Google Authenticator – WordPress Two Factor Authentication (2FA) -

Version Description

Google Authenticator (2FA) : Bug fixes for customers who were getting redirected to the login page after the two factor authentication.

Release Info

Developer	cyberlord92
Plugin	Google Authenticator – WordPress Two Factor Authentication (2FA)
Version	4.5.9
Comparing to
See all releases

Code changes from version 4.5.8 to 4.5.9

Files changed (10) hide show

class-miniorange-2-factor-login.php +33 -14
class-miniorange-2-factor-pass2fa-login.php +175 -65
class-miniorange-2-factor-user-registration.php +5 -9
class-utility.php +151 -0
miniorange_2_factor_common_login.php +9 -13
miniorange_2_factor_configuration.php +7 -19
miniorange_2_factor_mobile_configuration.php +7 -7
miniorange_2_factor_settings.php +109 -130
readme.txt +9 -3
uninstall.php +1 -10

class-miniorange-2-factor-login.php CHANGED Viewed

	@@ -34,17 +34,17 @@ class Miniorange_Mobile_Login{
34	}
35
36	function remove_current_activity(){
37	- ~~unset($_SESSION[ 'mo2f_current_user' ]);~~
38	- ~~unset(~~$~~_SESSION[~~ 'mo_2factor_login_status' ~~]);~~
39	- ~~unset($_SESSION[~~ 'mo2f-login-~~qrCode~~' ~~]);~~
40	- ~~unset($_SESSION[~~ '~~mo2f-login-transactionId~~' ]);
41	- ~~unset($_SESSION[ 'mo2f-login-message' ]);~~
42	- ~~unset(~~$~~_SESSION[~~ '~~mo_2_factor_kba_questions~~' ~~]);~~
43	- ~~unset($_SESSION[~~ '~~mo2f_1stfactor_status~~' ~~]);~~
44	- ~~unset($_SESSION[~~ '~~mo2f_rba_status~~' ]);
45	- ~~unset($_SESSION[ 'mo2f_show_qr_code']);~~
46	- ~~unset~~($~~_SESSION['mo2f_google_auth']~~);
47	- ~~unset~~($~~_SESSION['mo2f_authy_keys']~~);
48	}
49
50
	@@ -66,12 +66,16 @@ class Miniorange_Mobile_Login{
66	if(get_user_meta($currentuser->ID,'mo_2factor_mobile_registration_status',true) == 'MO_2_FACTOR_SUCCESS'){ // for existing users
67
68	$_SESSION['mo2f-login-message'] = '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.';



69	$this->mo_auth_show_error_message();
70	$this->mo2f_redirectto_wp_login();
71	$error = new WP_Error();
72	return $error;
73	} else if(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
74	$_SESSION['mo2f-login-message'] = '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.';

75	$this->mo_auth_show_error_message();
76	$this->mo2f_redirectto_wp_login();
77	$error = new WP_Error();
	@@ -106,8 +110,16 @@ class Miniorange_Mobile_Login{
106	add_action('login_dequeue_scripts', array( $this, 'mo_2_factor_show_login'));
107	if(get_option('mo2f_show_loginwith_phone')){
108	$_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';




109	}else{
110	$_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM';




111	}
112	}
113
	@@ -140,13 +152,18 @@ class Miniorange_Mobile_Login{
140	}
141
142	function mo_auth_success_message() {
143	- ~~$message~~ = ~~$_SESSION['mo2f-login-message'];~~


144	return "<div> <p class='message'>" . $message . "</p></div>";
145	}
146
147	function mo_auth_error_message() {
148	$id = "login_error1";
149	- ~~$message = $_SESSION['mo2f-login-message'];~~



150	return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
151	}
152
	@@ -171,7 +188,9 @@ class Miniorange_Mobile_Login{
171	function miniorange_login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null) {
172	if(get_option('mo2f_show_loginwith_phone')){ //login with phone overwrite default login form
173
174	- ~~$login_status_phone_enable~~ = ~~isset($_SESSION[~~ ~~'mo_2factor_login_status'~~ ]) ? ~~$_SESSION[~~ ~~'mo_2factor_login_status'~~ ] : ~~'';~~


175	if($login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset($_POST['miniorange_login_nonce']) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' )){
176	$this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
177	$this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();


34	}
35
36	function remove_current_activity(){
37	+
38	+ $session_variables = array('mo2f_current_user_id', 'mo2f_1stfactor_status', 'mo_2factor_login_status', 'mo2f-login-qrCode',
39	+ 'mo2f-login-transactionId', 'mo2f-login-message', 'mo2f_rba_status', 'mo_2_factor_kba_questions',
40	+ 'mo2f_show_qr_code', 'mo2f_google_auth', 'mo2f_authy_keys');
41	+
42	+ $cookie_variables = array('mo2f_current_user_id', 'mo2f_1stfactor_status', 'mo_2factor_login_status', 'mo2f-login-qrCode',
43	+ 'mo2f-login-transactionId', 'mo2f-login-message', 'mo2f_rba_status_status', 'mo2f_rba_status_sessionUuid',
44	+ 'mo2f_rba_status_decision_flag', 'kba_question1', 'kba_question2', 'mo2f_show_qr_code', 'mo2f_google_auth', 'mo2f_authy_keys');
45	+
46	+ MO2f_Utility::unset_session_variables( $session_variables );
47	+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
48	}
49
50

66	if(get_user_meta($currentuser->ID,'mo_2factor_mobile_registration_status',true) == 'MO_2_FACTOR_SUCCESS'){ // for existing users
67
68	$_SESSION['mo2f-login-message'] = '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.';
69	+
70	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.');
71	+
72	$this->mo_auth_show_error_message();
73	$this->mo2f_redirectto_wp_login();
74	$error = new WP_Error();
75	return $error;
76	} else if(get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true) && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
77	$_SESSION['mo2f-login-message'] = '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.';
78	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.');
79	$this->mo_auth_show_error_message();
80	$this->mo2f_redirectto_wp_login();
81	$error = new WP_Error();

110	add_action('login_dequeue_scripts', array( $this, 'mo_2_factor_show_login'));
111	if(get_option('mo2f_show_loginwith_phone')){
112	$_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
113	+
114	+ //if the php session folder has insufficient permissions, cookies to be used
115	+ MO2f_Utility::mo2f_set_cookie_values("mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED');
116	+
117	}else{
118	$_SESSION[ 'mo_2factor_login_status' ] = 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM';
119	+
120	+ //if the php session folder has insufficient permissions, cookies to be used
121	+ MO2f_Utility::mo2f_set_cookie_values("mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM');
122	+
123	}
124	}
125

152	}
153
154	function mo_auth_success_message() {
155	+ //if the php session folder has insufficient permissions, cookies to be used
156	+ $message = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-message');
157	+
158	return "<div> <p class='message'>" . $message . "</p></div>";
159	}
160
161	function mo_auth_error_message() {
162	$id = "login_error1";
163	+
164	+ //if the php session folder has insufficient permissions, cookies to be used
165	+ $message = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-message');
166	+
167	return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
168	}
169

188	function miniorange_login_form_fields($mo2fa_login_status=null, $mo2fa_login_message=null) {
189	if(get_option('mo2f_show_loginwith_phone')){ //login with phone overwrite default login form
190
191	+ //if the php session folder has insufficient permissions, cookies to be used
192	+ $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo_2factor_login_status');
193	+
194	if($login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset($_POST['miniorange_login_nonce']) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' )){
195	$this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
196	$this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();

class-miniorange-2-factor-pass2fa-login.php CHANGED Viewed

	@@ -29,24 +29,29 @@ include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
29	class Miniorange_Password_2Factor_Login{
30
31	function remove_current_activity(){
32	- ~~unset($_SESSION[ 'mo2f_current_user' ]);~~
33	- ~~unset(~~$~~_SESSION[~~ 'mo2f_1stfactor_status' ~~]);~~
34	- ~~unset($_SESSION[~~ '~~mo_2factor_login_status~~' ~~]);~~
35	- ~~unset($_SESSION[~~ '~~mo2f-login-qrCode~~' ]);
36	- ~~unset($_SESSION[ 'mo2f-login-transactionId' ]);~~
37	- ~~unset(~~$~~_SESSION[~~ 'mo2f-login-~~message~~' ~~]);~~
38	- ~~unset($_SESSION[~~ '~~mo2f_rba_status~~' ~~]);~~
39	- ~~unset($_SESSION[~~ '~~mo_2_factor_kba_questions~~' ]);
40	- ~~unset($_SESSION[ 'mo2f_show_qr_code']);~~
41	- ~~unset~~($~~_SESSION['mo2f_google_auth']~~);
42	- ~~unset~~($~~_SESSION['mo2f_authy_keys']~~);
43
44	}
45
46	function mo2fa_pass2login($redirect_to=null){
47	- ~~if(isset($_SESSION[ 'mo2f_current_user' ]) && isset($_SESSION[ 'mo2f_1stfactor_status' ]) && $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS'){~~
48	- $~~currentuser~~ = ~~unserialize~~( ~~$_SESSION[~~ '~~mo2f_current_user~~' ] );
49	- $~~user_id~~ = ~~$currentuser->ID~~;





50	wp_set_current_user($user_id, $currentuser->user_login);
51	$this->remove_current_activity();
52	wp_set_auth_cookie( $user_id, true );
	@@ -83,6 +88,10 @@ class Miniorange_Password_2Factor_Login{
83	$username = '';
84	if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
85	$_SESSION['mo2f-login-message'] = 'Please enter username to proceed';




86	$mobile_login->mo_auth_show_error_message();
87	return;
88	} else{
	@@ -94,11 +103,15 @@ class Miniorange_Password_2Factor_Login{
94	if ( username_exists( $username ) ){ /if username exists in wp site /
95	$user = new WP_User( $username );
96
97	- $_SESSION[ '~~mo2f_current_user~~' ] = ~~serialize(~~$user);
98	$redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
99
100	$_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
101




102	$current_roles = miniorange_get_user_role($user);
103	$enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
104
	@@ -123,23 +136,33 @@ class Miniorange_Password_2Factor_Login{
123	}else{
124	$this->remove_current_activity();
125	$_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';




126	$mobile_login->mo_auth_show_success_message();
127	}
128	}
129	}else{
130
131	$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';


132	$mobile_login->mo_auth_show_success_message();
133	$mobile_login->mo2f_redirectto_wp_login();
134	}
135	}else{
136	$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';


137	$mobile_login->mo_auth_show_success_message();
138	$mobile_login->mo2f_redirectto_wp_login();
139	}
140	} else{
141	$mobile_login->remove_current_activity();
142	$_SESSION['mo2f-login-message'] = 'Invalid Username.';


143	$mobile_login->mo_auth_show_error_message();
144	}
145	}
	@@ -157,8 +180,12 @@ class Miniorange_Password_2Factor_Login{
157	} else {
158	$this->miniorange_pass2login_start_session();
159	try{
160	- ~~$currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );~~
161	- ~~mo2f_register_profile(get_user_meta(~~$~~currentuser->ID,'mo_2factor_map_id_with_email',true),'true',$_SESSION[~~ '~~mo2f_rba_status~~' ]);




162	}catch(Exception $e){
163	echo $e->getMessage();
164	}
	@@ -194,18 +221,22 @@ class Miniorange_Password_2Factor_Login{
194
195	$second_factor = isset($_POST[ 'mo2f_selected_2factor_method' ]) ? $_POST[ 'mo2f_selected_2factor_method' ] : 'KBA';
196	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
197	- ~~$current_user = unserialize($_SESSION[ 'mo2f_current_user' ]);~~
198	- $id = ~~$current_user->ID~~;

199	if($forgot_phone_enable && $forgot_phone_email_enable && $second_factor == 'OTP OVER EMAIL'){
200	$customer = new Customer_Setup();
201	- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
202
203	$mo2fa_login_message = '';
204	$mo2f_login_status = '' ;
205
206	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
207	$_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
208	- ~~$mo2fa_login_message~~ ~~= 'A~~ ~~one~~ ~~time~~ ~~passcode~~ has ~~been~~ ~~sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id~~,~~'mo_2factor_map_id_with_email',true)~~ ) ~~. '</b>. Please enter the OTP~~ to ~~verify~~ ~~your identity.';~~



209	$mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ;
210	}else{
211	$mo2fa_login_message = 'Error occured while sending OTP over your regsitered email. Please try again.';
	@@ -213,8 +244,8 @@ class Miniorange_Password_2Factor_Login{
213	}
214	$this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
215	}else if($forgot_phone_enable && $forgot_phone_kba_enable){
216	- if(get_user_meta($id,'mo2f_kba_registration_status',true)){
217	- $this->mo2f_pass2login_kba_verification($~~current_user->ID~~, $redirect_to);
218	}else{
219	$mo2fa_login_message = 'Your KBA is not configured. Please choose other option to procedd further.';
220	$mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;
	@@ -232,9 +263,11 @@ class Miniorange_Password_2Factor_Login{
232	return $error;
233	}else {
234	$this->miniorange_pass2login_start_session();
235	- ~~$currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;~~


236	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
237	- $this->mo2f_pass2login_kba_verification($~~currentuser->ID~~, $redirect_to);
238	}
239	}
240
	@@ -247,29 +280,39 @@ class Miniorange_Password_2Factor_Login{
247	} else {
248
249	$this->miniorange_pass2login_start_session();
250	- ~~$currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ): null;~~


251	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
252
253	- if(isset($~~_SESSION[ 'mo2f_current_user' ]~~)){
254	if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) \|\| MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
255	$mo2fa_login_message = 'Please provide both the answers.';
256	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
257	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
258	}
259	$otpToken = array();
260	- $~~otpToken[0]~~ = ~~$_SESSION[~~'mo_2_factor_kba_questions'~~][0]~~;


261	$otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
262	- $otpToken[2] = $~~_SESSION~~[~~'mo_2_factor_kba_questions'][~~1];
263	$otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );

264	$check_trust_device = isset($_POST[ 'mo2f_trust_device' ] ) ? $_POST[ 'mo2f_trust_device' ] : 'false';
265





266	$kba_validate = new Customer_Setup();
267	- $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $~~_SESSION[ 'mo2f-login-transactionId' ]~~, $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
268
269	if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
270	if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'on'){
271	try{
272	- mo2f_register_profile(get_user_meta($~~currentuser->ID~~,'mo_2factor_map_id_with_email',true),'true',$~~_SESSION[ '~~mo2f_rba_status~~' ]~~);
273	}catch(Exception $e){
274	echo $e->getMessage();
275	}
	@@ -298,10 +341,13 @@ class Miniorange_Password_2Factor_Login{
298	return $error;
299	} else {
300	$this->miniorange_pass2login_start_session();
301	- ~~$currentuser = unserialize( $_SESSION[ 'mo2f_current_user' ] );~~



302	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
303	$checkMobileStatus = new Two_Factor_Setup();
304	- $content = $checkMobileStatus->check_mobile_status($~~_SESSION[ 'mo2f-login-transactionId' ]~~);
305	$response = json_decode($content, true);
306	if(json_last_error() == JSON_ERROR_NONE) {
307	if($response['status'] == 'SUCCESS'){
	@@ -348,20 +394,31 @@ class Miniorange_Password_2Factor_Login{
348	$this->miniorange_pass2login_start_session();
349
350	$customer = new Customer_Setup();
351	- ~~$current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );~~
352	- $id = ~~$current_user->ID~~;
353	- ~~if(get_user_meta($id,'mo2f_kba_registration_status',true)){~~

354	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
355	$pass2fa_login = new Miniorange_Password_2Factor_Login();
356	- $pass2fa_login->mo2f_pass2login_kba_verification($id, $redirect_to);
357	}else{
358	- $content = json_decode($customer->send_otp_token(get_user_meta($id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
359	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
360	- ~~unset($_SESSION[ 'mo2f-login-qrCode' ]);~~
361	- ~~unset($_SESSION[ 'mo2f-login-transactionId' ]);~~
362	- $~~_SESSION[~~'mo2f-login-~~message~~'] = '~~A one time passcode has been sent to <b>~~' ~~. MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true~~) ~~) . '</b>. Please enter the OTP to verify your identity.'~~;





363	$_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
364	- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';





365	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
366	}else{
367	$mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
	@@ -382,8 +439,12 @@ class Miniorange_Password_2Factor_Login{
382	return $error;
383	} else{
384	$this->miniorange_pass2login_start_session();
385	- ~~unset($_SESSION[ 'mo2f-login-qrCode' ]);~~
386	- ~~unset(~~$~~_SESSION[~~ 'mo2f-login-transactionId' ]);




387	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
388	$mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
389	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
	@@ -412,20 +473,27 @@ class Miniorange_Password_2Factor_Login{
412	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
413	}
414	}
415	- ~~$currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;~~
416	- ~~if(isset(~~$~~_SESSION[~~ '~~mo2f_current_user~~' ])){



417	$customer = new Customer_Setup();
418	$content ='';




419	if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
420	- $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $~~_SESSION[ 'mo2f-login-transactionId' ]~~, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
421	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
422	- $content = json_decode($customer->validate_otp_token( 'SMS', null, $~~_SESSION[ 'mo2f-login-transactionId' ]~~, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
423	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
424	- $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $~~_SESSION[ 'mo2f-login-transactionId' ]~~, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
425	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
426	- $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($~~currentuser->ID~~,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
427	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
428	- $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($~~currentuser->ID~~,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
429	}else{
430	$this->remove_current_activity();
431	return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.'));
	@@ -461,8 +529,10 @@ class Miniorange_Password_2Factor_Login{
461	return $error;
462	} else {
463	$this->miniorange_pass2login_start_session();
464	- ~~$current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );~~
465	- ~~delete_user_meta~~(~~$current_user->ID,~~'~~mo2f_selected_2factor_method~~');


466	$this->mo2fa_pass2login();
467	}
468	}
	@@ -475,10 +545,14 @@ class Miniorange_Password_2Factor_Login{
475	return $error;
476	} else {
477	$this->miniorange_pass2login_start_session();
478	- ~~$current_user = unserialize( $_SESSION[ 'mo2f_current_user' ] );~~




479	$attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
480	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
481	- $this->miniorange_initiate_2nd_factor($~~current_user~~, $attributes, $redirect_to);
482	}
483	}
484	}
	@@ -488,7 +562,11 @@ class Miniorange_Password_2Factor_Login{
488	function mo2f_collect_device_attributes_for_authenticated_user($currentuser, $redirect_to = null){
489	if(get_option('mo2f_deviceid_enabled')){
490	$this->miniorange_pass2login_start_session();
491	- $_SESSION[ '~~mo2f_current_user~~' ] = ~~serialize(~~ $currentuser );




492	mo2f_collect_device_attributes_handler($redirect_to);
493	exit;
494	}else {
	@@ -556,9 +634,13 @@ class Miniorange_Password_2Factor_Login{
556
557
558	$this->miniorange_pass2login_start_session();
559	- $_SESSION[ '~~mo2f_current_user~~' ] = ~~serialize(~~ $currentuser );
560	$_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
561




562	$current_roles = miniorange_get_user_role($currentuser);
563	$enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
564
	@@ -568,6 +650,10 @@ class Miniorange_Password_2Factor_Login{
568	try{
569	$mo2f_rba_status = mo2f_collect_attributes($email,stripslashes($attributes)); // Rba flow
570	$_SESSION[ 'mo2f_rba_status' ] = $mo2f_rba_status;




571	}catch(Exception $e){
572	echo $e->getMessage();
573	}
	@@ -616,8 +702,9 @@ class Miniorange_Password_2Factor_Login{
616
617	$login_status = $mo2fa_login_status;
618	$login_message = $mo2fa_login_message;
619	- ~~$current_user = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;~~
620	- $~~current_user_id~~ = ~~is_null~~(~~$current_user~~) ~~? null : $current_user->ID~~;

621	if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
622	mo2f_getqrcode($login_status, $login_message, $redirect_to);
623	exit;
	@@ -628,7 +715,7 @@ class Miniorange_Password_2Factor_Login{
628	mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to);
629	exit;
630	}else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
631	- mo2f_getpush_oobemail_response($~~current_user_id~~, $login_status, $login_message, $redirect_to);
632	exit;
633	}else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
634	mo2f_getkba_form($login_status, $login_message, $redirect_to);
	@@ -722,8 +809,11 @@ class Miniorange_Password_2Factor_Login{
722	if($response['status'] == 'SUCCESS'){
723	$message = $mo2f_second_factor == 'SMS' ? 'The OTP has been sent to '. MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . '. Please enter the OTP you received to Validate.' : 'You will receive phone call on ' . MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . ' with OTP. Please enter the OTP to Validate.';
724	update_option( 'mo2f_number_of_transactions', get_option('mo2f_number_of_transactions')-1);
725	- $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
726




727	$mo2fa_login_message = $message;
728	$mo2fa_login_status = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
729	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
	@@ -731,6 +821,8 @@ class Miniorange_Password_2Factor_Login{
731	$message = $mo2f_second_factor == 'SMS' ? $response['message'] . ' You can click on <b>Forgot your phone</b> link to login via alternate method.' : 'We are unable to send the OTP via phone call on your registered phone. You can click on <b>Forgot your phone</b> link to receive OTP to your registered email.';
732
733	$_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];


734
735	$mo2fa_login_message = $message;
736	$mo2fa_login_status = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
	@@ -753,11 +845,16 @@ class Miniorange_Password_2Factor_Login{
753	if($response['status'] == 'SUCCESS'){
754	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
755



756	$mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true)) . '. We are waiting for your approval.';
757	$mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
758	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
759	}else if($response['status'] == 'ERROR' \|\| $response['status'] == 'FAILED' ){
760	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];


761
762	$mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
763	$mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
	@@ -778,11 +875,18 @@ class Miniorange_Password_2Factor_Login{
778	if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
779	if($response['status'] == 'SUCCESS'){
780	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];


781	$questions = array();
782	$questions[0] = $response['questions'][0]['question'];
783	$questions[1] = $response['questions'][1]['question'];
784	$_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
785





786	$mo2fa_login_message = 'Please answer the following questions:';
787	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
788	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
	@@ -803,8 +907,10 @@ class Miniorange_Password_2Factor_Login{
803	function mo2f_pass2login_mobile_verification($user, $redirect_to){
804	$useragent = $_SERVER['HTTP_USER_AGENT'];
805	if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
806	- ~~unset(~~$~~_SESSION[~~ 'mo2f-login-qrCode' ]);
807	- ~~unset($_SESSION[ 'mo2f-login-transactionId' ]);~~


808
809	$mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
810	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
	@@ -818,6 +924,10 @@ class Miniorange_Password_2Factor_Login{
818	$_SESSION[ 'mo2f-login-qrCode' ] = $response['qrCode'];
819	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
820




821	$mo2fa_login_message = '';
822	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
823	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
	@@ -839,8 +949,7 @@ class Miniorange_Password_2Factor_Login{
839
840	function mo_2_factor_pass2login_show_wp_login_form(){
841	?>
842	- <p><input type="hidden" name="miniorange_login_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-nonce'); ?>" />
843	- </p>
844
845	<?php
846	if(get_option('mo2f_deviceid_enabled')){
	@@ -858,5 +967,6 @@ class Miniorange_Password_2Factor_Login{
858	wp_enqueue_script( 'miniorange_script', plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ));
859	}
860	}

861	}
862	?>


29	class Miniorange_Password_2Factor_Login{
30
31	function remove_current_activity(){
32	+
33	+ $session_variables = array('mo2f_current_user_id', 'mo2f_1stfactor_status', 'mo_2factor_login_status', 'mo2f-login-qrCode',
34	+ 'mo2f-login-transactionId', 'mo2f-login-message', 'mo2f_rba_status', 'mo_2_factor_kba_questions',
35	+ 'mo2f_show_qr_code', 'mo2f_google_auth', 'mo2f_authy_keys');
36	+
37	+ $cookie_variables = array('mo2f_current_user_id', 'mo2f_1stfactor_status', 'mo_2factor_login_status', 'mo2f-login-qrCode',
38	+ 'mo2f-login-transactionId', 'mo2f-login-message', 'mo2f_rba_status_status', 'mo2f_rba_status_sessionUuid',
39	+ 'mo2f_rba_status_decision_flag', 'kba_question1', 'kba_question2', 'mo2f_show_qr_code', 'mo2f_google_auth', 'mo2f_authy_keys');
40	+
41	+ MO2f_Utility::unset_session_variables( $session_variables );
42	+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
43
44	}
45
46	function mo2fa_pass2login($redirect_to=null){
47	+
48	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
49	+ $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_1stfactor_status');
50	+
51	+ if( $user_id && $mo2f_1stfactor_status && ($mo2f_1stfactor_status == 'VALIDATE_SUCCESS')){
52	+
53	+ $currentuser = get_user_by( 'id', $user_id );
54	+
55	wp_set_current_user($user_id, $currentuser->user_login);
56	$this->remove_current_activity();
57	wp_set_auth_cookie( $user_id, true );

88	$username = '';
89	if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
90	$_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
91	+
92	+ //if the php session folder has insufficient permissions, cookies to be used
93	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-message", 'Please enter username to proceed');
94	+
95	$mobile_login->mo_auth_show_error_message();
96	return;
97	} else{

103	if ( username_exists( $username ) ){ /if username exists in wp site /
104	$user = new WP_User( $username );
105
106	+ $_SESSION[ 'mo2f_current_user_id' ] = $user->ID;
107	$redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
108
109	$_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
110
111	+ //if the php session folder has insufficient permissions, cookies to be used
112	+ MO2f_Utility::mo2f_set_cookie_values("mo2f_current_user_id", $user->ID);
113	+ MO2f_Utility::mo2f_set_cookie_values("mo2f_1stfactor_status", 'VALIDATE_SUCCESS');
114	+
115	$current_roles = miniorange_get_user_role($user);
116	$enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
117

136	}else{
137	$this->remove_current_activity();
138	$_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
139	+
140	+ //if the php session folder has insufficient permissions, cookies to be used
141	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-message", 'Please try again or contact your admin.');
142	+
143	$mobile_login->mo_auth_show_success_message();
144	}
145	}
146	}else{
147
148	$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
149	+ //if the php session folder has insufficient permissions, cookies to be used
150	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-message", 'Please login into your account using password.');
151	$mobile_login->mo_auth_show_success_message();
152	$mobile_login->mo2f_redirectto_wp_login();
153	}
154	}else{
155	$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
156	+ //if the php session folder has insufficient permissions, cookies to be used
157	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-message", 'Please login into your account using password.');
158	$mobile_login->mo_auth_show_success_message();
159	$mobile_login->mo2f_redirectto_wp_login();
160	}
161	} else{
162	$mobile_login->remove_current_activity();
163	$_SESSION['mo2f-login-message'] = 'Invalid Username.';
164	+ //if the php session folder has insufficient permissions, cookies to be used
165	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-message", 'Invalid Username.');
166	$mobile_login->mo_auth_show_error_message();
167	}
168	}

180	} else {
181	$this->miniorange_pass2login_start_session();
182	try{
183	+
184	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
185	+
186	+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_rba_status');
187	+
188	+ mo2f_register_profile(get_user_meta($user_id,'mo_2factor_map_id_with_email',true),'true', $mo2f_rba_status);
189	}catch(Exception $e){
190	echo $e->getMessage();
191	}

221
222	$second_factor = isset($_POST[ 'mo2f_selected_2factor_method' ]) ? $_POST[ 'mo2f_selected_2factor_method' ] : 'KBA';
223	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
224	+
225	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
226	+
227	if($forgot_phone_enable && $forgot_phone_email_enable && $second_factor == 'OTP OVER EMAIL'){
228	$customer = new Customer_Setup();
229	+ $content = json_decode($customer->send_otp_token(get_user_meta($user_id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
230
231	$mo2fa_login_message = '';
232	$mo2f_login_status = '' ;
233
234	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
235	$_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
236	+ //if the php session folder has insufficient permissions, cookies to be used
237	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-transactionId", $content['txId']);
238	+
239	+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user_id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
240	$mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ;
241	}else{
242	$mo2fa_login_message = 'Error occured while sending OTP over your regsitered email. Please try again.';

244	}
245	$this->miniorange_pass2login_form_fields($mo2f_login_status, $mo2fa_login_message, $redirect_to);
246	}else if($forgot_phone_enable && $forgot_phone_kba_enable){
247	+ if(get_user_meta($user_id,'mo2f_kba_registration_status',true)){
248	+ $this->mo2f_pass2login_kba_verification($user_id, $redirect_to);
249	}else{
250	$mo2fa_login_message = 'Your KBA is not configured. Please choose other option to procedd further.';
251	$mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ;

263	return $error;
264	}else {
265	$this->miniorange_pass2login_start_session();
266	+
267	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
268	+
269	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
270	+ $this->mo2f_pass2login_kba_verification($user_id, $redirect_to);
271	}
272	}
273

280	} else {
281
282	$this->miniorange_pass2login_start_session();
283	+
284	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
285	+
286	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
287
288	+ if(isset($user_id)){
289	if(MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_1' ]) \|\| MO2f_Utility::mo2f_check_empty_or_null($_POST[ 'mo2f_answer_2' ])){
290	$mo2fa_login_message = 'Please provide both the answers.';
291	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
292	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
293	}
294	$otpToken = array();
295	+ $kba_questions = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo_2_factor_kba_questions');
296	+
297	+ $otpToken[0] = $kba_questions[0];
298	$otpToken[1] = sanitize_text_field( $_POST[ 'mo2f_answer_1' ] );
299	+ $otpToken[2] = $kba_questions[1];
300	$otpToken[3] = sanitize_text_field( $_POST[ 'mo2f_answer_2' ] );
301	+
302	$check_trust_device = isset($_POST[ 'mo2f_trust_device' ] ) ? $_POST[ 'mo2f_trust_device' ] : 'false';
303
304	+ //if the php session folder has insufficient permissions, cookies to be used
305	+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-transactionId');
306	+
307	+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_rba_status');
308	+
309	$kba_validate = new Customer_Setup();
310	+ $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
311
312	if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
313	if(get_option('mo2f_deviceid_enabled') && $check_trust_device == 'on'){
314	try{
315	+ mo2f_register_profile(get_user_meta($user_id,'mo_2factor_map_id_with_email',true),'true',$mo2f_rba_status);
316	}catch(Exception $e){
317	echo $e->getMessage();
318	}

341	return $error;
342	} else {
343	$this->miniorange_pass2login_start_session();
344	+
345	+ //if the php session folder has insufficient permissions, cookies to be used
346	+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-transactionId');
347	+
348	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
349	$checkMobileStatus = new Two_Factor_Setup();
350	+ $content = $checkMobileStatus->check_mobile_status($mo2f_login_transaction_id);
351	$response = json_decode($content, true);
352	if(json_last_error() == JSON_ERROR_NONE) {
353	if($response['status'] == 'SUCCESS'){

394	$this->miniorange_pass2login_start_session();
395
396	$customer = new Customer_Setup();
397	+
398	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
399	+
400	+ if(get_user_meta($user_id,'mo2f_kba_registration_status',true)){
401	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
402	$pass2fa_login = new Miniorange_Password_2Factor_Login();
403	+ $pass2fa_login->mo2f_pass2login_kba_verification($user_id, $redirect_to);
404	}else{
405	+ $content = json_decode($customer->send_otp_token(get_user_meta($user_id,'mo_2factor_map_id_with_email',true),'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
406	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
407	+
408	+
409	+ $session_cookie_variables = array('mo2f-login-qrCode', 'mo2f-login-transactionId');
410	+
411	+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
412	+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
413	+
414	+ $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user_id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
415	$_SESSION[ 'mo2f-login-transactionId' ] = $content['txId'];
416	+
417	+ //if the php session folder has insufficient permissions, cookies to be used
418	+ MO2f_Utility::mo2f_set_cookie_values('mo2f-login-message', 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user_id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.');
419	+ MO2f_Utility::mo2f_set_cookie_values('mo2f-login-transactionId', $content['txId']);
420	+
421	+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user_id,'mo_2factor_map_id_with_email',true) ) . '</b>. Please enter the OTP to verify your identity.';
422	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
423	}else{
424	$mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';

439	return $error;
440	} else{
441	$this->miniorange_pass2login_start_session();
442	+
443	+ $session_cookie_variables = array('mo2f-login-qrCode', 'mo2f-login-transactionId');
444	+
445	+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
446	+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
447	+
448	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
449	$mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
450	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';

473	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
474	}
475	}
476	+
477	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
478	+
479	+ if(isset($user_id)){
480	+
481	$customer = new Customer_Setup();
482	$content ='';
483	+
484	+ //if the php session folder has insufficient permissions, cookies to be used
485	+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-transactionId');
486	+
487	if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'){
488	+ $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
489	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS'){
490	+ $content = json_decode($customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
491	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION'){
492	+ $content = json_decode($customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
493	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'){
494	+ $content = json_decode($customer->validate_otp_token( 'SOFT TOKEN', get_user_meta($user_id,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
495	}else if(isset($mo2fa_login_status) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION'){
496	+ $content = json_decode($customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', get_user_meta($user_id,'mo_2factor_map_id_with_email',true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')),true);
497	}else{
498	$this->remove_current_activity();
499	return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.'));

529	return $error;
530	} else {
531	$this->miniorange_pass2login_start_session();
532	+
533	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
534	+
535	+ delete_user_meta($user_id,'mo2f_selected_2factor_method');
536	$this->mo2fa_pass2login();
537	}
538	}

545	return $error;
546	} else {
547	$this->miniorange_pass2login_start_session();
548	+
549	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
550	+ $currentuser = get_user_by( 'id', $user_id );
551	+
552	+
553	$attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
554	$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
555	+ $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
556	}
557	}
558	}

562	function mo2f_collect_device_attributes_for_authenticated_user($currentuser, $redirect_to = null){
563	if(get_option('mo2f_deviceid_enabled')){
564	$this->miniorange_pass2login_start_session();
565	+ $_SESSION[ 'mo2f_current_user_id' ] = $currentuser->ID;
566	+
567	+ //if the php session folder has insufficient permissions, cookies to be used
568	+ MO2f_Utility::mo2f_set_cookie_values("mo2f_current_user_id", $currentuser->ID);
569	+
570	mo2f_collect_device_attributes_handler($redirect_to);
571	exit;
572	}else {

634
635
636	$this->miniorange_pass2login_start_session();
637	+ $_SESSION[ 'mo2f_current_user_id' ] = $currentuser->ID;
638	$_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
639
640	+ //if the php session folder has insufficient permissions, cookies to be used
641	+ MO2f_Utility::mo2f_set_cookie_values('mo2f_current_user_id', $currentuser->ID);
642	+ MO2f_Utility::mo2f_set_cookie_values('mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
643	+
644	$current_roles = miniorange_get_user_role($currentuser);
645	$enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
646

650	try{
651	$mo2f_rba_status = mo2f_collect_attributes($email,stripslashes($attributes)); // Rba flow
652	$_SESSION[ 'mo2f_rba_status' ] = $mo2f_rba_status;
653	+ MO2f_Utility::mo2f_set_cookie_values('mo2f_rba_status_status' , $mo2f_rba_status["status"]);
654	+ MO2f_Utility::mo2f_set_cookie_values('mo2f_rba_status_sessionUuid' , $mo2f_rba_status["sessionUuid"]);
655	+ MO2f_Utility::mo2f_set_cookie_values('mo2f_rba_status_decision_flag' , $mo2f_rba_status["decision_flag"]);
656	+
657	}catch(Exception $e){
658	echo $e->getMessage();
659	}

702
703	$login_status = $mo2fa_login_status;
704	$login_message = $mo2fa_login_message;
705	+
706	+ $user_id = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f_current_user_id');
707	+
708	if($this->miniorange_pass2login_check_mobile_status($login_status)){ //for mobile
709	mo2f_getqrcode($login_status, $login_message, $redirect_to);
710	exit;

715	mo2f_get_forgotphone_form($login_status, $login_message, $redirect_to);
716	exit;
717	}else if($this->miniorange_pass2login_check_push_oobemail_status($login_status)){ //for push and out of band email.
718	+ mo2f_getpush_oobemail_response($user_id, $login_status, $login_message, $redirect_to);
719	exit;
720	}else if($this->miniorange_pass2login_check_kba_status($login_status)){ // for Kba
721	mo2f_getkba_form($login_status, $login_message, $redirect_to);

809	if($response['status'] == 'SUCCESS'){
810	$message = $mo2f_second_factor == 'SMS' ? 'The OTP has been sent to '. MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . '. Please enter the OTP you received to Validate.' : 'You will receive phone call on ' . MO2f_Utility::get_hidden_phone($response['phoneDelivery']['contact']) . ' with OTP. Please enter the OTP to Validate.';
811	update_option( 'mo2f_number_of_transactions', get_option('mo2f_number_of_transactions')-1);

812
813	+ $_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
814	+ //if the php session folder has insufficient permissions, cookies to be used
815	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-transactionId", $response[ 'txId' ]);
816	+
817	$mo2fa_login_message = $message;
818	$mo2fa_login_status = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';
819	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);

821	$message = $mo2f_second_factor == 'SMS' ? $response['message'] . ' You can click on <b>Forgot your phone</b> link to login via alternate method.' : 'We are unable to send the OTP via phone call on your registered phone. You can click on <b>Forgot your phone</b> link to receive OTP to your registered email.';
822
823	$_SESSION[ 'mo2f-login-transactionId' ] = $response[ 'txId' ];
824	+ //if the php session folder has insufficient permissions, cookies to be used
825	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-transactionId", $response[ 'txId' ]);
826
827	$mo2fa_login_message = $message;
828	$mo2fa_login_status = $mo2f_second_factor == 'SMS' ? 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' : 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION';

845	if($response['status'] == 'SUCCESS'){
846	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
847
848	+ //if the php session folder has insufficient permissions, cookies to be used
849	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-transactionId", $response[ 'txId' ]);
850	+
851	$mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($user->ID,'mo_2factor_map_id_with_email',true)) . '. We are waiting for your approval.';
852	$mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
853	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);
854	}else if($response['status'] == 'ERROR' \|\| $response['status'] == 'FAILED' ){
855	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
856	+ //if the php session folder has insufficient permissions, cookies to be used
857	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-transactionId", $response[ 'txId' ]);
858
859	$mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
860	$mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';

875	if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
876	if($response['status'] == 'SUCCESS'){
877	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
878	+ //if the php session folder has insufficient permissions, cookies to be used
879	+ MO2f_Utility::mo2f_set_cookie_values("mo2f-login-transactionId", $response[ 'txId' ]);
880	$questions = array();
881	$questions[0] = $response['questions'][0]['question'];
882	$questions[1] = $response['questions'][1]['question'];
883	$_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
884
885	+
886	+ //workaround for insufficient permissions
887	+ MO2f_Utility::mo2f_set_cookie_values('kba_question1' , $questions[0]);
888	+ MO2f_Utility::mo2f_set_cookie_values('kba_question2' , $questions[1]);
889	+
890	$mo2fa_login_message = 'Please answer the following questions:';
891	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
892	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);

907	function mo2f_pass2login_mobile_verification($user, $redirect_to){
908	$useragent = $_SERVER['HTTP_USER_AGENT'];
909	if(MO2f_Utility::check_if_request_is_from_mobile_device($useragent)){
910	+ $session_cookie_variables = array('mo2f-login-qrCode', 'mo2f-login-transactionId');
911	+
912	+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
913	+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
914
915	$mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
916	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';

924	$_SESSION[ 'mo2f-login-qrCode' ] = $response['qrCode'];
925	$_SESSION[ 'mo2f-login-transactionId' ] = $response['txId'];
926
927	+ //if the php session folder has insufficient permissions, cookies to be used
928	+ MO2f_Utility::mo2f_set_cookie_values('mo2f-login-qrCode', $response['qrCode']);
929	+ MO2f_Utility::mo2f_set_cookie_values('mo2f-login-transactionId', $response['txId']);
930	+
931	$mo2fa_login_message = '';
932	$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
933	$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to);

949
950	function mo_2_factor_pass2login_show_wp_login_form(){
951	?>
952	+ <p><input type="hidden" name="miniorange_login_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-login-nonce'); ?>" /></p>

953
954	<?php
955	if(get_option('mo2f_deviceid_enabled')){

967	wp_enqueue_script( 'miniorange_script', plugins_url('includes/js/rba/js/miniorange-fp.js', __FILE__ ));
968	}
969	}
970	+
971	}
972	?>

class-miniorange-2-factor-user-registration.php CHANGED Viewed

	@@ -117,7 +117,7 @@ class Miniorange_User_Register{
117	<tr>
118	<td style="width:60%;vertical-align:top;">
119	<?php
120	-
121	if($mo2f_active_tab == 'mobile_configure') {
122
123	$mo2f_second_factor = mo2f_get_activated_second_factor($current_user);
	@@ -131,20 +131,16 @@ class Miniorange_User_Register{
131	</script>
132	<?php
133	}else if($mo2f_active_tab == 'mo2f_demo'){
134	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
135	- unset($_SESSION[ 'mo2f_mobile_support' ]);
136	show_2_factor_login_demo($current_user);
137	}else if($mo2f_active_tab == 'mo2f_help'){
138	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
139	- unset($_SESSION[ 'mo2f_mobile_support' ]);
140	mo2f_show_help_and_troubleshooting($current_user);
141	}else if(get_option('mo2f_deviceid_enabled' ) && $mo2f_active_tab == 'advance_option'){
142	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
143	- unset($_SESSION[ 'mo2f_mobile_support' ]);
144	show_2_factor_advanced_options($current_user); //Login Settings tab
145	}else{
146	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
147	- unset($_SESSION[ 'mo2f_mobile_support' ]);
148	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS' \|\| get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'){
149	mo2f_show_user_otp_validation_page();
150	}else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION') {


117	<tr>
118	<td style="width:60%;vertical-align:top;">
119	<?php
120	+ $session_variables = array('mo2f_google_auth', 'mo2f_mobile_support');
121	if($mo2f_active_tab == 'mobile_configure') {
122
123	$mo2f_second_factor = mo2f_get_activated_second_factor($current_user);

131	</script>
132	<?php
133	}else if($mo2f_active_tab == 'mo2f_demo'){
134	+ MO2f_Utility::unset_session_variables( $session_variables );

135	show_2_factor_login_demo($current_user);
136	}else if($mo2f_active_tab == 'mo2f_help'){
137	+ MO2f_Utility::unset_session_variables( $session_variables );

138	mo2f_show_help_and_troubleshooting($current_user);
139	}else if(get_option('mo2f_deviceid_enabled' ) && $mo2f_active_tab == 'advance_option'){
140	+ MO2f_Utility::unset_session_variables( $session_variables );

141	show_2_factor_advanced_options($current_user); //Login Settings tab
142	}else{
143	+ MO2f_Utility::unset_session_variables( $session_variables );

144	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS' \|\| get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'){
145	mo2f_show_user_otp_validation_page();
146	}else if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION') {

class-utility.php CHANGED Viewed

@@ -88,5 +88,156 @@ class MO2f_Utility{
             			return false;
+            		}
+            	}
+            }
             ?>


88	return false;
89	}
90	}
91	+
92	+ /**
93	+ * The function returns the session variables, and if not, retrieves the cookie values set in case the right permissions are not aassigned for the sessions folder in the server.
94	+ *
95	+ * @param string $variable - the session or cookie variable name
96	+ * @return string
97	+ */
98	+ public static function mo2f_retrieve_session_or_cookie_values($variable){
99	+
100	+ if(isset($_SESSION[$variable]) && !empty($_SESSION[$variable]))
101	+ return $_SESSION[$variable];
102	+ else{
103	+ $key = get_option('mo2f_customer_token');
104	+ $cookie_value = false;
105	+
106	+ if($variable == 'mo2f_rba_status'){
107	+ if(isset($_COOKIE['mo2f_rba_status_status']) && !empty($_COOKIE['mo2f_rba_status_status'])){
108	+ $mo2f_rba_status_status = MO2f_Utility::mo2f_get_cookie_values('mo2f_rba_status_status');
109	+ $mo2f_rba_status_sessionUuid = MO2f_Utility::mo2f_get_cookie_values('mo2f_rba_status_sessionUuid');
110	+ $mo2f_rba_status_decision_flag = MO2f_Utility::mo2f_get_cookie_values('mo2f_rba_status_decision_flag');
111	+
112	+ $cookie_value = array("status" => $mo2f_rba_status_status,
113	+ "sessionUuid" => $mo2f_rba_status_sessionUuid,
114	+ "decision_flag" => $mo2f_rba_status_decision_flag);
115	+ }
116	+
117	+ }else if($variable == 'mo_2_factor_kba_questions'){
118	+
119	+ if(isset($_COOKIE['kba_question1']) && !empty($_COOKIE['kba_question1'])){
120	+ $kba_question1 = MO2f_Utility::mo2f_get_cookie_values('kba_question1');
121	+ $kba_question2 = MO2f_Utility::mo2f_get_cookie_values('kba_question2');
122	+
123	+
124	+ $cookie_value = array($kba_question1, $kba_question2);
125	+ }
126	+
127	+ }else{
128	+ $cookie_value = MO2f_Utility::mo2f_get_cookie_values($variable);
129	+ }
130	+
131	+ return !$cookie_value ? false : $cookie_value ;
132	+
133	+ }
134	+
135	+ }
136	+
137	+ /**
138	+ * @param string $data - the key=value pairs separated with &
139	+ * @return string
140	+ */
141	+ public static function encrypt_data($data, $key) {
142	+ $key = openssl_digest($key, 'sha256');
143	+ $method = 'AES-128-ECB';
144	+ $ivSize = openssl_cipher_iv_length($method);
145	+ $iv = openssl_random_pseudo_bytes($ivSize);
146	+ $strCrypt = openssl_encrypt ($data, $method, $key,OPENSSL_RAW_DATA\|\|OPENSSL_ZERO_PADDING, $iv);
147	+ return base64_encode($iv.$strCrypt);
148	+ }
149	+
150	+
151	+ /**
152	+ * @param string $data - crypt response from Sagepay
153	+ * @return string
154	+ */
155	+ public static function decrypt_data($data, $key) {
156	+ $strIn = base64_decode($data);
157	+ $key = openssl_digest($key, 'sha256');
158	+ $method = 'AES-128-ECB';
159	+ $ivSize = openssl_cipher_iv_length($method);
160	+ $iv = substr($strIn,0,$ivSize);
161	+ $data = substr($strIn,$ivSize);
162	+ $clear = openssl_decrypt ($data, $method, $key, OPENSSL_RAW_DATA\|\|OPENSSL_ZERO_PADDING, $iv);
163	+
164	+ return $clear;
165	+ }
166	+
167	+ /**
168	+ * The function sets the cookie value after encryption and encoding.
169	+ *
170	+ * @param string $cookiename - the cookie name
171	+ * @param string $cookievalue - the cookie value to be set
172	+ * @return string
173	+ */
174	+ public static function mo2f_set_cookie_values($cookiename, $cookievalue){
175	+ $key = get_option('mo2f_customer_token');
176	+
177	+ $current_time = new DateTime('now');
178	+ $current_time = $current_time->format('Y-m-d H:i:sP');
179	+ $cookievalue = $cookievalue . '&' . $current_time;
180	+
181	+ $cookievalue_encrypted = MO2f_Utility::encrypt_data($cookievalue, $key);
182	+ setcookie($cookiename, base64_encode($cookievalue_encrypted));
183	+
184	+ }
185	+
186	+ /**
187	+ * The function gets the cookie value after decoding and decryption.
188	+ *
189	+ * @param string $cookiename - the cookie name
190	+ * @return string
191	+ */
192	+ public static function mo2f_get_cookie_values($cookiename){
193	+ $key = get_option('mo2f_customer_token');
194	+
195	+ $decrypted_data = MO2f_Utility::decrypt_data(base64_decode($_COOKIE[$cookiename]), $key);
196	+ $decrypted_data_array = explode('&', $decrypted_data);
197	+
198	+ $cookie_value = $decrypted_data_array[0];
199	+ $cookie_creation_time = new DateTime($decrypted_data_array[1]);
200	+ $current_time = new DateTime('now');
201	+
202	+ $interval = $cookie_creation_time->diff($current_time);
203	+ $minutes = $interval->format('%i');
204	+
205	+ $is_cookie_valid = $minutes <= 5 ? true : false;
206	+
207	+ return $is_cookie_valid ? $cookie_value : false;
208	+ }
209	+
210	+ /**
211	+ * The function unsets the session variables passed.
212	+ *
213	+ * @param array $variables - the array of session variables to be unset
214	+ * @return NA
215	+ */
216	+ public static function unset_session_variables($variables){
217	+ if(gettype($variables) == "array") {
218	+ foreach ( $variables as $variable ) {
219	+ unset( $_SESSION[ $variable ] );
220	+ }
221	+ }else{
222	+ unset( $_SESSION[ $variables ] );
223	+ }
224	+ }
225	+
226	+ /**
227	+ * The function unsets the cookie variables passed.
228	+ *
229	+ * @param array $variables - the array of cookie variables to be unset
230	+ * @return NA
231	+ */
232	+ public static function unset_cookie_variables($variables){
233	+ if(gettype($variables) == "array") {
234	+ foreach($variables as $variable){
235	+ unset($_COOKIE[$variable]);
236	+ }
237	+ }else{
238	+ unset( $_COOKIE[ $variables ] );
239	+ }
240	+ }
241	+
242	}
243	?>

miniorange_2_factor_common_login.php CHANGED Viewed

	@@ -283,17 +283,12 @@
283	<form name="f" id="mo2f_submitkba_loginform" method="post" >
284	<div id="mo2f_kba_content">
285	<p style="font-size:15px;">
286	- <?php if(~~isset($_SESSION[~~'mo_2_factor_kba_questions'])){
287	- echo $~~_SESSION~~[~~'mo_2_factor_kba_questions'][~~0];
288	- ?><br />
289	<input class="mo2f-textbox" type="text" name="mo2f_answer_1" id="mo2f_answer_1" required="true" autofocus="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off" ><br />
290	- <?php
291	- echo $_SESSION['mo_2_factor_kba_questions'][1];
292	- ?><br />
293	<input class="mo2f-textbox" type="text" name="mo2f_answer_2" id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off">
294	- ~~<?php~~
295	- }
296	- ?>
297	</p>
298	</div>
299	<?php if(get_option('mo2f_login_policy')){
	@@ -478,8 +473,9 @@
478	pollPushValidation();
479	function pollPushValidation()
480	{
481	- var transId = "<?php echo ~~$_SESSION[~~ 'mo2f-login-transactionId' ]; ?>";
482	- ~~var jsonString = "{\"txId\":\""+ transId + "\"}";~~

483	var postUrl = "<?php echo get_option('mo2f_host_name'); ?>" + "/moas/api/auth/auth-status";
484
485	jQuery.ajax({
	@@ -575,7 +571,7 @@
575	</center>
576	</div>
577	<div id="showQrCode" style="margin-bottom:10%;">
578	- <center><?php echo '<img src="data:image/jpg;base64,' . ~~$_SESSION[~~ 'mo2f-login-qrCode' ] . '" />'; ?></center>
579	</div>
580	<span style="padding-right:2%;">
581	<center>
	@@ -646,7 +642,7 @@
646	pollMobileValidation();
647	function pollMobileValidation()
648	{
649	- var transId = "<?php echo ~~$_SESSION[~~ 'mo2f-login-transactionId' ]; ?>";
650	var jsonString = "{\"txId\":\""+ transId + "\"}";
651	var postUrl = "<?php echo get_option('mo2f_host_name'); ?>" + "/moas/api/auth/auth-status";
652	jQuery.ajax({


283	<form name="f" id="mo2f_submitkba_loginform" method="post" >
284	<div id="mo2f_kba_content">
285	<p style="font-size:15px;">
286	+ <?php $kba_questions = MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo_2_factor_kba_questions');
287	+ echo $kba_questions[0];?><br />

288	<input class="mo2f-textbox" type="text" name="mo2f_answer_1" id="mo2f_answer_1" required="true" autofocus="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off" ><br />
289	+ <?php echo $kba_questions[1];?><br />


290	<input class="mo2f-textbox" type="text" name="mo2f_answer_2" id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off">
291	+


292	</p>
293	</div>
294	<?php if(get_option('mo2f_login_policy')){

473	pollPushValidation();
474	function pollPushValidation()
475	{
476	+ var transId = "<?php echo MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-transactionId'); ?>";
477	+
478	+ var jsonString = "{\"txId\":\""+ transId + "\"}";
479	var postUrl = "<?php echo get_option('mo2f_host_name'); ?>" + "/moas/api/auth/auth-status";
480
481	jQuery.ajax({

571	</center>
572	</div>
573	<div id="showQrCode" style="margin-bottom:10%;">
574	+ <center><?php echo '<img src="data:image/jpg;base64,' . MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-qrCode') . '" />'; ?></center>
575	</div>
576	<span style="padding-right:2%;">
577	<center>

642	pollMobileValidation();
643	function pollMobileValidation()
644	{
645	+ var transId = "<?php echo MO2f_Utility::mo2f_retrieve_session_or_cookie_values('mo2f-login-transactionId'); ?>";
646	var jsonString = "{\"txId\":\""+ transId + "\"}";
647	var postUrl = "<?php echo get_option('mo2f_host_name'); ?>" + "/moas/api/auth/auth-status";
648	jQuery.ajax({

miniorange_2_factor_configuration.php CHANGED Viewed

	@@ -43,7 +43,7 @@
43	update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
44	}
45	/* ----------------------------------------- */
46	-
47	if($mo2f_active_tab == 'mobile_configure') {
48
49	$mo2f_second_factor= mo2f_get_activated_second_factor($current_user);
	@@ -58,35 +58,23 @@
58	</script>
59	<?php
60	}else if($mo2f_active_tab == 'mo2f_help'){
61	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
62	- unset($_SESSION[ 'mo2f_authy_keys' ]);
63	- unset($_SESSION[ 'mo2f_mobile_support' ]);
64	mo2f_show_help_and_troubleshooting($current_user); //Help & Troubleshooting tab
65	}else if($mo2f_active_tab == 'mo2f_demo'){
66	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
67	- unset($_SESSION[ 'mo2f_authy_keys' ]);
68	- unset($_SESSION[ 'mo2f_mobile_support' ]);
69	show_2_factor_login_demo($current_user);
70	}else if(current_user_can( 'manage_options' ) && $mo2f_active_tab == 'mo2f_login'){
71	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
72	- unset($_SESSION[ 'mo2f_authy_keys' ]);
73	- unset($_SESSION[ 'mo2f_mobile_support' ]);
74	show_2_factor_login_settings($current_user); //Login Settings tab
75	}else if(current_user_can( 'manage_options' ) && $mo2f_active_tab == 'advance_option'){
76	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
77	- unset($_SESSION[ 'mo2f_authy_keys' ]);
78	- unset($_SESSION[ 'mo2f_mobile_support' ]);
79	show_2_factor_advanced_options($current_user); //Login Settings tab
80	}else if(current_user_can( 'manage_options' ) && $mo2f_active_tab == 'mo2f_pricing'){
81	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
82	- unset($_SESSION[ 'mo2f_authy_keys' ]);
83	- unset($_SESSION[ 'mo2f_mobile_support' ]);
84	show_2_factor_pricing_page($current_user); //Login Settings tab
85	}else{
86
87	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_google_auth' ]~~);
88	- unset($_SESSION[ 'mo2f_mobile_support' ]);
89	- unset($_SESSION[ 'mo2f_authy_keys' ]);
90	if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_miniorange_admin') != $current_user->ID){
91	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS' \|\| get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'){
92	mo2f_show_user_otp_validation_page(); // OTP over email validation page


43	update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
44	}
45	/* ----------------------------------------- */
46	+ $session_variables = array('mo2f_google_auth', 'mo2f_authy_keys', 'mo2f_mobile_support');
47	if($mo2f_active_tab == 'mobile_configure') {
48
49	$mo2f_second_factor= mo2f_get_activated_second_factor($current_user);

58	</script>
59	<?php
60	}else if($mo2f_active_tab == 'mo2f_help'){
61	+ MO2f_Utility::unset_session_variables( $session_variables );


62	mo2f_show_help_and_troubleshooting($current_user); //Help & Troubleshooting tab
63	}else if($mo2f_active_tab == 'mo2f_demo'){
64	+ MO2f_Utility::unset_session_variables( $session_variables );


65	show_2_factor_login_demo($current_user);
66	}else if(current_user_can( 'manage_options' ) && $mo2f_active_tab == 'mo2f_login'){
67	+ MO2f_Utility::unset_session_variables( $session_variables );


68	show_2_factor_login_settings($current_user); //Login Settings tab
69	}else if(current_user_can( 'manage_options' ) && $mo2f_active_tab == 'advance_option'){
70	+ MO2f_Utility::unset_session_variables( $session_variables );


71	show_2_factor_advanced_options($current_user); //Login Settings tab
72	}else if(current_user_can( 'manage_options' ) && $mo2f_active_tab == 'mo2f_pricing'){
73	+ MO2f_Utility::unset_session_variables( $session_variables );


74	show_2_factor_pricing_page($current_user); //Login Settings tab
75	}else{
76
77	+ MO2f_Utility::unset_session_variables( $session_variables );


78	if(get_option( 'mo_2factor_admin_registration_status') == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_miniorange_admin') != $current_user->ID){
79	if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS' \|\| get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'){
80	mo2f_show_user_otp_validation_page(); // OTP over email validation page

miniorange_2_factor_mobile_configuration.php CHANGED Viewed

	@@ -1392,7 +1392,9 @@
1392
1393	<div style="display:inline;">
1394	<input class="mo2f_table_textbox" style="width:200px;" type="text" name="verify_phone" id="phone"
1395	- value="<?php if( isset($_SESSION['mo2f_phone'])){ echo $_SESSION['mo2f_phone'];} ~~else echo get_user_meta~~(~~$current_user->ID,~~'~~mo2f_user_phone~~'~~,true~~)~~; ?>" pattern="[\+]?[0-9]~~{~~1,4}\s?[0-9]{7,12}" title="Enter phone number without any space or dashes" /><br>~~


1396	<input type="submit" name="verify" id="verify" class="button button-primary button-large" value="Verify" />
1397	</div>
1398	</form>
	@@ -1807,19 +1809,17 @@
1807	<input type="hidden" name="option" value="mo2f_validate_kba_details" />
1808
1809	<div id="mo2f_kba_content">
1810	- <?php ~~if(~~isset($_SESSION['mo_2_factor_kba_questions'])){
1811	- echo $~~_SESSION~~[~~'mo_2_factor_kba_questions'][~~0];
1812	?>
1813	<br />
1814	<input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1" id="mo2f_answer_1" required="true" autofocus="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off" ><br /><br />
1815	<?php
1816	- echo $~~_SESSION~~[~~'mo_2_factor_kba_questions'][~~1];
1817	?>
1818	<br />
1819	<input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2" id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off" ><br /><br />
1820	- ~~<?php~~
1821	- }
1822	- ?>
1823	</div>
1824	<input type="button" name="back" id="back_btn" class="button button-primary button-large" value="Back" />
1825	<input type="submit" name="validate" id="validate" class="button button-primary button-large" value="Validate Answers" />


1392
1393	<div style="display:inline;">
1394	<input class="mo2f_table_textbox" style="width:200px;" type="text" name="verify_phone" id="phone"
1395	+ value="<?php if( isset($_SESSION['mo2f_phone'])){ echo $_SESSION['mo2f_phone'];}elseif( get_option('mo2f_phone_temp')){
1396	+ echo get_option('mo2f_phone_temp');
1397	+ }else{ echo get_user_meta($current_user->ID,'mo2f_user_phone',true); }?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" title="Enter phone number without any space or dashes" /><br>
1398	<input type="submit" name="verify" id="verify" class="button button-primary button-large" value="Verify" />
1399	</div>
1400	</form>

1809	<input type="hidden" name="option" value="mo2f_validate_kba_details" />
1810
1811	<div id="mo2f_kba_content">
1812	+ <?php $kba_questions = isset($_SESSION[ 'mo_2_factor_kba_questions' ]) ? $_SESSION[ 'mo_2_factor_kba_questions' ] : get_option('kba_questions');
1813	+ echo $kba_questions[0];
1814	?>
1815	<br />
1816	<input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1" id="mo2f_answer_1" required="true" autofocus="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off" ><br /><br />
1817	<?php
1818	+ echo $kba_questions[1];
1819	?>
1820	<br />
1821	<input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2" id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&+-\s]{1,100}" title="Only alphanumeric letters with special characters(_@.$#&+-) are allowed." autocomplete="off" ><br /><br />
1822	+


1823	</div>
1824	<input type="button" name="back" id="back_btn" class="button button-primary button-large" value="Back" />
1825	<input type="submit" name="validate" id="validate" class="button button-primary button-large" value="Validate Answers" />

miniorange_2_factor_settings.php CHANGED Viewed

	@@ -1,11 +1,11 @@
1	<?php
2	/**
3	* Plugin Name: miniOrange 2 Factor Authentication
4	- * Plugin URI: ~~http~~://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6	- * Version: 4.5.8
7	* Author: miniOrange
8	- * Author URI: ~~http~~://miniorange.com
9	* License: GPL2
10	*/
11	include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
	@@ -40,10 +40,6 @@ class Miniorange_Authentication {
40	add_option( 'mo2f_modal_display', 0);
41	add_option( 'mo2f_enable_forgotphone', 1);
42	add_option( 'mo2f_enable_xmlrpc', 0);
43	- /* App Specific Password
44	- add_option( 'mo_app_password', 0);
45	- add_action( 'init', array( $this, 'miniorange_auth_init' ) );
46	- */
47	add_option( 'mo2f_disable_poweredby',0);
48	add_option( 'mo2f_show_sms_transaction_message', 0);
49	add_option( 'mo2f_custom_plugin_name', 'miniOrange 2-Factor');
	@@ -168,9 +164,7 @@ class Miniorange_Authentication {
168	delete_option('mo2f_number_of_transactions');
169	delete_option('mo2f_set_transactions');
170	delete_option('mo2f_show_sms_transaction_message');
171	- ~~/* App Specific Password~~
172	- delete_option('mo_app_password');
173	- */
174	global $current_user;
175
176	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');
	@@ -186,9 +180,7 @@ class Miniorange_Authentication {
186	delete_user_meta($current_user->ID,'mo2f_kba_registration_status');
187	delete_user_meta($current_user->ID,'mo2f_email_verification_status');
188	delete_user_meta($current_user->ID,'mo2f_authy_authentication_status');
189	- ~~/* App Specific Password~~
190	- delete_user_meta($current_user->ID,'mo2f_app_password');
191	- */
192	}
193
194
	@@ -299,24 +291,6 @@ class Miniorange_Authentication {
299	add_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
300	}
301
302	- /* App Specific Password
303	- // added for App specific password - If post request is sent for creating a new password
304	- function miniorange_auth_init(){
305	- global $current_user;
306	- $current_user = wp_get_current_user();
307	-
308	- if ( defined( 'DOING_AJAX' ) && DOING_AJAX) {
309	- add_action( 'wp_ajax_Authenticator_action', array( $this, 'ajax_callback' ) );
310	- }
311	-
312	- // call to generate password
313	- if(isset($_GET['option']) && $_GET['option'] ="generatepassword"){
314	- ajax_callback();
315	- exit;
316	- }
317	-
318	- }*/
319	-
320	function miniorange_auth_save_settings(){
321
322	global $current_user;
	@@ -608,7 +582,11 @@ class Miniorange_Authentication {
608
609	if(!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID,'mo_2factor_user_email',true))){
610	$customer = new Customer_Setup();
611	- ~~$content = json_decode($customer->validate_otp_token( 'EMAIL', null, $_SESSION[ 'mo2f_transactionId' ], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);~~




612	if($content['status'] == 'ERROR'){
613	update_option( 'mo2f_message', $content['message']);
614	$this->mo_auth_show_error_message();
	@@ -702,17 +680,6 @@ class Miniorange_Authentication {
702	update_option( 'mo2f_enable_mobile_support', isset( $_POST['mo2f_enable_mobile_support']) ? $_POST['mo2f_enable_mobile_support'] : 0);
703	update_option( 'mo2f_enable_xmlrpc', isset( $_POST['mo2f_enable_xmlrpc']) ? $_POST['mo2f_enable_xmlrpc'] : 0);
704
705	- /* App Specific Password
706	- // saving the generated App specific password
707	- $app_password = $_POST['app_password'];
708	-
709	- if (strtoupper($app_password) != '** **' ) {
710	- // Store the password in hashed format
711	- $app_password = sha1(strtoupper(str_replace(' ', '', $app_password )));
712	- update_user_option( $current_user->ID, 'mo2f_app_password', $app_password, true );
713	- update_option('mo_app_password', $app_password);
714	- }*/
715	-
716	global $wp_roles;
717	if (!isset($wp_roles))
718	$wp_roles = new WP_Roles();
	@@ -763,7 +730,8 @@ class Miniorange_Authentication {
763	delete_option('mo2f_customerKey');
764	delete_option('mo2f_app_secret');
765	delete_option('mo2f_admin_company');
766	- ~~unset~~(~~$_SESSION[~~ 'mo2f_transactionId' ]);

767	delete_user_meta($current_user->ID,'mo_2factor_map_id_with_email');
768	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');
769	delete_user_meta($current_user->ID,'mo2f_sms_otp_count');
	@@ -834,9 +802,11 @@ class Miniorange_Authentication {
834	}
835
836	if(isset($_POST['option']) and ($_POST['option'] == "mo_auth_mobile_registration_complete" \|\| $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete')){ //mobile registration successfully complete for all users
837	- ~~unset($_SESSION[ 'mo2f_qrCode' ]);~~
838	- ~~unset~~(~~$_SESSION[~~ 'mo2f_transactionId' ]);
839	- ~~unset(~~$~~_SESSION[~~ 'mo2f_show_qr_code'] );


840	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
841	$enduser = new Two_Factor_Setup();
842	$response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),null,null,null),true);
	@@ -877,15 +847,18 @@ class Miniorange_Authentication {
877	update_option( 'mo2f_message','You have successfully completed the test. <a href='.wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.');
878	}
879	delete_user_meta($current_user->ID,'mo2f_configure_test_option');
880	- ~~unset($_SESSION['mo2f_qrCode']);~~
881	- ~~unset~~(~~$_SESSION[~~'mo2f_transactionId']);
882	- ~~unset~~($~~_SESSION['mo2f_show_qr_code']~~);

883	$this->mo_auth_show_success_message();
884	}
885
886	if(isset($_POST['option']) and $_POST['option'] == 'mo2f_mobile_authenticate_error'){ //mobile registration failed for all users(common)
887	update_option( 'mo2f_message','Authentication failed. Please try again to test the configuration.');
888	- ~~unset($_SESSION['mo2f_show_qr_code']);~~


889	$this->mo_auth_show_error_message();
890	}
891
	@@ -935,13 +908,12 @@ class Miniorange_Authentication {
935	}
936	else if(strcasecmp($check_user['status'], 'USER_FOUND') == 0 \|\| strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
937
938	-
939	-
940	$enduser = new Customer_Setup();
941	$content = json_decode($enduser->send_otp_token($email,'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
942	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
943	update_option( 'mo2f_message', 'An OTP has been sent to <b>' . ( $email ) . '</b>. Please enter the OTP below to verify your email. ');
944	$_SESSION[ 'mo2f_transactionId' ] = $content['txId'];

945	update_user_meta($current_user->ID, 'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
946	$this->mo_auth_show_success_message();
947	}else{
	@@ -960,7 +932,10 @@ class Miniorange_Authentication {
960
961	if(isset($_POST['option']) and $_POST['option'] == 'mo_2factor_backto_user_registration'){ //back to registration page for additional admin and non-admin
962	delete_user_meta($current_user->ID,'mo_2factor_user_email');
963	- ~~unset($_SESSION[ 'mo2f_transactionId' ]);~~



964	delete_user_meta($current_user->ID,'mo_2factor_map_id_with_email');
965	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');
966	}
	@@ -979,15 +954,17 @@ class Miniorange_Authentication {
979	$_SESSION[ 'mo2f_qrCode' ] = $response['qrCode'];
980	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];
981	$_SESSION[ 'mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';

982	update_option( 'mo2f_message','Please scan the QR Code now.');
983	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
984	update_user_meta( $current_user->ID,'mo2f_selected_2factor_method', 'MOBILE AUTHENTICATION');
985	$this->mo_auth_show_success_message();
986	}else{
987	- ~~unset(~~$~~_SESSION[~~ 'mo2f_qrCode' ]);
988	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_transactionId' ]~~);
989	- ~~unset($_SESSION[ 'mo2f_show_qr_code'] );~~
990	- ~~update_option~~( '~~mo2f_message~~'~~,'An error occured while processing your request. Please Try again.'~~);

991	$this->mo_auth_show_error_message();
992	}
993	}
	@@ -1041,6 +1018,8 @@ class Miniorange_Authentication {
1041
1042	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
1043	$phone = get_user_meta($current_user->ID,'mo2f_user_phone',true);


1044	$enduser = new Customer_Setup();
1045	$content = json_decode($enduser->send_otp_token($email,$_POST['mo2f_selected_2factor_method'],get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
1046	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
	@@ -1051,6 +1030,7 @@ class Miniorange_Authentication {
1051	update_option( 'mo2f_message','You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below.');
1052	}
1053	$_SESSION[ 'mo2f_transactionId' ] = $content['txId'];

1054	$this->mo_auth_show_success_message();
1055	}else{
1056	update_option('mo2f_message','There was an error in sending one time passcode. Please click on Resend OTP to try again.');
	@@ -1068,8 +1048,12 @@ class Miniorange_Authentication {
1068	$otp_token = sanitize_text_field( $_POST['otp_token'] );
1069	}
1070	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);




1071	$customer = new Customer_Setup();
1072	- $content = json_decode($customer->validate_otp_token( get_user_meta($current_user->ID, 'mo2f_selected_2factor_method',true), $email~~,$_SESSION[~~ 'mo2f_transactionId~~' ]~~, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
1073	if($content['status'] == 'ERROR'){
1074	update_option( 'mo2f_message', $content['message']);
1075	$this->mo_auth_show_error_message();
	@@ -1102,15 +1086,17 @@ class Miniorange_Authentication {
1102	}else{
1103	if($response['status'] == 'SUCCESS'){
1104	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];

1105	$_SESSION[ 'mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
1106	update_option( 'mo2f_message','A Push notification has been sent to your miniOrange Authenticator App.');
1107	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
1108	update_user_meta( $current_user->ID,'mo2f_selected_2factor_method', 'PUSH NOTIFICATIONS');
1109	$this->mo_auth_show_success_message();
1110	}else{
1111	- ~~unset(~~$~~_SESSION[~~ 'mo2f_qrCode' ]);
1112	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_transactionId' ]~~);
1113	- ~~unset($_SESSION[ 'mo2f_show_qr_code'] );~~

1114	update_option( 'mo2f_message','An error occured while processing your request. Please Try again.');
1115	$this->mo_auth_show_error_message();
1116	}
	@@ -1223,7 +1209,8 @@ class Miniorange_Authentication {
1223	if(json_last_error() == JSON_ERROR_NONE) {
1224	if($google_response['status'] == 'SUCCESS'){
1225	$enduser = new Two_Factor_Setup();
1226	- $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),null,null,null),true);

1227	if(json_last_error() == JSON_ERROR_NONE) {
1228
1229	if($response['status'] == 'SUCCESS'){
	@@ -1365,7 +1352,8 @@ class Miniorange_Authentication {
1365	if(json_last_error() == JSON_ERROR_NONE) {
1366	if($kba_reg_reponse['status'] == 'SUCCESS'){
1367	if(isset($_POST['mobile_kba_option']) && $_POST['mobile_kba_option'] == 'mo2f_request_for_kba_as_emailbackup'){
1368	- ~~unset~~(~~$_SESSION[~~'mo2f_mobile_support']);

1369	delete_user_meta($current_user->ID,'mo2f_configure_test_option');
1370	update_user_meta($current_user->ID,'mo2f_kba_registration_status',true);
1371	delete_user_meta( $current_user->ID,'mo2f_selected_2factor_method');
	@@ -1421,10 +1409,15 @@ class Miniorange_Authentication {
1421	if($response['status'] == 'SUCCESS'){
1422	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
1423	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];

1424	$questions = array();
1425	$questions[0] = $response['questions'][0]['question'];
1426	$questions[1] = $response['questions'][1]['question'];
1427	$_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;




1428	update_user_meta($current_user->ID,'mo2f_selected_2factor_method','KBA');
1429	update_option( 'mo2f_message','Please answer the following security questions.');
1430	$this->mo_auth_show_success_message();
	@@ -1450,14 +1443,20 @@ class Miniorange_Authentication {
1450	$kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
1451	}
1452



1453	$kbaAns = array();
1454	- $kbaAns[0] = $~~_SESSION~~[~~'mo_2_factor_kba_questions'][~~0];
1455	$kbaAns[1] = $kba_ans_1;
1456	- $kbaAns[2] = $~~_SESSION~~[~~'mo_2_factor_kba_questions'][~~1];
1457	$kbaAns[3] = $kba_ans_2;
1458	-



1459	$kba_validate = new Customer_Setup();
1460	- $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $~~_SESSION[ '~~mo2f_transactionId~~' ]~~, $kbaAns, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
1461
1462	if(json_last_error() == JSON_ERROR_NONE) {
1463	if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
	@@ -1483,7 +1482,7 @@ class Miniorange_Authentication {
1483	}
1484	$phone = str_replace(' ', '', $phone);
1485	$_SESSION['mo2f_phone'] = $phone;
1486	-
1487	$customer = new Customer_Setup();
1488
1489	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
	@@ -1500,7 +1499,7 @@ class Miniorange_Authentication {
1500	$this->mo_auth_show_error_message();
1501	}else if($content['status'] == 'SUCCESS'){
1502	$_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
1503	-
1504	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
1505	update_option( 'mo2f_message','The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.');
1506	update_option( 'mo2f_number_of_transactions', get_option('mo2f_number_of_transactions')-1);
	@@ -1529,26 +1528,31 @@ class Miniorange_Authentication {
1529	$otp_token = sanitize_text_field( $_POST['otp_token'] );
1530	}
1531




1532	$customer = new Customer_Setup();
1533	- $content = json_decode($customer->validate_otp_token( get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true), null, $~~_SESSION[ '~~mo2f_transactionId' ], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
1534	if($content['status'] == 'ERROR'){
1535	update_option( 'mo2f_message', $content['message']);
1536
1537	}else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
1538	if(get_user_meta($current_user->ID,'mo2f_user_phone',true) && strlen(get_user_meta($current_user->ID,'mo2f_user_phone',true)) >= 4){
1539	- if($~~_SESSION['~~mo2f_phone'] != get_user_meta($current_user->ID,'mo2f_user_phone',true) ){
1540	update_user_meta($current_user->ID,'mo2f_mobile_registration_status',false);
1541	}
1542	}
1543	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
1544	- $phone = $_SESSION['mo2f_phone'];
1545
1546	$enduser = new Two_Factor_Setup();
1547	- $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),$~~phone~~,null,null),true);

1548	if(json_last_error() == JSON_ERROR_NONE) {
1549
1550	if($response['status'] == 'ERROR'){
1551	- ~~unset~~(~~$_SESSION[~~ 'mo2f_phone']);

1552	update_option( 'mo2f_message', $response['message']);
1553	$this->mo_auth_show_error_message();
1554	}else if($response['status'] == 'SUCCESS'){
	@@ -1557,8 +1561,10 @@ class Miniorange_Authentication {
1557	delete_user_meta($current_user->ID,'mo_2factor_mobile_registration_status');
1558	update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
1559	update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
1560	- update_user_meta($current_user->ID,'mo2f_user_phone',$~~_SESSION[ '~~mo2f_phone']);
1561	- ~~unset($_SESSION[ 'mo2f_phone']);~~


1562	$testmethod = get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true);
1563	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
1564	$authType = "OTP Over SMS";
	@@ -1569,12 +1575,14 @@ class Miniorange_Authentication {
1569	update_option( 'mo2f_message',$message );
1570	$this->mo_auth_show_success_message();
1571	}else{
1572	- ~~unset~~(~~$_SESSION[~~ 'mo2f_phone']);

1573	update_option( 'mo2f_message','An error occured while processing your request. Please Try again.');
1574	$this->mo_auth_show_error_message();
1575	}
1576	}else{
1577	- ~~unset~~(~~$_SESSION[~~ 'mo2f_phone']);

1578	update_option( 'mo2f_message','Invalid request. Please try again');
1579	$this->mo_auth_show_error_message();
1580	}
	@@ -1639,13 +1647,12 @@ class Miniorange_Authentication {
1639	}
1640
1641	if(isset($_POST['option']) && $_POST['option'] == 'mo2f_cancel_configuration'){
1642	- ~~unset($_SESSION[ 'mo2f_qrCode' ]);~~
1643	- ~~unset(~~$~~_SESSION[~~ 'mo2f_transactionId' ~~]);~~
1644	- ~~unset($_SESSION[~~ '~~mo2f_show_qr_code~~']);
1645	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_phone']~~);
1646	- ~~unset($_SESSION[ 'mo2f_google_auth' ]);~~
1647	- ~~unset~~(~~$_SESSION[~~ '~~mo2f_mobile_support~~' ]);
1648	- unset($_SESSION[ 'mo2f_authy_keys' ]);
1649	delete_user_meta($current_user->ID,'mo2f_configure_test_option');
1650	}
1651
	@@ -1670,12 +1677,16 @@ class Miniorange_Authentication {
1670	if($response['status'] == 'SUCCESS'){
1671
1672	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];


1673	update_option( 'mo2f_message','A verification email is sent to<b> '. $email . '</b>. Please click on accept link to verify your email.');
1674	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
1675	update_user_meta( $current_user->ID,'mo2f_selected_2factor_method', 'OUT OF BAND EMAIL');
1676	$this->mo_auth_show_success_message();
1677	}else{
1678	- ~~unset~~(~~$_SESSION[~~ 'mo2f_transactionId' ]);


1679	update_option( 'mo2f_message','An error occured while processing your request. Please Try again.');
1680	$this->mo_auth_show_error_message();
1681	}
	@@ -1827,23 +1838,26 @@ class Miniorange_Authentication {
1827	if(json_last_error() == JSON_ERROR_NONE) {
1828	if($response['status'] == 'ERROR'){
1829	update_option( 'mo2f_message', $response['message']);
1830	- ~~unset($_SESSION[ 'mo2f_qrCode' ]);~~
1831	- ~~unset(~~$~~_SESSION[~~ 'mo2f_transactionId' ]);
1832	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_show_qr_code']~~);


1833	$this->mo_auth_show_error_message();
1834	}else{
1835	if($response['status'] == 'IN_PROGRESS'){
1836	update_option( 'mo2f_message','Please scan the QR Code now.');
1837	$_SESSION[ 'mo2f_qrCode' ] = $response['qrCode'];
1838	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];

1839	$_SESSION[ 'mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
1840	$this->mo_auth_show_success_message();
1841	}else{
1842	- update_option( 'mo2f_message', "An error occured while processing your request. Please Try again.");
1843	- ~~unset(~~$~~_SESSION[~~ 'mo2f_qrCode' ]);
1844	- ~~unset~~($~~_SESSION[~~ ~~'mo2f_transactionId' ]~~);
1845	- ~~unset~~(~~$_SESSION[~~ '~~mo2f_show_qr_code~~']);
1846	- $this->mo_auth_show_error_message();
1847	}
1848	}
1849	}
	@@ -1875,41 +1889,6 @@ class Miniorange_Authentication {
1875	return 1;
1876	}
1877	}
1878	-
1879	- /* App Specific Password
1880	- //AJAX Function to callback
1881	- function ajax_callback(){
1882	-
1883	- global $user_id;
1884	-
1885	- $secret = create_secret();
1886	- $result = array( 'new-secret' => $secret );
1887	-
1888	- header( 'Content-Type: application/json' );
1889	- echo json_encode( $result );
1890	-
1891	- // die() is required to return a proper result
1892	- die();
1893	-
1894	- }
1895	-
1896	- //Create password secret
1897	- function create_secret() {
1898	-
1899	- $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; // allowed characters in Base32
1900	- $charsLength = strlen($chars);
1901	- $secret = '';
1902	-
1903	- for ( $i = 0; $i < 16; $i++ ) {
1904	- $secret .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 );
1905	- }
1906	-
1907	- return $secret;
1908	-
1909	- }*/
1910	-
1911
1912	-
1913	-
1914	new Miniorange_Authentication;
1915	?>


1	<?php
2	/**
3	* Plugin Name: miniOrange 2 Factor Authentication
4	+ * Plugin URI: https://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6	+ * Version: 4.5.9
7	* Author: miniOrange
8	+ * Author URI: https://miniorange.com
9	* License: GPL2
10	*/
11	include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';

40	add_option( 'mo2f_modal_display', 0);
41	add_option( 'mo2f_enable_forgotphone', 1);
42	add_option( 'mo2f_enable_xmlrpc', 0);




43	add_option( 'mo2f_disable_poweredby',0);
44	add_option( 'mo2f_show_sms_transaction_message', 0);
45	add_option( 'mo2f_custom_plugin_name', 'miniOrange 2-Factor');

164	delete_option('mo2f_number_of_transactions');
165	delete_option('mo2f_set_transactions');
166	delete_option('mo2f_show_sms_transaction_message');
167	+


168	global $current_user;
169
170	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');

180	delete_user_meta($current_user->ID,'mo2f_kba_registration_status');
181	delete_user_meta($current_user->ID,'mo2f_email_verification_status');
182	delete_user_meta($current_user->ID,'mo2f_authy_authentication_status');
183	+


184	}
185
186

291	add_action( 'admin_notices', array( $this, 'mo_auth_success_message') );
292	}
293


















294	function miniorange_auth_save_settings(){
295
296	global $current_user;

582
583	if(!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID,'mo_2factor_user_email',true))){
584	$customer = new Customer_Setup();
585	+
586	+ //if the php session folder has insufficient permissions, temporary options to be used
587	+ $mo2f_transactionId = isset($_SESSION['mo2f_transactionId']) && !empty($_SESSION['mo2f_transactionId']) ? $_SESSION['mo2f_transactionId'] : get_option('mo2f_transactionId');
588	+
589	+ $content = json_decode($customer->validate_otp_token( 'EMAIL', null, $mo2f_transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
590	if($content['status'] == 'ERROR'){
591	update_option( 'mo2f_message', $content['message']);
592	$this->mo_auth_show_error_message();

680	update_option( 'mo2f_enable_mobile_support', isset( $_POST['mo2f_enable_mobile_support']) ? $_POST['mo2f_enable_mobile_support'] : 0);
681	update_option( 'mo2f_enable_xmlrpc', isset( $_POST['mo2f_enable_xmlrpc']) ? $_POST['mo2f_enable_xmlrpc'] : 0);
682











683	global $wp_roles;
684	if (!isset($wp_roles))
685	$wp_roles = new WP_Roles();

730	delete_option('mo2f_customerKey');
731	delete_option('mo2f_app_secret');
732	delete_option('mo2f_admin_company');
733	+ MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
734	+ delete_option( 'mo2f_transactionId');
735	delete_user_meta($current_user->ID,'mo_2factor_map_id_with_email');
736	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');
737	delete_user_meta($current_user->ID,'mo2f_sms_otp_count');

802	}
803
804	if(isset($_POST['option']) and ($_POST['option'] == "mo_auth_mobile_registration_complete" \|\| $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete')){ //mobile registration successfully complete for all users
805	+
806	+ delete_option( 'mo2f_transactionId');
807	+ $session_variables = array('mo2f_qrCode','mo2f_transactionId', 'mo2f_show_qr_code');
808	+ MO2f_Utility::unset_session_variables( $session_variables );
809	+
810	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
811	$enduser = new Two_Factor_Setup();
812	$response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),null,null,null),true);

847	update_option( 'mo2f_message','You have successfully completed the test. <a href='.wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.');
848	}
849	delete_user_meta($current_user->ID,'mo2f_configure_test_option');
850	+
851	+ $session_variables = array('mo2f_qrCode','mo2f_transactionId', 'mo2f_show_qr_code');
852	+ MO2f_Utility::unset_session_variables( $session_variables );
853	+
854	$this->mo_auth_show_success_message();
855	}
856
857	if(isset($_POST['option']) and $_POST['option'] == 'mo2f_mobile_authenticate_error'){ //mobile registration failed for all users(common)
858	update_option( 'mo2f_message','Authentication failed. Please try again to test the configuration.');
859	+
860	+ MO2f_Utility::unset_session_variables( 'mo2f_show_qr_code' );
861	+
862	$this->mo_auth_show_error_message();
863	}
864

908	}
909	else if(strcasecmp($check_user['status'], 'USER_FOUND') == 0 \|\| strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
910


911	$enduser = new Customer_Setup();
912	$content = json_decode($enduser->send_otp_token($email,'EMAIL',get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
913	if(strcasecmp($content['status'], 'SUCCESS') == 0) {
914	update_option( 'mo2f_message', 'An OTP has been sent to <b>' . ( $email ) . '</b>. Please enter the OTP below to verify your email. ');
915	$_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
916	+ update_option( 'mo2f_transactionId', $content['txId']);
917	update_user_meta($current_user->ID, 'mo_2factor_user_registration_status','MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
918	$this->mo_auth_show_success_message();
919	}else{

932
933	if(isset($_POST['option']) and $_POST['option'] == 'mo_2factor_backto_user_registration'){ //back to registration page for additional admin and non-admin
934	delete_user_meta($current_user->ID,'mo_2factor_user_email');
935	+
936	+ MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
937	+
938	+ delete_option( 'mo2f_transactionId');
939	delete_user_meta($current_user->ID,'mo_2factor_map_id_with_email');
940	delete_user_meta($current_user->ID,'mo_2factor_user_registration_status');
941	}

954	$_SESSION[ 'mo2f_qrCode' ] = $response['qrCode'];
955	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];
956	$_SESSION[ 'mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
957	+ update_option( 'mo2f_transactionId', $response['txId']);
958	update_option( 'mo2f_message','Please scan the QR Code now.');
959	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
960	update_user_meta( $current_user->ID,'mo2f_selected_2factor_method', 'MOBILE AUTHENTICATION');
961	$this->mo_auth_show_success_message();
962	}else{
963	+ $session_variables = array('mo2f_qrCode','mo2f_transactionId', 'mo2f_show_qr_code');
964	+ MO2f_Utility::unset_session_variables( $session_variables );
965	+
966	+ delete_option( 'mo2f_transactionId');
967	+ update_option( 'mo2f_message','An error occurred while processing your request. Please Try again.');
968	$this->mo_auth_show_error_message();
969	}
970	}

1018
1019	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
1020	$phone = get_user_meta($current_user->ID,'mo2f_user_phone',true);
1021	+
1022	+
1023	$enduser = new Customer_Setup();
1024	$content = json_decode($enduser->send_otp_token($email,$_POST['mo2f_selected_2factor_method'],get_option('mo2f_customerKey'),get_option('mo2f_api_key')), true);
1025	if(strcasecmp($content['status'], 'SUCCESS') == 0) {

1030	update_option( 'mo2f_message','You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below.');
1031	}
1032	$_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
1033	+ update_option( 'mo2f_transactionId', $content['txId']);
1034	$this->mo_auth_show_success_message();
1035	}else{
1036	update_option('mo2f_message','There was an error in sending one time passcode. Please click on Resend OTP to try again.');

1048	$otp_token = sanitize_text_field( $_POST['otp_token'] );
1049	}
1050	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);
1051	+
1052	+ //if the php session folder has insufficient permissions, temporary options to be used
1053	+ $mo2f_transactionId = isset($_SESSION['mo2f_transactionId']) && !empty($_SESSION['mo2f_transactionId']) ? $_SESSION['mo2f_transactionId'] : get_option('mo2f_transactionId');
1054	+
1055	$customer = new Customer_Setup();
1056	+ $content = json_decode($customer->validate_otp_token( get_user_meta($current_user->ID, 'mo2f_selected_2factor_method',true), $email, $mo2f_transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
1057	if($content['status'] == 'ERROR'){
1058	update_option( 'mo2f_message', $content['message']);
1059	$this->mo_auth_show_error_message();

1086	}else{
1087	if($response['status'] == 'SUCCESS'){
1088	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];
1089	+ update_option( 'mo2f_transactionId', $response['txId']);
1090	$_SESSION[ 'mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
1091	update_option( 'mo2f_message','A Push notification has been sent to your miniOrange Authenticator App.');
1092	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
1093	update_user_meta( $current_user->ID,'mo2f_selected_2factor_method', 'PUSH NOTIFICATIONS');
1094	$this->mo_auth_show_success_message();
1095	}else{
1096	+ $session_variables = array('mo2f_qrCode','mo2f_transactionId', 'mo2f_show_qr_code');
1097	+ MO2f_Utility::unset_session_variables( $session_variables );
1098	+
1099	+ delete_option( 'mo2f_transactionId');
1100	update_option( 'mo2f_message','An error occured while processing your request. Please Try again.');
1101	$this->mo_auth_show_error_message();
1102	}

1209	if(json_last_error() == JSON_ERROR_NONE) {
1210	if($google_response['status'] == 'SUCCESS'){
1211	$enduser = new Two_Factor_Setup();
1212	+ $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),null,null,null),true);
1213	+
1214	if(json_last_error() == JSON_ERROR_NONE) {
1215
1216	if($response['status'] == 'SUCCESS'){

1352	if(json_last_error() == JSON_ERROR_NONE) {
1353	if($kba_reg_reponse['status'] == 'SUCCESS'){
1354	if(isset($_POST['mobile_kba_option']) && $_POST['mobile_kba_option'] == 'mo2f_request_for_kba_as_emailbackup'){
1355	+ MO2f_Utility::unset_session_variables( 'mo2f_mobile_support' );
1356	+
1357	delete_user_meta($current_user->ID,'mo2f_configure_test_option');
1358	update_user_meta($current_user->ID,'mo2f_kba_registration_status',true);
1359	delete_user_meta( $current_user->ID,'mo2f_selected_2factor_method');

1409	if($response['status'] == 'SUCCESS'){
1410	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
1411	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];
1412	+ update_option( 'mo2f_transactionId', $response['txId']);
1413	$questions = array();
1414	$questions[0] = $response['questions'][0]['question'];
1415	$questions[1] = $response['questions'][1]['question'];
1416	$_SESSION[ 'mo_2_factor_kba_questions' ] = $questions;
1417	+
1418	+ //workaround for insufficient permissions
1419	+ update_option('kba_questions' , $questions);
1420	+
1421	update_user_meta($current_user->ID,'mo2f_selected_2factor_method','KBA');
1422	update_option( 'mo2f_message','Please answer the following security questions.');
1423	$this->mo_auth_show_success_message();

1443	$kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
1444	}
1445
1446	+ //if the php session folder has insufficient permissions, temporary options to be used
1447	+ $kba_questions = isset($_SESSION['mo_2_factor_kba_questions']) && !empty($_SESSION['mo_2_factor_kba_questions']) ? $_SESSION['mo_2_factor_kba_questions'] : get_option('kba_questions');
1448	+
1449	$kbaAns = array();
1450	+ $kbaAns[0] = $kba_questions[0];
1451	$kbaAns[1] = $kba_ans_1;
1452	+ $kbaAns[2] = $kba_questions[1];
1453	$kbaAns[3] = $kba_ans_2;
1454	+
1455	+ //if the php session folder has insufficient permissions, temporary options to be used
1456	+ $mo2f_transactionId = isset($_SESSION['mo2f_transactionId']) && !empty($_SESSION['mo2f_transactionId']) ? $_SESSION['mo2f_transactionId'] : get_option('mo2f_transactionId');
1457	+
1458	$kba_validate = new Customer_Setup();
1459	+ $kba_validate_response = json_decode($kba_validate->validate_otp_token( 'KBA', null, $mo2f_transactionId, $kbaAns, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
1460
1461	if(json_last_error() == JSON_ERROR_NONE) {
1462	if(strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {

1482	}
1483	$phone = str_replace(' ', '', $phone);
1484	$_SESSION['mo2f_phone'] = $phone;
1485	+ update_option( 'mo2f_phone_temp', $phone);
1486	$customer = new Customer_Setup();
1487
1488	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){

1499	$this->mo_auth_show_error_message();
1500	}else if($content['status'] == 'SUCCESS'){
1501	$_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
1502	+ update_option( 'mo2f_transactionId', $content['txId']);
1503	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
1504	update_option( 'mo2f_message','The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.');
1505	update_option( 'mo2f_number_of_transactions', get_option('mo2f_number_of_transactions')-1);

1528	$otp_token = sanitize_text_field( $_POST['otp_token'] );
1529	}
1530
1531	+ //if the php session folder has insufficient permissions, temporary options to be used
1532	+ $mo2f_transactionId = isset($_SESSION['mo2f_transactionId']) && !empty($_SESSION['mo2f_transactionId']) ? $_SESSION['mo2f_transactionId'] : get_option('mo2f_transactionId');
1533	+ $mo2f_phone = isset($_SESSION['mo2f_phone']) && !empty($_SESSION['mo2f_phone']) ? $_SESSION['mo2f_phone'] : get_option('mo2f_phone_temp');
1534	+
1535	$customer = new Customer_Setup();
1536	+ $content = json_decode($customer->validate_otp_token( get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true), null, $mo2f_transactionId , $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key') ),true);
1537	if($content['status'] == 'ERROR'){
1538	update_option( 'mo2f_message', $content['message']);
1539
1540	}else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
1541	if(get_user_meta($current_user->ID,'mo2f_user_phone',true) && strlen(get_user_meta($current_user->ID,'mo2f_user_phone',true)) >= 4){
1542	+ if($mo2f_phone != get_user_meta($current_user->ID,'mo2f_user_phone',true) ){
1543	update_user_meta($current_user->ID,'mo2f_mobile_registration_status',false);
1544	}
1545	}
1546	$email = get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true);

1547
1548	$enduser = new Two_Factor_Setup();
1549	+ $response = json_decode($enduser->mo2f_update_userinfo($email,get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true),$mo2f_phone,null,null),true);
1550	+
1551	if(json_last_error() == JSON_ERROR_NONE) {
1552
1553	if($response['status'] == 'ERROR'){
1554	+ MO2f_Utility::unset_session_variables( 'mo2f_phone' );
1555	+ delete_option( 'mo2f_phone_temp');
1556	update_option( 'mo2f_message', $response['message']);
1557	$this->mo_auth_show_error_message();
1558	}else if($response['status'] == 'SUCCESS'){

1561	delete_user_meta($current_user->ID,'mo_2factor_mobile_registration_status');
1562	update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
1563	update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
1564	+ update_user_meta($current_user->ID,'mo2f_user_phone',$mo2f_phone);
1565	+
1566	+ MO2f_Utility::unset_session_variables( 'mo2f_phone' );
1567	+ delete_option( 'mo2f_phone_temp');
1568	$testmethod = get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true);
1569	if(get_user_meta( $current_user->ID,'mo2f_selected_2factor_method',true) == 'SMS'){
1570	$authType = "OTP Over SMS";

1575	update_option( 'mo2f_message',$message );
1576	$this->mo_auth_show_success_message();
1577	}else{
1578	+ MO2f_Utility::unset_session_variables( 'mo2f_phone' );
1579	+ delete_option( 'mo2f_phone_temp');
1580	update_option( 'mo2f_message','An error occured while processing your request. Please Try again.');
1581	$this->mo_auth_show_error_message();
1582	}
1583	}else{
1584	+ MO2f_Utility::unset_session_variables( 'mo2f_phone' );
1585	+ delete_option( 'mo2f_phone_temp');
1586	update_option( 'mo2f_message','Invalid request. Please try again');
1587	$this->mo_auth_show_error_message();
1588	}

1647	}
1648
1649	if(isset($_POST['option']) && $_POST['option'] == 'mo2f_cancel_configuration'){
1650	+
1651	+ $session_variables = array('mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code', 'mo2f_phone', 'mo2f_google_auth',
1652	+ 'mo2f_mobile_support', 'mo2f_authy_keys' );
1653	+ MO2f_Utility::unset_session_variables( $session_variables );
1654	+
1655	+ delete_option( 'mo2f_transactionId');

1656	delete_user_meta($current_user->ID,'mo2f_configure_test_option');
1657	}
1658

1677	if($response['status'] == 'SUCCESS'){
1678
1679	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];
1680	+ update_option( 'mo2f_transactionId', $response['txId']);
1681	+
1682	update_option( 'mo2f_message','A verification email is sent to<b> '. $email . '</b>. Please click on accept link to verify your email.');
1683	update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
1684	update_user_meta( $current_user->ID,'mo2f_selected_2factor_method', 'OUT OF BAND EMAIL');
1685	$this->mo_auth_show_success_message();
1686	}else{
1687	+ MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
1688	+ delete_option( 'mo2f_transactionId');
1689	+
1690	update_option( 'mo2f_message','An error occured while processing your request. Please Try again.');
1691	$this->mo_auth_show_error_message();
1692	}

1838	if(json_last_error() == JSON_ERROR_NONE) {
1839	if($response['status'] == 'ERROR'){
1840	update_option( 'mo2f_message', $response['message']);
1841	+
1842	+ $session_variables = array('mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code');
1843	+ MO2f_Utility::unset_session_variables( $session_variables );
1844	+
1845	+ delete_option( 'mo2f_transactionId');
1846	$this->mo_auth_show_error_message();
1847	}else{
1848	if($response['status'] == 'IN_PROGRESS'){
1849	update_option( 'mo2f_message','Please scan the QR Code now.');
1850	$_SESSION[ 'mo2f_qrCode' ] = $response['qrCode'];
1851	$_SESSION[ 'mo2f_transactionId' ] = $response['txId'];
1852	+ update_option( 'mo2f_transactionId', $response['txId']);
1853	$_SESSION[ 'mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
1854	$this->mo_auth_show_success_message();
1855	}else{
1856	+ update_option( 'mo2f_message', "An error occured while processing your request. Please Try again.");
1857	+ $session_variables = array('mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code');
1858	+ MO2f_Utility::unset_session_variables( $session_variables );
1859	+ delete_option( 'mo2f_transactionId');
1860	+ $this->mo_auth_show_error_message();
1861	}
1862	}
1863	}

1889	return 1;
1890	}
1891	}

































1892


1893	new Miniorange_Authentication;
1894	?>

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://miniorange.com/
4	Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
5	Requires at least: 3.0.1
6	Tested up to: 4.9.4
7	- Stable tag: 4.5.8
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -250,8 +250,11 @@ miniOrange authentication service has 15+ authentication methods.One time passco
250
251	== Changelog ==
252



253	= 4.5.8 =
254	- * Google Authenticator (2FA) : Tested upto 4.9.4 and Removed External links
255
256	= 4.5.7 =
257	* Google Authenticator (2FA) : Minor bug fixes.
	@@ -487,8 +490,11 @@ More descriptive setup messages and UI changes.
487
488	== Upgrade Notice ==
489



490	= 4.5.8 =
491	- * Google Authenticator (2FA) : Tested upto 4.9.4 and Removed External links
492
493	= 4.5.7 =
494	* Google Authenticator (2FA) : Minor bug fixes.


4	Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
5	Requires at least: 3.0.1
6	Tested up to: 4.9.4
7	+ Stable tag: 4.5.9
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

250
251	== Changelog ==
252
253	+ = 4.5.9 =
254	+ * Google Authenticator (2FA) : Bug fixes for customers who were getting redirected to the login page after the two factor authentication.
255	+
256	= 4.5.8 =
257	+ * Google Authenticator (2FA) : Tested upto 4.9.4 and Removed External links.
258
259	= 4.5.7 =
260	* Google Authenticator (2FA) : Minor bug fixes.

490
491	== Upgrade Notice ==
492
493	+ = 4.5.9 =
494	+ * Google Authenticator (2FA) : Bug fixes for customers who were getting redirected to the login page after the two factor authentication.
495	+
496	= 4.5.8 =
497	+ * Google Authenticator (2FA) : Tested upto 4.9.4 and Removed External links.
498
499	= 4.5.7 =
500	* Google Authenticator (2FA) : Minor bug fixes.

uninstall.php CHANGED Viewed

	@@ -38,10 +38,7 @@
38	delete_option('mo2f_enable_mobile_support');
39	delete_option( 'mo2f_new_customer' );
40	delete_option('mo2f_show_sms_transaction_message');
41	- ~~/* App Specific Password~~
42	- delete_option('mo2f_app_password');
43	- */
44	-
45	//delete all stored key-value pairs for the roles
46	global $wp_roles;
47	if (!isset($wp_roles))
	@@ -93,9 +90,6 @@
93	delete_option( 'mo2f_number_of_transactions' );
94	delete_option( 'mo2f_set_transactions' );
95	delete_option('mo2f_show_sms_transaction_message');
96	- /* App Specific Password
97	- delete_option('mo2f_app_password');
98	- */
99
100	//delete all stored key-value pairs for the roles
101	global $wp_roles;
	@@ -127,9 +121,6 @@
127	delete_user_meta($user->ID,'mo2f_kba_registration_status');
128	delete_user_meta($user->ID,'mo2f_email_verification_status');
129	delete_user_meta($user->ID,'mo2f_authy_authentication_status');
130	- /* App Specific Password
131	- delete_user_meta($user->ID,'mo2f_app_password');
132	- */
133	}
134
135	//delete previous version key-value pairs


38	delete_option('mo2f_enable_mobile_support');
39	delete_option( 'mo2f_new_customer' );
40	delete_option('mo2f_show_sms_transaction_message');
41	+



42	//delete all stored key-value pairs for the roles
43	global $wp_roles;
44	if (!isset($wp_roles))

90	delete_option( 'mo2f_number_of_transactions' );
91	delete_option( 'mo2f_set_transactions' );
92	delete_option('mo2f_show_sms_transaction_message');



93
94	//delete all stored key-value pairs for the roles
95	global $wp_roles;

121	delete_user_meta($user->ID,'mo2f_kba_registration_status');
122	delete_user_meta($user->ID,'mo2f_email_verification_status');
123	delete_user_meta($user->ID,'mo2f_authy_authentication_status');



124	}
125
126	//delete previous version key-value pairs

Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 4.5.9

Version Description

Release Info

Code changes from version 4.5.8 to 4.5.9