Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 4.5.4

Version Description

  • Google Authenticator (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 4.5.4
Comparing to
See all releases

Code changes from version 4.5.3 to 4.5.4

Files changed (18) hide show
  1. class-customer-setup.php +1 -1
  2. class-miniorange-2-factor-user-registration.php +0 -270
  3. handlers/class-mo2f-alternate-login-kba.php +23 -0
  4. handlers/class-mo2f-forgot-phone.php +48 -0
  5. handlers/class-mo2f-kba-validate.php +60 -0
  6. handlers/class-mo2f-otp-validate.php +66 -0
  7. class-miniorange-2-factor-pass2fa-login.php → handlers/class-mo2f-pass2fa-login-helpers.php +246 -575
  8. handlers/class-mo2f-phone-offline.php +25 -0
  9. handlers/class-mo2f-qrcode-email-validate.php +43 -0
  10. handlers/class-mo2f-trust-device-cancel.php +21 -0
  11. handlers/class-mo2f-trust-device-confirm.php +27 -0
  12. includes/css/bootstrap.min.css +15 -1
  13. miniorange_2_factor_common_login.php +32 -29
  14. miniorange_2_factor_configuration.php +1 -1
  15. miniorange_2_factor_demo.php +0 -2
  16. miniorange_2_factor_settings.php +34 -9
  17. miniorange_2_factor_support.php +1 -0
  18. readme.txt +7 -1
class-customer-setup.php CHANGED
@@ -478,4 +478,4 @@ class Customer_Setup{
478
  }
479
 
480
 
481
- }?>
478
  }
479
 
480
 
481
+ }?>
class-miniorange-2-factor-user-registration.php DELETED
@@ -1,270 +0,0 @@
1
- <?Php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- Copyright (C) 2015 miniOrange
4
-
5
- This program is free software: you can redistribute it and/or modify
6
- it under the terms of the GNU General Public License as published by
7
- the Free Software Foundation, either version 3 of the License, or
8
- (at your option) any later version.
9
-
10
- This program is distributed in the hope that it will be useful,
11
- but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- GNU General Public License for more details.
14
-
15
- You should have received a copy of the GNU General Public License
16
- along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- This library is miniOrange Authentication Service.
22
- Contains Request Calls to Customer service.
23
-
24
- **/
25
- class Miniorange_User_Register{
26
-
27
- function __construct(){
28
- add_action( 'admin_init', array( $this, 'miniorange_user_save_settings' ) );
29
- add_action( 'admin_enqueue_scripts', array( $this, 'plugin_settings_style' ) );
30
- }
31
-
32
- function plugin_settings_style() {
33
- wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__));
34
- }
35
-
36
- function mo_auth_success_message() {
37
- $message = get_option('mo2f_message'); ?>
38
- <script>
39
-
40
- jQuery(document).ready(function() {
41
-
42
- var message = "<?php echo $message; ?>";
43
- jQuery('#messages').append("<div class='error notice is-dismissible mo2f_error_container'> <p class='mo2f_msgs'>" + message + "</p></div>");
44
- });
45
- </script>
46
- <?php
47
- }
48
-
49
- function mo_auth_error_message() {
50
- $message = get_option('mo2f_message'); ?>
51
- <script>
52
- jQuery(document).ready(function() {
53
-
54
- var message = "<?php echo $message; ?>";
55
- jQuery('#messages').append("<div class='updated notice is-dismissible mo2f_success_container'> <p class='mo2f_msgs'>" + message + "</p></div>");
56
-
57
- jQuery('a[href=\"#test\"]').click(function() {
58
- var currentMethod = jQuery(this).data("method");
59
-
60
- if(currentMethod == 'MOBILE AUTHENTICATION'){
61
- jQuery('#mo2f_2factor_test_mobile_form').submit();
62
- }else if(currentMethod == 'PUSH NOTIFICATIONS'){
63
- jQuery('#mo2f_2factor_test_push_form').submit();
64
- }else if(currentMethod == 'SOFT TOKEN'){
65
- jQuery('#mo2f_2factor_test_softtoken_form').submit();
66
- }else if(currentMethod == 'SMS' || currentMethod == 'PHONE VERIFICATION'){
67
- jQuery('#mo2f_test_2factor_method').val(currentMethod);
68
- jQuery('#mo2f_2factor_test_smsotp_form').submit();
69
- }else if(currentMethod == 'OUT OF BAND EMAIL'){
70
- jQuery('#mo2f_2factor_test_out_of_band_email_form').submit();
71
- }else if(currentMethod == 'GOOGLE AUTHENTICATOR'){
72
- jQuery('#mo2f_2factor_test_google_auth_form').submit();
73
- }
74
- });
75
-
76
- });
77
- </script>
78
- <?php
79
- }
80
-
81
- private function mo_auth_show_success_message() {
82
- remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
83
- add_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
84
- }
85
-
86
- private function mo_auth_show_error_message() {
87
- remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
88
- add_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
89
- }
90
-
91
- public function mo2f_register_user(){
92
- global $wpdb;
93
- global $current_user;
94
- $current_user = wp_get_current_user();
95
- if(mo_2factor_is_curl_installed()==0){ ?>
96
- <p style="color:red;">(Warning: <a href="http://php.net/manual/en/curl.installation.php" target="_blank">PHP CURL extension</a> is not installed or disabled)</p>
97
- <?php
98
- }
99
-
100
-
101
- $mo2f_active_tab = isset($_GET['mo2f_tab']) ? $_GET['mo2f_tab'] : '2factor_setup';
102
-
103
-
104
- ?>
105
- <div id="tab">
106
- <h2 class="nav-tab-wrapper">
107
- <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=2factor_setup" class="nav-tab <?php echo $mo2f_active_tab == '2factor_setup' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab1"><?php if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' || get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION' || get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ ?>User Profile <?php }else{ ?> Account Setup <?php } ?></a>
108
- <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure" class="nav-tab <?php echo $mo2f_active_tab == 'mobile_configure' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab2">Setup Two-Factor</a>
109
- <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_demo" class="nav-tab <?php echo $mo2f_active_tab == 'mo2f_demo' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab4">How To Setup</a>
110
- <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help" class="nav-tab <?php echo $mo2f_active_tab == 'mo2f_help' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab3">Help & Troubleshooting</a>
111
- </h2>
112
- </div>
113
-
114
- <div class="mo2f_container">
115
- <div id="messages"></div>
116
- <table style="width:100%;padding:10px;">
117
- <tr>
118
- <td style="width:60%;vertical-align:top;">
119
- <?php
120
-
121
- if($mo2f_active_tab == 'mobile_configure') {
122
-
123
- $mo2f_second_factor = mo2f_get_activated_second_factor($current_user);
124
- mo2f_select_2_factor_method($current_user,$mo2f_second_factor);
125
-
126
- ?>
127
- <script>
128
- jQuery(document).ready(function(){
129
- jQuery("#mo2f_support_table").hide();
130
- });
131
- </script>
132
- <?php
133
- }else if($mo2f_active_tab == 'mo2f_demo'){
134
- unset($_SESSION[ 'mo2f_google_auth' ]);
135
- unset($_SESSION[ 'mo2f_mobile_support' ]);
136
- show_2_factor_login_demo($current_user);
137
- }else if($mo2f_active_tab == 'mo2f_help'){
138
- unset($_SESSION[ 'mo2f_google_auth' ]);
139
- unset($_SESSION[ 'mo2f_mobile_support' ]);
140
- mo2f_show_help_and_troubleshooting($current_user);
141
- }else if(get_option('mo2f_deviceid_enabled' ) && $mo2f_active_tab == 'advance_option'){
142
- unset($_SESSION[ 'mo2f_google_auth' ]);
143
- unset($_SESSION[ 'mo2f_mobile_support' ]);
144
- show_2_factor_advanced_options($current_user); //Login Settings tab
145
- }else{
146
- unset($_SESSION[ 'mo2f_google_auth' ]);
147
- unset($_SESSION[ 'mo2f_mobile_support' ]);
148
- if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS' || get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'){
149
- mo2f_show_user_otp_validation_page();
150
- }else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION') {
151
- $mo2f_second_factor = mo2f_get_activated_second_factor($current_user);
152
- mo2f_show_instruction_to_allusers($current_user,$mo2f_second_factor);
153
- }else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
154
- mo2f_show_instruction_to_allusers($current_user,'NONE');
155
- }else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
156
- $mo2f_second_factor = mo2f_get_activated_second_factor($current_user);
157
- mo2f_show_instruction_to_allusers($current_user,$mo2f_second_factor);
158
- }else{
159
- show_user_welcome_page($current_user);
160
- }
161
- }
162
- ?>
163
- </td>
164
- <td style="vertical-align:top;padding-left:1%;" id="mo2f_support_table">
165
- </td>
166
- </tr>
167
- </table>
168
- </div>
169
- <?php
170
- }
171
-
172
- function miniorange_user_save_settings() {
173
- global $wpdb;
174
- global $current_user;
175
- $current_user = wp_get_current_user();
176
-
177
- if(!current_user_can('manage_options')){
178
- if(isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_user_otp"){ //validate OTP
179
- //validation and sanitization
180
- $otp_token = '';
181
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
182
- update_option( 'mo2f_message', 'All the fields are required. Please enter valid entries.');
183
- $this->mo_auth_show_error_message();
184
- return;
185
- } else{
186
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
187
- }
188
-
189
- if(!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID,'mo_2factor_user_email',true))){
190
- $customer = new Customer_Setup();
191
- $transactionId = get_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account',true);
192
- $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
193
- if($content['status'] == 'ERROR'){
194
- update_option( 'mo2f_message', $content['message']);
195
- delete_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account');
196
- }else{
197
- if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode
198
- $this->mo2f_create_user($current_user,get_user_meta($current_user->ID,'mo_2factor_user_email',true));
199
- delete_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account');
200
- }else{ // OTP Validation failed.
201
- update_option( 'mo2f_message','Invalid OTP. Please try again.');
202
- update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_FAILURE');
203
- $this->mo_auth_show_error_message();
204
- }
205
- }
206
-
207
- }else{
208
- update_option('mo2f_message','The email is already used by other user. Please register with other email by clicking on Back button.');
209
- $this->mo_auth_show_error_message();
210
- }
211
- }
212
- }
213
-
214
- }
215
-
216
- function mo2f_create_user($current_user,$email){ //creating user in miniOrange of wordpress non-admin
217
- $email = strtolower($email);
218
- $enduser = new Two_Factor_Setup();
219
- $check_user = json_decode($enduser->mo_check_user_already_exist($email),true);
220
- if(json_last_error() == JSON_ERROR_NONE){
221
- if($check_user['status'] == 'ERROR'){
222
- update_option( 'mo2f_message', $check_user['message']);
223
- $this->mo_auth_show_error_message();
224
- }else{
225
- if(strcasecmp($check_user['status'], 'USER_FOUND') == 0){
226
- delete_user_meta($current_user->ID,'mo_2factor_user_email');
227
- update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
228
- update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',$email);
229
- update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
230
- $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,null,null);
231
- $message = 'You are registered successfully. <a href=\"admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure\" >Click Here </a>to configure 2nd factor authentication method.';
232
- update_option( 'mo2f_message', $message);
233
- $this->mo_auth_show_success_message();
234
-
235
- }else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
236
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
237
- if(json_last_error() == JSON_ERROR_NONE) {
238
- if($content['status'] == 'ERROR'){
239
- update_option( 'mo2f_message', $content['message']);
240
- }else{
241
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
242
- delete_user_meta($current_user->ID,'mo_2factor_user_email');
243
- update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
244
- update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',$email);
245
- update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
246
- $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,null,null);
247
- $message = 'You are registered successfully. <a href=\"admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure\" >Click Here </a>to configure 2nd factor authentication method.';
248
- update_option( 'mo2f_message', $message);
249
- $this->mo_auth_show_success_message();
250
- }else{
251
- update_option( 'mo2f_message','Error occurred while registering the user. Please try again.');
252
- $this->mo_auth_show_error_message();
253
- }
254
- }
255
- }else{
256
- update_option( 'mo2f_message','Error occurred while registering the user. Please try again or contact your admin.');
257
- $this->mo_auth_show_error_message();
258
- }
259
- }else{
260
- update_option( 'mo2f_message','Error occurred while registering the user. Please try again.');
261
- $this->mo_auth_show_error_message();
262
- }
263
- }
264
- }else{
265
- update_option( 'mo2f_message','Error occurred while registering the user. Please try again.');
266
- $this->mo_auth_show_error_message();
267
- }
268
- }
269
-
270
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-alternate-login-kba.php ADDED
@@ -0,0 +1,23 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - When the user clicks on "Didn't receive email?".
6
+ * For authentication methods: Email Verification
7
+ *
8
+ */
9
+
10
+ class Miniorange_alternate_login_kba{
11
+
12
+ function miniorange_init_alternate_login_kba(){
13
+
14
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
15
+ $two_factor_login->miniorange_pass2login_start_session();
16
+
17
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
18
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
19
+ $two_factor_login->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
20
+
21
+ }
22
+ }
23
+ ?>
handlers/class-mo2f-forgot-phone.php ADDED
@@ -0,0 +1,48 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - when the user clicks on 'Forgot Phone'.
6
+ * For authentication methods: OTP Over SMS, Soft Token, QR Code Authentication, Push
7
+ * Notification, Google Authenticator and Authy Authenticator.
8
+ *
9
+ */
10
+
11
+ class Miniorange_forgot_phone_login{
12
+
13
+ function miniorange_init_forgot_phone(){
14
+
15
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
16
+ $two_factor_login->miniorange_pass2login_start_session();
17
+
18
+ $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
19
+
20
+ $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
21
+ $mo2fa_login_message = '';
22
+
23
+ $customer = new Customer_Setup();
24
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
25
+ $id = $current_user->ID;
26
+ if(get_user_meta($id,'mo2f_kba_registration_status',true)){
27
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
28
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
29
+ $pass2fa_login->mo2f_pass2login_kba_verification($id, $redirect_to);
30
+ }else{
31
+ $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
32
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
33
+ unset($_SESSION[ 'mo2f-login-qrCode' ]);
34
+ unset($_SESSION[ 'mo2f-login-transactionId' ]);
35
+ $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
36
+ $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
37
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
38
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
39
+ }else{
40
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
41
+ }
42
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
43
+ }
44
+
45
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
46
+ }
47
+ }
48
+ ?>
handlers/class-mo2f-kba-validate.php ADDED
@@ -0,0 +1,60 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - during validation of KBA Answers.
6
+ * For authentication methods: KBA ( Knowledge Based Answers ), Email Verification(Didn't
7
+ * receive email).
8
+ *
9
+ */
10
+
11
+ class Miniorange_validate_KBA_login{
12
+
13
+ function miniorange_init_kba_validate(){
14
+
15
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
16
+ $two_factor_login->miniorange_pass2login_start_session();
17
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ): null;
18
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
19
+
20
+ if(isset($_SESSION[ 'mo2f_current_user' ])){
21
+ if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) || MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
22
+ $mo2fa_login_message = 'Please provide both the answers.';
23
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
24
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
25
+ }
26
+
27
+ $otpToken = array();
28
+ $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
29
+ $otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
30
+ $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
31
+ $otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
32
+ $check_trust_device = isset($_POST[ 'mo2f_trust_device' ] ) ? $_POST[ 'mo2f_trust_device' ] : 'false';
33
+
34
+ $kba_validate = new Customer_Setup();
35
+ $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $_SESSION[ 'mo2f-login-transactionId' ], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
36
+
37
+ if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
38
+ if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'on'){
39
+ try{
40
+ mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
41
+ }catch(Exception $e){
42
+ echo $e->getMessage();
43
+ }
44
+ $two_factor_login->mo2fa_pass2login($redirect_to);
45
+ }else{
46
+ $two_factor_login->mo2fa_pass2login($redirect_to);
47
+ }
48
+ }else{
49
+ $mo2fa_login_message = 'The answers you have provided are incorrect.';
50
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
51
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
52
+ }
53
+ }else{
54
+ $two_factor_login->remove_current_activity();
55
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
56
+ }
57
+ }
58
+ }
59
+
60
+ ?>
handlers/class-mo2f-otp-validate.php ADDED
@@ -0,0 +1,66 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - when the user has to validate the One Time Passcode entered.
6
+ * For authentication methods: OTP Over SMS, Soft Token, Google Authenticator and Authy Authenticator.
7
+ *
8
+ */
9
+
10
+ class Miniorange_validate_OTP_login{
11
+
12
+ function miniorange_init_otp_validate(){
13
+
14
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
15
+ $two_factor_login->miniorange_pass2login_start_session();
16
+
17
+ $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
18
+ $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
19
+ $softtoken = '';
20
+ if( MO2f_utility::mo2f_check_empty_or_null( $_POST[ 'mo2fa_softtoken' ] ) ) {
21
+ $mo2fa_login_message = 'Please enter OTP to proceed.';
22
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to);
23
+ } else{
24
+ $softtoken = sanitize_text_field( $_POST[ 'mo2fa_softtoken' ] );
25
+ if(!MO2f_utility::mo2f_check_number_length($softtoken)){
26
+ $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
27
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to);
28
+ }
29
+ }
30
+
31
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
32
+ if(isset($_SESSION[ 'mo2f_current_user' ])){
33
+ $customer = new Customer_Setup();
34
+ $content ='';
35
+ if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
36
+ $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
37
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
38
+ $content = json_decode($customer->validate_otp_token( 'SMS', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
39
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
40
+ $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
41
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
42
+ $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
43
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
44
+ $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
45
+ }else{
46
+ $two_factor_login->remove_current_activity();
47
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.'));
48
+ }
49
+ }
50
+
51
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
52
+ if(get_option('mo2f_deviceid_enabled')){
53
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
54
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
55
+ }else{
56
+ $two_factor_login->mo2fa_pass2login($redirect_to);
57
+ }
58
+ }else{
59
+
60
+ $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
61
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $message, $redirect_to);
62
+ }
63
+
64
+ }
65
+ }
66
+ ?>
class-miniorange-2-factor-pass2fa-login.php → handlers/class-mo2f-pass2fa-login-helpers.php RENAMED
@@ -1,33 +1,13 @@
1
- <?Php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- Copyright (C) 2015 miniOrange
4
 
5
- This program is free software: you can redistribute it and/or modify
6
- it under the terms of the GNU General Public License as published by
7
- the Free Software Foundation, either version 3 of the License, or
8
- (at your option) any later version.
9
-
10
- This program is distributed in the hope that it will be useful,
11
- but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- GNU General Public License for more details.
14
-
15
- You should have received a copy of the GNU General Public License
16
- along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
  */
20
- /**
21
- This library is miniOrange Authentication Service.
22
- Contains Request Calls to Customer service.
23
-
24
- **/
25
- include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
26
- include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
27
-
28
 
29
  class Miniorange_Password_2Factor_Login{
30
-
31
  function remove_current_activity(){
32
  unset($_SESSION[ 'mo2f_current_user' ]);
33
  unset($_SESSION[ 'mo2f_1stfactor_status' ]);
@@ -63,495 +43,66 @@ class Miniorange_Password_2Factor_Login{
63
  session_start();
64
  }
65
  }
66
-
67
-
68
- public function miniorange_pass2login_redirect() {
69
-
70
- if(!get_option('mo2f_login_policy')){
71
-
72
- if (isset($_POST['miniorange_login_nonce'])){
73
- $nonce = $_POST['miniorange_login_nonce'];
74
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
75
- $this->remove_current_activity();
76
- $error = new WP_Error();
77
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
78
- return $error;
79
- } else {
80
- $this->miniorange_pass2login_start_session();
81
- $mobile_login = new Miniorange_Mobile_Login();
82
- //validation and sanitization
83
- $username = '';
84
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
85
- $_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
86
- $mobile_login->mo_auth_show_error_message();
87
- return;
88
- } else{
89
- $username = sanitize_text_field( $_POST['mo2fa_username'] );
90
- }
91
-
92
-
93
-
94
- if ( username_exists( $username ) ){ /*if username exists in wp site */
95
- $user = new WP_User( $username );
96
-
97
- $_SESSION[ 'mo2f_current_user' ] = serialize($user);
98
- $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
99
-
100
- $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
101
-
102
- $current_roles = miniorange_get_user_role($user);
103
- $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
104
-
105
- if($enabled){
106
- if(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
107
- if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($user->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
108
- $this->mo2f_pass2login_kba_verification($user->ID , $redirect_to);
109
 
110
- }else{
111
- $mo2f_second_factor = mo2f_get_user_2ndfactor($user);
112
- if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
113
- $this->mo2f_pass2login_mobile_verification($user , $redirect_to);
114
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
115
- $this->mo2f_pass2login_push_oobemail_verification($user,$mo2f_second_factor, $redirect_to);
116
- }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
117
-
118
- $this->mo2f_pass2login_otp_verification($user,$mo2f_second_factor, $redirect_to);
119
-
120
- }else if($mo2f_second_factor == 'KBA'){
121
-
122
- $this->mo2f_pass2login_kba_verification($user->ID, $redirect_to);
123
- }else{
124
- $this->remove_current_activity();
125
- $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
126
- $mobile_login->mo_auth_show_success_message();
127
- }
128
- }
129
- }else{
130
-
131
- $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
132
- $mobile_login->mo_auth_show_success_message();
133
- $mobile_login->mo2f_redirectto_wp_login();
134
- }
135
- }else{
136
- $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
137
- $mobile_login->mo_auth_show_success_message();
138
- $mobile_login->mo2f_redirectto_wp_login();
139
- }
140
- } else{
141
- $mobile_login->remove_current_activity();
142
- $_SESSION['mo2f-login-message'] = 'Invalid Username.';
143
- $mobile_login->mo_auth_show_error_message();
144
- }
145
- }
146
- }
147
-
148
- }
149
-
150
- if(isset($_POST['mo2f_trust_device_confirm_nonce'])){ /*register device as rba profile */
151
- $nonce = $_POST['mo2f_trust_device_confirm_nonce'];
152
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
153
- $this->remove_current_activity();
154
- $error = new WP_Error();
155
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
156
- return $error;
157
- } else {
158
- $this->miniorange_pass2login_start_session();
159
- try{
160
- $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
161
- mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
162
- }catch(Exception $e){
163
- echo $e->getMessage();
164
- }
165
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
166
- $this->mo2fa_pass2login($redirect_to);
167
- }
168
- }
169
-
170
- if(isset($_POST['mo2f_trust_device_cancel_nonce'])){ /*do not register device as rba profile */
171
- $nonce = $_POST['mo2f_trust_device_cancel_nonce'];
172
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
173
- $error = new WP_Error();
174
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
175
- return $error;
176
- } else {
177
- $this->miniorange_pass2login_start_session();
178
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
179
- $this->mo2fa_pass2login($redirect_to);
180
- }
181
- }
182
-
183
- if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){ /*check kba validation*/
184
- $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
185
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
186
- $error = new WP_Error();
187
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
188
- return $error;
189
- }else {
190
- $this->miniorange_pass2login_start_session();
191
- $forgot_phone_enable = get_option('mo2f_enable_forgotphone');
192
- $forgot_phone_kba_enable = get_option('mo2f_enable_forgotphone_kba');
193
- $forgot_phone_email_enable = get_option('mo2f_enable_forgotphone_email');
194
-
195
- $second_factor = isset($_POST[ 'mo2f_selected_2factor_method' ]) ? $_POST[ 'mo2f_selected_2factor_method' ] : 'KBA';
196
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
197
- $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
198
- $id = $current_user->ID;
199
- if($forgot_phone_enable && $forgot_phone_email_enable && $second_factor == 'OTP OVER EMAIL'){
200
- $customer = new Customer_Setup();
201
- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
202
-
203
- $mo2fa_login_message = '';
204
- $mo2f_login_status = '' ;
205
-
206
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
207
- $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
208
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
209
- $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ;
210
- }else{
211
- $mo2fa_login_message = 'Error occured while sending OTP over your regsitered email. Please try again.';
212
- $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;
213
- }
214
- $this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
215
- }else if($forgot_phone_enable && $forgot_phone_kba_enable){
216
- if(get_user_meta($id,'mo2f_kba_registration_status',true)){
217
- $this->mo2f_pass2login_kba_verification($current_user->ID, $redirect_to);
218
- }else{
219
- $mo2fa_login_message = 'Your KBA is not configured. Please choose other option to procedd further.';
220
- $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;
221
- $this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
222
- }
223
- }
224
- }
225
- }
226
-
227
- if(isset($_POST['miniorange_alternate_login_kba_nonce'])){ /*check kba validation*/
228
- $nonce = $_POST['miniorange_alternate_login_kba_nonce'];
229
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
230
- $error = new WP_Error();
231
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
232
- return $error;
233
- }else {
234
- $this->miniorange_pass2login_start_session();
235
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
236
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
237
- $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
238
- }
239
- }
240
-
241
- if(isset($_POST['miniorange_kba_nonce'])){ /*check kba validation*/
242
- $nonce = $_POST['miniorange_kba_nonce'];
243
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
244
- $error = new WP_Error();
245
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
246
- return $error;
247
- } else {
248
-
249
- $this->miniorange_pass2login_start_session();
250
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ): null;
251
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
252
-
253
- if(isset($_SESSION[ 'mo2f_current_user' ])){
254
- if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) || MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
255
- $mo2fa_login_message = 'Please provide both the answers.';
256
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
257
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
258
- }
259
- $otpToken = array();
260
- $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
261
- $otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
262
- $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
263
- $otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
264
- $check_trust_device = isset($_POST[ 'mo2f_trust_device' ] ) ? $_POST[ 'mo2f_trust_device' ] : 'false';
265
 
266
- $kba_validate = new Customer_Setup();
267
- $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $_SESSION[ 'mo2f-login-transactionId' ], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
268
-
269
- if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
270
- if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'on'){
271
- try{
272
- mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
273
- }catch(Exception $e){
274
- echo $e->getMessage();
275
- }
276
- $this->mo2fa_pass2login($redirect_to);
277
- }else{
278
- $this->mo2fa_pass2login($redirect_to);
279
- }
280
- }else{
281
-
282
- $mo2fa_login_message = 'The answers you have provided are incorrect.';
283
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
284
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
285
- }
286
- }else{
287
- $this->remove_current_activity();
288
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
289
- }
290
- }
291
- }
292
-
293
- if(isset($_POST['miniorange_mobile_validation_nonce'])){ /*check mobile validation */
294
- $nonce = $_POST['miniorange_mobile_validation_nonce'];
295
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
296
- $error = new WP_Error();
297
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
298
- return $error;
299
- } else {
300
- $this->miniorange_pass2login_start_session();
301
- $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
302
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
303
- $checkMobileStatus = new Two_Factor_Setup();
304
- $content = $checkMobileStatus->check_mobile_status($_SESSION[ 'mo2f-login-transactionId' ]);
305
- $response = json_decode($content, true);
306
- if(json_last_error() == JSON_ERROR_NONE) {
307
- if($response['status'] == 'SUCCESS'){
308
- if(get_option('mo2f_deviceid_enabled')){
309
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
310
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
311
- }else{
312
- $this->mo2fa_pass2login($redirect_to);
313
- }
314
- }else{
315
- $this->remove_current_activity();
316
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
317
- }
318
- }else{
319
- $this->remove_current_activity();
320
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
321
- }
322
- }
323
- }
324
-
325
- if (isset($_POST['miniorange_mobile_validation_failed_nonce'])){ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
326
- $nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
327
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
328
- $error = new WP_Error();
329
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
330
- return $error;
331
- } else {
332
- $this->miniorange_pass2login_start_session();
333
- $this->remove_current_activity();
334
- }
335
- }
336
-
337
- if(isset($_POST['miniorange_forgotphone'])){ /*Click on the link of forgotphone */
338
- $nonce = $_POST['miniorange_forgotphone'];
339
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
340
- $error = new WP_Error();
341
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
342
- return $error;
343
- } else{
344
- $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
345
- $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
346
- $mo2fa_login_message = '';
347
-
348
- $this->miniorange_pass2login_start_session();
349
-
350
- $customer = new Customer_Setup();
351
- $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
352
- $id = $current_user->ID;
353
- if(get_user_meta($id,'mo2f_kba_registration_status',true)){
354
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
355
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
356
- $pass2fa_login->mo2f_pass2login_kba_verification($id, $redirect_to);
357
- }else{
358
- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
359
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
360
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
361
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
362
- $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
363
- $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
364
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
365
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
366
- }else{
367
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
368
- }
369
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
370
- }
371
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
372
-
373
- $pass2fa_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
374
- }
375
- }
376
-
377
- if(isset($_POST['miniorange_softtoken'])){ /*Click on the link of phone is offline */
378
- $nonce = $_POST['miniorange_softtoken'];
379
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
380
- $error = new WP_Error();
381
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
382
- return $error;
383
- } else{
384
- $this->miniorange_pass2login_start_session();
385
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
386
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
387
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
388
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
389
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
390
  $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
391
- }
392
- }
393
-
394
- if (isset($_POST['miniorange_soft_token_nonce'])){ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
395
- $nonce = $_POST['miniorange_soft_token_nonce'];
396
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
397
- $error = new WP_Error();
398
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
399
- return $error;
400
- } else {
401
- $this->miniorange_pass2login_start_session();
402
- $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
403
- $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
404
- $softtoken = '';
405
- if( MO2f_utility::mo2f_check_empty_or_null( $_POST[ 'mo2fa_softtoken' ] ) ) {
406
- $mo2fa_login_message = 'Please enter OTP to proceed.';
407
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
408
- } else{
409
- $softtoken = sanitize_text_field( $_POST[ 'mo2fa_softtoken' ] );
410
- if(!MO2f_utility::mo2f_check_number_length($softtoken)){
411
- $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
412
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
413
- }
414
- }
415
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
416
- if(isset($_SESSION[ 'mo2f_current_user' ])){
417
- $customer = new Customer_Setup();
418
- $content ='';
419
- if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
420
- $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
421
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
422
- $content = json_decode($customer->validate_otp_token( 'SMS', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
423
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
424
- $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
425
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
426
- $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
427
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
428
- $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
429
- }else{
430
- $this->remove_current_activity();
431
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.'));
432
- }
433
-
434
-
435
-
436
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
437
- if(get_option('mo2f_deviceid_enabled')){
438
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
439
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
440
- }else{
441
- $this->mo2fa_pass2login($redirect_to);
442
- }
443
- }else{
444
-
445
- $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
446
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $message, $redirect_to);
447
- }
448
-
449
- }else{
450
- $this->remove_current_activity();
451
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
452
- }
453
- }
454
- }
455
-
456
- if (isset($_POST['miniorange_inline_skip_registration_nonce'])){ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
457
- $nonce = $_POST['miniorange_inline_skip_registration_nonce'];
458
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-skip-registration-nonce' ) ) {
459
  $error = new WP_Error();
460
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
461
  return $error;
462
- } else {
463
- $this->miniorange_pass2login_start_session();
464
- $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
465
- delete_user_meta($current_user->ID,'mo2f_selected_2factor_method');
466
- $this->mo2fa_pass2login();
467
- }
468
- }
469
-
470
- if (isset($_POST['miniorange_attribute_collection_nonce'])){ /*Handling Rba Attributes from other plugins */
471
- $nonce = $_POST['miniorange_attribute_collection_nonce'];
472
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
473
- $error = new WP_Error();
474
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
475
- return $error;
476
- } else {
477
- $this->miniorange_pass2login_start_session();
478
- $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
479
- $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
480
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
481
- $this->miniorange_initiate_2nd_factor($current_user, $attributes, $redirect_to);
482
  }
 
 
 
 
 
483
  }
484
  }
485
 
 
486
 
487
-
488
- function mo2f_collect_device_attributes_for_authenticated_user($currentuser, $redirect_to = null){
489
- if(get_option('mo2f_deviceid_enabled')){
490
- $this->miniorange_pass2login_start_session();
491
- $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
492
- mo2f_collect_device_attributes_handler($redirect_to);
493
  exit;
494
- }else {
495
- $this->miniorange_initiate_2nd_factor($currentuser, null, $redirect_to);
496
- }
497
- }
498
-
499
- function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
500
- if(is_a($user, 'WP_Error') && !empty($user)){
501
- return $user;
502
- }
503
-
504
- // if an app password is enabled, this is an XMLRPC / APP login ?
505
- if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
506
-
507
- /* App Specific Password
508
- // Get information on user
509
- if ( get_user_by( 'email', $username ) === false ) {
510
- $user = get_user_by( 'login', $username );
511
- } else {
512
- $user = get_user_by( 'email', $username );
513
- }
514
-
515
- // checking if password was generated by user
516
- if(!get_user_option( 'mo2f_app_password', $user->ID )){
517
- $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
518
- return false;
519
- }
520
-
521
- // Verifying the passwords
522
- $app_password = get_user_option( 'mo2f_app_password', $user->ID );
523
- $usersha1 = sha1($password );
524
-
525
- // if passwords match
526
- if ( $app_password == $usersha1 ) {
527
- return new WP_User( $user->ID );
528
- } else {
529
- // Wrong XMLRPC/APP password !
530
- $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
531
- return false;
532
- }*/
533
-
534
- $currentuser = wp_authenticate_username_password($user, $username, $password);
535
- if (is_wp_error($currentuser)) {
536
- $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
537
- return false;
538
- }else{
539
- return $currentuser;
540
- }
541
- }else{
542
- $currentuser = wp_authenticate_username_password($user, $username, $password);
543
- if (is_wp_error($currentuser)) {
544
- $currentuser->add('invalid_username_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
545
- return $currentuser;
546
- }else{
547
-
548
- $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
549
- $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
550
- $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
551
- }
552
  }
553
  }
554
 
 
555
  function miniorange_initiate_2nd_factor($currentuser, $attributes=null, $redirect_to=null){
556
 
557
 
@@ -605,42 +156,6 @@ class Miniorange_Password_2Factor_Login{
605
 
606
  }
607
 
608
-
609
- function mo_2_factor_enable_jquery_default_login(){
610
- wp_enqueue_script('jquery');
611
- }
612
-
613
-
614
-
615
- function miniorange_pass2login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null, $redirect_to=null){
616
-
617
- $login_status = $mo2fa_login_status;
618
- $login_message = $mo2fa_login_message;
619
- $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
620
- $current_user_id = is_null($current_user) ? null : $current_user->ID;
621
- if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
622
- mo2f_getqrcode($login_status, $login_message, $redirect_to);
623
- exit;
624
- }else if($this->miniorange_pass2login_check_otp_status($login_status)){ //for soft-token,otp over email,sms,phone verification,google auth
625
- mo2f_getotp_form($login_status, $login_message, $redirect_to);
626
- exit;
627
- }else if($this->miniorange_pass2login_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
628
- mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to);
629
- exit;
630
- }else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
631
- mo2f_getpush_oobemail_response($current_user_id, $login_status, $login_message, $redirect_to);
632
- exit;
633
- }else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
634
- mo2f_getkba_form($login_status, $login_message, $redirect_to);
635
- exit;
636
- }else if($this->miniorange_pass2login_check_trusted_device_status($login_status)){ // trusted device
637
- mo2f_get_device_form($login_status, $login_message, $redirect_to);
638
- exit;
639
- }else{ //show login screen
640
- $this->mo_2_factor_pass2login_show_wp_login_form();
641
- }
642
- }
643
-
644
  function miniorange_pass2login_check_forgotphone_status($login_status){ // after clicking on forgotphone link when both kba and email are configured
645
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL'){
646
  return true;
@@ -771,35 +286,6 @@ class Miniorange_Password_2Factor_Login{
771
  }
772
  }
773
 
774
- function mo2f_pass2login_kba_verification($user_id, $redirect_to){
775
- $challengeKba = new Customer_Setup();
776
- $content = $challengeKba->send_otp_token(get_user_meta($user_id,'mo_2factor_map_id_with_email',true), 'KBA',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
777
- $response = json_decode($content, true);
778
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
779
- if($response['status'] == 'SUCCESS'){
780
- $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
781
- $questions = array();
782
- $questions[0] = $response['questions'][0]['question'];
783
- $questions[1] = $response['questions'][1]['question'];
784
- $_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
785
-
786
- $mo2fa_login_message = 'Please answer the following questions:';
787
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
788
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
789
- }else if($response['status'] == 'ERROR'){
790
- $this->remove_current_activity();
791
- $error = new WP_Error();
792
- $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
793
- return $error;
794
- }
795
- }else{
796
- $this->remove_current_activity();
797
- $error = new WP_Error();
798
- $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
799
- return $error;
800
- }
801
- }
802
-
803
  function mo2f_pass2login_mobile_verification($user, $redirect_to){
804
  $useragent = $_SERVER['HTTP_USER_AGENT'];
805
  if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
@@ -851,16 +337,201 @@ class Miniorange_Password_2Factor_Login{
851
  ?>
852
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value="" /></p>
853
  <?php
854
- wp_enqueue_script( 'jquery_script', plugins_url('includes/js/rba/js/jquery-1.9.1.js', __FILE__ ));
855
- wp_enqueue_script( 'flash_script', plugins_url('includes/js/rba/js/jquery.flash.js', __FILE__ ));
856
- wp_enqueue_script( 'uaparser_script', plugins_url('includes/js/rba/js/ua-parser.js', __FILE__ ));
857
- wp_enqueue_script( 'client_script', plugins_url('includes/js/rba/js/client.js', __FILE__ ));
858
- wp_enqueue_script( 'device_script', plugins_url('includes/js/rba/js/device_attributes.js', __FILE__ ));
859
- wp_enqueue_script( 'swf_script', plugins_url('includes/js/rba/js/swfobject.js', __FILE__ ));
860
- wp_enqueue_script( 'font_script', plugins_url('includes/js/rba/js/fontdetect.js', __FILE__ ));
861
- wp_enqueue_script( 'murmur_script', plugins_url('includes/js/rba/js/murmurhash3.js', __FILE__ ));
862
- wp_enqueue_script( 'miniorange_script', plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
863
  }
 
 
864
  }
 
 
865
  }
866
  ?>
1
+ <?php
 
 
2
 
3
+ /*
4
+ *
5
+ * This class contains the functions called from the handler's classes during 2FA login.
6
+ *
 
 
 
 
 
 
 
 
 
 
7
  */
 
 
 
 
 
 
 
 
8
 
9
  class Miniorange_Password_2Factor_Login{
10
+
11
  function remove_current_activity(){
12
  unset($_SESSION[ 'mo2f_current_user' ]);
13
  unset($_SESSION[ 'mo2f_1stfactor_status' ]);
43
  session_start();
44
  }
45
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
46
 
47
+ function mo2f_pass2login_kba_verification($user_id, $redirect_to){
48
+ $challengeKba = new Customer_Setup();
49
+ $content = $challengeKba->send_otp_token(get_user_meta($user_id,'mo_2factor_map_id_with_email',true), 'KBA',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
50
+ $response = json_decode($content, true);
51
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
52
+ if($response['status'] == 'SUCCESS'){
53
+ $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
54
+ $questions = array();
55
+ $questions[0] = $response['questions'][0]['question'];
56
+ $questions[1] = $response['questions'][1]['question'];
57
+ $_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
58
 
59
+ $mo2fa_login_message = 'Please answer the following questions:';
60
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
61
  $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
62
+ }else if($response['status'] == 'ERROR'){
63
+ $this->remove_current_activity();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
64
  $error = new WP_Error();
65
+ $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
66
  return $error;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
67
  }
68
+ }else{
69
+ $this->remove_current_activity();
70
+ $error = new WP_Error();
71
+ $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
72
+ return $error;
73
  }
74
  }
75
 
76
+ function miniorange_pass2login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null, $redirect_to=null){
77
 
78
+ $login_status = $mo2fa_login_status;
79
+ $login_message = $mo2fa_login_message;
80
+ $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
81
+ $current_user_id = is_null($current_user) ? null : $current_user->ID;
82
+ if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
83
+ mo2f_getqrcode($login_status, $login_message, $redirect_to);
84
  exit;
85
+ }else if($this->miniorange_pass2login_check_otp_status($login_status)){ //for soft-token,otp over email,sms,phone verification,google auth
86
+ mo2f_getotp_form($login_status, $login_message, $redirect_to);
87
+ exit;
88
+ }else if($this->miniorange_pass2login_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
89
+ mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to);
90
+ exit;
91
+ }else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
92
+ mo2f_getpush_oobemail_response($current_user_id, $login_status, $login_message, $redirect_to);
93
+ exit;
94
+ }else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
95
+ mo2f_getkba_form($login_status, $login_message, $redirect_to);
96
+ exit;
97
+ }else if($this->miniorange_pass2login_check_trusted_device_status($login_status)){ // trusted device
98
+ mo2f_get_device_form($login_status, $login_message, $redirect_to);
99
+ exit;
100
+ }else{ //show login screen
101
+ $this->mo_2_factor_pass2login_show_wp_login_form();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
102
  }
103
  }
104
 
105
+
106
  function miniorange_initiate_2nd_factor($currentuser, $attributes=null, $redirect_to=null){
107
 
108
 
156
 
157
  }
158
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
159
  function miniorange_pass2login_check_forgotphone_status($login_status){ // after clicking on forgotphone link when both kba and email are configured
160
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL'){
161
  return true;
286
  }
287
  }
288
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
289
  function mo2f_pass2login_mobile_verification($user, $redirect_to){
290
  $useragent = $_SERVER['HTTP_USER_AGENT'];
291
  if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
337
  ?>
338
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value="" /></p>
339
  <?php
340
+ wp_enqueue_script( 'jquery_script', plugins_url('/../includes/js/rba/js/jquery-1.9.1.js', __FILE__ ));
341
+ wp_enqueue_script( 'flash_script', plugins_url('/../includes/js/rba/js/jquery.flash.js', __FILE__ ));
342
+ wp_enqueue_script( 'uaparser_script', plugins_url('/../includes/js/rba/js/ua-parser.js', __FILE__ ));
343
+ wp_enqueue_script( 'client_script', plugins_url('/../includes/js/rba/js/client.js', __FILE__ ));
344
+ wp_enqueue_script( 'device_script', plugins_url('/../includes/js/rba/js/device_attributes.js', __FILE__ ));
345
+ wp_enqueue_script( 'swf_script', plugins_url('/../includes/js/rba/js/swfobject.js', __FILE__ ));
346
+ wp_enqueue_script( 'font_script', plugins_url('/../includes/js/rba/js/fontdetect.js', __FILE__ ));
347
+ wp_enqueue_script( 'murmur_script', plugins_url('/../includes/js/rba/js/murmurhash3.js', __FILE__ ));
348
+ wp_enqueue_script( 'miniorange_script', plugins_url('/../includes/js/rba/js/miniorange-fp.js', __FILE__ ));
349
+ }
350
+ }
351
+
352
+ function mo_2_factor_enable_jquery_default_login(){
353
+ wp_enqueue_script('jquery');
354
+ }
355
+
356
+ function mo2f_collect_device_attributes_for_authenticated_user($currentuser, $redirect_to = null){
357
+ if(get_option('mo2f_deviceid_enabled')){
358
+ $this->miniorange_pass2login_start_session();
359
+ $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
360
+ mo2f_collect_device_attributes_handler($redirect_to);
361
+ exit;
362
+ }else {
363
+ $this->miniorange_initiate_2nd_factor($currentuser, null, $redirect_to);
364
+ }
365
+ }
366
+
367
+ function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
368
+ if(is_a($user, 'WP_Error') && !empty($user)){
369
+ return $user;
370
+ }
371
+
372
+ // if an app password is enabled, this is an XMLRPC / APP login ?
373
+ if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
374
+
375
+ /* App Specific Password
376
+ // Get information on user
377
+ if ( get_user_by( 'email', $username ) === false ) {
378
+ $user = get_user_by( 'login', $username );
379
+ } else {
380
+ $user = get_user_by( 'email', $username );
381
+ }
382
+
383
+ // checking if password was generated by user
384
+ if(!get_user_option( 'mo2f_app_password', $user->ID )){
385
+ $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
386
+ return false;
387
+ }
388
+
389
+ // Verifying the passwords
390
+ $app_password = get_user_option( 'mo2f_app_password', $user->ID );
391
+ $usersha1 = sha1($password );
392
+
393
+ // if passwords match
394
+ if ( $app_password == $usersha1 ) {
395
+ return new WP_User( $user->ID );
396
+ } else {
397
+ // Wrong XMLRPC/APP password !
398
+ $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
399
+ return false;
400
+ }*/
401
+
402
+ $currentuser = wp_authenticate_username_password($user, $username, $password);
403
+ if (is_wp_error($currentuser)) {
404
+ $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
405
+ return false;
406
+ }else{
407
+ return $currentuser;
408
+ }
409
+ }else{
410
+ $currentuser = wp_authenticate_username_password($user, $username, $password);
411
+ if (is_wp_error($currentuser)) {
412
+ $currentuser->add('invalid_username_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
413
+ return $currentuser;
414
+ }else{
415
+
416
+ $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
417
+
418
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
419
+ $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
420
+ }
421
+ }
422
+ }
423
+
424
+
425
+ public function miniorange_pass2login_redirect() {
426
+
427
+ if(!get_option('mo2f_login_policy')){
428
+
429
+ if (isset($_POST['miniorange_login_nonce'])){
430
+ $nonce = $_POST['miniorange_login_nonce'];
431
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
432
+ $this->remove_current_activity();
433
+ $error = new WP_Error();
434
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
435
+ return $error;
436
+ } else {
437
+ $this->miniorange_pass2login_start_session();
438
+ $mobile_login = new Miniorange_Mobile_Login();
439
+ //validation and sanitization
440
+ $username = '';
441
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
442
+ $_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
443
+ $mobile_login->mo_auth_show_error_message();
444
+ return;
445
+ } else{
446
+ $username = sanitize_text_field( $_POST['mo2fa_username'] );
447
+ }
448
+
449
+
450
+
451
+ if ( username_exists( $username ) ){ /*if username exists in wp site */
452
+ $user = new WP_User( $username );
453
+
454
+ $_SESSION[ 'mo2f_current_user' ] = serialize($user);
455
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
456
+
457
+ $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
458
+
459
+ $current_roles = miniorange_get_user_role($user);
460
+ $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
461
+
462
+ if($enabled){
463
+ if(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
464
+ if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($user->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
465
+ $this->mo2f_pass2login_kba_verification($user->ID , $redirect_to);
466
+
467
+ }else{
468
+ $mo2f_second_factor = mo2f_get_user_2ndfactor($user);
469
+ if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
470
+ $this->mo2f_pass2login_mobile_verification($user , $redirect_to);
471
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
472
+ $this->mo2f_pass2login_push_oobemail_verification($user,$mo2f_second_factor, $redirect_to);
473
+ }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
474
+
475
+ $this->mo2f_pass2login_otp_verification($user,$mo2f_second_factor, $redirect_to);
476
+
477
+ }else if($mo2f_second_factor == 'KBA'){
478
+
479
+ $this->mo2f_pass2login_kba_verification($user->ID, $redirect_to);
480
+ }else{
481
+ $this->remove_current_activity();
482
+ $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
483
+ $mobile_login->mo_auth_show_success_message();
484
+ }
485
+ }
486
+ }else{
487
+
488
+ $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
489
+ $mobile_login->mo_auth_show_success_message();
490
+ $mobile_login->mo2f_redirectto_wp_login();
491
+ }
492
+ }else{
493
+ $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
494
+ $mobile_login->mo_auth_show_success_message();
495
+ $mobile_login->mo2f_redirectto_wp_login();
496
+ }
497
+ } else{
498
+ $mobile_login->remove_current_activity();
499
+ $_SESSION['mo2f-login-message'] = 'Invalid Username.';
500
+ $mobile_login->mo_auth_show_error_message();
501
+ }
502
+ }
503
+ }
504
+ }
505
+
506
+ if (isset($_POST['miniorange_mobile_validation_failed_nonce'])){ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
507
+ $nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
508
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
509
+ $error = new WP_Error();
510
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
511
+ return $error;
512
+ } else {
513
+ $this->miniorange_pass2login_start_session();
514
+ $this->remove_current_activity();
515
+ }
516
+ }
517
+
518
+ if (isset($_POST['miniorange_attribute_collection_nonce'])){ /*Handling Rba Attributes from other plugins */
519
+ $nonce = $_POST['miniorange_attribute_collection_nonce'];
520
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
521
+ $error = new WP_Error();
522
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
523
+ return $error;
524
+ } else {
525
+ $this->miniorange_pass2login_start_session();
526
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
527
+ $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
528
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
529
+ $this->miniorange_initiate_2nd_factor($current_user, $attributes, $redirect_to);
530
  }
531
+ }
532
+
533
  }
534
+
535
+
536
  }
537
  ?>
handlers/class-mo2f-phone-offline.php ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - when the user clicks on 'Phone is Offline'.
6
+ * For authentication methods: QR Code Authentication and Push Notification.
7
+ *
8
+ */
9
+
10
+ class Miniorange_phone_offline_login{
11
+
12
+ function miniorange_init_phone_offline(){
13
+
14
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
15
+ $two_factor_login->miniorange_pass2login_start_session();
16
+
17
+ unset($_SESSION[ 'mo2f-login-qrCode' ]);
18
+ unset($_SESSION[ 'mo2f-login-transactionId' ]);
19
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
20
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
21
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
22
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
23
+ }
24
+ }
25
+ ?>
handlers/class-mo2f-qrcode-email-validate.php ADDED
@@ -0,0 +1,43 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - when the user scans the QR Code or accepts an email
6
+ * verification link.
7
+ * For authentication methods: Email Verification and QR Code Authentication.
8
+ *
9
+ */
10
+
11
+ class Miniorange_validate_QRcode_Email_login{
12
+
13
+ function miniorange_init_qrcode_email_validate(){
14
+
15
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
16
+ $two_factor_login->miniorange_pass2login_start_session();
17
+
18
+ $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
19
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
20
+ $checkMobileStatus = new Two_Factor_Setup();
21
+ $content = $checkMobileStatus->check_mobile_status($_SESSION[ 'mo2f-login-transactionId' ]);
22
+
23
+ $response = json_decode($content, true);
24
+ if(json_last_error() == JSON_ERROR_NONE) {
25
+ if($response['status'] == 'SUCCESS'){
26
+ if(get_option('mo2f_deviceid_enabled')){
27
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
28
+ $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
29
+ }else{
30
+ $two_factor_login->mo2fa_pass2login($redirect_to);
31
+ }
32
+ }else{
33
+ $two_factor_login->remove_current_activity();
34
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
35
+ }
36
+ }else{
37
+ $two_factor_login->remove_current_activity();
38
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
39
+ }
40
+
41
+ }
42
+ }
43
+ ?>
handlers/class-mo2f-trust-device-cancel.php ADDED
@@ -0,0 +1,21 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - When the user chooses not to remember the device.
6
+ *
7
+ */
8
+
9
+ class Miniorange_trust_device_cancel{
10
+
11
+ function miniorange_init_trust_device_cancel(){
12
+
13
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
14
+ $two_factor_login->miniorange_pass2login_start_session();
15
+
16
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
17
+ $two_factor_login->mo2fa_pass2login($redirect_to);
18
+
19
+ }
20
+ }
21
+ ?>
handlers/class-mo2f-trust-device-confirm.php ADDED
@@ -0,0 +1,27 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ *
5
+ * This class is called during login - When the user chooses to remember the device.
6
+ *
7
+ */
8
+
9
+ class Miniorange_trust_device_confirm{
10
+
11
+ function miniorange_init_trust_device_confirm(){
12
+
13
+ $two_factor_login = new Miniorange_Password_2Factor_Login();
14
+ $two_factor_login->miniorange_pass2login_start_session();
15
+
16
+ try{
17
+ $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
18
+ mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
19
+ }catch(Exception $e){
20
+ echo $e->getMessage();
21
+ }
22
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
23
+ $two_factor_login->mo2fa_pass2login($redirect_to);
24
+
25
+ }
26
+ }
27
+ ?>
includes/css/bootstrap.min.css CHANGED
@@ -721,5 +721,19 @@ text-align: center;
721
  .mo_registration_pricing_text{
722
  font-size:15px!important;
723
  color:#fff!important;
724
- font-weight:700!important
 
 
 
 
 
 
 
 
 
 
 
 
 
 
725
  }
721
  .mo_registration_pricing_text{
722
  font-size:15px!important;
723
  color:#fff!important;
724
+ font-weight:700!important;
725
+ }
726
+
727
+ .mo_otp_token {
728
+ font-size:15px;
729
+ color:#212F3C;
730
+ border:none;
731
+ display:block;
732
+ border-bottom-style: solid;
733
+ border-width: 2px;
734
+ border-color:#D0D3D4;
735
+ border-radius:0px;
736
+ outline:none;
737
+ width:140px;
738
+ text-align:center;
739
  }
miniorange_2_factor_common_login.php CHANGED
@@ -32,7 +32,7 @@
32
  ?>
33
  <input type="hidden" name="miniorange_attribute_collection_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-attribute-collection-nonce'); ?>" />
34
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
35
- </form>
36
  </div>
37
  </body>
38
  </html>
@@ -280,7 +280,7 @@
280
  <div id="otpMessage">
281
  <p style="font-size:13px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : 'Please answer the following questions:'; ?></p>
282
  </div>
283
- <form name="f" id="mo2f_submitkba_loginform" method="post" action="admin_post_nopriv_mo_prefix_initialization">
284
  <div id="mo2f_kba_content">
285
  <p style="font-size:15px;">
286
  <?php if(isset($_SESSION['mo_2_factor_kba_questions'])){
@@ -305,8 +305,8 @@
305
  }
306
  ?>
307
  <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate" class="miniorange_kba_validate" style="float:left;" value="Validate" />
308
- <input type="hidden" name="miniorange_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-kba-nonce'); ?>" />
309
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
310
  </form>
311
  <br>
312
  </div>
@@ -455,22 +455,22 @@
455
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
457
  </form>
458
- <form name="f" id="mo2f_mobile_validation_form" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
459
- <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
460
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
461
  </form>
462
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
463
- <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
464
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
465
  </form>
466
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
467
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
468
- <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
469
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
470
  </form>
471
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
472
- <input type="hidden" name="miniorange_alternate_login_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-alternate-login-kba-nonce'); ?>" />
473
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
474
  </form>
475
  </body>
476
  <script>
@@ -627,18 +627,18 @@
627
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
628
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
629
  </form>
630
- <form name="f" id="mo2f_mobile_validation_form" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
631
- <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
632
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
633
  </form>
634
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
635
- <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
636
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
637
  </form>
638
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
639
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
640
- <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
641
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
642
  </form>
643
  </body>
644
  <script>
@@ -733,13 +733,16 @@
733
  <br />
734
  <div id="showOTP">
735
  <div class="mo2f-login-container">
736
- <form name="f" id="mo2f_submitotp_loginform" method="post" action="admin_post_nopriv_mo_prefix_initialization">
737
- <input type="text" name="mo2fa_softtoken" style="height:28px !important;" placeholder="Enter one time passcode" id="mo2fa_softtoken" required="true" class="mo2f-textbox" autofocus="true" pattern="[0-9]{4,8}" title="Only digits within range 4-8 are allowed."/>
 
 
 
738
  <br />
739
  <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit" class="miniorange_otp_token_submit" value="Validate" />
740
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
741
- <input type="hidden" name="miniorange_soft_token_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-soft-token-nonce'); ?>" />
742
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
743
  </form><br/>
744
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
745
  <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone ?</a>
@@ -846,10 +849,10 @@
846
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
847
  </form>
848
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
849
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" style="display:none;">
850
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
851
- <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
852
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
853
  </form>
854
  <?php } ?>
855
  </body>
@@ -925,13 +928,13 @@
925
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
926
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
927
  </form>
928
- <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" style="display:none;">
929
- <input type="hidden" name="mo2f_trust_device_confirm_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-confirm-nonce'); ?>" />
930
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
931
  </form>
932
- <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" style="display:none;">
933
- <input type="hidden" name="mo2f_trust_device_cancel_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-cancel-nonce'); ?>" />
934
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
935
  </form>
936
  <script>
937
  function mologinback(){
@@ -951,4 +954,4 @@
951
  </body>
952
  </html>
953
  <?php }
954
- ?>
32
  ?>
33
  <input type="hidden" name="miniorange_attribute_collection_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-attribute-collection-nonce'); ?>" />
34
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
35
+ </form>
36
  </div>
37
  </body>
38
  </html>
280
  <div id="otpMessage">
281
  <p style="font-size:13px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : 'Please answer the following questions:'; ?></p>
282
  </div>
283
+ <form name="f" id="mo2f_submitkba_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>">
284
  <div id="mo2f_kba_content">
285
  <p style="font-size:15px;">
286
  <?php if(isset($_SESSION['mo_2_factor_kba_questions'])){
305
  }
306
  ?>
307
  <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate" class="miniorange_kba_validate" style="float:left;" value="Validate" />
 
308
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
309
+ <input type="hidden" name="action" value="mo_prefix_init_kba_validate">
310
  </form>
311
  <br>
312
  </div>
455
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
457
  </form>
458
+ <form name="f" id="mo2f_mobile_validation_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
459
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
460
+ <input type="hidden" name="action" value="mo_prefix_init_qrcode_email_validate">
461
  </form>
462
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
463
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
464
+ <input type="hidden" name="action" value="mo_prefix_init_phone_offline_login">
465
  </form>
466
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
467
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
468
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
469
+ <input type="hidden" name="action" value="mo_prefix_init_forgot_phone">
470
  </form>
471
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
472
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
473
+ <input type="hidden" name="action" value="mo_prefix_init_alternate_login_kba">
474
  </form>
475
  </body>
476
  <script>
627
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
628
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
629
  </form>
630
+ <form name="f" id="mo2f_mobile_validation_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
631
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
632
+ <input type="hidden" name="action" value="mo_prefix_init_qrcode_email_validate">
633
  </form>
634
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
635
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
636
+ <input type="hidden" name="action" value="mo_prefix_init_phone_offline_login">
637
  </form>
638
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
639
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
640
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
641
+ <input type="hidden" name="action" value="mo_prefix_init_forgot_phone">
642
  </form>
643
  </body>
644
  <script>
733
  <br />
734
  <div id="showOTP">
735
  <div class="mo2f-login-container">
736
+ <form name="f" id="mo2f_submitotp_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>">
737
+ <center>
738
+ <input type="text" name="mo2fa_softtoken" style="height:28px !important;" placeholder="Enter the code" id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true" pattern="[0-9]{4,8}" title="Only digits within range 4-8 are allowed."/>
739
+ </center>
740
+
741
  <br />
742
  <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit" class="miniorange_otp_token_submit" value="Validate" />
743
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
744
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
745
+ <input type="hidden" name="action" value="mo_prefix_init_otp_validate">
746
  </form><br/>
747
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
748
  <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone ?</a>
849
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
850
  </form>
851
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
852
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
853
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
854
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
855
+ <input type="hidden" name="action" value="mo_prefix_init_forgot_phone">
856
  </form>
857
  <?php } ?>
858
  </body>
928
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
929
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
930
  </form>
931
+ <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
932
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
933
+ <input type="hidden" name="action" value="mo_prefix_init_trust_device_confirm">
934
  </form>
935
+ <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
936
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
937
+ <input type="hidden" name="action" value="mo_prefix_init_trust_device_cancel">
938
  </form>
939
  <script>
940
  function mologinback(){
954
  </body>
955
  </html>
956
  <?php }
957
+ ?>
miniorange_2_factor_configuration.php CHANGED
@@ -658,4 +658,4 @@
658
  });
659
  </script>
660
  <?php }
661
- ?>
658
  });
659
  </script>
660
  <?php }
661
+ ?>
miniorange_2_factor_demo.php CHANGED
@@ -1,5 +1,3 @@
1
-
2
-
3
  <div class="mo2f_table_layout">
4
  <?php echo mo2f_check_if_registered_with_miniorange($current_user); ?>
5
  <h3>
 
 
1
  <div class="mo2f_table_layout">
2
  <?php echo mo2f_check_if_registered_with_miniorange($current_user); ?>
3
  <h3>
miniorange_2_factor_settings.php CHANGED
@@ -3,23 +3,34 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
- * Version: 4.5.3
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
10
  */
 
 
 
 
11
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
12
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
13
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_troubleshooting.php';
14
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
15
  include_once dirname( __FILE__ ) . '/class-two-factor-setup.php';
16
  include_once dirname( __FILE__ ) . '/class-customer-setup.php';
 
17
  require('class-utility.php');
18
  require('class-miniorange-2-factor-login.php');
19
  require('miniorange_2_factor_support.php');
20
- require('class-miniorange-2-factor-user-registration.php');
21
- require('class-miniorange-2-factor-pass2fa-login.php');
22
- define('MOAUTH_PATH', plugins_url(__FILE__));
 
 
 
 
 
 
23
 
24
  class Miniorange_Authentication {
25
 
@@ -27,9 +38,25 @@ class Miniorange_Authentication {
27
  private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
28
 
29
  function __construct() {
30
-
31
  $mo2f_auth_types = array('OUT OF BAND EMAIL','SMS','PHONE VERIFICATION','SOFT TOKEN','MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','GOOGLE AUTHENTICATOR','SMS AND EMAIL', 'AUTHY 2-FACTOR AUTHENTICATION','KBA');
32
- add_action( 'admin_post_nopriv_mo_prefix_initialization', array( $this, 'miniorange_prefix_initializaion'));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
33
  add_option( 'mo2f_auth_methods_for_users' ,$mo2f_auth_types);
34
  add_option( 'mo2f_inline_registration',0);
35
  add_option( 'mo2f_enable_mobile_support', 1);
@@ -122,9 +149,6 @@ class Miniorange_Authentication {
122
  }
123
  }
124
 
125
- function miniorange_prefix_initializaion(){
126
- }
127
-
128
  function get_customer_SMS_transactions()
129
  {
130
 
@@ -1924,4 +1948,5 @@ class Miniorange_Authentication {
1924
 
1925
 
1926
  new Miniorange_Authentication;
 
1927
  ?>
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
+ * Version: 4.5.4
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
10
  */
11
+
12
+ define('MOAUTH_PATH', plugins_url(__FILE__));
13
+ define('MO2FA_DIR_PATH', plugin_dir_path(__FILE__));
14
+
15
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
16
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
17
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_troubleshooting.php';
18
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
19
  include_once dirname( __FILE__ ) . '/class-two-factor-setup.php';
20
  include_once dirname( __FILE__ ) . '/class-customer-setup.php';
21
+
22
  require('class-utility.php');
23
  require('class-miniorange-2-factor-login.php');
24
  require('miniorange_2_factor_support.php');
25
+ require('handlers/class-mo2f-pass2fa-login-helpers.php');
26
+ require('handlers/class-mo2f-kba-validate.php');
27
+ require('handlers/class-mo2f-otp-validate.php');
28
+ require('handlers/class-mo2f-qrcode-email-validate.php');
29
+ require('handlers/class-mo2f-forgot-phone.php');
30
+ require('handlers/class-mo2f-phone-offline.php');
31
+ require('handlers/class-mo2f-alternate-login-kba.php');
32
+ require('handlers/class-mo2f-trust-device-confirm.php');
33
+ require('handlers/class-mo2f-trust-device-cancel.php');
34
 
35
  class Miniorange_Authentication {
36
 
38
  private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
39
 
40
  function __construct() {
41
+
42
  $mo2f_auth_types = array('OUT OF BAND EMAIL','SMS','PHONE VERIFICATION','SOFT TOKEN','MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','GOOGLE AUTHENTICATOR','SMS AND EMAIL', 'AUTHY 2-FACTOR AUTHENTICATION','KBA');
43
+
44
+ add_action( 'admin_post_nopriv_mo_prefix_init_kba_validate', array( new Miniorange_validate_KBA_login(), 'miniorange_init_kba_validate'));
45
+
46
+ add_action( 'admin_post_nopriv_mo_prefix_init_otp_validate', array( new Miniorange_validate_OTP_login(), 'miniorange_init_otp_validate'));
47
+
48
+ add_action( 'admin_post_nopriv_mo_prefix_init_qrcode_email_validate', array( new Miniorange_validate_QRcode_Email_login(), 'miniorange_init_qrcode_email_validate'));
49
+
50
+ add_action( 'admin_post_nopriv_mo_prefix_init_forgot_phone', array( new Miniorange_forgot_phone_login(), 'miniorange_init_forgot_phone'));
51
+
52
+ add_action( 'admin_post_nopriv_mo_prefix_init_phone_offline_login', array( new Miniorange_phone_offline_login(), 'miniorange_init_phone_offline'));
53
+
54
+ add_action( 'admin_post_nopriv_mo_prefix_init_alternate_login_kba', array( new Miniorange_alternate_login_kba(), 'miniorange_init_alternate_login_kba'));
55
+
56
+ add_action( 'admin_post_nopriv_mo_prefix_init_trust_device_confirm', array( new Miniorange_trust_device_confirm(), 'miniorange_init_trust_device_confirm'));
57
+
58
+ add_action( 'admin_post_nopriv_mo_prefix_init_trust_device_cancel', array( new Miniorange_trust_device_cancel(), 'miniorange_init_trust_device_cancel'));
59
+
60
  add_option( 'mo2f_auth_methods_for_users' ,$mo2f_auth_types);
61
  add_option( 'mo2f_inline_registration',0);
62
  add_option( 'mo2f_enable_mobile_support', 1);
149
  }
150
  }
151
 
 
 
 
152
  function get_customer_SMS_transactions()
153
  {
154
 
1948
 
1949
 
1950
  new Miniorange_Authentication;
1951
+
1952
  ?>
miniorange_2_factor_support.php CHANGED
@@ -18,6 +18,7 @@ $current_user = wp_get_current_user();
18
  <tr><td>
19
  <input type="text" class="mo2f_table_textbox" style="width:100% !important;" name="query_phone" id="query_phone" value="<?php echo get_user_meta($current_user->ID,'mo2f_user_phone',true); ?>" placeholder="Enter your phone"/>
20
  </td>
 
21
  </tr>
22
  <tr>
23
  <td>
18
  <tr><td>
19
  <input type="text" class="mo2f_table_textbox" style="width:100% !important;" name="query_phone" id="query_phone" value="<?php echo get_user_meta($current_user->ID,'mo2f_user_phone',true); ?>" placeholder="Enter your phone"/>
20
  </td>
21
+
22
  </tr>
23
  <tr>
24
  <td>
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://miniorange.com/
4
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
5
  Requires at least: 3.0.1
6
  Tested up to: 4.8.2
7
- Stable tag: 4.5.3
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -241,6 +241,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
241
 
242
  == Changelog ==
243
 
 
 
 
244
  = 4.5.3 =
245
  * Google Authenticator (2FA) : Changed UI of the Login Pages, Redirect to Login Page bug fixes.
246
 
@@ -463,6 +466,9 @@ More descriptive setup messages and UI changes.
463
 
464
  == Upgrade Notice ==
465
 
 
 
 
466
  = 4.4.3 =
467
  * Google Authenticator (2FA) : Fixed the login flow for third party Apps that supports XML-RPC.
468
 
4
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
5
  Requires at least: 3.0.1
6
  Tested up to: 4.8.2
7
+ Stable tag: 4.5.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
241
 
242
  == Changelog ==
243
 
244
+ = 4.5.4 =
245
+ * Google Authenticator (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.
246
+
247
  = 4.5.3 =
248
  * Google Authenticator (2FA) : Changed UI of the Login Pages, Redirect to Login Page bug fixes.
249
 
466
 
467
  == Upgrade Notice ==
468
 
469
+ = 4.5.4 =
470
+ * Google Authenticator (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.
471
+
472
  = 4.4.3 =
473
  * Google Authenticator (2FA) : Fixed the login flow for third party Apps that supports XML-RPC.
474