Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 4.5.5

Version Description

  • Google Authenticator (2FA) : 404 bug fixes.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 4.5.5
Comparing to
See all releases

Code changes from version 4.5.4 to 4.5.5

Files changed (14) hide show
  1. class-miniorange-2-factor-login.php +5 -5
  2. handlers/class-mo2f-pass2fa-login-helpers.php → class-miniorange-2-factor-pass2fa-login.php +575 -246
  3. class-miniorange-2-factor-user-registration.php +270 -0
  4. handlers/class-mo2f-alternate-login-kba.php +0 -23
  5. handlers/class-mo2f-forgot-phone.php +0 -48
  6. handlers/class-mo2f-kba-validate.php +0 -60
  7. handlers/class-mo2f-otp-validate.php +0 -66
  8. handlers/class-mo2f-phone-offline.php +0 -25
  9. handlers/class-mo2f-qrcode-email-validate.php +0 -43
  10. handlers/class-mo2f-trust-device-cancel.php +0 -21
  11. handlers/class-mo2f-trust-device-confirm.php +0 -27
  12. miniorange_2_factor_common_login.php +52 -53
  13. miniorange_2_factor_settings.php +11 -48
  14. readme.txt +7 -1
class-miniorange-2-factor-login.php CHANGED
@@ -117,8 +117,8 @@ class Miniorange_Mobile_Login{
117
  }
118
 
119
  function mo_2_factor_hide_login() {
120
- wp_register_style( 'hide-login', plugins_url( 'includes/css/hide-login.css?version=4.5.3', __FILE__ ) );
121
- wp_register_style( 'bootstrap', plugins_url( 'includes/css/bootstrap.min.css?version=4.5.3', __FILE__ ) );
122
 
123
  wp_enqueue_style( 'hide-login' );
124
  wp_enqueue_style( 'bootstrap' );
@@ -127,15 +127,15 @@ class Miniorange_Mobile_Login{
127
 
128
  function mo_2_factor_show_login() {
129
  if(get_option('mo2f_show_loginwith_phone')){
130
- wp_register_style( 'show-login', plugins_url( 'includes/css/hide-login-form.css?version=4.5.3', __FILE__ ) );
131
  }else{
132
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.5.3', __FILE__ ) );
133
  }
134
  wp_enqueue_style( 'show-login' );
135
  }
136
 
137
  function mo_2_factor_show_login_with_password_when_phonelogin_enabled(){
138
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.5.3', __FILE__ ) );
139
  wp_enqueue_style( 'show-login' );
140
  }
141
 
117
  }
118
 
119
  function mo_2_factor_hide_login() {
120
+ wp_register_style( 'hide-login', plugins_url( 'includes/css/hide-login.css?version=4.5.5', __FILE__ ) );
121
+ wp_register_style( 'bootstrap', plugins_url( 'includes/css/bootstrap.min.css?version=4.5.5', __FILE__ ) );
122
 
123
  wp_enqueue_style( 'hide-login' );
124
  wp_enqueue_style( 'bootstrap' );
127
 
128
  function mo_2_factor_show_login() {
129
  if(get_option('mo2f_show_loginwith_phone')){
130
+ wp_register_style( 'show-login', plugins_url( 'includes/css/hide-login-form.css?version=4.5.5', __FILE__ ) );
131
  }else{
132
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.5.5', __FILE__ ) );
133
  }
134
  wp_enqueue_style( 'show-login' );
135
  }
136
 
137
  function mo_2_factor_show_login_with_password_when_phonelogin_enabled(){
138
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=4.5.5', __FILE__ ) );
139
  wp_enqueue_style( 'show-login' );
140
  }
141
 
handlers/class-mo2f-pass2fa-login-helpers.php → class-miniorange-2-factor-pass2fa-login.php RENAMED
@@ -1,13 +1,33 @@
1
- <?php
 
 
2
 
3
- /*
4
- *
5
- * This class contains the functions called from the handler's classes during 2FA login.
6
- *
 
 
 
 
 
 
 
 
 
 
7
  */
 
 
 
8
 
9
- class Miniorange_Password_2Factor_Login{
 
 
10
 
 
 
 
11
  function remove_current_activity(){
12
  unset($_SESSION[ 'mo2f_current_user' ]);
13
  unset($_SESSION[ 'mo2f_1stfactor_status' ]);
@@ -43,66 +63,495 @@ class Miniorange_Password_2Factor_Login{
43
  session_start();
44
  }
45
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
46
 
47
- function mo2f_pass2login_kba_verification($user_id, $redirect_to){
48
- $challengeKba = new Customer_Setup();
49
- $content = $challengeKba->send_otp_token(get_user_meta($user_id,'mo_2factor_map_id_with_email',true), 'KBA',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
50
- $response = json_decode($content, true);
51
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
52
- if($response['status'] == 'SUCCESS'){
53
- $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
54
- $questions = array();
55
- $questions[0] = $response['questions'][0]['question'];
56
- $questions[1] = $response['questions'][1]['question'];
57
- $_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
58
 
59
- $mo2fa_login_message = 'Please answer the following questions:';
60
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
61
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
62
- }else if($response['status'] == 'ERROR'){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
63
  $this->remove_current_activity();
 
 
 
 
 
 
64
  $error = new WP_Error();
65
- $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
66
  return $error;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
67
  }
68
- }else{
69
- $this->remove_current_activity();
70
- $error = new WP_Error();
71
- $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
72
- return $error;
73
  }
74
  }
75
 
76
- function miniorange_pass2login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null, $redirect_to=null){
77
 
78
- $login_status = $mo2fa_login_status;
79
- $login_message = $mo2fa_login_message;
80
- $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
81
- $current_user_id = is_null($current_user) ? null : $current_user->ID;
82
- if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
83
- mo2f_getqrcode($login_status, $login_message, $redirect_to);
84
- exit;
85
- }else if($this->miniorange_pass2login_check_otp_status($login_status)){ //for soft-token,otp over email,sms,phone verification,google auth
86
- mo2f_getotp_form($login_status, $login_message, $redirect_to);
87
- exit;
88
- }else if($this->miniorange_pass2login_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
89
- mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to);
90
- exit;
91
- }else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
92
- mo2f_getpush_oobemail_response($current_user_id, $login_status, $login_message, $redirect_to);
93
- exit;
94
- }else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
95
- mo2f_getkba_form($login_status, $login_message, $redirect_to);
96
- exit;
97
- }else if($this->miniorange_pass2login_check_trusted_device_status($login_status)){ // trusted device
98
- mo2f_get_device_form($login_status, $login_message, $redirect_to);
99
  exit;
100
- }else{ //show login screen
101
- $this->mo_2_factor_pass2login_show_wp_login_form();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
102
  }
103
  }
104
 
105
-
106
  function miniorange_initiate_2nd_factor($currentuser, $attributes=null, $redirect_to=null){
107
 
108
 
@@ -156,6 +605,42 @@ class Miniorange_Password_2Factor_Login{
156
 
157
  }
158
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
159
  function miniorange_pass2login_check_forgotphone_status($login_status){ // after clicking on forgotphone link when both kba and email are configured
160
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL'){
161
  return true;
@@ -286,6 +771,35 @@ class Miniorange_Password_2Factor_Login{
286
  }
287
  }
288
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
289
  function mo2f_pass2login_mobile_verification($user, $redirect_to){
290
  $useragent = $_SERVER['HTTP_USER_AGENT'];
291
  if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
@@ -337,201 +851,16 @@ class Miniorange_Password_2Factor_Login{
337
  ?>
338
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value="" /></p>
339
  <?php
340
- wp_enqueue_script( 'jquery_script', plugins_url('/../includes/js/rba/js/jquery-1.9.1.js', __FILE__ ));
341
- wp_enqueue_script( 'flash_script', plugins_url('/../includes/js/rba/js/jquery.flash.js', __FILE__ ));
342
- wp_enqueue_script( 'uaparser_script', plugins_url('/../includes/js/rba/js/ua-parser.js', __FILE__ ));
343
- wp_enqueue_script( 'client_script', plugins_url('/../includes/js/rba/js/client.js', __FILE__ ));
344
- wp_enqueue_script( 'device_script', plugins_url('/../includes/js/rba/js/device_attributes.js', __FILE__ ));
345
- wp_enqueue_script( 'swf_script', plugins_url('/../includes/js/rba/js/swfobject.js', __FILE__ ));
346
- wp_enqueue_script( 'font_script', plugins_url('/../includes/js/rba/js/fontdetect.js', __FILE__ ));
347
- wp_enqueue_script( 'murmur_script', plugins_url('/../includes/js/rba/js/murmurhash3.js', __FILE__ ));
348
- wp_enqueue_script( 'miniorange_script', plugins_url('/../includes/js/rba/js/miniorange-fp.js', __FILE__ ));
349
- }
350
- }
351
-
352
- function mo_2_factor_enable_jquery_default_login(){
353
- wp_enqueue_script('jquery');
354
- }
355
-
356
- function mo2f_collect_device_attributes_for_authenticated_user($currentuser, $redirect_to = null){
357
- if(get_option('mo2f_deviceid_enabled')){
358
- $this->miniorange_pass2login_start_session();
359
- $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
360
- mo2f_collect_device_attributes_handler($redirect_to);
361
- exit;
362
- }else {
363
- $this->miniorange_initiate_2nd_factor($currentuser, null, $redirect_to);
364
- }
365
- }
366
-
367
- function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
368
- if(is_a($user, 'WP_Error') && !empty($user)){
369
- return $user;
370
- }
371
-
372
- // if an app password is enabled, this is an XMLRPC / APP login ?
373
- if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
374
-
375
- /* App Specific Password
376
- // Get information on user
377
- if ( get_user_by( 'email', $username ) === false ) {
378
- $user = get_user_by( 'login', $username );
379
- } else {
380
- $user = get_user_by( 'email', $username );
381
- }
382
-
383
- // checking if password was generated by user
384
- if(!get_user_option( 'mo2f_app_password', $user->ID )){
385
- $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
386
- return false;
387
- }
388
-
389
- // Verifying the passwords
390
- $app_password = get_user_option( 'mo2f_app_password', $user->ID );
391
- $usersha1 = sha1($password );
392
-
393
- // if passwords match
394
- if ( $app_password == $usersha1 ) {
395
- return new WP_User( $user->ID );
396
- } else {
397
- // Wrong XMLRPC/APP password !
398
- $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
399
- return false;
400
- }*/
401
-
402
- $currentuser = wp_authenticate_username_password($user, $username, $password);
403
- if (is_wp_error($currentuser)) {
404
- $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
405
- return false;
406
- }else{
407
- return $currentuser;
408
- }
409
- }else{
410
- $currentuser = wp_authenticate_username_password($user, $username, $password);
411
- if (is_wp_error($currentuser)) {
412
- $currentuser->add('invalid_username_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
413
- return $currentuser;
414
- }else{
415
-
416
- $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
417
-
418
- $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
419
- $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
420
- }
421
- }
422
- }
423
-
424
-
425
- public function miniorange_pass2login_redirect() {
426
-
427
- if(!get_option('mo2f_login_policy')){
428
-
429
- if (isset($_POST['miniorange_login_nonce'])){
430
- $nonce = $_POST['miniorange_login_nonce'];
431
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
432
- $this->remove_current_activity();
433
- $error = new WP_Error();
434
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
435
- return $error;
436
- } else {
437
- $this->miniorange_pass2login_start_session();
438
- $mobile_login = new Miniorange_Mobile_Login();
439
- //validation and sanitization
440
- $username = '';
441
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
442
- $_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
443
- $mobile_login->mo_auth_show_error_message();
444
- return;
445
- } else{
446
- $username = sanitize_text_field( $_POST['mo2fa_username'] );
447
- }
448
-
449
-
450
-
451
- if ( username_exists( $username ) ){ /*if username exists in wp site */
452
- $user = new WP_User( $username );
453
-
454
- $_SESSION[ 'mo2f_current_user' ] = serialize($user);
455
- $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
456
-
457
- $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
458
-
459
- $current_roles = miniorange_get_user_role($user);
460
- $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
461
-
462
- if($enabled){
463
- if(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
464
- if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($user->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
465
- $this->mo2f_pass2login_kba_verification($user->ID , $redirect_to);
466
-
467
- }else{
468
- $mo2f_second_factor = mo2f_get_user_2ndfactor($user);
469
- if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
470
- $this->mo2f_pass2login_mobile_verification($user , $redirect_to);
471
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
472
- $this->mo2f_pass2login_push_oobemail_verification($user,$mo2f_second_factor, $redirect_to);
473
- }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
474
-
475
- $this->mo2f_pass2login_otp_verification($user,$mo2f_second_factor, $redirect_to);
476
-
477
- }else if($mo2f_second_factor == 'KBA'){
478
-
479
- $this->mo2f_pass2login_kba_verification($user->ID, $redirect_to);
480
- }else{
481
- $this->remove_current_activity();
482
- $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
483
- $mobile_login->mo_auth_show_success_message();
484
- }
485
- }
486
- }else{
487
-
488
- $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
489
- $mobile_login->mo_auth_show_success_message();
490
- $mobile_login->mo2f_redirectto_wp_login();
491
- }
492
- }else{
493
- $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
494
- $mobile_login->mo_auth_show_success_message();
495
- $mobile_login->mo2f_redirectto_wp_login();
496
- }
497
- } else{
498
- $mobile_login->remove_current_activity();
499
- $_SESSION['mo2f-login-message'] = 'Invalid Username.';
500
- $mobile_login->mo_auth_show_error_message();
501
- }
502
- }
503
- }
504
- }
505
-
506
- if (isset($_POST['miniorange_mobile_validation_failed_nonce'])){ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
507
- $nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
508
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
509
- $error = new WP_Error();
510
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
511
- return $error;
512
- } else {
513
- $this->miniorange_pass2login_start_session();
514
- $this->remove_current_activity();
515
- }
516
- }
517
-
518
- if (isset($_POST['miniorange_attribute_collection_nonce'])){ /*Handling Rba Attributes from other plugins */
519
- $nonce = $_POST['miniorange_attribute_collection_nonce'];
520
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
521
- $error = new WP_Error();
522
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
523
- return $error;
524
- } else {
525
- $this->miniorange_pass2login_start_session();
526
- $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
527
- $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
528
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
529
- $this->miniorange_initiate_2nd_factor($current_user, $attributes, $redirect_to);
530
  }
531
- }
532
-
533
  }
534
-
535
-
536
  }
537
  ?>
1
+ <?Php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ Copyright (C) 2015 miniOrange
4
 
5
+ This program is free software: you can redistribute it and/or modify
6
+ it under the terms of the GNU General Public License as published by
7
+ the Free Software Foundation, either version 3 of the License, or
8
+ (at your option) any later version.
9
+
10
+ This program is distributed in the hope that it will be useful,
11
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ GNU General Public License for more details.
14
+
15
+ You should have received a copy of the GNU General Public License
16
+ along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
  */
20
+ /**
21
+ This library is miniOrange Authentication Service.
22
+ Contains Request Calls to Customer service.
23
 
24
+ **/
25
+ include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
26
+ include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
27
 
28
+
29
+ class Miniorange_Password_2Factor_Login{
30
+
31
  function remove_current_activity(){
32
  unset($_SESSION[ 'mo2f_current_user' ]);
33
  unset($_SESSION[ 'mo2f_1stfactor_status' ]);
63
  session_start();
64
  }
65
  }
66
+
67
+
68
+ public function miniorange_pass2login_redirect() {
69
+
70
+ if(!get_option('mo2f_login_policy')){
71
+
72
+ if (isset($_POST['miniorange_login_nonce'])){
73
+ $nonce = $_POST['miniorange_login_nonce'];
74
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
75
+ $this->remove_current_activity();
76
+ $error = new WP_Error();
77
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
78
+ return $error;
79
+ } else {
80
+ $this->miniorange_pass2login_start_session();
81
+ $mobile_login = new Miniorange_Mobile_Login();
82
+ //validation and sanitization
83
+ $username = '';
84
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
85
+ $_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
86
+ $mobile_login->mo_auth_show_error_message();
87
+ return;
88
+ } else{
89
+ $username = sanitize_text_field( $_POST['mo2fa_username'] );
90
+ }
91
+
92
+
93
+
94
+ if ( username_exists( $username ) ){ /*if username exists in wp site */
95
+ $user = new WP_User( $username );
96
+
97
+ $_SESSION[ 'mo2f_current_user' ] = serialize($user);
98
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
99
+
100
+ $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
101
+
102
+ $current_roles = miniorange_get_user_role($user);
103
+ $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
104
 
105
+ if($enabled){
106
+ if(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
107
+ if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($user->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
108
+ $this->mo2f_pass2login_kba_verification($user->ID , $redirect_to);
109
+
110
+ }else{
111
+ $mo2f_second_factor = mo2f_get_user_2ndfactor($user);
112
+ if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
113
+ $this->mo2f_pass2login_mobile_verification($user , $redirect_to);
114
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
115
+ $this->mo2f_pass2login_push_oobemail_verification($user,$mo2f_second_factor, $redirect_to);
116
+ }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
117
+
118
+ $this->mo2f_pass2login_otp_verification($user,$mo2f_second_factor, $redirect_to);
119
+
120
+ }else if($mo2f_second_factor == 'KBA'){
121
+
122
+ $this->mo2f_pass2login_kba_verification($user->ID, $redirect_to);
123
+ }else{
124
+ $this->remove_current_activity();
125
+ $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
126
+ $mobile_login->mo_auth_show_success_message();
127
+ }
128
+ }
129
+ }else{
130
+
131
+ $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
132
+ $mobile_login->mo_auth_show_success_message();
133
+ $mobile_login->mo2f_redirectto_wp_login();
134
+ }
135
+ }else{
136
+ $_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
137
+ $mobile_login->mo_auth_show_success_message();
138
+ $mobile_login->mo2f_redirectto_wp_login();
139
+ }
140
+ } else{
141
+ $mobile_login->remove_current_activity();
142
+ $_SESSION['mo2f-login-message'] = 'Invalid Username.';
143
+ $mobile_login->mo_auth_show_error_message();
144
+ }
145
+ }
146
+ }
147
+
148
+ }
149
+
150
+ if(isset($_POST['mo2f_trust_device_confirm_nonce'])){ /*register device as rba profile */
151
+ $nonce = $_POST['mo2f_trust_device_confirm_nonce'];
152
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
153
+ $this->remove_current_activity();
154
+ $error = new WP_Error();
155
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
156
+ return $error;
157
+ } else {
158
+ $this->miniorange_pass2login_start_session();
159
+ try{
160
+ $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
161
+ mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
162
+ }catch(Exception $e){
163
+ echo $e->getMessage();
164
+ }
165
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
166
+ $this->mo2fa_pass2login($redirect_to);
167
+ }
168
+ }
169
+
170
+ if(isset($_POST['mo2f_trust_device_cancel_nonce'])){ /*do not register device as rba profile */
171
+ $nonce = $_POST['mo2f_trust_device_cancel_nonce'];
172
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
173
+ $error = new WP_Error();
174
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
175
+ return $error;
176
+ } else {
177
+ $this->miniorange_pass2login_start_session();
178
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
179
+ $this->mo2fa_pass2login($redirect_to);
180
+ }
181
+ }
182
+
183
+ if(isset($_POST['miniorange_challenge_forgotphone_nonce'])){ /*check kba validation*/
184
+ $nonce = $_POST['miniorange_challenge_forgotphone_nonce'];
185
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
186
+ $error = new WP_Error();
187
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
188
+ return $error;
189
+ }else {
190
+ $this->miniorange_pass2login_start_session();
191
+ $forgot_phone_enable = get_option('mo2f_enable_forgotphone');
192
+ $forgot_phone_kba_enable = get_option('mo2f_enable_forgotphone_kba');
193
+ $forgot_phone_email_enable = get_option('mo2f_enable_forgotphone_email');
194
+
195
+ $second_factor = isset($_POST[ 'mo2f_selected_2factor_method' ]) ? $_POST[ 'mo2f_selected_2factor_method' ] : 'KBA';
196
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
197
+ $current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);
198
+ $id = $current_user->ID;
199
+ if($forgot_phone_enable && $forgot_phone_email_enable && $second_factor == 'OTP OVER EMAIL'){
200
+ $customer = new Customer_Setup();
201
+ $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
202
 
203
+ $mo2fa_login_message = '';
204
+ $mo2f_login_status = '' ;
205
+
206
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
207
+ $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
208
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
209
+ $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ;
210
+ }else{
211
+ $mo2fa_login_message = 'Error occured while sending OTP over your regsitered email. Please try again.';
212
+ $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;
213
+ }
214
+ $this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
215
+ }else if($forgot_phone_enable && $forgot_phone_kba_enable){
216
+ if(get_user_meta($id,'mo2f_kba_registration_status',true)){
217
+ $this->mo2f_pass2login_kba_verification($current_user->ID, $redirect_to);
218
+ }else{
219
+ $mo2fa_login_message = 'Your KBA is not configured. Please choose other option to procedd further.';
220
+ $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;
221
+ $this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
222
+ }
223
+ }
224
+ }
225
+ }
226
+
227
+ if(isset($_POST['miniorange_alternate_login_kba_nonce'])){ /*check kba validation*/
228
+ $nonce = $_POST['miniorange_alternate_login_kba_nonce'];
229
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
230
+ $error = new WP_Error();
231
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
232
+ return $error;
233
+ }else {
234
+ $this->miniorange_pass2login_start_session();
235
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
236
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
237
+ $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
238
+ }
239
+ }
240
+
241
+ if(isset($_POST['miniorange_kba_nonce'])){ /*check kba validation*/
242
+ $nonce = $_POST['miniorange_kba_nonce'];
243
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
244
+ $error = new WP_Error();
245
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
246
+ return $error;
247
+ } else {
248
+
249
+ $this->miniorange_pass2login_start_session();
250
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ): null;
251
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
252
+
253
+ if(isset($_SESSION[ 'mo2f_current_user' ])){
254
+ if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) || MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
255
+ $mo2fa_login_message = 'Please provide both the answers.';
256
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
257
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
258
+ }
259
+ $otpToken = array();
260
+ $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
261
+ $otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
262
+ $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
263
+ $otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
264
+ $check_trust_device = isset($_POST[ 'mo2f_trust_device' ] ) ? $_POST[ 'mo2f_trust_device' ] : 'false';
265
+
266
+ $kba_validate = new Customer_Setup();
267
+ $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $_SESSION[ 'mo2f-login-transactionId' ], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
268
+
269
+ if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
270
+ if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'on'){
271
+ try{
272
+ mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
273
+ }catch(Exception $e){
274
+ echo $e->getMessage();
275
+ }
276
+ $this->mo2fa_pass2login($redirect_to);
277
+ }else{
278
+ $this->mo2fa_pass2login($redirect_to);
279
+ }
280
+ }else{
281
+
282
+ $mo2fa_login_message = 'The answers you have provided are incorrect.';
283
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
284
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
285
+ }
286
+ }else{
287
+ $this->remove_current_activity();
288
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
289
+ }
290
+ }
291
+ }
292
+
293
+ if(isset($_POST['miniorange_mobile_validation_nonce'])){ /*check mobile validation */
294
+ $nonce = $_POST['miniorange_mobile_validation_nonce'];
295
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
296
+ $error = new WP_Error();
297
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
298
+ return $error;
299
+ } else {
300
+ $this->miniorange_pass2login_start_session();
301
+ $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
302
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
303
+ $checkMobileStatus = new Two_Factor_Setup();
304
+ $content = $checkMobileStatus->check_mobile_status($_SESSION[ 'mo2f-login-transactionId' ]);
305
+ $response = json_decode($content, true);
306
+ if(json_last_error() == JSON_ERROR_NONE) {
307
+ if($response['status'] == 'SUCCESS'){
308
+ if(get_option('mo2f_deviceid_enabled')){
309
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
310
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
311
+ }else{
312
+ $this->mo2fa_pass2login($redirect_to);
313
+ }
314
+ }else{
315
+ $this->remove_current_activity();
316
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
317
+ }
318
+ }else{
319
+ $this->remove_current_activity();
320
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
321
+ }
322
+ }
323
+ }
324
+
325
+ if (isset($_POST['miniorange_mobile_validation_failed_nonce'])){ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
326
+ $nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
327
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
328
+ $error = new WP_Error();
329
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
330
+ return $error;
331
+ } else {
332
+ $this->miniorange_pass2login_start_session();
333
  $this->remove_current_activity();
334
+ }
335
+ }
336
+
337
+ if(isset($_POST['miniorange_forgotphone'])){ /*Click on the link of forgotphone */
338
+ $nonce = $_POST['miniorange_forgotphone'];
339
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
340
  $error = new WP_Error();
341
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
342
  return $error;
343
+ } else{
344
+ $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
345
+ $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
346
+ $mo2fa_login_message = '';
347
+
348
+ $this->miniorange_pass2login_start_session();
349
+
350
+ $customer = new Customer_Setup();
351
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
352
+ $id = $current_user->ID;
353
+ if(get_user_meta($id,'mo2f_kba_registration_status',true)){
354
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
355
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
356
+ $pass2fa_login->mo2f_pass2login_kba_verification($id, $redirect_to);
357
+ }else{
358
+ $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
359
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
360
+ unset($_SESSION[ 'mo2f-login-qrCode' ]);
361
+ unset($_SESSION[ 'mo2f-login-transactionId' ]);
362
+ $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
363
+ $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
364
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
365
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
366
+ }else{
367
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
368
+ }
369
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
370
+ }
371
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
372
+
373
+ $pass2fa_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
374
+ }
375
+ }
376
+
377
+ if(isset($_POST['miniorange_softtoken'])){ /*Click on the link of phone is offline */
378
+ $nonce = $_POST['miniorange_softtoken'];
379
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
380
+ $error = new WP_Error();
381
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
382
+ return $error;
383
+ } else{
384
+ $this->miniorange_pass2login_start_session();
385
+ unset($_SESSION[ 'mo2f-login-qrCode' ]);
386
+ unset($_SESSION[ 'mo2f-login-transactionId' ]);
387
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
388
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
389
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
390
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
391
+ }
392
+ }
393
+
394
+ if (isset($_POST['miniorange_soft_token_nonce'])){ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
395
+ $nonce = $_POST['miniorange_soft_token_nonce'];
396
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
397
+ $error = new WP_Error();
398
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
399
+ return $error;
400
+ } else {
401
+ $this->miniorange_pass2login_start_session();
402
+ $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
403
+ $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
404
+ $softtoken = '';
405
+ if( MO2f_utility::mo2f_check_empty_or_null( $_POST[ 'mo2fa_softtoken' ] ) ) {
406
+ $mo2fa_login_message = 'Please enter OTP to proceed.';
407
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
408
+ } else{
409
+ $softtoken = sanitize_text_field( $_POST[ 'mo2fa_softtoken' ] );
410
+ if(!MO2f_utility::mo2f_check_number_length($softtoken)){
411
+ $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
412
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
413
+ }
414
+ }
415
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
416
+ if(isset($_SESSION[ 'mo2f_current_user' ])){
417
+ $customer = new Customer_Setup();
418
+ $content ='';
419
+ if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
420
+ $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
421
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
422
+ $content = json_decode($customer->validate_otp_token( 'SMS', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
423
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
424
+ $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
425
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
426
+ $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
427
+ }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
428
+ $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
429
+ }else{
430
+ $this->remove_current_activity();
431
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.'));
432
+ }
433
+
434
+
435
+
436
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
437
+ if(get_option('mo2f_deviceid_enabled')){
438
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
439
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
440
+ }else{
441
+ $this->mo2fa_pass2login($redirect_to);
442
+ }
443
+ }else{
444
+
445
+ $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
446
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $message, $redirect_to);
447
+ }
448
+
449
+ }else{
450
+ $this->remove_current_activity();
451
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
452
+ }
453
+ }
454
+ }
455
+
456
+ if (isset($_POST['miniorange_inline_skip_registration_nonce'])){ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
457
+ $nonce = $_POST['miniorange_inline_skip_registration_nonce'];
458
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-skip-registration-nonce' ) ) {
459
+ $error = new WP_Error();
460
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
461
+ return $error;
462
+ } else {
463
+ $this->miniorange_pass2login_start_session();
464
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
465
+ delete_user_meta($current_user->ID,'mo2f_selected_2factor_method');
466
+ $this->mo2fa_pass2login();
467
+ }
468
+ }
469
+
470
+ if (isset($_POST['miniorange_attribute_collection_nonce'])){ /*Handling Rba Attributes from other plugins */
471
+ $nonce = $_POST['miniorange_attribute_collection_nonce'];
472
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
473
+ $error = new WP_Error();
474
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
475
+ return $error;
476
+ } else {
477
+ $this->miniorange_pass2login_start_session();
478
+ $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
479
+ $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
480
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
481
+ $this->miniorange_initiate_2nd_factor($current_user, $attributes, $redirect_to);
482
  }
 
 
 
 
 
483
  }
484
  }
485
 
 
486
 
487
+
488
+ function mo2f_collect_device_attributes_for_authenticated_user($currentuser, $redirect_to = null){
489
+ if(get_option('mo2f_deviceid_enabled')){
490
+ $this->miniorange_pass2login_start_session();
491
+ $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
492
+ mo2f_collect_device_attributes_handler($redirect_to);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
493
  exit;
494
+ }else {
495
+ $this->miniorange_initiate_2nd_factor($currentuser, null, $redirect_to);
496
+ }
497
+ }
498
+
499
+ function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
500
+ if(is_a($user, 'WP_Error') && !empty($user)){
501
+ return $user;
502
+ }
503
+
504
+ // if an app password is enabled, this is an XMLRPC / APP login ?
505
+ if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
506
+
507
+ /* App Specific Password
508
+ // Get information on user
509
+ if ( get_user_by( 'email', $username ) === false ) {
510
+ $user = get_user_by( 'login', $username );
511
+ } else {
512
+ $user = get_user_by( 'email', $username );
513
+ }
514
+
515
+ // checking if password was generated by user
516
+ if(!get_user_option( 'mo2f_app_password', $user->ID )){
517
+ $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
518
+ return false;
519
+ }
520
+
521
+ // Verifying the passwords
522
+ $app_password = get_user_option( 'mo2f_app_password', $user->ID );
523
+ $usersha1 = sha1($password );
524
+
525
+ // if passwords match
526
+ if ( $app_password == $usersha1 ) {
527
+ return new WP_User( $user->ID );
528
+ } else {
529
+ // Wrong XMLRPC/APP password !
530
+ $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
531
+ return false;
532
+ }*/
533
+
534
+ $currentuser = wp_authenticate_username_password($user, $username, $password);
535
+ if (is_wp_error($currentuser)) {
536
+ $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
537
+ return false;
538
+ }else{
539
+ return $currentuser;
540
+ }
541
+ }else{
542
+ $currentuser = wp_authenticate_username_password($user, $username, $password);
543
+ if (is_wp_error($currentuser)) {
544
+ $currentuser->add('invalid_username_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
545
+ return $currentuser;
546
+ }else{
547
+
548
+ $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
549
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
550
+ $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
551
+ }
552
  }
553
  }
554
 
 
555
  function miniorange_initiate_2nd_factor($currentuser, $attributes=null, $redirect_to=null){
556
 
557
 
605
 
606
  }
607
 
608
+
609
+ function mo_2_factor_enable_jquery_default_login(){
610
+ wp_enqueue_script('jquery');
611
+ }
612
+
613
+
614
+
615
+ function miniorange_pass2login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null, $redirect_to=null){
616
+
617
+ $login_status = $mo2fa_login_status;
618
+ $login_message = $mo2fa_login_message;
619
+ $current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
620
+ $current_user_id = is_null($current_user) ? null : $current_user->ID;
621
+ if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
622
+ mo2f_getqrcode($login_status, $login_message, $redirect_to);
623
+ exit;
624
+ }else if($this->miniorange_pass2login_check_otp_status($login_status)){ //for soft-token,otp over email,sms,phone verification,google auth
625
+ mo2f_getotp_form($login_status, $login_message, $redirect_to);
626
+ exit;
627
+ }else if($this->miniorange_pass2login_check_forgotphone_status($login_status)){ // forgot phone page if both KBA and Email are configured.
628
+ mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to);
629
+ exit;
630
+ }else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
631
+ mo2f_getpush_oobemail_response($current_user_id, $login_status, $login_message, $redirect_to);
632
+ exit;
633
+ }else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
634
+ mo2f_getkba_form($login_status, $login_message, $redirect_to);
635
+ exit;
636
+ }else if($this->miniorange_pass2login_check_trusted_device_status($login_status)){ // trusted device
637
+ mo2f_get_device_form($login_status, $login_message, $redirect_to);
638
+ exit;
639
+ }else{ //show login screen
640
+ $this->mo_2_factor_pass2login_show_wp_login_form();
641
+ }
642
+ }
643
+
644
  function miniorange_pass2login_check_forgotphone_status($login_status){ // after clicking on forgotphone link when both kba and email are configured
645
  if($login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL'){
646
  return true;
771
  }
772
  }
773
 
774
+ function mo2f_pass2login_kba_verification($user_id, $redirect_to){
775
+ $challengeKba = new Customer_Setup();
776
+ $content = $challengeKba->send_otp_token(get_user_meta($user_id,'mo_2factor_map_id_with_email',true), 'KBA',get_option('mo2f_customerKey'),get_option('mo2f_api_key'));
777
+ $response = json_decode($content, true);
778
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
779
+ if($response['status'] == 'SUCCESS'){
780
+ $_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
781
+ $questions = array();
782
+ $questions[0] = $response['questions'][0]['question'];
783
+ $questions[1] = $response['questions'][1]['question'];
784
+ $_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
785
+
786
+ $mo2fa_login_message = 'Please answer the following questions:';
787
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
788
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
789
+ }else if($response['status'] == 'ERROR'){
790
+ $this->remove_current_activity();
791
+ $error = new WP_Error();
792
+ $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
793
+ return $error;
794
+ }
795
+ }else{
796
+ $this->remove_current_activity();
797
+ $error = new WP_Error();
798
+ $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.'));
799
+ return $error;
800
+ }
801
+ }
802
+
803
  function mo2f_pass2login_mobile_verification($user, $redirect_to){
804
  $useragent = $_SERVER['HTTP_USER_AGENT'];
805
  if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
851
  ?>
852
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value="" /></p>
853
  <?php
854
+ wp_enqueue_script( 'jquery_script', plugins_url('includes/js/rba/js/jquery-1.9.1.js', __FILE__ ));
855
+ wp_enqueue_script( 'flash_script', plugins_url('includes/js/rba/js/jquery.flash.js', __FILE__ ));
856
+ wp_enqueue_script( 'uaparser_script', plugins_url('includes/js/rba/js/ua-parser.js', __FILE__ ));
857
+ wp_enqueue_script( 'client_script', plugins_url('includes/js/rba/js/client.js', __FILE__ ));
858
+ wp_enqueue_script( 'device_script', plugins_url('includes/js/rba/js/device_attributes.js', __FILE__ ));
859
+ wp_enqueue_script( 'swf_script', plugins_url('includes/js/rba/js/swfobject.js', __FILE__ ));
860
+ wp_enqueue_script( 'font_script', plugins_url('includes/js/rba/js/fontdetect.js', __FILE__ ));
861
+ wp_enqueue_script( 'murmur_script', plugins_url('includes/js/rba/js/murmurhash3.js', __FILE__ ));
862
+ wp_enqueue_script( 'miniorange_script', plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
863
  }
 
 
864
  }
 
 
865
  }
866
  ?>
class-miniorange-2-factor-user-registration.php ADDED
@@ -0,0 +1,270 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?Php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ Copyright (C) 2015 miniOrange
4
+
5
+ This program is free software: you can redistribute it and/or modify
6
+ it under the terms of the GNU General Public License as published by
7
+ the Free Software Foundation, either version 3 of the License, or
8
+ (at your option) any later version.
9
+
10
+ This program is distributed in the hope that it will be useful,
11
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ GNU General Public License for more details.
14
+
15
+ You should have received a copy of the GNU General Public License
16
+ along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ This library is miniOrange Authentication Service.
22
+ Contains Request Calls to Customer service.
23
+
24
+ **/
25
+ class Miniorange_User_Register{
26
+
27
+ function __construct(){
28
+ add_action( 'admin_init', array( $this, 'miniorange_user_save_settings' ) );
29
+ add_action( 'admin_enqueue_scripts', array( $this, 'plugin_settings_style' ) );
30
+ }
31
+
32
+ function plugin_settings_style() {
33
+ wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__));
34
+ }
35
+
36
+ function mo_auth_success_message() {
37
+ $message = get_option('mo2f_message'); ?>
38
+ <script>
39
+
40
+ jQuery(document).ready(function() {
41
+
42
+ var message = "<?php echo $message; ?>";
43
+ jQuery('#messages').append("<div class='error notice is-dismissible mo2f_error_container'> <p class='mo2f_msgs'>" + message + "</p></div>");
44
+ });
45
+ </script>
46
+ <?php
47
+ }
48
+
49
+ function mo_auth_error_message() {
50
+ $message = get_option('mo2f_message'); ?>
51
+ <script>
52
+ jQuery(document).ready(function() {
53
+
54
+ var message = "<?php echo $message; ?>";
55
+ jQuery('#messages').append("<div class='updated notice is-dismissible mo2f_success_container'> <p class='mo2f_msgs'>" + message + "</p></div>");
56
+
57
+ jQuery('a[href=\"#test\"]').click(function() {
58
+ var currentMethod = jQuery(this).data("method");
59
+
60
+ if(currentMethod == 'MOBILE AUTHENTICATION'){
61
+ jQuery('#mo2f_2factor_test_mobile_form').submit();
62
+ }else if(currentMethod == 'PUSH NOTIFICATIONS'){
63
+ jQuery('#mo2f_2factor_test_push_form').submit();
64
+ }else if(currentMethod == 'SOFT TOKEN'){
65
+ jQuery('#mo2f_2factor_test_softtoken_form').submit();
66
+ }else if(currentMethod == 'SMS' || currentMethod == 'PHONE VERIFICATION'){
67
+ jQuery('#mo2f_test_2factor_method').val(currentMethod);
68
+ jQuery('#mo2f_2factor_test_smsotp_form').submit();
69
+ }else if(currentMethod == 'OUT OF BAND EMAIL'){
70
+ jQuery('#mo2f_2factor_test_out_of_band_email_form').submit();
71
+ }else if(currentMethod == 'GOOGLE AUTHENTICATOR'){
72
+ jQuery('#mo2f_2factor_test_google_auth_form').submit();
73
+ }
74
+ });
75
+
76
+ });
77
+ </script>
78
+ <?php
79
+ }
80
+
81
+ private function mo_auth_show_success_message() {
82
+ remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
83
+ add_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
84
+ }
85
+
86
+ private function mo_auth_show_error_message() {
87
+ remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
88
+ add_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
89
+ }
90
+
91
+ public function mo2f_register_user(){
92
+ global $wpdb;
93
+ global $current_user;
94
+ $current_user = wp_get_current_user();
95
+ if(mo_2factor_is_curl_installed()==0){ ?>
96
+ <p style="color:red;">(Warning: <a href="http://php.net/manual/en/curl.installation.php" target="_blank">PHP CURL extension</a> is not installed or disabled)</p>
97
+ <?php
98
+ }
99
+
100
+
101
+ $mo2f_active_tab = isset($_GET['mo2f_tab']) ? $_GET['mo2f_tab'] : '2factor_setup';
102
+
103
+
104
+ ?>
105
+ <div id="tab">
106
+ <h2 class="nav-tab-wrapper">
107
+ <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=2factor_setup" class="nav-tab <?php echo $mo2f_active_tab == '2factor_setup' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab1"><?php if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' || get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION' || get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ ?>User Profile <?php }else{ ?> Account Setup <?php } ?></a>
108
+ <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure" class="nav-tab <?php echo $mo2f_active_tab == 'mobile_configure' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab2">Setup Two-Factor</a>
109
+ <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_demo" class="nav-tab <?php echo $mo2f_active_tab == 'mo2f_demo' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab4">How To Setup</a>
110
+ <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help" class="nav-tab <?php echo $mo2f_active_tab == 'mo2f_help' ? 'nav-tab-active' : ''; ?>" id="mo2f_tab3">Help & Troubleshooting</a>
111
+ </h2>
112
+ </div>
113
+
114
+ <div class="mo2f_container">
115
+ <div id="messages"></div>
116
+ <table style="width:100%;padding:10px;">
117
+ <tr>
118
+ <td style="width:60%;vertical-align:top;">
119
+ <?php
120
+
121
+ if($mo2f_active_tab == 'mobile_configure') {
122
+
123
+ $mo2f_second_factor = mo2f_get_activated_second_factor($current_user);
124
+ mo2f_select_2_factor_method($current_user,$mo2f_second_factor);
125
+
126
+ ?>
127
+ <script>
128
+ jQuery(document).ready(function(){
129
+ jQuery("#mo2f_support_table").hide();
130
+ });
131
+ </script>
132
+ <?php
133
+ }else if($mo2f_active_tab == 'mo2f_demo'){
134
+ unset($_SESSION[ 'mo2f_google_auth' ]);
135
+ unset($_SESSION[ 'mo2f_mobile_support' ]);
136
+ show_2_factor_login_demo($current_user);
137
+ }else if($mo2f_active_tab == 'mo2f_help'){
138
+ unset($_SESSION[ 'mo2f_google_auth' ]);
139
+ unset($_SESSION[ 'mo2f_mobile_support' ]);
140
+ mo2f_show_help_and_troubleshooting($current_user);
141
+ }else if(get_option('mo2f_deviceid_enabled' ) && $mo2f_active_tab == 'advance_option'){
142
+ unset($_SESSION[ 'mo2f_google_auth' ]);
143
+ unset($_SESSION[ 'mo2f_mobile_support' ]);
144
+ show_2_factor_advanced_options($current_user); //Login Settings tab
145
+ }else{
146
+ unset($_SESSION[ 'mo2f_google_auth' ]);
147
+ unset($_SESSION[ 'mo2f_mobile_support' ]);
148
+ if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS' || get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'){
149
+ mo2f_show_user_otp_validation_page();
150
+ }else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION') {
151
+ $mo2f_second_factor = mo2f_get_activated_second_factor($current_user);
152
+ mo2f_show_instruction_to_allusers($current_user,$mo2f_second_factor);
153
+ }else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
154
+ mo2f_show_instruction_to_allusers($current_user,'NONE');
155
+ }else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
156
+ $mo2f_second_factor = mo2f_get_activated_second_factor($current_user);
157
+ mo2f_show_instruction_to_allusers($current_user,$mo2f_second_factor);
158
+ }else{
159
+ show_user_welcome_page($current_user);
160
+ }
161
+ }
162
+ ?>
163
+ </td>
164
+ <td style="vertical-align:top;padding-left:1%;" id="mo2f_support_table">
165
+ </td>
166
+ </tr>
167
+ </table>
168
+ </div>
169
+ <?php
170
+ }
171
+
172
+ function miniorange_user_save_settings() {
173
+ global $wpdb;
174
+ global $current_user;
175
+ $current_user = wp_get_current_user();
176
+
177
+ if(!current_user_can('manage_options')){
178
+ if(isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_user_otp"){ //validate OTP
179
+ //validation and sanitization
180
+ $otp_token = '';
181
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
182
+ update_option( 'mo2f_message', 'All the fields are required. Please enter valid entries.');
183
+ $this->mo_auth_show_error_message();
184
+ return;
185
+ } else{
186
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
187
+ }
188
+
189
+ if(!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID,'mo_2factor_user_email',true))){
190
+ $customer = new Customer_Setup();
191
+ $transactionId = get_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account',true);
192
+ $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
193
+ if($content['status'] == 'ERROR'){
194
+ update_option( 'mo2f_message', $content['message']);
195
+ delete_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account');
196
+ }else{
197
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode
198
+ $this->mo2f_create_user($current_user,get_user_meta($current_user->ID,'mo_2factor_user_email',true));
199
+ delete_user_meta($current_user->ID,'mo_2fa_verify_otp_create_account');
200
+ }else{ // OTP Validation failed.
201
+ update_option( 'mo2f_message','Invalid OTP. Please try again.');
202
+ update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_FAILURE');
203
+ $this->mo_auth_show_error_message();
204
+ }
205
+ }
206
+
207
+ }else{
208
+ update_option('mo2f_message','The email is already used by other user. Please register with other email by clicking on Back button.');
209
+ $this->mo_auth_show_error_message();
210
+ }
211
+ }
212
+ }
213
+
214
+ }
215
+
216
+ function mo2f_create_user($current_user,$email){ //creating user in miniOrange of wordpress non-admin
217
+ $email = strtolower($email);
218
+ $enduser = new Two_Factor_Setup();
219
+ $check_user = json_decode($enduser->mo_check_user_already_exist($email),true);
220
+ if(json_last_error() == JSON_ERROR_NONE){
221
+ if($check_user['status'] == 'ERROR'){
222
+ update_option( 'mo2f_message', $check_user['message']);
223
+ $this->mo_auth_show_error_message();
224
+ }else{
225
+ if(strcasecmp($check_user['status'], 'USER_FOUND') == 0){
226
+ delete_user_meta($current_user->ID,'mo_2factor_user_email');
227
+ update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
228
+ update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',$email);
229
+ update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
230
+ $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,null,null);
231
+ $message = 'You are registered successfully. <a href=\"admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure\" >Click Here </a>to configure 2nd factor authentication method.';
232
+ update_option( 'mo2f_message', $message);
233
+ $this->mo_auth_show_success_message();
234
+
235
+ }else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
236
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
237
+ if(json_last_error() == JSON_ERROR_NONE) {
238
+ if($content['status'] == 'ERROR'){
239
+ update_option( 'mo2f_message', $content['message']);
240
+ }else{
241
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
242
+ delete_user_meta($current_user->ID,'mo_2factor_user_email');
243
+ update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
244
+ update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',$email);
245
+ update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
246
+ $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,null,null);
247
+ $message = 'You are registered successfully. <a href=\"admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure\" >Click Here </a>to configure 2nd factor authentication method.';
248
+ update_option( 'mo2f_message', $message);
249
+ $this->mo_auth_show_success_message();
250
+ }else{
251
+ update_option( 'mo2f_message','Error occurred while registering the user. Please try again.');
252
+ $this->mo_auth_show_error_message();
253
+ }
254
+ }
255
+ }else{
256
+ update_option( 'mo2f_message','Error occurred while registering the user. Please try again or contact your admin.');
257
+ $this->mo_auth_show_error_message();
258
+ }
259
+ }else{
260
+ update_option( 'mo2f_message','Error occurred while registering the user. Please try again.');
261
+ $this->mo_auth_show_error_message();
262
+ }
263
+ }
264
+ }else{
265
+ update_option( 'mo2f_message','Error occurred while registering the user. Please try again.');
266
+ $this->mo_auth_show_error_message();
267
+ }
268
+ }
269
+
270
+ }
handlers/class-mo2f-alternate-login-kba.php DELETED
@@ -1,23 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - When the user clicks on "Didn't receive email?".
6
- * For authentication methods: Email Verification
7
- *
8
- */
9
-
10
- class Miniorange_alternate_login_kba{
11
-
12
- function miniorange_init_alternate_login_kba(){
13
-
14
- $two_factor_login = new Miniorange_Password_2Factor_Login();
15
- $two_factor_login->miniorange_pass2login_start_session();
16
-
17
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
18
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
19
- $two_factor_login->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
20
-
21
- }
22
- }
23
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-forgot-phone.php DELETED
@@ -1,48 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - when the user clicks on 'Forgot Phone'.
6
- * For authentication methods: OTP Over SMS, Soft Token, QR Code Authentication, Push
7
- * Notification, Google Authenticator and Authy Authenticator.
8
- *
9
- */
10
-
11
- class Miniorange_forgot_phone_login{
12
-
13
- function miniorange_init_forgot_phone(){
14
-
15
- $two_factor_login = new Miniorange_Password_2Factor_Login();
16
- $two_factor_login->miniorange_pass2login_start_session();
17
-
18
- $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
19
-
20
- $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
21
- $mo2fa_login_message = '';
22
-
23
- $customer = new Customer_Setup();
24
- $current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );
25
- $id = $current_user->ID;
26
- if(get_user_meta($id,'mo2f_kba_registration_status',true)){
27
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
28
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
29
- $pass2fa_login->mo2f_pass2login_kba_verification($id, $redirect_to);
30
- }else{
31
- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
32
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
33
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
34
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
35
- $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
36
- $_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
37
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
38
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
39
- }else{
40
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
41
- }
42
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
43
- }
44
-
45
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
46
- }
47
- }
48
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-kba-validate.php DELETED
@@ -1,60 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - during validation of KBA Answers.
6
- * For authentication methods: KBA ( Knowledge Based Answers ), Email Verification(Didn't
7
- * receive email).
8
- *
9
- */
10
-
11
- class Miniorange_validate_KBA_login{
12
-
13
- function miniorange_init_kba_validate(){
14
-
15
- $two_factor_login = new Miniorange_Password_2Factor_Login();
16
- $two_factor_login->miniorange_pass2login_start_session();
17
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ): null;
18
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
19
-
20
- if(isset($_SESSION[ 'mo2f_current_user' ])){
21
- if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) || MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
22
- $mo2fa_login_message = 'Please provide both the answers.';
23
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
24
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
25
- }
26
-
27
- $otpToken = array();
28
- $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
29
- $otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
30
- $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
31
- $otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
32
- $check_trust_device = isset($_POST[ 'mo2f_trust_device' ] ) ? $_POST[ 'mo2f_trust_device' ] : 'false';
33
-
34
- $kba_validate = new Customer_Setup();
35
- $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $_SESSION[ 'mo2f-login-transactionId' ], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
36
-
37
- if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
38
- if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'on'){
39
- try{
40
- mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
41
- }catch(Exception $e){
42
- echo $e->getMessage();
43
- }
44
- $two_factor_login->mo2fa_pass2login($redirect_to);
45
- }else{
46
- $two_factor_login->mo2fa_pass2login($redirect_to);
47
- }
48
- }else{
49
- $mo2fa_login_message = 'The answers you have provided are incorrect.';
50
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
51
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
52
- }
53
- }else{
54
- $two_factor_login->remove_current_activity();
55
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
56
- }
57
- }
58
- }
59
-
60
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-otp-validate.php DELETED
@@ -1,66 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - when the user has to validate the One Time Passcode entered.
6
- * For authentication methods: OTP Over SMS, Soft Token, Google Authenticator and Authy Authenticator.
7
- *
8
- */
9
-
10
- class Miniorange_validate_OTP_login{
11
-
12
- function miniorange_init_otp_validate(){
13
-
14
- $two_factor_login = new Miniorange_Password_2Factor_Login();
15
- $two_factor_login->miniorange_pass2login_start_session();
16
-
17
- $mo2fa_login_status = isset($_POST['request_origin_method']) ? $_POST['request_origin_method'] : null;
18
- $redirect_to = isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null;
19
- $softtoken = '';
20
- if( MO2f_utility::mo2f_check_empty_or_null( $_POST[ 'mo2fa_softtoken' ] ) ) {
21
- $mo2fa_login_message = 'Please enter OTP to proceed.';
22
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to);
23
- } else{
24
- $softtoken = sanitize_text_field( $_POST[ 'mo2fa_softtoken' ] );
25
- if(!MO2f_utility::mo2f_check_number_length($softtoken)){
26
- $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
27
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to);
28
- }
29
- }
30
-
31
- $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
32
- if(isset($_SESSION[ 'mo2f_current_user' ])){
33
- $customer = new Customer_Setup();
34
- $content ='';
35
- if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
36
- $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
37
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
38
- $content = json_decode($customer->validate_otp_token( 'SMS', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
39
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
40
- $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $_SESSION[ 'mo2f-login-transactionId' ], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
41
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
42
- $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
43
- }else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
44
- $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
45
- }else{
46
- $two_factor_login->remove_current_activity();
47
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.'));
48
- }
49
- }
50
-
51
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
52
- if(get_option('mo2f_deviceid_enabled')){
53
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
54
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
55
- }else{
56
- $two_factor_login->mo2fa_pass2login($redirect_to);
57
- }
58
- }else{
59
-
60
- $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
61
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $message, $redirect_to);
62
- }
63
-
64
- }
65
- }
66
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-phone-offline.php DELETED
@@ -1,25 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - when the user clicks on 'Phone is Offline'.
6
- * For authentication methods: QR Code Authentication and Push Notification.
7
- *
8
- */
9
-
10
- class Miniorange_phone_offline_login{
11
-
12
- function miniorange_init_phone_offline(){
13
-
14
- $two_factor_login = new Miniorange_Password_2Factor_Login();
15
- $two_factor_login->miniorange_pass2login_start_session();
16
-
17
- unset($_SESSION[ 'mo2f-login-qrCode' ]);
18
- unset($_SESSION[ 'mo2f-login-transactionId' ]);
19
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
20
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
21
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
22
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
23
- }
24
- }
25
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-qrcode-email-validate.php DELETED
@@ -1,43 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - when the user scans the QR Code or accepts an email
6
- * verification link.
7
- * For authentication methods: Email Verification and QR Code Authentication.
8
- *
9
- */
10
-
11
- class Miniorange_validate_QRcode_Email_login{
12
-
13
- function miniorange_init_qrcode_email_validate(){
14
-
15
- $two_factor_login = new Miniorange_Password_2Factor_Login();
16
- $two_factor_login->miniorange_pass2login_start_session();
17
-
18
- $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
19
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
20
- $checkMobileStatus = new Two_Factor_Setup();
21
- $content = $checkMobileStatus->check_mobile_status($_SESSION[ 'mo2f-login-transactionId' ]);
22
-
23
- $response = json_decode($content, true);
24
- if(json_last_error() == JSON_ERROR_NONE) {
25
- if($response['status'] == 'SUCCESS'){
26
- if(get_option('mo2f_deviceid_enabled')){
27
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
28
- $two_factor_login->miniorange_pass2login_form_fields($mo2fa_login_status, null, $redirect_to);
29
- }else{
30
- $two_factor_login->mo2fa_pass2login($redirect_to);
31
- }
32
- }else{
33
- $two_factor_login->remove_current_activity();
34
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
35
- }
36
- }else{
37
- $two_factor_login->remove_current_activity();
38
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
39
- }
40
-
41
- }
42
- }
43
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-trust-device-cancel.php DELETED
@@ -1,21 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - When the user chooses not to remember the device.
6
- *
7
- */
8
-
9
- class Miniorange_trust_device_cancel{
10
-
11
- function miniorange_init_trust_device_cancel(){
12
-
13
- $two_factor_login = new Miniorange_Password_2Factor_Login();
14
- $two_factor_login->miniorange_pass2login_start_session();
15
-
16
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
17
- $two_factor_login->mo2fa_pass2login($redirect_to);
18
-
19
- }
20
- }
21
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
handlers/class-mo2f-trust-device-confirm.php DELETED
@@ -1,27 +0,0 @@
1
- <?php
2
-
3
- /*
4
- *
5
- * This class is called during login - When the user chooses to remember the device.
6
- *
7
- */
8
-
9
- class Miniorange_trust_device_confirm{
10
-
11
- function miniorange_init_trust_device_confirm(){
12
-
13
- $two_factor_login = new Miniorange_Password_2Factor_Login();
14
- $two_factor_login->miniorange_pass2login_start_session();
15
-
16
- try{
17
- $currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );
18
- mo2f_register_profile(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[ 'mo2f_rba_status' ]);
19
- }catch(Exception $e){
20
- echo $e->getMessage();
21
- }
22
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
23
- $two_factor_login->mo2fa_pass2login($redirect_to);
24
-
25
- }
26
- }
27
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
miniorange_2_factor_common_login.php CHANGED
@@ -187,10 +187,10 @@
187
  <?php
188
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
189
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
190
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__) . '" />';
191
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.3', __FILE__) . '" />';
192
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__) . '" />';
193
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.3', __FILE__) . '" />';
194
  ?>
195
  </head>
196
  <body>
@@ -232,7 +232,7 @@
232
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
233
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
234
  </form>
235
- <form name="f" id="mo2f_challenge_forgotphone_form" method="post" action="admin_post_nopriv_mo_prefix_initialization" style="display:none;">
236
  <input type="hidden" name="mo2f_selected_2factor_method" />
237
  <input type="hidden" name="miniorange_challenge_forgotphone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-challenge-forgotphone-nonce'); ?>" />
238
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
@@ -259,10 +259,10 @@
259
  <?php
260
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
261
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
262
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__) . '" />';
263
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.3', __FILE__) . '" />';
264
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__) . '" />';
265
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.3', __FILE__) . '" />';
266
  ?>
267
  </head>
268
  <body>
@@ -280,7 +280,7 @@
280
  <div id="otpMessage">
281
  <p style="font-size:13px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : 'Please answer the following questions:'; ?></p>
282
  </div>
283
- <form name="f" id="mo2f_submitkba_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>">
284
  <div id="mo2f_kba_content">
285
  <p style="font-size:15px;">
286
  <?php if(isset($_SESSION['mo_2_factor_kba_questions'])){
@@ -305,8 +305,8 @@
305
  }
306
  ?>
307
  <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate" class="miniorange_kba_validate" style="float:left;" value="Validate" />
 
308
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
309
- <input type="hidden" name="action" value="mo_prefix_init_kba_validate">
310
  </form>
311
  <br>
312
  </div>
@@ -338,10 +338,10 @@
338
  <?php
339
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
340
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
341
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__) . '" />';
342
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.3', __FILE__) . '" />';
343
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__) . '" />';
344
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.3', __FILE__) . '" />';
345
  ?>
346
  </head>
347
  <body>
@@ -455,22 +455,22 @@
455
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
457
  </form>
458
- <form name="f" id="mo2f_mobile_validation_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
459
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
460
- <input type="hidden" name="action" value="mo_prefix_init_qrcode_email_validate">
461
  </form>
462
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
463
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
464
- <input type="hidden" name="action" value="mo_prefix_init_phone_offline_login">
465
  </form>
466
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
467
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
468
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
469
- <input type="hidden" name="action" value="mo_prefix_init_forgot_phone">
470
  </form>
471
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
472
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
473
- <input type="hidden" name="action" value="mo_prefix_init_alternate_login_kba">
474
  </form>
475
  </body>
476
  <script>
@@ -540,10 +540,10 @@
540
  <?php
541
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
542
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
543
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__) . '" />';
544
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.3', __FILE__) . '" />';
545
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__) . '" />';
546
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.3', __FILE__) . '" />';
547
  ?>
548
  </head>
549
  <body>
@@ -627,18 +627,18 @@
627
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
628
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
629
  </form>
630
- <form name="f" id="mo2f_mobile_validation_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
631
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
632
- <input type="hidden" name="action" value="mo_prefix_init_qrcode_email_validate">
633
  </form>
634
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
635
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
636
- <input type="hidden" name="action" value="mo_prefix_init_phone_offline_login">
637
  </form>
638
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
639
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
640
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
641
- <input type="hidden" name="action" value="mo_prefix_init_forgot_phone">
642
  </form>
643
  </body>
644
  <script>
@@ -708,10 +708,10 @@
708
  <?php
709
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
710
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
711
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__) . '" />';
712
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.3', __FILE__) . '" />';
713
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__) . '" />';
714
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.3', __FILE__) . '" />';
715
  ?>
716
  </head>
717
  <body>
@@ -733,16 +733,15 @@
733
  <br />
734
  <div id="showOTP">
735
  <div class="mo2f-login-container">
736
- <form name="f" id="mo2f_submitotp_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>">
737
  <center>
738
  <input type="text" name="mo2fa_softtoken" style="height:28px !important;" placeholder="Enter the code" id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true" pattern="[0-9]{4,8}" title="Only digits within range 4-8 are allowed."/>
739
  </center>
740
-
741
  <br />
742
  <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit" class="miniorange_otp_token_submit" value="Validate" />
743
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
744
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
745
- <input type="hidden" name="action" value="mo_prefix_init_otp_validate">
746
  </form><br/>
747
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
748
  <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone ?</a>
@@ -849,10 +848,10 @@
849
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
850
  </form>
851
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
852
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
853
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
 
854
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
855
- <input type="hidden" name="action" value="mo_prefix_init_forgot_phone">
856
  </form>
857
  <?php } ?>
858
  </body>
@@ -889,10 +888,10 @@
889
  <?php
890
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
891
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
892
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__) . '" />';
893
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.3', __FILE__) . '" />';
894
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__) . '" />';
895
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.3', __FILE__) . '" />';
896
  ?>
897
  </head>
898
  <body>
@@ -928,13 +927,13 @@
928
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
929
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
930
  </form>
931
- <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
932
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
933
- <input type="hidden" name="action" value="mo_prefix_init_trust_device_confirm">
934
  </form>
935
- <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" style="display:none;">
 
936
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
937
- <input type="hidden" name="action" value="mo_prefix_init_trust_device_cancel">
938
  </form>
939
  <script>
940
  function mologinback(){
@@ -954,4 +953,4 @@
954
  </body>
955
  </html>
956
  <?php }
957
- ?>
187
  <?php
188
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
189
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
190
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__) . '" />';
191
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.5', __FILE__) . '" />';
192
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__) . '" />';
193
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.5', __FILE__) . '" />';
194
  ?>
195
  </head>
196
  <body>
232
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
233
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
234
  </form>
235
+ <form name="f" id="mo2f_challenge_forgotphone_form" method="post" style="display:none;">
236
  <input type="hidden" name="mo2f_selected_2factor_method" />
237
  <input type="hidden" name="miniorange_challenge_forgotphone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-challenge-forgotphone-nonce'); ?>" />
238
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
259
  <?php
260
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
261
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
262
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__) . '" />';
263
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.5', __FILE__) . '" />';
264
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__) . '" />';
265
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.5', __FILE__) . '" />';
266
  ?>
267
  </head>
268
  <body>
280
  <div id="otpMessage">
281
  <p style="font-size:13px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : 'Please answer the following questions:'; ?></p>
282
  </div>
283
+ <form name="f" id="mo2f_submitkba_loginform" method="post" >
284
  <div id="mo2f_kba_content">
285
  <p style="font-size:15px;">
286
  <?php if(isset($_SESSION['mo_2_factor_kba_questions'])){
305
  }
306
  ?>
307
  <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate" class="miniorange_kba_validate" style="float:left;" value="Validate" />
308
+ <input type="hidden" name="miniorange_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-kba-nonce'); ?>" />
309
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
310
  </form>
311
  <br>
312
  </div>
338
  <?php
339
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
340
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
341
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__) . '" />';
342
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.5', __FILE__) . '" />';
343
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__) . '" />';
344
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.5', __FILE__) . '" />';
345
  ?>
346
  </head>
347
  <body>
455
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
457
  </form>
458
+ <form name="f" id="mo2f_mobile_validation_form" method="post" style="display:none;">
459
+ <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
460
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
461
  </form>
462
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" style="display:none;">
463
+ <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
464
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
465
  </form>
466
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" style="display:none;">
467
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
468
+ <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
469
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
470
  </form>
471
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" style="display:none;">
472
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-alternate-login-kba-nonce'); ?>" />
473
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
474
  </form>
475
  </body>
476
  <script>
540
  <?php
541
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
542
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
543
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__) . '" />';
544
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.5', __FILE__) . '" />';
545
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__) . '" />';
546
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.5', __FILE__) . '" />';
547
  ?>
548
  </head>
549
  <body>
627
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
628
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
629
  </form>
630
+ <form name="f" id="mo2f_mobile_validation_form" method="post" style="display:none;">
631
+ <input type="hidden" name="miniorange_mobile_validation_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-nonce'); ?>" />
632
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
633
  </form>
634
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" style="display:none;">
635
+ <input type="hidden" name="miniorange_softtoken" value="<?php echo wp_create_nonce('miniorange-2-factor-softtoken'); ?>" />
636
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
637
  </form>
638
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" style="display:none;">
639
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
640
+ <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
641
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
642
  </form>
643
  </body>
644
  <script>
708
  <?php
709
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
710
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
711
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__) . '" />';
712
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.5', __FILE__) . '" />';
713
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__) . '" />';
714
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.5', __FILE__) . '" />';
715
  ?>
716
  </head>
717
  <body>
733
  <br />
734
  <div id="showOTP">
735
  <div class="mo2f-login-container">
736
+ <form name="f" id="mo2f_submitotp_loginform" method="post" >
737
  <center>
738
  <input type="text" name="mo2fa_softtoken" style="height:28px !important;" placeholder="Enter the code" id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true" pattern="[0-9]{4,8}" title="Only digits within range 4-8 are allowed."/>
739
  </center>
 
740
  <br />
741
  <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit" class="miniorange_otp_token_submit" value="Validate" />
742
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
743
+ <input type="hidden" name="miniorange_soft_token_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-soft-token-nonce'); ?>" />
744
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
745
  </form><br/>
746
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
747
  <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();" id="miniorange_login_forgotphone" class="mo2f-link" >Forgot Phone ?</a>
848
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
849
  </form>
850
  <?php if(get_option('mo2f_enable_forgotphone') && isset($login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){ ?>
851
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" style="display:none;">
852
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>" />
853
+ <input type="hidden" name="miniorange_forgotphone" value="<?php echo wp_create_nonce('miniorange-2-factor-forgotphone'); ?>" />
854
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
855
  </form>
856
  <?php } ?>
857
  </body>
888
  <?php
889
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
890
  echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', __FILE__) . '" ></script>';
891
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__) . '" />';
892
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css?version=4.5.5', __FILE__) . '" />';
893
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__) . '" />';
894
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css?version=4.5.5', __FILE__) . '" />';
895
  ?>
896
  </head>
897
  <body>
927
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
928
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
929
  </form>
930
+ <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" style="display:none;">
931
+ <input type="hidden" name="mo2f_trust_device_confirm_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-confirm-nonce'); ?>" />
932
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
933
  </form>
934
+ <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" style="display:none;">
935
+ <input type="hidden" name="mo2f_trust_device_cancel_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-trust-device-cancel-nonce'); ?>" />
936
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 
937
  </form>
938
  <script>
939
  function mologinback(){
953
  </body>
954
  </html>
955
  <?php }
956
+ ?>
miniorange_2_factor_settings.php CHANGED
@@ -3,34 +3,23 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
- * Version: 4.5.4
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
10
  */
11
-
12
- define('MOAUTH_PATH', plugins_url(__FILE__));
13
- define('MO2FA_DIR_PATH', plugin_dir_path(__FILE__));
14
-
15
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
16
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
17
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_troubleshooting.php';
18
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
19
  include_once dirname( __FILE__ ) . '/class-two-factor-setup.php';
20
  include_once dirname( __FILE__ ) . '/class-customer-setup.php';
21
-
22
  require('class-utility.php');
23
  require('class-miniorange-2-factor-login.php');
24
  require('miniorange_2_factor_support.php');
25
- require('handlers/class-mo2f-pass2fa-login-helpers.php');
26
- require('handlers/class-mo2f-kba-validate.php');
27
- require('handlers/class-mo2f-otp-validate.php');
28
- require('handlers/class-mo2f-qrcode-email-validate.php');
29
- require('handlers/class-mo2f-forgot-phone.php');
30
- require('handlers/class-mo2f-phone-offline.php');
31
- require('handlers/class-mo2f-alternate-login-kba.php');
32
- require('handlers/class-mo2f-trust-device-confirm.php');
33
- require('handlers/class-mo2f-trust-device-cancel.php');
34
 
35
  class Miniorange_Authentication {
36
 
@@ -38,25 +27,8 @@ class Miniorange_Authentication {
38
  private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
39
 
40
  function __construct() {
41
-
42
  $mo2f_auth_types = array('OUT OF BAND EMAIL','SMS','PHONE VERIFICATION','SOFT TOKEN','MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','GOOGLE AUTHENTICATOR','SMS AND EMAIL', 'AUTHY 2-FACTOR AUTHENTICATION','KBA');
43
-
44
- add_action( 'admin_post_nopriv_mo_prefix_init_kba_validate', array( new Miniorange_validate_KBA_login(), 'miniorange_init_kba_validate'));
45
-
46
- add_action( 'admin_post_nopriv_mo_prefix_init_otp_validate', array( new Miniorange_validate_OTP_login(), 'miniorange_init_otp_validate'));
47
-
48
- add_action( 'admin_post_nopriv_mo_prefix_init_qrcode_email_validate', array( new Miniorange_validate_QRcode_Email_login(), 'miniorange_init_qrcode_email_validate'));
49
-
50
- add_action( 'admin_post_nopriv_mo_prefix_init_forgot_phone', array( new Miniorange_forgot_phone_login(), 'miniorange_init_forgot_phone'));
51
-
52
- add_action( 'admin_post_nopriv_mo_prefix_init_phone_offline_login', array( new Miniorange_phone_offline_login(), 'miniorange_init_phone_offline'));
53
-
54
- add_action( 'admin_post_nopriv_mo_prefix_init_alternate_login_kba', array( new Miniorange_alternate_login_kba(), 'miniorange_init_alternate_login_kba'));
55
-
56
- add_action( 'admin_post_nopriv_mo_prefix_init_trust_device_confirm', array( new Miniorange_trust_device_confirm(), 'miniorange_init_trust_device_confirm'));
57
-
58
- add_action( 'admin_post_nopriv_mo_prefix_init_trust_device_cancel', array( new Miniorange_trust_device_cancel(), 'miniorange_init_trust_device_cancel'));
59
-
60
  add_option( 'mo2f_auth_methods_for_users' ,$mo2f_auth_types);
61
  add_option( 'mo2f_inline_registration',0);
62
  add_option( 'mo2f_enable_mobile_support', 1);
@@ -82,7 +54,6 @@ class Miniorange_Authentication {
82
  add_action( 'admin_enqueue_scripts', array( $this, 'plugin_settings_script' ) );
83
  remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
84
  remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
85
- add_action('wp_logout', array( $this, 'mo_2_factor_endsession'));
86
  add_action('admin_notices', array($this,'get_customer_SMS_transactions'));
87
 
88
 
@@ -184,13 +155,6 @@ class Miniorange_Authentication {
184
  echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>miniOrange 2-Factor Plugin:</b> You have <b style="color:red">'.$content.' SMS transactions</b> remaining. <input type="submit" name="submit" value="Check Transactions" class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">Dismiss this notice.</span></button></div>';
185
  }
186
 
187
- function mo_2_factor_endsession() {
188
- update_option('mo2f-login-message','You are now logged out');
189
- session_start();
190
- $_SESSION = array();
191
- session_destroy();
192
- }
193
-
194
  function mo_auth_deactivate() {
195
  delete_option('mo2f_email');
196
  delete_option('mo2f_host_name');
@@ -305,15 +269,15 @@ class Miniorange_Authentication {
305
  }
306
 
307
  function mo_2_factor_enable_frontend_style() {
308
- wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url('includes/css/front_end_login.css?version=4.5.3', __FILE__));
309
- wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__));
310
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css?version=4.5.3', __FILE__));
311
  }
312
 
313
  function plugin_settings_style() {
314
- wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.5.3', __FILE__));
315
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css?version=4.5.3', __FILE__));
316
- wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.5.3', __FILE__));
317
  }
318
 
319
  function plugin_settings_script($mo2fa_hook_page) {
@@ -1948,5 +1912,4 @@ class Miniorange_Authentication {
1948
 
1949
 
1950
  new Miniorange_Authentication;
1951
-
1952
  ?>
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
+ * Version: 4.5.5
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
10
  */
 
 
 
 
11
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
12
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
13
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_troubleshooting.php';
14
  include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
15
  include_once dirname( __FILE__ ) . '/class-two-factor-setup.php';
16
  include_once dirname( __FILE__ ) . '/class-customer-setup.php';
 
17
  require('class-utility.php');
18
  require('class-miniorange-2-factor-login.php');
19
  require('miniorange_2_factor_support.php');
20
+ require('class-miniorange-2-factor-user-registration.php');
21
+ require('class-miniorange-2-factor-pass2fa-login.php');
22
+ define('MOAUTH_PATH', plugins_url(__FILE__));
 
 
 
 
 
 
23
 
24
  class Miniorange_Authentication {
25
 
27
  private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
28
 
29
  function __construct() {
30
+
31
  $mo2f_auth_types = array('OUT OF BAND EMAIL','SMS','PHONE VERIFICATION','SOFT TOKEN','MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','GOOGLE AUTHENTICATOR','SMS AND EMAIL', 'AUTHY 2-FACTOR AUTHENTICATION','KBA');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
32
  add_option( 'mo2f_auth_methods_for_users' ,$mo2f_auth_types);
33
  add_option( 'mo2f_inline_registration',0);
34
  add_option( 'mo2f_enable_mobile_support', 1);
54
  add_action( 'admin_enqueue_scripts', array( $this, 'plugin_settings_script' ) );
55
  remove_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
56
  remove_action( 'admin_notices', array( $this, 'mo_auth_error_message') );
 
57
  add_action('admin_notices', array($this,'get_customer_SMS_transactions'));
58
 
59
 
155
  echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>miniOrange 2-Factor Plugin:</b> You have <b style="color:red">'.$content.' SMS transactions</b> remaining. <input type="submit" name="submit" value="Check Transactions" class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">Dismiss this notice.</span></button></div>';
156
  }
157
 
 
 
 
 
 
 
 
158
  function mo_auth_deactivate() {
159
  delete_option('mo2f_email');
160
  delete_option('mo2f_host_name');
269
  }
270
 
271
  function mo_2_factor_enable_frontend_style() {
272
+ wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url('includes/css/front_end_login.css?version=4.5.5', __FILE__));
273
+ wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__));
274
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css?version=4.5.5', __FILE__));
275
  }
276
 
277
  function plugin_settings_style() {
278
+ wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url('includes/css/style_settings.css?version=4.5.5', __FILE__));
279
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url('includes/css/phone.css?version=4.5.5', __FILE__));
280
+ wp_enqueue_style( 'bootstrap_style', plugins_url('includes/css/bootstrap.min.css?version=4.5.5', __FILE__));
281
  }
282
 
283
  function plugin_settings_script($mo2fa_hook_page) {
1912
 
1913
 
1914
  new Miniorange_Authentication;
 
1915
  ?>
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://miniorange.com/
4
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
5
  Requires at least: 3.0.1
6
  Tested up to: 4.8.2
7
- Stable tag: 4.5.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -241,6 +241,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
241
 
242
  == Changelog ==
243
 
 
 
 
244
  = 4.5.4 =
245
  * Google Authenticator (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.
246
 
@@ -466,6 +469,9 @@ More descriptive setup messages and UI changes.
466
 
467
  == Upgrade Notice ==
468
 
 
 
 
469
  = 4.5.4 =
470
  * Google Authenticator (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.
471
 
4
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
5
  Requires at least: 3.0.1
6
  Tested up to: 4.8.2
7
+ Stable tag: 4.5.5
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
241
 
242
  == Changelog ==
243
 
244
+ = 4.5.5 =
245
+ * Google Authenticator (2FA) : 404 bug fixes.
246
+
247
  = 4.5.4 =
248
  * Google Authenticator (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.
249
 
469
 
470
  == Upgrade Notice ==
471
 
472
+ = 4.5.5 =
473
+ * Google Authenticator (2FA) : 404 bug fixes.
474
+
475
  = 4.5.4 =
476
  * Google Authenticator (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.
477