Google Authenticator – WordPress Two Factor Authentication (2FA) -

Version Description

Google Authenticator (2FA) : Added Alert Message for SMS Transactions. Fixed Remember Device flow and confliction with themes. Added support for multiple instances of wordpress.

Release Info

Developer	cyberlord92
Plugin	Google Authenticator – WordPress Two Factor Authentication (2FA)
Version	4.4.8
Comparing to
See all releases

Code changes from version 4.4.7 to 4.4.8

Files changed (8) hide show

class-customer-setup.php +61 -1
class-miniorange-2-factor-pass2fa-login.php +5 -13
class-two-factor-setup.php +1 -0
includes/js/rba/js/miniorange-fp.js +1 -1
miniorange_2_factor_mobile_configuration.php +43 -1
miniorange_2_factor_settings.php +90 -9
readme.txt +4 -1
uninstall.php +2 -0

class-customer-setup.php CHANGED Viewed

@@ -175,7 +175,7 @@ class Customer_Setup{
             			$message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
             			return json_encode(array("status"=>'ERROR',"message"=>$message));
+            		}
-            -
             		$url = get_option('mo2f_host_name') . '/moas/api/auth/challenge';
             		$ch = curl_init($url);
@@ -249,6 +249,66 @@ class Customer_Setup{
             		   return null;
+            		}
             		curl_close($ch);
             		return $content;
+            	}


175	$message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
176	return json_encode(array("status"=>'ERROR',"message"=>$message));
177	}
178	+
179	$url = get_option('mo2f_host_name') . '/moas/api/auth/challenge';
180	$ch = curl_init($url);
181

249	return null;
250	}
251	curl_close($ch);
252	+
253	+ return $content;
254	+ }
255	+
256	+ function get_customer_transactions($cKey,$apiKey){
257	+
258	+ $url = get_option('mo2f_host_name') . '/moas/rest/customer/license';
259	+ $ch = curl_init($url);
260	+
261	+ $customerKey = $cKey;
262	+ $apiKey = $apiKey;
263	+
264	+ $currentTimeInMillis = round(microtime(true) * 1000);
265	+
266	+
267	+ $stringToHash = $customerKey . number_format($currentTimeInMillis, 0, '', '') . $apiKey;
268	+ $hashValue = hash("sha512", $stringToHash);
269	+
270	+ $customerKeyHeader = "Customer-Key: " . $customerKey;
271	+ $timestampHeader = "Timestamp: " . number_format($currentTimeInMillis, 0, '', '');
272	+ $authorizationHeader = "Authorization: " . $hashValue;
273	+
274	+
275	+ $fields = '';
276	+ $fields = array(
277	+ 'customerId' => $customerKey,
278	+ 'applicationName' => 'wp_2fa',
279	+ 'licenseType' => 'DEMO'
280	+ );
281	+
282	+ $field_string = json_encode($fields);
283	+
284	+ curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
285	+ curl_setopt( $ch, CURLOPT_ENCODING, "" );
286	+ curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
287	+ curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
288	+ curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false );
289	+ curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls
290	+
291	+ curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
292	+ curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", $customerKeyHeader, $timestampHeader, $authorizationHeader));
293	+ curl_setopt( $ch, CURLOPT_POST, true);
294	+ curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string);
295	+ curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5);
296	+ curl_setopt( $ch, CURLOPT_TIMEOUT, 20);
297	+
298	+
299	+ / Proxy Details /
300	+ if ( defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ) ){
301	+ curl_setopt( $ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP );
302	+ curl_setopt( $ch, CURLOPT_PROXY, WP_PROXY_HOST );
303	+ curl_setopt( $ch, CURLOPT_PROXYPORT, WP_PROXY_PORT );
304	+ }
305	+
306	+ $content = curl_exec($ch);
307	+ if(curl_errno($ch))
308	+ return null;
309	+
310	+ curl_close($ch);
311	+
312	return $content;
313	}
314

class-miniorange-2-factor-pass2fa-login.php CHANGED Viewed

	@@ -497,6 +497,9 @@ class Miniorange_Password_2Factor_Login{
497	}
498
499	function mo2f_check_username_password($user, $username, $password, $redirect_to=null){



500	if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
501	$currentuser = wp_authenticate_username_password($user, $username, $password);
502	if (is_wp_error($currentuser)) {
	@@ -508,6 +511,7 @@ class Miniorange_Password_2Factor_Login{
508	}else{
509	$currentuser = wp_authenticate_username_password($user, $username, $password);
510	if (is_wp_error($currentuser)) {

511	return $currentuser;
512	}else{
513
	@@ -574,18 +578,6 @@ class Miniorange_Password_2Factor_Login{
574
575	function mo_2_factor_enable_jquery_default_login(){
576	wp_enqueue_script('jquery');
577	-
578	- if(get_option('mo2f_deviceid_enabled')){
579	- wp_enqueue_script( 'jquery_script', plugins_url('includes/js/rba/js/jquery-1.9.1.js', __FILE__ ), array(), '', true);
580	- wp_enqueue_script( 'flash_script', plugins_url('includes/js/rba/js/jquery.flash.js', __FILE__ ), array(), '', true);
581	- wp_enqueue_script( 'uaparser_script', plugins_url('includes/js/rba/js/ua-parser.js', __FILE__ ), array(), '', true);
582	- wp_enqueue_script( 'client_script', plugins_url('includes/js/rba/js/client.js', __FILE__ ), array(), '', true);
583	- wp_enqueue_script( 'device_script', plugins_url('includes/js/rba/js/device_attributes.js', __FILE__ ), array(), '', true);
584	- wp_enqueue_script( 'swf_script', plugins_url('includes/js/rba/js/swfobject.js', __FILE__ ), array(), '', true);
585	- wp_enqueue_script( 'font_script', plugins_url('includes/js/rba/js/fontdetect.js', __FILE__ ), array(), '', true);
586	- wp_enqueue_script( 'murmur_script', plugins_url('includes/js/rba/js/murmurhash3.js', __FILE__ ), array(), '', true);
587	- wp_enqueue_script( 'miniorange_script', plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ), array('swf_script'), '', true);
588	- }
589	}
590
591
	@@ -699,7 +691,7 @@ class Miniorange_Password_2Factor_Login{
699	if(json_last_error() == JSON_ERROR_NONE) {
700	if($response['status'] == 'SUCCESS'){
701	$message = $mo2f_second_factor == 'SMS' ? 'The OTP has been sent to '. MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . '. Please enter the OTP you received to Validate.' : 'You will receive phone call on ' . MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . ' with OTP. Please enter the OTP to Validate.';
702	-
703	$_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
704
705	$mo2fa_login_message = $message;


497	}
498
499	function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
500	+ if(is_a($user, 'WP_Error') && !empty($user)){
501	+ return $user;
502	+ }
503	if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
504	$currentuser = wp_authenticate_username_password($user, $username, $password);
505	if (is_wp_error($currentuser)) {

511	}else{
512	$currentuser = wp_authenticate_username_password($user, $username, $password);
513	if (is_wp_error($currentuser)) {
514	+ $currentuser->add('invalid_username_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
515	return $currentuser;
516	}else{
517

578
579	function mo_2_factor_enable_jquery_default_login(){
580	wp_enqueue_script('jquery');












581	}
582
583

691	if(json_last_error() == JSON_ERROR_NONE) {
692	if($response['status'] == 'SUCCESS'){
693	$message = $mo2f_second_factor == 'SMS' ? 'The OTP has been sent to '. MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . '. Please enter the OTP you received to Validate.' : 'You will receive phone call on ' . MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . ' with OTP. Please enter the OTP to Validate.';
694	+ update_option( 'mo2f_number_of_transactions', get_option('mo2f_number_of_transactions')-1);
695	$_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
696
697	$mo2fa_login_message = $message;

class-two-factor-setup.php CHANGED Viewed

	@@ -114,6 +114,7 @@ class Two_Factor_Setup{
114	$authorizationHeader = "Authorization: " . $hashValue;
115
116	$fields = array(

117	'username' => $this->email
118	);
119


114	$authorizationHeader = "Authorization: " . $hashValue;
115
116	$fields = array(
117	+ 'customerId' => $customerKey,
118	'username' => $this->email
119	);
120

includes/js/rba/js/miniorange-fp.js CHANGED Viewed

	@@ -13,7 +13,7 @@ function initializeJS() {
13	fontCollectionObjectDiv.style.width = "0px";
14	fontCollectionObjectDiv.style.height = "0px";
15
16	- fontCollectionObjectDiv.innerHTML = "<object id='FontList' width='1' height='1' codebase='http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab'> <param name='movie' value='/wp-content/plugins/miniorange-2-factor-authentication/includes/js/rba/js/fonts.swf' /> <param name='quality' value='high' /> <param name='bgcolor' value='#869ca7' /> <param name='allowScriptAccess' value='always' /> <embed src='/wp-content/plugins/miniorange-2-factor-authentication/includes/js/rba/js/fonts.swf' quality='high' bgcolor='#869ca7' width='1' height='1' name='fonts' align='middle' play='true' loop='false' quality='high' allowScriptAccess='always' type='application/x-shockwave-flash' pluginspage='http://www.macromedia.com/go/getflashplayer'> </embed> </object>";
17
18	document.body.appendChild(fontCollectionObjectDiv);
19


13	fontCollectionObjectDiv.style.width = "0px";
14	fontCollectionObjectDiv.style.height = "0px";
15
16	+ fontCollectionObjectDiv.innerHTML = "<object id='FontList' width='1' height='1' codebase='http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab'> <param name='movie' value='wp-content/plugins/miniorange-2-factor-authentication/includes/js/rba/js/fonts.swf' /> <param name='quality' value='high' /> <param name='bgcolor' value='#869ca7' /> <param name='allowScriptAccess' value='always' /> <embed src='wp-content/plugins/miniorange-2-factor-authentication/includes/js/rba/js/fonts.swf' quality='high' bgcolor='#869ca7' width='1' height='1' name='fonts' align='middle' play='true' loop='false' quality='high' allowScriptAccess='always' type='application/x-shockwave-flash' pluginspage='http://www.macromedia.com/go/getflashplayer'> </embed> </object>";
17
18	document.body.appendChild(fontCollectionObjectDiv);
19

miniorange_2_factor_mobile_configuration.php CHANGED Viewed

	@@ -11,6 +11,44 @@
11	<?php }
12	}
13






































14	function mo2f_get_activated_second_factor($current_user){
15	if(get_user_meta($current_user->ID,'mo_2factor_mobile_registration_status',true) == 'MO_2_FACTOR_SUCCESS'){
16	//checking this option for existing users
	@@ -29,7 +67,7 @@
29	update_option( 'mo2f_message', $userinfo['message']);
30	$mo2f_second_factor = 'NONE';
31	}else if($userinfo['status'] == 'SUCCESS'){
32	- $mo2f_second_factor = $userinfo~~['authType']~~;
33	}else if($userinfo['status'] == 'FAILED'){
34	$mo2f_second_factor = 'NONE';
35	update_option( 'mo2f_message','Your account has been removed.Please contact your administrator.');
	@@ -43,6 +81,7 @@
43	}else{
44	$mo2f_second_factor = 'NONE';
45	}

46	return $mo2f_second_factor;
47	}
48	}
	@@ -855,6 +894,7 @@
855	<div class="mo2f_thumbnail">
856	<label title="Supported in Smartphones only">
857	<input type="radio" name="mo2f_selected_2factor_method" style="margin:5px;" value="PUSH NOTIFICATIONS" <?php checked($mo2f_second_factor == 'PUSH NOTIFICATIONS');

858	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' \|\| get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ){
859	} else{ echo 'disabled'; } ?> />
860	Push Notification
	@@ -862,6 +902,7 @@
862	<p>
863	You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.
864	</p>

865	<?php if(get_user_meta($current_user->ID,'mo2f_mobile_registration_status',true)){ ?>
866	<div class="configuredSmart" id="PUSH_NOTIFICATIONS" title="supported in smartphone">
867	<a href="#reconfigure" data-method="PUSH NOTIFICATIONS" >Reconfigure</a> \| <a href="#test" data-method="PUSH NOTIFICATIONS">Test</a>
	@@ -885,6 +926,7 @@
885	<p>
886	You have to enter 6 digits code generated by Google Authenticator App to login. Supported in Smartphones only.
887	</p>

888	<?php if(get_user_meta($current_user->ID,'mo2f_google_authentication_status',true)){ ?>
889	<div class="configuredSmart" id="GOOGLE_AUTHENTICATOR" title="supported in smartphone">
890	<a href="#reconfigure" data-method="GOOGLE AUTHENTICATOR" >Reconfigure</a> \| <a href="#test" data-method="GOOGLE AUTHENTICATOR">Test</a>


11	<?php }
12	}
13
14	+ function mo2f_update_and_sync_user_two_factor($user_id, $userinfo){
15	+
16	+ $mo2f_second_factor = isset($userinfo['authType']) && !empty($userinfo['authType']) ? $userinfo['authType'] : 'NONE';
17	+
18	+ if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
19	+ update_user_meta($user_id,'mo2f_email_verification_status',true);
20	+ }else if ($mo2f_second_factor == 'SMS'){
21	+ $phone_num = $userinfo['phone'];
22	+ $_SESSION['mo2f_phone'] = $phone_num;
23	+ update_user_meta($user_id,'mo2f_otp_registration_status',true);
24	+ }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
25	+ $phone_num = $userinfo['phone'];
26	+ $_SESSION['mo2f_phone'] = $phone_num;
27	+ update_user_meta($user_id,'mo2f_otp_registration_status',true);
28	+ }else if ($mo2f_second_factor == 'SOFT TOKEN'){
29	+ update_user_meta($user_id,'mo2f_mobile_registration_status',true);
30	+ }else if ($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
31	+ update_user_meta($user_id,'mo2f_mobile_registration_status',true);
32	+ }else if ($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
33	+ update_user_meta($user_id,'mo2f_mobile_registration_status',true);
34	+ }else if ($mo2f_second_factor == 'KBA'){
35	+ update_user_meta($user_id,'mo2f_kba_registration_status',true);
36	+ }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
37	+ $app_type = get_user_meta($user_id,'mo2f_external_app_type',true);
38	+ if($app_type == 'GOOGLE AUTHENTICATOR'){
39	+ update_user_meta($user_id,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
40	+ update_user_meta($user_id,'mo2f_google_authentication_status',true);
41	+ }else if($app_type == 'AUTHY 2-FACTOR AUTHENTICATION'){
42	+ update_user_meta($user_id,'mo2f_external_app_type','AUTHY 2-FACTOR AUTHENTICATION');
43	+ update_user_meta($user_id,'mo2f_authy_authentication_status',true);
44	+ }else{
45	+ update_user_meta($user_id,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
46	+ update_user_meta($user_id,'mo2f_google_authentication_status',true);
47	+ }
48	+ }
49	+ return $mo2f_second_factor;
50	+ }
51	+
52	function mo2f_get_activated_second_factor($current_user){
53	if(get_user_meta($current_user->ID,'mo_2factor_mobile_registration_status',true) == 'MO_2_FACTOR_SUCCESS'){
54	//checking this option for existing users

67	update_option( 'mo2f_message', $userinfo['message']);
68	$mo2f_second_factor = 'NONE';
69	}else if($userinfo['status'] == 'SUCCESS'){
70	+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor($current_user->ID, $userinfo);
71	}else if($userinfo['status'] == 'FAILED'){
72	$mo2f_second_factor = 'NONE';
73	update_option( 'mo2f_message','Your account has been removed.Please contact your administrator.');

81	}else{
82	$mo2f_second_factor = 'NONE';
83	}
84	+
85	return $mo2f_second_factor;
86	}
87	}

894	<div class="mo2f_thumbnail">
895	<label title="Supported in Smartphones only">
896	<input type="radio" name="mo2f_selected_2factor_method" style="margin:5px;" value="PUSH NOTIFICATIONS" <?php checked($mo2f_second_factor == 'PUSH NOTIFICATIONS');
897	+
898	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' \|\| get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ){
899	} else{ echo 'disabled'; } ?> />
900	Push Notification

902	<p>
903	You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.
904	</p>
905	+
906	<?php if(get_user_meta($current_user->ID,'mo2f_mobile_registration_status',true)){ ?>
907	<div class="configuredSmart" id="PUSH_NOTIFICATIONS" title="supported in smartphone">
908	<a href="#reconfigure" data-method="PUSH NOTIFICATIONS" >Reconfigure</a> \| <a href="#test" data-method="PUSH NOTIFICATIONS">Test</a>

926	<p>
927	You have to enter 6 digits code generated by Google Authenticator App to login. Supported in Smartphones only.
928	</p>
929	+
930	<?php if(get_user_meta($current_user->ID,'mo2f_google_authentication_status',true)){ ?>
931	<div class="configuredSmart" id="GOOGLE_AUTHENTICATOR" title="supported in smartphone">
932	<a href="#reconfigure" data-method="GOOGLE AUTHENTICATOR" >Reconfigure</a> \| <a href="#test" data-method="GOOGLE AUTHENTICATOR">Test</a>

miniorange_2_factor_settings.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: http://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6	- * Version: 4.4.7
7	* Author: miniOrange
8	* Author URI: http://miniorange.com
9	* License: GPL2
	@@ -35,6 +35,8 @@ class Miniorange_Authentication {
35	add_option( 'mo2f_activate_plugin', 1 );
36	add_option( 'mo2f_login_policy', 1 );
37	add_option( 'mo2f_msg_counter', 1 );


38	add_option( 'mo2f_modal_display', 0);
39	add_option( 'mo2f_enable_forgotphone', 1);
40	add_option( 'mo2f_enable_xmlrpc', 0);
	@@ -48,6 +50,9 @@ class Miniorange_Authentication {
48	remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
49	remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
50	add_action('wp_logout', array( $this, 'mo_2_factor_endsession'));



51
52	global $wp_roles;
53	if (!isset($wp_roles))
	@@ -112,6 +117,40 @@ class Miniorange_Authentication {
112	}
113	}
114


































115
116	function mo_2_factor_endsession() {
117	update_option('mo2f-login-message','You are now logged out');
	@@ -130,6 +169,8 @@ class Miniorange_Authentication {
130	delete_option('mo2f_customer_token');
131	delete_option('mo_2factor_admin_registration_status');
132	delete_option('mo2f_miniorange_admin');


133	global $current_user;
134
135	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');
	@@ -301,10 +342,14 @@ class Miniorange_Authentication {
301	$customerKey = json_decode($customer->check_customer(), true);
302	if($customerKey['status'] == 'ERROR'){
303	update_option( 'mo2f_message', $customerKey['message']);

304	$this->mo_auth_show_error_message();
305	}else{

306	if( strcasecmp( $customerKey['status'], 'CUSTOMER_NOT_FOUND') == 0 ){ //customer not found then send OTP to verify email

307	$content = json_decode($customer->send_otp_token(get_option('mo2f_email'),'EMAIL',$this->defaultCustomerKey,$this->defaultApiKey), true);

308	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
309
310	update_option( 'mo2f_message', 'An OTP has been sent to <b>' . ( get_option('mo2f_email') ) . '</b>. Please enter the OTP below to verify your email. ');
	@@ -343,9 +388,16 @@ class Miniorange_Authentication {
343	update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
344
345	$enduser = new Two_Factor_Setup();
346	- ~~$enduser->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,'API_2FA',true);~~
347	- ~~update_user_meta~~($current_user->ID,'~~mo2f_email_verification_status~~',true);
348	- ~~update_option(~~ ~~'mo2f_message', 'Your account has been retrieved successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\"admin.php?page~~=~~miniOrange_2_factor_settings&mo2f_tab=mobile_configure\"~~ ~~>Click Here </a>to configure another 2nd factor authentication method.~~');







349	$this->mo_auth_show_success_message();
350	}else{
351	delete_option( 'mo2f_email');
	@@ -413,9 +465,15 @@ class Miniorange_Authentication {
413	update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
414
415	$enduser = new Two_Factor_Setup();
416	- $enduser->~~mo2f_update_userinfo~~(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), ~~'OUT OF BAND EMAIL',null,'API_2FA',~~true);
417	- ~~update_user_meta(~~$~~current_user->ID,~~'~~mo2f_email_verification_status~~'~~,true)~~;
418	- ~~update_option~~( ~~'mo2f_message',~~ 'Your account has been retrieved successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\" >Click Here </a>to configure another 2nd factor authentication method.');






419	$this->mo_auth_show_success_message();
420	}else{
421	update_option( 'mo2f_message', 'Invalid email or password. Please try again.');
	@@ -699,11 +757,31 @@ class Miniorange_Authentication {
699	$this->mo_auth_show_error_message();
700	}
701
702	-


















703	}
704

705	}
706

707	if(isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_user_otp"){ //resend OTP over email for additional admin and non-admin user
708	$customer = new Customer_Setup();
709	$content = json_decode($customer->send_otp_token(get_user_meta($current_user->ID,'mo_2factor_user_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
	@@ -932,6 +1010,7 @@ class Miniorange_Authentication {
932	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
933	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
934	update_option( 'mo2f_message', 'An OTP has been sent to <b>' . ( $phone ) . '</b>. Please enter the one time passcode below. ');

935	}else if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'PHONE VERIFICATION'){
936	update_option( 'mo2f_message','You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below.');
937	}
	@@ -1382,7 +1461,7 @@ class Miniorange_Authentication {
1382	}
1383
1384	$content = json_decode($customer->send_otp_token($phone,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
1385	-
1386	if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
1387	if($content['status'] == 'ERROR'){
1388	update_option( 'mo2f_message', $response['message']);
	@@ -1392,6 +1471,7 @@ class Miniorange_Authentication {
1392
1393	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
1394	update_option( 'mo2f_message','The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.');

1395	}else if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true)== 'PHONE VERIFICATION'){
1396	update_option( 'mo2f_message','You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below to verify your number.');
1397	}
	@@ -1476,6 +1556,7 @@ class Miniorange_Authentication {
1476
1477	if(isset($_POST['option']) && $_POST['option'] == 'mo2f_save_2factor_method'){ // configure 2nd factor for all users
1478	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange',true) == 'SUCCESS'){

1479	if($_POST['mo2f_selected_2factor_method'] == 'OUT OF BAND EMAIL' && !current_user_can('manage_options')){
1480	$this->miniorange_email_verification_call($current_user);
1481	}


3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: http://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6	+ * Version: 4.4.8
7	* Author: miniOrange
8	* Author URI: http://miniorange.com
9	* License: GPL2

35	add_option( 'mo2f_activate_plugin', 1 );
36	add_option( 'mo2f_login_policy', 1 );
37	add_option( 'mo2f_msg_counter', 1 );
38	+ add_option( 'mo2f_number_of_transactions', 1);
39	+ add_option( 'mo2f_set_transactions', 0);
40	add_option( 'mo2f_modal_display', 0);
41	add_option( 'mo2f_enable_forgotphone', 1);
42	add_option( 'mo2f_enable_xmlrpc', 0);

50	remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
51	remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
52	add_action('wp_logout', array( $this, 'mo_2_factor_endsession'));
53	+ add_action('admin_notices', array($this,'get_customer_SMS_transactions'));
54	+
55	+
56
57	global $wp_roles;
58	if (!isset($wp_roles))

117	}
118	}
119
120	+ function get_customer_SMS_transactions()
121	+ {
122	+
123	+ if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'){
124	+ if(!get_option('mo2f_set_transactions')){
125	+ $customer = new Customer_Setup();
126	+
127	+ $content = json_decode($customer->get_customer_transactions(get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
128	+
129	+ update_option( 'mo2f_set_transactions', 1);
130	+ if(!array_key_exists('smsRemaining', $content)){
131	+ $smsRemaining = 0;
132	+ }
133	+ else{
134	+ $smsRemaining = $content['smsRemaining'];
135	+
136	+ if ($smsRemaining == null) {
137	+ $smsRemaining = 0;
138	+ }
139	+ }
140	+ update_option( 'mo2f_number_of_transactions', $smsRemaining);
141	+ }
142	+ else {
143	+ $smsRemaining = get_option('mo2f_number_of_transactions');
144	+ }
145	+
146	+ $this->display_customer_transactions($smsRemaining);
147	+ }
148	+ }
149	+
150	+ function display_customer_transactions($content)
151	+ {
152	+ echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>miniOrange 2-Factor Plugin:</b> You have <b style="color:red">'.$content.' SMS transactions</b> remaining. <input type="submit" name="submit" value="Check Transactions" class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">Dismiss this notice.</span></button></div>';
153	+ }
154
155	function mo_2_factor_endsession() {
156	update_option('mo2f-login-message','You are now logged out');

169	delete_option('mo2f_customer_token');
170	delete_option('mo_2factor_admin_registration_status');
171	delete_option('mo2f_miniorange_admin');
172	+ delete_option('mo2f_number_of_transactions');
173	+ delete_option('mo2f_set_transactions');
174	global $current_user;
175
176	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');

342	$customerKey = json_decode($customer->check_customer(), true);
343	if($customerKey['status'] == 'ERROR'){
344	update_option( 'mo2f_message', $customerKey['message']);
345	+
346	$this->mo_auth_show_error_message();
347	}else{
348	+
349	if( strcasecmp( $customerKey['status'], 'CUSTOMER_NOT_FOUND') == 0 ){ //customer not found then send OTP to verify email
350	+
351	$content = json_decode($customer->send_otp_token(get_option('mo2f_email'),'EMAIL',$this->defaultCustomerKey,$this->defaultApiKey), true);
352	+
353	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
354
355	update_option( 'mo2f_message', 'An OTP has been sent to <b>' . ( get_option('mo2f_email') ) . '</b>. Please enter the OTP below to verify your email. ');

388	update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
389
390	$enduser = new Two_Factor_Setup();
391	+
392	+ $userinfo = json_decode($enduser->mo2f_get_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true)),true);
393	+ $mo2f_second_factor = 'NONE';
394	+ if(json_last_error() == JSON_ERROR_NONE){
395	+ if($userinfo['status'] == 'SUCCESS'){
396	+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor($current_user->ID, $userinfo);
397	+ }
398	+ }
399	+
400	+ update_option( 'mo2f_message', 'Your account has been retrieved successfully.<b> ' . $mo2f_second_factor . ' </b> has been set as your default 2nd factor method. <a href=\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\" >Click Here </a>to configure another 2nd factor authentication method.');
401	$this->mo_auth_show_success_message();
402	}else{
403	delete_option( 'mo2f_email');

465	update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
466
467	$enduser = new Two_Factor_Setup();
468	+ $userinfo = json_decode($enduser->mo2f_get_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true)),true);
469	+ $mo2f_second_factor = 'NONE';
470	+ if(json_last_error() == JSON_ERROR_NONE){
471	+ if($userinfo['status'] == 'SUCCESS'){
472	+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor($current_user->ID, $userinfo);
473	+ }
474	+ }
475	+
476	+ update_option( 'mo2f_message', 'Your account has been retrieved successfully.<b> ' . $mo2f_second_factor . ' </b> has been set as your default 2nd factor method. <a href=\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\" >Click Here </a>to configure another 2nd factor authentication method.');
477	$this->mo_auth_show_success_message();
478	}else{
479	update_option( 'mo2f_message', 'Invalid email or password. Please try again.');

757	$this->mo_auth_show_error_message();
758	}
759
760	+
761	+ }
762	+
763	+
764	+ if(isset($_POST['option']) and trim($_POST['option']) == "mo_auth_sync_sms_transactions") {
765	+ $customer = new Customer_Setup();
766	+ $content = json_decode($customer->get_customer_transactions(get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
767	+ if(!array_key_exists('smsRemaining', $content)){
768	+ $smsRemaining = 0;
769	+ }
770	+ else{
771	+ $smsRemaining = $content['smsRemaining'];
772	+
773	+ if ($smsRemaining == null) {
774	+ $smsRemaining = 0;
775	+ }
776	+ }
777	+
778	+ update_option( 'mo2f_number_of_transactions', $smsRemaining);
779	}
780
781	+
782	}
783
784	+
785	if(isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_user_otp"){ //resend OTP over email for additional admin and non-admin user
786	$customer = new Customer_Setup();
787	$content = json_decode($customer->send_otp_token(get_user_meta($current_user->ID,'mo_2factor_user_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);

1010	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
1011	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
1012	update_option( 'mo2f_message', 'An OTP has been sent to <b>' . ( $phone ) . '</b>. Please enter the one time passcode below. ');
1013	+ update_option( 'mo2f_number_of_transactions', get_option('mo2f_number_of_transactions')-1);
1014	}else if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'PHONE VERIFICATION'){
1015	update_option( 'mo2f_message','You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below.');
1016	}

1461	}
1462
1463	$content = json_decode($customer->send_otp_token($phone,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
1464	+
1465	if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
1466	if($content['status'] == 'ERROR'){
1467	update_option( 'mo2f_message', $response['message']);

1471
1472	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
1473	update_option( 'mo2f_message','The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.');
1474	+ update_option( 'mo2f_number_of_transactions', get_option('mo2f_number_of_transactions')-1);
1475	}else if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true)== 'PHONE VERIFICATION'){
1476	update_option( 'mo2f_message','You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below to verify your number.');
1477	}

1556
1557	if(isset($_POST['option']) && $_POST['option'] == 'mo2f_save_2factor_method'){ // configure 2nd factor for all users
1558	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange',true) == 'SUCCESS'){
1559	+
1560	if($_POST['mo2f_selected_2factor_method'] == 'OUT OF BAND EMAIL' && !current_user_can('manage_options')){
1561	$this->miniorange_email_verification_call($current_user);
1562	}

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: miniOrange
3	Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4	Requires at least: 3.0.1
5	Tested up to: 4.7.3
6	- Stable tag: 4.4.7
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -240,6 +240,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
240
241	== Changelog ==
242



243	= 4.4.7 =
244	* Google Authenticator (2FA) : Updated the error message for 2-factor configuration.
245


3	Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4	Requires at least: 3.0.1
5	Tested up to: 4.7.3
6	+ Stable tag: 4.4.8
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9

240
241	== Changelog ==
242
243	+ = 4.4.8 =
244	+ * Google Authenticator (2FA) : Added Alert Message for SMS Transactions. Fixed Remember Device flow and confliction with themes. Added support for multiple instances of wordpress.
245	+
246	= 4.4.7 =
247	* Google Authenticator (2FA) : Updated the error message for 2-factor configuration.
248

uninstall.php CHANGED Viewed

	@@ -86,6 +86,8 @@
86	delete_option( 'mo2f_enable_custom_icon' );
87	delete_option('mo2f_enable_mobile_support');
88	delete_option( 'mo2f_new_customer' );


89
90	//delete all stored key-value pairs for the roles
91	global $wp_roles;


86	delete_option( 'mo2f_enable_custom_icon' );
87	delete_option('mo2f_enable_mobile_support');
88	delete_option( 'mo2f_new_customer' );
89	+ delete_option( 'mo2f_number_of_transactions' );
90	+ delete_option( 'mo2f_set_transactions' );
91
92	//delete all stored key-value pairs for the roles
93	global $wp_roles;

Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 4.4.8

Version Description

Release Info

Code changes from version 4.4.7 to 4.4.8