Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.1.16

Version Description

  • Google Authenticator-Two Factor Authentication (2FA) : Login redirect fix.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.1.16
Comparing to
See all releases

Code changes from version 5.1.15 to 5.1.16

Files changed (12) hide show
  1. class-customer-setup.php +2 -2
  2. class-miniorange-2-factor-login.php +6 -46
  3. class-miniorange-2-factor-pass2fa-login.php +68 -127
  4. class-utility.php +106 -55
  5. database/database_functions.php +1 -1
  6. miniorange_2_factor_common_login.php +12 -12
  7. miniorange_2_factor_configuration.php +2 -2
  8. miniorange_2_factor_settings.php +10 -20
  9. readme.txt +6 -6
  10. views/configure_kba_questions +3 -3
  11. views/feedback_form.php +1 -1
  12. views/test_kba_security_questions +2 -2
class-customer-setup.php CHANGED
@@ -115,7 +115,7 @@ class Customer_Setup {
115
  $customer_feature = "V3";
116
  }
117
 
118
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V 5.1.15]: ' . $message;
119
 
120
  $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
121
 
@@ -613,7 +613,7 @@ class Customer_Setup {
613
  $customer_feature = "V3";
614
  }
615
 
616
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V 5.1.15]: ' . $query;
617
  $fields = array(
618
  'firstName' => $user->user_firstname,
619
  'lastName' => $user->user_lastname,
115
  $customer_feature = "V3";
116
  }
117
 
118
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V 5.1.16]: ' . $message;
119
 
120
  $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
121
 
613
  $customer_feature = "V3";
614
  }
615
 
616
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V 5.1.16]: ' . $query;
617
  $fields = array(
618
  'firstName' => $user->user_firstname,
619
  'lastName' => $user->user_lastname,
class-miniorange-2-factor-login.php CHANGED
@@ -28,40 +28,29 @@ class Miniorange_Mobile_Login {
28
 
29
  function mo2fa_default_login( $user, $username, $password ) {
30
  global $Mo2fdbQueries;
31
-
32
  $currentuser = wp_authenticate_username_password( $user, $username, $password );
33
  if ( is_wp_error( $currentuser ) ) {
34
  return $currentuser;
35
  } else {
36
  $this->miniorange_login_start_session();
37
-
38
  $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
39
  $session_id=$pass2fa_login_session->create_session();
40
-
41
  $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
42
  $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
43
-
44
  if ( $mo2f_configured_2FA_method ) {
45
-
46
  $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
47
  $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
48
-
49
  if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
50
  MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
51
  $this->mo_auth_show_error_message();
52
  $this->mo2f_redirectto_wp_login();
53
  $error = new WP_Error();
54
-
55
  return $error;
56
  } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
57
-
58
  $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
59
  }
60
  } else { //plugin is not activated for non-admin then logged him in
61
-
62
-
63
  $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
64
-
65
  }
66
  }
67
  }
@@ -78,8 +67,6 @@ class Miniorange_Mobile_Login {
78
 
79
  }
80
 
81
-
82
-
83
  function mo2f_redirectto_wp_login() {
84
  global $Mo2fdbQueries;
85
  $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
@@ -94,7 +81,6 @@ class Miniorange_Mobile_Login {
94
  }
95
 
96
  function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
97
-
98
  $user_id = $user->ID;
99
  wp_set_current_user( $user_id, $user->user_login );
100
  $this->remove_current_activity($session_id);
@@ -102,7 +88,6 @@ class Miniorange_Mobile_Login {
102
  do_action( 'wp_login', $user->user_login, $user );
103
  redirect_user_to( $user, $redirect_to );
104
  exit;
105
-
106
  }
107
 
108
  function remove_current_activity($session_id) {
@@ -151,22 +136,7 @@ class Miniorange_Mobile_Login {
151
 
152
  MO2f_Utility::unset_session_variables( $session_variables );
153
  MO2f_Utility::unset_cookie_variables( $cookie_variables );
154
-
155
- $key = get_option( 'mo2f_encryption_key' );
156
-
157
- $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
158
- $Mo2fdbQueries->save_user_login_details( $session_id, array(
159
-
160
- 'mo2f_current_user_id' => '',
161
- 'mo2f_login_message' => '',
162
- 'mo2f_1stfactor_status' => '',
163
- 'mo2f_transactionId' => '',
164
- 'mo_2_factor_kba_questions' => '',
165
- 'mo2f_rba_status' => '',
166
- 'ts_created' => ''
167
-
168
- ) );
169
-
170
  }
171
 
172
  function custom_login_enqueue_scripts() {
@@ -175,9 +145,8 @@ class Miniorange_Mobile_Login {
175
  }
176
 
177
  function mo_2_factor_hide_login() {
178
- wp_register_style( 'hide-login', plugins_url( 'includes/css/hide-login.css?version=5.1.15', __FILE__ ) );
179
- wp_register_style( 'bootstrap', plugins_url( 'includes/css/bootstrap.min.css?version=5.1.15', __FILE__ ) );
180
-
181
  wp_enqueue_style( 'hide-login' );
182
  wp_enqueue_style( 'bootstrap' );
183
 
@@ -187,17 +156,14 @@ class Miniorange_Mobile_Login {
187
  $message = $_SESSION['mo2f_login_message'];
188
  //if the php session folder has insufficient permissions, cookies to be used
189
  $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message' );
190
-
191
  return "<div> <p class='message'>" . $message . "</p></div>";
192
  }
193
 
194
  function mo_auth_error_message() {
195
  $id = "login_error1";
196
  $message = $_SESSION['mo2f_login_message'];
197
-
198
  //if the php session folder has insufficient permissions, cookies to be used
199
  $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message' );
200
-
201
  return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
202
  }
203
 
@@ -209,13 +175,9 @@ class Miniorange_Mobile_Login {
209
  function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
210
 
211
  if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
212
-
213
  //if the php session folder has insufficient permissions, cookies to be used
214
  $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' );
215
-
216
  if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' ) ) {
217
-
218
-
219
  $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
220
  $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
221
  $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
@@ -228,9 +190,7 @@ class Miniorange_Mobile_Login {
228
  $this->mo_2_factor_show_login();
229
  $this->mo_2_factor_show_wp_login_form();
230
  }
231
-
232
  } else { //Login with phone is alogin with default login form
233
-
234
  $this->mo_2_factor_show_login();
235
  $this->mo_2_factor_show_wp_login_form();
236
  }
@@ -238,7 +198,7 @@ class Miniorange_Mobile_Login {
238
  }
239
 
240
  function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
241
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.15', __FILE__ ) );
242
  wp_enqueue_style( 'show-login' );
243
  }
244
 
@@ -260,9 +220,9 @@ class Miniorange_Mobile_Login {
260
 
261
  function mo_2_factor_show_login() {
262
  if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
263
- wp_register_style( 'show-login', plugins_url( 'includes/css/hide-login-form.css?version=5.1.15', __FILE__ ) );
264
  } else {
265
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.15', __FILE__ ) );
266
  }
267
  wp_enqueue_style( 'show-login' );
268
  }
28
 
29
  function mo2fa_default_login( $user, $username, $password ) {
30
  global $Mo2fdbQueries;
 
31
  $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
  if ( is_wp_error( $currentuser ) ) {
33
  return $currentuser;
34
  } else {
35
  $this->miniorange_login_start_session();
 
36
  $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
37
  $session_id=$pass2fa_login_session->create_session();
 
38
  $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
39
  $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
 
40
  if ( $mo2f_configured_2FA_method ) {
 
41
  $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
42
  $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
 
43
  if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
44
  MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
45
  $this->mo_auth_show_error_message();
46
  $this->mo2f_redirectto_wp_login();
47
  $error = new WP_Error();
 
48
  return $error;
49
  } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
 
50
  $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
51
  }
52
  } else { //plugin is not activated for non-admin then logged him in
 
 
53
  $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
 
54
  }
55
  }
56
  }
67
 
68
  }
69
 
 
 
70
  function mo2f_redirectto_wp_login() {
71
  global $Mo2fdbQueries;
72
  $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
81
  }
82
 
83
  function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
 
84
  $user_id = $user->ID;
85
  wp_set_current_user( $user_id, $user->user_login );
86
  $this->remove_current_activity($session_id);
88
  do_action( 'wp_login', $user->user_login, $user );
89
  redirect_user_to( $user, $redirect_to );
90
  exit;
 
91
  }
92
 
93
  function remove_current_activity($session_id) {
136
 
137
  MO2f_Utility::unset_session_variables( $session_variables );
138
  MO2f_Utility::unset_cookie_variables( $cookie_variables );
139
+ MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
140
  }
141
 
142
  function custom_login_enqueue_scripts() {
145
  }
146
 
147
  function mo_2_factor_hide_login() {
148
+ wp_register_style( 'hide-login', plugins_url( 'includes/css/hide-login.css?version=5.1.16', __FILE__ ) );
149
+ wp_register_style( 'bootstrap', plugins_url( 'includes/css/bootstrap.min.css?version=5.1.16', __FILE__ ) );
 
150
  wp_enqueue_style( 'hide-login' );
151
  wp_enqueue_style( 'bootstrap' );
152
 
156
  $message = $_SESSION['mo2f_login_message'];
157
  //if the php session folder has insufficient permissions, cookies to be used
158
  $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message' );
 
159
  return "<div> <p class='message'>" . $message . "</p></div>";
160
  }
161
 
162
  function mo_auth_error_message() {
163
  $id = "login_error1";
164
  $message = $_SESSION['mo2f_login_message'];
 
165
  //if the php session folder has insufficient permissions, cookies to be used
166
  $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message' );
 
167
  return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
168
  }
169
 
175
  function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
176
 
177
  if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
 
178
  //if the php session folder has insufficient permissions, cookies to be used
179
  $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' );
 
180
  if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' ) ) {
 
 
181
  $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
182
  $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
183
  $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
190
  $this->mo_2_factor_show_login();
191
  $this->mo_2_factor_show_wp_login_form();
192
  }
 
193
  } else { //Login with phone is alogin with default login form
 
194
  $this->mo_2_factor_show_login();
195
  $this->mo_2_factor_show_wp_login_form();
196
  }
198
  }
199
 
200
  function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
201
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.16', __FILE__ ) );
202
  wp_enqueue_style( 'show-login' );
203
  }
204
 
220
 
221
  function mo_2_factor_show_login() {
222
  if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
223
+ wp_register_style( 'show-login', plugins_url( 'includes/css/hide-login-form.css?version=5.1.16', __FILE__ ) );
224
  } else {
225
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.16', __FILE__ ) );
226
  }
227
  wp_enqueue_style( 'show-login' );
228
  }
class-miniorange-2-factor-pass2fa-login.php CHANGED
@@ -27,61 +27,51 @@ include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
27
 
28
  class Miniorange_Password_2Factor_Login {
29
 
 
 
 
 
 
30
  public function miniorange_pass2login_redirect() {
31
 
32
  global $Mo2fdbQueries;
33
-
34
  if ( ! get_option( 'mo2f_login_option' ) ) {
35
-
36
  if ( isset( $_POST['miniorange_login_nonce'] ) ) {
37
  $nonce = $_POST['miniorange_login_nonce'];
38
  $session_id = $this->create_session();
39
-
40
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
41
-
42
  $this->remove_current_activity($session_id);
43
  $error = new WP_Error();
44
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
45
-
46
  return $error;
47
  } else {
48
-
49
  $this->miniorange_pass2login_start_session();
50
-
51
  $mobile_login = new Miniorange_Mobile_Login();
52
  //validation and sanitization
53
  $username = '';
54
  if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
55
-
56
  MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
57
  $mobile_login->mo_auth_show_error_message();
58
  return;
59
  } else {
60
  $username = sanitize_text_field( $_POST['mo2fa_username'] );
61
  }
62
-
63
-
64
  if ( username_exists( $username ) ) { /*if username exists in wp site */
65
  $user = new WP_User( $username );
66
-
67
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
68
-
69
  MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
70
  MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
71
-
72
- $current_roles = miniorange_get_user_role( $user );
73
-
74
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
75
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
76
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
77
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
78
-
79
-
80
  if ( $mo2f_configured_2FA_method ) {
81
  if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) {
82
  if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
83
  $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
84
-
85
  } else {
86
  $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
87
  if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
@@ -89,11 +79,8 @@ class Miniorange_Password_2Factor_Login {
89
  } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
90
  $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
91
  } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
92
-
93
  $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
94
-
95
  } else if ( $mo2f_second_factor == 'KBA' ) {
96
-
97
  $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
98
  } else {
99
  $this->remove_current_activity($session_id);
@@ -102,13 +89,11 @@ class Miniorange_Password_2Factor_Login {
102
  }
103
  }
104
  } else {
105
-
106
  MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
107
  $mobile_login->mo_auth_show_success_message();
108
  $mobile_login->mo2f_redirectto_wp_login();
109
  }
110
  } else {
111
-
112
  MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
113
  $mobile_login->mo_auth_show_success_message();
114
  $mobile_login->mo2f_redirectto_wp_login();
@@ -130,25 +115,19 @@ class Miniorange_Password_2Factor_Login {
130
  $this->remove_current_activity($session_id_encrypt);
131
  $error = new WP_Error();
132
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
133
-
134
  return $error;
135
  } else {
136
  $this->miniorange_pass2login_start_session();
137
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
138
  try {
139
-
140
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
141
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
142
-
143
  $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
144
-
145
-
146
  mo2f_register_profile( $email, 'true', $mo2f_rba_status );
147
  } catch ( Exception $e ) {
148
  echo $e->getMessage();
149
  }
150
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
151
-
152
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
153
  }
154
  }
@@ -158,7 +137,6 @@ class Miniorange_Password_2Factor_Login {
158
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
159
  $error = new WP_Error();
160
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
161
-
162
  return $error;
163
  } else {
164
  $this->miniorange_pass2login_start_session();
@@ -173,33 +151,29 @@ class Miniorange_Password_2Factor_Login {
173
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
174
  $error = new WP_Error();
175
  $error->add( 'empty_username', '<strong>' . __( 'ERROR' ) . '</strong>:' . __( 'Invalid Request.' ) );
176
-
177
  return $error;
178
  } else {
179
  $this->miniorange_pass2login_start_session();
180
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
181
- $forgot_phone_enable = get_option( 'mo2f_enable_forgotphone' );
182
- $forgot_phone_kba_enable = get_option( 'mo2f_enable_forgotphone_kba' );
183
  $forgot_phone_email_enable = get_option( 'mo2f_enable_forgotphone_email' );
184
-
185
- $second_factor = isset( $_POST['mo2f_configured_2FA_method'] ) ? $_POST['mo2f_configured_2FA_method'] : 'KBA';
186
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
187
- $user = unserialize( $_SESSION['mo2f_current_user'] );
188
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
189
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
190
  $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
191
 
192
-
193
  if ( $forgot_phone_enable && $forgot_phone_email_enable && $second_factor == 'OTP OVER EMAIL' ) {
194
  $customer = new Customer_Setup();
195
  $content = json_decode( $customer->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
196
-
197
  $mo2fa_login_message = '';
198
  $mo2f_login_status = '';
199
 
200
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
201
  MO2f_Utility::set_user_values( $session_id_encrypt, "mo2f_transactionId", $content['txId'] );
202
-
203
  $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hidden_email( $email ) . '</b>. Please enter the OTP to verify your identity.';
204
  $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
205
  } else {
@@ -224,13 +198,11 @@ class Miniorange_Password_2Factor_Login {
224
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
225
  $error = new WP_Error();
226
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
227
-
228
  return $error;
229
  } else {
230
  $this->miniorange_pass2login_start_session();
231
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
232
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
233
-
234
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
235
  $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
236
  }
@@ -241,16 +213,12 @@ class Miniorange_Password_2Factor_Login {
241
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
242
  $error = new WP_Error();
243
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
244
-
245
  return $error;
246
  } else {
247
-
248
  $this->miniorange_pass2login_start_session();
249
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
250
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
251
-
252
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
253
-
254
  if ( isset( $user_id ) ) {
255
  if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
256
  $mo2fa_login_message = 'Please provide both the answers.';
@@ -259,23 +227,19 @@ class Miniorange_Password_2Factor_Login {
259
  }
260
  $otpToken = array();
261
  $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
262
-
263
  $otpToken[0] = $kba_questions[0];
264
  $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
265
  $otpToken[2] = $kba_questions[1];
266
  $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
267
-
268
  $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? $_POST['mo2f_trust_device'] : 'false';
269
 
270
  //if the php session folder has insufficient permissions, cookies to be used
271
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
272
 
273
  $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
274
-
275
- $kba_validate = new Customer_Setup();
276
  $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
277
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
278
-
279
  if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
280
  if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
281
  try {
@@ -295,7 +259,6 @@ class Miniorange_Password_2Factor_Login {
295
  }
296
  } else {
297
  $this->remove_current_activity($session_id_encrypt);
298
-
299
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
300
  }
301
  }
@@ -306,14 +269,12 @@ class Miniorange_Password_2Factor_Login {
306
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
307
  $error = new WP_Error();
308
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
309
-
310
  return $error;
311
  } else {
312
  $this->miniorange_pass2login_start_session();
313
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
314
  //if the php session folder has insufficient permissions, cookies to be used
315
  $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
316
-
317
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
318
  $checkMobileStatus = new Two_Factor_Setup();
319
  $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
@@ -328,12 +289,10 @@ class Miniorange_Password_2Factor_Login {
328
  }
329
  } else {
330
  $this->remove_current_activity($session_id_encrypt);
331
-
332
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
333
  }
334
  } else {
335
  $this->remove_current_activity($session_id_encrypt);
336
-
337
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
338
  }
339
  }
@@ -344,7 +303,6 @@ class Miniorange_Password_2Factor_Login {
344
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
345
  $error = new WP_Error();
346
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
347
-
348
  return $error;
349
  } else {
350
  $this->miniorange_pass2login_start_session();
@@ -358,14 +316,12 @@ class Miniorange_Password_2Factor_Login {
358
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
359
  $error = new WP_Error();
360
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
361
-
362
  return $error;
363
  } else {
364
  $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
365
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
366
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
367
  $mo2fa_login_message = '';
368
-
369
  $this->miniorange_pass2login_start_session();
370
  $customer = new Customer_Setup();
371
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
@@ -381,10 +337,7 @@ class Miniorange_Password_2Factor_Login {
381
  $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
382
 
383
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
384
-
385
-
386
  $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
387
-
388
  MO2f_Utility::unset_session_variables( $session_cookie_variables );
389
  MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
390
  MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
@@ -392,7 +345,7 @@ class Miniorange_Password_2Factor_Login {
392
  //if the php session folder has insufficient permissions, cookies to be used
393
  MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
394
  MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
395
-
396
  $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
397
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
398
  } else {
@@ -401,7 +354,6 @@ class Miniorange_Password_2Factor_Login {
401
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
402
  }
403
  $pass2fa_login = new Miniorange_Password_2Factor_Login();
404
-
405
  $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
406
  }
407
  }
@@ -411,17 +363,14 @@ class Miniorange_Password_2Factor_Login {
411
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
412
  $error = new WP_Error();
413
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
414
-
415
  return $error;
416
  } else {
417
  $this->miniorange_pass2login_start_session();
418
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
419
  $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
420
-
421
  MO2f_Utility::unset_session_variables( $session_cookie_variables );
422
  MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
423
  MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
424
-
425
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
426
  $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
427
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
@@ -435,7 +384,6 @@ class Miniorange_Password_2Factor_Login {
435
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
436
  $error = new WP_Error();
437
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
438
-
439
  return $error;
440
  } else {
441
  $this->miniorange_pass2login_start_session();
@@ -458,12 +406,10 @@ class Miniorange_Password_2Factor_Login {
458
  $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
459
 
460
  if ( isset( $user_id ) ) {
461
-
462
  $customer = new Customer_Setup();
463
  $content = '';
464
  //if the php session folder has insufficient permissions, cookies to be used
465
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
466
-
467
  if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
468
  $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
469
  } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
@@ -476,14 +422,12 @@ class Miniorange_Password_2Factor_Login {
476
  $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
477
  } else {
478
  $this->remove_current_activity($session_id_encrypt);
479
-
480
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
481
  }
482
 
483
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
484
  if ( get_option( 'mo2f_remember_device' ) ) {
485
  $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
486
-
487
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
488
  } else {
489
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
@@ -496,7 +440,6 @@ class Miniorange_Password_2Factor_Login {
496
 
497
  } else {
498
  $this->remove_current_activity($session_id_encrypt);
499
-
500
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
501
  }
502
  }
@@ -585,7 +528,6 @@ class Miniorange_Password_2Factor_Login {
585
 
586
  MO2f_Utility::unset_session_variables( $session_variables );
587
  MO2f_Utility::unset_cookie_variables( $cookie_variables );
588
-
589
  $key = get_option( 'mo2f_encryption_key' );
590
  $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
591
  $Mo2fdbQueries->save_user_login_details( $session_id, array(
@@ -605,7 +547,10 @@ class Miniorange_Password_2Factor_Login {
605
 
606
  public function miniorange_pass2login_start_session() {
607
  if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
608
- session_start();
 
 
 
609
  }
610
  }
611
 
@@ -622,17 +567,16 @@ class Miniorange_Password_2Factor_Login {
622
  $response = json_decode( $content, true );
623
  if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
624
  if ( $response['status'] == 'SUCCESS' ) {
625
-
626
  MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
 
627
  $questions = array();
628
  $questions[0] = $response['questions'][0]['question'];
629
  $questions[1] = $response['questions'][1]['question'];
630
-
631
  MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
632
-
633
  $mo2fa_login_message = 'Please answer the following questions:';
634
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
635
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
636
  } else if ( $response['status'] == 'ERROR' ) {
637
  $this->remove_current_activity($session_id);
638
  $error = new WP_Error();
@@ -653,12 +597,9 @@ class Miniorange_Password_2Factor_Login {
653
 
654
  $login_status = $mo2fa_login_status;
655
  $login_message = $mo2fa_login_message;
656
-
657
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
658
-
659
-
660
  if ( $this->miniorange_pass2login_check_mobile_status( $login_status ) ) { //for mobile
661
- mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt );
 
662
  exit;
663
  } else if ( $this->miniorange_pass2login_check_otp_status( $login_status ) ) { //for soft-token,otp over email,sms,phone verification,google auth
664
  mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt );
@@ -667,17 +608,22 @@ class Miniorange_Password_2Factor_Login {
667
  mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
668
  exit;
669
  } else if ( $this->miniorange_pass2login_check_push_oobemail_status( $login_status ) ) { //for push and out of band email.
670
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt );
 
 
671
  exit;
672
  } else if ( $this->miniorange_pass2login_reconfig_google( $login_status ) ) { //MO_2_FACTOR_RECONFIG_GOOGLE
673
  // shortcode
 
674
  $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
675
  exit;
676
  } else if ( $this->miniorange_pass2login_reconfig_kba( $login_status ) ) { //MO_2_FACTOR_RECONFIG_KBA
 
677
  $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
678
  exit;
679
  } else if ( $this->miniorange_pass2login_check_kba_status( $login_status ) ) { // for Kba
680
- mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt );
 
681
  exit;
682
  } else if ( $this->miniorange_pass2login_check_trusted_device_status( $login_status ) ) { // trusted device
683
  mo2f_get_device_form( $redirect_to, $session_id_encrypt );
@@ -762,7 +708,6 @@ class Miniorange_Password_2Factor_Login {
762
  function mo_2_factor_pass2login_show_wp_login_form() {
763
 
764
  $session_id_encrypt = isset( $_POST['miniorange_user_session'] ) ? $_POST['miniorange_user_session'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
765
-
766
  if(is_null($session_id_encrypt)) {
767
  $session_id_encrypt=$this->create_session();
768
  }
@@ -808,14 +753,12 @@ class Miniorange_Password_2Factor_Login {
808
 
809
  }
810
 
811
- function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null )
812
- {
813
  global $Mo2fdbQueries;
814
  if (is_null($session_id_encrypt)){
815
  $session_id_encrypt=$this->create_session();
816
- }
817
  $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
818
-
819
  $useragent = $_SERVER['HTTP_USER_AGENT'];
820
  if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
821
  $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
@@ -833,10 +776,9 @@ class Miniorange_Password_2Factor_Login {
833
  $response = json_decode( $content, true );
834
  if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
835
  if ( $response['status'] == 'SUCCESS' ) {
836
-
837
  $qrCode = $response['qrCode'];
838
  MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
839
-
840
  $mo2fa_login_message = '';
841
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
842
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
@@ -864,20 +806,20 @@ class Miniorange_Password_2Factor_Login {
864
  $session_id=$this->create_session();
865
  }
866
  $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
867
-
868
  $challengeMobile = new Customer_Setup();
869
- $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
870
  $response = json_decode( $content, true );
871
  if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
872
  if ( $response['status'] == 'SUCCESS' ) {
873
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
 
874
 
875
  $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
876
  $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
877
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
878
  } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
879
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
880
-
881
  $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
882
  $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
883
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
@@ -896,16 +838,14 @@ class Miniorange_Password_2Factor_Login {
896
  if(is_null($session_id)){
897
  $session_id=$this->create_session();
898
  }
899
-
900
  $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
901
  $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
902
-
903
  if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
904
  $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
905
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
906
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
907
  } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
908
- $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
909
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
910
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
911
  } else {
@@ -916,17 +856,15 @@ class Miniorange_Password_2Factor_Login {
916
  if ( $response['status'] == 'SUCCESS' ) {
917
  $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
918
  update_option( 'mo2f_number_of_transactions', get_option( 'mo2f_number_of_transactions' ) - 1 );
919
-
920
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
921
-
922
  $mo2fa_login_message = $message;
923
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
924
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
925
  } else {
926
  $message = $response['message'] . ' You can click on <b>Forgot your phone</b> link to login via alternate method.';
927
-
928
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
929
-
930
  $mo2fa_login_message = $message;
931
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
932
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
@@ -935,23 +873,23 @@ class Miniorange_Password_2Factor_Login {
935
  $this->remove_current_activity($session_id);
936
  $error = new WP_Error();
937
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
938
-
939
  return $error;
940
  }
941
  }
942
  }
943
 
944
  function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
945
-
946
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypted );
947
- $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status',$session_id_encrypted );
948
-
 
 
 
949
  if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
950
-
951
  $currentuser = get_user_by( 'id', $user_id );
952
-
953
  wp_set_current_user( $user_id, $currentuser->user_login );
954
- $this->remove_current_activity($session_id_encrypted);
955
  wp_set_auth_cookie( $user_id, true );
956
  do_action( 'wp_login', $currentuser->user_login, $currentuser );
957
  redirect_user_to( $currentuser, $redirect_to );
@@ -965,9 +903,7 @@ class Miniorange_Password_2Factor_Login {
965
  global $Mo2fdbQueries;
966
  $session_id = MO2f_Utility::random_str(20);
967
  $Mo2fdbQueries->insert_user_login_session($session_id);
968
-
969
-
970
- $key = get_option( 'mo2f_encryption_key' );
971
  $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
972
  return $session_id_encrypt;
973
  }
@@ -982,6 +918,9 @@ class Miniorange_Password_2Factor_Login {
982
  MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
983
  MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
984
 
 
 
 
985
  $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $currentuser->ID ? true : false;
986
 
987
  //if ( $enabled_2fa_byusers ) {
@@ -994,10 +933,12 @@ class Miniorange_Password_2Factor_Login {
994
  try {
995
  $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
996
  MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
 
997
  } catch ( Exception $e ) {
998
  echo $e->getMessage();
999
  }
1000
 
 
1001
  if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
1002
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1003
  } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
@@ -1010,8 +951,7 @@ class Miniorange_Password_2Factor_Login {
1010
  } else {
1011
  $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
1012
 
1013
- if(get_option('mo2f_enable_2fa_prompt_on_login_page')&& !get_option('mo2f_remember_device')&&
1014
- in_array(get_option('mo2f_configured_2_factor_method'), array("Google Authenticator", "miniOrange Soft Token", "Authy Authenticator"))){
1015
  $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
1016
 
1017
  if(is_wp_error( $error)){
@@ -1062,7 +1002,7 @@ class Miniorange_Password_2Factor_Login {
1062
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1063
  if ( get_option( 'mo2f_remember_device' ) ) {
1064
  $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1065
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null, $session_id_encrypt );
1066
  } else {
1067
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1068
  }
@@ -1083,6 +1023,7 @@ class Miniorange_Password_2Factor_Login {
1083
 
1084
  $session_id=$this->create_session();
1085
  MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
 
1086
 
1087
  mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
1088
  exit;
27
 
28
  class Miniorange_Password_2Factor_Login {
29
 
30
+ private $mo2f_kbaquestions;
31
+ private $mo2f_userID;
32
+ private $mo2f_rbastatus;
33
+ private $mo2f_transactionid;
34
+
35
  public function miniorange_pass2login_redirect() {
36
 
37
  global $Mo2fdbQueries;
 
38
  if ( ! get_option( 'mo2f_login_option' ) ) {
 
39
  if ( isset( $_POST['miniorange_login_nonce'] ) ) {
40
  $nonce = $_POST['miniorange_login_nonce'];
41
  $session_id = $this->create_session();
 
42
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
 
43
  $this->remove_current_activity($session_id);
44
  $error = new WP_Error();
45
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
 
46
  return $error;
47
  } else {
 
48
  $this->miniorange_pass2login_start_session();
 
49
  $mobile_login = new Miniorange_Mobile_Login();
50
  //validation and sanitization
51
  $username = '';
52
  if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
 
53
  MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
54
  $mobile_login->mo_auth_show_error_message();
55
  return;
56
  } else {
57
  $username = sanitize_text_field( $_POST['mo2fa_username'] );
58
  }
 
 
59
  if ( username_exists( $username ) ) { /*if username exists in wp site */
60
  $user = new WP_User( $username );
61
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
 
 
62
  MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
63
  MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
64
+ $this->mo2f_userId=$user->ID;
65
+ $this->fstfactor='VALIDATE_SUCCESS';
66
+ $current_roles = miniorange_get_user_role( $user );
67
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
68
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
69
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
70
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
 
 
71
  if ( $mo2f_configured_2FA_method ) {
72
  if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) {
73
  if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
74
  $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
 
75
  } else {
76
  $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
77
  if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
79
  } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
80
  $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
81
  } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
 
82
  $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
 
83
  } else if ( $mo2f_second_factor == 'KBA' ) {
 
84
  $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
85
  } else {
86
  $this->remove_current_activity($session_id);
89
  }
90
  }
91
  } else {
 
92
  MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
93
  $mobile_login->mo_auth_show_success_message();
94
  $mobile_login->mo2f_redirectto_wp_login();
95
  }
96
  } else {
 
97
  MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
98
  $mobile_login->mo_auth_show_success_message();
99
  $mobile_login->mo2f_redirectto_wp_login();
115
  $this->remove_current_activity($session_id_encrypt);
116
  $error = new WP_Error();
117
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
 
118
  return $error;
119
  } else {
120
  $this->miniorange_pass2login_start_session();
121
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
122
  try {
 
123
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
124
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
 
125
  $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
 
 
126
  mo2f_register_profile( $email, 'true', $mo2f_rba_status );
127
  } catch ( Exception $e ) {
128
  echo $e->getMessage();
129
  }
130
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
 
131
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
132
  }
133
  }
137
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
138
  $error = new WP_Error();
139
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
 
140
  return $error;
141
  } else {
142
  $this->miniorange_pass2login_start_session();
151
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-challenge-forgotphone-nonce' ) ) {
152
  $error = new WP_Error();
153
  $error->add( 'empty_username', '<strong>' . __( 'ERROR' ) . '</strong>:' . __( 'Invalid Request.' ) );
 
154
  return $error;
155
  } else {
156
  $this->miniorange_pass2login_start_session();
157
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
158
+ $forgot_phone_enable = get_option( 'mo2f_enable_forgotphone' );
159
+ $forgot_phone_kba_enable = get_option( 'mo2f_enable_forgotphone_kba' );
160
  $forgot_phone_email_enable = get_option( 'mo2f_enable_forgotphone_email' );
161
+ $second_factor = isset( $_POST['mo2f_configured_2FA_method'] ) ? $_POST['mo2f_configured_2FA_method'] : 'KBA';
162
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
163
+ $user = unserialize( $_SESSION['mo2f_current_user'] );
164
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
165
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
 
166
  $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
167
 
 
168
  if ( $forgot_phone_enable && $forgot_phone_email_enable && $second_factor == 'OTP OVER EMAIL' ) {
169
  $customer = new Customer_Setup();
170
  $content = json_decode( $customer->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
 
171
  $mo2fa_login_message = '';
172
  $mo2f_login_status = '';
173
 
174
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
175
  MO2f_Utility::set_user_values( $session_id_encrypt, "mo2f_transactionId", $content['txId'] );
176
+ $this->mo2f_transactionid=$content['txId'];
177
  $mo2fa_login_message = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hidden_email( $email ) . '</b>. Please enter the OTP to verify your identity.';
178
  $mo2f_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
179
  } else {
198
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
199
  $error = new WP_Error();
200
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
 
201
  return $error;
202
  } else {
203
  $this->miniorange_pass2login_start_session();
204
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
205
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
 
206
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
207
  $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
208
  }
213
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
214
  $error = new WP_Error();
215
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
 
216
  return $error;
217
  } else {
 
218
  $this->miniorange_pass2login_start_session();
219
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
220
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
 
221
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
 
222
  if ( isset( $user_id ) ) {
223
  if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
224
  $mo2fa_login_message = 'Please provide both the answers.';
227
  }
228
  $otpToken = array();
229
  $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
 
230
  $otpToken[0] = $kba_questions[0];
231
  $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
232
  $otpToken[2] = $kba_questions[1];
233
  $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
 
234
  $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? $_POST['mo2f_trust_device'] : 'false';
235
 
236
  //if the php session folder has insufficient permissions, cookies to be used
237
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
238
 
239
  $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
240
+ $kba_validate = new Customer_Setup();
 
241
  $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
242
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
 
243
  if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
244
  if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
245
  try {
259
  }
260
  } else {
261
  $this->remove_current_activity($session_id_encrypt);
 
262
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
263
  }
264
  }
269
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
270
  $error = new WP_Error();
271
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
 
272
  return $error;
273
  } else {
274
  $this->miniorange_pass2login_start_session();
275
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
276
  //if the php session folder has insufficient permissions, cookies to be used
277
  $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
 
278
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
279
  $checkMobileStatus = new Two_Factor_Setup();
280
  $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
289
  }
290
  } else {
291
  $this->remove_current_activity($session_id_encrypt);
 
292
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
293
  }
294
  } else {
295
  $this->remove_current_activity($session_id_encrypt);
 
296
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
297
  }
298
  }
303
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
304
  $error = new WP_Error();
305
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
 
306
  return $error;
307
  } else {
308
  $this->miniorange_pass2login_start_session();
316
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
317
  $error = new WP_Error();
318
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
 
319
  return $error;
320
  } else {
321
  $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
322
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
323
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
324
  $mo2fa_login_message = '';
 
325
  $this->miniorange_pass2login_start_session();
326
  $customer = new Customer_Setup();
327
  $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
337
  $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
338
 
339
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
 
 
340
  $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
 
341
  MO2f_Utility::unset_session_variables( $session_cookie_variables );
342
  MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
343
  MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
345
  //if the php session folder has insufficient permissions, cookies to be used
346
  MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
347
  MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
348
+ $this->mo2f_transactionid=$content['txId'];
349
  $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
350
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
351
  } else {
354
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
355
  }
356
  $pass2fa_login = new Miniorange_Password_2Factor_Login();
 
357
  $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
358
  }
359
  }
363
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
364
  $error = new WP_Error();
365
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
 
366
  return $error;
367
  } else {
368
  $this->miniorange_pass2login_start_session();
369
  $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
370
  $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
 
371
  MO2f_Utility::unset_session_variables( $session_cookie_variables );
372
  MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
373
  MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
 
374
  $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
375
  $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
376
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
384
  if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
385
  $error = new WP_Error();
386
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
 
387
  return $error;
388
  } else {
389
  $this->miniorange_pass2login_start_session();
406
  $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
407
 
408
  if ( isset( $user_id ) ) {
 
409
  $customer = new Customer_Setup();
410
  $content = '';
411
  //if the php session folder has insufficient permissions, cookies to be used
412
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
 
413
  if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
414
  $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
415
  } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
422
  $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
423
  } else {
424
  $this->remove_current_activity($session_id_encrypt);
 
425
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
426
  }
427
 
428
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
429
  if ( get_option( 'mo2f_remember_device' ) ) {
430
  $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
 
431
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
432
  } else {
433
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
440
 
441
  } else {
442
  $this->remove_current_activity($session_id_encrypt);
 
443
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
444
  }
445
  }
528
 
529
  MO2f_Utility::unset_session_variables( $session_variables );
530
  MO2f_Utility::unset_cookie_variables( $cookie_variables );
 
531
  $key = get_option( 'mo2f_encryption_key' );
532
  $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
533
  $Mo2fdbQueries->save_user_login_details( $session_id, array(
547
 
548
  public function miniorange_pass2login_start_session() {
549
  if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
550
+ $session_path = ini_get('session.save_path');
551
+ if( is_writable($session_path) && is_readable($session_path) ) {
552
+ session_start();
553
+ }
554
  }
555
  }
556
 
567
  $response = json_decode( $content, true );
568
  if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
569
  if ( $response['status'] == 'SUCCESS' ) {
 
570
  MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
571
+ $this->mo2f_transactionid = $response['txId'];
572
  $questions = array();
573
  $questions[0] = $response['questions'][0]['question'];
574
  $questions[1] = $response['questions'][1]['question'];
 
575
  MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
576
+ $this->mo2f_kbaquestions=$questions;
577
  $mo2fa_login_message = 'Please answer the following questions:';
578
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
579
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
580
  } else if ( $response['status'] == 'ERROR' ) {
581
  $this->remove_current_activity($session_id);
582
  $error = new WP_Error();
597
 
598
  $login_status = $mo2fa_login_status;
599
  $login_message = $mo2fa_login_message;
 
 
 
 
600
  if ( $this->miniorange_pass2login_check_mobile_status( $login_status ) ) { //for mobile
601
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
602
+ mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
603
  exit;
604
  } else if ( $this->miniorange_pass2login_check_otp_status( $login_status ) ) { //for soft-token,otp over email,sms,phone verification,google auth
605
  mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt );
608
  mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
609
  exit;
610
  } else if ( $this->miniorange_pass2login_check_push_oobemail_status( $login_status ) ) { //for push and out of band email.
611
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
612
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
613
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
614
  exit;
615
  } else if ( $this->miniorange_pass2login_reconfig_google( $login_status ) ) { //MO_2_FACTOR_RECONFIG_GOOGLE
616
  // shortcode
617
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
618
  $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
619
  exit;
620
  } else if ( $this->miniorange_pass2login_reconfig_kba( $login_status ) ) { //MO_2_FACTOR_RECONFIG_KBA
621
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
622
  $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
623
  exit;
624
  } else if ( $this->miniorange_pass2login_check_kba_status( $login_status ) ) { // for Kba
625
+ $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
626
+ mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
627
  exit;
628
  } else if ( $this->miniorange_pass2login_check_trusted_device_status( $login_status ) ) { // trusted device
629
  mo2f_get_device_form( $redirect_to, $session_id_encrypt );
708
  function mo_2_factor_pass2login_show_wp_login_form() {
709
 
710
  $session_id_encrypt = isset( $_POST['miniorange_user_session'] ) ? $_POST['miniorange_user_session'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
 
711
  if(is_null($session_id_encrypt)) {
712
  $session_id_encrypt=$this->create_session();
713
  }
753
 
754
  }
755
 
756
+ function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
 
757
  global $Mo2fdbQueries;
758
  if (is_null($session_id_encrypt)){
759
  $session_id_encrypt=$this->create_session();
760
+ }
761
  $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
 
762
  $useragent = $_SERVER['HTTP_USER_AGENT'];
763
  if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
764
  $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
776
  $response = json_decode( $content, true );
777
  if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
778
  if ( $response['status'] == 'SUCCESS' ) {
 
779
  $qrCode = $response['qrCode'];
780
  MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
781
+ $this->mo2f_transactionid=$response['txId'];
782
  $mo2fa_login_message = '';
783
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
784
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
806
  $session_id=$this->create_session();
807
  }
808
  $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
 
809
  $challengeMobile = new Customer_Setup();
810
+ $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
811
  $response = json_decode( $content, true );
812
  if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
813
  if ( $response['status'] == 'SUCCESS' ) {
814
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
815
+ $this->mo2f_transactionid=$response['txId'];
816
 
817
  $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
818
  $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
819
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
820
  } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
821
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
822
+ $this->mo2f_transactionid=$response['txId'];
823
  $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
824
  $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
825
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
838
  if(is_null($session_id)){
839
  $session_id=$this->create_session();
840
  }
 
841
  $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
842
  $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
 
843
  if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
844
  $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
845
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
846
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
847
  } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
848
+ $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Google Authenticator</b> app.';
849
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
850
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
851
  } else {
856
  if ( $response['status'] == 'SUCCESS' ) {
857
  $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
858
  update_option( 'mo2f_number_of_transactions', get_option( 'mo2f_number_of_transactions' ) - 1 );
 
859
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
860
+ $this->mo2f_transactionid=$response['txId'];
861
  $mo2fa_login_message = $message;
862
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
863
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
864
  } else {
865
  $message = $response['message'] . ' You can click on <b>Forgot your phone</b> link to login via alternate method.';
 
866
  MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
867
+ $this->mo2f_transactionid=$response['txId'];
868
  $mo2fa_login_message = $message;
869
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
870
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
873
  $this->remove_current_activity($session_id);
874
  $error = new WP_Error();
875
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
 
876
  return $error;
877
  }
878
  }
879
  }
880
 
881
  function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
882
+ if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
883
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
884
+ $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
885
+ } else {
886
+ $user_id=$this->mo2f_userID;
887
+ $mo2f_1stfactor_status=$this->fstfactor;
888
+ }
889
  if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
 
890
  $currentuser = get_user_by( 'id', $user_id );
 
891
  wp_set_current_user( $user_id, $currentuser->user_login );
892
+ (new Miniorange_Mobile_Login)->remove_current_activity($session_id_encrypted);
893
  wp_set_auth_cookie( $user_id, true );
894
  do_action( 'wp_login', $currentuser->user_login, $currentuser );
895
  redirect_user_to( $currentuser, $redirect_to );
903
  global $Mo2fdbQueries;
904
  $session_id = MO2f_Utility::random_str(20);
905
  $Mo2fdbQueries->insert_user_login_session($session_id);
906
+ $key = get_option( 'mo2f_encryption_key' );
 
 
907
  $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
908
  return $session_id_encrypt;
909
  }
918
  MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
919
  MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
920
 
921
+ $this->mo2f_userID=$currentuser->ID;
922
+ $this->fstfactor='VALIDATE_SUCCESS';
923
+
924
  $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $currentuser->ID ? true : false;
925
 
926
  //if ( $enabled_2fa_byusers ) {
933
  try {
934
  $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
935
  MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
936
+ $this->mo2f_rbastatus=$mo2f_rba_status;
937
  } catch ( Exception $e ) {
938
  echo $e->getMessage();
939
  }
940
 
941
+
942
  if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
943
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
944
  } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
951
  } else {
952
  $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
953
 
954
+ if(get_option('mo2f_enable_2fa_prompt_on_login_page')&& !get_option('mo2f_remember_device')&&in_array(get_option('mo2f_configured_2_factor_method'), array("Google Authenticator", "miniOrange Soft Token", "Authy Authenticator"))){
 
955
  $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
956
 
957
  if(is_wp_error( $error)){
1002
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1003
  if ( get_option( 'mo2f_remember_device' ) ) {
1004
  $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1005
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
1006
  } else {
1007
  $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1008
  }
1023
 
1024
  $session_id=$this->create_session();
1025
  MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
1026
+ $this->mo2f_userID=$currentuser->ID;
1027
 
1028
  mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
1029
  exit;
class-utility.php CHANGED
@@ -26,7 +26,6 @@ class MO2f_Utility {
26
 
27
  public static function get_hidden_phone( $phone ) {
28
  $hidden_phone = 'xxxxxxx' . substr( $phone, strlen( $phone ) - 3 );
29
-
30
  return $hidden_phone;
31
  }
32
 
@@ -34,7 +33,6 @@ class MO2f_Utility {
34
  if ( ! isset( $value ) || $value == '' ) {
35
  return true;
36
  }
37
-
38
  return false;
39
  }
40
 
@@ -51,20 +49,16 @@ class MO2f_Utility {
51
  $plugins = array();
52
  $form = "";
53
  $plugins["None"] = "None";
54
-
55
  foreach ($all_plugins as $plugin_name=>$plugin_details){
56
  $plugins[$plugin_name] = $plugin_details["Name"];
57
  }
58
-
59
  unset($plugins['miniorange-2-factor-authentication/miniorange_2_factor_settings.php']);
60
-
61
  $form .= '<div style="padding:5px;margin-left:4%;font-size:13px;background-color: #a3e8c2">Please select the plugin<br>
62
  <select name="plugin_selected">';
63
  foreach($plugins as $identifier=>$name) {
64
  $form .= '<option value="' . $identifier . '">' . $name . '</option>' ;
65
  }
66
  $form .= '</select></div>';
67
-
68
  return $form;
69
  }
70
 
@@ -92,7 +86,6 @@ class MO2f_Utility {
92
  $partialemail = $partialemail . 'x';
93
  }
94
  $hiddenemail = $partialemail . $endemail;
95
-
96
  return $hiddenemail;
97
  }
98
 
@@ -120,37 +113,62 @@ class MO2f_Utility {
120
 
121
  public static function set_user_values( $user_session_id, $variable, $value){
122
  global $Mo2fdbQueries;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
123
 
124
- // setting session values
125
- $_SESSION[$variable] = $value;
126
-
127
- $key = get_option( 'mo2f_encryption_key' );
128
- // setting cookie values
129
- if(is_array($value)){
130
- if($variable == 'mo_2_factor_kba_questions'){
131
- MO2f_Utility::mo2f_set_cookie_values( 'kba_question1', $value[0] );
132
- MO2f_Utility::mo2f_set_cookie_values( 'kba_question2', $value[1] );
133
- }else if($variable == 'mo2f_rba_status'){
134
- MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_status', $value["status"] );
135
- MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_sessionUuid', $value["sessionUuid"] );
136
- MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_decision_flag', $value["decision_flag"] );
137
  }
138
- }else{
139
- MO2f_Utility::mo2f_set_cookie_values( $variable, $value);
140
- }
141
 
 
142
 
143
- // setting values in database
144
 
145
- $user_session_id = MO2f_Utility::decrypt_data( $user_session_id, $key );
146
- if ( is_array( $value ) ) {
147
- $string_value = serialize( $value );
148
- $Mo2fdbQueries->save_user_login_details( $user_session_id, array( $variable => $string_value ) );
149
- } else {
150
- $Mo2fdbQueries->save_user_login_details( $user_session_id, array( $variable => $value ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
151
  }
152
-
153
-
154
  }
155
 
156
  /*
@@ -199,11 +217,53 @@ class MO2f_Utility {
199
  */
200
  public static function mo2f_retrieve_user_temp_values( $variable, $session_id = null ) {
201
  global $Mo2fdbQueries;
202
-
203
- if ( isset( $_SESSION[ $variable ] ) && ! empty( $_SESSION[ $variable ] ) ) {
204
- return $_SESSION[ $variable ];
205
- } else {
206
- // $key = get_option( 'mo2f_customer_token' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
207
  $key = get_option( 'mo2f_encryption_key' );
208
  $cookie_value = false;
209
 
@@ -236,20 +296,16 @@ class MO2f_Utility {
236
 
237
  if($cookie_value){
238
  return $cookie_value;
239
- } else {
240
-
241
- $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
242
-
243
- $db_value = $Mo2fdbQueries->get_user_login_details( $variable, $session_id );
244
-
245
- if ( in_array( $variable, array( "mo2f_rba_status", "mo_2_factor_kba_questions" ) ) ) {
246
- $db_value = unserialize( $db_value );
247
  }
248
- return $db_value;
 
 
 
 
 
249
  }
250
-
251
  }
252
-
253
  }
254
 
255
  /**
@@ -377,19 +433,14 @@ class MO2f_Utility {
377
  * @return NA
378
  */
379
  public static function unset_temp_user_details_in_table( $variables, $session_id, $command='' ) {
380
-
381
  global $Mo2fdbQueries;
382
-
383
-
384
  $key = get_option( 'mo2f_encryption_key' );
385
  $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
386
-
387
  if($command == "destroy"){
388
- $Mo2fdbQueries->delete_user_login_sessions( );
389
  }else{
390
- $Mo2fdbQueries->save_user_login_details($session_id, array($variables => ''));
391
  }
392
-
393
  }
394
 
395
 
26
 
27
  public static function get_hidden_phone( $phone ) {
28
  $hidden_phone = 'xxxxxxx' . substr( $phone, strlen( $phone ) - 3 );
 
29
  return $hidden_phone;
30
  }
31
 
33
  if ( ! isset( $value ) || $value == '' ) {
34
  return true;
35
  }
 
36
  return false;
37
  }
38
 
49
  $plugins = array();
50
  $form = "";
51
  $plugins["None"] = "None";
 
52
  foreach ($all_plugins as $plugin_name=>$plugin_details){
53
  $plugins[$plugin_name] = $plugin_details["Name"];
54
  }
 
55
  unset($plugins['miniorange-2-factor-authentication/miniorange_2_factor_settings.php']);
 
56
  $form .= '<div style="padding:5px;margin-left:4%;font-size:13px;background-color: #a3e8c2">Please select the plugin<br>
57
  <select name="plugin_selected">';
58
  foreach($plugins as $identifier=>$name) {
59
  $form .= '<option value="' . $identifier . '">' . $name . '</option>' ;
60
  }
61
  $form .= '</select></div>';
 
62
  return $form;
63
  }
64
 
86
  $partialemail = $partialemail . 'x';
87
  }
88
  $hiddenemail = $partialemail . $endemail;
 
89
  return $hiddenemail;
90
  }
91
 
113
 
114
  public static function set_user_values( $user_session_id, $variable, $value){
115
  global $Mo2fdbQueries;
116
+ $key = get_option( 'mo2f_encryption_key' );
117
+ $data_option=get_option('mo2f_data_storage');
118
+ if(empty($data_option)){
119
+
120
+ //setting session
121
+ $_SESSION[$variable] = $value;
122
+
123
+ // setting cookie values
124
+ if(is_array($value)){
125
+ if($variable == 'mo_2_factor_kba_questions'){
126
+ MO2f_Utility::mo2f_set_cookie_values( 'kba_question1', $value[0] );
127
+ MO2f_Utility::mo2f_set_cookie_values( 'kba_question2', $value[1] );
128
+ }else if($variable == 'mo2f_rba_status'){
129
+ MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_status', $value["status"] );
130
+ MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_sessionUuid', $value["sessionUuid"] );
131
+ MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_decision_flag', $value["decision_flag"] );
132
+ }
133
+ }else{
134
+ MO2f_Utility::mo2f_set_cookie_values( $variable, $value);
135
+ }
136
 
137
+ // setting values in database
138
+ $user_session_id = MO2f_Utility::decrypt_data( $user_session_id, $key );
139
+ if ( is_array( $value ) ) {
140
+ $string_value = serialize( $value );
141
+ $Mo2fdbQueries->save_user_login_details( $user_session_id, array( $variable => $string_value ) );
142
+ } else {
143
+ $Mo2fdbQueries->save_user_login_details( $user_session_id, array( $variable => $value ) );
 
 
 
 
 
 
144
  }
145
+ } else if (!empty($data_option) && $data_option=="sessions"){
 
 
146
 
147
+ $_SESSION[$variable] = $value;
148
 
149
+ }else if (!empty($data_option) && $data_option=="cookies"){
150
 
151
+ if(is_array($value)){
152
+ if($variable == 'mo_2_factor_kba_questions'){
153
+ MO2f_Utility::mo2f_set_cookie_values( 'kba_question1', $value[0] );
154
+ MO2f_Utility::mo2f_set_cookie_values( 'kba_question2', $value[1] );
155
+ }else if($variable == 'mo2f_rba_status'){
156
+ MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_status', $value["status"] );
157
+ MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_sessionUuid', $value["sessionUuid"] );
158
+ MO2f_Utility::mo2f_set_cookie_values( 'mo2f_rba_status_decision_flag', $value["decision_flag"] );
159
+ }
160
+ }else{
161
+ MO2f_Utility::mo2f_set_cookie_values( $variable, $value);
162
+ }
163
+ } else if (!empty($data_option) && $data_option=="tables"){
164
+ $user_session_id = MO2f_Utility::decrypt_data( $user_session_id, $key );
165
+ if ( is_array( $value ) ) {
166
+ $string_value = serialize( $value );
167
+ $Mo2fdbQueries->save_user_login_details( $user_session_id, array( $variable => $string_value ) );
168
+ } else {
169
+ $Mo2fdbQueries->save_user_login_details( $user_session_id, array( $variable => $value ) );
170
+ }
171
  }
 
 
172
  }
173
 
174
  /*
217
  */
218
  public static function mo2f_retrieve_user_temp_values( $variable, $session_id = null ) {
219
  global $Mo2fdbQueries;
220
+ $data_option=get_option('mo2f_data_storage');
221
+ if(empty($data_option)){
222
+ if ( isset( $_SESSION[ $variable ] ) && ! empty( $_SESSION[ $variable ] ) ) {
223
+ update_option('mo2f_data_storage',"sessions");
224
+ return $_SESSION[ $variable ];
225
+ } else {
226
+ // $key = get_option( 'mo2f_customer_token' );
227
+ $key = get_option( 'mo2f_encryption_key' );
228
+ $cookie_value = false;
229
+ if ( $variable == 'mo2f_rba_status' ) {
230
+ if ( isset( $_COOKIE['mo2f_rba_status_status'] ) && ! empty( $_COOKIE['mo2f_rba_status_status'] ) ) {
231
+ $mo2f_rba_status_status = MO2f_Utility::mo2f_get_cookie_values( 'mo2f_rba_status_status' );
232
+ $mo2f_rba_status_sessionUuid = MO2f_Utility::mo2f_get_cookie_values( 'mo2f_rba_status_sessionUuid' );
233
+ $mo2f_rba_status_decision_flag = MO2f_Utility::mo2f_get_cookie_values( 'mo2f_rba_status_decision_flag' );
234
+ $cookie_value = array(
235
+ "status" => $mo2f_rba_status_status,
236
+ "sessionUuid" => $mo2f_rba_status_sessionUuid,
237
+ "decision_flag" => $mo2f_rba_status_decision_flag
238
+ );
239
+ }
240
+ } else if ( $variable == 'mo_2_factor_kba_questions' ) {
241
+ if ( isset( $_COOKIE['kba_question1'] ) && ! empty( $_COOKIE['kba_question1'] ) ) {
242
+ $kba_question1 = MO2f_Utility::mo2f_get_cookie_values( 'kba_question1' );
243
+ $kba_question2 = MO2f_Utility::mo2f_get_cookie_values( 'kba_question2' );
244
+ $cookie_value = array( $kba_question1, $kba_question2 );
245
+ }
246
+ } else {
247
+ $cookie_value = MO2f_Utility::mo2f_get_cookie_values( $variable );
248
+ }
249
+ if($cookie_value){
250
+ update_option('mo2f_data_storage', "cookies");
251
+ return $cookie_value;
252
+ } else {
253
+ $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
254
+ $db_value = $Mo2fdbQueries->get_user_login_details( $variable, $session_id );
255
+ if ( in_array( $variable, array( "mo2f_rba_status", "mo_2_factor_kba_questions" ) ) ) {
256
+ $db_value = unserialize( $db_value );
257
+ }
258
+ update_option('mo2f_data_storage',"tables");
259
+ return $db_value;
260
+ }
261
+ }
262
+ }else if (!empty($data_option) && $data_option=="sessions"){
263
+ if ( isset( $_SESSION[ $variable ] ) && ! empty( $_SESSION[ $variable ] ) ) {
264
+ return $_SESSION[ $variable ];
265
+ }
266
+ }else if (!empty($data_option) && $data_option=="cookies"){
267
  $key = get_option( 'mo2f_encryption_key' );
268
  $cookie_value = false;
269
 
296
 
297
  if($cookie_value){
298
  return $cookie_value;
 
 
 
 
 
 
 
 
299
  }
300
+ }else if (!empty($data_option) && $data_option=="tables"){
301
+ $key = get_option( 'mo2f_encryption_key' );
302
+ $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
303
+ $db_value = $Mo2fdbQueries->get_user_login_details( $variable, $session_id );
304
+ if ( in_array( $variable, array( "mo2f_rba_status", "mo_2_factor_kba_questions" ) ) ) {
305
+ $db_value = unserialize( $db_value );
306
  }
307
+ return $db_value;
308
  }
 
309
  }
310
 
311
  /**
433
  * @return NA
434
  */
435
  public static function unset_temp_user_details_in_table( $variables, $session_id, $command='' ) {
 
436
  global $Mo2fdbQueries;
 
 
437
  $key = get_option( 'mo2f_encryption_key' );
438
  $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
 
439
  if($command == "destroy"){
440
+ $Mo2fdbQueries->delete_user_login_sessions( $session_id );
441
  }else{
442
+ $Mo2fdbQueries->save_user_login_details( $session_id, array($variables => ''));
443
  }
 
444
  }
445
 
446
 
database/database_functions.php CHANGED
@@ -249,7 +249,7 @@ class Mo2fDB {
249
  return $value == '' ? '' : $value[ $column_name ];
250
  }
251
 
252
- function delete_user_login_sessions($session_id ) {
253
  global $wpdb;
254
  $wpdb->query(
255
  "DELETE FROM " . $this->userLoginInfoTable . "
249
  return $value == '' ? '' : $value[ $column_name ];
250
  }
251
 
252
+ function delete_user_login_sessions($session_id ) {
253
  global $wpdb;
254
  $wpdb->query(
255
  "DELETE FROM " . $this->userLoginInfoTable . "
miniorange_2_factor_common_login.php CHANGED
@@ -248,7 +248,7 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
248
  </html>
249
  <?php }
250
 
251
- function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt ) {
252
  $mo2f_login_option = get_option( 'mo2f_login_option' );
253
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
254
  ?>
@@ -282,16 +282,16 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
282
  <form name="f" id="mo2f_submitkba_loginform" method="post">
283
  <div id="mo2f_kba_content">
284
  <p style="font-size:15px;">
285
- <?php $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
286
  echo $kba_questions[0]; ?><br>
287
  <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
288
  required="true" autofocus="true"
289
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}"
290
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
291
  autocomplete="off"><br>
292
  <?php echo $kba_questions[1]; ?><br>
293
  <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
294
- required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}"
295
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
296
  autocomplete="off">
297
 
@@ -346,7 +346,7 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
346
  <?php
347
  }
348
 
349
- function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
350
  global $Mo2fdbQueries;
351
  $mo2f_enable_forgotphone = get_option( 'mo2f_enable_forgotphone' );
352
  $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
@@ -462,7 +462,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
462
  pollPushValidation();
463
 
464
  function pollPushValidation() {
465
- var transId = "<?php echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
466
  var jsonString = "{\"txId\":\"" + transId + "\"}";
467
  var postUrl = "<?php echo get_option( 'mo2f_host_name' ); ?>" + "/moas/api/auth/auth-status";
468
 
@@ -507,7 +507,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
507
  <?php
508
  }
509
 
510
- function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt ) {
511
  $mo2f_enable_forgotphone = get_option( 'mo2f_enable_forgotphone' );
512
  $mo2f_is_new_customer = get_option( 'mo2f_is_NC' );
513
  ?>
@@ -601,7 +601,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
601
  pollMobileValidation();
602
 
603
  function pollMobileValidation() {
604
- var transId = "<?php echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
605
  var jsonString = "{\"txId\":\"" + transId + "\"}";
606
  var postUrl = "<?php echo get_option( 'mo2f_host_name' ); ?>" + "/moas/api/auth/auth-status";
607
  jQuery.ajax({
@@ -852,10 +852,10 @@ function mo2f_customize_logo() { ?>
852
  function echo_js_css_files() {
853
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
854
  echo '<script src="' . plugins_url( 'includes/js/bootstrap.min.js', __FILE__ ) . '" ></script>';
855
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/bootstrap.min.css?version=5.1.15', __FILE__ ) . '" />';
856
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/front_end_login.css?version=5.1.15', __FILE__ ) . '" />';
857
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/style_settings.css?version=5.1.15', __FILE__ ) . '" />';
858
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/hide-login.css?version=5.1.15', __FILE__ ) . '" />';
859
 
860
  if ( get_option( 'mo2f_personalization_ui' ) ) {
861
  echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/mo2f_login_popup_ui.css', __FILE__ ) . '" />';
248
  </html>
249
  <?php }
250
 
251
+ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
252
  $mo2f_login_option = get_option( 'mo2f_login_option' );
253
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
254
  ?>
282
  <form name="f" id="mo2f_submitkba_loginform" method="post">
283
  <div id="mo2f_kba_content">
284
  <p style="font-size:15px;">
285
+ <?php $kba_questions = $cookievalue;//MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
286
  echo $kba_questions[0]; ?><br>
287
  <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
288
  required="true" autofocus="true"
289
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
290
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
291
  autocomplete="off"><br>
292
  <?php echo $kba_questions[1]; ?><br>
293
  <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
294
+ required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
295
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
296
  autocomplete="off">
297
 
346
  <?php
347
  }
348
 
349
+ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
350
  global $Mo2fdbQueries;
351
  $mo2f_enable_forgotphone = get_option( 'mo2f_enable_forgotphone' );
352
  $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
462
  pollPushValidation();
463
 
464
  function pollPushValidation() {
465
+ var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
466
  var jsonString = "{\"txId\":\"" + transId + "\"}";
467
  var postUrl = "<?php echo get_option( 'mo2f_host_name' ); ?>" + "/moas/api/auth/auth-status";
468
 
507
  <?php
508
  }
509
 
510
+ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
511
  $mo2f_enable_forgotphone = get_option( 'mo2f_enable_forgotphone' );
512
  $mo2f_is_new_customer = get_option( 'mo2f_is_NC' );
513
  ?>
601
  pollMobileValidation();
602
 
603
  function pollMobileValidation() {
604
+ var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
605
  var jsonString = "{\"txId\":\"" + transId + "\"}";
606
  var postUrl = "<?php echo get_option( 'mo2f_host_name' ); ?>" + "/moas/api/auth/auth-status";
607
  jQuery.ajax({
852
  function echo_js_css_files() {
853
  echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
854
  echo '<script src="' . plugins_url( 'includes/js/bootstrap.min.js', __FILE__ ) . '" ></script>';
855
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/bootstrap.min.css?version=5.1.16', __FILE__ ) . '" />';
856
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/front_end_login.css?version=5.1.16', __FILE__ ) . '" />';
857
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/style_settings.css?version=5.1.16', __FILE__ ) . '" />';
858
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/hide-login.css?version=5.1.16', __FILE__ ) . '" />';
859
 
860
  if ( get_option( 'mo2f_personalization_ui' ) ) {
861
  echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/mo2f_login_popup_ui.css', __FILE__ ) . '" />';
miniorange_2_factor_configuration.php CHANGED
@@ -200,13 +200,13 @@ function mo2f_show_registration_page( $user ) {
200
  </tr>
201
  <tr>
202
  <td ><b><span class="impt">*</span><?php echo mo2f_lt( 'Password :' ); ?></b></td>
203
- <td rowspan="2"><input class="mo2f_table_textbox" type="password" required name="password" pattern="^[(\w)*(!@#$.%^&*-_)*]+$" title="Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*) should be present."/><label style="font-size:11px;color:red;">(Minimum 6 and Maximum 15 characters should be present. Only following symbols ()!@#.$%^&* are allowed.)</label><br></td>
204
 
205
  </tr>
206
  <tr ><td></td><td></td></tr>
207
  <tr>
208
  <td><b><span class="impt">*</span><?php echo mo2f_lt( 'Confirm Password :' ); ?></b></td>
209
- <td><input class="mo2f_table_textbox" type="password" required name="confirmPassword" pattern="^[(\w)*(!@#$.%^&*-_)*]+$" title="Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*) should be present." /></td>
210
  </tr>
211
  <tr>
212
  <td>&nbsp;</td>
200
  </tr>
201
  <tr>
202
  <td ><b><span class="impt">*</span><?php echo mo2f_lt( 'Password :' ); ?></b></td>
203
+ <td rowspan="2"><input class="mo2f_table_textbox" type="password" required name="password" pattern="^[(\w)*(!@#$.%^&*\-_)*]+$" title="Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*) should be present."/><label style="font-size:11px;color:red;">(Minimum 6 and Maximum 15 characters should be present. Only following symbols ()!@#.$%^&* are allowed.)</label><br></td>
204
 
205
  </tr>
206
  <tr ><td></td><td></td></tr>
207
  <tr>
208
  <td><b><span class="impt">*</span><?php echo mo2f_lt( 'Confirm Password :' ); ?></b></td>
209
+ <td><input class="mo2f_table_textbox" type="password" required name="confirmPassword" pattern="^[(\w)*(!@#$.%^&*\-_)*]+$" title="Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*) should be present." /></td>
210
  </tr>
211
  <tr>
212
  <td>&nbsp;</td>
miniorange_2_factor_settings.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
- * Version: 5.1.15
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
@@ -394,21 +394,21 @@ class Miniorange_Authentication {
394
  }
395
 
396
  function mo_2_factor_enable_frontend_style() {
397
- wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url( 'includes/css/front_end_login.css?version=5.1.15', __FILE__ ) );
398
- wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version=5.1.15', __FILE__ ) );
399
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version=5.1.15', __FILE__ ) );
400
  wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
401
- wp_enqueue_style( 'mo2f_login_popup_style', plugins_url( 'includes/css/mo2f_login_popup_ui.css?version=5.1.15', __FILE__ ) );
402
  }
403
 
404
  function plugin_settings_style( $mo2fa_hook_page ) {
405
  if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
406
  return;
407
  }
408
- wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url( 'includes/css/style_settings.css?version=5.1.15', __FILE__ ) );
409
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version=5.1.15', __FILE__ ) );
410
- wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version=5.1.15', __FILE__ ) );
411
- wp_enqueue_style( 'bootstrap_style_ass', plugins_url( 'includes/css/bootstrap-tour-standalone.css?version=5.1.15', __FILE__ ) );
412
  wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
413
  }
414
 
@@ -952,11 +952,9 @@ class Miniorange_Authentication {
952
 
953
  if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_auth_login_settings_save' ) {
954
  $nonce = $_POST['mo_auth_login_settings_save_nonce'];
955
-
956
  if ( ! wp_verify_nonce( $nonce, 'mo-auth-login-settings-save-nonce' ) ) {
957
  $error = new WP_Error();
958
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
959
-
960
  return $error;
961
  } else {
962
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
@@ -965,14 +963,11 @@ class Miniorange_Authentication {
965
  update_option( 'mo2f_login_option', isset( $_POST['mo2f_login_option'] ) ? $_POST['mo2f_login_option'] : 0 );
966
  update_option( 'mo2f_remember_device', isset( $_POST['mo2f_remember_device'] ) ? $_POST['mo2f_remember_device'] : 0 );
967
  if ( get_option( 'mo2f_login_option' ) == 0 ) {
968
-
969
  update_option( 'mo2f_remember_device', 0 );
970
  }
971
  update_option( 'mo2f_enable_forgotphone', isset( $_POST['mo2f_forgotphone'] ) ? $_POST['mo2f_forgotphone'] : 0 );
972
  update_option( 'mo2f_enable_login_with_2nd_factor', isset( $_POST['mo2f_login_with_username_and_2factor'] ) ? $_POST['mo2f_login_with_username_and_2factor'] : 0 );
973
  update_option( 'mo2f_enable_xmlrpc', isset( $_POST['mo2f_enable_xmlrpc'] ) ? $_POST['mo2f_enable_xmlrpc'] : 0 );
974
-
975
-
976
  if ( get_option( 'mo2f_remember_device' ) && ! get_option( 'mo2f_app_secret' ) ) {
977
  $get_app_secret = new Miniorange_Rba_Attributes();
978
  $rba_response = json_decode( $get_app_secret->mo2f_get_app_secret(), true ); //fetch app secret
@@ -990,10 +985,8 @@ class Miniorange_Authentication {
990
  $this->mo_auth_show_error_message();
991
  }
992
  }
993
-
994
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "SETTINGS_SAVED" ) );
995
  $this->mo_auth_show_success_message();
996
-
997
  } else {
998
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQUEST" ) );
999
  $this->mo_auth_show_error_message();
@@ -1001,21 +994,17 @@ class Miniorange_Authentication {
1001
  }
1002
  }
1003
 
1004
-
1005
  if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
1006
-
1007
  $customer = new Customer_Setup();
1008
  $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1009
  if ( ! array_key_exists( 'smsRemaining', $content ) ) {
1010
  $smsRemaining = 0;
1011
  } else {
1012
  $smsRemaining = $content['smsRemaining'];
1013
-
1014
  if ( $smsRemaining == null ) {
1015
  $smsRemaining = 0;
1016
  }
1017
  }
1018
-
1019
  update_option( 'mo2f_number_of_transactions', $smsRemaining );
1020
  }
1021
 
@@ -2727,6 +2716,7 @@ class Miniorange_Authentication {
2727
  }
2728
 
2729
  update_option( 'mo2f_host_name', 'https://auth.miniorange.com' );
 
2730
  global $Mo2fdbQueries;
2731
  $Mo2fdbQueries->mo_plugin_activate();
2732
  }
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
+ * Version: 5.1.16
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
394
  }
395
 
396
  function mo_2_factor_enable_frontend_style() {
397
+ wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url( 'includes/css/front_end_login.css?version=5.1.16', __FILE__ ) );
398
+ wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version=5.1.16', __FILE__ ) );
399
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version=5.1.16', __FILE__ ) );
400
  wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
401
+ wp_enqueue_style( 'mo2f_login_popup_style', plugins_url( 'includes/css/mo2f_login_popup_ui.css?version=5.1.16', __FILE__ ) );
402
  }
403
 
404
  function plugin_settings_style( $mo2fa_hook_page ) {
405
  if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
406
  return;
407
  }
408
+ wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url( 'includes/css/style_settings.css?version=5.1.16', __FILE__ ) );
409
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version=5.1.16', __FILE__ ) );
410
+ wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version=5.1.16', __FILE__ ) );
411
+ wp_enqueue_style( 'bootstrap_style_ass', plugins_url( 'includes/css/bootstrap-tour-standalone.css?version=5.1.16', __FILE__ ) );
412
  wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
413
  }
414
 
952
 
953
  if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_auth_login_settings_save' ) {
954
  $nonce = $_POST['mo_auth_login_settings_save_nonce'];
 
955
  if ( ! wp_verify_nonce( $nonce, 'mo-auth-login-settings-save-nonce' ) ) {
956
  $error = new WP_Error();
957
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
 
958
  return $error;
959
  } else {
960
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
963
  update_option( 'mo2f_login_option', isset( $_POST['mo2f_login_option'] ) ? $_POST['mo2f_login_option'] : 0 );
964
  update_option( 'mo2f_remember_device', isset( $_POST['mo2f_remember_device'] ) ? $_POST['mo2f_remember_device'] : 0 );
965
  if ( get_option( 'mo2f_login_option' ) == 0 ) {
 
966
  update_option( 'mo2f_remember_device', 0 );
967
  }
968
  update_option( 'mo2f_enable_forgotphone', isset( $_POST['mo2f_forgotphone'] ) ? $_POST['mo2f_forgotphone'] : 0 );
969
  update_option( 'mo2f_enable_login_with_2nd_factor', isset( $_POST['mo2f_login_with_username_and_2factor'] ) ? $_POST['mo2f_login_with_username_and_2factor'] : 0 );
970
  update_option( 'mo2f_enable_xmlrpc', isset( $_POST['mo2f_enable_xmlrpc'] ) ? $_POST['mo2f_enable_xmlrpc'] : 0 );
 
 
971
  if ( get_option( 'mo2f_remember_device' ) && ! get_option( 'mo2f_app_secret' ) ) {
972
  $get_app_secret = new Miniorange_Rba_Attributes();
973
  $rba_response = json_decode( $get_app_secret->mo2f_get_app_secret(), true ); //fetch app secret
985
  $this->mo_auth_show_error_message();
986
  }
987
  }
 
988
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "SETTINGS_SAVED" ) );
989
  $this->mo_auth_show_success_message();
 
990
  } else {
991
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQUEST" ) );
992
  $this->mo_auth_show_error_message();
994
  }
995
  }
996
 
 
997
  if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
 
998
  $customer = new Customer_Setup();
999
  $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1000
  if ( ! array_key_exists( 'smsRemaining', $content ) ) {
1001
  $smsRemaining = 0;
1002
  } else {
1003
  $smsRemaining = $content['smsRemaining'];
 
1004
  if ( $smsRemaining == null ) {
1005
  $smsRemaining = 0;
1006
  }
1007
  }
 
1008
  update_option( 'mo2f_number_of_transactions', $smsRemaining );
1009
  }
1010
 
2716
  }
2717
 
2718
  update_option( 'mo2f_host_name', 'https://auth.miniorange.com' );
2719
+ update_option('mo2f_data_storage',null);
2720
  global $Mo2fdbQueries;
2721
  $Mo2fdbQueries->mo_plugin_activate();
2722
  }
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: cyberlord92, twofactor
3
  Tags: google authenticator, two factor authentication, two factor, 2FA, TFA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4
  Donate link: https://miniorange.com/
5
  Requires at least: 3.0.1
6
- Tested up to: 5.0.2
7
  Requires PHP: 5.3.0
8
- Stable tag: 5.1.15
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -221,8 +221,8 @@ miniOrange authentication service has 15+ authentication methods.One time passco
221
 
222
  == Changelog ==
223
 
224
- = 5.1.15 =
225
- * Google Authenticator-Two Factor Authentication (2FA) : UI Fixes.
226
 
227
  = 5.1.14 =
228
  * Google Authenticator-Two Factor Authentication (2FA) : Database Error Fix and Custom Redirect.
@@ -567,8 +567,8 @@ More descriptive setup messages and UI changes.
567
 
568
  == Upgrade Notice ==
569
 
570
- = 5.1.15 =
571
- * Google Authenticator-Two Factor Authentication (2FA) : UI Fixes.
572
 
573
  = 5.1.14 =
574
  * Google Authenticator-Two Factor Authentication (2FA) : Database Error Fix and Custom Redirect.
3
  Tags: google authenticator, two factor authentication, two factor, 2FA, TFA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4
  Donate link: https://miniorange.com/
5
  Requires at least: 3.0.1
6
+ Tested up to: 5.1
7
  Requires PHP: 5.3.0
8
+ Stable tag: 5.1.16
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
221
 
222
  == Changelog ==
223
 
224
+ = 5.1.16 =
225
+ * Google Authenticator-Two Factor Authentication (2FA) : Login redirect fix.
226
 
227
  = 5.1.14 =
228
  * Google Authenticator-Two Factor Authentication (2FA) : Database Error Fix and Custom Redirect.
567
 
568
  == Upgrade Notice ==
569
 
570
+ = 5.1.16 =
571
+ * Google Authenticator-Two Factor Authentication (2FA) : Login redirect fix.
572
 
573
  = 5.1.14 =
574
  * Google Authenticator-Two Factor Authentication (2FA) : Database Error Fix and Custom Redirect.
views/configure_kba_questions CHANGED
@@ -53,7 +53,7 @@ function mo2f_configure_kba_questions() { ?>
53
  <td>
54
  <input class="mo2f_table_textbox" type="text" name="mo2f_kba_ans1" id="mo2f_kba_ans1"
55
  title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
56
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" required="true" autofocus="true"
57
  placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
58
  </td>
59
  </tr>
@@ -93,7 +93,7 @@ function mo2f_configure_kba_questions() { ?>
93
  <td>
94
  <input class="mo2f_table_textbox" type="text" name="mo2f_kba_ans2" id="mo2f_kba_ans2"
95
  title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
96
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" required="true"
97
  placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
98
  </td>
99
  </tr>
@@ -109,7 +109,7 @@ function mo2f_configure_kba_questions() { ?>
109
  <td>
110
  <input class="mo2f_table_textbox" type="text" name="mo2f_kba_ans3" id="mo2f_kba_ans3"
111
  title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
112
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}" required="true"
113
  placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
114
  </td>
115
  </tr>
53
  <td>
54
  <input class="mo2f_table_textbox" type="text" name="mo2f_kba_ans1" id="mo2f_kba_ans1"
55
  title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
56
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true" autofocus="true"
57
  placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
58
  </td>
59
  </tr>
93
  <td>
94
  <input class="mo2f_table_textbox" type="text" name="mo2f_kba_ans2" id="mo2f_kba_ans2"
95
  title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
96
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
97
  placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
98
  </td>
99
  </tr>
109
  <td>
110
  <input class="mo2f_table_textbox" type="text" name="mo2f_kba_ans3" id="mo2f_kba_ans3"
111
  title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
112
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
113
  placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
114
  </td>
115
  </tr>
views/feedback_form.php CHANGED
@@ -10,7 +10,7 @@
10
  wp_enqueue_style( 'wp-pointer' );
11
  wp_enqueue_script( 'wp-pointer' );
12
  wp_enqueue_script( 'utils' );
13
- wp_enqueue_style( 'mo_2_factor_admin_plugins_page_style', plugins_url( '/../includes/css/mo2f_plugins_page.css?version=5.1.15', __FILE__ ) );
14
 
15
  $action = 'install-plugin';
16
  $slug = 'miniorange-google-authenticator';
10
  wp_enqueue_style( 'wp-pointer' );
11
  wp_enqueue_script( 'wp-pointer' );
12
  wp_enqueue_script( 'utils' );
13
+ wp_enqueue_style( 'mo_2_factor_admin_plugins_page_style', plugins_url( '/../includes/css/mo2f_plugins_page.css?version=5.1.16', __FILE__ ) );
14
 
15
  $action = 'install-plugin';
16
  $slug = 'miniorange-google-authenticator';
views/test_kba_security_questions CHANGED
@@ -17,7 +17,7 @@
17
  <br>
18
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1"
19
  id="mo2f_answer_1" required="true" autofocus="true"
20
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}"
21
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
22
  autocomplete="off"><br><br>
23
  <?php
@@ -25,7 +25,7 @@
25
  ?>
26
  <br>
27
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2"
28
- id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+-\s]{1,100}"
29
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
30
  autocomplete="off"><br><br>
31
  <?php
17
  <br>
18
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1"
19
  id="mo2f_answer_1" required="true" autofocus="true"
20
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
21
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
22
  autocomplete="off"><br><br>
23
  <?php
25
  ?>
26
  <br>
27
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2"
28
+ id="mo2f_answer_2" required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
29
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
30
  autocomplete="off"><br><br>
31
  <?php