Google Authenticator – WordPress Two Factor Authentication (2FA) -

Version Description

Google Authenticator-Two Factor Authentication (2FA) : Adding File Protection and Strong Password feature.

Release Info

Developer	cyberlord92
Plugin	Google Authenticator – WordPress Two Factor Authentication (2FA)
Version	5.2.2
Comparing to
See all releases

Code changes from version 5.2.1 to 5.2.2

Files changed (20) hide show

class-customer-setup.php +13 -12
class-miniorange-2-factor-pass2fa-login.php +6 -3
class-rba-attributes.php +7 -7
class-two-factor-setup.php +9 -9
miniorange_2_factor_common_login.php +2 -2
miniorange_2_factor_configuration.php +27 -15
miniorange_2_factor_mobile_configuration.php +10 -10
miniorange_2_factor_settings.php +5 -4
network_security/class_miniorange_2fa_network_security.php +24 -6
network_security/class_miniorange_2fa_network_security_content_protection.php +77 -0
network_security/miniorange_2_factor_network_security_view.php +2 -1
network_security/strong_password/class_miniorange_2fa_strong_password.php +63 -0
network_security/views/miniorange_network_security_content_protection.php +31 -0
network_security/views/miniorange_network_security_strong_password.php +36 -0
readme.txt +80 -35
views/configure_miniorange_authenticator +2 -2
views/customer_registration.php +6 -3
views/test_email_verification +1 -1
views/test_miniorange_push_notification +1 -1
views/test_miniorange_qr_code_authentication +1 -1

class-customer-setup.php CHANGED Viewed

	@@ -39,7 +39,7 @@ class Customer_Setup {
39	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
40	}
41
42	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . "/moas/rest/customer/check-if-exists";
43	$ch = curl_init( $url );
44	$email = get_option( "mo2f_email" );
45
	@@ -86,7 +86,7 @@ class Customer_Setup {
86
87	function send_email_alert( $email, $phone, $message ) {
88
89	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/notify/send';
90	$ch = curl_init( $url );
91
92	$customerKey = "16555";
	@@ -125,9 +125,9 @@ class Customer_Setup {
125	'email' => array(
126	'customerKey' => $customerKey,
127	'fromEmail' => $fromEmail,
128	- 'fromName' => '~~miniOrange~~',
129	- 'toEmail' => '2fasupport@~~miniorange~~.com',
130	- 'toName' => '2fasupport@~~miniorange~~.com',
131	'subject' => $subject,
132	'content' => $content
133	),
	@@ -161,7 +161,7 @@ class Customer_Setup {
161	}
162
163	function get_timestamp() {
164	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/mobile/get-timestamp';
165	$ch = curl_init( $url );
166
167	curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
	@@ -208,7 +208,7 @@ class Customer_Setup {
208	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
209	}
210
211	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/customer/add';
212	$ch = curl_init( $url );
213	global $user;
214	$user = wp_get_current_user();
	@@ -277,7 +277,7 @@ class Customer_Setup {
277	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
278	}
279
280	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . "/moas/rest/customer/key";
281	$ch = curl_init( $url );
282	$email = get_option( "mo2f_email" );
283	$password = get_option( "mo2f_password" );
	@@ -334,7 +334,7 @@ class Customer_Setup {
334	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
335	}
336
337	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/auth/challenge';
338	$ch = curl_init( $url );
339
340	/* The customer Key provided to you */
	@@ -421,7 +421,7 @@ class Customer_Setup {
421
422	function get_customer_transactions( $cKey, $apiKey ) {
423
424	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/customer/license';
425	$ch = curl_init( $url );
426
427	$customerKey = $cKey;
	@@ -499,7 +499,7 @@ class Customer_Setup {
499	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
500	}
501
502	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/auth/validate';
503	$ch = curl_init( $url );
504
505	/* The customer Key provided to you */
	@@ -597,7 +597,7 @@ class Customer_Setup {
597	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
598	}
599
600	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . "/moas/rest/customer/contact-us";
601	$ch = curl_init( $url );
602	global $user;
603	$user = wp_get_current_user();
	@@ -619,6 +619,7 @@ class Customer_Setup {
619	'lastName' => $user->user_lastname,
620	'company' => $_SERVER['SERVER_NAME'],
621	'email' => $q_email,

622	'phone' => $q_phone,
623	'query' => $query
624	);


39	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
40	}
41
42	+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
43	$ch = curl_init( $url );
44	$email = get_option( "mo2f_email" );
45

86
87	function send_email_alert( $email, $phone, $message ) {
88
89	+ $url = MO_HOST_NAME . '/moas/api/notify/send';
90	$ch = curl_init( $url );
91
92	$customerKey = "16555";

125	'email' => array(
126	'customerKey' => $customerKey,
127	'fromEmail' => $fromEmail,
128	+ 'fromName' => 'Xecurify',
129	+ 'toEmail' => '2fasupport@xecurify.com',
130	+ 'toName' => '2fasupport@xecurify.com',
131	'subject' => $subject,
132	'content' => $content
133	),

161	}
162
163	function get_timestamp() {
164	+ $url = MO_HOST_NAME . '/moas/rest/mobile/get-timestamp';
165	$ch = curl_init( $url );
166
167	curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );

208	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
209	}
210
211	+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
212	$ch = curl_init( $url );
213	global $user;
214	$user = wp_get_current_user();

277	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
278	}
279
280	+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
281	$ch = curl_init( $url );
282	$email = get_option( "mo2f_email" );
283	$password = get_option( "mo2f_password" );

334	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
335	}
336
337	+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
338	$ch = curl_init( $url );
339
340	/* The customer Key provided to you */

421
422	function get_customer_transactions( $cKey, $apiKey ) {
423
424	+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
425	$ch = curl_init( $url );
426
427	$customerKey = $cKey;

499	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
500	}
501
502	+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
503	$ch = curl_init( $url );
504
505	/* The customer Key provided to you */

597	return json_encode( array( "status" => 'ERROR', "message" => $message ) );
598	}
599
600	+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
601	$ch = curl_init( $url );
602	global $user;
603	$user = wp_get_current_user();

619	'lastName' => $user->user_lastname,
620	'company' => $_SERVER['SERVER_NAME'],
621	'email' => $q_email,
622	+ 'ccEmail' => '2fasupport@xecurify.com',
623	'phone' => $q_phone,
624	'query' => $query
625	);

class-miniorange-2-factor-pass2fa-login.php CHANGED Viewed

	@@ -1002,11 +1002,13 @@ class Miniorange_Password_2Factor_Login {
1002
1003	}
1004	} else {
1005	- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );

1006	}
1007
1008	} else { //plugin is not activated for current role then logged him in without asking 2 factor
1009	- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );

1010	}
1011
1012	}
	@@ -1099,7 +1101,8 @@ class Miniorange_Password_2Factor_Login {
1099
1100	if(is_wp_error( $error)){
1101	return $error;
1102	- }

1103
1104	}
1105	}


1002
1003	}
1004	} else {
1005	+ //$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1006	+ return $currentuser;
1007	}
1008
1009	} else { //plugin is not activated for current role then logged him in without asking 2 factor
1010	+ //$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1011	+ return $currentuser;
1012	}
1013
1014	}

1101
1102	if(is_wp_error( $error)){
1103	return $error;
1104	+ }
1105	+ return $error;
1106
1107	}
1108	}

class-rba-attributes.php CHANGED Viewed

	@@ -33,7 +33,7 @@ class Miniorange_Rba_Attributes {
33	return $this->get_curl_error_message();
34	}
35
36	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/rba/acs';
37	$customerKey = get_option( 'mo2f_customerKey' );
38	$field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
39
	@@ -72,7 +72,7 @@ class Miniorange_Rba_Attributes {
72	}
73
74	function get_timestamp() {
75	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/mobile/get-timestamp';
76	$ch = curl_init( $url );
77
78	curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
	@@ -163,7 +163,7 @@ class Miniorange_Rba_Attributes {
163	return $this->get_curl_error_message();
164	}
165
166	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/rba/evaluate-risk';
167	$customerKey = get_option( 'mo2f_customerKey' );
168	$field_string = array(
169	'customerKey' => $customerKey,
	@@ -183,7 +183,7 @@ class Miniorange_Rba_Attributes {
183	return $this->get_curl_error_message();
184	}
185
186	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/rba/register-profile';
187	$customerKey = get_option( 'mo2f_customerKey' );
188	$field_string = array(
189	'customerKey' => $customerKey,
	@@ -202,7 +202,7 @@ class Miniorange_Rba_Attributes {
202	return $this->get_curl_error_message();
203	}
204
205	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/customer/getapp-secret';
206	$customerKey = get_option( 'mo2f_customerKey' );
207	$field_string = array(
208	'customerId' => $customerKey
	@@ -219,7 +219,7 @@ class Miniorange_Rba_Attributes {
219	return $this->get_curl_error_message();
220	}
221
222	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/auth/google-auth-secret';
223	$customerKey = get_option( 'mo2f_customerKey' );
224	$field_string = array(
225	'customerKey' => $customerKey,
	@@ -239,7 +239,7 @@ class Miniorange_Rba_Attributes {
239	}
240
241
242	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/auth/validate-google-auth-secret';
243
244	$customerKey = get_option( 'mo2f_customerKey' );
245	$field_string = array(


33	return $this->get_curl_error_message();
34	}
35
36	+ $url = MO_HOST_NAME . '/moas/rest/rba/acs';
37	$customerKey = get_option( 'mo2f_customerKey' );
38	$field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
39

72	}
73
74	function get_timestamp() {
75	+ $url = MO_HOST_NAME . '/moas/rest/mobile/get-timestamp';
76	$ch = curl_init( $url );
77
78	curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );

163	return $this->get_curl_error_message();
164	}
165
166	+ $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
167	$customerKey = get_option( 'mo2f_customerKey' );
168	$field_string = array(
169	'customerKey' => $customerKey,

183	return $this->get_curl_error_message();
184	}
185
186	+ $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
187	$customerKey = get_option( 'mo2f_customerKey' );
188	$field_string = array(
189	'customerKey' => $customerKey,

202	return $this->get_curl_error_message();
203	}
204
205	+ $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
206	$customerKey = get_option( 'mo2f_customerKey' );
207	$field_string = array(
208	'customerId' => $customerKey

219	return $this->get_curl_error_message();
220	}
221
222	+ $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
223	$customerKey = get_option( 'mo2f_customerKey' );
224	$field_string = array(
225	'customerKey' => $customerKey,

239	}
240
241
242	+ $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
243
244	$customerKey = get_option( 'mo2f_customerKey' );
245	$field_string = array(

class-two-factor-setup.php CHANGED Viewed

	@@ -33,7 +33,7 @@ class Two_Factor_Setup {
33	return $this->get_curl_error_message();
34	}
35
36	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/auth/auth-status';
37	$fields = array(
38	'txId' => $tId
39	);
	@@ -73,7 +73,7 @@ class Two_Factor_Setup {
73	}
74
75	function get_timestamp() {
76	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/rest/mobile/get-timestamp';
77	$ch = curl_init( $url );
78
79	curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
	@@ -164,7 +164,7 @@ class Two_Factor_Setup {
164	return $this->get_curl_error_message();
165	}
166
167	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/auth/register-mobile';
168	$customerKey = get_option( 'mo2f_customerKey' );
169	$fields = array(
170	'customerId' => $customerKey,
	@@ -182,7 +182,7 @@ class Two_Factor_Setup {
182	return $this->get_curl_error_message();
183	}
184
185	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/admin/users/search';
186	$customerKey = get_option( 'mo2f_customerKey' );
187	$fields = array(
188	'customerKey' => $customerKey,
	@@ -200,7 +200,7 @@ class Two_Factor_Setup {
200	return $this->get_curl_error_message();
201	}
202
203	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/admin/users/create';
204	$customerKey = get_option( 'mo2f_customerKey' );
205	$fields = array(
206	'customerKey' => $customerKey,
	@@ -220,7 +220,7 @@ class Two_Factor_Setup {
220	return $this->get_curl_error_message();
221	}
222
223	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/admin/users/get';
224	$customerKey = get_option( 'mo2f_customerKey' );
225	$fields = array(
226	'customerKey' => $customerKey,
	@@ -237,8 +237,8 @@ class Two_Factor_Setup {
237	if ( ! MO2f_Utility::is_curl_installed() ) {
238	return $this->get_curl_error_message();
239	}
240	-
241	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/admin/users/update';
242	$customerKey = get_option( 'mo2f_customerKey' );
243	$fields = array(
244	'customerKey' => $customerKey,
	@@ -259,7 +259,7 @@ class Two_Factor_Setup {
259	return $this->get_curl_error_message();
260	}
261
262	- $url = ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/api/auth/register';
263	$customerKey = get_option( 'mo2f_customerKey' );
264	$q_and_a_list = "[{\"question\":\"" . $question1 . "\",\"answer\":\"" . $answer1 . "\" },{\"question\":\"" . $question2 . "\",\"answer\":\"" . $answer2 . "\" },{\"question\":\"" . $question3 . "\",\"answer\":\"" . $answer3 . "\" }]";
265	$field_string = "{\"customerKey\":\"" . $customerKey . "\",\"username\":\"" . $email . "\",\"questionAnswerList\":" . $q_and_a_list . "}";


33	return $this->get_curl_error_message();
34	}
35
36	+ $url = MO_HOST_NAME . '/moas/api/auth/auth-status';
37	$fields = array(
38	'txId' => $tId
39	);

73	}
74
75	function get_timestamp() {
76	+ $url = MO_HOST_NAME . '/moas/rest/mobile/get-timestamp';
77	$ch = curl_init( $url );
78
79	curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );

164	return $this->get_curl_error_message();
165	}
166
167	+ $url = MO_HOST_NAME . '/moas/api/auth/register-mobile';
168	$customerKey = get_option( 'mo2f_customerKey' );
169	$fields = array(
170	'customerId' => $customerKey,

182	return $this->get_curl_error_message();
183	}
184
185	+ $url = MO_HOST_NAME . '/moas/api/admin/users/search';
186	$customerKey = get_option( 'mo2f_customerKey' );
187	$fields = array(
188	'customerKey' => $customerKey,

200	return $this->get_curl_error_message();
201	}
202
203	+ $url = MO_HOST_NAME . '/moas/api/admin/users/create';
204	$customerKey = get_option( 'mo2f_customerKey' );
205	$fields = array(
206	'customerKey' => $customerKey,

220	return $this->get_curl_error_message();
221	}
222
223	+ $url = MO_HOST_NAME . '/moas/api/admin/users/get';
224	$customerKey = get_option( 'mo2f_customerKey' );
225	$fields = array(
226	'customerKey' => $customerKey,

237	if ( ! MO2f_Utility::is_curl_installed() ) {
238	return $this->get_curl_error_message();
239	}
240	+
241	+ $url = MO_HOST_NAME . '/moas/api/admin/users/update';
242	$customerKey = get_option( 'mo2f_customerKey' );
243	$fields = array(
244	'customerKey' => $customerKey,

259	return $this->get_curl_error_message();
260	}
261
262	+ $url = MO_HOST_NAME . '/moas/api/auth/register';
263	$customerKey = get_option( 'mo2f_customerKey' );
264	$q_and_a_list = "[{\"question\":\"" . $question1 . "\",\"answer\":\"" . $answer1 . "\" },{\"question\":\"" . $question2 . "\",\"answer\":\"" . $answer2 . "\" },{\"question\":\"" . $question3 . "\",\"answer\":\"" . $answer3 . "\" }]";
265	$field_string = "{\"customerKey\":\"" . $customerKey . "\",\"username\":\"" . $email . "\",\"questionAnswerList\":" . $q_and_a_list . "}";

miniorange_2_factor_common_login.php CHANGED Viewed

	@@ -464,7 +464,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
464	function pollPushValidation() {
465	var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
466	var jsonString = "{\"txId\":\"" + transId + "\"}";
467	- var postUrl = "<?php echo ~~get_option( 'mo2f_host_name' )~~; ?>" + "/moas/api/auth/auth-status";
468
469	jQuery.ajax({
470	url: postUrl,
	@@ -603,7 +603,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
603	function pollMobileValidation() {
604	var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
605	var jsonString = "{\"txId\":\"" + transId + "\"}";
606	- var postUrl = "<?php echo ~~get_option( 'mo2f_host_name' )~~; ?>" + "/moas/api/auth/auth-status";
607	jQuery.ajax({
608	url: postUrl,
609	type: "POST",


464	function pollPushValidation() {
465	var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
466	var jsonString = "{\"txId\":\"" + transId + "\"}";
467	+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
468
469	jQuery.ajax({
470	url: postUrl,

603	function pollMobileValidation() {
604	var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
605	var jsonString = "{\"txId\":\"" + transId + "\"}";
606	+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
607	jQuery.ajax({
608	url: postUrl,
609	type: "POST",

miniorange_2_factor_configuration.php CHANGED Viewed

	@@ -126,6 +126,8 @@ function mo_2_factor_register( $user ) {
126
127	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=show_2_factor_ip_block" class="tablinks <?php echo $mo2f_sub_active_tab == 'show_2_factor_ip_block' ? 'active' : ''; ?>" id="mo2f_tab4"><?php echo mo2f_lt( 'IP Blocking' ); ?></a>
128	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=mo2f_monitor" class="tablinks <?php echo $mo2f_sub_active_tab == 'mo2f_monitor' ? 'active' : ''; ?>" id="mo2f_tab3"><?php echo mo2f_lt( 'Monitoring' ); ?></a>


129	<a id="mo2f_account" href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=2factor_setup"
130	class="tablinks <?php echo $mo2f_sub_active_tab == '2factor_setup' ? 'active' : ''; ?>"
131	> <?php echo $account_tab_name; ?></a>
	@@ -154,7 +156,15 @@ function mo_2_factor_register( $user ) {
154	MO2f_Utility::unset_session_variables( $session_variables );
155	do_action('mo2f_network_view_brute_force',$user);
156	// show_2_factor_login_security($user);
157	- } else if ( $can_display_admin_features && ($mo2f_sub_active_tab == '~~show_2_factor_ip_block~~' ~~\|\|$mo2f_sub_active_tab == 'mo2f_ip'~~ )) {








158	MO2f_Utility::unset_session_variables( $session_variables );
159	// show_2_factor_ip_block($user);
160	do_action('mo2f_network_view_ip_blocking',$user);
	@@ -182,6 +192,7 @@ function mo_2_factor_register( $user ) {
182	show_2_factor_pricing_page( $user );
183	}else {
184	MO2f_Utility::unset_session_variables( $session_variables );

185
186	if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_miniorange_admin' ) != $user->ID ) {
187	if ( in_array( $mo_2factor_user_registration_status, array(
	@@ -399,16 +410,17 @@ function mo2f_show_registration_page( $user ) {
399	</div>
400	</div>
401	</form>
402	- <form name="f" method="post" action="" id="mo2f_verify_customerform">
403	<input type="hidden" name="option" value="mo2f_goto_verifycustomer">
404	<input type="hidden" name="mo2f_goto_verifycustomer_nonce"
405	value="<?php echo wp_create_nonce( "mo2f-goto-verifycustomer-nonce" ) ?>"/>
406	</form>

407
408	<script>
409
410	jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
411	- jQuery('#mo2f_verify_customerform').submit();
412	});
413
414
	@@ -538,11 +550,11 @@ function mo2f_rba_description($mo2f_user_email) {?>
538	</div>
539
540	<form style="display:none;" id="mo2fa_loginform"
541	- action="<?php echo ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/login'; ?>"
542	target="_blank" method="post">
543	<input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
544	<input type="text" name="redirectUrl"
545	- value="<?php echo ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/initializepayment'; ?>"/>
546	<input type="text" name="requestOrigin" id="requestOrigin"/>
547	</form>
548	<script>
	@@ -723,11 +735,11 @@ function mo2f_shortcode_description($mo2f_user_email) {
723
724	</div>
725	<form style="display:none;" id="mo2fa_loginform"
726	- action="<?php echo ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/login'; ?>"
727	target="_blank" method="post">
728	<input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
729	<input type="text" name="redirectUrl"
730	- value="<?php echo ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/initializepayment'; ?>"/>
731	<input type="text" name="requestOrigin" id="requestOrigin"/>
732	</form>
733	<script>
	@@ -843,7 +855,7 @@ function show_2_factor_proxy_setup( $user ) {
843	</form>
844	<?php }
845	function show_2_factor_custom_form($user){?>
846	- <div style="margin:4% 4% 0% 4%;">
847	<span style="font-weight:bold;font-size:18px;">Custom Login Forms</span>
848	<p>We support most of the login forms present on the wordpress. And our plugin is tested with almost all the forms like Woocommerce, Ultimate Member, Restrict Content Pro and so on.</p>
849	<ul>
	@@ -944,7 +956,7 @@ function show_2_factor_login_settings( $user ) {
944	<div class="mo2f_collapse" id="preview9" style="height:300px;">
945	<center><br>
946	<img style="height:300px;"
947	- src="https://~~auth~~.~~miniorange~~.com/moas/images/help/login-help-1.png">
948	</center>
949	</div>
950	<div class="mo2f_advanced_options_note"><p style="padding:5px;">
	@@ -967,7 +979,7 @@ function show_2_factor_login_settings( $user ) {
967	<div class="mo2f_collapse" id="preview8" style="height:300px;">
968	<center><br>
969	<img style="height:300px;"
970	- src="https://~~auth~~.~~miniorange~~.com/moas/images/help/login-help-3.png">
971	</center>
972	</div>
973	<br>
	@@ -1186,7 +1198,7 @@ function get_standard_premium_options( $user ) {
1186	<div class="mo2f_collapse" id="preview7" style="height:300px;">
1187	<center><br>
1188	<img style="height:300px;"
1189	- src="https://~~auth~~.~~miniorange~~.com/moas/images/help/login-help-1.png">
1190	</center>
1191
1192	</div>
	@@ -1199,7 +1211,7 @@ function get_standard_premium_options( $user ) {
1199	<div class="mo2f_collapse" id="preview6" style="height:300px;">
1200	<center><br>
1201	<img style="height:300px;"
1202	- src="https://~~auth~~.~~miniorange~~.com/moas/images/help/login-help-3.png">
1203	</center>
1204	</div>
1205	<br>
	@@ -1260,7 +1272,7 @@ function get_standard_premium_options( $user ) {
1260	<div class="mo2f_collapse" id="preview3" style="height:300px;">
1261	<center><br>
1262	<img style="height:300px;"
1263	- src="https://~~auth~~.~~miniorange~~.com/moas/images/help/login-help-1.png">
1264	</center>
1265
1266	</div>
	@@ -1273,7 +1285,7 @@ function get_standard_premium_options( $user ) {
1273	<div class="mo2f_collapse" id="preview4" style="height:300px;">
1274	<center><br>
1275	<img style="height:300px;"
1276	- src="https://~~auth~~.~~miniorange~~.com/moas/images/help/login-help-3.png">
1277	</center>
1278	</div>
1279	<br>
	@@ -1434,7 +1446,7 @@ function mo2f_show_verify_password_page() {
1434	<?php } ?>
1435	<div id="panel1">
1436	<p><a style="float:right;font-weight:bold; color:orange" target="_blank"
1437	- href="https://~~auth~~.~~miniorange~~.com/moas/idp/resetpassword"><?php echo mo2f_lt( 'FORGOT PASSWORD?' ); ?></a>
1438	</p>
1439	<br>
1440	<table class="mo2f_settings_table">


126
127	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=show_2_factor_ip_block" class="tablinks <?php echo $mo2f_sub_active_tab == 'show_2_factor_ip_block' ? 'active' : ''; ?>" id="mo2f_tab4"><?php echo mo2f_lt( 'IP Blocking' ); ?></a>
128	<a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=mo2f_monitor" class="tablinks <?php echo $mo2f_sub_active_tab == 'mo2f_monitor' ? 'active' : ''; ?>" id="mo2f_tab3"><?php echo mo2f_lt( 'Monitoring' ); ?></a>
129	+ <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=mo2f_strong_password" class="tablinks <?php echo $mo2f_sub_active_tab == 'mo2f_strong_password' ? ' active' : ''; ?>" id="mo2f_tab7"><?php echo mo2f_lt( 'Strong Password' ) ; ?></a>
130	+ <a href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=mo2f_content_protection" class="tablinks <?php echo $mo2f_sub_active_tab == 'mo2f_content_protection' ? ' active' : ''; ?>" id="mo2f_tab8"><?php echo mo2f_lt( 'File Protection' ) ; ?></a>
131	<a id="mo2f_account" href="admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_network&mo2f_sub_tab=2factor_setup"
132	class="tablinks <?php echo $mo2f_sub_active_tab == '2factor_setup' ? 'active' : ''; ?>"
133	> <?php echo $account_tab_name; ?></a>

156	MO2f_Utility::unset_session_variables( $session_variables );
157	do_action('mo2f_network_view_brute_force',$user);
158	// show_2_factor_login_security($user);
159	+ } else if ( $can_display_admin_features && $mo2f_sub_active_tab == 'mo2f_strong_password' ) {
160	+ MO2f_Utility::unset_session_variables( $session_variables );
161	+ do_action('mo2f_network_view_strong_password',$user);
162	+ // show_2_factor_login_security($user);
163	+ } else if ( $can_display_admin_features && ($mo2f_sub_active_tab == 'mo2f_content_protection')) {
164	+ MO2f_Utility::unset_session_variables( $session_variables );
165	+ // show_2_factor_ip_block($user);
166	+ do_action('mo2f_network_view_content_protection',$user);
167	+ } else if ( $can_display_admin_features && ($mo2f_sub_active_tab == 'show_2_factor_ip_block' \|\|$mo2f_sub_active_tab == 'mo2f_ip' )) {
168	MO2f_Utility::unset_session_variables( $session_variables );
169	// show_2_factor_ip_block($user);
170	do_action('mo2f_network_view_ip_blocking',$user);

192	show_2_factor_pricing_page( $user );
193	}else {
194	MO2f_Utility::unset_session_variables( $session_variables );
195	+
196
197	if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_miniorange_admin' ) != $user->ID ) {
198	if ( in_array( $mo_2factor_user_registration_status, array(

410	</div>
411	</div>
412	</form>
413	+ <form name="f" method="post" action="" class="mo2f_verify_customerform">
414	<input type="hidden" name="option" value="mo2f_goto_verifycustomer">
415	<input type="hidden" name="mo2f_goto_verifycustomer_nonce"
416	value="<?php echo wp_create_nonce( "mo2f-goto-verifycustomer-nonce" ) ?>"/>
417	</form>
418	+ <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
419
420	<script>
421
422	jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
423	+ jQuery('.mo2f_verify_customerform').submit();
424	});
425
426

550	</div>
551
552	<form style="display:none;" id="mo2fa_loginform"
553	+ action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
554	target="_blank" method="post">
555	<input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
556	<input type="text" name="redirectUrl"
557	+ value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
558	<input type="text" name="requestOrigin" id="requestOrigin"/>
559	</form>
560	<script>

735
736	</div>
737	<form style="display:none;" id="mo2fa_loginform"
738	+ action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
739	target="_blank" method="post">
740	<input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
741	<input type="text" name="redirectUrl"
742	+ value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
743	<input type="text" name="requestOrigin" id="requestOrigin"/>
744	</form>
745	<script>

855	</form>
856	<?php }
857	function show_2_factor_custom_form($user){?>
858	+ <div style="margin:2% 2% 0% 2%;">
859	<span style="font-weight:bold;font-size:18px;">Custom Login Forms</span>
860	<p>We support most of the login forms present on the wordpress. And our plugin is tested with almost all the forms like Woocommerce, Ultimate Member, Restrict Content Pro and so on.</p>
861	<ul>

956	<div class="mo2f_collapse" id="preview9" style="height:300px;">
957	<center><br>
958	<img style="height:300px;"
959	+ src="https://login.xecurify.com/moas/images/help/login-help-1.png">
960	</center>
961	</div>
962	<div class="mo2f_advanced_options_note"><p style="padding:5px;">

979	<div class="mo2f_collapse" id="preview8" style="height:300px;">
980	<center><br>
981	<img style="height:300px;"
982	+ src="https://login.xecurify.com/moas/images/help/login-help-3.png">
983	</center>
984	</div>
985	<br>

1198	<div class="mo2f_collapse" id="preview7" style="height:300px;">
1199	<center><br>
1200	<img style="height:300px;"
1201	+ src="https://login.xecurify.com/moas/images/help/login-help-1.png">
1202	</center>
1203
1204	</div>

1211	<div class="mo2f_collapse" id="preview6" style="height:300px;">
1212	<center><br>
1213	<img style="height:300px;"
1214	+ src="https://login.xecurify.com/moas/images/help/login-help-3.png">
1215	</center>
1216	</div>
1217	<br>

1272	<div class="mo2f_collapse" id="preview3" style="height:300px;">
1273	<center><br>
1274	<img style="height:300px;"
1275	+ src="https://login.xecurify.com/moas/images/help/login-help-1.png">
1276	</center>
1277
1278	</div>

1285	<div class="mo2f_collapse" id="preview4" style="height:300px;">
1286	<center><br>
1287	<img style="height:300px;"
1288	+ src="https://login.xecurify.com/moas/images/help/login-help-3.png">
1289	</center>
1290	</div>
1291	<br>

1446	<?php } ?>
1447	<div id="panel1">
1448	<p><a style="float:right;font-weight:bold; color:orange" target="_blank"
1449	+ href="https://login.xecurify.com/moas/idp/resetpassword"><?php echo mo2f_lt( 'FORGOT PASSWORD?' ); ?></a>
1450	</p>
1451	<br>
1452	<table class="mo2f_settings_table">

miniorange_2_factor_mobile_configuration.php CHANGED Viewed

	@@ -301,7 +301,7 @@ function mo2f_show_instruction_to_allusers( $user, $mo2f_second_factor ) {
301	<tr style="height:40px;">
302	<td style="border-right-color:white;" colspan="2"><a
303	target="_blank"
304	- href="https://~~auth~~.~~miniorange~~.com/moas/idp/resetpassword"><b>  <?php echo mo2f_lt( 'Click Here' ); ?>
305	</a> <?php echo mo2f_lt( " to reset your miniOrange account's password." ); ?></b>
306	</td>
307
	@@ -917,8 +917,8 @@ function show_2_factor_pricing_page( $user ) {
917	"Brute Force Protection",
918	"Blocking IP",
919	"Monitoring",
920	- // "Strong Password",
921	- // "File Protection",
922	"Enable 2FA for specific User Roles",
923	"Enable 2FA for specific Users",
924	"Choose specific authentication methods for Users",
	@@ -976,8 +976,8 @@ function show_2_factor_pricing_page( $user ) {
976	"Brute Force Protection" => array( true, false, false, true ),
977	"Blocking IP" => array( true, false, false, true ),
978	"Monitoring" => array( true, false, false, true ),
979	- // "Strong Password" => array( true, false, false, true ),
980	- // "File Protection" => array( true, false, false, true ),
981	"Enable 2FA for specific User Roles" => array( false, false, true, true ),
982	"Enable 2FA for specific Users" => array( false, false, true, true ),
983	"Choose specific authentication methods for Users" => array( false, false, true, true ),
	@@ -1020,8 +1020,8 @@ function show_2_factor_pricing_page( $user ) {
1020	"Brute Force Protection" => array( true, false, false, true ),
1021	"Blocking IP" => array( true, false, false, true ),
1022	"Monitoring" => array( true, false, false, true ),
1023	- // "Strong Password" => array( true, false, false, true ),
1024	- //"File Protection" => array( true, false, false, true ),
1025	"User role based redirection after Login" => array( false, true, true, true ),
1026	"Add custom Security Questions (KBA)" => array( false, true, true, true ),
1027	"Customize account name in Google Authenticator app" => array( false, true, true, true ),
	@@ -1316,7 +1316,7 @@ function show_2_factor_pricing_page( $user ) {
1316	<div>
1317	<h2>Contact Us</h2>
1318	<p class="mo2f_licensing_plans_ol"><?php echo mo2f_lt( 'If you have any doubts regarding the licensing plans, you can mail us at' ); ?>
1319	- <a href="mailto:info@~~miniorange~~.com"><i>info@~~miniorange~~.com</i></a> <?php echo mo2f_lt( 'or submit a query using the support form.' ); ?>
1320	</p>
1321	</div>
1322	<br>
	@@ -1324,11 +1324,11 @@ function show_2_factor_pricing_page( $user ) {
1324	<br>
1325
1326	<form class="mo2f_display_none_forms" id="mo2fa_loginform"
1327	- action="<?php echo ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/login'; ?>"
1328	target="_blank" method="post">
1329	<input type="email" name="username" value="<?php echo get_option( 'mo2f_email' ); ?>"/>
1330	<input type="text" name="redirectUrl"
1331	- value="<?php echo ~~get_option(~~ ~~'mo2f_host_name' )~~ . '/moas/initializepayment'; ?>"/>
1332	<input type="text" name="requestOrigin" id="requestOrigin"/>
1333	</form>
1334


301	<tr style="height:40px;">
302	<td style="border-right-color:white;" colspan="2"><a
303	target="_blank"
304	+ href="https://login.xecurify.com/moas/idp/resetpassword"><b>  <?php echo mo2f_lt( 'Click Here' ); ?>
305	</a> <?php echo mo2f_lt( " to reset your miniOrange account's password." ); ?></b>
306	</td>
307

917	"Brute Force Protection",
918	"Blocking IP",
919	"Monitoring",
920	+ "Strong Password",
921	+ "File Protection",
922	"Enable 2FA for specific User Roles",
923	"Enable 2FA for specific Users",
924	"Choose specific authentication methods for Users",

976	"Brute Force Protection" => array( true, false, false, true ),
977	"Blocking IP" => array( true, false, false, true ),
978	"Monitoring" => array( true, false, false, true ),
979	+ "Strong Password" => array( true, false, false, true ),
980	+ "File Protection" => array( true, false, false, true ),
981	"Enable 2FA for specific User Roles" => array( false, false, true, true ),
982	"Enable 2FA for specific Users" => array( false, false, true, true ),
983	"Choose specific authentication methods for Users" => array( false, false, true, true ),

1020	"Brute Force Protection" => array( true, false, false, true ),
1021	"Blocking IP" => array( true, false, false, true ),
1022	"Monitoring" => array( true, false, false, true ),
1023	+ "Strong Password" => array( true, false, false, true ),
1024	+ "File Protection" => array( true, false, false, true ),
1025	"User role based redirection after Login" => array( false, true, true, true ),
1026	"Add custom Security Questions (KBA)" => array( false, true, true, true ),
1027	"Customize account name in Google Authenticator app" => array( false, true, true, true ),

1316	<div>
1317	<h2>Contact Us</h2>
1318	<p class="mo2f_licensing_plans_ol"><?php echo mo2f_lt( 'If you have any doubts regarding the licensing plans, you can mail us at' ); ?>
1319	+ <a href="mailto:info@xecurify.com"><i>info@xecurify.com</i></a> <?php echo mo2f_lt( 'or submit a query using the support form.' ); ?>
1320	</p>
1321	</div>
1322	<br>

1324	<br>
1325
1326	<form class="mo2f_display_none_forms" id="mo2fa_loginform"
1327	+ action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
1328	target="_blank" method="post">
1329	<input type="email" name="username" value="<?php echo get_option( 'mo2f_email' ); ?>"/>
1330	<input type="text" name="redirectUrl"
1331	+ value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
1332	<input type="text" name="requestOrigin" id="requestOrigin"/>
1333	</form>
1334

miniorange_2_factor_settings.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: https://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6	- * Version: 5.2.1
7	* Author: miniOrange
8	* Author URI: https://miniorange.com
9	* License: GPL2
	@@ -26,7 +26,8 @@ require( 'class-miniorange-2-factor-pass2fa-login.php' );
26	require('resources/constants.php');
27	require('resources/messages.php');
28	define( 'MOAUTH_PATH', plugins_url( __FILE__ ) );
29	- define( 'MO2F_VERSION', '5.2.1' );

30
31
32	class Miniorange_Authentication {
	@@ -409,7 +410,7 @@ class Miniorange_Authentication {
409	function mo_auth_login_options() {
410	global $user;
411	$user = wp_get_current_user();
412	- update_option( 'mo2f_host_name', 'https://~~auth~~.~~miniorange~~.com' );
413	mo_2_factor_register( $user );
414	}
415
	@@ -2653,7 +2654,7 @@ class Miniorange_Authentication {
2653
2654	do_action('mo2f_network_create_db');
2655
2656	- update_option( 'mo2f_host_name', 'https://~~auth~~.~~miniorange~~.com' );
2657	update_option('mo2f_data_storage',null);
2658	global $Mo2fdbQueries;
2659	$Mo2fdbQueries->mo_plugin_activate();


3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: https://miniorange.com
5	* Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6	+ * Version: 5.2.2
7	* Author: miniOrange
8	* Author URI: https://miniorange.com
9	* License: GPL2

26	require('resources/constants.php');
27	require('resources/messages.php');
28	define( 'MOAUTH_PATH', plugins_url( __FILE__ ) );
29	+ define( 'MO2F_VERSION', '5.2.2' );
30	+ define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
31
32
33	class Miniorange_Authentication {

410	function mo_auth_login_options() {
411	global $user;
412	$user = wp_get_current_user();
413	+ update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
414	mo_2_factor_register( $user );
415	}
416

2654
2655	do_action('mo2f_network_create_db');
2656
2657	+ update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
2658	update_option('mo2f_data_storage',null);
2659	global $Mo2fdbQueries;
2660	$Mo2fdbQueries->mo_plugin_activate();

network_security/class_miniorange_2fa_network_security.php CHANGED Viewed

	@@ -3,6 +3,8 @@
3	require('miniorange_handler.php');
4	require('integrations/class_buddypress.php');
5	include ('miniorange_2_factor_network_security_view.php');


6
7	class class_miniorange_2fa_network_security {
8
	@@ -24,11 +26,27 @@ class class_miniorange_2fa_network_security {
24	add_action( 'wp_login_failed', array( $this, 'mo2f_ns_login_failed' ) );
25	}
26	}
27	- $mo2f_ns_config = new MO2f_Handler();














28	add_action('mo2f_network_create_db',array($mo2f_ns_config,'create_db'),5);
29	add_action('mo2f_network_view_monitoring','mo2f_show_2_factor_user_login_reports',5,1);
30	add_action('mo2f_network_view_ip_blocking','mo2f_show_2_factor_ip_block',5,1);
31	add_action('mo2f_network_view_brute_force','mo2f_show_2_factor_login_security',5,1);


32	}
33
34	public function mo2f_network_init(){
	@@ -107,7 +125,11 @@ class class_miniorange_2fa_network_security {
107
108	if ( current_user_can( 'manage_options' ) ) {
109
110	- if(isset($_POST['option']) and $_POST['option'] == "~~mo2f_enable_brute_force~~"){




111	$enable_brute_force_protection = false;
112	if(isset($_POST['mo2f_enable_brute_force_protection']) && $_POST['mo2f_enable_brute_force_protection']=='1'){
113	$enable_brute_force_protection = sanitize_text_field($_POST['mo2f_enable_brute_force_protection']);
	@@ -258,10 +280,6 @@ class class_miniorange_2fa_network_security {
258	$mo2f_htaccess_handler->mo2f_update_htaccess_configuration();
259	update_option( 'mo2f_message', "Your configuration for Content Protection has been saved." );
260	do_action('mo_auth_show_success_message');
261	- }else if(isset($_POST['option']) and $_POST['option'] == "mo2f_enforce_strong_passsword"){
262	- update_option( 'mo2f_enforce_strong_passswords', isset( $_POST['mo2f_enforce_strong_passswords']) ? true : false);
263	- update_option( 'mo2f_message', 'Settings are saved successfully');
264	- do_action('mo_auth_show_success_message');
265	}
266	}
267	}


3	require('miniorange_handler.php');
4	require('integrations/class_buddypress.php');
5	include ('miniorange_2_factor_network_security_view.php');
6	+ include('strong_password/class_miniorange_2fa_strong_password.php');
7	+ require('class_miniorange_2fa_network_security_content_protection.php');
8
9	class class_miniorange_2fa_network_security {
10

26	add_action( 'wp_login_failed', array( $this, 'mo2f_ns_login_failed' ) );
27	}
28	}
29	+ $mo2f_ns_config = new MO2f_Handler();
30	+
31	+ //strong password file
32	+ $mo2f_strong_password = new class_miniorange_2fa_strong_password();
33	+ if($mo2f_ns_config->hasLoginCookie())
34	+ {
35	+ add_action('user_profile_update_errors', array( $mo2f_strong_password, 'validatePassword'), 0, 3 );
36	+ add_action( 'woocommerce_save_account_details_errors', array( $mo2f_strong_password, 'woocommerce_password_edit_account' ),1,2 );
37	+ }
38	+ if(get_option('mo2f_disable_file_editing'))
39	+ define('DISALLOW_FILE_EDIT', true);
40	+ add_filter( 'woocommerce_process_registration_errors', array($mo2f_strong_password,'woocommerce_password_protection'),1,4);
41	+ add_filter( 'woocommerce_registration_errors', array($mo2f_strong_password,'woocommerce_password_registration_protection'),1,3);
42	+
43	+
44	add_action('mo2f_network_create_db',array($mo2f_ns_config,'create_db'),5);
45	add_action('mo2f_network_view_monitoring','mo2f_show_2_factor_user_login_reports',5,1);
46	add_action('mo2f_network_view_ip_blocking','mo2f_show_2_factor_ip_block',5,1);
47	add_action('mo2f_network_view_brute_force','mo2f_show_2_factor_login_security',5,1);
48	+ add_action('mo2f_network_view_strong_password','mo2f_show_2_factor_strong_password',5,1);
49	+ add_action('mo2f_network_view_content_protection','mo2f_show_2_factor_content_protection',5,1);
50	}
51
52	public function mo2f_network_init(){

125
126	if ( current_user_can( 'manage_options' ) ) {
127
128	+ if(isset($_POST['option']) and $_POST['option'] == "mo2f_enforce_strong_passsword"){
129	+ update_option( 'mo2f_enforce_strong_passswords', isset( $_POST['mo2f_enforce_strong_passswords']) ? true : false);
130	+ update_option( 'mo2f_message', 'Settings are saved successfully');
131	+ do_action('mo_auth_show_success_message');
132	+ }else if(isset($_POST['option']) and $_POST['option'] == "mo2f_enable_brute_force"){
133	$enable_brute_force_protection = false;
134	if(isset($_POST['mo2f_enable_brute_force_protection']) && $_POST['mo2f_enable_brute_force_protection']=='1'){
135	$enable_brute_force_protection = sanitize_text_field($_POST['mo2f_enable_brute_force_protection']);

280	$mo2f_htaccess_handler->mo2f_update_htaccess_configuration();
281	update_option( 'mo2f_message', "Your configuration for Content Protection has been saved." );
282	do_action('mo_auth_show_success_message');




283	}
284	}
285	}

network_security/class_miniorange_2fa_network_security_content_protection.php ADDED Viewed

	@@ -0,0 +1,77 @@


1	+ <?php
2	+ Class mo2f_file_protection{
3	+ function mo2f_update_htaccess_configuration(){
4	+ $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
5	+ $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
6	+ if(!file_exists($htaccesspath)){
7	+ $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
8	+ fwrite($f, "# BEGIN WordPress\r\n<IfModule mod_rewrite.c>\r\nRewriteEngine On\r\nRewriteBase /\r\nRewriteRule ^index\.php$ - [L]\r\nRewriteCond %{REQUEST_FILENAME} !-f\r\nRewriteCond %{REQUEST_FILENAME} !-d\r\nRewriteRule . /index.php [L]\r\n</IfModule>\r\n# END WordPress");
9	+ fclose($f);
10	+ }
11	+ $this->mo2f_change_wp_config_protection($htaccesspath);
12	+ $this->mo2f_change_content_protection($htaccesspath);
13	+ $this->mo2f_change_htaccess_file($htaccesspath);
14	+ // $this->mo2f_change_content_file($base);
15	+ }
16	+
17	+ function mo2f_change_wp_config_protection($htaccesspath){
18	+ $contents = file_get_contents($htaccesspath);
19	+ if (strpos($contents, "\r\n<files wp-config.php>\r\norder allow,deny\r\ndeny from all\r\n</files>") !== false){
20	+ if(!get_option('mo2f_protect_wp_config')){
21	+ $contents = str_replace("\r\n<files wp-config.php>\r\norder allow,deny\r\ndeny from all\r\n</files>", '', $contents);
22	+ file_put_contents($htaccesspath, $contents);
23	+ }
24	+ } else{
25	+ if(get_option('mo2f_protect_wp_config')){
26	+ $f = fopen($htaccesspath, "a");
27	+ fwrite($f, "\r\n<files wp-config.php>\r\norder allow,deny\r\ndeny from all\r\n</files>");
28	+ fclose($f);
29	+ }
30	+ }
31	+ }
32	+
33	+ function mo2f_change_content_protection($htaccesspath){
34	+ $contents = file_get_contents($htaccesspath);
35	+ if (strpos($contents, "\nOptions All -Indexes") !== false){
36	+ if(!get_option('mo2f_prevent_directory_browsing')){
37	+ $contents = str_replace("\nOptions All -Indexes", '', $contents);
38	+ file_put_contents($htaccesspath, $contents);
39	+ }
40	+ } else {
41	+ if(get_option('mo2f_prevent_directory_browsing')){
42	+ $f = fopen($htaccesspath, "a");
43	+ fwrite($f, "\nOptions All -Indexes");
44	+ fclose($f);
45	+ }
46	+ }
47	+ }
48	+
49	+ function mo2f_change_htaccess_file($htaccesspath){
50	+ $contents = file_get_contents($htaccesspath);
51	+ if (strpos($contents, "\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>") !== false) {
52	+ if(!get_option('mo2f_htaccess_file')){
53	+ $contents = str_replace("\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>", '', $contents);
54	+ file_put_contents($htaccesspath, $contents);
55	+ }
56	+ } else {
57	+ if(get_option('mo2f_htaccess_file')){
58	+ $f = fopen($htaccesspath, "a");
59	+ fwrite($f, "\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>");
60	+ fclose($f);
61	+ }
62	+ }
63	+ }
64	+
65	+ function mo2f_change_content_file($base){
66	+ $base = $base;
67	+ $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
68	+ if(file_exists($htaccesspath)){
69	+ unlink($htaccesspath);
70	+ } else{
71	+ $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess","a");
72	+ fwrite($f, "# BEGIN WordPress\r\norder deny,allow\r\nDeny from all\r\n<files ~ \".(xml\|css\|jpe?g\|png\|gif\|js)$\">\r\n</files>\r\n# END WordPress");
73	+ fclose($f);
74	+ }
75	+ }
76	+ }
77	+ ?>

network_security/miniorange_2_factor_network_security_view.php CHANGED Viewed

	@@ -3,5 +3,6 @@
3	include_once dirname( __FILE__ ) . '/views/miniorange_network_security_monitoring.php';
4	include_once dirname( __FILE__ ) . '/views/miniorange_network_security_ip_blocking.php';
5	include_once dirname( __FILE__ ) . '/views/miniorange_network_security_brute_force.php';
6	-

7	?>


3	include_once dirname( __FILE__ ) . '/views/miniorange_network_security_monitoring.php';
4	include_once dirname( __FILE__ ) . '/views/miniorange_network_security_ip_blocking.php';
5	include_once dirname( __FILE__ ) . '/views/miniorange_network_security_brute_force.php';
6	+ include_once dirname( __FILE__ ) . '/views/miniorange_network_security_strong_password.php';
7	+ include_once dirname( __FILE__ ) . '/views/miniorange_network_security_content_protection.php';
8	?>

network_security/strong_password/class_miniorange_2fa_strong_password.php ADDED Viewed

	@@ -0,0 +1,63 @@


1	+ <?php
2	+
3	+ class class_miniorange_2fa_strong_password {
4	+
5	+ function __construct(){
6	+
7	+ add_option( 'mo2f_enforce_strong_passswords', false);
8	+
9	+ }
10	+
11	+ public static function woocommerce_password_protection($errors, $username, $password, $email) {
12	+ if ($password == false) { return $errors; }
13	+ if ($errors->get_error_data("pass")) { return $errors; }
14	+
15	+ $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
16	+
17	+ if ($enforceStrongPasswds && !MO2f_Handler::mo2f_isStrongPasswd($password, $username)) {
18	+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
19	+ return $errors;
20	+ }
21	+
22	+ return $errors;
23	+ }
24	+ public static function validatePassword($errors, $update, $userData){
25	+ $password = (isset($_POST['pass1']) && trim($_POST['pass1'])) ? $_POST['pass1'] : false;
26	+ $password=($password==false)?(isset($_POST['password_1'])?$_POST['password_1']:false):$password ;
27	+ $user_id = isset($userData->ID) ? $userData->ID : false;
28	+ $username = isset($_POST["user_login"]) ? $_POST["user_login"] : isset($userData->user_login)?$userData->user_login:$userData->user_email;
29	+
30	+ if ($password == false) { return $errors; }
31	+ if ($errors->get_error_data("pass")) { return $errors; }
32	+
33	+ $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
34	+ if ($enforceStrongPasswds && !MO2f_Handler::mo2f_isStrongPasswd($password, $username)) {
35	+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
36	+ return $errors;
37	+ }
38	+
39	+ return $errors;
40	+ }
41	+ public static function woocommerce_password_registration_protection($errors, $username, $email) {
42	+ if(get_option( 'woocommerce_registration_generate_password' )=='yes')
43	+ return $errors;
44	+ $password=$_POST['account_password'];
45	+ return MO2f_Handler::is_validPassword($errors, $username, $password);
46	+
47	+ }
48	+
49	+ public static function woocommerce_password_edit_account($errors, $user) {
50	+
51	+ $password=$_POST['password_1'];
52	+ $user =get_userdata($user->ID);
53	+ $username=$user->user_login;
54	+ $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
55	+
56	+ if ($enforceStrongPasswds && !MO2f_Handler::mo2f_isStrongPasswd($password, $username)) {
57	+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
58	+ return $errors;
59	+ }
60	+ }
61	+ }
62	+
63	+ ?>

network_security/views/miniorange_network_security_content_protection.php ADDED Viewed

	@@ -0,0 +1,31 @@


1	+ <?php
2	+ function mo2f_show_2_factor_content_protection($current_user){
3	+ $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
4	+ $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
5	+ $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
6	+
7	+ $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
8	+ $wp_config = get_site_url().'/wp-config.php';
9	+ $wp_uploads = get_site_url().'/wp-content/uploads';
10	+ $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
11	+ // $wp_content_file = get_option('mo2f_wp_content_file');
12	+ ?>
13	+ <div class="mo2f_table_layout" style="border:0px;">
14	+ <h3>Content Protection</h3>
15	+ <form id="mo2f_content_protection" method="post" action="">
16	+ <input type="hidden" name="option" value="mo2f_content_protection">
17	+ <p><input type="checkbox" name="mo2f_protect_wp_config" <?php echo $protect_wp_config;?> value="1" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled';}?> > <b>Protect your wp-config.php file</b>   <a href="<?php echo $wp_config?>" target="_blank" style="text-decoration:none">( Test it )</a></p>
18	+ <p>Your WordPress wp-config.php file contains your information like database username and password and it's very important to prevent anyone to access contents of your wp-config.php file.</p>
19	+ <p><input type="checkbox" name="mo2f_prevent_directory_browsing" <?php echo $protect_wp_uploads;?> value="1" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled';}?>> <b>Prevent Directory Browsing</b>    <span style="color:green;font-weight:bold;">(Recommended)</span>    <a href="<?php echo $wp_uploads; ?>" target="_blank" style="text-decoration:none">( Test it )</a></p>
20	+ <p>Prevent access to user from browsing directory contents like images, pdf's and other data from URL e.g. http://website-name.com/wp-content/uploads</p>
21	+ <p><input type="checkbox" name="mo2f_disable_file_editing" <?php echo $disable_file_editing; ?> value="1" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled';}?>> <b>Disable File Editing from WP Dashboard (Themes and plugins)</b>   <a href="<?php echo $plugin_editor?>" target="_blank" style="text-decoration:none">( Test it )</a></p>
22	+ <p>The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution.</p>
23	+ <p><input type="checkbox" name="mo2f_htaccess_file" <?php echo $htaccess_file; ?> value="1" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled';}?>> <b>Protect your .htaccess file</b>   <span style="color:green;font-weight:bold;">(Recommended)</span></p>
24	+ <p>.htaccess has the ability to control your whole website. It is important to first protect this file from unauthorized users.By enabling this you can restrict access to unauthorized users.</p>
25	+
26	+ <br><input type="submit" name="submit" style="width:100px;" value="Save" class="button button-primary button-large"<?php if(mo2f_is_customer_registered()){}else{ echo 'disabled';} ?>>
27	+ </form> <br>
28	+
29	+ </div>
30	+ <?php }
31	+ ?>

network_security/views/miniorange_network_security_strong_password.php ADDED Viewed

	@@ -0,0 +1,36 @@


1	+ <?php
2	+ function mo2f_show_2_factor_strong_password($user){?>
3	+ <div class="mo2f_table_layout" style="border:0px;">
4	+ <h3><?php echo __('Enforce Strong Password','miniorange-2-factor-authentication');?></h3><hr>
5	+ <p>The feature is used to Enable Strongs passwords based on the options provided. You can choose your min and max length. There is also options increase the complexity and security of the passwords. </p>
6	+ <form name="f" method="post" action="" id="strongpassword" >
7	+ <input type="checkbox" name="mo2f_enforce_strong_passswords" style="margin-left: 4%;" value="true" <?php checked( get_option('mo2f_enforce_strong_passswords') == 1 );
8	+ if(mo2f_is_customer_registered()){}else{ echo 'disabled';} ?> /><span ><b>Enforce Strong Password</b> </span><br><br>
9	+ <div style="margin-left: 4%;" >
10	+ <span style="color:red;">[Enterprise Features]</span><br><b><?php echo mo2f_lt('Min Length:');?></b>
11	+ <input type="text" class="mo2f_table_textbox" style="width:7% !important;margin-left: 22.3%;" name="mo2f_pass_min_length" value="<?php echo get_option('mo2f_pass_min_length'); ?>" disabled />
12	+ </div>
13	+ <div style="margin-left: 4%;" ><b><?php echo mo2f_lt('Max Length:');?></b>
14	+ <input type="text" class="mo2f_table_textbox" style="width:7% !important;margin-left: 22%;" name="mo2f_pass_max_length" value="<?php echo get_option('mo2f_pass_max_length'); ?>" disabled />
15	+ </div>
16	+ <br>
17	+ <span style="margin-left: 4%;"><b>Password Policy:</b></span>
18	+ <div style="margin-left: 31.5%;">
19	+ <input type="checkbox" name="mo2f_pass_lower_case" style="margin-left: 2%;" value="true" <?php checked( get_option('mo2f_pass_lower_case') == true );
20	+ ?> disabled /><span style="margin-left:4%;"><b>Require Lowercase letter</b> </span><br>
21	+ <input type="checkbox" name="mo2f_pass_upper_case" style="margin-left: 2%;" value="true" <?php checked( get_option('mo2f_pass_upper_case') == 1 );
22	+ ?> disabled /><span style="margin-left:4%;"><b>Require Uppercase letter</b> </span><br>
23	+ <input type="checkbox" name="mo2f_pass_number" style="margin-left: 2%;" value="true" <?php checked( get_option('mo2f_pass_number') == 1 );
24	+ ?> disabled /><span style="margin-left:4%;"><b>Require Number (0-9)</b> </span><br>
25	+ <input type="checkbox" name="mo2f_pass_symbol" style="margin-left: 2%;" value="true" <?php checked( get_option('mo2f_pass_symbol') == 1 );
26	+ ?> disabled /><span style="margin-left:4%;"><b>Require Symbol (e.g. !@#$%^&*.-_)</b> </span>
27	+ </div>
28	+ <br>
29	+ <input type="submit" style="margin-left:4%;" class="button button-primary button-large" value="Save" <?php if(mo2f_is_customer_registered()){}else{ echo 'disabled';}?> />
30	+ <input type="hidden" name="option" value="mo2f_enforce_strong_passsword" />
31	+ </form>
32	+ <br>
33	+ </div>
34	+ <?php }
35	+
36	+ ?>

readme.txt CHANGED Viewed

	@@ -1,54 +1,87 @@
1	=== Google Authenticator - WordPress Two Factor Authentication (2FA) ===
2	Contributors: cyberlord92, twofactor
3	- Tags: google authenticator, two factor authentication, two factor, 2FA, TFA, 2 factor authentication, ~~two~~ ~~step~~ ~~verification~~, 1 ~~google~~ ~~authenticator~~, ~~login~~, ~~authy, authy~~ two factor, ~~Clef~~, ~~2 Factor, yubico, Two-Factor Authentication,~~ Mobile Authentication, ~~otp,~~ strong authentication, 2 step authentication, ~~smartphone~~ authentication, ~~Multifactor~~ ~~authentication~~, ~~multi~~ ~~factor~~ ~~authentication~~, ~~multi~~ ~~factor,~~ ~~no password~~, ~~passwordless~~ ~~login,~~ ~~security~~, ~~website~~ ~~security~~, ~~one~~ ~~time~~ ~~passcode~~, ~~password,~~ ~~soft~~ ~~token~~, ~~woocommerce~~, ~~authenticate,~~ two factor ~~auth~~, ~~two~~-~~factor,~~ ~~duo~~, ~~QR Code~~, QR ~~Code Authentication~~, ~~scan~~ ~~QR Code~~, ~~wordfence,~~ ~~login~~ ~~security~~, ~~google~~ ~~authenticator~~, ~~google~~ , ~~email~~ ~~verification~~, ~~trusted~~ ~~device~~, ~~device Id~~ , ~~KBA~~ , ~~knowledge~~ ~~based authentication~~
4	Donate link: https://miniorange.com/
5	Requires at least: 3.0.1
6	Tested up to: 5.2
7	Requires PHP: 5.3.0
8	- Stable tag: 5.2.1
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
12	- Easy 2FA setup with Google, Authy, LastPass Authenticator & other 2FA methods. Supports Google Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA).
13
14	== Description ==
15
16	- Note: The plugin is GDPR Compliant and supports Language Translation
17
18	- Secure your WordPress ~~login~~ ~~with~~ an ~~additional~~ ~~layer~~ of ~~security~~ ~~from~~ ~~us!~~ ~~The~~ setup ~~takes~~ ~~minutes~~, ~~yet~~ ~~protects~~ your ~~site~~ ~~forever~~.
19	- This plugin provides two factor authentication (TFA) during login. If you are looking for OTP Verification of users during <b>Registration</b> then we have a separate plugin for this. <a href="https://wordpress.org/plugins/miniorange-otp-verification/"> Click Here </a> to learn more.
20
21	- <h4>~~Free~~ ~~Plugin~~ ~~Features~~</h4>








22
23	- * ~~Two~~ ~~Factor~~ ~~Authentication~~ ~~(2FA)~~ for 1 User ~~forever~~
24	- * Available Authentication Methods: Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA)
25	- * ~~Language~~ ~~Translation Support~~





26	* Two Factor Authentication (2FA) allows authentication on login page itself for Google Authenticator & miniOrange Soft Token.


27
28	<h4>Standard Plugin Features</h4>
29
30	* Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
31	- * Available Authentication Methods: Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification. ( SMS credits need to be purchased as per the need)
32	- * ~~Language~~ Translation Support
33	- * Multiple Login Options: Username + password + two-factor (or) Username + two-factor
34	* Backup Method: KBA(Security Questions)
35	- * ~~Multi-Site~~ ~~Support~~
36	- * User role based redirection after Login, ~~Custom Security Questions (KBA),~~ Customize account name in Google Authenticator app

37
38	<h4>Premium Plugin Features</h4>
39
40	* Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
41	- * Available Authentication Methods: Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)















42	* Language Translation Support
43	- * Multiple Login Options: Username + password + two-factor (or) Username + two-factor
44	* Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
45	- * ~~Multi-Site~~ ~~Support~~
46	* Email notification to users asking them to set up Two Factor Authentication (2FA).
47	* User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
48	* Enable Two Factor Authentication (2FA) for specific Users/User Roles
49	* Choose specific authentication methods for Users
50	* App Specific Password to login from mobile Apps
51	* Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on



52
53	<h4>Why do you need to register?</h4>
54
	@@ -61,7 +94,7 @@ Adding to this, you can also use the same account on multiple applications and y
61	* Remember Device
62	* Set Device Limit for the users to login
63	* IP Restriction: Limit users to login from specific IPs
64	- * Personalization Add-on Features
65	* Custom UI of Two Factor Authentication (2FA) popups
66	* Custom Email and SMS Templates
67	* Customize 'powered by' Logo
	@@ -79,6 +112,10 @@ Adding to this, you can also use the same account on multiple applications and y
79	* Google Authenticator App.
80	* Authy 2-Factor Authentication App [STANDARD / PREMIUM FEATURE]
81




82	Customized solutions and Active support is available. Email us at info@miniorange.com or call us at +1 9786589387.
83
84	== Installation ==
	@@ -102,6 +139,8 @@ Customized solutions and Active support is available. Email us at info@miniorang
102	<b>Video Guide</b> :<br>
103	<iframe width="560" height="315" src="https://www.youtube.com/embed/vVGXjedIaGs" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
104


105	== Frequently Asked Questions ==
106
107	= How do I gain access to my website if I get locked out? =
	@@ -208,7 +247,7 @@ You can login using our alternate login method. Please follow below steps to log
208
209	You can login using our alternate login method. Click on the Forgot Phone link and you will get 2 alternate methods to login. Select "Send a one time passcode to my registered email" to authenticate by OTP over EMAIL or Select "Answer your Security Questions (KBA)" to authenticate by knowledge based authenticaion.
210
211	- = My phone has no internet connectivity and i am entering the one time passcode from miniOrange Authenticator App, it says Invalid OTP? =
212
213	Click on the <b>Settings Icon</b> on top right corner in <b>miniOrange Authenticator App</b> and then press <b>Sync button</b> under 'Time correction for codes' to sync your time with miniOrange Servers. If you still can't logged in then please email us at info@miniorange.com or <a href="https://miniorange.com/contact" target="_blank">Contact us</a>.Soft Token method is just like google authenticator method.
214
	@@ -232,6 +271,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
232
233	== Changelog ==
234



235	= 5.2.1 =
236	* Google Authenticator-Two Factor Authentication (2FA) : UI changes for description.
237
	@@ -423,25 +465,25 @@ miniOrange authentication service has 15+ authentication methods.One time passco
423	* New User Interface for login.
424
425	= 4.3.1 =
426	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Compatible upto 4.7
427
428	= 4.3.0 =
429	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Updated miniOrange APIs.
430
431	= 4.2.9 =
432	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Tested upto WordPress 4.6.
433
434	= 4.2.7 =
435	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Session Warnig fix in the last version for some of the users.
436
437	= 4.2.6 =
438	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Compatible with wordpress caching.
439
440	= 4.2.5 =
441	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Improved the session handler.
442
443	= 4.2.4 =
444	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Updated faq for limit login attempt type of plugins.
445
446	= 4.2.3 =
447	* Google Authenticator-Two Factor Authentication ( 2FA ):
	@@ -605,6 +647,9 @@ More descriptive setup messages and UI changes.
605
606	== Upgrade Notice ==
607



608	= 5.2.1 =
609	* Google Authenticator-Two Factor Authentication (2FA) : UI changes for description.
610
	@@ -766,28 +811,28 @@ More descriptive setup messages and UI changes.
766	* New User Interface for login.
767
768	= 4.3.2 =
769	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Revised licensing cost for users.
770
771	= 4.3.1 =
772	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Compatible upto 4.7
773
774	= 4.3.0 =
775	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Updated miniOrange APIs.
776
777	= 4.2.9 =
778	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Tested upto WordPress 4.6.
779
780	= 4.2.7 =
781	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Session Warnig fix in the last version for some of the users.
782
783	= 4.2.6 =
784	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Compatible with wordpress caching.
785
786	= 4.2.5 =
787	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Improved the session handler.
788
789	= 4.2.4 =
790	- * Google Authenticator-Two Factor Authentication (~~TFA~~): Updated faq for limit login attempt type of plugins.
791
792	= 4.2.3 =
793	* Two Factor Authentication ( 2FA ):


1	=== Google Authenticator - WordPress Two Factor Authentication (2FA) ===
2	Contributors: cyberlord92, twofactor
3	+ Tags: google authenticator, two factor authentication, two factor, 2FA, TFA, MFA, 2 factor authentication, Remember Device, OTP, two step authentication,Clef, two factor auth, Mobile Authentication, strong authentication, 2 step authentication, Multifactor authentication, passwordless login, one time passcode, soft token Authentication, QR Code Authentication, email verification, KBA, Security Questions, knowledge based authentication,authy, authy two factor,yubico,Two-Factor Authentication, security, website security, login security, multi factor authentication, multi factor,wordfence, IP Blocking, IP Whitelisting, login Audits, woocommerce, smartphone authenticationDonate link: https://miniorange.com/
4	Donate link: https://miniorange.com/
5	Requires at least: 3.0.1
6	Tested up to: 5.2
7	Requires PHP: 5.3.0
8	+ Stable tag: 5.2.2
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
12	+ Simple & Easy 2FA setup with any App supporting TOTP algorithm like Google, Authy, LastPass Authenticator & other 2FA methods. Supports Google Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA).
13
14	== Description ==
15
16	+ Note: The plugin is GDPR Compliant and supports wide variety of Language Translation
17
18	+ Have a completely Secure login to your WordPress website using this FREE, Simple & very easy to setup plugin. It provides two factor authentication (2FA, MFA) whenever login to your WordPress website ensuring no unauthorised access to your website.

19
20	+ <h4>supports variety of WordPress forms</h4>
21	+ * <a href="https://wordpress.org/plugins/ultimate-member/">Ultimate Member – User Profile & Membership Form</a>
22	+ * <a href="https://wordpress.org/plugins/restrict-content/">Restrict Content Form</a>
23	+ * <a href="https://wordpress.org/plugins/theme-my-login/">My theme Login Form</a>
24	+ * <a href="https://wordpress.org/plugins/user-registration/">User Registration – Custom Registration Form</a>
25	+ * <a href="https://wordpress.org/plugins/loginpress/">Custom Login Page Customizer Form</a>
26	+ * <a href="https://wordpress.org/plugins/admin-custom-login/">Admin Custom Login Form</a>
27	+ * <a href="https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/">RegistrationMagic – Custom Registration Forms</a>
28	+ and more.
29
30	+ If you are looking for OTP Verification of users during <b>Registration</b> then we have a separate plugin for this. <a href="https://wordpress.org/plugins/miniorange-otp-verification/"> Click Here </a> to learn more.
31	+
32	+ <h4>FREE Plugin Features</h4>
33	+ * Simplified & easy to user interface.
34	+ * Two Factor Authentication (2FA) for 1 User forever FREE!
35	+ * Variety of Authentication Methods: Any App supporting TOTP algorithm like Google, Authy, LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA)
36	+ * Includes Language Translation Support. Supports a wide variety of languages
37	+ * This plugin Supports standard TOTP + HOTP protocols for Authentication Methods.
38	* Two Factor Authentication (2FA) allows authentication on login page itself for Google Authenticator & miniOrange Soft Token.
39	+ * Brute force attack prevention & IP Blocking.
40	+ * User login Monitorning.
41
42	<h4>Standard Plugin Features</h4>
43
44	* Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
45	+ * Available Authentication Methods: Google, Authy, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification. ( SMS credits need to be purchased as per the need)
46	+ * Includes language Translation Support. Supports wide variety of languages.
47	+ * Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
48	* Backup Method: KBA(Security Questions)
49	+ * Multisite compatible.
50	+ * User role based redirection after Login, Customize account name in Google Authenticator app
51	+ * Custom Security Questions (KBA)
52
53	<h4>Premium Plugin Features</h4>
54
55	* Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
56	+ * Available Authentication Methods: Google, Authy, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)
57	+ * Language Translation Support
58	+ * Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
59	+ * Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
60	+ * Multisite compatible.
61	+ * Email notification to users asking them to set up Two Factor Authentication (2FA).
62	+ * User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
63	+ * Enable Two Factor Authentication (2FA) for specific Users/User Roles
64	+ * Choose specific authentication methods for Users
65	+ * App Specific Password to login from mobile Apps
66	+ * Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
67	+
68	+ <h4>Enterprise Plugin Features</h4>
69	+
70	+ * Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
71	+ * Available Authentication Methods: Google, Authy, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)
72	* Language Translation Support
73	+ * Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
74	* Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
75	+ * Multisite compatible.
76	* Email notification to users asking them to set up Two Factor Authentication (2FA).
77	* User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
78	* Enable Two Factor Authentication (2FA) for specific Users/User Roles
79	* Choose specific authentication methods for Users
80	* App Specific Password to login from mobile Apps
81	* Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
82	+ * Brute force attack prevention, IP Blocking & User login Monitorning.
83	+ * File protection & strong password
84	+
85
86	<h4>Why do you need to register?</h4>
87

94	* Remember Device
95	* Set Device Limit for the users to login
96	* IP Restriction: Limit users to login from specific IPs
97	+ * Personalization Add-on Features
98	* Custom UI of Two Factor Authentication (2FA) popups
99	* Custom Email and SMS Templates
100	* Customize 'powered by' Logo

112	* Google Authenticator App.
113	* Authy 2-Factor Authentication App [STANDARD / PREMIUM FEATURE]
114
115	+ <h4>Useful blog posts about two factor authenticaion plugin </h4>
116	+ * <a href="https://themeisle.com/blog/how-to-add-two-factor-authentication-to-wordpress/">Beginner’s Guide: How to Add Two-Factor Authentication to WordPress</a>
117	+ * <a href="https://phppot.com/wordpress/how-to-add-wordpress-two-factor-authentication-2fa-using-google-authenticator-plugin/">How to Add WordPress Two-Factor Authentication (2FA)</a>
118	+
119	Customized solutions and Active support is available. Email us at info@miniorange.com or call us at +1 9786589387.
120
121	== Installation ==

139	<b>Video Guide</b> :<br>
140	<iframe width="560" height="315" src="https://www.youtube.com/embed/vVGXjedIaGs" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
141
142	+
143	+
144	== Frequently Asked Questions ==
145
146	= How do I gain access to my website if I get locked out? =

247
248	You can login using our alternate login method. Click on the Forgot Phone link and you will get 2 alternate methods to login. Select "Send a one time passcode to my registered email" to authenticate by OTP over EMAIL or Select "Answer your Security Questions (KBA)" to authenticate by knowledge based authenticaion.
249
250	+ = My phone has no internet connectivity and i am entering the one time passcode from miniOrange Authenticator App, it says Invalid OTP?
251
252	Click on the <b>Settings Icon</b> on top right corner in <b>miniOrange Authenticator App</b> and then press <b>Sync button</b> under 'Time correction for codes' to sync your time with miniOrange Servers. If you still can't logged in then please email us at info@miniorange.com or <a href="https://miniorange.com/contact" target="_blank">Contact us</a>.Soft Token method is just like google authenticator method.
253

271
272	== Changelog ==
273
274	+ = 5.2.2 =
275	+ * Google Authenticator-Two Factor Authentication (2FA) : Adding File Protection and Strong Password feature.
276	+
277	= 5.2.1 =
278	* Google Authenticator-Two Factor Authentication (2FA) : UI changes for description.
279

465	* New User Interface for login.
466
467	= 4.3.1 =
468	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Compatible upto 4.7
469
470	= 4.3.0 =
471	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Updated miniOrange APIs.
472
473	= 4.2.9 =
474	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Tested upto WordPress 4.6.
475
476	= 4.2.7 =
477	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Session Warnig fix in the last version for some of the users.
478
479	= 4.2.6 =
480	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Compatible with wordpress caching.
481
482	= 4.2.5 =
483	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Improved the session handler.
484
485	= 4.2.4 =
486	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Updated faq for limit login attempt type of plugins.
487
488	= 4.2.3 =
489	* Google Authenticator-Two Factor Authentication ( 2FA ):

647
648	== Upgrade Notice ==
649
650	+ = 5.2.2 =
651	+ * Google Authenticator-Two Factor Authentication (2FA) : Adding File Protection and Strong Password feature.
652	+
653	= 5.2.1 =
654	* Google Authenticator-Two Factor Authentication (2FA) : UI changes for description.
655

811	* New User Interface for login.
812
813	= 4.3.2 =
814	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Revised licensing cost for users.
815
816	= 4.3.1 =
817	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Compatible upto 4.7
818
819	= 4.3.0 =
820	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Updated miniOrange APIs.
821
822	= 4.2.9 =
823	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Tested upto WordPress 4.6.
824
825	= 4.2.7 =
826	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Session Warnig fix in the last version for some of the users.
827
828	= 4.2.6 =
829	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Compatible with wordpress caching.
830
831	= 4.2.5 =
832	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Improved the session handler.
833
834	= 4.2.4 =
835	+ * Google Authenticator-Two Factor Authentication (2FA, MFA): Updated faq for limit login attempt type of plugins.
836
837	= 4.2.3 =
838	* Two Factor Authentication ( 2FA ):

views/configure_miniorange_authenticator CHANGED Viewed

	@@ -118,7 +118,7 @@
118	</div>
119	<?php } function initialize_mobile_registration() {
120	$data=$_SESSION[ 'mo2f_qrCode' ];
121	- $url=get_option( 'mo2f_host_name'); ?>
122	<div style="padding: 20px;">
123	<p>
124	<?php echo mo2f_lt( 'Open your miniOrange');?><b> <?php echo mo2f_lt('Authenticator');?></b> app and
	@@ -195,7 +195,7 @@
195	function pollMobileRegistration() {
196	var transId = "<?php echo $_SESSION[ 'mo2f_transactionId' ]; ?>";
197	var jsonString = "{\"txId\":\"" + transId + "\"}";
198	- var postUrl = "<?php echo ~~$url~~; ?>" + "/moas/api/auth/registration-status";
199	jQuery.ajax({
200	url: postUrl,
201	type: "POST",


118	</div>
119	<?php } function initialize_mobile_registration() {
120	$data=$_SESSION[ 'mo2f_qrCode' ];
121	+ //$url=get_option( 'mo2f_host_name'); ?>
122	<div style="padding: 20px;">
123	<p>
124	<?php echo mo2f_lt( 'Open your miniOrange');?><b> <?php echo mo2f_lt('Authenticator');?></b> app and

195	function pollMobileRegistration() {
196	var transId = "<?php echo $_SESSION[ 'mo2f_transactionId' ]; ?>";
197	var jsonString = "{\"txId\":\"" + transId + "\"}";
198	+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/registration-status";
199	jQuery.ajax({
200	url: postUrl,
201	type: "POST",

views/customer_registration.php CHANGED Viewed

	@@ -34,22 +34,25 @@
34	</div>
35	</div>
36
37	- <form name="f" method="post" action="" id="mo2f_registration_closed_form">
38	<input type="hidden" name="mo2f_registration_closed_nonce"
39	value="<?php echo wp_create_nonce( "mo2f-registration-closed-nonce" ) ?>"/>
40	<input type="hidden" name="option" value="mo2f_registration_closed"/>
41	</form>



42
43	<script>
44	function show_content() {
45	jQuery('#mo2f_register').slideToggle();
46	}
47	jQuery(function () {
48	- jQuery('#smsAlertModal').modal(~~'toggle'~~);
49	});
50
51	jQuery('#mo2f_registration_closed').click(function () {
52	- jQuery('#mo2f_registration_closed_form').submit();
53	});
54
55


34	</div>
35	</div>
36
37	+ <form name="f" method="post" action="" class="mo2f_registration_closed_form">
38	<input type="hidden" name="mo2f_registration_closed_nonce"
39	value="<?php echo wp_create_nonce( "mo2f-registration-closed-nonce" ) ?>"/>
40	<input type="hidden" name="option" value="mo2f_registration_closed"/>
41	</form>
42	+ <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
43	+
44	+ <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
45
46	<script>
47	function show_content() {
48	jQuery('#mo2f_register').slideToggle();
49	}
50	jQuery(function () {
51	+ jQuery('#smsAlertModal').modal();
52	});
53
54	jQuery('#mo2f_registration_closed').click(function () {
55	+ jQuery('.mo2f_registration_closed_form').submit();
56	});
57
58

views/test_email_verification CHANGED Viewed

	@@ -45,7 +45,7 @@
45	function pollMobileValidation() {
46	var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
47	var jsonString = "{\"txId\":\"" + transId + "\"}";
48	- var postUrl = "<?php echo ~~get_option( 'mo2f_host_name' )~~; ?>" + "/moas/api/auth/auth-status";
49
50	jQuery.ajax({
51	url: postUrl,


45	function pollMobileValidation() {
46	var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
47	var jsonString = "{\"txId\":\"" + transId + "\"}";
48	+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
49
50	jQuery.ajax({
51	url: postUrl,

views/test_miniorange_push_notification CHANGED Viewed

	@@ -42,7 +42,7 @@
42	function pollMobileValidation() {
43	var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
44	var jsonString = "{\"txId\":\"" + transId + "\"}";
45	- var postUrl = "<?php echo ~~get_option( 'mo2f_host_name' )~~; ?>" + "/moas/api/auth/auth-status";
46
47	jQuery.ajax({
48	url: postUrl,


42	function pollMobileValidation() {
43	var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
44	var jsonString = "{\"txId\":\"" + transId + "\"}";
45	+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
46
47	jQuery.ajax({
48	url: postUrl,

views/test_miniorange_qr_code_authentication CHANGED Viewed

	@@ -59,7 +59,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
59	function pollMobileValidation() {
60	var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
61	var jsonString = "{\"txId\":\"" + transId + "\"}";
62	- var postUrl = "<?php echo ~~get_option( 'mo2f_host_name' )~~; ?>" + "/moas/api/auth/auth-status";
63
64	jQuery.ajax({
65	url: postUrl,


59	function pollMobileValidation() {
60	var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
61	var jsonString = "{\"txId\":\"" + transId + "\"}";
62	+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
63
64	jQuery.ajax({
65	url: postUrl,

Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.2.2

Version Description

Release Info

Code changes from version 5.2.1 to 5.2.2