Google Authenticator – WordPress Two Factor Authentication (2FA) -

Version Description

Google Authenticator-Two Factor Authentication (2FA) : UI changes with more description.

Release Info

Developer	cyberlord92
Plugin	Google Authenticator – WordPress Two Factor Authentication (2FA)
Version	5.2.0
Comparing to
See all releases

Code changes from version 5.1.22 to 5.2.0

Files changed (11) hide show

includes/css/style_settings.css +1 -2
miniorange_2_factor_configuration.php +38 -7
miniorange_2_factor_mobile_configuration.php +7 -1
miniorange_2_factor_settings.php +16 -8
network_security/class_miniorange_2fa_network_security.php +137 -125
network_security/miniorange_handler.php +55 -1
network_security/views/miniorange_network_security_monitoring.php +1 -1
readme.txt +8 -2
uninstall.php +1 -0
views/customer_registration.php +9 -3
views/test_miniorange_push_notification +2 -2

includes/css/style_settings.css CHANGED Viewed

	@@ -1676,11 +1676,10 @@ body {font-family: "Lato", sans-serif;}
1676	border: 1px solid #ccc;
1677	width: 85%;
1678	border-left: none;
1679	- min-height: ~~390px~~;
1680	background-color: #fff;
1681	}
1682
1683	- ----------------------------
1684	.tooltip {
1685	position: relative;
1686	display: inline-block;


1676	border: 1px solid #ccc;
1677	width: 85%;
1678	border-left: none;
1679	+ min-height: 445px;
1680	background-color: #fff;
1681	}
1682

1683	.tooltip {
1684	position: relative;
1685	display: inline-block;

miniorange_2_factor_configuration.php CHANGED Viewed

	@@ -31,7 +31,7 @@ function mo_2_factor_register( $user ) {
31
32	$mo2fa_tab='mo2f_ns';
33
34	- if($mo2f_active_tab=="mobile_configure"\|\|$mo2f_active_tab=="mo2f_support"\|\|$mo2f_active_tab=="mo2f_addon"\|\|$mo2f_active_tab=="2factor_setup"\|\| $mo2f_active_tab=="mo2f_login"\|\|$mo2f_active_tab=="proxy_setup"\|\|$mo2f_active_tab=="mo2f_video_guide"){
35	$mo2fa_tab='2fa';
36	}
37	$session_variables = array( 'mo2f_google_auth', 'mo2f_authy_keys', 'mo2f_mobile_support' );
	@@ -90,7 +90,7 @@ function mo_2_factor_register( $user ) {
90	</div>
91	<div >
92	<?php if ( $mo2f_active_tab != 'mo2f_pricing'){?>
93	- <div class="tab" style="min-height:395px;border-radius: 0px 0px 0px 15px; height: ~~395px~~">
94	<span class="tooltiptext"></span>
95	<?php if ( $mo2fa_tab=='2fa' && $mo2f_active_tab != 'mo2f_pricing') {?>
96	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure" class="tablinks <?php echo $mo2f_active_tab == 'mobile_configure' ? 'active' : ''; ?>" id="mo2f_tab3"><?php echo mo2f_lt( 'Setup Two-Factor' ); ?></a>
	@@ -102,7 +102,10 @@ function mo_2_factor_register( $user ) {
102	class="tablinks <?php echo $mo2f_active_tab == 'mo2f_login' ? 'active' : ''; ?>"
103	id="mo2f_tab2"><?php echo mo2f_lt( 'Login Options' ); ?></a>
104	<?php } ?>
105	- <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=~~mo2f_support~~"



106	class="tablinks <?php echo $mo2f_active_tab == 'mo2f_support' ? ' active' : ''; ?>"
107	id="mo2f_tab7"><?php echo mo2f_lt( 'Support' ) ; ?></a>
108	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_video_guide"
	@@ -136,6 +139,7 @@ function mo_2_factor_register( $user ) {
136	<div id="mo2f_left_navigation" class="tabcontent" <?php if ( $mo2f_active_tab == 'mo2f_pricing'){echo 'style="width: 100%;"';}?>>
137
138	<?php

139	/* to update the status of existing customers for adding their user registration status */
140	if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) {
141	$Mo2fdbQueries->update_user_details( $user->ID, array( 'user_registration_with_miniorange' => 'SUCCESS' ) );
	@@ -167,6 +171,8 @@ function mo_2_factor_register( $user ) {
167	}else if ( $can_display_admin_features && $mo2f_active_tab == 'mo2f_login' ) {
168	MO2f_Utility::unset_session_variables( $session_variables );
169	show_2_factor_login_settings( $user );


170	} else if ( $can_display_admin_features && $mo2f_active_tab == 'mo2f_addon' ) {
171	MO2f_Utility::unset_session_variables( $session_variables );
172	show_2_factor_addons( $user );
	@@ -347,6 +353,7 @@ function mo2f_show_registration_page( $user ) {
347	$mo2f_active_tab = isset( $_GET['mo2f_tab'] ) ? $_GET['mo2f_tab'] : '';
348	$mo2f_active_sub_tab = isset( $_GET['mo2f_sub_tab'] ) ? $_GET['mo2f_sub_tab'] : '';//mo2f_sub_tab=2factor_setup
349	$is_registration = ($mo2f_active_tab =='2factor_setup'\|\|$mo2f_active_sub_tab=='2factor_setup') ? true : false;

350	?>
351	<!--Register with miniOrange-->
352	<form name="f" method="post" action="">
	@@ -360,7 +367,7 @@ function mo2f_show_registration_page( $user ) {
360	<div id="panel1">
361	<br>
362	<div><?php echo mo2f_lt( 'Already have an account?' ) . '  <a style="font-weight:bold; color:limegreen" href="#mo2f_account_exist">' . mo2f_lt( 'SIGN IN' ) ?></a></div>
363	- ~~<br>~~
364	<table class="mo2f_settings_table" style="border-collapse: separate; border-spacing: 0 1em;">
365	<tr>
366
	@@ -385,12 +392,10 @@ function mo2f_show_registration_page( $user ) {
385	<tr>
386	<td> </td>
387	<td><input type="submit" name="submit" style="float:right;"
388	- value="<?php echo mo2f_lt( '~~Continue~~' ); ?>"
389	class="button button-primary button-large"/></td>
390	</tr>
391	</table>
392	- <br>
393	-
394	</div>
395	</div>
396	</form>
	@@ -401,9 +406,13 @@ function mo2f_show_registration_page( $user ) {
401	</form>
402
403	<script>

404	jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
405	jQuery('#mo2f_verify_customerform').submit();
406	});



407	</script>
408	<?php
409	}
	@@ -833,7 +842,28 @@ function show_2_factor_proxy_setup( $user ) {
833	</div>
834	</form>
835	<?php }



















836


837	function show_2_factor_login_settings( $user ) {
838	global $Mo2fdbQueries;
839	$roles = get_editable_roles();
	@@ -1389,6 +1419,7 @@ function mo2f_show_verify_password_page() {
1389	$mo2f_active_tab = isset( $_GET['mo2f_tab'] ) ? $_GET['mo2f_tab'] : '';
1390	$mo2f_active_sub_tab = isset( $_GET['mo2f_sub_tab'] ) ? $_GET['mo2f_sub_tab'] : '';//mo2f_sub_tab=2factor_setup
1391	$is_registration = ($mo2f_active_tab =='2factor_setup'\|\|$mo2f_active_sub_tab=='2factor_setup') ? true : false;

1392	// $is_registration = $is_registration?(($mo2f_active_sub_tab=='2factor_setup')? true :false):false;
1393	?>
1394	<!--Verify password with miniOrange-->


31
32	$mo2fa_tab='mo2f_ns';
33
34	+ if($mo2f_active_tab=="mobile_configure"\|\|$mo2f_active_tab=="mo2f_support"\|\|$mo2f_active_tab=="mo2f_custom_form"\|\|$mo2f_active_tab=="mo2f_addon"\|\|$mo2f_active_tab=="2factor_setup"\|\| $mo2f_active_tab=="mo2f_login"\|\|$mo2f_active_tab=="proxy_setup"\|\|$mo2f_active_tab=="mo2f_video_guide"){
35	$mo2fa_tab='2fa';
36	}
37	$session_variables = array( 'mo2f_google_auth', 'mo2f_authy_keys', 'mo2f_mobile_support' );

90	</div>
91	<div >
92	<?php if ( $mo2f_active_tab != 'mo2f_pricing'){?>
93	+ <div class="tab" style="min-height:395px;border-radius: 0px 0px 0px 15px; height: 445px">
94	<span class="tooltiptext"></span>
95	<?php if ( $mo2fa_tab=='2fa' && $mo2f_active_tab != 'mo2f_pricing') {?>
96	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure" class="tablinks <?php echo $mo2f_active_tab == 'mobile_configure' ? 'active' : ''; ?>" id="mo2f_tab3"><?php echo mo2f_lt( 'Setup Two-Factor' ); ?></a>

102	class="tablinks <?php echo $mo2f_active_tab == 'mo2f_login' ? 'active' : ''; ?>"
103	id="mo2f_tab2"><?php echo mo2f_lt( 'Login Options' ); ?></a>
104	<?php } ?>
105	+ <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_custom_form"
106	+ class="tablinks <?php echo $mo2f_active_tab == 'mo2f_custom_form' ? ' active' : ''; ?>"
107	+ id="mo2f_tab7"><?php echo mo2f_lt( 'Custom Login Form' ) ; ?></a>
108	+ <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_support"
109	class="tablinks <?php echo $mo2f_active_tab == 'mo2f_support' ? ' active' : ''; ?>"
110	id="mo2f_tab7"><?php echo mo2f_lt( 'Support' ) ; ?></a>
111	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_video_guide"

139	<div id="mo2f_left_navigation" class="tabcontent" <?php if ( $mo2f_active_tab == 'mo2f_pricing'){echo 'style="width: 100%;"';}?>>
140
141	<?php
142	+
143	/* to update the status of existing customers for adding their user registration status */
144	if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) {
145	$Mo2fdbQueries->update_user_details( $user->ID, array( 'user_registration_with_miniorange' => 'SUCCESS' ) );

171	}else if ( $can_display_admin_features && $mo2f_active_tab == 'mo2f_login' ) {
172	MO2f_Utility::unset_session_variables( $session_variables );
173	show_2_factor_login_settings( $user );
174	+ }else if ( $can_display_admin_features && $mo2f_active_tab == 'mo2f_custom_form' ) {
175	+ show_2_factor_custom_form( $user );
176	} else if ( $can_display_admin_features && $mo2f_active_tab == 'mo2f_addon' ) {
177	MO2f_Utility::unset_session_variables( $session_variables );
178	show_2_factor_addons( $user );

353	$mo2f_active_tab = isset( $_GET['mo2f_tab'] ) ? $_GET['mo2f_tab'] : '';
354	$mo2f_active_sub_tab = isset( $_GET['mo2f_sub_tab'] ) ? $_GET['mo2f_sub_tab'] : '';//mo2f_sub_tab=2factor_setup
355	$is_registration = ($mo2f_active_tab =='2factor_setup'\|\|$mo2f_active_sub_tab=='2factor_setup') ? true : false;
356	+
357	?>
358	<!--Register with miniOrange-->
359	<form name="f" method="post" action="">

367	<div id="panel1">
368	<br>
369	<div><?php echo mo2f_lt( 'Already have an account?' ) . '  <a style="font-weight:bold; color:limegreen" href="#mo2f_account_exist">' . mo2f_lt( 'SIGN IN' ) ?></a></div>
370	+
371	<table class="mo2f_settings_table" style="border-collapse: separate; border-spacing: 0 1em;">
372	<tr>
373

392	<tr>
393	<td> </td>
394	<td><input type="submit" name="submit" style="float:right;"
395	+ value="<?php echo mo2f_lt( 'Register with miniOrange' ); ?>"
396	class="button button-primary button-large"/></td>
397	</tr>
398	</table>


399	</div>
400	</div>
401	</form>

406	</form>
407
408	<script>
409	+
410	jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
411	jQuery('#mo2f_verify_customerform').submit();
412	});
413	+
414	+
415	+
416	</script>
417	<?php
418	}

842	</div>
843	</form>
844	<?php }
845	+ function show_2_factor_custom_form($user){?>
846	+ <div style="margin:4% 4% 0% 4%;">
847	+ <span style="font-weight:bold;font-size:18px;">Custom Login Forms</span>
848	+ <p>We support most of the login forms present on the wordpress. And our plugin is tested with almost all the forms like Woocommerce, Ultimate Member, Restrict Content Pro and so on.</p>
849	+ <ul>
850	+ <li><b>Woocommerce</b></li>
851	+ <li><b>Ultimate Member</b></li>
852	+ <li><b>Restrict Content Pro</b></li>
853	+ <li><b>My Theme Login</b></li>
854	+ <li><b>User Registration</b></li>
855	+ <li><b>Custom Login Page Customizer \| LoginPress</b></li>
856	+ <li><b>Admin Custom Login</b></li>
857	+ <li><b>RegistrationMagic – Custom Registration Forms and User Login</b></li>
858	+ </ul>
859	+ <p>And many more which are not mentioned here.</p>
860	+
861	+ <p style="font-size:15px">If there is any custom login form where Two Factor is not initiated you can get let us know so that we can add support for it. You can reach us through our <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_support"><?php echo mo2f_lt( 'Support' ) ; ?></a>.</p>
862	+ </div>
863	+
864
865	+ <?php
866	+ }
867	function show_2_factor_login_settings( $user ) {
868	global $Mo2fdbQueries;
869	$roles = get_editable_roles();

1419	$mo2f_active_tab = isset( $_GET['mo2f_tab'] ) ? $_GET['mo2f_tab'] : '';
1420	$mo2f_active_sub_tab = isset( $_GET['mo2f_sub_tab'] ) ? $_GET['mo2f_sub_tab'] : '';//mo2f_sub_tab=2factor_setup
1421	$is_registration = ($mo2f_active_tab =='2factor_setup'\|\|$mo2f_active_sub_tab=='2factor_setup') ? true : false;
1422	+
1423	// $is_registration = $is_registration?(($mo2f_active_sub_tab=='2factor_setup')? true :false):false;
1424	?>
1425	<!--Verify password with miniOrange-->

miniorange_2_factor_mobile_configuration.php CHANGED Viewed

	@@ -917,6 +917,8 @@ function show_2_factor_pricing_page( $user ) {
917	"Brute Force Protection",
918	"Blocking IP",
919	"Monitoring",


920	"Enable 2FA for specific User Roles",
921	"Enable 2FA for specific Users",
922	"Choose specific authentication methods for Users",
	@@ -974,6 +976,8 @@ function show_2_factor_pricing_page( $user ) {
974	"Brute Force Protection" => array( true, false, false, true ),
975	"Blocking IP" => array( true, false, false, true ),
976	"Monitoring" => array( true, false, false, true ),


977	"Enable 2FA for specific User Roles" => array( false, false, true, true ),
978	"Enable 2FA for specific Users" => array( false, false, true, true ),
979	"Choose specific authentication methods for Users" => array( false, false, true, true ),
	@@ -1016,6 +1020,8 @@ function show_2_factor_pricing_page( $user ) {
1016	"Brute Force Protection" => array( true, false, false, true ),
1017	"Blocking IP" => array( true, false, false, true ),
1018	"Monitoring" => array( true, false, false, true ),


1019	"User role based redirection after Login" => array( false, true, true, true ),
1020	"Add custom Security Questions (KBA)" => array( false, true, true, true ),
1021	"Customize account name in Google Authenticator app" => array( false, true, true, true ),
	@@ -1435,4 +1441,4 @@ function mo2f_get_binary_equivalent( $mo2f_var ) {
1435	default:
1436	return $mo2f_var;
1437	}
1438	- } ?>


917	"Brute Force Protection",
918	"Blocking IP",
919	"Monitoring",
920	+ // "Strong Password",
921	+ // "File Protection",
922	"Enable 2FA for specific User Roles",
923	"Enable 2FA for specific Users",
924	"Choose specific authentication methods for Users",

976	"Brute Force Protection" => array( true, false, false, true ),
977	"Blocking IP" => array( true, false, false, true ),
978	"Monitoring" => array( true, false, false, true ),
979	+ // "Strong Password" => array( true, false, false, true ),
980	+ // "File Protection" => array( true, false, false, true ),
981	"Enable 2FA for specific User Roles" => array( false, false, true, true ),
982	"Enable 2FA for specific Users" => array( false, false, true, true ),
983	"Choose specific authentication methods for Users" => array( false, false, true, true ),

1020	"Brute Force Protection" => array( true, false, false, true ),
1021	"Blocking IP" => array( true, false, false, true ),
1022	"Monitoring" => array( true, false, false, true ),
1023	+ // "Strong Password" => array( true, false, false, true ),
1024	+ //"File Protection" => array( true, false, false, true ),
1025	"User role based redirection after Login" => array( false, true, true, true ),
1026	"Add custom Security Questions (KBA)" => array( false, true, true, true ),
1027	"Customize account name in Google Authenticator app" => array( false, true, true, true ),

1441	default:
1442	return $mo2f_var;
1443	}
1444	+ } ?>

miniorange_2_factor_settings.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: https://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6	- * Version: 5.1.22
7	* Author: miniOrange
8	* Author URI: https://miniorange.com
9	* License: GPL2
	@@ -26,7 +26,7 @@ require( 'class-miniorange-2-factor-pass2fa-login.php' );
26	require('resources/constants.php');
27	require('resources/messages.php');
28	define( 'MOAUTH_PATH', plugins_url( __FILE__ ) );
29	- define( 'MO2F_VERSION', '5.1.22' );
30
31
32	class Miniorange_Authentication {
	@@ -35,7 +35,6 @@ class Miniorange_Authentication {
35	private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
36
37	function __construct() {
38	-
39	add_option( 'mo2f_activate_plugin', 1 );
40	add_option( 'mo2f_login_option', 1 );
41	add_option( 'mo2f_number_of_transactions', 1 );
	@@ -538,13 +537,14 @@ class Miniorange_Authentication {
538	$confirmPassword = sanitize_text_field( $_POST['confirmPassword'] );
539
540	$email = strtolower( $email );
541	- ~~update_option( 'mo2f_email', $email );~~
542	-
543	- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
544	$pattern = '/^[(\w)(\!\@\#\$\%\^\&\\.\-\_)*]+$/';
545
546	if(preg_match($pattern,$password)){
547	if ( strcmp( $password, $confirmPassword ) == 0 ) {



548	update_option( 'mo2f_password', stripslashes( $password ) );
549	$customer = new Customer_Setup();
550	$customerKey = json_decode( $customer->check_customer(), true );
	@@ -735,7 +735,7 @@ class Miniorange_Authentication {
735	update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
736	$mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
737	$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
738	-
739	}
740
741	}
	@@ -743,7 +743,7 @@ class Miniorange_Authentication {
743	update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
744	$mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
745	$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
746	-
747	}
748
749	delete_option( 'mo2f_password' );
	@@ -2314,6 +2314,14 @@ class Miniorange_Authentication {
2314	delete_option( 'mo2f_proxy_username' );
2315	delete_option( 'mo2f_proxy_password' );
2316	delete_option( 'mo2f_customer_selected_plan' );








2317	}
2318
2319	function mo_auth_show_success_message() {


3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: https://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6	+ * Version: 5.2.0
7	* Author: miniOrange
8	* Author URI: https://miniorange.com
9	* License: GPL2

26	require('resources/constants.php');
27	require('resources/messages.php');
28	define( 'MOAUTH_PATH', plugins_url( __FILE__ ) );
29	+ define( 'MO2F_VERSION', '5.2.0' );
30
31
32	class Miniorange_Authentication {

35	private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
36
37	function __construct() {

38	add_option( 'mo2f_activate_plugin', 1 );
39	add_option( 'mo2f_login_option', 1 );
40	add_option( 'mo2f_number_of_transactions', 1 );

537	$confirmPassword = sanitize_text_field( $_POST['confirmPassword'] );
538
539	$email = strtolower( $email );
540	+


541	$pattern = '/^[(\w)(\!\@\#\$\%\^\&\\.\-\_)*]+$/';
542
543	if(preg_match($pattern,$password)){
544	if ( strcmp( $password, $confirmPassword ) == 0 ) {
545	+ update_option( 'mo2f_email', $email );
546	+
547	+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
548	update_option( 'mo2f_password', stripslashes( $password ) );
549	$customer = new Customer_Setup();
550	$customerKey = json_decode( $customer->check_customer(), true );

735	update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
736	$mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
737	$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
738	+ $this->mo_auth_show_error_message();
739	}
740
741	}

743	update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
744	$mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
745	$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
746	+ $this->mo_auth_show_error_message();
747	}
748
749	delete_option( 'mo2f_password' );

2314	delete_option( 'mo2f_proxy_username' );
2315	delete_option( 'mo2f_proxy_password' );
2316	delete_option( 'mo2f_customer_selected_plan' );
2317	+ delete_option( 'mo2f_ns_whitelist_ip' );
2318	+ delete_option( 'mo2f_enable_brute_force' );
2319	+ delete_option( 'mo2f_show_remaining_attempts' );
2320	+ delete_option( 'mo2f_ns_blocked_ip' );
2321	+ delete_option( 'mo2f_allwed_login_attempts' );
2322	+ delete_option( 'mo2f_time_of_blocking_type' );
2323	+ delete_option( 'mo2f_network_features' );
2324	+
2325	}
2326
2327	function mo_auth_show_success_message() {

network_security/class_miniorange_2fa_network_security.php CHANGED Viewed

@@ -4,7 +4,6 @@ require('miniorange_handler.php');
             require('integrations/class_buddypress.php');
             include ('miniorange_2_factor_network_security_view.php');
-            -
             class class_miniorange_2fa_network_security {
             	function __construct(){
@@ -25,7 +24,7 @@ class class_miniorange_2fa_network_security {
             				add_action( 'wp_login_failed', array( $this, 'mo2f_ns_login_failed' ) );
+            			}
+            		}
-            -
            		$mo2f_ns_config = new MO2f_Handler();
             		add_action('mo2f_network_create_db',array($mo2f_ns_config,'create_db'),5);
             		add_action('mo2f_network_view_monitoring','mo2f_show_2_factor_user_login_reports',5,1);
             		add_action('mo2f_network_view_ip_blocking','mo2f_show_2_factor_ip_block',5,1);
@@ -103,153 +102,166 @@ class class_miniorange_2fa_network_security {
             	function mo2f_network_save_settings(){
             		global $user;
             		global $Mo2fdbQueries;
-            -
            		// $mo2f_settings=new Miniorange_Authentication();
             		$user    = wp_get_current_user();
             		$user_id = $user->ID;
             		if ( current_user_can( 'manage_options' ) ) {
-            -
            		if(isset($_POST['option']) and $_POST['option'] == "mo2f_enable_brute_force")
-            -
            			{
-            -
            				$enable_brute_force_protection = false;
-            -
            				if(isset($_POST['mo2f_enable_brute_force_protection'])  && $_POST['mo2f_enable_brute_force_protection']=='1'){
-            -
            					$enable_brute_force_protection = sanitize_text_field($_POST['mo2f_enable_brute_force_protection']);
-            -
            					update_option( 'mo2f_message', 'Brute force protection is enabled.');
-            -
            					do_action('mo_auth_show_success_message');
-            -
            				}else {
-            -
            					update_option( 'mo2f_message', 'Brute force protection is disabled.');
-            -
            					do_action('mo_auth_show_error_message');
-            -
            				}
-            -
            				update_option( 'mo2f_enable_brute_force', $enable_brute_force_protection);
             			}  else if(isset($_POST['option']) and $_POST['option'] == "mo2f_brute_force_configuration"){
-            -
            			if($_POST['allwed_login_attempts']>0)
-            -
            			{
-            -
            				if($_POST['time_of_blocking_type']=='permanent'){
-            -
            					update_option( 'mo2f_allwed_login_attempts', sanitize_text_field($_POST['allwed_login_attempts']));
-            -
-            -
            					update_option( 'mo2f_time_of_blocking_type', sanitize_text_field($_POST['time_of_blocking_type']));
-            -
            					if(isset($_POST['time_of_blocking_val']))
-            -
            						update_option( 'mo2f_time_of_blocking_val', sanitize_text_field($_POST['time_of_blocking_val']));
-            -
            					$show_remaining_attempts = false;
-            -
            					if(isset($_POST['show_remaining_attempts'])  && $_POST['show_remaining_attempts'])
-            -
            						$show_remaining_attempts = true;
-            -
            					update_option( 'mo2f_show_remaining_attempts', $show_remaining_attempts);
-            -
            					update_option( 'mo2f_message', 'Your configuration has been saved.');
-            -
            					do_action('mo_auth_show_success_message');
-            -
            				}else{
-            -
            					update_option( 'mo2f_message', 'You will have to upgrade to our Standard/Premium plan to use this feature.');
-            -
            					do_action('mo_auth_show_error_message');
-            -
            				}
-            -
-            -
            			}else{
-            -
            				update_option( 'mo2f_message', 'Login Limit Should be more than or equal to 1.');
-            -
            				do_action('mo_auth_show_error_message');
-            -
            			}
-            -
            		}else if(isset($_POST['option']) and $_POST['option']=='mo2f_manual_clear'){
-            -
-            -
            				$mo2f_ns_config = new MO2f_Handler();
-            -
            				$mo2f_ns_config->mo2f_clear_login_report();
-            -
            				update_option( 'mo2f_message', "Login Reports have been successfully erased.");
-            -
            				do_action('mo_auth_show_success_message');
-            -
-            -
            		}else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_manual_block_ip"){
-            -
            				$reg = '/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/';
-            -
            				if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['ip'] )|| !preg_match($reg, $_POST['ip'])) {
-            -
            					update_option( 'mo2f_message', 'Please enter valid IP address (e.g., 0.0.0.0 to 255.255.255.255).');
-            -
            					do_action('mo_auth_show_error_message');
-            -
            					return;
-            -
            				} else{
-            -
            					$ipAddress = sanitize_text_field( $_POST['ip'] );
-            -
            					$mo2f_ns_config = new MO2f_Handler();
-            -
            					$isWhitelisted = $mo2f_ns_config->is_whitelisted($ipAddress);
-            -
            					if(!$isWhitelisted){
-            -
            						if($mo2f_ns_config->is_ip_blocked($ipAddress)){
-            -
            							update_option( 'mo2f_message', "IP Address is already in blocked IP's list.");
-            -
            							do_action('mo_auth_show_error_message');
-            -
            						} else{
-            -
            							//add limit to number of blocks
-            -
            							$no_of_blocks=get_option('mo2f_ns_blocked_ip');
-            -
            							if($no_of_blocks<5){
-            -
            								$mo2f_ns_config->block_ip($ipAddress, Mo2f_Messages::BLOCKED_BY_ADMIN, true);
-            -
            								$no_of_blocks=$no_of_blocks+1;
-            -
            								update_option('mo2f_ns_blocked_ip',$no_of_blocks);
-            -
            								update_option( 'mo2f_message', 'IP Address is blocked permanently.');
             								do_action('mo_auth_show_success_message');
             							}else{
-            -
            								update_option( 'mo2f_message', "You cannot Manually block more than 5 IP Addresses in Free plugin.");
             								do_action('mo_auth_show_error_message');
+            							}
+            						}
-            -
            					}else{
-            -
            						update_option( 'mo2f_message', "IP Address is in Whitelisted IP's list. Please remove it from whitelisted list first.");
-            -
            						do_action('mo_auth_show_error_message');
-            -
            					}
-            -
            				}
-            -
            		} else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_unblock_ip"){
-            -
            				if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['entryid'] )) {
-            -
            					update_option( 'mo2f_message', 'Error processing your request. Please try again.');
-            -
            					do_action('mo_auth_show_error_message');
-            -
            					return;
-            -
            				}else{
-            -
            					$entryid = sanitize_text_field( $_POST['entryid'] );
             					$mo2f_ns_config = new MO2f_Handler();
-            -
            					$reason=$mo2f_ns_config->unblock_ip_entry($entryid);
-            -
            					update_option( 'mo2f_message', 'IP has been unblocked.');
             					do_action('mo_auth_show_success_message');
-            -
            					if(strpos($reason, 'Blocked') !== false){
-            -
            						$no_of_blocks=get_option('mo2f_ns_blocked_ip');
-            -
            						update_option('mo2f_ns_blocked_ip',$no_of_blocks-1);
-            -
            					}
-            -
            				}
-            -
            				} else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_whitelist_ip"){
-            -
            				$reg = '/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/';
-            -
            				if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['ip'] ) || !preg_match($reg, $_POST['ip'])) {
-            -
            					update_option( 'mo2f_message', 'Please enter valid IP address (e.g., 0.0.0.0 to 255.255.255.255).');
-            -
            					do_action('mo_auth_show_error_message');
-            -
            					return;
-            -
            				}else{
-            -
            					$ipAddress = sanitize_text_field( $_POST['ip'] );
-            -
            					$mo2f_ns_config = new MO2f_Handler();
-            -
            					if($mo2f_ns_config->is_whitelisted($ipAddress)){
-            -
            						update_option( 'mo2f_message', "IP Address is already in whitelisted IP's list.");
             						do_action('mo_auth_show_error_message');
             					} else{
-            -
            						$no_of_whitelist=get_option('mo2f_ns_whitelist_ip');
-            -
            						if($no_of_whitelist<5) {
-            -
            							$mo2f_ns_config = new MO2f_Handler();
-            -
            								if($mo2f_ns_config ->is_ip_blocked($ipAddress)){
-            -
            									update_option( 'mo2f_message', "IP Address is in Blocked IP's list. Please remove it from blocked list first." );
-            -
            									do_action('mo_auth_show_error_message');
-            -
            								}
-            -
            								else {
-            -
            									$mo2f_ns_config->whitelist_ip( $ipAddress );
-            -
            									update_option( 'mo2f_message', 'IP Address is whitelisted.' );
             									do_action('mo_auth_show_success_message');
-            -
            									$no_of_whitelist = $no_of_whitelist + 1;
-            -
            									update_option( 'mo2f_ns_whitelist_ip', $no_of_whitelist );
+            								}
             						}else{
-            -
            							update_option( 'mo2f_message', "You cannot Whitelist more than 5 IP Addresses in Free plugin.");
             							do_action('mo_auth_show_error_message');
+            						}
+            					}
-            -
            				}
-            -
            		} else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_remove_whitelist"){
-            -
            				if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['entryid'] )) {
-            -
            					update_option( 'mo2f_message', 'Error processing your request. Please try again.');
-            -
            					do_action('mo_auth_show_error_message');
-            -
            					return;
-            -
            				}else{
-            -
            					$entryid = sanitize_text_field( $_POST['entryid'] );
-            -
            					$mo2f_ns_config = new MO2f_Handler();
-            -
            					$mo2f_ns_config->remove_whitelist_entry($entryid);
-            -
            					$no_of_whitelist=get_option('mo2f_ns_whitelist_ip');
-            -
            					update_option('mo2f_ns_whitelist_ip',$no_of_whitelist-1);
-            -
            					update_option( 'mo2f_message', "IP Address is removed from the whitelisted IP's list.");
             					do_action('mo_auth_show_success_message');
-            -
            				}
+            			}
+            		}
+            	}


4	require('integrations/class_buddypress.php');
5	include ('miniorange_2_factor_network_security_view.php');
6

7	class class_miniorange_2fa_network_security {
8
9	function __construct(){

24	add_action( 'wp_login_failed', array( $this, 'mo2f_ns_login_failed' ) );
25	}
26	}
27	+ $mo2f_ns_config = new MO2f_Handler();
28	add_action('mo2f_network_create_db',array($mo2f_ns_config,'create_db'),5);
29	add_action('mo2f_network_view_monitoring','mo2f_show_2_factor_user_login_reports',5,1);
30	add_action('mo2f_network_view_ip_blocking','mo2f_show_2_factor_ip_block',5,1);

102	function mo2f_network_save_settings(){
103	global $user;
104	global $Mo2fdbQueries;

105	$user = wp_get_current_user();
106	$user_id = $user->ID;
107
108	if ( current_user_can( 'manage_options' ) ) {
109	+
110	+ if(isset($_POST['option']) and $_POST['option'] == "mo2f_enable_brute_force"){
111	+ $enable_brute_force_protection = false;
112	+ if(isset($_POST['mo2f_enable_brute_force_protection']) && $_POST['mo2f_enable_brute_force_protection']=='1'){
113	+ $enable_brute_force_protection = sanitize_text_field($_POST['mo2f_enable_brute_force_protection']);
114	+ update_option( 'mo2f_message', 'Brute force protection is enabled.');
115	+ do_action('mo_auth_show_success_message');
116	+ }else {
117	+ update_option( 'mo2f_message', 'Brute force protection is disabled.');
118	+ do_action('mo_auth_show_error_message');
119	+ }
120	+ update_option( 'mo2f_enable_brute_force', $enable_brute_force_protection);
121	} else if(isset($_POST['option']) and $_POST['option'] == "mo2f_brute_force_configuration"){
122	+ if($_POST['allwed_login_attempts']>0)
123	+ {
124	+ if($_POST['time_of_blocking_type']=='permanent'){
125	+ update_option( 'mo2f_allwed_login_attempts', sanitize_text_field($_POST['allwed_login_attempts']));
126	+
127	+ update_option( 'mo2f_time_of_blocking_type', sanitize_text_field($_POST['time_of_blocking_type']));
128	+ if(isset($_POST['time_of_blocking_val']))
129	+ update_option( 'mo2f_time_of_blocking_val', sanitize_text_field($_POST['time_of_blocking_val']));
130	+ $show_remaining_attempts = false;
131	+ if(isset($_POST['show_remaining_attempts']) && $_POST['show_remaining_attempts'])
132	+ $show_remaining_attempts = true;
133	+ update_option( 'mo2f_show_remaining_attempts', $show_remaining_attempts);
134	+ update_option( 'mo2f_message', 'Your configuration has been saved.');







































135	do_action('mo_auth_show_success_message');
136	}else{
137	+ update_option( 'mo2f_message', 'You will have to upgrade to our Standard/Premium plan to use this feature.');
138	do_action('mo_auth_show_error_message');
139	}
140
141	+ }else{
142	+ update_option( 'mo2f_message', 'Login Limit Should be more than or equal to 1.');
143	+ do_action('mo_auth_show_error_message');
144	}
145	+ }else if(isset($_POST['option']) and $_POST['option']=='mo2f_manual_clear'){





146






147	$mo2f_ns_config = new MO2f_Handler();
148	+ $mo2f_ns_config->mo2f_clear_login_report();
149	+ update_option( 'mo2f_message', "Login Reports have been successfully erased.");
150	do_action('mo_auth_show_success_message');
151	+
152	+ }else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_manual_block_ip"){
153	+ $reg = '/\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b/';
154	+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['ip'] )\|\| !preg_match($reg, $_POST['ip'])) {
155	+ update_option( 'mo2f_message', 'Please enter valid IP address (e.g., 0.0.0.0 to 255.255.255.255).');











156	do_action('mo_auth_show_error_message');
157	+ return;
158	} else{
159	+ $ipAddress = sanitize_text_field( $_POST['ip'] );
160	+ $mo2f_ns_config = new MO2f_Handler();
161	+ $isWhitelisted = $mo2f_ns_config->is_whitelisted($ipAddress);
162	+ if(!$isWhitelisted){
163	+ if($mo2f_ns_config->is_ip_blocked($ipAddress)){
164	+ update_option( 'mo2f_message', "IP Address is already in blocked IP's list.");
165	+ do_action('mo_auth_show_error_message');
166	+ } else{
167	+ //add limit to number of blocks
168	+ $no_of_blocks=get_option('mo2f_ns_blocked_ip');
169	+ if($no_of_blocks<5){
170	+ $mo2f_ns_config->block_ip($ipAddress, Mo2f_Messages::BLOCKED_BY_ADMIN, true);
171	+ $no_of_blocks=$no_of_blocks+1;
172	+ update_option('mo2f_ns_blocked_ip',$no_of_blocks);
173	+ update_option( 'mo2f_message', 'IP Address is blocked permanently.');
174	do_action('mo_auth_show_success_message');
175	+ }else{
176	+ update_option( 'mo2f_message', "You cannot Manually block more than 5 IP Addresses in Free plugin.");
177	+ do_action('mo_auth_show_error_message');
178	}
179	+
180	+ }
181	}else{
182	+ update_option( 'mo2f_message', "IP Address is in Whitelisted IP's list. Please remove it from whitelisted list first.");
183	do_action('mo_auth_show_error_message');
184	}
185	}
186	+ } else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_unblock_ip"){

187
188	+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['entryid'] )) {
189	+ update_option( 'mo2f_message', 'Error processing your request. Please try again.');
190	+ do_action('mo_auth_show_error_message');
191	+ return;
192	+ }else{
193	+ $entryid = sanitize_text_field( $_POST['entryid'] );
194	+ $mo2f_ns_config = new MO2f_Handler();
195	+ $reason=$mo2f_ns_config->unblock_ip_entry($entryid);
196	+ update_option( 'mo2f_message', 'IP has been unblocked.');
197	+ do_action('mo_auth_show_success_message');
198	+ if(strpos($reason, 'Blocked') !== false){
199	+ $no_of_blocks=get_option('mo2f_ns_blocked_ip');
200	+ update_option('mo2f_ns_blocked_ip',$no_of_blocks-1);
201	+ }
202	+ }
203	+ } else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_whitelist_ip"){
204	+ $reg = '/\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b/';
205	+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['ip'] ) \|\| !preg_match($reg, $_POST['ip'])) {
206	+ update_option( 'mo2f_message', 'Please enter valid IP address (e.g., 0.0.0.0 to 255.255.255.255).');
207	+ do_action('mo_auth_show_error_message');
208	+ return;
209	+ }else{
210	+ $ipAddress = sanitize_text_field( $_POST['ip'] );
211	+ $mo2f_ns_config = new MO2f_Handler();
212	+ if($mo2f_ns_config->is_whitelisted($ipAddress)){
213	+ update_option( 'mo2f_message', "IP Address is already in whitelisted IP's list.");
214	+ do_action('mo_auth_show_error_message');
215	+ } else{
216	+ $no_of_whitelist=get_option('mo2f_ns_whitelist_ip');
217	+ if($no_of_whitelist<5) {
218	+ $mo2f_ns_config = new MO2f_Handler();
219	+ if($mo2f_ns_config ->is_ip_blocked($ipAddress)){
220	+ update_option( 'mo2f_message', "IP Address is in Blocked IP's list. Please remove it from blocked list first." );
221	+ do_action('mo_auth_show_error_message');
222	+ }
223	+ else {
224	+ $mo2f_ns_config->whitelist_ip( $ipAddress );
225	+ update_option( 'mo2f_message', 'IP Address is whitelisted.' );
226	+ do_action('mo_auth_show_success_message');
227	+ $no_of_whitelist = $no_of_whitelist + 1;
228	+ update_option( 'mo2f_ns_whitelist_ip', $no_of_whitelist );
229	+ }
230	+ }else{
231	+ update_option( 'mo2f_message', "You cannot Whitelist more than 5 IP Addresses in Free plugin.");
232	+ do_action('mo_auth_show_error_message');
233	+ }
234	+ }
235	+ }
236	+ } else if(isset($_POST['option']) and $_POST['option'] == "mo2f_ns_remove_whitelist"){
237	+
238	+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['entryid'] )) {
239	+ update_option( 'mo2f_message', 'Error processing your request. Please try again.');
240	+ do_action('mo_auth_show_error_message');
241	+ return;
242	+ }else{
243	+ $entryid = sanitize_text_field( $_POST['entryid'] );
244	+ $mo2f_ns_config = new MO2f_Handler();
245	+ $mo2f_ns_config->remove_whitelist_entry($entryid);
246	+ $no_of_whitelist=get_option('mo2f_ns_whitelist_ip');
247	+ update_option('mo2f_ns_whitelist_ip',$no_of_whitelist-1);
248	+ update_option( 'mo2f_message', "IP Address is removed from the whitelisted IP's list.");
249	+ do_action('mo_auth_show_success_message');
250	+ }
251	+ }else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_content_protection') {
252	+ isset($_POST['mo2f_protect_wp_config']) ? update_option('mo2f_protect_wp_config', $_POST['mo2f_protect_wp_config']) : update_option('mo2f_protect_wp_config ' ,0);
253	+ isset($_POST['mo2f_prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', $_POST['mo2f_prevent_directory_browsing']) : update_option('mo2f_prevent_directory_browsing',0);
254	+ isset($_POST['mo2f_disable_file_editing']) ? update_option('mo2f_disable_file_editing', $_POST['mo2f_disable_file_editing']) : update_option('mo2f_disable_file_editing',0);
255	+ isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file', $_POST['mo2f_htaccess_file']) : update_option('mo2f_htaccess_file',0);
256	+ // isset($_POST['mo2f_wp_content_file']) ? update_option('mo2f_wp_content_file', $_POST['mo2f_wp_content_file']) : update_option('mo2f_wp_content_file',0);
257	+ $mo2f_htaccess_handler = new mo2f_file_protection();
258	+ $mo2f_htaccess_handler->mo2f_update_htaccess_configuration();
259	+ update_option( 'mo2f_message', "Your configuration for Content Protection has been saved." );
260	+ do_action('mo_auth_show_success_message');
261	+ }else if(isset($_POST['option']) and $_POST['option'] == "mo2f_enforce_strong_passsword"){
262	+ update_option( 'mo2f_enforce_strong_passswords', isset( $_POST['mo2f_enforce_strong_passswords']) ? true : false);
263	+ update_option( 'mo2f_message', 'Settings are saved successfully');
264	do_action('mo_auth_show_success_message');

265	}
266	}
267	}

network_security/miniorange_handler.php CHANGED Viewed

@@ -213,7 +213,18 @@ class MO2f_Handler{
+            			)
             		);
+            	}
-            -
             	function mo2f_clear_login_report() {
             		global $wpdb;
             		$wpdb->query("DELETE FROM " . $wpdb->prefix . MO2f_Constants::USER_TRANSCATIONS_TABLE . " WHERE Status='".MO2f_Constants::SUCCESS."' or Status= '".MO2f_Constants::PAST_FAILED."'  OR Status='".MO2f_Constants::FAILED."'");
@@ -266,6 +277,49 @@ class MO2f_Handler{
+            		}
             		return 0;
+            	}
             } ?>


213	)
214	);
215	}
216	+
217	+ public static function is_validPassword($errors, $username, $password){
218	+
219	+ $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
220	+ if ($enforceStrongPasswds && !MO2f_Handler::mo2f_isStrongPasswd($password, $username)) {
221	+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
222	+ return $errors;
223	+ }
224	+
225	+ return $errors;
226	+
227	+ }
228	function mo2f_clear_login_report() {
229	global $wpdb;
230	$wpdb->query("DELETE FROM " . $wpdb->prefix . MO2f_Constants::USER_TRANSCATIONS_TABLE . " WHERE Status='".MO2f_Constants::SUCCESS."' or Status= '".MO2f_Constants::PAST_FAILED."' OR Status='".MO2f_Constants::FAILED."'");

277	}
278	return 0;
279	}
280	+
281	+ //strong password
282	+ //check if user is logged in
283	+
284	+ public static function hasLoginCookie(){
285	+ if(isset($_COOKIE)){
286	+ if(is_array($_COOKIE)){
287	+ foreach($_COOKIE as $key => $val){
288	+ if(strpos($key, 'wordpress_logged_in') === 0){
289	+ return true;
290	+ }
291	+ }
292	+ }
293	+ }
294	+ return false;
295	+ }
296	+
297	+ public static function mo2f_isStrongPasswd($passwd, $username ) {
298	+ $strength = 0;
299	+
300	+ if(strlen( trim( $passwd ) ) < 5)
301	+ return false;
302	+
303	+ if(strtolower( $passwd ) == strtolower( $username ) )
304	+ return false;
305	+
306	+ if(preg_match('/(?:password\|passwd\|mypass\|wordpress)/i', $passwd)){
307	+ return false;
308	+ }
309	+ if($num = preg_match_all( "/\d/", $passwd, $matches) ){
310	+ $strength += ((int)$num * 10);
311	+ }
312	+ if ( preg_match( "/[a-z]/", $passwd ) )
313	+ $strength += 26;
314	+ if ( preg_match( "/[A-Z]/", $passwd ) )
315	+ $strength += 26;
316	+ if ($num = preg_match_all( "/[^a-zA-Z0-9]/", $passwd, $matches)){
317	+ $strength += (31 * (int)$num);
318
319	+ }
320	+ if($strength > 60){
321	+ return true;
322	+ }
323	+ }
324
325	} ?>

network_security/views/miniorange_network_security_monitoring.php CHANGED Viewed

	@@ -22,7 +22,7 @@ function mo2f_show_2_factor_user_login_reports($user){
22	</h2>
23	</div>
24	<div style="width: 50%;">
25	- <input type="submit" style="margin: 1em 0;float: right;" class="button button-primary button-large" value="Clear Login Reports" />
26	</div>
27	</div>
28	</form>


22	</h2>
23	</div>
24	<div style="width: 50%;">
25	+ <input type="submit" style="margin: 1em 0;float: right;" class="button button-primary button-large" value="Clear Login Reports" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled';}?> />
26	</div>
27	</div>
28	</form>

readme.txt CHANGED Viewed

	@@ -3,9 +3,9 @@ Contributors: cyberlord92, twofactor
3	Tags: google authenticator, two factor authentication, two factor, 2FA, TFA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4	Donate link: https://miniorange.com/
5	Requires at least: 3.0.1
6	- Tested up to: 5.1
7	Requires PHP: 5.3.0
8	- Stable tag: 5.1.22
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
	@@ -232,6 +232,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
232
233	== Changelog ==
234



235	= 5.1.22 =
236	* Google Authenticator-Two Factor Authentication (2FA) : UI Fixes.
237
	@@ -599,6 +602,9 @@ More descriptive setup messages and UI changes.
599
600	== Upgrade Notice ==
601



602	= 5.1.22 =
603	* Google Authenticator-Two Factor Authentication (2FA) : UI Fixes.
604


3	Tags: google authenticator, two factor authentication, two factor, 2FA, TFA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4	Donate link: https://miniorange.com/
5	Requires at least: 3.0.1
6	+ Tested up to: 5.2
7	Requires PHP: 5.3.0
8	+ Stable tag: 5.2.0
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11

232
233	== Changelog ==
234
235	+ = 5.2.0 =
236	+ * Google Authenticator-Two Factor Authentication (2FA) : UI changes with more description.
237	+
238	= 5.1.22 =
239	* Google Authenticator-Two Factor Authentication (2FA) : UI Fixes.
240

602
603	== Upgrade Notice ==
604
605	+ = 5.2.0 =
606	+ * Google Authenticator-Two Factor Authentication (2FA) : UI changes with more description.
607	+
608	= 5.1.22 =
609	* Google Authenticator-Two Factor Authentication (2FA) : UI Fixes.
610

uninstall.php CHANGED Viewed

	@@ -203,6 +203,7 @@ delete_option( 'mo_2factor_login_status' );
203	delete_option( 'mo2f_configured_2_factor_method' );
204	delete_option( 'mo2f_enable_2fa' );
205	delete_option( 'kba_questions' );

206	//Network Security
207	delete_option( 'mo2f_enable_brute_force' );
208	delete_option( 'mo2f_ns_whitelist_ip' );


203	delete_option( 'mo2f_configured_2_factor_method' );
204	delete_option( 'mo2f_enable_2fa' );
205	delete_option( 'kba_questions' );
206	+ delete_option( 'mo2f_customerKey' );
207	//Network Security
208	delete_option( 'mo2f_enable_brute_force' );
209	delete_option( 'mo2f_ns_whitelist_ip' );

views/customer_registration.php CHANGED Viewed

	@@ -8,13 +8,17 @@
8	<div id="smsAlertModal" class="mo2f_modal mo2f_modal_inner fade" role="dialog" data-backdrop="static" data-keyboard="false" >
9	<div class="mo2f_modal-dialog" style="margin-left:30%;">
10	<!-- Modal content-->
11	- <div class="login mo_customer_validation-modal-content" style="width:660px !important;">
12	<div class="mo2f_modal-header">
13	<button type="button" id="mo2f_registration_closed" class="mo2f_close" data-dismiss="modal">×</button>
14	<h2 class="mo2f_modal-title">You are just one step away from setting up 2FA.</h2>
15	</div>
16	<div class="mo2f_modal-body">
17	-




18	<?php if ( $mo2f_message ) { ?>
19	<div style="padding:5px;">
20	<div class="alert alert-info" style="margin-bottom:0px;padding:3px;">
	@@ -37,7 +41,9 @@
37	</form>
38
39	<script>
40	-


41	jQuery(function () {
42	jQuery('#smsAlertModal').modal('toggle');
43	});


8	<div id="smsAlertModal" class="mo2f_modal mo2f_modal_inner fade" role="dialog" data-backdrop="static" data-keyboard="false" >
9	<div class="mo2f_modal-dialog" style="margin-left:30%;">
10	<!-- Modal content-->
11	+ <div class="login mo_customer_validation-modal-content" style="width:660px !important; margin-top:0%;">
12	<div class="mo2f_modal-header">
13	<button type="button" id="mo2f_registration_closed" class="mo2f_close" data-dismiss="modal">×</button>
14	<h2 class="mo2f_modal-title">You are just one step away from setting up 2FA.</h2>
15	</div>
16	<div class="mo2f_modal-body">
17	+ <span style="color:green;cursor: pointer;float:right;" onclick="show_content();">Why Register with miniOrange?</span><br>
18	+ <div id="mo2f_register" style="background-color:#f1f1f1;padding: 1px 4px 1px 14px;" hidden>
19	+ <p>miniOrange Two Factor plugin uses highly secure miniOrange APIs to communicate with the plugin. To keep this communication secure, we ask you to register and assign you API keys specific to your account.
20	+ This way your account and users can be only accessed by API keys assigned to you. Also, you can use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.</p>
21	+ </div>
22	<?php if ( $mo2f_message ) { ?>
23	<div style="padding:5px;">
24	<div class="alert alert-info" style="margin-bottom:0px;padding:3px;">

41	</form>
42
43	<script>
44	+ function show_content() {
45	+ jQuery('#mo2f_register').slideToggle();
46	+ }
47	jQuery(function () {
48	jQuery('#smsAlertModal').modal('toggle');
49	});

views/test_miniorange_push_notification CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php function mo2f_test_miniorange_push_notification( $user ) { ?>
2	- ~~<div style="width:200%;">~~
3	<h3><?php echo mo2f_lt( 'Test Push Notification' ); ?></h3>
4	<hr>
5	<div>
	@@ -30,7 +30,7 @@
30	<input type="hidden" name="mo2f_out_of_band_error_nonce"
31	value="<?php echo wp_create_nonce( "mo2f-out-of-band-error-nonce" ) ?>"/>
32	</form>
33	- ~~</div>~~
34	<script>
35	jQuery('#go_back').click(function () {
36	jQuery('#mo2f_go_back_form').submit();


1	<?php function mo2f_test_miniorange_push_notification( $user ) { ?>
2	+
3	<h3><?php echo mo2f_lt( 'Test Push Notification' ); ?></h3>
4	<hr>
5	<div>

30	<input type="hidden" name="mo2f_out_of_band_error_nonce"
31	value="<?php echo wp_create_nonce( "mo2f-out-of-band-error-nonce" ) ?>"/>
32	</form>
33	+
34	<script>
35	jQuery('#go_back').click(function () {
36	jQuery('#mo2f_go_back_form').submit();

Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.2.0

Version Description

Release Info

Code changes from version 5.1.22 to 5.2.0