Google Authenticator – WordPress Two Factor Authentication (2FA) -

Version Description

Google Authenticator (2FA) : Instructions for login in case user get locked out.

Release Info

Developer	cyberlord92
Plugin	Google Authenticator – WordPress Two Factor Authentication (2FA)
Version	4.4.6
Comparing to
See all releases

Code changes from version 4.4.5 to 4.4.6

Files changed (4) hide show

includes/css/bootstrap.min.css +1 -1
miniorange_2_factor_mobile_configuration.php +100 -5
miniorange_2_factor_settings.php +8 -6
readme.txt +5 -2

includes/css/bootstrap.min.css CHANGED Viewed

	@@ -515,4 +515,4 @@ button.mo2f_close {
515	border-radius: 4px;
516	padding: 1px 5px;
517	background: rgba(1, 145, 191, 0.117647);
518	- }


515	border-radius: 4px;
516	padding: 1px 5px;
517	background: rgba(1, 145, 191, 0.117647);
518	+ }

miniorange_2_factor_mobile_configuration.php CHANGED Viewed

@@ -234,6 +234,41 @@
             		</div>
             	<?php
+            	}
@@ -241,6 +276,12 @@
             			include_once('miniorange_2_factor_demo.php');
+            	}
             	function mo2f_show_instruction_to_allusers($current_user,$mo2f_second_factor){
             		if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
             			$mo2f_second_factor = 'Email Verification';
             		}else if($mo2f_second_factor == 'SMS'){
@@ -656,6 +697,33 @@
             			<p><b>Select any Two-Factor of your choice below and complete its setup. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_demo">Click here to see How To Setup ?</a></b>
             		</p>
             		<form name="f" method="post" action="" id="mo2f_2factor_form">
             			<table style="width:100%;">
             				<tr>
             					<td>
@@ -696,9 +764,12 @@
             					</td>
             					<td class="<?php if(!current_user_can('manage_options') && !(in_array("SMS", $opt))  ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
             						<div class="mo2f_thumbnail">
             							<label title="Supported in Smartphones, Feature Phones.">
-            -
            								<input type="radio"  name="mo2f_selected_2factor_method" style="margin:5px;" value="SMS" <?php checked($mo2f_second_factor == 'SMS');
             								if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' || get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ){
             											} else{ echo 'disabled'; } ?> />
             								OTP Over SMS<?php echo $random_mo_key ? '*<span style="float:right;"><a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_pricing" ><b>PREMIUM**</b></a></span>' :'';?>
@@ -937,16 +1008,32 @@
             						jQuery('#mo2f_2factor_form').submit();
+            					 }
             				<?php } if(get_user_meta($current_user->ID,'mo2f_otp_registration_status',true)) { ?>
-            -
            					 if(selectedMethod == 'SMS' || selectedMethod == 'PHONE VERIFICATION'){
             						jQuery('#mo2f_selected_2factor_method').val(selectedMethod);
             						jQuery('#mo2f_2factor_save_form').submit();
+            					 }
             				<?php } else{ ?>
-            -
            					if(selectedMethod == 'SMS' || selectedMethod == 'PHONE VERIFICATION'){
-            -
-            -
            						jQuery('#mo2f_2factor_form').submit();
+            					}
             				<?php } if(get_user_meta($current_user->ID,'mo2f_google_authentication_status',true)) { ?>
             					  if(selectedMethod == 'GOOGLE AUTHENTICATOR' ){
@@ -1691,6 +1778,14 @@
             		<div class="mo2f_table_layout">
             		<?php echo mo2f_check_if_registered_with_miniorange($current_user); ?>
             		<table class="mo2f_pricing_table">
             		<h2>Licensing Plans
             		<span style="float:right"><input type="button" name="ok_btn" id="ok_btn" class="button button-primary button-large" value="OK, Got It" onclick="window.location.href='admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure'" /></span>
             		</h2><hr>


234
235	</div>
236
237	+ <?php
238	+ }
239	+ function modal_display(){ ?>
240	+
241	+ <div id="smsAlertModal" class="mo2f_modal mo2f_modal_inner fade" role="dialog">
242	+ <div class="mo2f_modal-dialog">
243	+ <!-- Modal content-->
244	+ <div class="mo2f_modal-content" style="width:660px !important;">
245	+ <div class="mo2f_modal-header">
246	+ <button type="button" class="mo2f_close" data-dismiss="modal">×</button>
247	+ <h2 class="mo2f_modal-title">Please Note!</h2>
248	+ </div>
249	+ <div class="mo2f_modal-body">
250	+ <p>Only <b><u>10 free transactions</u></b> of OTP over SMS are provided in the free version, post which your account <b style="color: red;">will get locked out, if you do not buy more transactions</b>. We highly recommended you to go for the other Phone based authentication methods like <b>Soft Token/Push Notification/QR Code Authentication </b>since they are as secure as the <b>OTP OVER SMS</b> method, and they do not require purchase of more transactions.</p>
251	+ <ol style="list-style-type:circle">
252	+ <li>Setting up knowledge based questions (KBA) as an alternate login method will protect you in case your phone is not working or out of reach. <br />
253	+ <br>
254	+ <li><b>What to do in case you are locked out (Its common when you are setting up 2FA for the first time, so please read this).<br /></b/></li>
255	+ <b>Rename</b> the plugin by FTP access. Go to <b>wp-content/plugins folder</b> and rename miniorange-2-factor-authentication folder.<br /><br />
256	+ </li>
257	+ </ol>
258	+ </div>
259	+ <div class="mo2f_modal-footer">
260	+ <button type="button" class="button button-primary" data-dismiss="modal">I understand</button>
261	+ </div>
262	+ </div>
263	+ </div>
264	+ </div>
265	+
266	+ <script>
267	+ jQuery(function () {
268	+ jQuery('#smsAlertModal').modal('toggle');
269	+ });
270	+ </script>
271	+
272	<?php
273	}
274

276	include_once('miniorange_2_factor_demo.php');
277	}
278	function mo2f_show_instruction_to_allusers($current_user,$mo2f_second_factor){
279	+ //added for displying OTP over MS pop up to user
280	+ if(!get_option('mo2f_modal_display')){
281	+ modal_display();
282	+ update_option('mo2f_modal_display', 1);
283	+ }
284	+
285	if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
286	$mo2f_second_factor = 'Email Verification';
287	}else if($mo2f_second_factor == 'SMS'){

697	<p><b>Select any Two-Factor of your choice below and complete its setup. <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_demo">Click here to see How To Setup ?</a></b>
698	</p>
699	<form name="f" method="post" action="" id="mo2f_2factor_form">
700	+
701	+
702	+ <div id="smsAlertModal" class="mo2f_modal mo2f_modal_inner fade" role="dialog">
703	+ <div class="mo2f_modal-dialog">
704	+ <!-- Modal content-->
705	+ <div class="mo2f_modal-content" style="width:660px !important;">
706	+ <div class="mo2f_modal-header">
707	+ <button type="button" class="mo2f_close" data-dismiss="modal">×</button>
708	+ <h2 class="mo2f_modal-title">Please Note!</h2>
709	+ </div>
710	+ <div class="mo2f_modal-body">
711	+ <p>Only <b><u>10 free transactions</u></b> of OTP over SMS are provided in the free version, post which your account <b style="color: red;">will get locked out, if you do not buy more transactions</b>. We highly recommended you to go for the other Phone based authentication methods like <b>Soft Token/Push Notification/QR Code Authentication </b>since they are as secure as the <b>OTP OVER SMS</b> method, and they do not require purchase of more transactions.</p>
712	+ <ol style="list-style-type:circle">
713	+ <li>Setting up knowledge based questions (KBA) as an alternate login method will protect you in case your phone is not working or out of reach. <br />
714	+ <br>
715	+ <li><b>What to do in case you are locked out (Its common when you are setting up 2FA for the first time, so please read this).<br /></b/></li>
716	+ <b>Rename</b> the plugin by FTP access. Go to <b>wp-content/plugins folder</b> and rename miniorange-2-factor-authentication folder.<br /><br />
717	+ </li>
718	+ </ol>
719	+ </div>
720	+ <div class="mo2f_modal-footer">
721	+ <button type="button" class="button button-primary" id="moSMSModalbutton">I understand</button>
722	+ </div>
723	+ </div>
724	+ </div>
725	+ </div>
726	+
727	<table style="width:100%;">
728	<tr>
729	<td>

764
765	</td>
766	<td class="<?php if(!current_user_can('manage_options') && !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
767	+
768	+
769	+
770	<div class="mo2f_thumbnail">
771	<label title="Supported in Smartphones, Feature Phones.">
772	+ <input type="radio" name="mo2f_selected_2factor_method" style="margin:5px;" value="SMS" data-backdrop="static" data-toggle="modal" data-target="#smsAlertModal"<?php checked($mo2f_second_factor == 'SMS');
773	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' \|\| get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ){
774	} else{ echo 'disabled'; } ?> />
775	OTP Over SMS<?php echo $random_mo_key ? '<span style="float:right;"><a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_pricing" ><b>PREMIUM*</b></a></span>' :'';?>

1008	jQuery('#mo2f_2factor_form').submit();
1009	}
1010	<?php } if(get_user_meta($current_user->ID,'mo2f_otp_registration_status',true)) { ?>
1011	+ if(selectedMethod == 'PHONE VERIFICATION'){
1012	jQuery('#mo2f_selected_2factor_method').val(selectedMethod);
1013	jQuery('#mo2f_2factor_save_form').submit();
1014	}
1015
1016	<?php } else{ ?>
1017	+ if(selectedMethod == 'PHONE VERIFICATION'){
1018	+ jQuery('#mo2f_2factor_form').submit();

1019	}
1020	+
1021	+ <?php } if(get_user_meta($current_user->ID,'mo2f_otp_registration_status',true)) { ?>
1022	+ if(selectedMethod == 'SMS'){
1023	+ jQuery('#moSMSModalbutton').click( function() {
1024	+ jQuery('#mo2f_selected_2factor_method').val(selectedMethod);
1025	+ jQuery('#mo2f_2factor_save_form').submit();
1026	+ });
1027	+ }
1028	+
1029	+ <?php } else{ ?>
1030	+ if(selectedMethod == 'SMS'){
1031	+ jQuery('#moSMSModalbutton').click( function() {
1032	+ jQuery('#mo2f_2factor_form').submit();
1033	+ });
1034	+ }
1035	+
1036	+
1037
1038	<?php } if(get_user_meta($current_user->ID,'mo2f_google_authentication_status',true)) { ?>
1039	if(selectedMethod == 'GOOGLE AUTHENTICATOR' ){

1778	<div class="mo2f_table_layout">
1779	<?php echo mo2f_check_if_registered_with_miniorange($current_user); ?>
1780	<table class="mo2f_pricing_table">
1781	+
1782	+ <?php
1783	+ if(!get_option('mo2f_modal_display')){
1784	+ modal_display();
1785	+ update_option('mo2f_modal_display', 1);
1786	+ }
1787	+ ?>
1788	+
1789	<h2>Licensing Plans
1790	<span style="float:right"><input type="button" name="ok_btn" id="ok_btn" class="button button-primary button-large" value="OK, Got It" onclick="window.location.href='admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure'" /></span>
1791	</h2><hr>

miniorange_2_factor_settings.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: http://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6	- * Version: 4.4.5
7	* Author: miniOrange
8	* Author URI: http://miniorange.com
9	* License: GPL2
	@@ -35,6 +35,7 @@ class Miniorange_Authentication {
35	add_option( 'mo2f_activate_plugin', 1 );
36	add_option( 'mo2f_login_policy', 1 );
37	add_option( 'mo2f_msg_counter', 1 );

38	add_option( 'mo2f_enable_forgotphone', 1);
39	add_option( 'mo2f_enable_xmlrpc', 0);
40	add_option( 'mo2f_disable_poweredby',0);
	@@ -123,6 +124,7 @@ class Miniorange_Authentication {
123	delete_option('mo2f_email');
124	delete_option('mo2f_host_name');
125	delete_option('mo2f_phone');

126	delete_option('mo2f_customerKey');
127	delete_option('mo2f_api_key');
128	delete_option('mo2f_customer_token');
	@@ -440,7 +442,7 @@ class Miniorange_Authentication {
440	//Save txId
441
442	update_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account',$send_otp_response['txId']);
443	- update_user_meta($current_user->ID, 'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
444	if(get_user_meta($current_user->ID,'mo2f_sms_otp_count',true)){
445	update_user_meta($current_user->ID,'mo2f_sms_otp_count',get_user_meta($current_user->ID,'mo2f_sms_otp_count',true) + 1);
446	update_option('mo2f_message', 'Another One Time Passcode has been sent <b>( ' . get_user_meta($current_user->ID,'mo2f_sms_otp_count',true) . ' )</b> for verification to ' . $phone);
	@@ -451,10 +453,10 @@ class Miniorange_Authentication {
451
452	$this->mo_auth_show_success_message();
453	}else{
454	- update_option('mo2f_message','There was an error in sending sms. Please click on Resend OTP to try again.');
455	- update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_FAILURE');
456	- $this->mo_auth_show_error_message();
457	- }
458	}
459
460	if(isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_otp"){ //resend OTP over email for admin


3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: http://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6	+ * Version: 4.4.6
7	* Author: miniOrange
8	* Author URI: http://miniorange.com
9	* License: GPL2

35	add_option( 'mo2f_activate_plugin', 1 );
36	add_option( 'mo2f_login_policy', 1 );
37	add_option( 'mo2f_msg_counter', 1 );
38	+ add_option( 'mo2f_modal_display', 0);
39	add_option( 'mo2f_enable_forgotphone', 1);
40	add_option( 'mo2f_enable_xmlrpc', 0);
41	add_option( 'mo2f_disable_poweredby',0);

124	delete_option('mo2f_email');
125	delete_option('mo2f_host_name');
126	delete_option('mo2f_phone');
127	+ delete_option('mo2f_modal_display');
128	delete_option('mo2f_customerKey');
129	delete_option('mo2f_api_key');
130	delete_option('mo2f_customer_token');

442	//Save txId
443
444	update_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account',$send_otp_response['txId']);
445	+ update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
446	if(get_user_meta($current_user->ID,'mo2f_sms_otp_count',true)){
447	update_user_meta($current_user->ID,'mo2f_sms_otp_count',get_user_meta($current_user->ID,'mo2f_sms_otp_count',true) + 1);
448	update_option('mo2f_message', 'Another One Time Passcode has been sent <b>( ' . get_user_meta($current_user->ID,'mo2f_sms_otp_count',true) . ' )</b> for verification to ' . $phone);

453
454	$this->mo_auth_show_success_message();
455	}else{
456	+ update_option('mo2f_message','There was an error in sending sms. Please click on Resend OTP to try again.');
457	+ update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_FAILURE');
458	+ $this->mo_auth_show_error_message();
459	+ }
460	}
461
462	if(isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_otp"){ //resend OTP over email for admin

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: miniOrange
3	Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4	Requires at least: 3.0.1
5	Tested up to: 4.7.3
6	- Stable tag: 4.4.5
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -238,7 +238,10 @@ miniOrange authentication service has 15+ authentication methods.One time passco
238	8. Push Notification and Email Verification
239
240
241	- == Changelog ==



242
243	= 4.4.5 =
244	* Google Authenticator (2FA) : Fixed the issue of session variable on the login with username page.


3	Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4	Requires at least: 3.0.1
5	Tested up to: 4.7.3
6	+ Stable tag: 4.4.6
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9

238	8. Push Notification and Email Verification
239
240
241	+ == Changelog ==
242	+
243	+ = 4.4.6 =
244	+ * Google Authenticator (2FA) : Instructions for login in case user get locked out.
245
246	= 4.4.5 =
247	* Google Authenticator (2FA) : Fixed the issue of session variable on the login with username page.

Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 4.4.6

Version Description

Release Info

Code changes from version 4.4.5 to 4.4.6