorange_remember_device" id="miniorange_remember_device" style="display:none;" />
186
- <?php
187
- }
188
- ?>
189
- <input type="button" name="miniorange_kba_validate" onclick="mo2f_validate_kba();" id="miniorange_kba_validate" class="miniorange-button" style="float:right;" value="Validate" />
190
 
191
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
192
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
193
  </div>
194
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
195
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
196
- <?php }?>
197
  </div>
198
- </center>
199
  </div>
 
 
 
 
 
 
200
  <script>
201
- jQuery("div#login").hide();
202
- jQuery("body.login div#login").before(jQuery('.miniorange_kba_page'));
203
  function mologinback(){
204
  jQuery('#mo2f_backto_mo_loginform').submit();
205
- }
206
- function mo2f_validate_kba(){
207
- var ans1 = jQuery('#mo2f_answer_1').val();
208
- var ans2 = jQuery('#mo2f_answer_2').val();
209
- var check = jQuery('#miniorange_remember_device').prop('checked');
210
- document.getElementById("mo2f_submitkba_loginform").elements[0].value = ans1;
211
- document.getElementById("mo2f_submitkba_loginform").elements[1].value = ans2;
212
- document.getElementById("mo2f_submitkba_loginform").elements[2].value = check;
213
- jQuery('#mo2f_submitkba_loginform').submit();
214
  }
 
215
 
216
- jQuery('#mo2f_answer_2').keypress(function(e){
217
- if(e.which == 13){//Enter key pressed
218
- e.preventDefault();
219
- mo2f_validate_kba();
220
- }
221
- });
222
  </script>
223
  <?php
224
  }
225
 
226
- function mo2f_getpush_oobemail_response($id){
227
  ?>
228
- <div class="miniorange_push_oobemail_auth">
229
- <center>
230
- <div class="mo2fa_push_messages_container" id="otpMessage" >
231
- <p class='mo2fa_display_message'><?php echo $_SESSION['mo2f-login-message']; ?></p>
232
- </div>
233
- </center><br/>
234
-
235
- <div id="mo_2_factor_push_page" class="miniorange-inner-push-login-container">
236
- <div id="pushSection">
237
- <br>
238
- <center><a href="#showPushHelp" id="pushHelpLink"><h3>See How It Works ?</h3></a></center>
239
- <div style="margin-bottom:10%;padding-top:6%;">
240
- <center>
241
- <h3>Waiting for your approval...</h3>
242
- </center>
243
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
244
 
245
- <div id="showPushImage" style="margin-bottom:10%;">
246
- <center>
247
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ );?>" />
248
- </center>
249
- </div>
250
 
251
- <span style="padding-right:2%;">
252
- <?php if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS'){ ?>
253
- <center>
254
- <?php if(get_option('mo2f_enable_forgotphone')){ ?>
255
- <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="miniorange-button" value="Forgot Phone?" />
256
- <?php } ?>
257
 
258
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();" id="miniorange_login_offline" class="miniorange-button" value="Phone is Offline?" /></center>
259
 
260
- <?php }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && get_user_meta($id,'mo2f_kba_registration_status',true)){ ?>
261
- <center><a href="#mo2f_alternate_login_kba" ><h3>Didn't receive mail?</h3></a></center>
262
- <?php }
263
- ?>
264
- </span>
265
- <div><center><input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" /></center></div>
266
- <br />
267
-
268
- </div>
269
- <div id="showPushHelp" class="showPushHelp" hidden>
270
- <br>
271
- <center><a href="#showPushHelp" id="pushLink"><h3>←Go Back.</h3></a>
272
- <br>
273
- <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
274
- <ol class="mo2f_carousel-indicators">
275
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
276
- <li data-target="#myCarousel" data-slide-to="1"></li>
277
- <li data-target="#myCarousel" data-slide-to="2"></li>
278
- </ol>
279
- <div class="mo2f_carousel-inner" role="listbox">
280
- <?php if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL') { ?>
281
- <div class="item active">
282
-
283
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-1.png" alt="First slide">
284
  </div>
285
- <div class="item">
286
- <p>Click on Accept Transaction link to verify your email .</p><br>
287
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-2.png" alt="First slide">
288
-
289
- </div>
290
- <div class="item">
291
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-3.png" alt="First slide">
292
- </div>
293
- <?php } else { ?>
294
- <!-- Indicators -->
295
-
296
-
297
- <div class="item active">
298
- <p>You will receive a notification on your phone.</p><br>
299
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow.png" alt="First slide">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
300
  </div>
301
- <div class="item">
302
- <p>Open the notification and click on accept button.</p><br>
303
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow-1.png" alt="First slide">
304
-
305
- </div>
306
- <div class="item">
307
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow-2.png" alt="First slide">
308
- </div>
309
- <?php } ?>
310
- </div>
311
  </div>
312
- </center>
313
  </div>
314
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
315
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
316
- <?php }?>
317
- </div>
318
- </div>
319
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
320
  <script>
321
- jQuery("div#login").hide();
322
- jQuery("body.login div#login").before(jQuery('.miniorange_push_oobemail_auth'));
323
  var timeout;
324
  pollPushValidation();
325
  function pollPushValidation()
@@ -350,115 +505,143 @@
350
  jQuery('#pushHelpLink').click(function() {
351
  jQuery('#showPushHelp').show();
352
  jQuery('#pushSection').hide();
353
-
354
  jQuery('#myCarousel').carousel(0);
355
  });
356
  jQuery('#pushLink').click(function() {
357
  jQuery('#showPushHelp').hide();
358
  jQuery('#pushSection').show();
 
359
  jQuery('#myCarousel').carousel('pause');
360
  });
361
  function mologinback(){
362
  jQuery('#mo2f_backto_mo_loginform').submit();
363
- }
364
- function mologinoffline(){
365
  jQuery('#mo2f_show_softtoken_loginform').submit();
366
- }
367
- function mologinforgotphone(){
368
- jQuery('#mo2f_show_forgotphone_loginform').submit();
369
- }
370
- function mologinforgotphone(){
371
  jQuery('#mo2f_show_forgotphone_loginform').submit();
372
- }
373
- jQuery('a[href=\"#mo2f_alternate_login_kba\"]').click(function() {
374
  jQuery('#mo2f_alternate_login_kbaform').submit();
375
- });
376
 
377
- </script>
378
- <?php
379
- }
 
380
 
381
- function mo2f_getqrcode(){
382
- ?>
383
- <div class="miniorange_mobile_auth">
384
- <?php if(isset($_SESSION['mo2f-login-message']) && $_SESSION['mo2f-login-message'] == 'Error:OTP over Email'){ ?>
385
- <center>
386
- <div class="mo2fa_messages_container" id="otpMessage">
387
- <p class='mo2fa_display_message'><?php echo 'Error occurred while sending OTP over email. Please try again.'; ?></p>
388
- </div></center><br />
389
- <?php } ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
390
 
391
- <div id="mo_2_factor_qr_code_page" class="miniorange-inner-login-container">
392
- <div id="scanQRSection">
393
- <br>
394
- <center><a href="#showQRHelp" id="helpLink"><h3>See How It Works ?</h3></a></center>
395
- <div style="margin-bottom:10%;padding-top:6%;">
396
- <center>
397
- <h3>Identify yourself by scanning the QR code with miniOrange Authenticator app.</h3>
398
- </center></div>
399
-
400
- <div id="showQrCode" style="margin-bottom:10%;"><center> <?php echo '<img src="data:image/jpg;base64,' . $_SESSION[ 'mo2f-login-qrCode' ] . '" />'; ?>
401
- </center>
402
- </div>
403
-
404
 
405
- <span style="padding-right:2%;">
406
-
407
- <center>
408
- <?php if(get_option('mo2f_enable_forgotphone')){ ?>
409
- <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="miniorange-button" style="margin-right:5%;" value="Forgot Phone?" />
410
- <?php } ?>
411
-
412
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();" id="miniorange_login_offline" class="miniorange-button" value="Phone is Offline?" /></center></span>
 
413
 
414
- <div><center><input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" /></center></div>
415
- <br />
416
-
417
- </div>
418
- <div id="showQRHelp" class="showQRHelp" hidden>
419
- <br>
420
- <center><a href="#showQRHelp" id="qrLink"><h3>←Back to Scan QR Code.</h3></a>
421
- <br>
422
- <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
423
- <!-- Indicators -->
424
- <ol class="mo2f_carousel-indicators">
425
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
426
- <li data-target="#myCarousel" data-slide-to="1"></li>
427
- <li data-target="#myCarousel" data-slide-to="2"></li>
428
- <li data-target="#myCarousel" data-slide-to="3"></li>
429
- <li data-target="#myCarousel" data-slide-to="4"></li>
430
- </ol>
431
- <div class="mo2f_carousel-inner" role="listbox">
432
- <div class="item active">
433
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-1.png" alt="First slide">
434
  </div>
435
- <div class="item">
436
- <p>Open miniOrange Authenticator app and click on Authenticate.</p><br>
437
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-2.png" alt="First slide">
438
-
439
- </div>
440
- <div class="item">
441
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-3.png" alt="First slide">
442
- </div>
443
- <div class="item">
444
- <img class="first-slide" src="https://auth.miniorange.com/moas//images/help/qr-help-4.png" alt="First slide">
445
- </div>
446
- <div class="item">
447
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-5.png" alt="First slide">
448
- </div>
449
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
450
  </div>
451
- </center>
452
  </div>
453
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
454
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
455
- <?php }?>
456
  </div>
457
- </div>
458
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
459
  <script>
460
- jQuery("div#login").hide();
461
- jQuery("body.login div#login").before(jQuery('.miniorange_mobile_auth'));
462
  var timeout;
463
  pollMobileValidation();
464
  function pollMobileValidation()
@@ -511,144 +694,173 @@
511
  function mologinforgotphone(){
512
  jQuery('#mo2f_show_forgotphone_loginform').submit();
513
  }
514
- </script>
515
- <?php
516
- }
517
-
518
- function mo2f_getotp_form(){
519
- ?> <div class="miniorange_soft_auth">
520
- <center>
521
- <div id="otpMessage" class="mo2fa_otp_messages_container">
522
- <p class='mo2fa_display_message' ><?php echo $_SESSION['mo2f-login-message']; ?></p>
523
- </div>
524
- </center>
525
- <br>
526
- <div id="mo_2_factor_soft_token_page" class="miniorange-inner-login-container" >
527
- <div id="showOTP">
528
- <br />
529
- <?php if($_SESSION[ 'mo_2factor_login_status' ] != 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){ ?>
530
- <center><a href="#showOTPHelp" id="otpHelpLink"><h3>See How It Works ?</h3></a></center>
531
- <?php } ?>
532
- <br />
533
-
534
- <div id="displaySoftToken"><center><input type="text" name="mo2fa_softtokenkey" style="width:75%;" placeholder="Enter one time passcode" id="mo2fa_softtokenkey" required="true" autofocus="true" pattern="[0-9]{4,8}" title="Only digits within range 4-8 are allowed."/></center></div>
535
-
536
- <span><input type="button" name="miniorange_soft_token_submit" onclick="mootploginsubmit();" id="miniorange_soft_token_submit" class="miniorange-button" style="margin-left:12%;width:300px;" value="Validate" />
537
- <br /><br />
538
-
539
- <?php if(get_option('mo2f_enable_forgotphone') && isset($_SESSION[ 'mo_2factor_login_status' ] ) && $_SESSION[ 'mo_2factor_login_status' ] != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
540
- <input type="button" name="miniorange_login_forgotphone" style="width:139px;margin-left:21px;" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="button-green" value="Forgot Phone ?" />
541
- <?php } ?>
542
- <input type="button" name="miniorange_login_back" onclick="mologinback();" style="float:right;margin-right:50px;" id="miniorange_login_back" class="button-green" value="←Back To Login"/>
543
-
544
- </span><br><br>
545
- </div>
546
- <div id="showOTPHelp" class="showOTPHelp" hidden>
547
- <br>
548
- <center><a href="#showOTP" id="otpLink"><h3>←Go Back</h3></a>
549
- <br>
550
- <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
551
- <!-- Indicators -->
552
-
553
- <?php if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){ ?>
554
- <ol class="mo2f_carousel-indicators">
555
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
556
- <li data-target="#myCarousel" data-slide-to="1"></li>
557
- <li data-target="#myCarousel" data-slide-to="2"></li>
558
- <li data-target="#myCarousel" data-slide-to="3"></li>
559
-
560
- </ol>
561
- <div class="mo2f_carousel-inner" role="listbox">
562
-
563
-
564
- <div class="item active">
565
- <p>Open miniOrange Authenticator app and click on settings icon on top right corner.</p><br>
566
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-2.png" alt="First slide">
567
- </div>
568
- <div class="item">
569
- <p>Click on Sync button below to sync your time with miniOrange Servers. This is a one time sync to avoid otp validation failure.</p><br>
570
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-3.png" alt="First slide">
571
- </div>
572
- <div class="item">
573
- <p>Go to Soft Token tab.</p><br>
574
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-2.png" alt="First slide">
575
- </div>
576
- <div class="item">
577
- <p>Enter the one time passcode shown in miniOrange Authenticator app here.</p><br>
578
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-4.png" alt="First slide">
579
- </div>
580
  </div>
581
- <?php } else if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') { ?>
582
- <ol class="mo2f_carousel-indicators">
583
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
584
- <li data-target="#myCarousel" data-slide-to="1"></li>
585
- <li data-target="#myCarousel" data-slide-to="2"></li>
586
-
587
- </ol>
588
- <div class="mo2f_carousel-inner" role="listbox">
589
- <div class="item active">
590
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-1.png" alt="First slide">
591
- </div>
592
- <div class="item">
593
- <p>Check your email with which you registered and copy the one time passcode.</p><br>
594
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-2.png" alt="First slide">
595
- </div>
596
- <div class="item">
597
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-3.png" alt="First slide">
598
- </div>
599
- </div>
600
- <?php } else if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') { ?>
601
- <ol class="mo2f_carousel-indicators">
602
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
603
- <li data-target="#myCarousel" data-slide-to="1"></li>
604
- <li data-target="#myCarousel" data-slide-to="2"></li>
605
-
606
- </ol>
607
- <div class="mo2f_carousel-inner" role="listbox">
608
- <div class="item active">
609
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-1.png" alt="First slide">
610
- </div>
611
- <div class="item">
612
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-2.png" alt="First slide">
613
- </div>
614
- <div class="item">
615
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-3.png" alt="First slide">
616
- </div>
617
- </div>
618
- <?php } else { ?>
619
- <!-- phone call verification -->
620
- <ol class="mo2f_carousel-indicators">
621
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
622
- <li data-target="#myCarousel" data-slide-to="1"></li>
623
-
624
-
625
- </ol>
626
- <div class="mo2f_carousel-inner" role="listbox">
627
- <div class="item active">
628
- <p>You will receive a phone call. Pick up the call and listen to the one time passcode carefully. </p>
629
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/phone-call-login-flow-2.png" alt="First slide">
630
  </div>
631
- <div class="item">
632
- <p>Enter the one time passcode here and click on validate button to login.</p><br>
633
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/phone-call-login-flow.png" alt="First slide">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
634
  </div>
635
-
636
- </div>
637
- <?php } ?>
638
-
639
  </div>
640
- </div>
641
-
642
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
643
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
644
- <?php }?>
645
  </div>
646
-
647
- </div>
 
 
 
 
 
 
 
 
 
648
  <script>
649
-
650
- jQuery("div#login").hide();
651
- jQuery('#otpHelpLink').click(function() {
652
  jQuery('#showOTPHelp').show();
653
  jQuery('#showOTP').hide();
654
  jQuery('#otpMessage').hide();
@@ -658,103 +870,99 @@
658
  jQuery('#showOTP').show();
659
  jQuery('#otpMessage').show();
660
  });
661
- jQuery("body.login div#login").before(jQuery('.miniorange_soft_auth'));
662
  function mologinback(){
663
  jQuery('#mo2f_backto_mo_loginform').submit();
664
  }
665
  function mologinforgotphone(){
666
  jQuery('#mo2f_show_forgotphone_loginform').submit();
667
  }
668
- function mootploginsubmit(){
669
- var otpkey = jQuery('#mo2fa_softtokenkey').val();
670
- document.getElementById("mo2f_submitotp_loginform").elements[0].value = otpkey;
671
- jQuery('#mo2f_submitotp_loginform').submit();
672
-
673
- }
674
-
675
- jQuery('#mo2fa_softtokenkey').keypress(function(e){
676
- if(e.which == 13){//Enter key pressed
677
- e.preventDefault();
678
- var otpkey = jQuery('#mo2fa_softtokenkey').val();
679
- document.getElementById("mo2f_submitotp_loginform").elements[0].value = otpkey;
680
- jQuery('#mo2f_submitotp_loginform').submit();
681
- }
682
-
683
- });
684
-
685
-
686
-
687
  </script>
 
 
688
  <?php
689
  }
 
690
 
691
- function mo2f_get_device_form(){
692
- ?>
693
- <div class="miniorange_trust_device">
694
-
695
- <div id="mo_2_factor_push_page" class="miniorange-inner-push-login-container">
696
- <div id="pushSection">
697
- <span><h2 style="padding:5px;background-color:beige;">Remember Device</h2></span>
698
- <br>
699
- <div id="mo_device_title" style="margin-bottom:10%;padding-top:6%;">
700
- <center>
701
- <h3>Do you want to remember this device?</h3>
702
- </center>
703
- </div>
704
- <br />
705
- <div id="mo2f_device_content">
706
- <center>
707
- <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();" id="miniorange_trust_device_yes" class="miniorange-button mo_green" style="margin-right:5%;" value="Yes" />
708
-
709
- <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();" id="miniorange_trust_device_no" class="miniorange-button mo_red" value="No" />
710
- </center>
711
- </div>
712
- <div id="showLoadingBar" hidden>
713
- <center>
714
- <h3>Please wait...We are taking you into your account.</h3>
715
-
716
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ );?>" />
717
- </center>
718
- </div>
719
- <br /><br />
720
- <center>
721
- <span>
722
- Click on <i><b>Yes</b></i> if this is your personal device.<br />
723
- Click on <i><b>No</b></i> if this is a public device.
724
- </span>
725
- </center>
726
 
727
- <br /><br />
 
 
 
 
 
728
 
729
- <div><center><input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" /></center></div>
730
- <br />
 
 
 
 
731
 
 
 
 
 
 
 
 
732
  </div>
733
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
734
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
735
- <?php }?>
736
  </div>
737
-
738
- </div>
739
- <script>
740
- jQuery("div#login").hide();
741
- jQuery("body.login div#login").before(jQuery('.miniorange_trust_device'));
742
- function mologinback(){
743
- jQuery('#mo2f_backto_mo_loginform').submit();
744
- }
745
- function mo_check_device_confirm(){
746
- jQuery('#mo2f_device_content').hide();
747
- jQuery('#mo_device_title').hide();
748
- jQuery('#showLoadingBar').show();
749
- jQuery('#mo2f_trust_device_confirm_form').submit();
750
- }
751
- function mo_check_device_cancel(){
752
- jQuery('#mo2f_device_content').hide();
753
- jQuery('#mo_device_title').hide();
754
- jQuery('#showLoadingBar').show();
755
- jQuery('#mo2f_trust_device_cancel_form').submit();
756
- }
757
- </script>
758
- <?php
759
- }
 
 
 
 
 
 
760
  ?>
1
  <?php
2
+
3
+ function mo2f_collect_device_attributes_handler($redirect_to = null){
4
+ ?>
5
+ <html>
6
+ <head>
7
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
8
+ <meta name="viewport" content="width=device-width, initial-scale=1">
9
+ <?php
10
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
11
+ ?>
12
+ </head>
13
+ <body>
14
+ <div style="text-align:center;">
15
+ <form id="morba_loginform" method="post" >
16
+ <h1>Please wait...</h1>
17
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ );?>" />
18
+ <?php
19
+ if(get_site_option('mo2f_deviceid_enabled')){
20
+ ?>
21
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value="" /></p>
22
+ <?php
23
+ echo '<script src="' . plugins_url('includes/js/rba/js/jquery-1.9.1.js', __FILE__ ) . '" ></script>';
24
+ echo '<script src="' . plugins_url('includes/js/rba/js/jquery.flash.js', __FILE__ ) . '" ></script>';
25
+ echo '<script src="' . plugins_url('includes/js/rba/js/ua-parser.js', __FILE__ ) . '" ></script>';
26
+ echo '<script src="' . plugins_url('includes/js/rba/js/client.js', __FILE__ ) . '" ></script>';
27
+ echo '<script src="' . plugins_url('includes/js/rba/js/device_attributes.js', __FILE__ ) . '" ></script>';
28
+ echo '<script src="' . plugins_url('includes/js/rba/js/swfobject.js', __FILE__ ) . '" ></script>';
29
+ echo '<script src="' . plugins_url('includes/js/rba/js/fontdetect.js', __FILE__ ) . '" ></script>';
30
+ echo '<script src="' . plugins_url('includes/js/rba/js/murmurhash3.js', __FILE__ ) . '" ></script>';
31
+ echo '<script src="' . plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ) . '" ></script>';
32
+ }
33
+ ?>
34
+ <input type="hidden" name="miniorange_attribute_collection_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-attribute-collection-nonce'); ?>" />
35
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
36
+ </form>
37
+ </div>
38
+ </body>
39
+ </html>
40
+ <?php
41
+ }
42
+
43
+ function miniorange_get_user_role($current_user){
44
+ $current_roles = array();
45
+ $current_roles = $current_user->roles;
46
+ return $current_roles;
47
+ }
48
+
49
+ function miniorange_check_if_2fa_enabled_for_roles($current_roles){
50
+ if(empty($current_roles)){
51
+ return 0;
52
+ }
53
+
54
+ foreach( $current_roles as $value )
55
+ {
56
+ if(get_site_option('mo2fa_'.$value))
57
+ {
58
+ return 1;
59
+ }
60
+ }
61
+ return 0;
62
+ }
63
+
64
+ function redirect_user_to($user, $redirect_to){
65
+
66
  $roles = $user->roles;
67
+ $current_role = array_shift($roles);
68
+ $redirectUrl = isset($redirect_to) && !empty($redirect_to) ? $redirect_to : null;
69
  if($current_role == 'administrator'){
70
+ $redirectUrl = empty($redirectUrl) ? admin_url() : $redirectUrl;
71
+ wp_redirect( $redirectUrl );
72
  }else{
73
+ $redirectUrl = empty($redirectUrl) ? home_url() : $redirectUrl;
74
+ wp_redirect( $redirectUrl);
75
  }
76
  }
77
 
78
+
79
+
80
  function mo2f_register_profile($email,$deviceKey,$mo2f_rba_status){
81
 
82
  if(isset($deviceKey) && $deviceKey == 'true'){
166
  return $mo2f_second_factor;
167
  }
168
 
169
+ function mo2f_customize_logo(){
 
 
 
 
 
 
170
 
171
+ if(get_option('mo2f_disable_poweredby') != 1 ){
 
 
 
 
 
 
 
 
172
 
173
+ if(get_option('mo2f_enable_custom_poweredby')==1) { ?>
174
+
175
+ <div style="float:right;" ><img alt="logo" src="<?php echo plugins_url('/includes/images/custom.png',__FILE__); ?>" /></div>
 
 
 
 
 
 
176
 
177
+ <?php }else { ?>
178
+
179
+ <div style="float:right;" ><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img alt="logo" src="<?php echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>" /></a></div>
180
 
181
+ <?php }
182
 
183
+ }
184
+
185
+ }
186
+
187
+ function mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to){
188
+ ?>
189
+ <html>
190
+ <head>
191
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
192
+ <meta name="viewport" content="width=device-width, initial-scale=1">
193
+ <?php
194
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
195
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
196
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__) . '" />';
197
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.4', __FILE__) . '" />';
198
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.4', __FILE__) . '" />';
199
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.4', __FILE__) . '" />';
200
+ ?>
201
+ </head>
202
+ <body>
203
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
204
+ <div class="mo2f-modal-backdrop"></div>
205
+ <div class="mo2f_modal-dialog mo2f_modal-md">
206
+ <div class="mo2f_modal-content">
207
+ <div class="mo2f_modal-header">
208
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
209
+ How would you like to authenticate yourself</h4>
210
+ </div>
211
+ <div class="mo2f_modal-body">
212
+ <?php if(get_option( 'mo2f_enable_forgotphone' )) {
213
+ if(isset($login_message) && !empty($login_message)){ ?>
214
+ <div id="otpMessage">
215
+ <p class="mo2fa_display_message_frontend" ><?php echo $login_message; ?></p>
216
+ </div>
217
+ <?php } ?>
218
+ <p style="padding-left:10px;padding-right:10px;"><?php echo 'Please choose the options from below:'; ?></p>
219
+ <div style="padding-left:10px;padding-right:40px;">
220
+ <?php if(get_option( 'mo2f_enable_forgotphone_email' )) {?>
221
+ <input type="radio" name="mo2f_selected_forgotphone_option" value="OTP OVER EMAIL" checked="ckecked" />Send a one time passcode to my registered email<br /><br />
222
+ <?php }
223
+ if(get_option( 'mo2f_enable_forgotphone_kba' )) {
224
+ ?>
225
+ <input type="radio" name="mo2f_selected_forgotphone_option" value="KBA" />Answer your Security Questions (KBA)
226
+ <?php } ?>
227
+ <br /><br />
228
+ <input type="button" name="miniorange_validtae_otp" value="Continue" class="miniorange-button" onclick="mo2fselectforgotphoneoption();" />
229
+ </div>
230
+ <?php mo2f_customize_logo();
231
+ }
232
+ ?>
233
+ </div>
234
+ </div>
235
+ </div>
236
+ </div>
237
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
238
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
239
+ </form>
240
+ <form name="f" id="mo2f_challenge_forgotphone_form" method="post" action="" style="display:none;">
241
+ <input type="hidden" name="mo2f_selected_2factor_method" />
242
+ <input type="hidden" name="miniorange_challenge_forgotphone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-challenge-forgotphone-nonce'); ?>" />
243
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
244
+ </form>
245
+ </body>
246
  <script>
 
 
247
  function mologinback(){
248
  jQuery('#mo2f_backto_mo_loginform').submit();
249
  }
253
  jQuery('#mo2f_challenge_forgotphone_form').submit();
254
  }
255
  </script>
256
+ </html>
257
+ <?php }
258
 
259
+ function mo2f_getkba_form($login_status, $login_message, $redirect_to){
260
  ?>
261
+
262
+ <html>
263
+ <head>
264
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
265
+ <meta name="viewport" content="width=device-width, initial-scale=1">
266
+ <?php
267
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
268
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
269
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__) . '" />';
270
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.4', __FILE__) . '" />';
271
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.4', __FILE__) . '" />';
272
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.4', __FILE__) . '" />';
273
+ ?>
274
+ </head>
275
+
276
+ <body>
277
+
278
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
279
+ <div class="mo2f-modal-backdrop"></div>
280
+ <div class="mo2f_modal-dialog mo2f_modal-md">
281
+ <div class="mo2f_modal-content">
282
+ <div class="mo2f_modal-header">
283
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
284
+ Validate Security Questions</h4>
285
+ </div>
286
+ <div class="mo2f_modal-body">
287
+ <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
288
+ <div id="otpMessage">
289
+ <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : 'Please answer the following questions:'; ?></p>
290
+ </div>
291
+ <form name="f" id="mo2f_submitkba_loginform" method="post" action="">
292
+ <div id="mo2f_kba_content">
293
+ <p style="font-size:15px;">
294
+ <?php if(isset($_SESSION['mo_2_factor_kba_questions'])){
295
+ echo $_SESSION['mo_2_factor_kba_questions'][0];
296
+ ?><br />
297
+ <input class="mo2f-textbox" type="text" name="mo2f_answer_1" id="mo2f_answer_1" required="true" autofocus="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed." autocomplete="off" ><br />
298
+ <?php
299
+ echo $_SESSION['mo_2_factor_kba_questions'][1];
300
+ ?><br />
301
+ <input class="mo2f-textbox" type="text" name="mo2f_answer_2" id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed." autocomplete="off">
302
+ <?php
303
+ }
304
+ ?>
305
+ </p>
306
+ </div>
307
+
308
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
309
 
310
+
311
+ <?php if(get_option('mo2f_login_policy')){
312
+ if(get_option('mo2f_deviceid_enabled')){
313
+ ?>
314
+ <span style="float:left; font-size:15px;padding-right:10px;"><input style="vertical-align:text-top;" type="checkbox" name="mo2f_trust_device" id="mo2f_trust_device" />Remember this device.</span><br /><br />
315
+ <?php
316
+ }
317
+ }
318
+ ?>
319
+ <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate" class="miniorange-button" style="float:left;" value="Validate" />
320
+ <input type="hidden" name="miniorange_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-kba-nonce'); ?>" />
321
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
322
+ </form>
323
+
324
+ </div>
325
+ <?php mo2f_customize_logo() ?>
326
+ </div>
327
+
328
  </div>
 
 
 
329
  </div>
 
330
  </div>
331
+
332
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
333
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
334
+ </form>
335
+ </body>
336
+
337
  <script>
338
+
 
339
  function mologinback(){
340
  jQuery('#mo2f_backto_mo_loginform').submit();
 
 
 
 
 
 
 
 
 
341
  }
342
+
343
 
 
 
 
 
 
 
344
  </script>
345
  <?php
346
  }
347
 
348
+ function mo2f_getpush_oobemail_response($id, $login_status, $login_message, $redirect_to){
349
  ?>
350
+
351
+ <html>
352
+ <head>
353
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
354
+ <meta name="viewport" content="width=device-width, initial-scale=1">
355
+ <?php
356
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
357
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
358
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__) . '" />';
359
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.4', __FILE__) . '" />';
360
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.4', __FILE__) . '" />';
361
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.4', __FILE__) . '" />';
362
+ ?>
363
+ </head>
364
+ <body>
365
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
366
+ <div class="mo2f-modal-backdrop"></div>
367
+ <div class="mo2f_modal-dialog mo2f_modal-md">
368
+ <div class="mo2f_modal-content">
369
+ <div class="mo2f_modal-header">
370
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
371
+ Accept Your Transaction</h4>
372
+ </div>
373
+ <div class="mo2f_modal-body">
374
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
375
+ <div id="otpMessage">
376
+ <p class="mo2fa_display_message_frontend" ><?php echo $login_message; ?></p>
377
+ </div>
378
+ <?php } ?>
379
+ <div id="pushSection">
380
+ <center><a href="#showPushHelp" id="pushHelpLink"><h3>See How It Works ?</h3></a></center>
381
+ <div>
382
+ <center>
383
+ <h3>Waiting for your approval...</h3>
384
+ </center>
385
+ </div>
386
 
387
+ <div id="showPushImage">
388
+ <center>
389
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ );?>" />
390
+ </center>
391
+ </div>
392
 
393
+ <span style="padding-right:2%;">
394
+ <?php if(isset($login_status) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS'){ ?>
395
+ <center>
396
+ <?php if(get_option('mo2f_enable_forgotphone')){ ?>
397
+ <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="miniorange-button" value="Forgot Phone?" />
398
+ <?php } ?>
399
 
400
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();" id="miniorange_login_offline" class="miniorange-button" value="Phone is Offline?" /></center>
401
 
402
+ <?php }else if(isset($login_status) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && get_option('mo2f_enable_forgotphone') && get_user_meta($id,'mo2f_kba_registration_status',true)){ ?>
403
+ <center><a href="#mo2f_alternate_login_kba" ><h3>Didn't receive mail?</h3></a></center>
404
+ <?php }?>
405
+ </span>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
406
  </div>
407
+ <div id="showPushHelp" class="showPushHelp" hidden>
408
+ <center><a href="#showPushHelp" id="pushLink"><h3>←Go Back.</h3></a>
409
+ <br>
410
+ <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
411
+ <ol class="mo2f_carousel-indicators">
412
+ <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
413
+ <li data-target="#myCarousel" data-slide-to="1"></li>
414
+ <li data-target="#myCarousel" data-slide-to="2"></li>
415
+ </ol>
416
+ <div class="mo2f_carousel-inner" role="listbox">
417
+ <?php if($login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL') { ?>
418
+ <div class="item active">
419
+
420
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-1.png" alt="First slide">
421
+ </div>
422
+ <div class="item">
423
+ <p>Click on Accept Transaction link to verify your email .</p><br>
424
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-2.png" alt="First slide">
425
+
426
+ </div>
427
+ <div class="item">
428
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-3.png" alt="First slide">
429
+ </div>
430
+ <?php } else { ?>
431
+ <!-- Indicators -->
432
+
433
+
434
+ <div class="item active">
435
+ <p>You will receive a notification on your phone.</p><br>
436
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow.png" alt="First slide">
437
+ </div>
438
+ <div class="item">
439
+ <p>Open the notification and click on accept button.</p><br>
440
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow-1.png" alt="First slide">
441
+
442
+ </div>
443
+ <div class="item">
444
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow-2.png" alt="First slide">
445
+ </div>
446
+ <?php } ?>
447
+ </div>
448
+ </div>
449
+ </center>
450
  </div>
451
+ <?php mo2f_customize_logo() ?>
 
 
 
 
 
 
 
 
 
452
  </div>
453
+ </div>
454
  </div>
455
+ </div>
456
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
457
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
458
+ </form>
459
+ <form name="f" id="mo2f_mobile_validation_form" method="post" action="" style="display:none;">
460
+ <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
461
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
462
+ </form>
463
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="" style="display:none;">
464
+ <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
465
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
466
+ </form>
467
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" style="display:none;">
468
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
469
+ <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
470
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
471
+ </form>
472
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" action="" style="display:none;">
473
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-alternate-login-kba-nonce'); ?>" />
474
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
475
+ </form>
476
+ </body>
477
  <script>
 
 
478
  var timeout;
479
  pollPushValidation();
480
  function pollPushValidation()
505
  jQuery('#pushHelpLink').click(function() {
506
  jQuery('#showPushHelp').show();
507
  jQuery('#pushSection').hide();
508
+ jQuery('#otpMessage').hide();
509
  jQuery('#myCarousel').carousel(0);
510
  });
511
  jQuery('#pushLink').click(function() {
512
  jQuery('#showPushHelp').hide();
513
  jQuery('#pushSection').show();
514
+ jQuery('#otpMessage').show();
515
  jQuery('#myCarousel').carousel('pause');
516
  });
517
  function mologinback(){
518
  jQuery('#mo2f_backto_mo_loginform').submit();
519
+ }
520
+ function mologinoffline(){
521
  jQuery('#mo2f_show_softtoken_loginform').submit();
522
+ }
523
+ function mologinforgotphone(){
 
 
 
524
  jQuery('#mo2f_show_forgotphone_loginform').submit();
525
+ }
526
+ jQuery('a[href="#mo2f_alternate_login_kba"]').click(function() {
527
  jQuery('#mo2f_alternate_login_kbaform').submit();
528
+ });
529
 
530
+ </script>
531
+ </html>
532
+ <?php
533
+ }
534
 
535
+ function mo2f_getqrcode($login_status, $login_message, $redirect_to){
536
+ ?>
537
+ <html>
538
+ <head>
539
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
540
+ <meta name="viewport" content="width=device-width, initial-scale=1">
541
+ <?php
542
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
543
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
544
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__) . '" />';
545
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.4', __FILE__) . '" />';
546
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.4', __FILE__) . '" />';
547
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.4', __FILE__) . '" />';
548
+ ?>
549
+ </head>
550
+ <body>
551
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
552
+ <div class="mo2f-modal-backdrop"></div>
553
+ <div class="mo2f_modal-dialog mo2f_modal-md">
554
+ <div class="mo2f_modal-content">
555
+ <div class="mo2f_modal-header">
556
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
557
+ Scan QR Code</h4>
558
+ </div>
559
+ <div class="mo2f_modal-body center">
560
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
561
+ <div id="otpMessage">
562
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
563
+ </div>
564
+ <br />
565
+ <?php } ?>
566
 
567
+ <div id="scanQRSection">
568
+ <center><a href="#showQRHelp" id="helpLink"><h3>See How It Works ?</h3></a></center>
569
+ <div style="margin-bottom:10%;">
570
+ <center>
571
+ <h3>Identify yourself by scanning the QR code with miniOrange Authenticator app.</h3>
572
+ </center>
573
+ </div>
 
 
 
 
 
 
574
 
575
+ <div id="showQrCode" style="margin-bottom:10%;">
576
+ <center><?php echo '<img src="data:image/jpg;base64,' . $_SESSION[ 'mo2f-login-qrCode' ] . '" />'; ?></center>
577
+ </div>
578
+
579
+ <span style="padding-right:2%;">
580
+ <center>
581
+ <?php if(get_option('mo2f_enable_forgotphone')){ ?>
582
+ <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="miniorange-button" style="margin-right:5%;" value="Forgot Phone?" />
583
+ <?php } ?>
584
 
585
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();" id="miniorange_login_offline" class="miniorange-button" value="Phone is Offline?" />
586
+ </center>
587
+ </span>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
588
  </div>
589
+ <div id="showQRHelp" class="showQRHelp" hidden>
590
+ <center><a href="#showQRHelp" id="qrLink"><h3>←Back to Scan QR Code.</h3></a>
591
+ <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
592
+ <!-- Indicators -->
593
+ <ol class="mo2f_carousel-indicators">
594
+ <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
595
+ <li data-target="#myCarousel" data-slide-to="1"></li>
596
+ <li data-target="#myCarousel" data-slide-to="2"></li>
597
+ <li data-target="#myCarousel" data-slide-to="3"></li>
598
+ <li data-target="#myCarousel" data-slide-to="4"></li>
599
+ </ol>
600
+ <div class="mo2f_carousel-inner" role="listbox">
601
+ <div class="item active">
602
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-1.png" alt="First slide">
603
+ </div>
604
+ <div class="item">
605
+ <p>Open miniOrange Authenticator app and click on Authenticate.</p><br>
606
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-2.png" alt="First slide">
607
+
608
+ </div>
609
+ <div class="item">
610
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-3.png" alt="First slide">
611
+ </div>
612
+ <div class="item">
613
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-4.png" alt="First slide">
614
+ </div>
615
+ <div class="item">
616
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-5.png" alt="First slide">
617
+ </div>
618
+ </div>
619
+ </div>
620
+ </center>
621
+ </div>
622
+ <?php mo2f_customize_logo() ?>
623
  </div>
624
+ </div>
625
  </div>
 
 
 
626
  </div>
627
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
628
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
629
+ </form>
630
+ <form name="f" id="mo2f_mobile_validation_form" method="post" action="" style="display:none;">
631
+ <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
632
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
633
+ </form>
634
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="" style="display:none;">
635
+ <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
636
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
637
+ </form>
638
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" style="display:none;">
639
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
640
+ <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
641
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
642
+ </form>
643
+ </body>
644
  <script>
 
 
645
  var timeout;
646
  pollMobileValidation();
647
  function pollMobileValidation()
694
  function mologinforgotphone(){
695
  jQuery('#mo2f_show_forgotphone_loginform').submit();
696
  }
697
+ </script>
698
+ </html>
699
+ <?php
700
+ }
701
+
702
+ function mo2f_getotp_form($login_status, $login_message, $redirect_to){
703
+ ?>
704
+ <html>
705
+ <head>
706
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
707
+ <meta name="viewport" content="width=device-width, initial-scale=1">
708
+ <?php
709
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
710
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
711
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__) . '" />';
712
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.4', __FILE__) . '" />';
713
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.4', __FILE__) . '" />';
714
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.4', __FILE__) . '" />';
715
+ ?>
716
+ </head>
717
+ <body>
718
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
719
+ <div class="mo2f-modal-backdrop"></div>
720
+ <div class="mo2f_modal-dialog mo2f_modal-md">
721
+ <div class="mo2f_modal-content">
722
+ <div class="mo2f_modal-header">
723
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
724
+ Validate OTP</h4>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
725
  </div>
726
+ <div class="mo2f_modal-body center">
727
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
728
+ <div id="otpMessage">
729
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
730
+ </div>
731
+ <?php } ?>
732
+ <br />
733
+ <div id="showOTP">
734
+ <div class="mo2f-login-container">
735
+ <?php if($login_status != 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){ ?>
736
+ <a href="#showOTPHelp" id="otpHelpLink" class="mo2f-link">See How It Works ?</a><br />
737
+ <?php } ?>
738
+ <form name="f" id="mo2f_submitotp_loginform" method="post" action="">
739
+ <input type="text" name="mo2fa_softtoken" style="height:28px !important;" placeholder="Enter one time passcode" id="mo2fa_softtoken" required="true" class="mo2f-textbox" autofocus="true" pattern="[0-9]{4,8}" title="Only digits within range 4-8 are allowed."/>
740
+ <br />
741
+ <input type="submit" name="miniorange_soft_token_submit" id="miniorange_soft_token_submit" class="miniorange-button" value="Validate" />
742
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
743
+ <input type="hidden" name="miniorange_soft_token_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-soft-token-nonce'); ?>" />
744
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
745
+ </form>
746
+ <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
747
+ <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone ?</a>
748
+ <?php } ?>
749
+ </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
750
  </div>
751
+ <div id="showOTPHelp" class="showOTPHelp" hidden>
752
+ <br>
753
+ <center><a href="#showOTP" id="otpLink" class="mo2f-link">←Go Back</a>
754
+ <br>
755
+ <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
756
+ <!-- Indicators -->
757
+
758
+ <?php if($login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){ ?>
759
+ <ol class="mo2f_carousel-indicators">
760
+ <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
761
+ <li data-target="#myCarousel" data-slide-to="1"></li>
762
+ <li data-target="#myCarousel" data-slide-to="2"></li>
763
+ <li data-target="#myCarousel" data-slide-to="3"></li>
764
+
765
+ </ol>
766
+ <div class="mo2f_carousel-inner" role="listbox">
767
+
768
+
769
+ <div class="item active">
770
+ <p>Open miniOrange Authenticator app and click on settings icon on top right corner.</p><br>
771
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-2.png" alt="First slide">
772
+ </div>
773
+ <div class="item">
774
+ <p>Click on Sync button below to sync your time with miniOrange Servers. This is a one time sync to avoid otp validation failure.</p><br>
775
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-3.png" alt="First slide">
776
+ </div>
777
+ <div class="item">
778
+ <p>Go to Soft Token tab.</p><br>
779
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-2.png" alt="First slide">
780
+ </div>
781
+ <div class="item">
782
+ <p>Enter the one time passcode shown in miniOrange Authenticator app here.</p><br>
783
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-4.png" alt="First slide">
784
+ </div>
785
+ </div>
786
+ <?php } else if($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') { ?>
787
+ <ol class="mo2f_carousel-indicators">
788
+ <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
789
+ <li data-target="#myCarousel" data-slide-to="1"></li>
790
+ <li data-target="#myCarousel" data-slide-to="2"></li>
791
+
792
+ </ol>
793
+ <div class="mo2f_carousel-inner" role="listbox">
794
+ <div class="item active">
795
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-1.png" alt="First slide">
796
+ </div>
797
+ <div class="item">
798
+ <p>Check your email with which you registered and copy the one time passcode.</p><br>
799
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-2.png" alt="First slide">
800
+ </div>
801
+ <div class="item">
802
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-3.png" alt="First slide">
803
+ </div>
804
+ </div>
805
+ <?php } else if($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') { ?>
806
+ <ol class="mo2f_carousel-indicators">
807
+ <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
808
+ <li data-target="#myCarousel" data-slide-to="1"></li>
809
+ <li data-target="#myCarousel" data-slide-to="2"></li>
810
+
811
+ </ol>
812
+ <div class="mo2f_carousel-inner" role="listbox">
813
+ <div class="item active">
814
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-1.png" alt="First slide">
815
+ </div>
816
+ <div class="item">
817
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-2.png" alt="First slide">
818
+ </div>
819
+ <div class="item">
820
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-3.png" alt="First slide">
821
+ </div>
822
+ </div>
823
+ <?php } else { ?>
824
+ <!-- phone call verification -->
825
+ <ol class="mo2f_carousel-indicators">
826
+ <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
827
+ <li data-target="#myCarousel" data-slide-to="1"></li>
828
+
829
+
830
+ </ol>
831
+ <div class="mo2f_carousel-inner" role="listbox">
832
+ <div class="item active">
833
+ <p>You will receive a phone call. Pick up the call and listen to the one time passcode carefully. </p>
834
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/phone-call-login-flow-2.png" alt="First slide">
835
+ </div>
836
+ <div class="item">
837
+ <p>Enter the one time passcode here and click on validate button to login.</p><br>
838
+ <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/phone-call-login-flow.png" alt="First slide">
839
+ </div>
840
+
841
+ </div>
842
+ <?php } ?>
843
+
844
+ </div>
845
  </div>
846
+ <?php mo2f_customize_logo() ?>
847
+ </div>
848
+ </div>
 
849
  </div>
 
 
 
 
 
850
  </div>
851
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
852
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
853
+ </form>
854
+ <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
855
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" style="display:none;">
856
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
857
+ <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
858
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
859
+ </form>
860
+ <?php } ?>
861
+ </body>
862
  <script>
863
+ jQuery('#otpHelpLink').click(function() {
 
 
864
  jQuery('#showOTPHelp').show();
865
  jQuery('#showOTP').hide();
866
  jQuery('#otpMessage').hide();
870
  jQuery('#showOTP').show();
871
  jQuery('#otpMessage').show();
872
  });
873
+
874
  function mologinback(){
875
  jQuery('#mo2f_backto_mo_loginform').submit();
876
  }
877
  function mologinforgotphone(){
878
  jQuery('#mo2f_show_forgotphone_loginform').submit();
879
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
880
  </script>
881
+ </html>
882
+
883
  <?php
884
  }
885
+
886
 
887
+ function mo2f_get_device_form($login_status, $login_message, $redirect_to){
888
+ ?>
889
+ <html>
890
+ <head>
891
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
892
+ <meta name="viewport" content="width=device-width, initial-scale=1">
893
+ <?php
894
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
895
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
896
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__) . '" />';
897
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.4', __FILE__) . '" />';
898
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.4', __FILE__) . '" />';
899
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.4', __FILE__) . '" />';
900
+ ?>
901
+ </head>
902
+ <body>
903
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
904
+ <div class="mo2f-modal-backdrop"></div>
905
+ <div class="mo2f_modal-dialog mo2f_modal-md">
906
+ <div class="mo2f_modal-content">
907
+ <div class="mo2f_modal-header">
908
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
909
+ Remember Device</h4>
910
+ </div>
911
+ <div class="mo2f_modal-body center">
912
+ <div id="mo2f_device_content">
913
+
914
+ <h3>Do you want to remember this device?</h3>
 
 
 
 
 
 
 
915
 
916
+ <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();" id="miniorange_trust_device_yes" class="mo_green" style="margin-right:5%;" value="Yes" />
917
+
918
+ <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();" id="miniorange_trust_device_no" class="mo_red" value="No" />
919
+
920
+ </div>
921
+ <div id="showLoadingBar" hidden>
922
 
923
+ <h3>Please wait...We are taking you into your account.</h3>
924
+
925
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ );?>" />
926
+
927
+ </div>
928
+ <br /><br />
929
 
930
+ <span>
931
+ Click on <i><b>Yes</b></i> if this is your personal device.<br />
932
+ Click on <i><b>No</b></i> if this is a public device.
933
+ </span><br /><br />
934
+ <?php mo2f_customize_logo() ?>
935
+ </div>
936
+ </div>
937
  </div>
 
 
 
938
  </div>
939
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
940
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
941
+ </form>
942
+ <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" style="display:none;">
943
+ <input type="hidden" name="mo2f_trust_device_confirm_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-confirm-nonce'); ?>" />
944
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
945
+ </form>
946
+ <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" style="display:none;">
947
+ <input type="hidden" name="mo2f_trust_device_cancel_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-cancel-nonce'); ?>" />
948
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
949
+ </form>
950
+ <script>
951
+ function mologinback(){
952
+ jQuery('#mo2f_backto_mo_loginform').submit();
953
+ }
954
+ function mo_check_device_confirm(){
955
+ jQuery('#mo2f_device_content').hide();
956
+ jQuery('#showLoadingBar').show();
957
+ jQuery('#mo2f_trust_device_confirm_form').submit();
958
+ }
959
+ function mo_check_device_cancel(){
960
+ jQuery('#mo2f_device_content').hide();
961
+ jQuery('#showLoadingBar').show();
962
+ jQuery('#mo2f_trust_device_cancel_form').submit();
963
+ }
964
+ </script>
965
+ </body>
966
+ </html>
967
+ <?php }
968
  ?>
miniorange_2_factor_configuration.php CHANGED
@@ -132,10 +132,9 @@
132
  }
133
 
134
  function mo2f_show_new_registration_page($current_user) {
 
135
 
136
- ?>
137
-
138
- <!-- Modal -->
139
  <div id="clefMigration" class="mo2f_modal fade" role="dialog">
140
  <div class="mo2f_modal-dialog">
141
  <!-- Modal content-->
@@ -185,8 +184,6 @@
185
  </div>
186
  </div>
187
  </div>
188
-
189
-
190
  <!--Register with miniOrange-->
191
  <form name="f" method="post" action="">
192
  <input type="hidden" name="option" value="mo_auth_register_customer" />
132
  }
133
 
134
  function mo2f_show_new_registration_page($current_user) {
135
+ ?>
136
 
137
+ <!-- Modal -->
 
 
138
  <div id="clefMigration" class="mo2f_modal fade" role="dialog">
139
  <div class="mo2f_modal-dialog">
140
  <!-- Modal content-->
184
  </div>
185
  </div>
186
  </div>
 
 
187
  <!--Register with miniOrange-->
188
  <form name="f" method="post" action="">
189
  <input type="hidden" name="option" value="mo_auth_register_customer" />
miniorange_2_factor_frontend_shortcode.php DELETED
@@ -1,543 +0,0 @@
1
- <?php
2
- if(mo2f_is_customer_registered()){
3
-
4
- class MO2F_ShortCode {
5
-
6
- public function mo2FAFormShortCode(){
7
-
8
- if( ! is_user_logged_in() ) {
9
- $html = '';
10
- $html .="<link rel='stylesheet' id='bootstrap_style-css' href='". plugins_url('includes/css/bootstrap.min.css?version=3.4', __FILE__) ."' type='text/css' media='all' />
11
- <link rel='stylesheet' id='2fa_login_style-css' href='".plugins_url('includes/css/front_end_login.css?version=3.4', __FILE__)."' type='text/css' media='all' />";
12
-
13
- $login_status = isset($_SESSION[ 'mo_2factor_login_status' ]) ? $_SESSION[ 'mo_2factor_login_status' ] : null;
14
-
15
- if($login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL'){
16
-
17
- $html .= "<div class='mo2f_modal' tabindex='-1' role='dialog' id='mo2f-modal1'><div class='mo2f-modal-backdrop'></div>
18
- <div class='mo2f_modal-dialog'>
19
- <div class='mo2f_modal-content'>
20
- <div class='mo2f_modal-header'>
21
- <button type='button' class='mo2f_close' data-dismiss='modal' aria-label='Close' onclick='mologinback();'><span aria-hidden='true'>&times;</span></button>
22
- </div>
23
- <div class='mo2f_modal-body center'>
24
-
25
- <div id='otpMessage' >
26
- <p class='mo2fa_display_message_frontend'>" . $_SESSION['mo2f-login-message'] . "</p>
27
- </div>
28
-
29
- <div id='mo_2_factor_push_page'>
30
- <center>
31
- <div id='pushSection'>
32
-
33
- <a href='#showPushHelp' id='pushHelpLink' class='mo2f-link'>See How It Works ?</a>
34
- <br>
35
-
36
- <h4>Waiting for your approval...</h4>
37
-
38
- <div id='showPushImage' style='margin-bottom:10%;'>
39
-
40
- <img src='". plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ )."' style='display:inline!important;'/>
41
-
42
- </div>
43
- <div style='display:table-row;' >";
44
- if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS'){
45
- if(get_option('mo2f_enable_forgotphone')){
46
-
47
- $html .= "<a name='miniorange_login_forgotphone' onclick='mologinforgotphone();' id='miniorange_login_forgotphone' class='mo2f-link' >Forgot Phone?</a>";
48
- }
49
- $html .= " &nbsp;&nbsp;&nbsp;&nbsp;
50
- <a name='miniorange_login_offline' onclick='mologinoffline();' id='miniorange_login_offline' class='mo2f-link' >Phone is Offline?</a>";
51
-
52
- }
53
- $html .= " </div>
54
- <br>
55
-
56
- </div>
57
- </center>
58
- <div id='showPushHelp' class='showPushHelp' hidden>
59
- <br>
60
- <center><a href='#showPushHelp' id='pushLink' class='mo2f-link'>←Go Back.</a>
61
- <br>
62
- <div id='myCarousel' class='mo2f_carousel slide' data-ride='carousel'>
63
- <ol class='mo2f_carousel-indicators'>
64
- <li data-target='#myCarousel' data-slide-to='0' class='active'></li>
65
- <li data-target='#myCarousel' data-slide-to='1'></li>
66
- <li data-target='#myCarousel' data-slide-to='2'></li>
67
- </ol>
68
- <div class='mo2f_carousel-inner' role='listbox'>";
69
- if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL') {
70
-
71
- $html .= " <div class='item active'>
72
-
73
- <img class='first-slide' src='http://miniorange.com/images/help/email-with-link-login-flow-1.png' alt='First slide'>
74
- </div>
75
- <div class='item'>
76
- <p>Click on Accept Transaction link to verify your email .</p><br>
77
- <img class='first-slide' src='http://miniorange.com/images/help/email-with-link-login-flow-2.png' alt='First slide'>
78
-
79
- </div>
80
- <div class='item'>
81
- <img class='first-slide' src='http://miniorange.com/images/help/email-with-link-login-flow-3.png' alt='First slide'>
82
- </div>";
83
- }
84
- else {
85
-
86
- $html .= " <div class='item active'>
87
- <p>You will receive a notification on your phone.</p><br>
88
- <img class='first-slide' src='http://miniorange.com/images/help/push-login-flow.png' alt='First slide'>
89
- </div>
90
- <div class='item'>
91
- <p>Open the notification and click on accept button.</p><br>
92
- <img class='first-slide' src='http://miniorange.com/images/help/push-login-flow-1.png' alt='First slide'>
93
-
94
- </div>
95
- <div class='item'>
96
- <img class='first-slide' src='http://miniorange.com/images/help/push-login-flow-2.png' alt='First slide'>
97
- </div>";
98
- }
99
- $html .= "</div>
100
- </div>
101
- </center>
102
- </div>
103
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
104
- <?php if(get_option('mo2f_enable_custom_poweredby')!=1){?>}
105
- <div class='mo2f_powered_by_div'><a target='_blank' href='http://miniorange.com/2-factor-authentication'><div class='mo2f_powered_by_miniorange' style='background-image: url('/miniorange-2-factor-authentication/includes/images/miniOrange2.png');'></div></a></div>
106
- <?php }else{
107
- <div class='mo2f_powered_by_div'><a target='_blank' href='http://miniorange.com/2-factor-authentication'><div class='mo2f_powered_by_miniorange' style='background-image: url('".site_url()."/wp-content/uploads/custom.png');'></div></a></div>
108
- }?>
109
- <?php }?>
110
- </div>
111
-
112
- </div><!-- /.modal-content -->
113
- </div><!-- /.modal-dialog -->
114
- </div><!-- /.modal -->
115
- <script>
116
- jQuery('#mo2f-modal1').modal('show');
117
-
118
- var timeout;
119
- pollPushValidation();
120
- function pollPushValidation()
121
- {
122
- var transId = '". $_SESSION[ 'mo2f-login-transactionId' ] ."';
123
-
124
- var jsonString = '{\"txId\":\"'+ transId + '\"}';
125
- var postUrl = '". get_option('mo2f_host_name') ."/moas/api/auth/auth-status';
126
-
127
- jQuery.ajax({
128
- url: postUrl,
129
- type : 'POST',
130
- dataType : 'json',
131
- data : jsonString,
132
- contentType : 'application/json; charset=utf-8',
133
- success : function(result) {
134
- var status = JSON.parse(JSON.stringify(result)).status;
135
-
136
- if (status == 'SUCCESS') {
137
-
138
- jQuery('#mo2f_mobile_validation_form').submit();
139
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
140
-
141
- jQuery('#mo2f_2fa_form_close').submit();
142
- } else {
143
- timeout = setTimeout(pollPushValidation, 3000);
144
- }
145
- }
146
- });
147
- }
148
- jQuery('#myCarousel').carousel('pause');
149
- jQuery('#pushHelpLink').click(function() {
150
- jQuery('#showPushHelp').show();
151
- jQuery('#pushSection').hide();
152
-
153
- jQuery('#myCarousel').carousel(0);
154
- });
155
- jQuery('#pushLink').click(function() {
156
- jQuery('#showPushHelp').hide();
157
- jQuery('#pushSection').show();
158
- jQuery('#myCarousel').carousel('pause');
159
- });
160
- function mologinback(){
161
- jQuery('#mo2f_2fa_form_close').submit();
162
- }
163
- function mologinoffline(){
164
- jQuery('#mo2f_show_softtoken_loginform').submit();
165
- }
166
- function mologinforgotphone(){
167
- jQuery('#mo2f_show_forgotphone_loginform').submit();
168
- }
169
- </script>
170
- ";
171
- }
172
-
173
- if($login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION'){
174
-
175
- $html .= " <div class='mo2f_modal' tabindex='-1' role='dialog' id='mo2f-modal2'>
176
- <div class='mo2f-modal-backdrop'></div>
177
- <div class='mo2f_modal-dialog'>
178
- <div class='mo2f_modal-content'>
179
- <div class='mo2f_modal-header'>
180
- <button type='button' class='mo2f_close' data-dismiss='modal' aria-label='Close' onclick='mologinback();'><span aria-hidden='true'>&times;</span></button>
181
- </div>
182
- <div class='mo2f_modal-body center'>";
183
-
184
- if(isset($_SESSION['mo2f-login-message']) && $_SESSION['mo2f-login-message'] == 'Error:OTP over Email'){
185
- $html .= "
186
- <div id='otpMessage'>
187
- <p class='mo2fa_display_message_frontend'>Error occurred while sending OTP over email. Please try again. </p>
188
- </div>";
189
- }
190
- $html .= " <div id='scanQRSection'>
191
- <p>Identify yourself by scanning the QR code with miniOrange Authenticator app.</p>
192
- <a href='#showQRHelp' id='helpLink' class='mo2f-link'>See How It Works ?</a>
193
- <br><br>
194
- <div id='showQrCode' style='margin-bottom:10%;'>
195
- <center> <img src='data:image/jpg;base64," . $_SESSION[ 'mo2f-login-qrCode' ] . "' /> </center>
196
- </div>";
197
-
198
- if(get_option('mo2f_enable_forgotphone')){
199
- $html .= " <a name='miniorange_login_forgotphone' onclick='mologinforgotphone();' id='miniorange_login_forgotphone' class='mo2f-link' >Forgot Phone?</a>";
200
- }
201
-
202
- $html .= " &nbsp;&nbsp;&nbsp;&nbsp;
203
- <a name='miniorange_login_offline' onclick='mologinoffline();' id='miniorange_login_offline' class='mo2f-link' >Phone is Offline?</a>
204
-
205
-
206
- </div>
207
- <div id='showQRHelp' class='showQRHelp' hidden>
208
- <br>
209
- <center><a href='#showQRHelp' id='qrLink' class='mo2f-link'>←Back to Scan QR Code.</a>
210
- <br>
211
- <div id='myCarousel' class='mo2f_carousel slide' data-ride='carousel'>
212
- <!-- Indicators -->
213
- <ol class='mo2f_carousel-indicators'>
214
- <li data-target='#myCarousel' data-slide-to='0' class='active'></li>
215
- <li data-target='#myCarousel' data-slide-to='1'></li>
216
- <li data-target='#myCarousel' data-slide-to='2'></li>
217
- <li data-target='#myCarousel' data-slide-to='3'></li>
218
- <li data-target='#myCarousel' data-slide-to='4'></li>
219
- </ol>
220
- <div class='mo2f_carousel-inner' role='listbox'>
221
- <div class='item active'>
222
- <img class='first-slide' src='http://miniorange.com/images/help/qr-help-1.png' alt='First slide'>
223
- </div>
224
- <div class='item'>
225
- <p>Open miniOrange Authenticator app and click on Authenticate.</p><br>
226
- <img class='first-slide' src='http://miniorange.com/images/help/qr-help-2.png' alt='First slide'>
227
-
228
- </div>
229
- <div class='item'>
230
- <img class='first-slide' src='http://miniorange.com/images/help/qr-help-3.png' alt='First slide'>
231
- </div>
232
- <div class='item'>
233
- <img class='first-slide' src='http://miniorange.com//images/help/qr-help-4.png' alt='First slide'>
234
- </div>
235
- <div class='item'>
236
- <img class='first-slide' src='http://miniorange.com/images/help/qr-help-5.png' alt='First slide'>
237
- </div>
238
- </div>
239
- </div>
240
- </center>
241
- </div>
242
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
243
- <?php if(get_option('mo2f_enable_custom_poweredby')!=1){?>}
244
- <div class='mo2f_powered_by_div'><a target='_blank' href='http://miniorange.com/2-factor-authentication'><div class='mo2f_powered_by_miniorange' style='background-image: url('/miniorange-2-factor-authentication/includes/images/miniOrange2.png');'></div></a></div>
245
- <?php }else{
246
- <div class='mo2f_powered_by_div'><a target='_blank' href='http://miniorange.com/2-factor-authentication'><div class='mo2f_powered_by_miniorange' style='background-image: url('".site_url()."/wp-content/uploads/custom.png');'></div></a></div>
247
- }?>
248
- <?php }?>
249
- </div>
250
- </div><!-- /.modal-content -->
251
- </div><!-- /.modal-dialog -->
252
- </div><!-- /.modal -->
253
- <script>
254
-
255
- jQuery('#mo2f-modal2').modal('show');
256
-
257
- var timeout;
258
- pollMobileValidation();
259
- function pollMobileValidation()
260
- {
261
- var transId = '". $_SESSION[ 'mo2f-login-transactionId' ] ."';
262
- var jsonString = '{\"txId\":\"'+ transId + '\"}';
263
- var postUrl = '". get_option('mo2f_host_name') ."/moas/api/auth/auth-status';
264
- jQuery.ajax({
265
- url: postUrl,
266
- type : 'POST',
267
- dataType : 'json',
268
- data : jsonString,
269
- contentType : 'application/json; charset=utf-8',
270
- success : function(result) {
271
- var status = JSON.parse(JSON.stringify(result)).status;
272
- if (status == 'SUCCESS') {
273
- var content = '<div id=\"success\"><center><img src=\"". plugins_url( 'includes/images/right.png' , __FILE__ ) ."\" /></center></div>';
274
- jQuery('#showQrCode').empty();
275
- jQuery('#showQrCode').append(content);
276
- setTimeout(function(){jQuery('#mo2f_mobile_validation_form').submit();}, 100);
277
- } else if (status == 'ERROR' || status == 'FAILED') {
278
- var content = '<div id=\"error\"><center><img src=\"". plugins_url( 'includes/images/wrong.png' , __FILE__ ) ."\" /></center></div>';
279
- jQuery('#showQrCode').empty();
280
- jQuery('#showQrCode').append(content);
281
- setTimeout(function(){jQuery('#mo2f_2fa_form_close').submit();}, 1000);
282
- } else {
283
- timeout = setTimeout(pollMobileValidation, 3000);
284
- }
285
- }
286
- });
287
- }
288
- jQuery('#myCarousel').carousel('pause');
289
- jQuery('#helpLink').click(function() {
290
- jQuery('#showQRHelp').show();
291
- jQuery('#scanQRSection').hide();
292
-
293
- jQuery('#myCarousel').carousel(0);
294
- });
295
- jQuery('#qrLink').click(function() {
296
- jQuery('#showQRHelp').hide();
297
- jQuery('#scanQRSection').show();
298
- jQuery('#myCarousel').carousel('pause');
299
- });
300
- function mologinback(){
301
- jQuery('#mo2f_2fa_form_close').submit();
302
- }
303
- function mologinoffline(){
304
- jQuery('#mo2f_show_softtoken_loginform').submit();
305
- }
306
- function mologinforgotphone(){
307
- jQuery('#mo2f_show_forgotphone_loginform').submit();
308
- }
309
- </script>
310
- ";
311
- }
312
-
313
- if($login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
314
-
315
- $html .= " <div class='mo2f_modal' tabindex='-1' role='dialog' id='mo2f-modal3'>
316
- <div class='mo2f-modal-backdrop'></div>
317
- <div class='mo2f_modal-dialog'>
318
- <div class='mo2f_modal-content'>
319
- <div class='mo2f_modal-header'>
320
- <button type='button' class='mo2f_close' data-dismiss='modal' aria-label='Close' onclick='mologinback();'><span aria-hidden='true'>&times;</span></button>
321
- </div>
322
- <div class='mo2f_modal-body center'>
323
-
324
-
325
- <div id='otpMessage'>
326
- <p class='mo2fa_display_message_frontend' >". $_SESSION['mo2f-login-message'] . "</p>
327
- </div>
328
-
329
- <div id='showOTP'>
330
- <div class='mo2f-login-container'>";
331
- if($_SESSION[ 'mo_2factor_login_status' ] != 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
332
- $html .= " <a href='#showOTPHelp' id='otpHelpLink' class='mo2f-link'>See How It Works ?</a>";
333
- }
334
-
335
-
336
- $html .= " <input type='text' name='mo2fa_softtokenkey' placeholder='Enter one time passcode' id='mo2fa_softtokenkey' required='true' class='mo2f-textbox' autofocus='true' pattern='[0-9]{4,8}' title='Only digits within range 4-8 are allowed.'/>
337
-
338
- <input type='button' name='miniorange_soft_token_submit' onclick='mootploginsubmit();' id='miniorange_soft_token_submit' class='mo2f-button' value='Validate' />
339
- <br><br>";
340
-
341
- if(get_option('mo2f_enable_forgotphone') && isset($_SESSION[ 'mo_2factor_login_status' ] ) && $_SESSION[ 'mo_2factor_login_status' ] != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
342
-
343
- $html .= "<a name='miniorange_login_forgotphone' onclick='mologinforgotphone();' id='miniorange_login_forgotphone' class='mo2f-link' >Forgot Phone ?</a>";
344
-
345
- }
346
-
347
- $html .= " <br><br>
348
- </div>
349
- </div>
350
- <div id='showOTPHelp' class='showOTPHelp' hidden>
351
- <br>
352
- <center><a href='#showOTP' id='otpLink' class='mo2f-link'>←Go Back</a>
353
- <br>
354
- <div id='myCarousel' class='mo2f_carousel slide' data-ride='carousel'> ";
355
-
356
- if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
357
-
358
- $html .= " <ol class='mo2f_carousel-indicators'>
359
- <li data-target='#myCarousel' data-slide-to='0' class='active'></li>
360
- <li data-target='#myCarousel' data-slide-to='1'></li>
361
- <li data-target='#myCarousel' data-slide-to='2'></li>
362
- <li data-target='#myCarousel' data-slide-to='3'></li>
363
-
364
- </ol>
365
- <div class='mo2f_carousel-inner' role='listbox'>
366
-
367
-
368
- <div class='item active'>
369
- <p>Open miniOrange Authenticator app and click on settings icon on top right corner.</p><br>
370
- <img class='first-slide' src='http://miniorange.com/images/help/qr-help-2.png' alt='First slide'>
371
- </div>
372
- <div class='item'>
373
- <p>Click on Sync button below to sync your time with miniOrange Servers. This is a one time sync to avoid otp validation failure.</p><br>
374
- <img class='first-slide' src='http://miniorange.com/images/help/token-help-3.png' alt='First slide'>
375
- </div>
376
- <div class='item'>
377
- <p>Go to Soft Token tab.</p><br>
378
- <img class='first-slide' src='http://miniorange.com/images/help/token-help-2.png' alt='First slide'>
379
- </div>
380
- <div class='item'>
381
- <p>Enter the one time passcode shown in miniOrange Authenticator app here.</p><br>
382
- <img class='first-slide' src='http://miniorange.com/images/help/token-help-4.png' alt='First slide'>
383
- </div>
384
- </div>";
385
-
386
- } else if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') {
387
-
388
- $html .= " <ol class='mo2f_carousel-indicators'>
389
- <li data-target='#myCarousel' data-slide-to='0' class='active'></li>
390
- <li data-target='#myCarousel' data-slide-to='1'></li>
391
- <li data-target='#myCarousel' data-slide-to='2'></li>
392
-
393
- </ol>
394
- <div class='mo2f_carousel-inner' role='listbox'>
395
- <div class='item active'>
396
- <img class='first-slide' src='http://miniorange.com/images/help/otp-help-1.png' alt='First slide'>
397
- </div>
398
- <div class='item'>
399
- <p>Check your email with which you registered and copy the one time passcode.</p><br>
400
- <img class='first-slide' src='http://miniorange.com/images/help/otp-help-2.png' alt='First slide'>
401
- </div>
402
- <div class='item'>
403
- <img class='first-slide' src='http://miniorange.com/images/help/otp-help-3.png' alt='First slide'>
404
- </div>
405
- </div>";
406
-
407
- } else if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') {
408
-
409
- $html .= "<ol class='mo2f_carousel-indicators'>
410
- <li data-target='#myCarousel' data-slide-to='0' class='active'></li>
411
- <li data-target='#myCarousel' data-slide-to='1'></li>
412
- <li data-target='#myCarousel' data-slide-to='2'></li>
413
-
414
- </ol>
415
- <div class='mo2f_carousel-inner' role='listbox'>
416
- <div class='item active'>
417
- <img class='first-slide' src='http://miniorange.com/images/help/otp-over-sms-login-flow-1.png' alt='First slide'>
418
- </div>
419
- <div class='item'>
420
- <img class='first-slide' src='http://miniorange.com/images/help/otp-over-sms-login-flow-2.png' alt='First slide'>
421
- </div>
422
- <div class='item'>
423
- <img class='first-slide' src='http://miniorange.com/images/help/otp-over-sms-login-flow-3.png' alt='First slide'>
424
- </div>
425
- </div>";
426
- } else {
427
- $html .= "<!-- phone call verification -->
428
- <ol class='mo2f_carousel-indicators'>
429
- <li data-target='#myCarousel' data-slide-to='0' class='active'></li>
430
- <li data-target='#myCarousel' data-slide-to='1'></li>
431
-
432
-
433
- </ol>
434
- <div class='mo2f_carousel-inner' role='listbox'>
435
- <div class='item active'>
436
- <p>You will receive a phone call. Pick up the call and listen to the one time passcode carefully. </p>
437
- <img class='first-slide' src='http://miniorange.com/images/help/phone-call-login-flow-2.png' alt='First slide'>
438
- </div>
439
- <div class='item'>
440
- <p>Enter the one time passcode here and click on validate button to login.</p><br>
441
- <img class='first-slide' src='http://miniorange.com/images/help/phone-call-login-flow.png' alt='First slide'>
442
- </div>
443
-
444
- </div>";
445
- }
446
-
447
- $html .= "</div>
448
- </div>
449
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
450
- <?php if(get_option('mo2f_enable_custom_poweredby')!=1){?>}
451
- <div class='mo2f_powered_by_div'><a target='_blank' href='http://miniorange.com/2-factor-authentication'><div class='mo2f_powered_by_miniorange' style='background-image: url('/miniorange-2-factor-authentication/includes/images/miniOrange2.png');'></div></a></div>
452
- <?php }else{
453
- <div class='mo2f_powered_by_div'><a target='_blank' href='http://miniorange.com/2-factor-authentication'><div class='mo2f_powered_by_miniorange' style='background-image: url('".site_url()."/wp-content/uploads/custom.png');'></div></a></div>
454
- }?>
455
- <?php }?>
456
- </div>
457
-
458
-
459
- </div><!-- /.modal-content -->
460
- </div><!-- /.modal-dialog -->
461
- </div><!-- /.modal -->
462
-
463
- <script>
464
-
465
- jQuery('#mo2f-modal3').modal('show');
466
- jQuery('#otpHelpLink').click(function() {
467
- jQuery('#showOTPHelp').show();
468
- jQuery('#showOTP').hide();
469
- jQuery('#otpMessage').hide();
470
- });
471
- jQuery('#otpLink').click(function() {
472
- jQuery('#showOTPHelp').hide();
473
- jQuery('#showOTP').show();
474
- jQuery('#otpMessage').show();
475
- });
476
-
477
- function mologinback(){
478
- jQuery('#mo2f_2fa_form_close').submit();
479
- }
480
- function mologinforgotphone(){
481
- jQuery('#mo2f_show_forgotphone_loginform').submit();
482
- }
483
- function mootploginsubmit(){
484
- var otpkey = jQuery('#mo2fa_softtokenkey').val();
485
- document.getElementById('mo2f_submitotp_loginform').elements[0].value = otpkey;
486
- jQuery('#mo2f_submitotp_loginform').submit();
487
-
488
- }
489
-
490
- jQuery('#mo2fa_softtokenkey').keypress(function(e){
491
- if(e.which == 13){//Enter key pressed
492
- e.preventDefault();
493
- var otpkey = jQuery('#mo2fa_softtokenkey').val();
494
- document.getElementById('mo2f_submitotp_loginform').elements[0].value = otpkey;
495
- jQuery('#mo2f_submitotp_loginform').submit();
496
- }
497
-
498
- });
499
-
500
-
501
-
502
- </script>
503
- ";
504
- }
505
-
506
- $html .= "<form name='f' id='mo2f_show_softtoken_loginform' method='post' action='' style='display:none;'>
507
- <input type='hidden' name='miniorange_softtoken' value='". wp_create_nonce('miniorange-2-factor-softtoken') . "' />
508
- </form>
509
- <form name='f' id='mo2f_show_forgotphone_loginform' method='post' action='' style='display:none;'>
510
- <input type='hidden' name='miniorange_forgotphone' value='" . wp_create_nonce('miniorange-2-factor-forgotphone') . "' />
511
- </form>
512
- <form name='f' id='mo2f_2fa_form_close' method='post' style='display:none;'>
513
- <input type='hidden' name='miniorange_mobile_validation_failed_nonce' value='" . wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce') ."' />
514
- </form>
515
- <form name='f' id='mo2f_mobile_validation_form' method='post' action='' style='display:none;'>
516
- <input type='hidden' name='miniorange_mobile_validation_nonce' value='" . wp_create_nonce('miniorange-2-factor-mobile-validation-nonce') ."' />
517
- </form>
518
- <form name='f' id='mo2f_submitotp_loginform' method='post' action='' style='display:none;'>
519
- <input type='text' name='mo2fa_softtoken' id='mo2fa_softtoken' hidden/>
520
- <input type='hidden' name='miniorange_soft_token_nonce' value='" . wp_create_nonce('miniorange-2-factor-soft-token-nonce') ."' />
521
- </form>";
522
-
523
- return $html;
524
-
525
- }
526
-
527
- }
528
-
529
- public function mo2FALoginFormShortCode(){
530
- if( ! is_user_logged_in() ) {
531
-
532
- $html = '';
533
- $html .= "<input type='hidden' name='miniorange_login_nonce' value='". wp_create_nonce('miniorange-2-factor-login-nonce') ."' />";
534
- return $html;
535
- }
536
-
537
- }
538
-
539
-
540
- }
541
-
542
- }
543
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
miniorange_2_factor_mobile_configuration.php CHANGED
@@ -95,23 +95,7 @@
95
  <form name="f" id="advance_options_form" method="post" action="">
96
  <?php if(current_user_can('manage_options')){ ?>
97
  <input type="hidden" name="option" value="mo_auth_advanced_options_save" />
98
-
99
- <span>
100
 
101
- <h3>Enable Two-Factor for Woocommerce Front End Login.
102
- <input type="submit" name="submit" value="Save Settings" style="float:right;" class="button button-primary button-large" <?php
103
- if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ } else{ echo 'disabled' ; } ?> />
104
- </h3></span><hr>
105
- <br>
106
-
107
- <div>
108
- <input type="checkbox" id="mo2f_enable_2fa_for_woocommerce" name="mo2f_enable_2fa_for_woocommerce" value="1" <?php checked( get_option('mo2f_enable_2fa_for_woocommerce') == 1 );
109
- if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){}else{ echo 'disabled';} ?> />
110
-
111
- Enable Two-Factor for Woocommerce Front End Login.<br />
112
- <br /><div id="mo2f_note"><b>Note:</b> Checking this option will enable two factor for woocommerce front end login theme.</div><br>
113
- </div>
114
-
115
  <h3>Device Profile View</h3><hr>
116
  <p>You can manage trusted devices which you have stored during login by remembering devices.</p>
117
  <a class="button button-primary button-large" onclick="mo2fLoginMiniOrangeDashboard()" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled style="pointer-events: none;cursor: default;"';} ?> >View Profiles</a>
@@ -730,7 +714,7 @@
730
  <div class="notConfiguredBasic" title="Supported in Smartphones, Feature Phones."><a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_demo">How To Setup ?</a></div>
731
  <?php } ?>
732
  </div>
733
- </td >
734
  <td class="<?php if( !current_user_can('manage_options') && !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
735
  <div><div class="mo2f_grayed_out_link"><?php echo $random_mo_key ? '<span style="float:right;" title="This feature is avialable in premium version of plugin"><a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_pricing" ><b>PREMIUM**</b></a></span>' :'';?></div>
736
  <div class="mo2f_thumbnail<?php echo $random_mo_key ? " mo2f_grayed_out" : '';?>" >
@@ -1765,8 +1749,7 @@
1765
  <option > 4000 users - $649 per year </option>
1766
  <option > 5000 users - $699 per year </option>
1767
  <option > 10000 users - $799 per year </option>
1768
- <option > 20000 users - $999 per year </option>
1769
- <option > Unlimited users - contact us </option>
1770
  </select>
1771
  </p>
1772
  <hr>
@@ -1828,8 +1811,7 @@
1828
  <option > 4000 users - $649 per year </option>
1829
  <option > 5000 users - $699 per year </option>
1830
  <option > 10000 users - $799 per year </option>
1831
- <option > 20000 users - $999 per year </option>
1832
- <option > Unlimited users - contact us </option>
1833
  </select></p>
1834
  <hr>
1835
  <p class="mo2f_pricing_text">Features:</p>
95
  <form name="f" id="advance_options_form" method="post" action="">
96
  <?php if(current_user_can('manage_options')){ ?>
97
  <input type="hidden" name="option" value="mo_auth_advanced_options_save" />
 
 
98
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
99
  <h3>Device Profile View</h3><hr>
100
  <p>You can manage trusted devices which you have stored during login by remembering devices.</p>
101
  <a class="button button-primary button-large" onclick="mo2fLoginMiniOrangeDashboard()" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled style="pointer-events: none;cursor: default;"';} ?> >View Profiles</a>
714
  <div class="notConfiguredBasic" title="Supported in Smartphones, Feature Phones."><a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_demo">How To Setup ?</a></div>
715
  <?php } ?>
716
  </div>
717
+ </td>
718
  <td class="<?php if( !current_user_can('manage_options') && !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
719
  <div><div class="mo2f_grayed_out_link"><?php echo $random_mo_key ? '<span style="float:right;" title="This feature is avialable in premium version of plugin"><a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_pricing" ><b>PREMIUM**</b></a></span>' :'';?></div>
720
  <div class="mo2f_thumbnail<?php echo $random_mo_key ? " mo2f_grayed_out" : '';?>" >
1749
  <option > 4000 users - $649 per year </option>
1750
  <option > 5000 users - $699 per year </option>
1751
  <option > 10000 users - $799 per year </option>
1752
+ <option > 20000 users - $999 per year </option>
 
1753
  </select>
1754
  </p>
1755
  <hr>
1811
  <option > 4000 users - $649 per year </option>
1812
  <option > 5000 users - $699 per year </option>
1813
  <option > 10000 users - $799 per year </option>
1814
+ <option > 20000 users - $999 per year </option>
 
1815
  </select></p>
1816
  <hr>
1817
  <p class="mo2f_pricing_text">Features:</p>
miniorange_2_factor_settings.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
- * Version: 4.3.4
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
@@ -11,7 +11,6 @@
11
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
12
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
13
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_troubleshooting.php';
14
- include_once dirname( __FILE__ ) . '/miniorange_2_factor_frontend_shortcode.php';
15
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
16
  include_once dirname( __FILE__ ) . '/class-two-factor-setup.php';
17
  include_once dirname( __FILE__ ) . '/class-customer-setup.php';
@@ -20,7 +19,6 @@ require('class-miniorange-2-factor-login.php');
20
  require('miniorange_2_factor_support.php');
21
  require('class-miniorange-2-factor-user-registration.php');
22
  require('class-miniorange-2-factor-pass2fa-login.php');
23
- require('miniorange_2_factor_woocommerce_login.php');
24
  define('MOAUTH_PATH', plugins_url(__FILE__));
25
 
26
  class Miniorange_Authentication {
@@ -69,49 +67,51 @@ class Miniorange_Authentication {
69
  }
70
 
71
  if( get_option('mo2f_activate_plugin') == 1){
 
 
 
72
  if(get_option('mo2f_login_policy')){ //password + 2nd factor enabled
73
  if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' ){
74
 
75
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
76
  remove_filter('authenticate', 'wp_authenticate_username_password',20);
77
- add_filter('authenticate', array($pass2fa_login, 'mo2f_check_username_password'),99999,3);
78
  add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect'));
79
- add_action( 'login_form', array( $pass2fa_login, 'miniorange_pass2login_form_fields' ),10 );
80
- add_action( 'login_footer', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ));
 
 
 
81
  add_action( 'login_enqueue_scripts', array( $pass2fa_login,'mo_2_factor_enable_jquery_default_login') );
82
 
83
- //add shortcode
 
84
 
85
- add_shortcode( 'MO_2FA_FORM', array($this, 'mo_get_2fa_shorcode') );
86
- add_shortcode( 'MO_2FA_LOGIN_FORM', array($this, 'mo_get_login_form_shortcode') );
87
-
88
-
89
- if(get_option('mo2f_enable_2fa_for_woocommerce') == 1){
90
- add_action( 'woocommerce_before_customer_login_form', array( $pass2fa_login, 'miniorange_pass2login_form_fields_frontend' ),10 );
91
- add_action( 'woocommerce_before_customer_login_form', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ) );
92
- add_action( 'woocommerce_login_form_end', array( $pass2fa_login, 'mo_2_factor_pass2login_show_wp_login_form' ) );
93
- add_action( 'wp_enqueue_scripts', array( $this, 'mo_2_factor_enable_frontend_style' ) );
94
- add_action( 'wp_enqueue_scripts', array( $pass2fa_login,'mo_2_factor_enable_jquery'),5 );
95
 
96
- }
97
  }
 
98
  }else{ //login with phone enabled
99
  if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'){
100
 
101
  $mobile_login = new Miniorange_Mobile_Login();
102
  add_action( 'login_form', array( $mobile_login, 'miniorange_login_form_fields' ),10 );
103
  add_action( 'login_footer', array( $mobile_login, 'miniorange_login_footer_form' ));
104
- add_action( 'init', array( $mobile_login, 'my_login_redirect') );
105
- remove_action('login_enqueue_scripts', array( $mobile_login, 'mo_2_factor_hide_login'));
106
- add_action( 'login_enqueue_scripts', array( $mobile_login,'mo_2_factor_hide_login') );
107
- add_action( 'login_enqueue_scripts', array( $mobile_login,'custom_login_enqueue_scripts') );
108
  remove_filter('authenticate', 'wp_authenticate_username_password',20);
109
- add_filter('authenticate', array($mobile_login, 'mo2fa_default_login'),20,3);
 
110
  }
 
 
111
  }
112
  }
113
  }
114
 
 
115
  function mo_2_factor_endsession() {
116
  update_option('mo2f-login-message','You are now logged out');
117
  session_start();
@@ -119,7 +119,7 @@ class Miniorange_Authentication {
119
  session_destroy();
120
  }
121
 
122
- public function mo_auth_deactivate() {
123
  delete_option('mo2f_email');
124
  delete_option('mo2f_host_name');
125
  delete_option('mo2f_phone');
@@ -204,15 +204,14 @@ class Miniorange_Authentication {
204
  else
205
  $iconurl = site_url(). '/wp-content/uploads/plugin_icon.png';
206
 
207
- $roles = $current_user->roles;
208
- $miniorange_role = array_shift($roles);
209
-
210
- if( !current_user_can( 'manage_options' ) && get_option('mo2fa_'.$miniorange_role) && get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_miniorange_admin') != $current_user->ID && get_option('mo2f_activate_plugin') == 1){
211
- $user_register = new Miniorange_User_Register();
212
- $mo2fa_hook_page = add_menu_page ('miniOrange 2 Factor Auth', get_option('mo2f_custom_plugin_name') , 'read', 'miniOrange_2_factor_settings', array( $user_register, 'mo2f_register_user'), $iconurl);
213
- }else if(current_user_can( 'manage_options' )){
214
  $mo2fa_hook_page = add_menu_page ('miniOrange 2 Factor Auth', get_option('mo2f_custom_plugin_name'), 'manage_options', 'miniOrange_2_factor_settings', array( $this, 'mo_auth_login_options' ),$iconurl);
 
 
 
215
  }
 
216
  }
217
 
218
  function mo_auth_login_options () {
@@ -224,15 +223,15 @@ class Miniorange_Authentication {
224
  }
225
 
226
  function mo_2_factor_enable_frontend_style() {
227
- wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url('includes/css/front_end_login.css?version=4.1.3', __FILE__));
228
- wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.1.3', __FILE__));
229
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css', __FILE__));
230
  }
231
 
232
  function plugin_settings_style() {
233
- wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.1.3', __FILE__));
234
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css', __FILE__));
235
- wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.1.3', __FILE__));
236
  }
237
 
238
  function plugin_settings_script($mo2fa_hook_page) {
@@ -244,12 +243,12 @@ class Miniorange_Authentication {
244
  wp_enqueue_script( 'bootstrap_script', plugins_url('includes/js/bootstrap.min.js', __FILE__ ));
245
  }
246
 
247
- private function mo_auth_show_success_message() {
248
  remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
249
  add_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
250
  }
251
 
252
- private function mo_auth_show_error_message() {
253
  remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
254
  add_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
255
  }
@@ -275,7 +274,7 @@ class Miniorange_Authentication {
275
  $this->mo_auth_show_error_message();
276
  return;
277
  }else if( strlen( $_POST['password'] ) < 6 || strlen( $_POST['confirmPassword'] ) < 6){
278
- update_option( 'mo2f_message', 'Choose a password with minimum length 8.');
279
  $this->mo_auth_show_error_message();
280
  return;
281
  } else{
@@ -323,10 +322,10 @@ class Miniorange_Authentication {
323
  if(json_last_error() == JSON_ERROR_NONE) { /*Admin enter right credentials,if already exist */
324
 
325
 
326
- if(array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR'){
327
  update_option('mo2f_message',$customerKey['message']);
328
  $this->mo_auth_show_error_message();
329
- }else{
330
 
331
  if(isset($customerKey['id']) && !empty($customerKey['id'])){
332
  update_option( 'mo2f_customerKey', $customerKey['id']);
@@ -393,10 +392,10 @@ class Miniorange_Authentication {
393
  $content = $customer->get_customer_key();
394
  $customerKey = json_decode($content, true);
395
  if(json_last_error() == JSON_ERROR_NONE) {
396
- if(array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR'){
397
  update_option('mo2f_message',$customerKey['message']);
398
  $this->mo_auth_show_error_message();
399
- }else{
400
  if(isset($customerKey['id']) && !empty($customerKey['id'])){
401
  update_option( 'mo2f_customerKey', $customerKey['id']);
402
  update_option( 'mo2f_api_key', $customerKey['apiKey']);
@@ -604,8 +603,14 @@ class Miniorange_Authentication {
604
  update_option( 'mo2f_auth_methods_for_users', $authMethods);
605
 
606
  }
607
- update_option( 'mo2f_deviceid_enabled', isset( $_POST['mo2f_deviceid_enabled'] ) ? $_POST['mo2f_deviceid_enabled'] : 0);
608
  update_option( 'mo2f_login_policy', isset( $_POST['mo2f_login_policy']) ? $_POST['mo2f_login_policy'] : 0);
 
 
 
 
 
 
609
  update_option( 'mo2f_enable_forgotphone', isset( $_POST['mo2f_forgotphone']) ? $_POST['mo2f_forgotphone'] : 0);
610
  update_option( 'mo2f_show_loginwith_phone', isset( $_POST['mo2f_loginwith_phone']) ? $_POST['mo2f_loginwith_phone'] : 0);
611
  update_option( 'mo2f_activate_plugin', isset( $_POST['mo2f_activate_plugin']) ? $_POST['mo2f_activate_plugin'] : 0);
@@ -1729,7 +1734,7 @@ class Miniorange_Authentication {
1729
  }
1730
  }
1731
 
1732
- public function mo_get_2fa_shorcode($atts){
1733
  if(!is_user_logged_in() && mo2f_is_customer_registered()){
1734
  $mo2f_shorcode = new MO2F_ShortCode();
1735
  $html = $mo2f_shorcode->mo2FAFormShortCode($atts);
@@ -1737,7 +1742,7 @@ class Miniorange_Authentication {
1737
  }
1738
  }
1739
 
1740
- public function mo_get_login_form_shortcode($atts){
1741
  if(!is_user_logged_in() && mo2f_is_customer_registered()){
1742
  $mo2f_shorcode = new MO2F_ShortCode();
1743
  $html = $mo2f_shorcode->mo2FALoginFormShortCode($atts);
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
+ * Version: 4.4
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
11
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
12
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
13
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_troubleshooting.php';
 
14
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
15
  include_once dirname( __FILE__ ) . '/class-two-factor-setup.php';
16
  include_once dirname( __FILE__ ) . '/class-customer-setup.php';
19
  require('miniorange_2_factor_support.php');
20
  require('class-miniorange-2-factor-user-registration.php');
21
  require('class-miniorange-2-factor-pass2fa-login.php');
 
22
  define('MOAUTH_PATH', plugins_url(__FILE__));
23
 
24
  class Miniorange_Authentication {
67
  }
68
 
69
  if( get_option('mo2f_activate_plugin') == 1){
70
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
71
+ add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect'));
72
+
73
  if(get_option('mo2f_login_policy')){ //password + 2nd factor enabled
74
  if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' ){
75
 
76
+
77
  remove_filter('authenticate', 'wp_authenticate_username_password',20);
78
+ add_filter('authenticate', array($pass2fa_login, 'mo2f_check_username_password'),99999,4);
79
  add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect'));
80
+ add_action( 'login_form', array( $pass2fa_login, 'mo_2_factor_pass2login_show_wp_login_form' ),10 );
81
+ if(get_option('mo2f_deviceid_enabled')){
82
+ add_action( 'login_footer', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ));
83
+ add_action( 'woocommerce_before_customer_login_form', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ) );
84
+ }
85
  add_action( 'login_enqueue_scripts', array( $pass2fa_login,'mo_2_factor_enable_jquery_default_login') );
86
 
87
+ add_action( 'woocommerce_login_form_end', array( $pass2fa_login, 'mo_2_factor_pass2login_show_wp_login_form' ) );
88
+ add_action( 'wp_enqueue_scripts', array( $pass2fa_login,'mo_2_factor_enable_jquery_default_login') );
89
 
90
+ //Actions for other plugins to use miniOrange 2FA plugin
91
+ add_action('miniorange_pre_authenticate_user_login', array($pass2fa_login, 'mo2f_check_username_password'),1,4);
92
+ add_action('miniorange_post_authenticate_user_login', array($pass2fa_login, 'miniorange_initiate_2nd_factor'),1,3);
93
+ add_action('miniorange_collect_attributes_for_authenticated_user', array($pass2fa_login, 'mo2f_collect_device_attributes_for_authenticated_user'),1,2);
 
 
 
 
 
 
94
 
 
95
  }
96
+
97
  }else{ //login with phone enabled
98
  if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'){
99
 
100
  $mobile_login = new Miniorange_Mobile_Login();
101
  add_action( 'login_form', array( $mobile_login, 'miniorange_login_form_fields' ),10 );
102
  add_action( 'login_footer', array( $mobile_login, 'miniorange_login_footer_form' ));
103
+
 
 
 
104
  remove_filter('authenticate', 'wp_authenticate_username_password',20);
105
+ add_filter('authenticate', array($mobile_login, 'mo2fa_default_login'),99999,3);
106
+ add_action( 'login_enqueue_scripts', array( $mobile_login,'custom_login_enqueue_scripts') );
107
  }
108
+
109
+
110
  }
111
  }
112
  }
113
 
114
+
115
  function mo_2_factor_endsession() {
116
  update_option('mo2f-login-message','You are now logged out');
117
  session_start();
119
  session_destroy();
120
  }
121
 
122
+ function mo_auth_deactivate() {
123
  delete_option('mo2f_email');
124
  delete_option('mo2f_host_name');
125
  delete_option('mo2f_phone');
204
  else
205
  $iconurl = site_url(). '/wp-content/uploads/plugin_icon.png';
206
 
207
+ if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' ){
208
+ if(current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin') == $current_user->ID){
 
 
 
 
 
209
  $mo2fa_hook_page = add_menu_page ('miniOrange 2 Factor Auth', get_option('mo2f_custom_plugin_name'), 'manage_options', 'miniOrange_2_factor_settings', array( $this, 'mo_auth_login_options' ),$iconurl);
210
+ }
211
+ }else if(current_user_can( 'manage_options' )){
212
+ $mo2fa_hook_page = add_menu_page ('miniOrange 2 Factor Auth', get_option('mo2f_custom_plugin_name'), 'manage_options', 'miniOrange_2_factor_settings', array( $this, 'mo_auth_login_options' ),$iconurl);
213
  }
214
+
215
  }
216
 
217
  function mo_auth_login_options () {
223
  }
224
 
225
  function mo_2_factor_enable_frontend_style() {
226
+ wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url('includes/css/front_end_login.css?version=4.4', __FILE__));
227
+ wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__));
228
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css?version=4.4', __FILE__));
229
  }
230
 
231
  function plugin_settings_style() {
232
+ wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.4', __FILE__));
233
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css?version=4.4', __FILE__));
234
+ wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.4', __FILE__));
235
  }
236
 
237
  function plugin_settings_script($mo2fa_hook_page) {
243
  wp_enqueue_script( 'bootstrap_script', plugins_url('includes/js/bootstrap.min.js', __FILE__ ));
244
  }
245
 
246
+ function mo_auth_show_success_message() {
247
  remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
248
  add_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
249
  }
250
 
251
+ function mo_auth_show_error_message() {
252
  remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
253
  add_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
254
  }
274
  $this->mo_auth_show_error_message();
275
  return;
276
  }else if( strlen( $_POST['password'] ) < 6 || strlen( $_POST['confirmPassword'] ) < 6){
277
+ update_option( 'mo2f_message', 'Choose a password with minimum length 6.');
278
  $this->mo_auth_show_error_message();
279
  return;
280
  } else{
322
  if(json_last_error() == JSON_ERROR_NONE) { /*Admin enter right credentials,if already exist */
323
 
324
 
325
+ if(is_array($customerKey) && array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR'){
326
  update_option('mo2f_message',$customerKey['message']);
327
  $this->mo_auth_show_error_message();
328
+ }else if(is_array($customerKey)){
329
 
330
  if(isset($customerKey['id']) && !empty($customerKey['id'])){
331
  update_option( 'mo2f_customerKey', $customerKey['id']);
392
  $content = $customer->get_customer_key();
393
  $customerKey = json_decode($content, true);
394
  if(json_last_error() == JSON_ERROR_NONE) {
395
+ if(is_array($customerKey) && array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR'){
396
  update_option('mo2f_message',$customerKey['message']);
397
  $this->mo_auth_show_error_message();
398
+ }else if(is_array($customerKey)){
399
  if(isset($customerKey['id']) && !empty($customerKey['id'])){
400
  update_option( 'mo2f_customerKey', $customerKey['id']);
401
  update_option( 'mo2f_api_key', $customerKey['apiKey']);
603
  update_option( 'mo2f_auth_methods_for_users', $authMethods);
604
 
605
  }
606
+
607
  update_option( 'mo2f_login_policy', isset( $_POST['mo2f_login_policy']) ? $_POST['mo2f_login_policy'] : 0);
608
+ update_option( 'mo2f_deviceid_enabled', isset( $_POST['mo2f_deviceid_enabled'] ) ? $_POST['mo2f_deviceid_enabled'] : 0);
609
+ if(get_site_option('mo2f_login_policy')==0)
610
+ {
611
+
612
+ update_option('mo2f_deviceid_enabled',0);
613
+ }
614
  update_option( 'mo2f_enable_forgotphone', isset( $_POST['mo2f_forgotphone']) ? $_POST['mo2f_forgotphone'] : 0);
615
  update_option( 'mo2f_show_loginwith_phone', isset( $_POST['mo2f_loginwith_phone']) ? $_POST['mo2f_loginwith_phone'] : 0);
616
  update_option( 'mo2f_activate_plugin', isset( $_POST['mo2f_activate_plugin']) ? $_POST['mo2f_activate_plugin'] : 0);
1734
  }
1735
  }
1736
 
1737
+ function mo_get_2fa_shorcode($atts){
1738
  if(!is_user_logged_in() && mo2f_is_customer_registered()){
1739
  $mo2f_shorcode = new MO2F_ShortCode();
1740
  $html = $mo2f_shorcode->mo2FAFormShortCode($atts);
1742
  }
1743
  }
1744
 
1745
+ function mo_get_login_form_shortcode($atts){
1746
  if(!is_user_logged_in() && mo2f_is_customer_registered()){
1747
  $mo2f_shorcode = new MO2F_ShortCode();
1748
  $html = $mo2f_shorcode->mo2FALoginFormShortCode($atts);
miniorange_2_factor_user_inline_registration.php DELETED
@@ -1,964 +0,0 @@
1
- <?php
2
-
3
- include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
4
-
5
-
6
- function prompt_user_to_register(){ ?>
7
- <div class="miniorange_kba_page">
8
- <center>
9
- <div class="miniorange-inner-kba-login-container">
10
-
11
- <h2 class="mo_header_background" >Setup Two Factor</h2>
12
- <br>
13
- <p><?php echo $_SESSION['mo2f-login-message']; ?></p>
14
- <br>
15
- A new security system has been enabled to better protect your account. Please configure your Two-Factor Authentication method by setting up your account.
16
- <br><br>
17
-
18
- <input type="email" autofocus="true" name="mo_useremail" id="mo_useremail" class="mo_email_textbox" required placeholder="person@example.com" />
19
-
20
- <br><br>
21
- <input type="button" name="miniorange_get_started" onclick="mouserregistersubmit();" class="miniorange-button" value="Get Started" />
22
- <?php if( !get_option('mo2f_inline_registration')){ ?>
23
- <input type="button" name="mo2f_skip_btn" onclick="moskipregistersubmit();" class="miniorange-button" value="Skip" />
24
- <?php } ?>
25
- <br><br>
26
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
27
- <br><br>
28
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
29
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
30
- <?php }?>
31
-
32
- </div>
33
-
34
- </center>
35
-
36
- </div>
37
- <script>
38
- jQuery("div#login").hide();
39
- jQuery("body.login div#login").before(jQuery('.miniorange_kba_page'));
40
- function mologinback(){
41
- jQuery('#mo2f_backto_mo_loginform').submit();
42
- }
43
- function mouserregistersubmit(){
44
- var userEmail = jQuery('#mo_useremail').val();
45
- document.getElementById("mo2f_inline_register_user_form").elements[0].value = userEmail;
46
- jQuery('#mo2f_inline_register_user_form').submit();
47
-
48
- }
49
-
50
- jQuery('#mo_useremail').keypress(function(e){
51
- if(e.which == 13){//Enter key pressed
52
- e.preventDefault();
53
- var userEmail = jQuery('#mo_useremail').val();
54
- document.getElementById("mo2f_inline_register_user_form").elements[0].value = userEmail;
55
- jQuery('#mo2f_inline_register_user_form').submit();
56
- }
57
-
58
- });
59
- function moskipregistersubmit(){
60
- jQuery('#mo2f_inline_register_skip_form').submit();
61
- }
62
- </script>
63
- <?php }
64
-
65
- function prompt_user_for_validate_otp(){ ?>
66
- <div class="miniorange_soft_auth">
67
- <center>
68
- <div class="miniorange-inner-login-container">
69
-
70
- <h2 class="mo_header_background">Verify Your Email</h2>
71
- <br>
72
- <div style="padding-left:10px;padding-right:10px;"><?php echo isset($_SESSION['mo2f-login-message']) ? $_SESSION['mo2f-login-message'] : '';?></div><br/>
73
- <div style="padding-left:40px;padding-right:40px;">
74
- <input autofocus="true" type="text" name="otp_token" id="otp_token" required placeholder="Enter OTP" />
75
-
76
- <a href="#resendinlineotplink">Resend OTP ?</a>
77
- <input type="button" name="back" id="mo2f_inline_backto_regform" style="margin-left:20px;" class="miniorange-button" value="Back" />
78
- <input type="button" name="miniorange_validtae_otp" style="float:right;" value="Validate OTP" class="miniorange-button" onclick="movalidateotpsubmit();" />
79
- </div>
80
-
81
-
82
-
83
- <br><br>
84
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
85
- <br><br>
86
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
87
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
88
- <?php }?>
89
-
90
- </div>
91
-
92
- </center>
93
-
94
- </div>
95
- <script>
96
- jQuery("div#login").hide();
97
- jQuery("body.login div#login").before(jQuery('.miniorange_soft_auth'));
98
- function mologinback(){
99
- jQuery('#mo2f_backto_mo_loginform').submit();
100
- }
101
- function movalidateotpsubmit(){
102
- var otp = jQuery('#otp_token').val();
103
- document.getElementById("mo2f_inline_user_validate_otp_form").elements[0].value = otp;
104
- jQuery('#mo2f_inline_user_validate_otp_form').submit();
105
- }
106
-
107
- jQuery('#otp_token').keypress(function(e){
108
- if(e.which == 13){//Enter key pressed
109
- e.preventDefault();
110
- var otp = jQuery('#otp_token').val();
111
- document.getElementById("mo2f_inline_user_validate_otp_form").elements[0].value = otp;
112
- jQuery('#mo2f_inline_user_validate_otp_form').submit();
113
- }
114
-
115
- });
116
- jQuery('a[href=\"#resendinlineotplink\"]').click(function(e) {
117
- jQuery('#mo2fa_inline_resend_otp_form').submit();
118
- });
119
- jQuery('#mo2f_inline_backto_regform').click(function() {
120
- jQuery('#mo2f_goto_user_registration_form').submit();
121
- });
122
- </script>
123
- <?php }
124
-
125
- function prompt_user_to_select_2factor_method($current_user){
126
- $current_selected_method = get_user_meta($current_user,'mo2f_selected_2factor_method',true);
127
- if($current_selected_method == 'MOBILE AUTHENTICATION'
128
- || $current_selected_method == 'SOFT TOKEN'
129
- || $current_selected_method == 'PUSH NOTIFICATIONS'){
130
-
131
- prompt_user_for_miniorange_app_setup($current_user);
132
-
133
- }else if($current_selected_method == 'SMS'
134
- || $current_selected_method == 'PHONE VERIFICATION'){
135
-
136
- prompt_user_for_phone_setup($current_user);
137
-
138
- }else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
139
-
140
- prompt_user_for_google_authenticator_setup($current_user);
141
-
142
- }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
143
-
144
- prompt_user_for_authy_authenticator_setup($current_user);
145
-
146
- }else if($current_selected_method == 'KBA' ){
147
-
148
- prompt_user_for_kba_setup($current_user);
149
-
150
- }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
151
-
152
- prompt_user_for_setup_success($current_user);
153
-
154
- }else{
155
- $opt = (array) get_option('mo2f_auth_methods_for_users'); ?>
156
- <div class="miniorange_soft_auth">
157
-
158
- <div class="miniorange-inner-kba-login-container" >
159
-
160
- <h2 class="mo_header_background">Select Two Factor Method</h2>
161
- <br>
162
- <div class="mo_margin_left">
163
-
164
- <b>Select any Two-Factor of your choice below and complete its setup.</b>
165
- <br><br>
166
- <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
167
- <label title="You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.">
168
- <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
169
- Email Verification
170
- </label>
171
- <br>
172
- </span>
173
-
174
- <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
175
-
176
- <label title="You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.">
177
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
178
- OTP Over SMS
179
- </label>
180
- <br>
181
- </span>
182
-
183
- <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
184
-
185
- <label title="You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.">
186
- <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
187
- Phone Call Verification
188
- </label>
189
- <br>
190
- </span>
191
-
192
- <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
193
- <label title="You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only." >
194
- <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
195
- Soft Token
196
- </label>
197
-
198
- <br>
199
- </span>
200
-
201
- <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
202
-
203
- <label title="You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.">
204
- <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
205
- QR Code Authentication
206
- </label>
207
- <br>
208
- </span>
209
-
210
- <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
211
-
212
- <label title="You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.">
213
- <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
214
- Push Notification
215
- </label>
216
- <br>
217
- </span>
218
- <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
219
-
220
- <label title="You have to enter 6 digits code generated by Google Authenticator App to login. Supported in Smartphones only.">
221
- <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
222
- Google Authenticator
223
- </label>
224
- <br>
225
- </span>
226
- <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
227
-
228
- <label title="You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.">
229
- <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
230
- Authy 2-Factor Authentication
231
- </label>
232
- <br>
233
- </span>
234
-
235
- <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
236
-
237
- <label title="You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones." >
238
- <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
239
- Security Questions ( KBA )
240
- </label>
241
-
242
- </span>
243
-
244
- <br><br>
245
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
246
- <br><br>
247
- </div>
248
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
249
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
250
- <?php }?>
251
-
252
- </div>
253
-
254
-
255
- </div>
256
- <script>
257
- jQuery("div#login").hide();
258
- jQuery("body.login div#login").before(jQuery('.miniorange_soft_auth'));
259
- function mologinback(){
260
- jQuery('#mo2f_backto_mo_loginform').submit();
261
- }
262
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
263
- var selectedMethod = jQuery(this).val();
264
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
265
- jQuery('#mo2f_select_2fa_methods_form').submit();
266
- });
267
-
268
- </script>
269
- <?php }
270
- }
271
-
272
- function prompt_user_for_authy_authenticator_setup($current_user){
273
- $mo2f_authy_auth = isset($_SESSION['mo2f_authy_keys']) ? $_SESSION['mo2f_authy_keys'] : null;
274
- $data = isset($_SESSION['mo2f_authy_keys']) ? $mo2f_authy_auth['authy_qrCode'] : null;
275
- $authy_secret = isset($_SESSION['mo2f_authy_keys']) ? $mo2f_authy_auth['authy_secret'] : null;
276
- $opt = (array) get_option('mo2f_auth_methods_for_users');
277
- ?>
278
- <div class="miniorange_soft_auth">
279
- <div class="miniorange-ga-setup-container">
280
- <h2 class="mo_header_background">Set up Authy 2-Factor Authentication</h2>
281
- <div class="mo_margin_left">
282
- <br>
283
- <?php echo $_SESSION['mo2f-login-message']; ?>
284
- <table>
285
- <tr>
286
- <td style="vertical-align:top;width:30%;padding-right:15px">
287
- <h3>Step-1: Configure with Authy</h3><h3>2-Factor Authentication App.</h3><br /><hr />
288
- <br /><input type="button" name="mo2f_authy_configure" id="mo2f_authy_configure" class="miniorange-button" style="width:45%;" value="Configure" /><br /><br />
289
- <?php if (sizeof($opt) > 1) { ?>
290
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange-button" value="Back" />
291
- <?php } ?>
292
-
293
-
294
- </td>
295
- <td style="border-left: 1px solid #EBECEC; padding: 5px;"></td>
296
- <td style="width:46%;padding-right:15px;vertical-align:top;">
297
- <h3>Step-2: Set up Authy 2-Factor Authentication App</h3><h3>&nbsp; </h3><br /><hr>
298
- <div style="<?php echo isset($_SESSION['mo2f_authy_keys']) ? 'display:block' : 'display:none'; ?>">
299
- <h4>Install the Authy 2-Factor Authentication App.</h4>
300
- <h4>Now open and configure Authy 2-Factor Authentication App.</h4>
301
- <h4> Tap on Add Account and then tap on SCAN QR CODE in your App and scan the qr code.</h4>
302
- <center><br><div id="displayQrCode" ><?php echo '<img src="data:image/jpg;base64,' . $data . '" />'; ?></div>
303
- <div><a data-toggle="collapse" href="#mo2f_authy_scan" aria-expanded="false" ><b>Can't scan the QR Code? </b></a></div></center>
304
- <div class="mo2f_collapse mo_margin_left" id="mo2f_authy_scan" >
305
- <ol>
306
- <li>In Authy 2-Factor Authentication App, tap on ENTER KEY MANUALLY."</li>
307
- <li>In "Adding New Account" type your secret key:</li>
308
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
309
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
310
- <?php echo $authy_secret; ?>
311
- </div>
312
- <div style="font-size: 80%;color: #666666;">
313
- Spaces don't matter.
314
- </div>
315
- </div>
316
- <li>Tap OK.</li>
317
- </ol>
318
- </div>
319
- </div>
320
- </td>
321
- <td style="border-left: 1px solid #EBECEC; padding: 5px;"></td>
322
- <td style="vertical-align:top;width:30%">
323
- <h3>Step-3: Verify and Save</h3><h3>&nbsp;</h3><br /><hr>
324
- <div style="<?php echo isset($_SESSION['mo2f_authy_keys']) ? 'display:block' : 'display:none'; ?>">
325
- <h4>Once you have scanned the qr code, enter the verification code generated by the Authenticator app</h4><br/>
326
-
327
- <span><b>Code: </b>
328
- <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" required="true" type="text" id="authy_token" name="authy_token" placeholder="Enter OTP" style="width:95%;"/></span><br />
329
- <input type="button" name="validate" id="mo2f_authy_validate" class="miniorange-button" value="Verify and Save" />
330
- </div>
331
- </td>
332
- </tr><br>
333
- </table>
334
- <?php if (sizeof($opt) == 1) { ?>
335
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
336
- <?php } ?>
337
- <br><br>
338
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
339
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
340
- <?php }?>
341
- </div>
342
- </div>
343
- </div>
344
- <script>
345
- jQuery("div#login").hide();
346
- jQuery("body.login div#login").before(jQuery('.miniorange_soft_auth'));
347
- function mologinback(){
348
- jQuery('#mo2f_backto_mo_loginform').submit();
349
- }
350
- jQuery('#mo2f_inline_back_btn').click(function() {
351
- jQuery('#mo2f_goto_two_factor_form').submit();
352
- });
353
- jQuery('#mo2f_authy_configure').click(function() {
354
- jQuery('#mo2f_inline_authy_configure_form').submit();
355
- });
356
- jQuery('#mo2f_authy_validate').click(function() {
357
- var token = jQuery('#authy_token').val();
358
- document.getElementById("mo2f_inline_validate_authy_authentication_form").elements[0].value = token;
359
- jQuery('#mo2f_inline_validate_authy_authentication_form').submit();
360
- });
361
-
362
- jQuery('#authy_token').keypress(function(e){
363
- if(e.which == 13){//Enter key pressed
364
- e.preventDefault();
365
- var token = jQuery('#authy_token').val();
366
- document.getElementById("mo2f_inline_validate_authy_authentication_form").elements[0].value = token;
367
- jQuery('#mo2f_inline_validate_authy_authentication_form').submit();
368
- }
369
-
370
- });
371
- </script>
372
- <?php
373
- }
374
-
375
- function prompt_user_for_google_authenticator_setup($current_user){
376
- $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
377
- $data = isset($_SESSION['mo2f_google_auth']) ? $mo2f_google_auth['ga_qrCode'] : null;
378
- $ga_secret = isset($_SESSION['mo2f_google_auth']) ? $mo2f_google_auth['ga_secret'] : null;
379
- $opt = (array) get_option('mo2f_auth_methods_for_users');
380
- ?>
381
- <div class="miniorange_soft_auth">
382
- <div class="miniorange-ga-setup-container">
383
- <h2 class="mo_header_background">Set up Google Authenticator</h2>
384
- <div class="mo_margin_left">
385
- <br>
386
- <?php echo $_SESSION['mo2f-login-message']; ?>
387
- <table>
388
- <tr>
389
- <td style="vertical-align:top;width:18%;">
390
- <h3>Select Phone Type</h3>
391
- <br>
392
- <input type="radio" name="mo2f_inline_app_type_radio" value="android" <?php checked( $mo2f_google_auth['ga_phone'] == 'android' ); ?> /> <b>Android</b><br /><br />
393
- <input type="radio" name="mo2f_inline_app_type_radio" value="iphone" <?php checked( $mo2f_google_auth['ga_phone'] == 'iphone' ); ?> /> <b>iPhone</b><br /><br />
394
- <input type="radio" name="mo2f_inline_app_type_radio" value="blackberry" <?php checked( $mo2f_google_auth['ga_phone'] == 'blackberry' ); ?> /> <b>BlackBerry</b><br /><br />
395
- <?php if (sizeof($opt) > 1) { ?>
396
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange-button" value="Back" />
397
- <?php } ?>
398
- </td>
399
- <td class="mo2f_separator"></td>
400
- <td style="width:46%;">
401
-
402
-
403
- <div id="mo2f_android_div" style="<?php echo $mo2f_google_auth['ga_phone'] == 'android' ? 'display:block' : 'display:none'; ?>" class="mo_margin_left">
404
- <h3>Install the Google Authenticator App for Android.</h3>
405
- <br>
406
- <ol>
407
- <li>On your phone,Go to Google Play Store.</li>
408
- <li>Search for <b>Google Authenticator.</b>
409
- <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank">Download from the Google Play Store and install the application.</a>
410
- </li>
411
-
412
- </ol>
413
- <br>
414
- <h3>Now open and configure Google Authenticator.</h3>
415
- <br>
416
- <ol>
417
- <li>In Google Authenticator, touch Menu and select "Set up account."</li>
418
- <li>Select "Scan a barcode". Use your phone's camera to scan this barcode.</li>
419
- <center><br><div id="displayQrCode" ><?php echo '<img src="data:image/jpg;base64,' . $data . '" />'; ?></div></center>
420
-
421
- </ol>
422
- <center>
423
- <div><a data-toggle="collapse" href="#mo2f_scanbarcode_a" aria-expanded="false" ><b>Can't scan the barcode? </b></a></div>
424
- <div class="mo2f_collapse" id="mo2f_scanbarcode_a">
425
- <ol>
426
- <li>In Google Authenticator, touch Menu and select "Set up account."</li>
427
- <li>Select "Enter provided key"</li>
428
- <li>In "Enter account name" type your full email address.</li>
429
- <li>In "Enter your key" type your secret key:</li>
430
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
431
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
432
- <?php echo $ga_secret; ?>
433
- </div>
434
- <div style="font-size: 80%;color: #666666;">
435
- Spaces don't matter.
436
- </div>
437
- </div>
438
- <li>Key type: make sure "Time-based" is selected.</li>
439
- <li>Tap Add.</li>
440
- </ol>
441
- </div>
442
- </center>
443
- </div>
444
-
445
- <div id="mo2f_iphone_div" style="<?php echo $mo2f_google_auth['ga_phone'] == 'iphone' ? 'display:block' : 'display:none'; ?>" class="mo_margin_left">
446
- <h3>Install the Google Authenticator app for iPhone.</h3>
447
- <br>
448
- <ol>
449
- <li>On your iPhone, tap the App Store icon.</li>
450
- <li>Search for <b>Google Authenticator.</b>
451
- <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8" target="_blank">Download from the App Store and install it</a>
452
- </li>
453
- </ol>
454
- <br>
455
- <h3>Now open and configure Google Authenticator.</h3>
456
- <br>
457
- <ol>
458
- <li>In Google Authenticator, tap "+", and then "Scan Barcode."</li>
459
- <li>Use your phone's camera to scan this barcode.
460
- <center><br><div id="displayQrCode" ><?php echo '<img src="data:image/jpg;base64,' . $data . '" />'; ?><br><br>
461
- <a data-toggle="collapse" href="#mo2f_scanbarcode_i" aria-expanded="false" ><b>Can't scan the barcode? </b></a>
462
- <div class="mo2f_collapse" id="mo2f_scanbarcode_i" >
463
- <br>
464
- <ol>
465
- <li>In Google Authenticator, tap +.</li>
466
- <li>Key type: make sure "Time-based" is selected.</li>
467
- <li>In "Account" type your full email address.</li>
468
- <li>In "Key" type your secret key:</li>
469
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
470
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
471
- <?php echo $ga_secret; ?>
472
- </div>
473
- <div style="font-size: 80%;color: #666666;">
474
- Spaces don't matter.
475
- </div>
476
- </div>
477
- <li>Tap Add.</li>
478
- </ol>
479
- </div></div></center>
480
- </li>
481
- </ol>
482
- <br>
483
-
484
- </div>
485
- <div id="mo2f_blackberry_div" style="<?php echo $mo2f_google_auth['ga_phone'] == 'blackberry' ? 'display:block' : 'display:none'; ?>" class="mo_margin_left">
486
- <h3>Install the Google Authenticator app for BlackBerry</h4>
487
- <br>
488
- <ol>
489
- <li>On your phone, open a web browser.Go to <b>m.google.com/authenticator.</b></li>
490
- <li>Download and install the Google Authenticator application.</li>
491
- </ol>
492
- <br>
493
- <h3>Now open and configure Google Authenticator.</h3>
494
- <br>
495
- <ol>
496
- <li>In Google Authenticator, select Manual key entry.</li>
497
- <li>In "Enter account name" type your full email address.</li>
498
- <li>In "Enter key" type your secret key:</li>
499
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
500
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
501
- <?php echo $ga_secret; ?>
502
- </div>
503
- <div style="font-size: 80%;color: #666666;">
504
- Spaces don't matter.
505
- </div>
506
- </div>
507
- <li>Choose Time-based type of key.</li>
508
- <li>Tap Save.</li>
509
- </ol>
510
- </div>
511
- <br>
512
- </td>
513
- <td class="mo2f_separator"></td>
514
- <td style="vertical-align:top;">
515
- <div style="margin-right:15px;<?php echo isset($_SESSION['mo2f_google_auth']) ? 'display:block' : 'display:none'; ?>" class="mo_margin_left">
516
- <h3>Verify and Save</h3><br>
517
- <div>Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app</div><br/>
518
- <span><b>Code: </b>
519
- <input class="mo2f_table_textbox" autofocus="true" required="true" type="text" id="google_token" name="google_token" placeholder="Enter OTP" /></span><br /><br/>
520
-
521
- <input type="button" name="validate" id="validate" class="miniorange-button" onclick="mo2f_inline_verify_ga_code();" value="Verify and Save" />
522
-
523
- </div>
524
- </td>
525
- <tr>
526
- </table>
527
- <?php if (sizeof($opt) == 1) { ?>
528
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
529
- <?php } ?>
530
- <br><br>
531
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
532
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
533
- <?php }?>
534
-
535
- </div>
536
- </div>
537
- </div>
538
- <script>
539
- jQuery("div#login").hide();
540
- jQuery("body.login div#login").before(jQuery('.miniorange_soft_auth'));
541
- function mologinback(){
542
- jQuery('#mo2f_backto_mo_loginform').submit();
543
- }
544
- jQuery('#mo2f_inline_back_btn').click(function() {
545
- jQuery('#mo2f_goto_two_factor_form').submit();
546
- });
547
- jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
548
- var selectedPhone = jQuery(this).val();
549
- document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
550
- jQuery('#mo2f_inline_app_type_ga_form').submit();
551
- });
552
- function mo2f_inline_verify_ga_code(){
553
- var token = jQuery('#google_token').val();
554
- document.getElementById("mo2f_inline_verify_ga_code_form").elements[0].value = token;
555
- jQuery('#mo2f_inline_verify_ga_code_form').submit();
556
- }
557
-
558
- jQuery('#google_token').keypress(function(e){
559
- if(e.which == 13){//Enter key pressed
560
- e.preventDefault();
561
- var token = jQuery('#google_token').val();
562
- document.getElementById("mo2f_inline_verify_ga_code_form").elements[0].value = token;
563
- jQuery('#mo2f_inline_verify_ga_code_form').submit();
564
- }
565
-
566
- });
567
- </script>
568
-
569
- <?php
570
- }
571
- function prompt_user_for_phone_setup($current_user){
572
- $opt = (array) get_option('mo2f_auth_methods_for_users');
573
- ?>
574
- <div class="miniorange_soft_auth">
575
- <div class="miniorange-inner-login-container">
576
- <h2 class="mo_header_background">Verify Your Phone</h2>
577
- <div class="mo_margin_left">
578
- <br>
579
- <p><b><?php echo $_SESSION['mo2f-login-message']; ?></b></p>
580
- <br>
581
- <div class="mo2f_row">
582
- <h4>Enter your phone number</h4>
583
- <input class="mo2f_textbox" type="text" name="verify_phone" id="phone" style="padding-left:40px!important;"
584
- value="<?php if( isset($_SESSION['mo2f_phone'])){ echo $_SESSION['mo2f_phone'];} else echo get_user_meta($current_user,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" title="Enter phone number without any space or dashes" />
585
- <input type="button" name="verify" onclick="moinlineverifyphone();" class="miniorange-button" value="Verify" />
586
- </div>
587
-
588
- <br>
589
- <h4>Enter One Time Passcode</h4>
590
-
591
- <input class="mo2f_textbox" autofocus="true" type="text" name="otp_token" placeholder="Enter OTP" id="otp_token"/>
592
- <?php if (get_user_meta($current_user, 'mo2f_selected_2factor_method',true) == 'SMS'){ ?>
593
- <a href="#resendsmslink">Resend OTP ?</a>
594
- <?php } else {?>
595
- <a href="#resendsmslink">Call Again ?</a>
596
- <?php } ?><br>
597
-
598
- <?php if (sizeof($opt) > 1) { ?>
599
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange-button" value="Back" />
600
- <?php } ?>
601
- <input type="button" name="validate" onclick="moverifyotp();" class="miniorange-button" value="Validate OTP" />
602
-
603
- <br><br>
604
- </div>
605
- <?php if (sizeof($opt) == 1) { ?>
606
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
607
- <?php } ?>
608
- <br><br>
609
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
610
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
611
- <?php }?>
612
- </div>
613
- </div>
614
- <script>
615
- jQuery("#phone").intlTelInput();
616
- jQuery("div#login").hide();
617
- jQuery("body.login div#login").before(jQuery('.miniorange_soft_auth'));
618
- function mologinback(){
619
- jQuery('#mo2f_backto_mo_loginform').submit();
620
- }
621
-
622
- jQuery('#mo2f_inline_back_btn').click(function() {
623
- jQuery('#mo2f_goto_two_factor_form').submit();
624
- });
625
-
626
- jQuery('a[href=\"#resendsmslink\"]').click(function(e) {
627
- jQuery('#mo2fa_inline_resend_otp_form').submit();
628
- });
629
-
630
- function moinlineverifyphone(){
631
- var phone = jQuery('#phone').val();
632
- document.getElementById("mo2f_inline_verifyphone_form").elements[0].value = phone;
633
- jQuery('#mo2f_inline_verifyphone_form').submit();
634
- }
635
-
636
- jQuery('#phone').keypress(function(e){
637
- if(e.which == 13){//Enter key pressed
638
- e.preventDefault();
639
- var phone = jQuery('#phone').val();
640
- document.getElementById("mo2f_inline_verifyphone_form").elements[0].value = phone;
641
- jQuery('#mo2f_inline_verifyphone_form').submit();
642
- }
643
-
644
- });
645
-
646
- function moverifyotp(){
647
- var otp = jQuery('#otp_token').val();
648
- document.getElementById("mo2f_inline_validateotp_form").elements[0].value = otp;
649
- jQuery('#mo2f_inline_validateotp_form').submit();
650
- }
651
-
652
- jQuery('#otp_token').keypress(function(e){
653
- if(e.which == 13){//Enter key pressed
654
- e.preventDefault();
655
- var otp = jQuery('#otp_token').val();
656
- document.getElementById("mo2f_inline_validateotp_form").elements[0].value = otp;
657
- jQuery('#mo2f_inline_validateotp_form').submit();
658
- }
659
-
660
- });
661
-
662
- </script>
663
-
664
-
665
-
666
- <?php }
667
- function prompt_user_for_miniorange_app_setup($current_user){
668
- $opt = (array) get_option('mo2f_auth_methods_for_users');
669
- $user = isset($_SESSION['mo2f_current_user']) ? unserialize($_SESSION['mo2f_current_user']) : null;
670
-
671
- ?>
672
- <div class="miniorange_app_setup_page">
673
- <div class="miniorange-app-setup-container">
674
- <h2 class="mo_header_background">Setup miniOrange Authenticator App</h2>
675
- <div class="mo_margin_left">
676
- <br>
677
- <p><b><?php echo $_SESSION['mo2f-login-message']; ?></b></p>
678
- <br>
679
- <p class='mo2f_success_container' ><?php echo $_SESSION['mo2f-login-message']; ?></p>
680
- <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($user); ?></div>
681
- <div class="mo_margin_left">
682
- <br>
683
- <h3>Step-2 : Scan QR code</h3><hr class="mo_hr">
684
- <br>
685
- <div id="mo2f_configurePhone"><h4>Please click on 'Configure your phone' button below to see QR Code.</h4>
686
- <br>
687
- <?php if (sizeof($opt) > 1) { ?>
688
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange-button" value="Back" />
689
- <?php } ?>
690
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange-button" value="Configure your phone" />
691
- </div>
692
-
693
- <?php
694
- if(isset($_SESSION[ 'mo2f_show_qr_code' ]) && $_SESSION[ 'mo2f_show_qr_code' ] == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
695
- initialize_inline_mobile_registration(); ?>
696
- <script>jQuery("#mo2f_app_div").hide();</script>
697
- <?php } ?>
698
- <br>
699
- </div>
700
- <?php if (sizeof($opt) == 1) { ?>
701
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
702
- <?php } ?>
703
- <br><br>
704
- </div>
705
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
706
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
707
- <?php }?>
708
- </div>
709
- </div>
710
- <script>
711
- jQuery("div#login").hide();
712
- jQuery("body.login div#login").before(jQuery('.miniorange_app_setup_page'));
713
- function mologinback(){
714
- jQuery('#mo2f_backto_mo_loginform').submit();
715
- }
716
-
717
- function moconfigureapp(){
718
- jQuery('#mo2f_inline_configureapp_form').submit();
719
- }
720
- jQuery('#mo2f_inline_back_btn').click(function() {
721
- jQuery('#mo2f_goto_two_factor_form').submit();
722
- });
723
- </script>
724
-
725
-
726
- <?php }
727
-
728
- function initialize_inline_mobile_registration(){
729
- $data = $_SESSION[ 'mo2f-login-qrCode' ];
730
- $url = get_option('mo2f_host_name');
731
- $opt = (array) get_option('mo2f_auth_methods_for_users');
732
- ?>
733
-
734
- <p>Open your <b>miniOrange Authenticator</b> app and click on <b>Configure button</b> to scan the QR Code. Your phone should have internet connectivity to scan QR code.</p>
735
- <div class="red" style="color:red;"><br />
736
- <p>I am not able to scan the QR code, <a data-toggle="collapse" href="#mo2f_scanqrcode" aria-expanded="false" >click here </a></p></div>
737
- <div class="mo2f_collapse" id="mo2f_scanqrcode">
738
- <br />Follow these instructions below and try again.
739
- <ol>
740
- <li>Make sure your desktop screen has enough brightness.</li>
741
- <li>Open your app and click on Configure button to scan QR Code again.</li>
742
- <li>If you get cross mark on QR Code then click on 'Refresh QR Code' link.</li>
743
- </ol>
744
- </div>
745
- <br>
746
- <table class="mo2f_settings_table">
747
- <a href="#mo2f_refreshQRCode">Click here to Refresh QR Code.</a>
748
- <div id="displayInlineQrCode" style="margin-left:250px;"><br /> <?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
749
- </div>
750
- </table>
751
- <?php
752
- if (sizeof($opt) > 1) { ?>
753
- <input type="button" name="back" id="mo2f_inline_back_to_btn" class="miniorange-button" value="Back" />
754
- <?php } ?>
755
-
756
- <script>
757
- jQuery('#mo2f_inline_back_to_btn').click(function() {
758
- jQuery('#mo2f_goto_two_factor_form').submit();
759
- });
760
- jQuery('a[href=\"#mo2f_refreshQRCode\"]').click(function(e) {
761
- jQuery('#mo2f_inline_configureapp_form').submit();
762
- });
763
- jQuery("#mo2f_configurePhone").hide();
764
- var timeout;
765
- pollInlineMobileRegistration();
766
- function pollInlineMobileRegistration()
767
- {
768
- var transId = "<?php echo $_SESSION[ 'mo2f-login-transactionId' ]; ?>";
769
- var jsonString = "{\"txId\":\""+ transId + "\"}";
770
- var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
771
- jQuery.ajax({
772
- url: postUrl,
773
- type : "POST",
774
- dataType : "json",
775
- data : jsonString,
776
- contentType : "application/json; charset=utf-8",
777
- success : function(result) {
778
- var status = JSON.parse(JSON.stringify(result)).status;
779
- if (status == 'SUCCESS') {
780
- var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , __FILE__ );?>" + "' /></div>";
781
- jQuery("#displayInlineQrCode").empty();
782
- jQuery("#displayInlineQrCode").append(content);
783
- setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
784
- } else if (status == 'ERROR' || status == 'FAILED') {
785
- var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
786
- jQuery("#displayInlineQrCode").empty();
787
- jQuery("#displayInlineQrCode").append(content);
788
- jQuery("#messages").empty();
789
-
790
- jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
791
- } else {
792
- timeout = setTimeout(pollInlineMobileRegistration, 3000);
793
- }
794
- }
795
- });
796
- }
797
- </script>
798
- <?php }
799
-
800
- function prompt_user_for_kba_setup($current_user){
801
- $opt = (array) get_option('mo2f_auth_methods_for_users');
802
- ?>
803
- <div class="miniorange_app_setup_page">
804
-
805
- <div class="miniorange-app-setup-container">
806
- <h2 class="mo_header_background">Setup Security Question (KBA)</h2>
807
- <div class="mo_margin_left">
808
- <br>
809
- <p id="validation_msg"><b><?php echo $_SESSION['mo2f-login-message']; ?></b></p>
810
- <br>
811
- <?php mo2f_configure_kba_questions(); ?>
812
- <br />
813
- <?php if (sizeof($opt) > 1) { ?>
814
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange-button" value="Back" />
815
- <?php } ?>
816
- <input type="button" name="validate" onclick="moinlinesavekba();" class="miniorange-button" value="Save" />
817
- <br>
818
- <?php if (sizeof($opt) == 1) { ?>
819
- <input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
820
- <?php } ?>
821
- </div>
822
-
823
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
824
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
825
- <?php }?>
826
- </div>
827
- </div>
828
- <script>
829
- jQuery("div#login").hide();
830
- jQuery("body.login div#login").before(jQuery('.miniorange_app_setup_page'));
831
- function moinlinesavekba(){
832
-
833
- var kba_1 = jQuery('#mo2f_kbaquestion_1').val();
834
- var kba_2 = jQuery('#mo2f_kba_ans1').val();
835
- var kba_3 = jQuery('#mo2f_kbaquestion_2').val();
836
- var kba_4 = jQuery('#mo2f_kba_ans2').val();
837
- var kba_5 = jQuery('#mo2f_kbaquestion_3').val();
838
- var kba_6 = jQuery('#mo2f_kba_ans3').val();
839
-
840
- var regx = /^[a-zA-z0-9_@.$#&+-\s]*$/;
841
-
842
- if(!(kba_2.match(regx) && kba_4.match(regx) && kba_6.match(regx))){
843
- jQuery('#validation_msg').append("Only alphanumeric letters with special characters (_@.$#&amp;+-) are allowed.");
844
- return;
845
- }
846
-
847
- document.getElementById("mo2f_inline_save_kba_form").elements[0].value = kba_1;
848
- document.getElementById("mo2f_inline_save_kba_form").elements[1].value = kba_2;
849
- document.getElementById("mo2f_inline_save_kba_form").elements[2].value = kba_3;
850
- document.getElementById("mo2f_inline_save_kba_form").elements[3].value = kba_4;
851
- document.getElementById("mo2f_inline_save_kba_form").elements[4].value = kba_5;
852
- document.getElementById("mo2f_inline_save_kba_form").elements[5].value = kba_6;
853
- document.getElementById("mo2f_inline_save_kba_form").elements[6].value = '';
854
- jQuery('#mo2f_inline_save_kba_form').submit();
855
- }
856
- jQuery('#mo2f_inline_back_btn').click(function() {
857
- jQuery('#mo2f_goto_two_factor_form').submit();
858
- });
859
- function mologinback(){
860
- jQuery('#mo2f_backto_mo_loginform').submit();
861
- }
862
- </script>
863
-
864
- <?php }
865
-
866
- function prompt_user_for_setup_success($id){
867
-
868
- $mo2f_second_factor = get_user_meta($id,'mo2f_selected_2factor_method',true);
869
- if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
870
- $mo2f_second_factor = 'Email Verification';
871
- }else if($mo2f_second_factor == 'SMS'){
872
- $mo2f_second_factor = 'OTP over SMS';
873
- }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
874
- $mo2f_second_factor = 'Phone Call Verification';
875
- }else if($mo2f_second_factor == 'SOFT TOKEN'){
876
- $mo2f_second_factor = 'Soft Token';
877
- }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
878
- $mo2f_second_factor = 'QR Code Authentication';
879
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
880
- $mo2f_second_factor = 'Push Notification';
881
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
882
- $mo2f_second_factor = 'Google Authenticator';
883
- }else if($mo2f_second_factor == 'AUTHY 2-FACTOR AUTHENTICATION'){
884
- $mo2f_second_factor = 'Authy 2-Factor Authentication';
885
- }else if($mo2f_second_factor == 'KBA'){
886
- $mo2f_second_factor = 'Security Questions (KBA)';
887
- }
888
- $status = get_user_meta($id,'mo_2factor_user_registration_status',true);
889
- ?>
890
- <div class="miniorange_app_setup_page">
891
-
892
- <div class="miniorange-app-setup-container">
893
- <h2 class="mo_header_background">Two Factor Setup Complete</h2>
894
- <br><br>
895
- <?php if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
896
- ?>
897
- <center>
898
- <h3><b style="color:#7EAFB7;"><?php echo $mo2f_second_factor; ?> </b>has been set your Two Factor method for login.<br>
899
- Next time when you will login, you will be prompted <?php echo $mo2f_second_factor; ?> as your 2nd factor.
900
- </h3><br />
901
- </center>
902
- <?php } if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
903
- ?><center><div id="validation_msg" style="color:red;"></div></center>
904
- <div id="mo2f_show_kba_reg" class="mo2f_inline_padding">
905
- <div id="mo2f_kba_browser"><center>
906
- <h4> Please set your security questions. It will be used as an alternate login or backup method for all authentication methods. It will also be used as 2nd factor when you will try to login from mobile browser.</h4></center>
907
- </div><br />
908
- <?php echo isset($_SESSION[ 'mo2f-login-message' ]) ? '<h3 style="color:red;">' . $_SESSION[ 'mo2f-login-message' ] . '</h3>': '';?>
909
- <?php mo2f_configure_kba_questions(); ?>
910
- <input type="button" name="validate" onclick="moinlinesavekba();" class="miniorange-button mo2f_inline_padding" value="Save" />
911
- </div>
912
- <?php }
913
- if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ ?>
914
- <center>
915
- <br /><br />
916
- <h2><a href="#mo2f_login_account">Click Here</a></h2> to sign-in into your account.
917
- <br>
918
- </center>
919
- <?php } ?>
920
- <center><input type="button" name="miniorange_login_back" onclick="mologinback();" id="miniorange_login_back" class="button-green" value="←Back To Login" />
921
- </center>
922
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
923
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
924
- <?php }?>
925
- </div>
926
- </div>
927
-
928
- <script>
929
- jQuery("div#login").hide();
930
- jQuery("body.login div#login").before(jQuery('.miniorange_app_setup_page'));
931
- jQuery('a[href=\"#mo2f_login_account\"]').click(function(e) {
932
- jQuery('#mo2f_inline_register_skip_form').submit();
933
- });
934
- function moinlinesavekba(){
935
- var kba_1 = jQuery('#mo2f_kbaquestion_1').val();
936
- var kba_2 = jQuery('#mo2f_kba_ans1').val();
937
- var kba_3 = jQuery('#mo2f_kbaquestion_2').val();
938
- var kba_4 = jQuery('#mo2f_kba_ans2').val();
939
- var kba_5 = jQuery('#mo2f_kbaquestion_3').val();
940
- var kba_6 = jQuery('#mo2f_kba_ans3').val();
941
-
942
- var regx = /^[a-zA-z0-9_@.$#&+-\s]*$/;
943
-
944
- if(!(kba_2.match(regx) && kba_4.match(regx) && kba_6.match(regx))){
945
- jQuery('#validation_msg').empty().append("Only alphanumeric letters with special characters (_@.$#&amp;+-) are allowed.");
946
- return;
947
- }
948
-
949
- document.getElementById("mo2f_inline_save_kba_form").elements[0].value = kba_1;
950
- document.getElementById("mo2f_inline_save_kba_form").elements[1].value = kba_2;
951
- document.getElementById("mo2f_inline_save_kba_form").elements[2].value = kba_3;
952
- document.getElementById("mo2f_inline_save_kba_form").elements[3].value = kba_4;
953
- document.getElementById("mo2f_inline_save_kba_form").elements[4].value = kba_5;
954
- document.getElementById("mo2f_inline_save_kba_form").elements[5].value = kba_6;
955
- document.getElementById("mo2f_inline_save_kba_form").elements[6].value = 'mo2f_inline_kba_registration';
956
- jQuery('#mo2f_inline_save_kba_form').submit();
957
- }
958
- function mologinback(){
959
- jQuery('#mo2f_backto_mo_loginform').submit();
960
- }
961
- </script>
962
- <?php
963
- }
964
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
miniorange_2_factor_woocommerce_login.php DELETED
@@ -1,1817 +0,0 @@
1
- <?php
2
-
3
- function mo2f_frontend_get_forgotphone_form(){
4
- $random_mo_key = get_option('mo2f_new_customer');
5
- $message = $random_mo_key ? 'Please select the option and click on Continue button' : 'Please choose from below options:';
6
- ?>
7
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="mo2f_forgotphone_modal">
8
- <div class="mo2f-modal-backdrop"></div>
9
- <div class="mo2f_modal-dialog mo2f_modal-md">
10
- <div class="mo2f_modal-content">
11
- <div class="mo2f_modal-header">
12
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
13
- How would you like to authenticate yourself</h4>
14
- </div>
15
- <div class="mo2f_modal-body">
16
- <div id="kbaSection">
17
- <div style="padding-left:10px;padding-right:10px;fonnt-size:15px;"><?php echo isset($_SESSION['mo2f-login-message']) ? $_SESSION['mo2f-login-message'] : '';?></div>
18
- <p style="padding-left:10px;padding-right:10px;font-size: 15px;"><?php echo $message; ?></p>
19
- <div style="padding-left:40px;padding-right:40px;font-size: 15px;">
20
- <?php if(!$random_mo_key){ ?>
21
- <input type="radio" name="mo2f_selected_forgotphone_option" value="OTP OVER EMAIL" checked="ckecked" />&nbsp;Send a one time passcode to my registered email<br /><br />
22
- <?php } ?>
23
- <input type="radio" name="mo2f_selected_forgotphone_option" value="KBA" />&nbsp;Answer your Security Questions (KBA)
24
-
25
- <br /><br />
26
- <input type="button" name="miniorange_validtae_otp" value="Continue" class="button button-primary" onclick="mo2fselectforgotphoneoption();" />
27
-
28
- </div>
29
- <br>
30
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
31
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
32
- <?php }?>
33
- </div>
34
- </div>
35
- </div>
36
- </div>
37
- </div>
38
- <style>
39
- .woocommerce .woocommerce-error {
40
- display: none !important;
41
- }
42
- .modal-backdrop{
43
- z-index: 0 !important;
44
- }
45
- </style>
46
- <script>
47
- jQuery('.woocommerce-error').hide();
48
- jQuery('#mo2f_forgotphone_modal').modal('show');
49
- function mologinback(){
50
- jQuery('#mo2f_2fa_form_close').submit();
51
- }
52
- function mo2fselectforgotphoneoption(){
53
- var option = jQuery('input[name=mo2f_selected_forgotphone_option]:checked').val();
54
- document.getElementById("mo2f_challenge_forgotphone_form").elements[0].value = option;
55
- jQuery('#mo2f_challenge_forgotphone_form').submit();
56
- }
57
- </script>
58
- <?php
59
- }
60
-
61
- function mo2f_frontend_get_kba_form(){
62
- ?>
63
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal4">
64
- <div class="mo2f-modal-backdrop"></div>
65
- <div class="mo2f_modal-dialog mo2f_modal-md">
66
- <div class="mo2f_modal-content">
67
- <div class="mo2f_modal-header">
68
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
69
- Validate Security Questions</h4>
70
- </div>
71
- <div class="mo2f_modal-body center">
72
- <div id="kbaSection">
73
-
74
- <div id="mo_kba_title">
75
- <p class="mo2fa_display_message_frontend" ><?php echo isset($_SESSION['mo2f-login-message']) ? $_SESSION['mo2f-login-message'] : 'Please answer the following questions:'; ?></p><br />
76
- </div>
77
- <div id="mo2f_kba_content">
78
- <p style="text-align:center;font-size:15px;">
79
- <?php if(isset($_SESSION['mo_2_factor_kba_questions'])){
80
- echo $_SESSION['mo_2_factor_kba_questions'][0];
81
- ?><br />
82
- <input class="mo2f-textbox" style="width:350px;" type="text" name="mo2f_answer_1" id="mo2f_answer_1" required="true" autofocus="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed." autocomplete="off" ><br />
83
- <?php
84
- echo $_SESSION['mo_2_factor_kba_questions'][1];
85
- ?><br />
86
- <input class="mo2f-textbox" style="width:350px;" type="text" name="mo2f_answer_2" id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed." autocomplete="off" >
87
- <?php
88
- }
89
- ?>
90
- </p>
91
- </div>
92
-
93
- <?php if(get_option('mo2f_login_policy')){
94
- if(get_option('mo2f_deviceid_enabled')){
95
- ?>
96
- <span class="mo2f_device" style="float:left; font-size:15px;"><input type="checkbox" name="miniorange_remember_device" id="miniorange_remember_device" />Remember this device.</span>
97
- <?php
98
- }else{
99
- ?>
100
- <input type="checkbox" name="miniorange_remember_device" id="miniorange_remember_device" style="display:none;" />
101
- <?php
102
- }
103
- }else{
104
- ?>
105
- <input type="checkbox" name="miniorange_remember_device" id="miniorange_remember_device" style="display:none;" />
106
- <?php
107
- }
108
- ?>
109
- <input type="button" name="miniorange_kba_validate" onclick="mo2f_validate_kba();" id="miniorange_kba_validate" class="button button-primary" style="float:right;" value="Validate" />
110
-
111
-
112
- </div>
113
- <br /><br />
114
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
115
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
116
- <?php }?>
117
- </div>
118
- </div>
119
- </div>
120
- </div>
121
- <style>
122
- .woocommerce .woocommerce-error {
123
- display: none !important;
124
- }
125
- .modal-backdrop{
126
- z-index: 0 !important;
127
- }
128
- </style>
129
- <script>
130
- jQuery('.woocommerce-error').hide();
131
- jQuery('#myModal4').modal('show');
132
- function mologinback(){
133
- jQuery('#mo2f_2fa_form_close').submit();
134
- }
135
- function mo2f_validate_kba(){
136
- var ans1 = jQuery('#mo2f_answer_1').val();
137
- var ans2 = jQuery('#mo2f_answer_2').val();
138
- var check = jQuery('#miniorange_remember_device').prop('checked');
139
- document.getElementById("mo2f_submitkba_loginform").elements[0].value = ans1;
140
- document.getElementById("mo2f_submitkba_loginform").elements[1].value = ans2;
141
- document.getElementById("mo2f_submitkba_loginform").elements[2].value = check;
142
- jQuery('#mo2f_submitkba_loginform').submit();
143
- }
144
- jQuery('#mo2f_answer_2').keypress(function(e){
145
- if(e.which == 13){//Enter key pressed
146
- e.preventDefault();
147
- mo2f_validate_kba();
148
- }
149
- });
150
- </script>
151
- <?php
152
- }
153
-
154
- function mo2f_frontend_get_trusted_device_form(){
155
- ?>
156
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal">
157
- <div class="mo2f-modal-backdrop"></div>
158
- <div class="mo2f_modal-dialog">
159
- <div class="mo2f_modal-content">
160
- <div class="mo2f_modal-header">
161
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
162
- Remember Device</h4>
163
- </div>
164
- <div class="mo2f_modal-body center">
165
- <div id="pushSection">
166
-
167
- <div id="mo_device_title" style="margin-bottom:10%;padding-top:6%;">
168
-
169
- <p style="text-align:center !important;">Do you want to remember this device?</p>
170
-
171
- </div>
172
-
173
- <div id="mo2f_device_content">
174
- <center>
175
- <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();" id="miniorange_trust_device_yes" class="mo2f-button mo_green" style="margin-right:5%;" value="Yes" />
176
-
177
- <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();" id="miniorange_trust_device_no" class="mo2f-button mo_red" value="No" />
178
- </center>
179
- </div>
180
- <div id="showLoadingBar" hidden>
181
- <center>
182
- <p style="text-align:center !important;">Please wait...We are taking you into your account.</p>
183
-
184
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ );?>" />
185
- </center>
186
- </div>
187
- <br />
188
- <center>
189
- <span>
190
- <div style="font-size: 15px;">Click on <i><b>Yes</b></i> if its your personal device.<div/>
191
- <div style="font-size: 15px;">Click on <i><b>No</b></i> if its a public device.</div>
192
- </span>
193
- </center>
194
-
195
- <br />
196
- <br />
197
- </div>
198
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
199
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
200
- <?php }?>
201
- </div>
202
-
203
- </div>
204
- </div>
205
- </div>
206
- <style>
207
-
208
- .woocommerce .woocommerce-error {
209
- display: none !important;
210
- }
211
- .modal-backdrop{
212
- z-index: 0 !important;
213
- }
214
- </style>
215
- <script>
216
- jQuery('.woocommerce-error').hide();
217
- jQuery('#myModal').modal('show');
218
- function mologinback(){
219
- jQuery('#mo2f_2fa_form_close').submit();
220
- }
221
- function mo_check_device_confirm(){
222
- jQuery('#mo2f_device_content').hide();
223
- jQuery('#mo_device_title').hide();
224
- jQuery('#showLoadingBar').show();
225
- jQuery('#mo2f_trust_device_confirm_form').submit();
226
- }
227
- function mo_check_device_cancel(){
228
- jQuery('#mo2f_device_content').hide();
229
- jQuery('#mo_device_title').hide();
230
- jQuery('#showLoadingBar').show();
231
- jQuery('#mo2f_trust_device_cancel_form').submit();
232
- }
233
- </script>
234
- <?php
235
- }
236
-
237
- function mo2f_frontend_getpush_oobemail_response($id){
238
- ?>
239
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal1">
240
- <div class="mo2f-modal-backdrop"></div>
241
- <div class="mo2f_modal-dialog mo2f_modal-md">
242
- <div class="mo2f_modal-content">
243
- <div class="mo2f_modal-header">
244
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
245
- Accept Your Transaction</h4>
246
- </div>
247
- <div class="mo2f_modal-body center">
248
-
249
- <div id="otpMessage" >
250
- <p class='mo2fa_display_message_frontend'><?php echo $_SESSION['mo2f-login-message']; ?></p>
251
- </div>
252
-
253
-
254
- <div id="mo_2_factor_push_page">
255
- <center>
256
- <div id="pushSection" >
257
-
258
- <a href="#showPushHelp" id="pushHelpLink" class="mo2f-link">See How It Works ?</a>
259
-
260
- <p style="font-size:20px;text-align:center;">Waiting for your approval...</p>
261
-
262
- <div id="showPushImage" style="margin-bottom:10px;" class="center">
263
-
264
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif' , __FILE__ );?>" style="display:inline!important;"/>
265
-
266
- </div>
267
- <span style="padding-right:2%;">
268
- <?php if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS'){ ?>
269
- <center>
270
- <?php if(get_option('mo2f_enable_forgotphone')){ ?>
271
- <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone?</a>
272
- <?php } ?>
273
- &nbsp;&nbsp;&nbsp;&nbsp;
274
- <a name="miniorange_login_offline" onclick="mologinoffline();" id="miniorange_login_offline" class="mo2f-link" >Phone is Offline?</a>
275
- </center>
276
-
277
- <?php }else if(isset($_SESSION[ 'mo_2factor_login_status' ]) && $_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && get_user_meta($id,'mo2f_kba_registration_status',true)){ ?>
278
- <center><a href="#mo2f_alternate_login_kba" class="mo2f-link">Didn't receive mail?</a></center>
279
- <?php }
280
- ?>
281
- </span>
282
- <br>
283
-
284
- </div>
285
- </center>
286
- <div id="showPushHelp" class="showPushHelp" hidden>
287
- <br>
288
- <center><a href="#showPushHelp" id="pushLink" class="mo2f-link">←Go Back.</a>
289
- <br>
290
- <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
291
- <ol class="mo2f_carousel-indicators">
292
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
293
- <li data-target="#myCarousel" data-slide-to="1"></li>
294
- <li data-target="#myCarousel" data-slide-to="2"></li>
295
- </ol>
296
- <div class="mo2f_carousel-inner" role="listbox">
297
- <?php if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL') { ?>
298
- <div class="item active">
299
-
300
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-1.png" alt="First slide">
301
- </div>
302
- <div class="item">
303
- <p>Click on Accept Transaction link to verify your email .</p><br>
304
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-2.png" alt="First slide">
305
-
306
- </div>
307
- <div class="item">
308
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/email-with-link-login-flow-3.png" alt="First slide">
309
- </div>
310
- <?php } else { ?>
311
- <!-- Indicators -->
312
-
313
-
314
- <div class="item active">
315
- <p>You will receive a notification on your phone.</p><br>
316
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow.png" alt="First slide">
317
- </div>
318
- <div class="item">
319
- <p>Open the notification and click on accept button.</p><br>
320
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow-1.png" alt="First slide">
321
-
322
- </div>
323
- <div class="item">
324
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/push-login-flow-2.png" alt="First slide">
325
- </div>
326
- <?php } ?>
327
- </div>
328
- </div>
329
- </center>
330
- </div>
331
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
332
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
333
- <?php }?>
334
- </div>
335
-
336
- </div><!-- /.modal-content -->
337
- </div><!-- /.modal-dialog -->
338
- </div><!-- /.modal -->
339
- </div>
340
- <style>
341
- .woocommerce .woocommerce-error {
342
- display: none !important;
343
- }
344
- .modal-backdrop{
345
- z-index: 0 !important;
346
- }
347
- </style>
348
- <script>
349
- jQuery('.woocommerce-error').hide();
350
- jQuery('#myModal1').modal('show');
351
- jQuery('body.woocommerce.login.form-row').hide();
352
- var timeout;
353
- pollPushValidation();
354
- function pollPushValidation()
355
- {
356
- var transId = "<?php echo $_SESSION[ 'mo2f-login-transactionId' ]; ?>";
357
- var jsonString = "{\"txId\":\""+ transId + "\"}";
358
- var postUrl = "<?php echo get_option('mo2f_host_name'); ?>" + "/moas/api/auth/auth-status";
359
-
360
- jQuery.ajax({
361
- url: postUrl,
362
- type : "POST",
363
- dataType : "json",
364
- data : jsonString,
365
- contentType : "application/json; charset=utf-8",
366
- success : function(result) {
367
- var status = JSON.parse(JSON.stringify(result)).status;
368
- if (status == 'SUCCESS') {
369
- jQuery('#mo2f_mobile_validation_form').submit();
370
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
371
- jQuery('#mo2f_2fa_form_close').submit();
372
- } else {
373
- timeout = setTimeout(pollPushValidation, 3000);
374
- }
375
- }
376
- });
377
- }
378
- jQuery('#myCarousel').carousel('pause');
379
- jQuery('#pushHelpLink').click(function() {
380
- jQuery('#showPushHelp').show();
381
- jQuery('#pushSection').hide();
382
- jQuery('#otpMessage').hide();
383
- jQuery('#myCarousel').carousel(0);
384
- });
385
- jQuery('#pushLink').click(function() {
386
- jQuery('#showPushHelp').hide();
387
- jQuery('#pushSection').show();
388
- jQuery('#otpMessage').show();
389
- jQuery('#myCarousel').carousel('pause');
390
- });
391
- function mologinback(){
392
- jQuery('#mo2f_2fa_form_close').submit();
393
- }
394
- function mologinoffline(){
395
- jQuery('#mo2f_show_softtoken_loginform').submit();
396
- }
397
- function mologinforgotphone(){
398
- jQuery('#mo2f_show_forgotphone_loginform').submit();
399
- }
400
- jQuery('a[href=\"#mo2f_alternate_login_kba\"]').click(function() {
401
- jQuery('#mo2f_alternate_login_kbaform').submit();
402
- });
403
- </script>
404
- <?php
405
- }
406
-
407
- function mo2f_frontend_getqrcode(){
408
-
409
- ?>
410
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal2">
411
- <div class="mo2f-modal-backdrop"></div>
412
- <div class="mo2f_modal-dialog mo2f_modal-md">
413
- <div class="mo2f_modal-content">
414
- <div class="mo2f_modal-header">
415
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
416
- Scan QR Code</h4>
417
- </div>
418
- <div class="mo2f_modal-body center">
419
-
420
- <?php if(isset($_SESSION['mo2f-login-message']) && $_SESSION['mo2f-login-message'] == 'Error:OTP over Email'){ ?>
421
-
422
- <div id="otpMessage">
423
- <p class='mo2fa_display_message_frontend'><?php echo 'Error occurred while sending OTP over email. Please try again.'; ?></p>
424
- </div>
425
- <?php } ?>
426
-
427
-
428
- <div id="scanQRSection">
429
- <p class='mo2fa_display_message_frontend'>Identify yourself by scanning the QR code with miniOrange Authenticator app.</p>
430
- <a href="#showQRHelp" id="helpLink" class="mo2f-link">See How It Works ?</a>
431
- <br><br>
432
- <div id="showQrCode" style="margin-bottom:10%;">
433
- <center><?php echo '<img src="data:image/jpg;base64,' . $_SESSION[ 'mo2f-login-qrCode' ] . '" />'; ?></center>
434
- </div>
435
-
436
-
437
-
438
- <?php if(get_option('mo2f_enable_forgotphone')){ ?>
439
- <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone?</a>
440
- <?php } ?>
441
- &nbsp;&nbsp;&nbsp;&nbsp;
442
- <a name="miniorange_login_offline" onclick="mologinoffline();" id="miniorange_login_offline" class="mo2f-link" >Phone is Offline?</a>
443
-
444
- <br />
445
-
446
- </div>
447
- <div id="showQRHelp" class="showQRHelp" hidden>
448
- <br>
449
- <center><a href="#showQRHelp" id="qrLink" class="mo2f-link">←Back to Scan QR Code.</a>
450
- <br>
451
- <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
452
- <!-- Indicators -->
453
- <ol class="mo2f_carousel-indicators">
454
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
455
- <li data-target="#myCarousel" data-slide-to="1"></li>
456
- <li data-target="#myCarousel" data-slide-to="2"></li>
457
- <li data-target="#myCarousel" data-slide-to="3"></li>
458
- <li data-target="#myCarousel" data-slide-to="4"></li>
459
- </ol>
460
- <div class="mo2f_carousel-inner" role="listbox">
461
- <div class="item active">
462
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-1.png" alt="First slide">
463
- </div>
464
- <div class="item">
465
- <p>Open miniOrange Authenticator app and click on Authenticate.</p><br>
466
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-2.png" alt="First slide">
467
-
468
- </div>
469
- <div class="item">
470
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-3.png" alt="First slide">
471
- </div>
472
- <div class="item">
473
- <img class="first-slide" src="https://auth.miniorange.com/moas//images/help/qr-help-4.png" alt="First slide">
474
- </div>
475
- <div class="item">
476
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-5.png" alt="First slide">
477
- </div>
478
- </div>
479
- </div>
480
- </center>
481
- </div>
482
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
483
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
484
- <?php }?>
485
- </div>
486
- </div><!-- /.modal-content -->
487
- </div><!-- /.modal-dialog -->
488
- </div><!-- /.modal -->
489
- <style>
490
- .woocommerce .woocommerce-error {
491
- display: none !important;
492
- }
493
- .modal-backdrop{
494
- z-index: 0 !important;
495
- }
496
- </style>
497
- <script>
498
- jQuery('.woocommerce-error').hide();
499
- jQuery('#myModal2').modal('show');
500
-
501
- var timeout;
502
- pollMobileValidation();
503
- function pollMobileValidation()
504
- {
505
- var transId = "<?php echo $_SESSION[ 'mo2f-login-transactionId' ]; ?>";
506
- var jsonString = "{\"txId\":\""+ transId + "\"}";
507
- var postUrl = "<?php echo get_option('mo2f_host_name'); ?>" + "/moas/api/auth/auth-status";
508
- jQuery.ajax({
509
- url: postUrl,
510
- type : "POST",
511
- dataType : "json",
512
- data : jsonString,
513
- contentType : "application/json; charset=utf-8",
514
- success : function(result) {
515
- var status = JSON.parse(JSON.stringify(result)).status;
516
- if (status == 'SUCCESS') {
517
- var content = "<div id='success'><center><img src='" + "<?php echo plugins_url( 'includes/images/right.png' , __FILE__ );?>" + "' /></center></div>";
518
- jQuery("#showQrCode").empty();
519
- jQuery("#showQrCode").append(content);
520
- setTimeout(function(){jQuery("#mo2f_mobile_validation_form").submit();}, 100);
521
- } else if (status == 'ERROR' || status == 'FAILED') {
522
- var content = "<div id='error'><center><img src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></center></div>";
523
- jQuery("#showQrCode").empty();
524
- jQuery("#showQrCode").append(content);
525
- setTimeout(function(){jQuery('#mo2f_2fa_form_close').submit();}, 1000);
526
- } else {
527
- timeout = setTimeout(pollMobileValidation, 3000);
528
- }
529
- }
530
- });
531
- }
532
- jQuery('#myCarousel').carousel('pause');
533
- jQuery('#helpLink').click(function() {
534
- jQuery('#showQRHelp').show();
535
- jQuery('#scanQRSection').hide();
536
-
537
- jQuery('#myCarousel').carousel(0);
538
- });
539
- jQuery('#qrLink').click(function() {
540
- jQuery('#showQRHelp').hide();
541
- jQuery('#scanQRSection').show();
542
- jQuery('#myCarousel').carousel('pause');
543
- });
544
- function mologinback(){
545
- jQuery('#mo2f_2fa_form_close').submit();
546
- }
547
- function mologinoffline(){
548
- jQuery('#mo2f_show_softtoken_loginform').submit();
549
- }
550
- function mologinforgotphone(){
551
- jQuery('#mo2f_show_forgotphone_loginform').submit();
552
- }
553
- </script>
554
- <?php
555
- }
556
-
557
- function mo2f_frontend_getotp_form(){
558
- ?>
559
-
560
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal3">
561
- <div class="mo2f-modal-backdrop"></div>
562
- <div class="mo2f_modal-dialog mo2f_modal-md">
563
- <div class="mo2f_modal-content">
564
- <div class="mo2f_modal-header">
565
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
566
- Validate OTP</h4>
567
- </div>
568
- <div class="mo2f_modal-body">
569
-
570
-
571
- <div id="otpMessage">
572
- <p class="mo2fa_display_message_frontend" ><?php echo $_SESSION['mo2f-login-message']; ?></p>
573
- </div>
574
-
575
- <div id="showOTP">
576
- <div class="mo2f-login-container">
577
- <?php if($_SESSION[ 'mo_2factor_login_status' ] != 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){ ?>
578
- <a href="#showOTPHelp" id="otpHelpLink" class="mo2f-link">See How It Works ?</a>
579
- <?php } ?>
580
- <br />
581
- <input type="text" name="mo2fa_softtokenkey" placeholder="Enter one time passcode" id="mo2fa_softtokenkey" required="true" class="mo2f-textbox" autofocus="true" pattern="[0-9]{4,8}" title="Only digits within range 4-8 are allowed."/>
582
- <br />
583
- <input type="button" name="miniorange_soft_token_submit" onclick="mootploginsubmit();" id="miniorange_soft_token_submit" class="button" value="Validate" />
584
- <br><br>
585
- <?php if(get_option('mo2f_enable_forgotphone') && isset($_SESSION[ 'mo_2factor_login_status' ] ) && $_SESSION[ 'mo_2factor_login_status' ] != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
586
- <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone ?</a>
587
- <?php } ?>
588
- <br><br>
589
- </div>
590
- </div>
591
- <div id="showOTPHelp" class="showOTPHelp" hidden>
592
- <br>
593
- <center><a href="#showOTP" id="otpLink" class="mo2f-link">←Go Back</a>
594
- <br>
595
- <div id="myCarousel" class="mo2f_carousel slide" data-ride="carousel">
596
- <!-- Indicators -->
597
-
598
- <?php if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){ ?>
599
- <ol class="mo2f_carousel-indicators">
600
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
601
- <li data-target="#myCarousel" data-slide-to="1"></li>
602
- <li data-target="#myCarousel" data-slide-to="2"></li>
603
- <li data-target="#myCarousel" data-slide-to="3"></li>
604
-
605
- </ol>
606
- <div class="mo2f_carousel-inner" role="listbox">
607
-
608
-
609
- <div class="item active">
610
- <p>Open miniOrange Authenticator app and click on settings icon on top right corner.</p><br>
611
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/qr-help-2.png" alt="First slide">
612
- </div>
613
- <div class="item">
614
- <p>Click on Sync button below to sync your time with miniOrange Servers. This is a one time sync to avoid otp validation failure.</p><br>
615
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-3.png" alt="First slide">
616
- </div>
617
- <div class="item">
618
- <p>Go to Soft Token tab.</p><br>
619
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-2.png" alt="First slide">
620
- </div>
621
- <div class="item">
622
- <p>Enter the one time passcode shown in miniOrange Authenticator app here.</p><br>
623
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/token-help-4.png" alt="First slide">
624
- </div>
625
- </div>
626
- <?php } else if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') { ?>
627
- <ol class="mo2f_carousel-indicators">
628
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
629
- <li data-target="#myCarousel" data-slide-to="1"></li>
630
- <li data-target="#myCarousel" data-slide-to="2"></li>
631
-
632
- </ol>
633
- <div class="mo2f_carousel-inner" role="listbox">
634
- <div class="item active">
635
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-1.png" alt="First slide">
636
- </div>
637
- <div class="item">
638
- <p>Check your email with which you registered and copy the one time passcode.</p><br>
639
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-2.png" alt="First slide">
640
- </div>
641
- <div class="item">
642
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-help-3.png" alt="First slide">
643
- </div>
644
- </div>
645
- <?php } else if($_SESSION[ 'mo_2factor_login_status' ] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') { ?>
646
- <ol class="mo2f_carousel-indicators">
647
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
648
- <li data-target="#myCarousel" data-slide-to="1"></li>
649
- <li data-target="#myCarousel" data-slide-to="2"></li>
650
-
651
- </ol>
652
- <div class="mo2f_carousel-inner" role="listbox">
653
- <div class="item active">
654
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-1.png" alt="First slide">
655
- </div>
656
- <div class="item">
657
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-2.png" alt="First slide">
658
- </div>
659
- <div class="item">
660
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/otp-over-sms-login-flow-3.png" alt="First slide">
661
- </div>
662
- </div>
663
- <?php } else { ?>
664
- <!-- phone call verification -->
665
- <ol class="mo2f_carousel-indicators">
666
- <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
667
- <li data-target="#myCarousel" data-slide-to="1"></li>
668
-
669
-
670
- </ol>
671
- <div class="mo2f_carousel-inner" role="listbox">
672
- <div class="item active">
673
- <p>You will receive a phone call. Pick up the call and listen to the one time passcode carefully. </p>
674
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/phone-call-login-flow-2.png" alt="First slide">
675
- </div>
676
- <div class="item">
677
- <p>Enter the one time passcode here and click on validate button to login.</p><br>
678
- <img class="first-slide" src="https://auth.miniorange.com/moas/images/help/phone-call-login-flow.png" alt="First slide">
679
- </div>
680
-
681
- </div>
682
- <?php } ?>
683
-
684
- </div>
685
- </div>
686
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
687
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
688
- <?php }?>
689
- </div>
690
- </div>
691
- </div><!-- /.modal-content -->
692
- </div><!-- /.modal-dialog -->
693
- </div><!-- /.modal -->
694
- <style>
695
- .woocommerce .woocommerce-error {
696
- display: none !important;
697
- }
698
- .modal-backdrop{
699
- z-index: 0 !important;
700
- }
701
- </style>
702
- <script>
703
- jQuery('.woocommerce-error').hide();
704
- jQuery('#myModal3').modal('show');
705
- jQuery('#otpHelpLink').click(function() {
706
- jQuery('#showOTPHelp').show();
707
- jQuery('#showOTP').hide();
708
- jQuery('#otpMessage').hide();
709
- });
710
- jQuery('#otpLink').click(function() {
711
- jQuery('#showOTPHelp').hide();
712
- jQuery('#showOTP').show();
713
- jQuery('#otpMessage').show();
714
- });
715
-
716
- function mologinback(){
717
- jQuery('#mo2f_2fa_form_close').submit();
718
- }
719
- function mologinforgotphone(){
720
- jQuery('#mo2f_show_forgotphone_loginform').submit();
721
- }
722
- function mootploginsubmit(){
723
- var otpkey = jQuery('#mo2fa_softtokenkey').val();
724
- document.getElementById("mo2f_submitotp_loginform").elements[0].value = otpkey;
725
- jQuery('#mo2f_submitotp_loginform').submit();
726
-
727
- }
728
-
729
- jQuery('#mo2fa_softtokenkey').keypress(function(e){
730
- if(e.which == 13){//Enter key pressed
731
- e.preventDefault();
732
- var otpkey = jQuery('#mo2fa_softtokenkey').val();
733
- document.getElementById("mo2f_submitotp_loginform").elements[0].value = otpkey;
734
- jQuery('#mo2f_submitotp_loginform').submit();
735
- }
736
-
737
- });
738
-
739
-
740
-
741
- </script>
742
- <?php
743
- }
744
- function prompt_user_to_register_frontend(){ ?>
745
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
746
- <div class="mo2f-modal-backdrop"></div>
747
- <div class="mo2f_modal-dialog mo2f_modal-md">
748
- <div class="mo2f_modal-content">
749
- <div class="mo2f_modal-header">
750
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
751
- Setup Two Factor</h4>
752
- </div>
753
- <div class="mo2f_modal-body center">
754
- <p class="mo2fa_display_message_frontend"><?php echo $_SESSION['mo2f-login-message']; ?></p>
755
-
756
- A new security system has been enabled to better protect your account. Please configure your Two-Factor Authentication method by setting up your account.
757
- <br><br>
758
- <div class="mo2f-login-container">
759
- <input type="email" autofocus="true" name="mo_useremail" id="mo_useremail" class="mo2f-textbox" style="width:305px !important;" required placeholder="person@example.com" />
760
- <br>
761
- <input type="button" name="miniorange_get_started" onclick="mouserregistersubmit();" class="button" value="Get Started" />
762
- <?php if( !get_option('mo2f_inline_registration')){ ?>
763
- <br><br>
764
- <input type="button" name="mo2f_skip_btn" onclick="moskipregistersubmit();" class="button " value="Skip" />
765
- <?php } ?>
766
- <br><br>
767
- </div>
768
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
769
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
770
- <?php }?>
771
- </div>
772
-
773
-
774
- </div><!-- /.modal-content -->
775
- </div><!-- /.modal-dialog -->
776
- </div><!-- /.modal -->
777
- <style>
778
- .woocommerce .woocommerce-error {
779
- display: none !important;
780
- }
781
- .modal-backdrop{
782
- z-index: 0 !important;
783
- }
784
- </style>
785
- <script>
786
- jQuery('.woocommerce-error').hide();
787
- jQuery('#myModal5').modal('show');
788
-
789
- function mologinback(){
790
- jQuery('#mo2f_2fa_form_close').submit();
791
- }
792
- function mouserregistersubmit(){
793
- var userEmail = jQuery('#mo_useremail').val();
794
- document.getElementById("mo2f_inline_register_user_form").elements[0].value = userEmail;
795
- jQuery('#mo2f_inline_register_user_form').submit();
796
-
797
- }
798
-
799
- jQuery('#mo_useremail').keypress(function(e){
800
- if(e.which == 13){//Enter key pressed
801
- e.preventDefault();
802
- var userEmail = jQuery('#mo_useremail').val();
803
- document.getElementById("mo2f_inline_register_user_form").elements[0].value = userEmail;
804
- jQuery('#mo2f_inline_register_user_form').submit();
805
- }
806
-
807
- });
808
- function moskipregistersubmit(){
809
- jQuery('#mo2f_inline_register_skip_form').submit();
810
- }
811
- </script>
812
- <?php }
813
-
814
- function prompt_user_for_validate_otp_frontend(){ ?>
815
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal6">
816
- <div class="mo2f-modal-backdrop"></div>
817
- <div class="mo2f_modal-dialog mo2f_modal-md">
818
- <div class="mo2f_modal-content">
819
- <div class="mo2f_modal-header">
820
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
821
- Verify Your Email</h4>
822
- </div>
823
- <div class="mo2f_modal-body">
824
- <p class="mo2fa_display_message_frontend"><?php echo $_SESSION['mo2f-login-message']; ?></p>
825
- <center>
826
- <input autofocus="true" type="text" name="otp_token" id="otp_token" required placeholder="Enter OTP" class="mo2f-textbox" style="width:305px !important;" />
827
- <br>
828
- <a href="#resendinlineotplink">Resend OTP ?</a>
829
- <input type="button" name="back" id="mo2f_inline_backto_regform" style="margin-left:20px;" class="button" value="Back" />
830
- <input name="submit" type="button" value="Validate OTP" class="button" onclick="movalidateotpsubmit();" />
831
-
832
-
833
- </center>
834
- <br><br>
835
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
836
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
837
- <?php }?>
838
- </div>
839
-
840
-
841
- </div><!-- /.modal-content -->
842
- </div><!-- /.modal-dialog -->
843
- </div><!-- /.modal -->
844
- <style>
845
- .woocommerce .woocommerce-error {
846
- display: none !important;
847
- }
848
- .modal-backdrop{
849
- z-index: 0 !important;
850
- }
851
- </style>
852
- <script>
853
- jQuery('.woocommerce-error').hide();
854
- jQuery('#myModal6').modal('show');
855
-
856
- function mologinback(){
857
- jQuery('#mo2f_2fa_form_close').submit();
858
- }
859
- function movalidateotpsubmit(){
860
- var otp = jQuery('#otp_token').val();
861
- document.getElementById("mo2f_inline_user_validate_otp_form").elements[0].value = otp;
862
- jQuery('#mo2f_inline_user_validate_otp_form').submit();
863
- }
864
-
865
- jQuery('#otp_token').keypress(function(e){
866
- if(e.which == 13){//Enter key pressed
867
- e.preventDefault();
868
- var otp = jQuery('#otp_token').val();
869
- document.getElementById("mo2f_inline_user_validate_otp_form").elements[0].value = otp;
870
- jQuery('#mo2f_inline_user_validate_otp_form').submit();
871
- }
872
-
873
- });
874
- jQuery('a[href=\"#resendinlineotplink\"]').click(function(e) {
875
- jQuery('#mo2fa_inline_resend_otp_form').submit();
876
- });
877
- jQuery('#mo2f_inline_backto_regform').click(function() {
878
- jQuery('#mo2f_goto_user_registration_form').submit();
879
- });
880
- </script>
881
- <?php }
882
-
883
- function prompt_user_to_select_2factor_method_frontend($current_user){
884
- $current_selected_method = get_user_meta($current_user,'mo2f_selected_2factor_method',true);
885
- if($current_selected_method == 'MOBILE AUTHENTICATION'
886
- || $current_selected_method == 'SOFT TOKEN'
887
- || $current_selected_method == 'PUSH NOTIFICATIONS'){
888
-
889
- prompt_user_for_miniorange_app_setup_frontend($current_user);
890
-
891
- }else if($current_selected_method == 'SMS'
892
- || $current_selected_method == 'PHONE VERIFICATION'){
893
-
894
- prompt_user_for_phone_setup_frontend($current_user);
895
-
896
- }else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
897
-
898
- prompt_user_for_google_authenticator_setup_frontend($current_user);
899
-
900
- }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
901
- prompt_user_for_authy_authenticator_setup_frontend($current_user);
902
- }else if($current_selected_method == 'KBA' ){
903
-
904
- prompt_user_for_kba_setup_frontend($current_user);
905
-
906
- }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
907
-
908
- prompt_user_for_setup_success_frontend($current_user);
909
-
910
- }else{
911
- $opt = (array) get_option('mo2f_auth_methods_for_users'); ?>
912
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal7">
913
- <div class="mo2f-modal-backdrop"></div>
914
- <div class="mo2f_modal-dialog mo2f_modal-lg">
915
- <div class="mo2f_modal-content">
916
- <div class="mo2f_modal-header">
917
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
918
- Select Two Factor Method</h4>
919
- </div>
920
- <div class="mo2f_modal-body">
921
-
922
- <b>Select Any Two-Factor of your choice below and complete its setup.</b>
923
- <br>
924
- <input type="hidden" name="option" value="mo_2factor_validate_user_otp" />
925
- <br>
926
- <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
927
- <label title="You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones." class="mo2f_label">
928
- <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
929
- Email Verification
930
- </label>
931
- <br>
932
- </span>
933
-
934
- <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
935
-
936
- <label title="You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones." class="mo2f_label">
937
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
938
- OTP Over SMS
939
- </label>
940
- <br>
941
- </span>
942
-
943
- <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
944
-
945
- <label title="You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones." class="mo2f_label">
946
- <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
947
- Phone Call Verification
948
- </label>
949
- <br>
950
- </span>
951
-
952
- <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
953
- <label class="mo2f_label" title="You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only." >
954
- <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
955
- Soft Token
956
- </label>
957
-
958
- <br>
959
- </span>
960
-
961
- <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
962
-
963
- <label class="mo2f_label" title="You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.">
964
- <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
965
- QR Code Authentication
966
- </label>
967
- <br>
968
- </span>
969
-
970
- <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
971
-
972
- <label class="mo2f_label" title="You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.">
973
- <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
974
- Push Notification
975
- </label>
976
- <br>
977
-
978
- </span>
979
-
980
-
981
- <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
982
-
983
- <label title="You have to enter 6 digits code generated by Google Authenticaor App to login. Supported in Smartphones only." class="mo2f_label">
984
- <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
985
- Google Authenticator
986
- </label>
987
- <br>
988
- </span>
989
- <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
990
-
991
- <label class="mo2f_label" title="You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.">
992
- <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
993
- Authy 2-Factor Authentication
994
- </label>
995
- <br>
996
- </span>
997
-
998
- <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
999
-
1000
- <label title="You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones." class="mo2f_label">
1001
- <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
1002
- Security Questions( KBA )
1003
- </label>
1004
- </span>
1005
-
1006
- <br><br>
1007
- </div>
1008
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
1009
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
1010
- <?php }?>
1011
- </div>
1012
-
1013
-
1014
-
1015
- </div><!-- /.modal-content -->
1016
- </div><!-- /.modal-dialog -->
1017
- </div><!-- /.modal -->
1018
- <style>
1019
- .woocommerce .woocommerce-error {
1020
- display: none !important;
1021
- }
1022
- .modal-backdrop{
1023
- z-index: 0 !important;
1024
- }
1025
- </style>
1026
- <script>
1027
- jQuery('.woocommerce-error').hide();
1028
- jQuery('#myModal7').modal('show');
1029
-
1030
- function mologinback(){
1031
- jQuery('#mo2f_2fa_form_close').submit();
1032
- }
1033
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
1034
- var selectedMethod = jQuery(this).val();
1035
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
1036
- jQuery('#mo2f_select_2fa_methods_form').submit();
1037
- });
1038
-
1039
- </script>
1040
- <?php }
1041
- }
1042
- function prompt_user_for_authy_authenticator_setup_frontend($current_user){
1043
- $mo2f_authy_auth = isset($_SESSION['mo2f_authy_keys']) ? $_SESSION['mo2f_authy_keys'] : null;
1044
- $data = isset($_SESSION['mo2f_authy_keys']) ? $mo2f_authy_auth['authy_qrCode'] : null;
1045
- $authy_secret = isset($_SESSION['mo2f_authy_keys']) ? $mo2f_authy_auth['authy_secret'] : null;
1046
- $opt = (array) get_option('mo2f_auth_methods_for_users');
1047
- ?>
1048
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="mo2f_authy_modal">
1049
- <div class="mo2f-modal-backdrop"></div>
1050
- <div class="mo2f_modal-dialog mo2f_modal-lg" style="width:999px !important;margin:0px auto !important;">
1051
- <div class="mo2f_modal-content">
1052
- <div class="mo2f_modal-header">
1053
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1054
- Setup Authy 2-Factor Authentication</h4>
1055
- </div>
1056
-
1057
- <div class="mo2f_modal-body">
1058
- <?php echo $_SESSION[ 'mo2f-login-message' ]; ?>
1059
- <table style="border:hidden;">
1060
- <tr>
1061
- <td style="vertical-align:top;width:300px;padding-right:15px;border:none !important;">
1062
- <div style="font-size: 18px !important;"><b>Step-1: Configure Authy App.</b></div><hr />
1063
- <input type="button" name="mo2f_authy_configure" id="mo2f_authy_configure" class="button" value="Configure" /><br /><br />
1064
- <?php if (sizeof($opt) > 1) { ?>
1065
- <input type="button" name="back" id="mo2f_inline_back_btn" class="button" value="Back" />
1066
- <?php } ?>
1067
-
1068
-
1069
- </td>
1070
- <td class="mo2f_separator mo2f_authy_table"></td>
1071
- <td style="width:40%;padding-right:15px;vertical-align:top;border:none !important;">
1072
- <div style="font-size: 18px !important;"><b>Step-2: Set up Authy App</b></div><hr>
1073
- <div style="<?php echo isset($_SESSION['mo2f_authy_keys']) ? 'display:block' : 'display:none'; ?>">
1074
- <ol class="mo2f_ordered_list">
1075
- <li class="mo2f_list">Install the Authy 2-Factor Authentication App.</li>
1076
- <li class="mo2f_list">Now open and configure Authy 2-Factor Authentication App.</li>
1077
- <li class="mo2f_list"> Tap on Add Account and then tap on SCAN QR CODE in your App and scan the qr code.</li>
1078
- </ol>
1079
- <center><br><div id="displayQrCode" ><?php echo '<img src="data:image/jpg;base64,' . $data . '" />'; ?></div></center>
1080
- <div><a data-toggle="collapse" href="#mo2f_scanbarcode_a" aria-expanded="false" ><b>Can't scan the QR Code? </b></a></div>
1081
- <div class="mo2f_collapse" id="mo2f_scanbarcode_a">
1082
- <ol class="mo2f_ordered_list">
1083
- <li class="mo2f_list">In Authy 2-Factor Authentication App, tap on ENTER KEY MANUALLY."</li>
1084
- <li class="mo2f_list">In "Adding New Account" type your secret key:</li>
1085
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
1086
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
1087
- <?php echo $authy_secret; ?>
1088
- </div>
1089
- <div style="font-size: 80%;color: #666666;">
1090
- Spaces don't matter.
1091
- </div>
1092
- </div>
1093
- <li class="mo2f_list">Tap OK.</li>
1094
- </ol>
1095
- </div>
1096
- </div>
1097
- </td>
1098
- <td class="mo2f_separator mo2f_authy_table"></td>
1099
- <td style="vertical-align:top;width:25%;border:none !important;">
1100
- <div style="font-size: 18px !important;"><b>Step-3: Verify and Save</b></div><hr>
1101
- <div style="<?php echo isset($_SESSION['mo2f_authy_keys']) ? 'display:block' : 'display:none'; ?>">
1102
- <li class="mo2f_list">Once you have scanned the qr code, enter the verification code generated by the Authenticator app</li>
1103
-
1104
- <span style="font-size:16px !important;"><b>Code: </b>
1105
- <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" required="true" type="text" id="authy_token" name="authy_token" placeholder="Enter OTP" style="width:95%;"/></span><br /><br/>
1106
- <input type="button" name="validate" id="mo2f_authy_validate" class="button button-primary button-large" value="Verify and Save" />
1107
- </div>
1108
- </td>
1109
- </tr><br>
1110
- </table>
1111
- <br><br>
1112
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
1113
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
1114
- <?php }?>
1115
- </div>
1116
- </div><!-- /.modal-content -->
1117
- </div><!-- /.modal-dialog -->
1118
- </div><!-- /.modal -->
1119
- <style>
1120
- .woocommerce .woocommerce-error {
1121
- display: none !important;
1122
- }
1123
- .modal-backdrop{
1124
- z-index: 0 !important;
1125
- }
1126
- .mo2f_authy_table{
1127
- width: 1px !important;
1128
- border-right: none !important;
1129
- border-top: none !important;
1130
- border-bottom: none !important;
1131
- }
1132
- </style>
1133
- <script>
1134
- jQuery('.woocommerce-error').hide();
1135
- jQuery('#mo2f_authy_modal').modal('show');
1136
-
1137
- function mologinback(){
1138
- jQuery('#mo2f_2fa_form_close').submit();
1139
- }
1140
- jQuery('#mo2f_inline_back_btn').click(function() {
1141
- jQuery('#mo2f_goto_two_factor_form').submit();
1142
- });
1143
- jQuery('#mo2f_authy_configure').click(function() {
1144
- jQuery('#mo2f_inline_authy_configure_form').submit();
1145
- });
1146
- jQuery('#mo2f_authy_validate').click(function() {
1147
- var token = jQuery('#authy_token').val();
1148
- document.getElementById("mo2f_inline_validate_authy_authentication_form").elements[0].value = token;
1149
- jQuery('#mo2f_inline_validate_authy_authentication_form').submit();
1150
- });
1151
-
1152
- jQuery('#authy_token').keypress(function(e){
1153
- if(e.which == 13){//Enter key pressed
1154
- e.preventDefault();
1155
- var token = jQuery('#authy_token').val();
1156
- document.getElementById("mo2f_inline_validate_authy_authentication_form").elements[0].value = token;
1157
- jQuery('#mo2f_inline_validate_authy_authentication_form').submit();
1158
- }
1159
-
1160
- });
1161
- </script>
1162
- <?php
1163
- }
1164
-
1165
- function prompt_user_for_google_authenticator_setup_frontend($current_user){
1166
- $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
1167
- $data = isset($_SESSION['mo2f_google_auth']) ? $mo2f_google_auth['ga_qrCode'] : null;
1168
- $ga_secret = isset($_SESSION['mo2f_google_auth']) ? $mo2f_google_auth['ga_secret'] : null;
1169
- $opt = (array) get_option('mo2f_auth_methods_for_users'); ?>
1170
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal10">
1171
- <div class="mo2f-modal-backdrop"></div>
1172
- <div class="mo2f_modal-dialog mo2f_modal-lg" style="width:999px !important;margin:0px auto !important;">
1173
- <div class="mo2f_modal-content">
1174
- <div class="mo2f_modal-header">
1175
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1176
- Setup Google Authenticator</h4>
1177
- </div>
1178
-
1179
- <div class="mo2f_modal-body">
1180
- <?php echo $_SESSION['mo2f-login-message']; ?>
1181
- <table style="border:hidden;" id="mo2f_ga_tab">
1182
- <tr>
1183
- <td style="vertical-align:top;width:200px !important;border: none !important;">
1184
- <div style="font-size: 18px !important;"><b>Select Phone Type</b></div>
1185
- <br>
1186
- <p style="font-size: 15px !important;"><input type="radio" name="mo2f_inline_app_type_radio" value="android" <?php checked( $mo2f_google_auth['ga_phone'] == 'android' ); ?> /> <b>Android</b><br /><br />
1187
- <input type="radio" name="mo2f_inline_app_type_radio" value="iphone" <?php checked( $mo2f_google_auth['ga_phone'] == 'iphone' ); ?> /> <b>iPhone</b><br /><br />
1188
- <input type="radio" name="mo2f_inline_app_type_radio" value="blackberry" <?php checked( $mo2f_google_auth['ga_phone'] == 'blackberry' ); ?> /> <b>BlackBerry</b><br /><br /></p>
1189
- <?php if (sizeof($opt) > 1) { ?>
1190
- <input type="button" name="back" id="mo2f_inline_back_btn" class="button" value="Back" />
1191
- <?php } ?>
1192
- </td>
1193
- <td class="mo2f_separator mo2f_ga_table"></td>
1194
- <td style="width:400px;border: none !important;">
1195
-
1196
-
1197
- <div id="mo2f_android_div" style="<?php echo $mo2f_google_auth['ga_phone'] == 'android' ? 'display:block' : 'display:none'; ?>">
1198
- <div style="font-size: 18px !important;"><b>Install the Google Authenticator App for Android.</b></div>
1199
- <ol class="mo2f_ordered_list">
1200
- <li class="mo2f_list">On your phone,Go to Google Play Store.</li>
1201
- <li class="mo2f_list">Search for <b>Google Authenticator.</b>
1202
- <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank">Download from the Google Play Store and install the application.</a>
1203
- </li>
1204
-
1205
- </ol>
1206
- <div style="font-size: 18px !important;">Now open and configure Google Authenticator.</div>
1207
- <ol class="mo2f_ordered_list">
1208
- <li class="mo2f_list">In Google Authenticator, touch Menu and select "Set up account."</li>
1209
- <li class="mo2f_list">Select "Scan a barcode". Use your phone's camera to scan this barcode.</li>
1210
- <center><br><div id="displayQrCode" ><?php echo '<img src="data:image/jpg;base64,' . $data . '" />'; ?></div></center>
1211
-
1212
- </ol>
1213
- <br>
1214
- <div><a data-toggle="collapse" href="#mo2f_scanbarcode_a" aria-expanded="false" ><b>Can't scan the barcode? </b></a></div>
1215
- <div class="mo2f_collapse" id="mo2f_scanbarcode_a">
1216
- <ol class="mo2f_ordered_list">
1217
- <li class="mo2f_list">In Google Authenticator, touch Menu and select "Set up account."</li>
1218
- <li class="mo2f_list">Select "Enter provided key"</li>
1219
- <li class="mo2f_list">In "Enter account name" type your full email address.</li>
1220
- <li class="mo2f_list">In "Enter your key" type your secret key:</li>
1221
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
1222
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
1223
- <?php echo $ga_secret; ?>
1224
- </div>
1225
- <div style="font-size: 80%;color: #666666;">
1226
- Spaces don't matter.
1227
- </div>
1228
- </div>
1229
- <li class="mo2f_list">Key type: make sure "Time-based" is selected.</li>
1230
- <li class="mo2f_list">Tap Add.</li>
1231
- </ol>
1232
- </div>
1233
-
1234
- </div>
1235
-
1236
- <div id="mo2f_iphone_div" style="<?php echo $mo2f_google_auth['ga_phone'] == 'iphone' ? 'display:block' : 'display:none'; ?>">
1237
- <div style="font-size: 18px !important;"><b>Install the Google Authenticator app for iPhone.</b></div>
1238
- <ol class="mo2f_ordered_list">
1239
- <li class="mo2f_list">On your iPhone, tap the App Store icon.</li>
1240
- <li class="mo2f_list">Search for <b>Google Authenticator.</b>
1241
- <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8" target="_blank">Download from the App Store and install it</a>
1242
- </li>
1243
- </ol>
1244
- <div style="font-size: 18px !important;">Now open and configure Google Authenticator.</div>
1245
- <ol class="mo2f_ordered_list">
1246
- <li class="mo2f_list">In Google Authenticator, tap "+", and then "Scan Barcode."</li>
1247
- <li class="mo2f_list">Use your phone's camera to scan this barcode.
1248
- <br><div id="displayQrCode" >
1249
- <center>
1250
- <?php echo '<img src="data:image/jpg;base64,' . $data . '" />'; ?>
1251
- </center>
1252
- </div>
1253
- <br>
1254
- <a data-toggle="collapse" href="#mo2f_scanbarcode_i" aria-expanded="false" ><b>Can't scan the barcode? </b></a>
1255
- <div class="mo2f_collapse" id="mo2f_scanbarcode_i" >
1256
- <ol class="mo2f_ordered_list">
1257
- <li class="mo2f_list">In Google Authenticator, tap +.</li>
1258
- <li class="mo2f_list">Key type: make sure "Time-based" is selected.</li>
1259
- <li class="mo2f_list">In "Account" type your full email address.</li>
1260
- <li class="mo2f_list">In "Key" type your secret key:</li>
1261
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
1262
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
1263
- <?php echo $ga_secret; ?>
1264
- </div>
1265
- <div style="font-size: 80%;color: #666666;">
1266
- Spaces don't matter.
1267
- </div>
1268
- </div>
1269
- <li class="mo2f_list">Tap Add.</li>
1270
- </ol>
1271
- </div>
1272
- </li>
1273
- </ol>
1274
- <br>
1275
-
1276
- </div>
1277
- <div id="mo2f_blackberry_div" style="<?php echo $mo2f_google_auth['ga_phone'] == 'blackberry' ? 'display:block' : 'display:none'; ?>">
1278
- <div style="font-size: 18px !important;"><b>Install the Google Authenticator app for BlackBerry</b></div>
1279
-
1280
- <ol class="mo2f_ordered_list">
1281
- <li class="mo2f_list">On your phone, open a web browser.Go to <b>m.google.com/authenticator.</b></li>
1282
- <li class="mo2f_list">Download and install the Google Authenticator application.</li>
1283
- </ol>
1284
- <div style="font-size: 18px !important;">Now open and configure Google Authenticator.</div>
1285
- <ol class="mo2f_ordered_list">
1286
- <li class="mo2f_list">In Google Authenticator, select Manual key entry.</li>
1287
- <li class="mo2f_list">In "Enter account name" type your full email address.</li>
1288
- <li class="mo2f_list">In "Enter key" type your secret key:</li>
1289
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
1290
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
1291
- <?php echo $ga_secret; ?>
1292
- </div>
1293
- <div style="font-size: 80%;color: #666666;">
1294
- Spaces don't matter.
1295
- </div>
1296
- </div>
1297
- <li class="mo2f_list">Choose Time-based type of key.</li>
1298
- <li class="mo2f_list">Tap Save.</li>
1299
- </ol>
1300
- </div>
1301
- <br>
1302
- </td>
1303
- <td class="mo2f_separator mo2f_ga_table"></td>
1304
- <td style="vertical-align:top;border: none !important;">
1305
- <div style="<?php echo isset($_SESSION['mo2f_google_auth']) ? 'display:block' : 'display:none'; ?>">
1306
- <div style="font-size: 18px !important;"><b>Verify and Save</b></div><br/>
1307
- <div style="font-size: 15px !important;">Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app</div>
1308
- <span style="font-size:16px;"><b>Code: </b>
1309
- <input class="mo2f_table_textbox_1" autofocus="true" required="true" type="text" id="google_token" name="google_token" placeholder="Enter OTP" /></span><br /><br/>
1310
-
1311
- <input type="button" name="validate" id="validate" class="button" onclick="mo2f_inline_verify_ga_code();" value="Verify and Save" />
1312
-
1313
- </div>
1314
- </td>
1315
- <tr>
1316
- </table>
1317
- </div>
1318
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
1319
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
1320
- <?php }?>
1321
- </div><!-- /.modal-content -->
1322
- </div><!-- /.modal-dialog -->
1323
- </div><!-- /.modal -->
1324
- <style>
1325
- .woocommerce .woocommerce-error {
1326
- display: none !important;
1327
- }
1328
- .modal-backdrop{
1329
- z-index: 0 !important;
1330
- }
1331
- .mo2f_ga_table{
1332
- width: 1px !important;
1333
- border-right: none !important;
1334
- border-top: none !important;
1335
- border-bottom: none !important;
1336
- }
1337
- </style>
1338
- <script>
1339
- jQuery('.woocommerce-error').hide();
1340
- jQuery('#myModal10').modal('show');
1341
-
1342
- function mologinback(){
1343
- jQuery('#mo2f_2fa_form_close').submit();
1344
- }
1345
- jQuery('#mo2f_inline_back_btn').click(function() {
1346
- jQuery('#mo2f_goto_two_factor_form').submit();
1347
- });
1348
- jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
1349
- var selectedPhone = jQuery(this).val();
1350
- document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
1351
- jQuery('#mo2f_inline_app_type_ga_form').submit();
1352
- });
1353
- function mo2f_inline_verify_ga_code(){
1354
- var token = jQuery('#google_token').val();
1355
- document.getElementById("mo2f_inline_verify_ga_code_form").elements[0].value = token;
1356
- jQuery('#mo2f_inline_verify_ga_code_form').submit();
1357
- }
1358
-
1359
- jQuery('#google_token').keypress(function(e){
1360
- if(e.which == 13){//Enter key pressed
1361
- e.preventDefault();
1362
- var token = jQuery('#google_token').val();
1363
- document.getElementById("mo2f_inline_verify_ga_code_form").elements[0].value = token;
1364
- jQuery('#mo2f_inline_verify_ga_code_form').submit();
1365
- }
1366
-
1367
- });
1368
- </script>
1369
- <?php }
1370
- function prompt_user_for_phone_setup_frontend($current_user){
1371
- $opt = (array) get_option('mo2f_auth_methods_for_users');
1372
- ?>
1373
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal8">
1374
- <div class="mo2f-modal-backdrop"></div>
1375
- <div class="mo2f_modal-dialog mo2f_modal-md">
1376
- <div class="mo2f_modal-content">
1377
- <div class="mo2f_modal-header">
1378
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1379
- Verify Your Phone</h4>
1380
- </div>
1381
- <div class="mo2f_modal-body">
1382
- <p style="font-size: 15px !important;"><?php echo $_SESSION['mo2f-login-message']; ?></p>
1383
-
1384
- <div class="mo_margin_left">
1385
- <div class="mo2f_row">
1386
- <div style="font-size:20px">Enter your phone number</div>
1387
- <input class="mo2f_textbox" type="text" name="verify_phone" id="phone" style="padding-left:40px!important;height:30px !important;"
1388
- value="<?php if( isset($_SESSION['mo2f_phone'])){ echo $_SESSION['mo2f_phone'];} else echo get_user_meta($current_user,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" title="Enter phone number without any space or dashes" />
1389
- <br />
1390
- <input type="button" name="verify" onclick="moinlineverifyphone();" class="button" value="Verify" />
1391
- </div>
1392
- <br />
1393
- <div class="mo2f_row">
1394
- <div style="font-size:20px" >Enter One Time Passcode</div>
1395
-
1396
- <input class="mo2f_textbox" style="width:170px !important;height:30px !important;border-radius: 4px !important;" autofocus="true" type="text" name="otp_token" placeholder="Enter OTP" id="otp_token"/>
1397
- <?php if (get_user_meta($current_user, 'mo2f_selected_2factor_method',true) == 'SMS'){ ?>
1398
- <a href="#resendsmslink">Resend OTP ?</a>
1399
- <?php } else {?>
1400
- <a href="#resendsmslink">Call Again ?</a>
1401
- <?php } ?><br>
1402
-
1403
- </div><br />
1404
- <?php if (sizeof($opt) > 1) { ?>
1405
- <input type="button" name="back" id="mo2f_inline_back_btn" class="button" value="Back" />
1406
- <?php } ?>
1407
- <input type="button" name="validate" onclick="moverifyotp();" class="button" value="Validate OTP" />
1408
- </div>
1409
- <br><br>
1410
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
1411
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
1412
- <?php }?>
1413
- </div>
1414
-
1415
-
1416
- </div><!-- /.modal-content -->
1417
- </div><!-- /.modal-dialog -->
1418
- </div><!-- /.modal -->
1419
- <style>
1420
- .woocommerce .woocommerce-error {
1421
- display: none !important;
1422
- }
1423
- .modal-backdrop{
1424
- z-index: 0 !important;
1425
- }
1426
- </style>
1427
- <script>
1428
- jQuery('.woocommerce-error').hide();
1429
- jQuery('#myModal8').modal('show');
1430
- jQuery("#phone").intlTelInput();
1431
- function mologinback(){
1432
- jQuery('#mo2f_2fa_form_close').submit();
1433
- }
1434
-
1435
- jQuery('#mo2f_inline_back_btn').click(function() {
1436
- jQuery('#mo2f_goto_two_factor_form').submit();
1437
- });
1438
-
1439
- jQuery('a[href=\"#resendsmslink\"]').click(function(e) {
1440
- jQuery('#mo2fa_inline_resend_otp_form').submit();
1441
- });
1442
-
1443
- function moinlineverifyphone(){
1444
- var phone = jQuery('#phone').val();
1445
- document.getElementById("mo2f_inline_verifyphone_form").elements[0].value = phone;
1446
- jQuery('#mo2f_inline_verifyphone_form').submit();
1447
- }
1448
-
1449
- jQuery('#phone').keypress(function(e){
1450
- if(e.which == 13){//Enter key pressed
1451
- e.preventDefault();
1452
- var phone = jQuery('#phone').val();
1453
- document.getElementById("mo2f_inline_verifyphone_form").elements[0].value = phone;
1454
- jQuery('#mo2f_inline_verifyphone_form').submit();
1455
- }
1456
-
1457
- });
1458
-
1459
- function moverifyotp(){
1460
- var otp = jQuery('#otp_token').val();
1461
- document.getElementById("mo2f_inline_validateotp_form").elements[0].value = otp;
1462
- jQuery('#mo2f_inline_validateotp_form').submit();
1463
- }
1464
-
1465
- jQuery('#otp_token').keypress(function(e){
1466
- if(e.which == 13){//Enter key pressed
1467
- e.preventDefault();
1468
- var otp = jQuery('#otp_token').val();
1469
- document.getElementById("mo2f_inline_validateotp_form").elements[0].value = otp;
1470
- jQuery('#mo2f_inline_validateotp_form').submit();
1471
- }
1472
-
1473
- });
1474
-
1475
- </script>
1476
-
1477
-
1478
-
1479
- <?php }
1480
- function prompt_user_for_miniorange_app_setup_frontend($current_user){
1481
- $opt = (array) get_option('mo2f_auth_methods_for_users');
1482
- $user = isset($_SESSION['mo2f_current_user']) ? unserialize($_SESSION['mo2f_current_user']) : null;
1483
- ?>
1484
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal9">
1485
- <div class="mo2f-modal-backdrop"></div>
1486
- <div class="mo2f_modal-dialog mo2f_modal-lg" style="margin:0px auto !important;">
1487
- <div class="mo2f_modal-content">
1488
- <div class="mo2f_modal-header">
1489
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1490
- Setup miniOrange Authenticator App</h4>
1491
- </div>
1492
- <div class="mo2f_modal-body">
1493
- <div style="font-size: 15px !important;"><?php echo $_SESSION['mo2f-login-message']; ?></div>
1494
-
1495
- <?php download_instruction_for_mobile_app($user); ?>
1496
- <div class="mo_margin_left">
1497
- <div style="font-size:15px !important;"><b>Step-2 : Scan QR code</b></div><hr class="mo_hr">
1498
- <div id="mo2f_configurePhone" style="font-size: 15px !important;">Please click on 'Configure your phone' button below to scan QR Code.
1499
- <br>
1500
- <?php if (sizeof($opt) > 1) { ?>
1501
- <input type="button" name="back" id="mo2f_inline_back_btn" class="button" value="Back" />
1502
- <?php } ?>
1503
- <input type="button" name="submit" onclick="moconfigureapp();" class="button" value="Configure your phone" />
1504
- </div>
1505
-
1506
- <?php
1507
- if(isset($_SESSION[ 'mo2f_show_qr_code' ]) && $_SESSION[ 'mo2f_show_qr_code' ] == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
1508
- initialize_inline_mobile_registration_frontend(); ?>
1509
- <script>jQuery("#mo2f_app_div").hide();</script>
1510
- <?php } ?>
1511
-
1512
- </div>
1513
-
1514
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
1515
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
1516
- <?php }?>
1517
- </div>
1518
- </div><!-- /.modal-content -->
1519
- </div><!-- /.modal-dialog -->
1520
- </div><!-- /.modal -->
1521
- <style>
1522
- .woocommerce .woocommerce-error {
1523
- display: none !important;
1524
- }
1525
- .modal-backdrop{
1526
- z-index: 0 !important;
1527
- }
1528
- #mo2f_inline_table td{
1529
- border: none !important;
1530
- }
1531
- #mo2f_phone_id{
1532
- margin: 0px !important;
1533
- }
1534
- </style>
1535
- <script>
1536
- jQuery('.woocommerce-error').hide();
1537
- jQuery('#myModal9').modal('show');
1538
-
1539
- function mologinback(){
1540
- jQuery('#mo2f_2fa_form_close').submit();
1541
- }
1542
-
1543
- function moconfigureapp(){
1544
- jQuery('#mo2f_inline_configureapp_form').submit();
1545
- }
1546
- jQuery('#mo2f_inline_back_btn').click(function() {
1547
- jQuery('#mo2f_goto_two_factor_form').submit();
1548
- });
1549
- </script>
1550
-
1551
-
1552
- <?php }
1553
- function initialize_inline_mobile_registration_frontend(){
1554
- $data = $_SESSION[ 'mo2f-login-qrCode' ];
1555
- $url = get_option('mo2f_host_name');
1556
- $opt = (array) get_option('mo2f_auth_methods_for_users');
1557
- ?>
1558
-
1559
- <p style="font-size: 15px !important;">Open your <b>miniOrange Authenticator</b> app and click on <b>Configure button</b> to scan the QR Code. Your phone should have internet connectivity to scan QR code.</p>
1560
- <div class="red">
1561
- <p style="font-size: 15px !important;color: red;">I am not able to scan the QR code, <a data-toggle="collapse" href="#mo2f_scanqrcode" aria-expanded="false" >click here </a></p></div>
1562
- <div class="mo2f_collapse" id="mo2f_scanqrcode" style="padding-left:15px !important;">
1563
- Follow these instructions below and try again.
1564
- <ol>
1565
- <li>Make sure your desktop screen has enough brightness.</li>
1566
- <li>Open your app and click on Configure button to scan QR Code again.</li>
1567
- <li>If you get cross mark on QR Code then click on 'Refresh QR Code' link.</li>
1568
- </ol>
1569
- </div>
1570
-
1571
- <a href="#mo2f_refreshQRCode" style="font-size: 15px !important;">Click here to Refresh QR Code.</a>
1572
- <div id="displayInlineQrCode" style="margin-left:300px;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
1573
- </div>
1574
- <?php
1575
- if (sizeof($opt) > 1) { ?>
1576
- <input type="button" name="back" id="mo2f_inline_back_to_btn" class="button" value="Back" />
1577
- <?php } ?>
1578
-
1579
-
1580
-
1581
- <script>
1582
- jQuery('#mo2f_inline_back_to_btn').click(function() {
1583
- jQuery('#mo2f_goto_two_factor_form').submit();
1584
- });
1585
- jQuery('a[href=\"#mo2f_refreshQRCode\"]').click(function(e) {
1586
- jQuery('#mo2f_inline_configureapp_form').submit();
1587
- });
1588
- jQuery("#mo2f_configurePhone").hide();
1589
- var timeout;
1590
- pollInlineMobileRegistration();
1591
- function pollInlineMobileRegistration()
1592
- {
1593
- var transId = "<?php echo $_SESSION[ 'mo2f-login-transactionId' ]; ?>";
1594
- var jsonString = "{\"txId\":\""+ transId + "\"}";
1595
- var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
1596
- jQuery.ajax({
1597
- url: postUrl,
1598
- type : "POST",
1599
- dataType : "json",
1600
- data : jsonString,
1601
- contentType : "application/json; charset=utf-8",
1602
- success : function(result) {
1603
- var status = JSON.parse(JSON.stringify(result)).status;
1604
- if (status == 'SUCCESS') {
1605
- var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , __FILE__ );?>" + "' /></div>";
1606
- jQuery("#displayInlineQrCode").empty();
1607
- jQuery("#displayInlineQrCode").append(content);
1608
- setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
1609
- } else if (status == 'ERROR' || status == 'FAILED') {
1610
- var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
1611
- jQuery("#displayInlineQrCode").empty();
1612
- jQuery("#displayInlineQrCode").append(content);
1613
- jQuery("#messages").empty();
1614
-
1615
- jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
1616
- } else {
1617
- timeout = setTimeout(pollInlineMobileRegistration, 3000);
1618
- }
1619
- }
1620
- });
1621
- }
1622
- </script>
1623
- <?php }
1624
-
1625
- function prompt_user_for_kba_setup_frontend($current_user){
1626
- $opt = (array) get_option('mo2f_auth_methods_for_users'); ?>
1627
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal11">
1628
- <div class="mo2f-modal-backdrop"></div>
1629
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1630
- <div class="mo2f_modal-content">
1631
- <div class="mo2f_modal-header">
1632
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1633
- Setup Security Questions (KBA)</h4>
1634
- </div>
1635
- <div class="mo2f_modal-body">
1636
- <p id="validation_msg"><?php echo $_SESSION['mo2f-login-message']; ?></p>
1637
- <div class="mo_margin_left">
1638
- <?php mo2f_configure_kba_questions(); ?>
1639
- <br />
1640
- <?php if (sizeof($opt) > 1) { ?>
1641
- <input type="button" name="back" id="mo2f_inline_back_btn" class="button" value="Back" />
1642
- <?php } ?>
1643
- <input type="button" name="validate" onclick="moinlinesavekba();" class="button" value="Save" />
1644
- </div>
1645
-
1646
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
1647
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
1648
- <?php }?>
1649
- </div>
1650
- </div><!-- /.modal-content -->
1651
- </div><!-- /.modal-dialog -->
1652
- </div><!-- /.modal -->
1653
- <style>
1654
- .woocommerce .woocommerce-error {
1655
- display: none !important;
1656
- }
1657
- .modal-backdrop{
1658
- z-index: 0 !important;
1659
- }
1660
- </style>
1661
- <script>
1662
- jQuery('.woocommerce-error').hide();
1663
- jQuery('#myModal11').modal('show');
1664
-
1665
- function mologinback(){
1666
- jQuery('#mo2f_2fa_form_close').submit();
1667
- }
1668
-
1669
- function moinlinesavekba(){
1670
- var kba_1 = jQuery('#mo2f_kbaquestion_1').val();
1671
- var kba_2 = jQuery('#mo2f_kba_ans1').val();
1672
- var kba_3 = jQuery('#mo2f_kbaquestion_2').val();
1673
- var kba_4 = jQuery('#mo2f_kba_ans2').val();
1674
- var kba_5 = jQuery('#mo2f_kbaquestion_3').val();
1675
- var kba_6 = jQuery('#mo2f_kba_ans3').val();
1676
-
1677
- var regx = /^[a-zA-z0-9_@.$#&+-\s]*$/;
1678
-
1679
- if(!(kba_2.match(regx) && kba_4.match(regx) && kba_6.match(regx))){
1680
- jQuery('#validation_msg').append("Only alphanumeric letters with special characters (_@.$#&amp;+-) are allowed.");
1681
- return;
1682
- }
1683
-
1684
- document.getElementById("mo2f_inline_save_kba_form").elements[0].value = kba_1;
1685
- document.getElementById("mo2f_inline_save_kba_form").elements[1].value = kba_2;
1686
- document.getElementById("mo2f_inline_save_kba_form").elements[2].value = kba_3;
1687
- document.getElementById("mo2f_inline_save_kba_form").elements[3].value = kba_4;
1688
- document.getElementById("mo2f_inline_save_kba_form").elements[4].value = kba_5;
1689
- document.getElementById("mo2f_inline_save_kba_form").elements[5].value = kba_6;
1690
- document.getElementById("mo2f_inline_save_kba_form").elements[6].value = '';
1691
- jQuery('#mo2f_inline_save_kba_form').submit();
1692
- }
1693
- jQuery('#mo2f_inline_back_btn').click(function() {
1694
- jQuery('#mo2f_goto_two_factor_form').submit();
1695
- });
1696
- </script>
1697
-
1698
- <?php }
1699
-
1700
- function prompt_user_for_setup_success_frontend($id){
1701
- $mo2f_second_factor = get_user_meta($id,'mo2f_selected_2factor_method',true);
1702
- if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1703
- $mo2f_second_factor = 'Email Verification';
1704
- }else if($mo2f_second_factor == 'SMS'){
1705
- $mo2f_second_factor = 'OTP over SMS';
1706
- }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1707
- $mo2f_second_factor = 'Phone Call Verification';
1708
- }else if($mo2f_second_factor == 'SOFT TOKEN'){
1709
- $mo2f_second_factor = 'Soft Token';
1710
- }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1711
- $mo2f_second_factor = 'QR Code Authentication';
1712
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1713
- $mo2f_second_factor = 'Push Notification';
1714
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1715
- $mo2f_second_factor = 'Google Authenticator';
1716
- }else if($mo2f_second_factor == 'AUTHY 2-FACTOR AUTHENTICATION'){
1717
- $mo2f_second_factor = 'Authy 2-Factor Authentication';
1718
- }else if($mo2f_second_factor == 'KBA'){
1719
- $mo2f_second_factor = 'Security Questions (KBA)';
1720
- }
1721
- $status = get_user_meta($id,'mo_2factor_user_registration_status',true);
1722
- ?>
1723
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="mo2f_modal_inline_setup">
1724
- <div class="mo2f-modal-backdrop"></div>
1725
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1726
- <div class="mo2f_modal-content">
1727
- <div class="mo2f_modal-header">
1728
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="Back to login" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1729
- Two Factor Setup Complete</h4>
1730
- </div>
1731
- <div class="mo2f_modal-body">
1732
- <?php if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1733
- ?>
1734
- <center>
1735
- <h4 style="font-size: 20px !important;><b style="color:#7EAFB7;"><?php echo $mo2f_second_factor; ?> </b>has been set your Two Factor method for login.<br>
1736
- Next time when you will login, you will be prompted <?php echo $mo2f_second_factor; ?> as your 2nd factor.
1737
- </h4><br />
1738
- </center>
1739
-
1740
- <?php } if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1741
- ?><center><div id="validation_msg" style="color:red;"></div></center>
1742
- <div id="mo2f_show_kba_reg" class="mo2f_inline_padding">
1743
- <div id="mo2f_kba_browser">
1744
- <div class="mo2fa_display_message_frontend"> Please set your security questions. It will be used as an alternate login or backup method for all authentication methods. It will also be used as 2nd factor when you will try to login from mobile browser.</div>
1745
- </div>
1746
- <?php echo isset($_SESSION[ 'mo2f-login-message' ]) ? '<p style="color:red;" >' . $_SESSION[ 'mo2f-login-message' ] . '</p>': '';?>
1747
- <?php mo2f_configure_kba_questions(); ?>
1748
- <input type="button" name="validate" onclick="moinlinesavekba();" class="button" value="Save" />
1749
- </div>
1750
- <?php }
1751
- if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ ?>
1752
- <center>
1753
- <br /><br />
1754
- <div style="font-size: 16px !important"><a href="#mo2f_login_account">Click Here</a></div><div style="font-size: 16px !important">to sign-in into your account.</div>
1755
- <br>
1756
- </center>
1757
- <?php } ?>
1758
- <?php if(get_option('mo2f_disable_poweredby') != 1 ){?>
1759
- <div class="mo2f_powered_by_div"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><div class="mo2f_powered_by_miniorange" style="background-image: url('<?php if(get_option('mo2f_enable_custom_poweredby')==1) echo site_url().'/wp-content/uploads/custom.png'; else echo plugins_url('/includes/images/miniOrange2.png',__FILE__); ?>');"></div></a></div>
1760
- <?php }?>
1761
- </div>
1762
-
1763
- </div>
1764
- </div>
1765
- </div>
1766
- <style>
1767
- .woocommerce .woocommerce-error {
1768
- display: none !important;
1769
- }
1770
- .modal-backdrop{
1771
- z-index: 0 !important;
1772
- }
1773
- .mo2f_kba_table{
1774
- table-layout: auto !important;
1775
- }
1776
- .mo2f_kba_table td{
1777
- border: none !important;
1778
- }
1779
- </style>
1780
- <script>
1781
- jQuery('.woocommerce-error').hide();
1782
- jQuery('#mo2f_modal_inline_setup').modal('show');
1783
-
1784
-
1785
- jQuery('a[href=\"#mo2f_login_account\"]').click(function(e) {
1786
- jQuery('#mo2f_inline_register_skip_form').submit();
1787
- });
1788
- function moinlinesavekba(){
1789
- var kba_1 = jQuery('#mo2f_kbaquestion_1').val();
1790
- var kba_2 = jQuery('#mo2f_kba_ans1').val();
1791
- var kba_3 = jQuery('#mo2f_kbaquestion_2').val();
1792
- var kba_4 = jQuery('#mo2f_kba_ans2').val();
1793
- var kba_5 = jQuery('#mo2f_kbaquestion_3').val();
1794
- var kba_6 = jQuery('#mo2f_kba_ans3').val();
1795
-
1796
- var regx = /^[a-zA-z0-9_@.$#&+-\s]*$/;
1797
-
1798
- if(!(kba_2.match(regx) && kba_4.match(regx) && kba_6.match(regx))){
1799
- jQuery('#validation_msg').empty().append("Only alphanumeric letters with special characters (_@.$#&amp;+-) are allowed.");
1800
- return;
1801
- }
1802
-
1803
- document.getElementById("mo2f_inline_save_kba_form").elements[0].value = kba_1;
1804
- document.getElementById("mo2f_inline_save_kba_form").elements[1].value = kba_2;
1805
- document.getElementById("mo2f_inline_save_kba_form").elements[2].value = kba_3;
1806
- document.getElementById("mo2f_inline_save_kba_form").elements[3].value = kba_4;
1807
- document.getElementById("mo2f_inline_save_kba_form").elements[4].value = kba_5;
1808
- document.getElementById("mo2f_inline_save_kba_form").elements[5].value = kba_6;
1809
- document.getElementById("mo2f_inline_save_kba_form").elements[6].value = 'mo2f_inline_kba_registration';
1810
- jQuery('#mo2f_inline_save_kba_form').submit();
1811
- }
1812
- function mologinback(){
1813
- jQuery('#mo2f_2fa_form_close').submit();
1814
- }
1815
- </script>
1816
- <?php
1817
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: miniOrange
3
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4
  Requires at least: 3.0.1
5
  Tested up to: 4.7.3
6
- Stable tag: 4.3.4
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -240,6 +240,11 @@ miniOrange authentication service has 15+ authentication methods.One time passco
240
 
241
  == Changelog ==
242
 
 
 
 
 
 
243
  = 4.3.1 =
244
  * Google Authenticator (Two Factor): Compatible upto 4.7
245
 
@@ -423,6 +428,12 @@ More descriptive setup messages and UI changes.
423
 
424
  == Upgrade Notice ==
425
 
 
 
 
 
 
 
426
  = 4.3.2 =
427
  * Google Authenticator (Two Factor): Revised licensing cost for users.
428
 
3
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4
  Requires at least: 3.0.1
5
  Tested up to: 4.7.3
6
+ Stable tag: 4.4
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
240
 
241
  == Changelog ==
242
 
243
+ = 4.4 =
244
+ * Google Authenticator (2FA):
245
+ * Compatibility with Limit Login Attempts.
246
+ * New User Interface for login.
247
+
248
  = 4.3.1 =
249
  * Google Authenticator (Two Factor): Compatible upto 4.7
250
 
428
 
429
  == Upgrade Notice ==
430
 
431
+ = 4.4 =
432
+ * Google Authenticator (2FA):
433
+ * Note: This is very important update having altogether new UI and compatibility with Limit Login Attempts. After updating, please do not logout from your admin dashboard. Try to login from another browser and if you face any issue , please contact us at info@miniorange.com
434
+ * Compatibility with Limit Login Attempts.
435
+ * New User Interface for login.
436
+
437
  = 4.3.2 =
438
  * Google Authenticator (Two Factor): Revised licensing cost for users.
439