Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.2.4

Version Description

  • Google Authenticator-Two Factor Authentication (2FA) : Removed curl calls and unncessary files.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.2.4
Comparing to
See all releases

Code changes from version 5.2.3 to 5.2.4

Files changed (19) hide show
  1. api/class-customer-setup.php +426 -0
  2. api/class-rba-attributes.php +157 -0
  3. api/class-two-factor-setup.php +173 -0
  4. api/mo2f_api.php +71 -0
  5. class-customer-setup.php +0 -666
  6. class-miniorange-2-factor-pass2fa-login.php +1 -1
  7. class-rba-attributes.php +0 -261
  8. class-two-factor-setup.php +0 -274
  9. class-utility.php +6 -1
  10. includes/guides/Guide for Premium Plugin.pdf +0 -0
  11. includes/guides/Guide for Standard plugin.pdf +0 -0
  12. includes/guides/Instructions for premium customers.pdf +0 -0
  13. includes/images/login/GoogleAuthenticatorV1.gif +0 -0
  14. includes/images/login/GoogleAuthenticatorV1.jpg +0 -0
  15. includes/images/login/GoogleAuthenticatorV2.gif +0 -0
  16. includes/images/login/GoogleAuthenticatorV2.jpg +0 -0
  17. miniorange_2_factor_settings.php +5 -5
  18. readme.txt +7 -1
  19. views/feedback_form.php +3 -3
api/class-customer-setup.php ADDED
@@ -0,0 +1,426 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . '/mo2f_api.php';
27
+
28
+ class Customer_Setup {
29
+
30
+ public $email;
31
+ public $phone;
32
+ public $customerKey;
33
+ public $transactionId;
34
+
35
+ private $auth_mode = 2; // miniorange test or not
36
+ private $https_mode = false; // website http or https
37
+
38
+ function check_customer() {
39
+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
40
+ $email = get_option( "mo2f_email" );
41
+
42
+ $fields = array (
43
+ 'email' => $email
44
+ );
45
+ $field_string = json_encode ( $fields );
46
+
47
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
48
+ // $args = array(
49
+ // 'method' => 'POST',
50
+ // 'body' => $field_string,
51
+ // 'timeout' => '5',
52
+ // 'redirection' => '5',
53
+ // 'httpversion' => '1.0',
54
+ // 'blocking' => true,
55
+ // 'headers' => $headers
56
+ // );
57
+ $response = Mo2f_Api::make_curl_call( $url, $field_string );
58
+ return $response;
59
+
60
+ }
61
+
62
+ function send_email_alert( $email, $phone, $message ) {
63
+
64
+ $url = MO_HOST_NAME . '/moas/api/notify/send';
65
+ $ch = curl_init( $url );
66
+
67
+ $customerKey = "16555";
68
+ $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
69
+
70
+ $currentTimeInMillis = Mo2f_Api::get_timestamp();
71
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
72
+ $hashValue = hash( "sha512", $stringToHash );
73
+ $fromEmail = $email;
74
+ $subject = "WordPress 2FA Plugin Feedback - " . $email;
75
+
76
+ global $user;
77
+ $user = wp_get_current_user();
78
+ $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
79
+ $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
80
+
81
+
82
+ $customer_feature = "";
83
+
84
+ if ( $is_ec_with_1_user ) {
85
+ $customer_feature = "V1";
86
+ }else if ( $is_nc_with_1_user ) {
87
+ $customer_feature = "V3";
88
+ }
89
+
90
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
91
+
92
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
93
+
94
+ $fields = array(
95
+ 'customerKey' => $customerKey,
96
+ 'sendEmail' => true,
97
+ 'email' => array(
98
+ 'customerKey' => $customerKey,
99
+ 'fromEmail' => $fromEmail,
100
+ 'fromName' => 'Xecurify',
101
+ 'toEmail' => '2fasupport@xecurify.com',
102
+ 'toName' => '2fasupport@xecurify.com',
103
+ 'subject' => $subject,
104
+ 'content' => $content
105
+ ),
106
+ );
107
+ $field_string = json_encode( $fields );
108
+
109
+ $headers = Mo2f_Api::get_http_header_array();
110
+ // $args = array(
111
+ // 'method' => 'POST',
112
+ // 'body' => $field_string,
113
+ // 'timeout' => '5',
114
+ // 'redirection' => '5',
115
+ // 'httpversion' => '1.0',
116
+ // 'blocking' => true,
117
+ // 'headers' => $headers
118
+ // );
119
+
120
+ // $response = Mo2f_Api::mo2f_wp_remote_post($url, $args);
121
+ $response = Mo2f_Api::make_curl_call( $url, $field_string, $headers );
122
+ return $response;
123
+
124
+
125
+ }
126
+
127
+ function create_customer() {
128
+ global $Mo2fdbQueries;
129
+ if ( ! MO2f_Utility::is_curl_installed() ) {
130
+ $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
131
+
132
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
133
+ }
134
+
135
+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
136
+
137
+ global $user;
138
+ $user = wp_get_current_user();
139
+ $this->email = get_option( 'mo2f_email' );
140
+ $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
141
+ $password = get_option( 'mo2f_password' );
142
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
143
+
144
+ $fields = array(
145
+ 'companyName' => $company,
146
+ 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
147
+ 'productInterest' => 'API_2FA',
148
+ 'email' => $this->email,
149
+ 'phone' => $this->phone,
150
+ 'password' => $password
151
+ );
152
+ $field_string = json_encode( $fields );
153
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
154
+ // $args = array(
155
+ // 'method' => 'POST',
156
+ // 'body' => $field_string,
157
+ // 'timeout' => '5',
158
+ // 'redirection' => '5',
159
+ // 'httpversion' => '1.0',
160
+ // 'blocking' => true,
161
+ // 'headers' => $headers
162
+ // );
163
+ $content = Mo2f_Api::make_curl_call( $url, $field_string );
164
+
165
+ return $content;
166
+ }
167
+
168
+
169
+ function get_customer_key() {
170
+ if ( ! MO2f_Utility::is_curl_installed() ) {
171
+ $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
172
+
173
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
174
+ }
175
+
176
+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
177
+ $ch = curl_init( $url );
178
+ $email = get_option( "mo2f_email" );
179
+ $password = get_option( "mo2f_password" );
180
+
181
+ $fields = array(
182
+ 'email' => $email,
183
+ 'password' => $password
184
+ );
185
+ $field_string = json_encode( $fields );
186
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
187
+
188
+ // $args = array(
189
+ // 'method' => 'POST',
190
+ // 'body' => $field_string,
191
+ // 'timeout' => '5',
192
+ // 'redirection' => '5',
193
+ // 'httpversion' => '1.0',
194
+ // 'blocking' => true,
195
+ // 'headers' => $headers
196
+ // );
197
+ $content = Mo2f_Api::make_curl_call( $url, $field_string );
198
+
199
+ return $content;
200
+ }
201
+
202
+
203
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey ) {
204
+ if ( ! MO2f_Utility::is_curl_installed() ) {
205
+ $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
206
+
207
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
208
+ }
209
+
210
+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
211
+
212
+ /* The customer Key provided to you */
213
+ $customerKey = $cKey;
214
+
215
+ /* The customer API Key provided to you */
216
+ $apiKey = $apiKey;
217
+
218
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
219
+ $currentTimeInMillis = Mo2f_Api::get_timestamp();
220
+
221
+ /* Creating the Hash using SHA-512 algorithm */
222
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
223
+ $hashValue = hash( "sha512", $stringToHash );
224
+
225
+ $headers = Mo2f_Api::get_http_header_array();
226
+
227
+ $fields = '';
228
+ if ( $authType == 'EMAIL' || $authType == 'OUT OF BAND EMAIL' ) {
229
+ $fields = array(
230
+ 'customerKey' => $customerKey,
231
+ 'email' => $uKey,
232
+ 'authType' => $authType,
233
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
234
+ );
235
+ } else if ( $authType == 'SMS' ) {
236
+ $authType = "SMS";
237
+ $fields = array(
238
+ 'customerKey' => $customerKey,
239
+ 'phone' => $uKey,
240
+ 'authType' => $authType
241
+ );
242
+ } else {
243
+ $fields = array(
244
+ 'customerKey' => $customerKey,
245
+ 'username' => $uKey,
246
+ 'authType' => $authType,
247
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
248
+ );
249
+ }
250
+
251
+ $field_string = json_encode( $fields );
252
+
253
+ $args = array(
254
+ 'method' => 'POST',
255
+ 'body' => $field_string,
256
+ 'timeout' => '5',
257
+ 'redirection' => '5',
258
+ 'httpversion' => '1.0',
259
+ 'blocking' => true,
260
+ 'headers' => $headers
261
+ );
262
+ $content = Mo2f_Api::make_curl_call( $url, $field_string, $headers );
263
+ return $content;
264
+ }
265
+
266
+
267
+ function get_customer_transactions( $cKey, $apiKey ) {
268
+
269
+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
270
+
271
+ $customerKey = $cKey;
272
+ $apiKey = $apiKey;
273
+
274
+ $currentTimeInMillis = Mo2f_Api::get_timestamp();
275
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
276
+ $hashValue = hash( "sha512", $stringToHash );
277
+
278
+ $fields = '';
279
+ $fields = array(
280
+ 'customerId' => $customerKey,
281
+ 'applicationName' => 'wp_2fa',
282
+ 'licenseType' => 'DEMO'
283
+ );
284
+
285
+ $field_string = json_encode( $fields );
286
+
287
+ $headers = Mo2f_Api::get_http_header_array();
288
+
289
+ // $args = array(
290
+ // 'method' => 'POST',
291
+ // 'body' => $field_string,
292
+ // 'timeout' => '5',
293
+ // 'redirection' => '5',
294
+ // 'httpversion' => '1.0',
295
+ // 'blocking' => true,
296
+ // 'headers' => $headers
297
+ // );
298
+ $content = Mo2f_Api::make_curl_call( $url, $field_string, $headers );
299
+
300
+ return $content;
301
+ }
302
+
303
+
304
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey ) {
305
+ if ( ! MO2f_Utility::is_curl_installed() ) {
306
+ $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
307
+
308
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
309
+ }
310
+
311
+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
312
+
313
+ /* The customer Key provided to you */
314
+ $customerKey = $cKey;
315
+
316
+ /* The customer API Key provided to you */
317
+ $apiKey = $customerApiKey;
318
+
319
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
320
+ $currentTimeInMillis = Mo2f_Api::get_timestamp();
321
+
322
+ /* Creating the Hash using SHA-512 algorithm */
323
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
324
+ $hashValue = hash( "sha512", $stringToHash );
325
+
326
+ $headers = Mo2f_Api::get_http_header_array();
327
+ $fields = '';
328
+ if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
329
+ /*check for soft token*/
330
+ $fields = array(
331
+ 'customerKey' => $customerKey,
332
+ 'username' => $username,
333
+ 'token' => $otpToken,
334
+ 'authType' => $authType
335
+ );
336
+ } else if ( $authType == 'KBA' ) {
337
+ $fields = array(
338
+ 'txId' => $transactionId,
339
+ 'answers' => array(
340
+ array(
341
+ 'question' => $otpToken[0],
342
+ 'answer' => $otpToken[1]
343
+ ),
344
+ array(
345
+ 'question' => $otpToken[2],
346
+ 'answer' => $otpToken[3]
347
+ )
348
+ )
349
+ );
350
+ } else {
351
+ //*check for otp over sms/email
352
+ $fields = array(
353
+ 'txId' => $transactionId,
354
+ 'token' => $otpToken
355
+ );
356
+ }
357
+ $field_string = json_encode( $fields );
358
+
359
+ // $args = array(
360
+ // 'method' => 'POST',
361
+ // 'body' => $field_string,
362
+ // 'timeout' => '5',
363
+ // 'redirection' => '5',
364
+ // 'httpversion' => '1.0',
365
+ // 'blocking' => true,
366
+ // 'headers' => $headers
367
+ // );
368
+ $content = Mo2f_Api::make_curl_call( $url, $field_string, $headers );
369
+
370
+ return $content;
371
+ }
372
+
373
+ function submit_contact_us( $q_email, $q_phone, $query ) {
374
+ if ( ! MO2f_Utility::is_curl_installed() ) {
375
+ $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
376
+
377
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
378
+ }
379
+
380
+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
381
+ global $user;
382
+ $user = wp_get_current_user();
383
+ $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
384
+ $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
385
+
386
+
387
+ $customer_feature = "";
388
+
389
+ if ( $is_ec_with_1_user ) {
390
+ $customer_feature = "V1";
391
+ } else if ( $is_nc_with_1_user ) {
392
+ $customer_feature = "V3";
393
+ }
394
+
395
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $query;
396
+ $fields = array(
397
+ 'firstName' => $user->user_firstname,
398
+ 'lastName' => $user->user_lastname,
399
+ 'company' => $_SERVER['SERVER_NAME'],
400
+ 'email' => $q_email,
401
+ 'ccEmail' => '2fasupport@xecurify.com',
402
+ 'phone' => $q_phone,
403
+ 'query' => $query
404
+ );
405
+ $field_string = json_encode( $fields );
406
+
407
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
408
+
409
+ // $args = array(
410
+ // 'method' => 'POST',
411
+ // 'body' => $field_string,
412
+ // 'timeout' => '5',
413
+ // 'redirection' => '5',
414
+ // 'httpversion' => '1.0',
415
+ // 'blocking' => true,
416
+ // 'headers' => $headers
417
+ // );
418
+ $content = Mo2f_Api::make_curl_call( $url, $field_string );
419
+
420
+ return true;
421
+ }
422
+
423
+ }
424
+
425
+
426
+ ?>
api/class-rba-attributes.php ADDED
@@ -0,0 +1,157 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . '/mo2f_api.php';
27
+
28
+ class Miniorange_Rba_Attributes {
29
+
30
+ private $auth_mode = 2; // miniorange test or not
31
+ private $https_mode = false; // website http or https
32
+
33
+ function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
+ $customerKey = get_option( 'mo2f_customerKey' );
41
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
+
43
+ $http_header_array = Mo2f_Api::get_http_header_array();
44
+
45
+ return Mo2f_Api::make_curl_call( $url, $field_string, $http_header_array );
46
+ }
47
+
48
+ function get_curl_error_message() {
49
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
50
+ ' <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">' .
51
+ mo2f_lt( 'Click here' ) .
52
+ ' </a> ' .
53
+ mo2f_lt( 'for the steps to enable curl or check Help & Troubleshooting.' );
54
+
55
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
+ }
57
+
58
+ function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
+
60
+ if ( ! MO2f_Utility::is_curl_installed() ) {
61
+ return $this->get_curl_error_message();
62
+ }
63
+
64
+ $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
+ $customerKey = get_option( 'mo2f_customerKey' );
66
+ $field_string = array(
67
+ 'customerKey' => $customerKey,
68
+ 'appSecret' => get_option( 'mo2f_app_secret' ),
69
+ 'userKey' => $useremail,
70
+ 'sessionUuid' => $sessionUuid
71
+ );
72
+
73
+ $http_header_array = Mo2f_Api::get_http_header_array();
74
+
75
+ return Mo2f_Api::make_curl_call( $url, $field_string, $http_header_array );
76
+ }
77
+
78
+ function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
79
+
80
+ if ( ! MO2f_Utility::is_curl_installed() ) {
81
+ return $this->get_curl_error_message();
82
+ }
83
+
84
+ $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
85
+ $customerKey = get_option( 'mo2f_customerKey' );
86
+ $field_string = array(
87
+ 'customerKey' => $customerKey,
88
+ 'userKey' => $useremail,
89
+ 'sessionUuid' => $sessionUuid
90
+ );
91
+
92
+ $http_header_array = Mo2f_Api::get_http_header_array();
93
+
94
+ return Mo2f_Api::make_curl_call( $url, $field_string, $http_header_array );
95
+ }
96
+
97
+ function mo2f_get_app_secret() {
98
+
99
+ if ( ! MO2f_Utility::is_curl_installed() ) {
100
+ return $this->get_curl_error_message();
101
+ }
102
+
103
+ $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
104
+ $customerKey = get_option( 'mo2f_customerKey' );
105
+ $field_string = array(
106
+ 'customerId' => $customerKey
107
+ );
108
+
109
+ $http_header_array = Mo2f_Api::get_http_header_array();
110
+
111
+ return Mo2f_Api::make_curl_call( $url, $field_string, $http_header_array );
112
+ }
113
+
114
+ function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
115
+
116
+ if ( ! MO2f_Utility::is_curl_installed() ) {
117
+ return $this->get_curl_error_message();
118
+ }
119
+
120
+ $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
121
+ $customerKey = get_option( 'mo2f_customerKey' );
122
+ $field_string = array(
123
+ 'customerKey' => $customerKey,
124
+ 'username' => $useremail,
125
+ 'googleAuthenticatorName' => $googleAuthenticatorName
126
+ );
127
+
128
+ $http_header_array = Mo2f_Api::get_http_header_array();
129
+
130
+ return Mo2f_Api::make_curl_call( $url, $field_string, $http_header_array );
131
+ }
132
+
133
+ function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
134
+
135
+ if ( ! MO2f_Utility::is_curl_installed() ) {
136
+ return $this->get_curl_error_message();
137
+ }
138
+
139
+
140
+ $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
141
+
142
+ $customerKey = get_option( 'mo2f_customerKey' );
143
+ $field_string = array(
144
+ 'customerKey' => $customerKey,
145
+ 'username' => $useremail,
146
+ 'secret' => $secret,
147
+ 'otpToken' => $otptoken
148
+ );
149
+
150
+ $http_header_array = Mo2f_Api::get_http_header_array();
151
+
152
+ return Mo2f_Api::make_curl_call( $url, $field_string, $http_header_array );
153
+ }
154
+
155
+ }
156
+
157
+ ?>
api/class-two-factor-setup.php ADDED
@@ -0,0 +1,173 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . '/mo2f_api.php';
27
+
28
+ class Two_Factor_Setup {
29
+
30
+ public $email;
31
+ private $auth_mode = 2; // miniorange test or not
32
+ private $https_mode = false; // website http or https
33
+ function check_mobile_status( $tId ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/api/auth/auth-status';
40
+ $fields = array(
41
+ 'txId' => $tId
42
+ );
43
+
44
+ $http_header_array = Mo2f_Api::get_http_header_array();
45
+
46
+ return Mo2f_Api::make_curl_call( $url, $fields, $http_header_array );
47
+ }
48
+
49
+
50
+ function get_curl_error_message() {
51
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
52
+ ' <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">' .
53
+ mo2f_lt( 'Click here' ) .
54
+ ' </a> ' .
55
+ mo2f_lt( 'for the steps to enable curl or check Help & Troubleshooting.' );
56
+
57
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
58
+ }
59
+
60
+ function register_mobile( $useremail ) {
61
+
62
+ if ( ! MO2f_Utility::is_curl_installed() ) {
63
+ return $this->get_curl_error_message();
64
+ }
65
+
66
+ $url = MO_HOST_NAME . '/moas/api/auth/register-mobile';
67
+ $customerKey = get_option( 'mo2f_customerKey' );
68
+ $fields = array(
69
+ 'customerId' => $customerKey,
70
+ 'username' => $useremail
71
+ );
72
+
73
+ $http_header_array = Mo2f_Api::get_http_header_array();
74
+
75
+ return Mo2f_Api::make_curl_call( $url, $fields, $http_header_array );
76
+ }
77
+
78
+ function mo_check_user_already_exist( $email ) {
79
+
80
+ if ( ! MO2f_Utility::is_curl_installed() ) {
81
+ return $this->get_curl_error_message();
82
+ }
83
+
84
+ $url = MO_HOST_NAME . '/moas/api/admin/users/search';
85
+ $customerKey = get_option( 'mo2f_customerKey' );
86
+ $fields = array(
87
+ 'customerKey' => $customerKey,
88
+ 'username' => $email,
89
+ );
90
+
91
+ $http_header_array = Mo2f_Api::get_http_header_array();
92
+
93
+ return Mo2f_Api::make_curl_call( $url, $fields, $http_header_array );
94
+ }
95
+
96
+ function mo_create_user( $currentuser, $email ) {
97
+
98
+ if ( ! MO2f_Utility::is_curl_installed() ) {
99
+ return $this->get_curl_error_message();
100
+ }
101
+
102
+ $url = MO_HOST_NAME . '/moas/api/admin/users/create';
103
+ $customerKey = get_option( 'mo2f_customerKey' );
104
+ $fields = array(
105
+ 'customerKey' => $customerKey,
106
+ 'username' => $email,
107
+ 'firstName' => $currentuser->user_firstname,
108
+ 'lastName' => $currentuser->user_lastname
109
+ );
110
+
111
+ $http_header_array = Mo2f_Api::get_http_header_array();
112
+
113
+ return Mo2f_Api::make_curl_call( $url, $fields, $http_header_array );
114
+ }
115
+
116
+ function mo2f_get_userinfo( $email ) {
117
+
118
+ if ( ! MO2f_Utility::is_curl_installed() ) {
119
+ return $this->get_curl_error_message();
120
+ }
121
+
122
+ $url = MO_HOST_NAME . '/moas/api/admin/users/get';
123
+ $customerKey = get_option( 'mo2f_customerKey' );
124
+ $fields = array(
125
+ 'customerKey' => $customerKey,
126
+ 'username' => $email,
127
+ );
128
+
129
+ $http_header_array = Mo2f_Api::get_http_header_array();
130
+
131
+ return Mo2f_Api::make_curl_call( $url, $fields, $http_header_array );
132
+ }
133
+
134
+ function mo2f_update_userinfo( $email, $authType, $phone, $tname, $enableAdminSecondFactor ) {
135
+
136
+ if ( ! MO2f_Utility::is_curl_installed() ) {
137
+ return $this->get_curl_error_message();
138
+ }
139
+
140
+ $url = MO_HOST_NAME . '/moas/api/admin/users/update';
141
+ $customerKey = get_option( 'mo2f_customerKey' );
142
+ $fields = array(
143
+ 'customerKey' => $customerKey,
144
+ 'username' => $email,
145
+ 'phone' => $phone,
146
+ 'authType' => $authType,
147
+ 'transactionName' => $tname,
148
+ 'adminLoginSecondFactor' => $enableAdminSecondFactor
149
+ );
150
+ $http_header_array = Mo2f_Api::get_http_header_array();
151
+
152
+ return Mo2f_Api::make_curl_call( $url, $fields, $http_header_array );
153
+ }
154
+
155
+ function register_kba_details( $email, $question1, $answer1, $question2, $answer2, $question3, $answer3 ) {
156
+
157
+ if ( ! MO2f_Utility::is_curl_installed() ) {
158
+ return $this->get_curl_error_message();
159
+ }
160
+
161
+ $url = MO_HOST_NAME . '/moas/api/auth/register';
162
+ $customerKey = get_option( 'mo2f_customerKey' );
163
+ $q_and_a_list = "[{\"question\":\"" . $question1 . "\",\"answer\":\"" . $answer1 . "\" },{\"question\":\"" . $question2 . "\",\"answer\":\"" . $answer2 . "\" },{\"question\":\"" . $question3 . "\",\"answer\":\"" . $answer3 . "\" }]";
164
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"username\":\"" . $email . "\",\"questionAnswerList\":" . $q_and_a_list . "}";
165
+
166
+ $http_header_array = Mo2f_Api::get_http_header_array();
167
+
168
+ return Mo2f_Api::make_curl_call( $url, $field_string, $http_header_array );
169
+
170
+ }
171
+ }
172
+
173
+ ?>
api/mo2f_api.php ADDED
@@ -0,0 +1,71 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class Mo2f_Api
4
+ {
5
+
6
+ public function mo2f_wp_remote_post($url, $args = array()){
7
+ $response = wp_remote_post($url, $args);
8
+ if(!is_wp_error($response)){
9
+ return $response['body'];
10
+ } else {
11
+ $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
12
+
13
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
14
+ }
15
+ }
16
+
17
+ function get_timestamp() {
18
+
19
+ $currentTimeInMillis = round( microtime( true ) * 1000 );
20
+ $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
21
+
22
+ return $currentTimeInMillis ;
23
+ }
24
+
25
+ function make_curl_call( $url, $fields, $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic")) {
26
+
27
+ if ( gettype( $fields ) !== 'string' ) {
28
+ $fields = json_encode( $fields );
29
+ }
30
+
31
+ $args = array(
32
+ 'method' => 'POST',
33
+ 'body' => $fields,
34
+ 'timeout' => '5',
35
+ 'redirection' => '5',
36
+ 'httpversion' => '1.0',
37
+ 'blocking' => true,
38
+ 'headers' => $http_header_array
39
+ );
40
+
41
+ // 'sslverify' => true,//MO_TEST_MODE ? false: true
42
+ //wp_remote_retrieve_body
43
+
44
+ $response = Mo2f_Api::mo2f_wp_remote_post($url, $args);
45
+ return $response;
46
+
47
+ }
48
+
49
+ function get_http_header_array() {
50
+
51
+ $customerKey = get_option( 'mo2f_customerKey' );
52
+ $apiKey = get_option( 'mo2f_api_key' );
53
+
54
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
55
+ $currentTimeInMillis = Mo2f_Api::get_timestamp();
56
+
57
+ /* Creating the Hash using SHA-512 algorithm */
58
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;;
59
+ $hashValue = hash( "sha512", $stringToHash );
60
+
61
+ $headers = array(
62
+ "Content-Type" => "application/json",
63
+ "Customer-Key" => $customerKey,
64
+ "Timestamp" => $currentTimeInMillis,
65
+ "Authorization" => $hashValue
66
+ );
67
+
68
+ return $headers;
69
+ }
70
+
71
+ }
class-customer-setup.php DELETED
@@ -1,666 +0,0 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
- class Customer_Setup {
26
-
27
- public $email;
28
- public $phone;
29
- public $customerKey;
30
- public $transactionId;
31
-
32
- private $auth_mode = 2; // miniorange test or not
33
- private $https_mode = false; // website http or https
34
-
35
- function check_customer() {
36
- if ( ! MO2f_Utility::is_curl_installed() ) {
37
- $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
38
-
39
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
40
- }
41
-
42
- $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
43
- $ch = curl_init( $url );
44
- $email = get_option( "mo2f_email" );
45
-
46
- $fields = array(
47
- 'email' => $email,
48
- );
49
- $field_string = json_encode( $fields );
50
-
51
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
52
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
53
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
54
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
55
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
56
-
57
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
58
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
59
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
60
- 'Content-Type: application/json',
61
- 'charset: UTF - 8',
62
- 'Authorization: Basic'
63
- ) );
64
- curl_setopt( $ch, CURLOPT_POST, true );
65
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
66
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
67
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
68
-
69
- $proxy_host = get_option( 'mo2f_proxy_host' );
70
- if ( ! empty( $proxy_host ) ) {
71
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
72
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
73
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
74
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
75
-
76
- }
77
-
78
- $content = curl_exec( $ch );
79
- if ( curl_errno( $ch ) ) {
80
- return null;
81
- }
82
- curl_close( $ch );
83
-
84
- return $content;
85
- }
86
-
87
- function send_email_alert( $email, $phone, $message ) {
88
-
89
- $url = MO_HOST_NAME . '/moas/api/notify/send';
90
- $ch = curl_init( $url );
91
-
92
- $customerKey = "16555";
93
- $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
94
-
95
- $currentTimeInMillis = self::get_timestamp();
96
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
97
- $hashValue = hash( "sha512", $stringToHash );
98
- $customerKeyHeader = "Customer-Key: " . $customerKey;
99
- $timestampHeader = "Timestamp: " . $currentTimeInMillis;
100
- $authorizationHeader = "Authorization: " . $hashValue;
101
- $fromEmail = $email;
102
- $subject = "WordPress 2FA Plugin Feedback - " . $email;
103
-
104
- global $user;
105
- $user = wp_get_current_user();
106
- $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
107
- $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
108
-
109
-
110
- $customer_feature = "";
111
-
112
- if ( $is_ec_with_1_user ) {
113
- $customer_feature = "V1";
114
- }else if ( $is_nc_with_1_user ) {
115
- $customer_feature = "V3";
116
- }
117
-
118
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
119
-
120
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
121
-
122
- $fields = array(
123
- 'customerKey' => $customerKey,
124
- 'sendEmail' => true,
125
- 'email' => array(
126
- 'customerKey' => $customerKey,
127
- 'fromEmail' => $fromEmail,
128
- 'fromName' => 'Xecurify',
129
- 'toEmail' => '2fasupport@xecurify.com',
130
- 'toName' => '2fasupport@xecurify.com',
131
- 'subject' => $subject,
132
- 'content' => $content
133
- ),
134
- );
135
- $field_string = json_encode( $fields );
136
-
137
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
138
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
139
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
140
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
141
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
142
-
143
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
144
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
145
- "Content-Type: application/json",
146
- $customerKeyHeader,
147
- $timestampHeader,
148
- $authorizationHeader
149
- ) );
150
- curl_setopt( $ch, CURLOPT_POST, true );
151
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
152
- $content = curl_exec( $ch );
153
-
154
- if ( curl_errno( $ch ) ) {
155
- return json_encode( array( "status" => 'ERROR', 'statusMessage' => curl_error( $ch ) ) );
156
- }
157
- curl_close( $ch );
158
-
159
- return ( $content );
160
-
161
- }
162
-
163
- function get_timestamp() {
164
- $url = MO_HOST_NAME . '/moas/rest/mobile/get-timestamp';
165
- $ch = curl_init( $url );
166
-
167
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
168
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
169
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
170
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
171
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode );
172
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode ); // required for https urls
173
-
174
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
175
-
176
- curl_setopt( $ch, CURLOPT_POST, true );
177
-
178
- if ( defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ) && defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' ) ) {
179
- curl_setopt( $ch, CURLOPT_PROXY, WP_PROXY_HOST );
180
- curl_setopt( $ch, CURLOPT_PROXYPORT, WP_PROXY_PORT );
181
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
182
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD );
183
- }
184
-
185
- $content = curl_exec( $ch );
186
-
187
- if ( curl_errno( $ch ) ) {
188
- echo 'Error in sending curl Request';
189
- exit ();
190
- }
191
- curl_close( $ch );
192
- $is_empty = empty( $content )|| stripos($content, 'BAD REQUEST');
193
- if ( $is_empty ) {
194
- $currentTimeInMillis = round( microtime( true ) * 1000 );
195
- $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
196
- }
197
-
198
- // $currentTimeInMillis = round( microtime( true ) * 1000 );
199
-
200
- return $is_empty ? $currentTimeInMillis : $content;
201
- }
202
-
203
- function create_customer() {
204
- global $Mo2fdbQueries;
205
- if ( ! MO2f_Utility::is_curl_installed() ) {
206
- $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
207
-
208
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
209
- }
210
-
211
- $url = MO_HOST_NAME . '/moas/rest/customer/add';
212
- $ch = curl_init( $url );
213
- global $user;
214
- $user = wp_get_current_user();
215
- $this->email = get_option( 'mo2f_email' );
216
- $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
217
- $password = get_option( 'mo2f_password' );
218
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
219
- $firstName = get_option( 'mo2f_admin_first_name' );
220
- $lastName = get_option( 'mo2_admin_last_name' );
221
-
222
- $fields = array(
223
- 'companyName' => $company,
224
- 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
225
- 'productInterest' => 'API_2FA',
226
- 'firstname' => $firstName,
227
- 'lastname' => $lastName,
228
- 'email' => $this->email,
229
- 'phone' => $this->phone,
230
- 'password' => $password
231
- );
232
- $field_string = json_encode( $fields );
233
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
234
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
235
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
236
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
237
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
238
-
239
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
240
-
241
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
242
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
243
- 'Content-Type: application/json',
244
- 'charset: UTF - 8',
245
- 'Authorization: Basic'
246
- ) );
247
- curl_setopt( $ch, CURLOPT_POST, true );
248
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
249
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
250
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
251
-
252
- $proxy_host = get_option( 'mo2f_proxy_host' );
253
- if ( ! empty( $proxy_host ) ) {
254
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
255
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
256
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
257
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
258
-
259
- }
260
-
261
- $content = curl_exec( $ch );
262
-
263
- if ( curl_errno( $ch ) ) {
264
- return null;
265
- }
266
-
267
-
268
- curl_close( $ch );
269
-
270
- return $content;
271
- }
272
-
273
- function get_customer_key() {
274
- if ( ! MO2f_Utility::is_curl_installed() ) {
275
- $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
276
-
277
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
278
- }
279
-
280
- $url = MO_HOST_NAME . "/moas/rest/customer/key";
281
- $ch = curl_init( $url );
282
- $email = get_option( "mo2f_email" );
283
- $password = get_option( "mo2f_password" );
284
-
285
- $fields = array(
286
- 'email' => $email,
287
- 'password' => $password
288
- );
289
- $field_string = json_encode( $fields );
290
-
291
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
292
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
293
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
294
-
295
-
296
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
297
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
298
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
299
-
300
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
301
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
302
- 'Content-Type: application/json',
303
- 'charset: UTF - 8',
304
- 'Authorization: Basic'
305
- ) );
306
- curl_setopt( $ch, CURLOPT_POST, true );
307
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
308
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
309
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
310
-
311
- $proxy_host = get_option( 'mo2f_proxy_host' );
312
- if ( ! empty( $proxy_host ) ) {
313
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
314
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
315
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
316
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
317
-
318
- }
319
-
320
- $content = curl_exec( $ch );
321
-
322
- if ( curl_errno( $ch ) ) {
323
- return null;
324
- }
325
- curl_close( $ch );
326
-
327
- return $content;
328
- }
329
-
330
- function send_otp_token( $uKey, $authType, $cKey, $apiKey ) {
331
- if ( ! MO2f_Utility::is_curl_installed() ) {
332
- $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
333
-
334
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
335
- }
336
-
337
- $url = MO_HOST_NAME . '/moas/api/auth/challenge';
338
- $ch = curl_init( $url );
339
-
340
- /* The customer Key provided to you */
341
- $customerKey = $cKey;
342
-
343
- /* The customer API Key provided to you */
344
- $apiKey = $apiKey;
345
-
346
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
347
- $currentTimeInMillis = self::get_timestamp();
348
-
349
- /* Creating the Hash using SHA-512 algorithm */
350
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
351
- $hashValue = hash( "sha512", $stringToHash );
352
-
353
- $customerKeyHeader = "Customer-Key: " . $customerKey;
354
- $timestampHeader = "Timestamp: " . $currentTimeInMillis;
355
- $authorizationHeader = "Authorization: " . $hashValue;
356
-
357
-
358
- $fields = '';
359
- if ( $authType == 'EMAIL' || $authType == 'OUT OF BAND EMAIL' ) {
360
- $fields = array(
361
- 'customerKey' => $customerKey,
362
- 'email' => $uKey,
363
- 'authType' => $authType,
364
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
365
- );
366
- } else if ( $authType == 'SMS' ) {
367
- $authType = "SMS";
368
- $fields = array(
369
- 'customerKey' => $customerKey,
370
- 'phone' => $uKey,
371
- 'authType' => $authType
372
- );
373
- } else {
374
- $fields = array(
375
- 'customerKey' => $customerKey,
376
- 'username' => $uKey,
377
- 'authType' => $authType,
378
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
379
- );
380
- }
381
-
382
- $field_string = json_encode( $fields );
383
-
384
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
385
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
386
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
387
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
388
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
389
-
390
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
391
-
392
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
393
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
394
- "Content-Type: application/json",
395
- $customerKeyHeader,
396
- $timestampHeader,
397
- $authorizationHeader
398
- ) );
399
- curl_setopt( $ch, CURLOPT_POST, true );
400
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
401
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
402
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
403
-
404
- $proxy_host = get_option( 'mo2f_proxy_host' );
405
- if ( ! empty( $proxy_host ) ) {
406
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
407
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
408
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
409
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
410
-
411
- }
412
-
413
- $content = curl_exec( $ch );
414
- if ( curl_errno( $ch ) ) {
415
- return null;
416
- }
417
- curl_close( $ch );
418
-
419
- return $content;
420
- }
421
-
422
- function get_customer_transactions( $cKey, $apiKey ) {
423
-
424
- $url = MO_HOST_NAME . '/moas/rest/customer/license';
425
- $ch = curl_init( $url );
426
-
427
- $customerKey = $cKey;
428
- $apiKey = $apiKey;
429
-
430
- $currentTimeInMillis = self::get_timestamp();
431
-
432
-
433
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
434
- $hashValue = hash( "sha512", $stringToHash );
435
-
436
- $customerKeyHeader = "Customer-Key: " . $customerKey;
437
- $timestampHeader = "Timestamp: " . $currentTimeInMillis;
438
- $authorizationHeader = "Authorization: " . $hashValue;
439
-
440
-
441
- $fields = '';
442
- $fields = array(
443
- 'customerId' => $customerKey,
444
- 'applicationName' => 'wp_2fa',
445
- 'licenseType' => 'DEMO'
446
- );
447
-
448
- $field_string = json_encode( $fields );
449
-
450
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
451
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
452
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
453
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
454
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
455
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
456
-
457
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
458
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
459
- "Content-Type: application/json",
460
- $customerKeyHeader,
461
- $timestampHeader,
462
- $authorizationHeader
463
- ) );
464
- curl_setopt( $ch, CURLOPT_POST, true );
465
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
466
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
467
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
468
-
469
-
470
- /** Proxy Details **/
471
- $proxy_host = get_option( 'mo2f_proxy_host' );
472
- if ( ! empty( $proxy_host ) ) {
473
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
474
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
475
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
476
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
477
-
478
- } else if ( defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ) ) {
479
- curl_setopt( $ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP );
480
- curl_setopt( $ch, CURLOPT_PROXY, WP_PROXY_HOST );
481
- curl_setopt( $ch, CURLOPT_PROXYPORT, WP_PROXY_PORT );
482
- }
483
-
484
-
485
- $content = curl_exec( $ch );
486
- if ( curl_errno( $ch ) ) {
487
- return null;
488
- }
489
-
490
- curl_close( $ch );
491
-
492
- return $content;
493
- }
494
-
495
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey ) {
496
- if ( ! MO2f_Utility::is_curl_installed() ) {
497
- $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
498
-
499
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
500
- }
501
-
502
- $url = MO_HOST_NAME . '/moas/api/auth/validate';
503
- $ch = curl_init( $url );
504
-
505
- /* The customer Key provided to you */
506
- $customerKey = $cKey;
507
-
508
- /* The customer API Key provided to you */
509
- $apiKey = $customerApiKey;
510
-
511
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
512
- $currentTimeInMillis = self::get_timestamp();
513
-
514
- /* Creating the Hash using SHA-512 algorithm */
515
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
516
- $hashValue = hash( "sha512", $stringToHash );
517
-
518
- $customerKeyHeader = "Customer-Key: " . $customerKey;
519
- $timestampHeader = "Timestamp: " . $currentTimeInMillis;
520
- $authorizationHeader = "Authorization: " . $hashValue;
521
-
522
- $fields = '';
523
- if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
524
- /*check for soft token*/
525
- $fields = array(
526
- 'customerKey' => $customerKey,
527
- 'username' => $username,
528
- 'token' => $otpToken,
529
- 'authType' => $authType
530
- );
531
- } else if ( $authType == 'KBA' ) {
532
- $fields = array(
533
- 'txId' => $transactionId,
534
- 'answers' => array(
535
- array(
536
- 'question' => $otpToken[0],
537
- 'answer' => $otpToken[1]
538
- ),
539
- array(
540
- 'question' => $otpToken[2],
541
- 'answer' => $otpToken[3]
542
- )
543
- )
544
- );
545
- } else {
546
- //*check for otp over sms/email
547
- $fields = array(
548
- 'txId' => $transactionId,
549
- 'token' => $otpToken
550
- );
551
- }
552
- $field_string = json_encode( $fields );
553
-
554
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
555
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
556
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
557
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
558
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
559
-
560
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
561
-
562
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
563
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
564
- "Content-Type: application/json",
565
- $customerKeyHeader,
566
- $timestampHeader,
567
- $authorizationHeader
568
- ) );
569
- curl_setopt( $ch, CURLOPT_POST, true );
570
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
571
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
572
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
573
-
574
- $proxy_host = get_option( 'mo2f_proxy_host' );
575
- if ( ! empty( $proxy_host ) ) {
576
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
577
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
578
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
579
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
580
-
581
- }
582
-
583
- $content = curl_exec( $ch );
584
-
585
- if ( curl_errno( $ch ) ) {
586
- return null;
587
- }
588
- curl_close( $ch );
589
-
590
- return $content;
591
- }
592
-
593
- function submit_contact_us( $q_email, $q_phone, $query ) {
594
- if ( ! MO2f_Utility::is_curl_installed() ) {
595
- $message = 'Please enable curl extension. <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">Click here</a> for the steps to enable curl or check Help & Troubleshooting.';
596
-
597
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
598
- }
599
-
600
- $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
601
- $ch = curl_init( $url );
602
- global $user;
603
- $user = wp_get_current_user();
604
- $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
605
- $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
606
-
607
-
608
- $customer_feature = "";
609
-
610
- if ( $is_ec_with_1_user ) {
611
- $customer_feature = "V1";
612
- } else if ( $is_nc_with_1_user ) {
613
- $customer_feature = "V3";
614
- }
615
-
616
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $query;
617
- $fields = array(
618
- 'firstName' => $user->user_firstname,
619
- 'lastName' => $user->user_lastname,
620
- 'company' => $_SERVER['SERVER_NAME'],
621
- 'email' => $q_email,
622
- 'ccEmail' => '2fasupport@xecurify.com',
623
- 'phone' => $q_phone,
624
- 'query' => $query
625
- );
626
- $field_string = json_encode( $fields );
627
-
628
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
629
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
630
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
631
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
632
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
633
-
634
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
635
-
636
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
637
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
638
- 'Content-Type: application/json',
639
- 'charset: UTF-8',
640
- 'Authorization: Basic'
641
- ) );
642
- curl_setopt( $ch, CURLOPT_POST, true );
643
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $field_string );
644
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
645
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
646
-
647
- $proxy_host = get_option( 'mo2f_proxy_host' );
648
- if ( ! empty( $proxy_host ) ) {
649
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
650
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
651
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
652
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
653
-
654
- }
655
-
656
- $content = curl_exec( $ch );
657
-
658
- if ( curl_errno( $ch ) ) {
659
- return null;
660
- }
661
- curl_close( $ch );
662
-
663
- return true;
664
- }
665
-
666
- } ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
class-miniorange-2-factor-pass2fa-login.php CHANGED
@@ -22,7 +22,7 @@
22
  * Contains Request Calls to Customer service.
23
  **/
24
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
25
- include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
26
 
27
  class Miniorange_Password_2Factor_Login {
28
 
22
  * Contains Request Calls to Customer service.
23
  **/
24
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_common_login.php';
25
+ include_once dirname( __FILE__ ) . '/api/class-rba-attributes.php';
26
 
27
  class Miniorange_Password_2Factor_Login {
28
 
class-rba-attributes.php DELETED
@@ -1,261 +0,0 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
- class Miniorange_Rba_Attributes {
26
-
27
- private $auth_mode = 2; // miniorange test or not
28
- private $https_mode = false; // website http or https
29
-
30
- function mo2f_collect_attributes( $useremail, $rba_attributes ) {
31
-
32
- if ( ! MO2f_Utility::is_curl_installed() ) {
33
- return $this->get_curl_error_message();
34
- }
35
-
36
- $url = MO_HOST_NAME . '/moas/rest/rba/acs';
37
- $customerKey = get_option( 'mo2f_customerKey' );
38
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
39
-
40
- $http_header_array = $this->get_http_header_array();
41
-
42
- return $this->make_curl_call( $url, $field_string, $http_header_array );
43
- }
44
-
45
- function get_curl_error_message() {
46
- $message = mo2f_lt( 'Please enable curl extension.' ) .
47
- ' <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">' .
48
- mo2f_lt( 'Click here' ) .
49
- ' </a> ' .
50
- mo2f_lt( 'for the steps to enable curl or check Help & Troubleshooting.' );
51
-
52
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
53
- }
54
-
55
- function get_http_header_array() {
56
-
57
- $customerKey = get_option( 'mo2f_customerKey' );
58
- $apiKey = get_option( 'mo2f_api_key' );
59
-
60
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
61
- $currentTimeInMillis = self::get_timestamp();
62
-
63
- /* Creating the Hash using SHA-512 algorithm */
64
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
65
- $hashValue = hash( "sha512", $stringToHash );
66
-
67
- $customerKeyHeader = "Customer-Key: " . $customerKey;
68
- $timestampHeader = "Timestamp: " . $currentTimeInMillis;
69
- $authorizationHeader = "Authorization: " . $hashValue;
70
-
71
- return array( "Content-Type: application/json", $customerKeyHeader, $timestampHeader, $authorizationHeader );
72
- }
73
-
74
- function get_timestamp() {
75
- $url = MO_HOST_NAME . '/moas/rest/mobile/get-timestamp';
76
-
77
- $ch = curl_init( $url );
78
-
79
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
80
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
81
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
82
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
83
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode );
84
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode ); // required for https urls
85
-
86
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
87
-
88
- curl_setopt( $ch, CURLOPT_POST, true );
89
-
90
- $proxy_host = get_option( 'mo2f_proxy_host' );
91
- if (! empty( $proxy_host ) ){
92
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
93
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
94
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
95
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
96
-
97
- }else if ( defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ) && defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' ) ) {
98
- curl_setopt( $ch, CURLOPT_PROXY, WP_PROXY_HOST );
99
- curl_setopt( $ch, CURLOPT_PROXYPORT, WP_PROXY_PORT );
100
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
101
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD );
102
- }
103
-
104
- $content = curl_exec( $ch );
105
-
106
- if ( curl_errno( $ch ) ) {
107
- echo 'Error in sending curl Request';
108
- exit ();
109
- }
110
- curl_close( $ch );
111
-
112
- $is_empty = empty( $content )|| stripos($content, 'BAD REQUEST');
113
- if($is_empty ){
114
- $currentTimeInMillis = round( microtime( true ) * 1000 );
115
- $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
116
- }
117
- return $is_empty ? $currentTimeInMillis : $content;
118
- }
119
-
120
- function make_curl_call( $url, $fields, $http_header_array ) {
121
-
122
- if ( gettype( $fields ) !== 'string' ) {
123
- $fields = json_encode( $fields );
124
- }
125
-
126
- $ch = curl_init( $url );
127
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
128
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
129
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
130
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
131
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
132
-
133
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
134
-
135
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
136
- curl_setopt( $ch, CURLOPT_HTTPHEADER, $http_header_array );
137
- curl_setopt( $ch, CURLOPT_POST, true );
138
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $fields );
139
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
140
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
141
-
142
- $proxy_host = get_option( 'mo2f_proxy_host' );
143
- if (! empty( $proxy_host ) ){
144
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
145
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
146
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
147
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
148
-
149
- }
150
-
151
- $content = curl_exec( $ch );
152
-
153
- if ( curl_errno( $ch ) ) {
154
- return null;
155
- }
156
-
157
- curl_close( $ch );
158
-
159
- return $content;
160
- }
161
-
162
- function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
163
-
164
- if ( ! MO2f_Utility::is_curl_installed() ) {
165
- return $this->get_curl_error_message();
166
- }
167
-
168
- $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
169
- $customerKey = get_option( 'mo2f_customerKey' );
170
- $field_string = array(
171
- 'customerKey' => $customerKey,
172
- 'appSecret' => get_option( 'mo2f_app_secret' ),
173
- 'userKey' => $useremail,
174
- 'sessionUuid' => $sessionUuid
175
- );
176
-
177
- $http_header_array = $this->get_http_header_array();
178
-
179
- return $this->make_curl_call( $url, $field_string, $http_header_array );
180
- }
181
-
182
- function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
183
-
184
- if ( ! MO2f_Utility::is_curl_installed() ) {
185
- return $this->get_curl_error_message();
186
- }
187
-
188
- $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
189
- $customerKey = get_option( 'mo2f_customerKey' );
190
- $field_string = array(
191
- 'customerKey' => $customerKey,
192
- 'userKey' => $useremail,
193
- 'sessionUuid' => $sessionUuid
194
- );
195
-
196
- $http_header_array = $this->get_http_header_array();
197
-
198
- return $this->make_curl_call( $url, $field_string, $http_header_array );
199
- }
200
-
201
- function mo2f_get_app_secret() {
202
-
203
- if ( ! MO2f_Utility::is_curl_installed() ) {
204
- return $this->get_curl_error_message();
205
- }
206
-
207
- $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
208
- $customerKey = get_option( 'mo2f_customerKey' );
209
- $field_string = array(
210
- 'customerId' => $customerKey
211
- );
212
-
213
- $http_header_array = $this->get_http_header_array();
214
-
215
- return $this->make_curl_call( $url, $field_string, $http_header_array );
216
- }
217
-
218
- function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
219
-
220
- if ( ! MO2f_Utility::is_curl_installed() ) {
221
- return $this->get_curl_error_message();
222
- }
223
-
224
- $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
225
- $customerKey = get_option( 'mo2f_customerKey' );
226
- $field_string = array(
227
- 'customerKey' => $customerKey,
228
- 'username' => $useremail,
229
- 'googleAuthenticatorName' => $googleAuthenticatorName
230
- );
231
-
232
- $http_header_array = $this->get_http_header_array();
233
-
234
- return $this->make_curl_call( $url, $field_string, $http_header_array );
235
- }
236
-
237
- function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
238
-
239
- if ( ! MO2f_Utility::is_curl_installed() ) {
240
- return $this->get_curl_error_message();
241
- }
242
-
243
-
244
- $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
245
-
246
- $customerKey = get_option( 'mo2f_customerKey' );
247
- $field_string = array(
248
- 'customerKey' => $customerKey,
249
- 'username' => $useremail,
250
- 'secret' => $secret,
251
- 'otpToken' => $otptoken
252
- );
253
-
254
- $http_header_array = $this->get_http_header_array();
255
-
256
- return $this->make_curl_call( $url, $field_string, $http_header_array );
257
- }
258
-
259
- }
260
-
261
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
class-two-factor-setup.php DELETED
@@ -1,274 +0,0 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
- class Two_Factor_Setup {
26
-
27
- public $email;
28
- private $auth_mode = 2; // miniorange test or not
29
- private $https_mode = false; // website http or https
30
- function check_mobile_status( $tId ) {
31
-
32
- if ( ! MO2f_Utility::is_curl_installed() ) {
33
- return $this->get_curl_error_message();
34
- }
35
-
36
- $url = MO_HOST_NAME . '/moas/api/auth/auth-status';
37
- $fields = array(
38
- 'txId' => $tId
39
- );
40
-
41
- $http_header_array = $this->get_http_header_array();
42
-
43
- return $this->make_curl_call( $url, $fields, $http_header_array );
44
- }
45
-
46
- function get_curl_error_message() {
47
- $message = mo2f_lt( 'Please enable curl extension.' ) .
48
- ' <a href="admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mo2f_help">' .
49
- mo2f_lt( 'Click here' ) .
50
- ' </a> ' .
51
- mo2f_lt( 'for the steps to enable curl or check Help & Troubleshooting.' );
52
-
53
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
54
- }
55
-
56
- function get_http_header_array() {
57
-
58
- $customerKey = get_option( 'mo2f_customerKey' );
59
- $apiKey = get_option( 'mo2f_api_key' );
60
-
61
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
62
- $currentTimeInMillis = self::get_timestamp();
63
-
64
- /* Creating the Hash using SHA-512 algorithm */
65
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;;
66
- $hashValue = hash( "sha512", $stringToHash );
67
-
68
- $customerKeyHeader = "Customer-Key: " . $customerKey;
69
- $timestampHeader = "Timestamp: " . $currentTimeInMillis;
70
- $authorizationHeader = "Authorization: " . $hashValue;
71
-
72
- return array( "Content-Type: application/json", $customerKeyHeader, $timestampHeader, $authorizationHeader );
73
- }
74
-
75
- function get_timestamp() {
76
- $url = MO_HOST_NAME . '/moas/rest/mobile/get-timestamp';
77
- $ch = curl_init( $url );
78
-
79
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
80
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
81
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
82
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
83
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode );
84
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode ); // required for https urls
85
-
86
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
87
-
88
- curl_setopt( $ch, CURLOPT_POST, true );
89
- $proxy_host = get_option( 'mo2f_proxy_host' );
90
- if (! empty( $proxy_host ) ){
91
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
92
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
93
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
94
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
95
-
96
- }else if ( defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ) && defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' ) ) {
97
- curl_setopt( $ch, CURLOPT_PROXY, WP_PROXY_HOST );
98
- curl_setopt( $ch, CURLOPT_PROXYPORT, WP_PROXY_PORT );
99
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
100
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD );
101
- }
102
-
103
- $content = curl_exec( $ch );
104
-
105
- if ( curl_errno( $ch ) ) {
106
- echo 'Error in sending curl Request';
107
- exit ();
108
- }
109
- curl_close( $ch );
110
-
111
- $is_empty = empty( $content )|| stripos($content, 'BAD REQUEST');
112
- if($is_empty){
113
- $currentTimeInMillis = round( microtime( true ) * 1000 );
114
- $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
115
- }
116
- return $is_empty ? $currentTimeInMillis : $content;
117
- }
118
-
119
- function make_curl_call( $url, $fields, $http_header_array ) {
120
-
121
- // do not apply this for call from register_kba_details function - have to find out why
122
- if ( gettype( $fields ) !== 'string' ) {
123
- $fields = json_encode( $fields );
124
- }
125
-
126
- $ch = curl_init( $url );
127
-
128
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
129
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
130
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
131
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
132
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, $this->auth_mode );
133
-
134
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, $this->https_mode ); # required for https urls
135
-
136
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
137
- curl_setopt( $ch, CURLOPT_HTTPHEADER, $http_header_array );
138
- curl_setopt( $ch, CURLOPT_POST, true );
139
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $fields );
140
- curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, 5 );
141
- curl_setopt( $ch, CURLOPT_TIMEOUT, 20 );
142
- $proxy_host = get_option( 'mo2f_proxy_host' );
143
- if (! empty( $proxy_host ) ){
144
- curl_setopt( $ch, CURLOPT_PROXY, get_option( 'mo2f_proxy_host' ) );
145
- curl_setopt( $ch, CURLOPT_PROXYPORT, get_option( 'mo2f_port_number' ) );
146
- curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC );
147
- curl_setopt( $ch, CURLOPT_PROXYUSERPWD, get_option( "mo2f_proxy_username" ) . ':' . get_option( "mo2f_proxy_password" ) );
148
-
149
- }
150
- $content = curl_exec( $ch );
151
-
152
- if ( curl_errno( $ch ) ) {
153
- return null;
154
- }
155
-
156
- curl_close( $ch );
157
-
158
- return $content;
159
- }
160
-
161
- function register_mobile( $useremail ) {
162
-
163
- if ( ! MO2f_Utility::is_curl_installed() ) {
164
- return $this->get_curl_error_message();
165
- }
166
-
167
- $url = MO_HOST_NAME . '/moas/api/auth/register-mobile';
168
- $customerKey = get_option( 'mo2f_customerKey' );
169
- $fields = array(
170
- 'customerId' => $customerKey,
171
- 'username' => $useremail
172
- );
173
-
174
- $http_header_array = $this->get_http_header_array();
175
-
176
- return $this->make_curl_call( $url, $fields, $http_header_array );
177
- }
178
-
179
- function mo_check_user_already_exist( $email ) {
180
-
181
- if ( ! MO2f_Utility::is_curl_installed() ) {
182
- return $this->get_curl_error_message();
183
- }
184
-
185
- $url = MO_HOST_NAME . '/moas/api/admin/users/search';
186
- $customerKey = get_option( 'mo2f_customerKey' );
187
- $fields = array(
188
- 'customerKey' => $customerKey,
189
- 'username' => $email,
190
- );
191
-
192
- $http_header_array = $this->get_http_header_array();
193
-
194
- return $this->make_curl_call( $url, $fields, $http_header_array );
195
- }
196
-
197
- function mo_create_user( $currentuser, $email ) {
198
-
199
- if ( ! MO2f_Utility::is_curl_installed() ) {
200
- return $this->get_curl_error_message();
201
- }
202
-
203
- $url = MO_HOST_NAME . '/moas/api/admin/users/create';
204
- $customerKey = get_option( 'mo2f_customerKey' );
205
- $fields = array(
206
- 'customerKey' => $customerKey,
207
- 'username' => $email,
208
- 'firstName' => $currentuser->user_firstname,
209
- 'lastName' => $currentuser->user_lastname
210
- );
211
-
212
- $http_header_array = $this->get_http_header_array();
213
-
214
- return $this->make_curl_call( $url, $fields, $http_header_array );
215
- }
216
-
217
- function mo2f_get_userinfo( $email ) {
218
-
219
- if ( ! MO2f_Utility::is_curl_installed() ) {
220
- return $this->get_curl_error_message();
221
- }
222
-
223
- $url = MO_HOST_NAME . '/moas/api/admin/users/get';
224
- $customerKey = get_option( 'mo2f_customerKey' );
225
- $fields = array(
226
- 'customerKey' => $customerKey,
227
- 'username' => $email,
228
- );
229
-
230
- $http_header_array = $this->get_http_header_array();
231
-
232
- return $this->make_curl_call( $url, $fields, $http_header_array );
233
- }
234
-
235
- function mo2f_update_userinfo( $email, $authType, $phone, $tname, $enableAdminSecondFactor ) {
236
-
237
- if ( ! MO2f_Utility::is_curl_installed() ) {
238
- return $this->get_curl_error_message();
239
- }
240
-
241
- $url = MO_HOST_NAME . '/moas/api/admin/users/update';
242
- $customerKey = get_option( 'mo2f_customerKey' );
243
- $fields = array(
244
- 'customerKey' => $customerKey,
245
- 'username' => $email,
246
- 'phone' => $phone,
247
- 'authType' => $authType,
248
- 'transactionName' => $tname,
249
- 'adminLoginSecondFactor' => $enableAdminSecondFactor
250
- );
251
- $http_header_array = $this->get_http_header_array();
252
-
253
- return $this->make_curl_call( $url, $fields, $http_header_array );
254
- }
255
-
256
- function register_kba_details( $email, $question1, $answer1, $question2, $answer2, $question3, $answer3 ) {
257
-
258
- if ( ! MO2f_Utility::is_curl_installed() ) {
259
- return $this->get_curl_error_message();
260
- }
261
-
262
- $url = MO_HOST_NAME . '/moas/api/auth/register';
263
- $customerKey = get_option( 'mo2f_customerKey' );
264
- $q_and_a_list = "[{\"question\":\"" . $question1 . "\",\"answer\":\"" . $answer1 . "\" },{\"question\":\"" . $question2 . "\",\"answer\":\"" . $answer2 . "\" },{\"question\":\"" . $question3 . "\",\"answer\":\"" . $answer3 . "\" }]";
265
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"username\":\"" . $email . "\",\"questionAnswerList\":" . $q_and_a_list . "}";
266
-
267
- $http_header_array = $this->get_http_header_array();
268
-
269
- return $this->make_curl_call( $url, $field_string, $http_header_array );
270
-
271
- }
272
- }
273
-
274
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
class-utility.php CHANGED
@@ -528,7 +528,12 @@ class MO2f_Utility {
528
 
529
  return $plugin_details["Name"] ? $plugin_details["Name"] : "No Plugin selected" ;
530
  }
531
-
 
 
 
 
 
532
 
533
  }
534
 
528
 
529
  return $plugin_details["Name"] ? $plugin_details["Name"] : "No Plugin selected" ;
530
  }
531
+
532
+ public static function isBlank($value)
533
+ {
534
+ if (!isset($value) || empty($value)) return TRUE;
535
+ return FALSE;
536
+ }
537
 
538
  }
539
 
includes/guides/Guide for Premium Plugin.pdf DELETED
Binary file
includes/guides/Guide for Standard plugin.pdf DELETED
Binary file
includes/guides/Instructions for premium customers.pdf DELETED
Binary file
includes/images/login/GoogleAuthenticatorV1.gif DELETED
Binary file
includes/images/login/GoogleAuthenticatorV1.jpg ADDED
Binary file
includes/images/login/GoogleAuthenticatorV2.gif DELETED
Binary file
includes/images/login/GoogleAuthenticatorV2.jpg ADDED
Binary file
miniorange_2_factor_settings.php CHANGED
@@ -3,16 +3,16 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
- * Version: 5.2.3
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
12
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
13
- include_once dirname( __FILE__ ) . '/class-rba-attributes.php';
14
- include_once dirname( __FILE__ ) . '/class-two-factor-setup.php';
15
- include_once dirname( __FILE__ ) . '/class-customer-setup.php';
16
  include_once dirname( __FILE__ ) . '/database/database_functions.php';
17
  include dirname( __FILE__ ) . '/views/feedback_form.php';
18
  include dirname( __FILE__ ) . '/views/test_2fa_notification.php';
@@ -26,7 +26,7 @@ require( 'class-miniorange-2-factor-pass2fa-login.php' );
26
  require('resources/constants.php');
27
  require('resources/messages.php');
28
  define( 'MOAUTH_PATH', plugins_url( __FILE__ ) );
29
- define( 'MO2F_VERSION', '5.2.3' );
30
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
31
 
32
 
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
+ * Version: 5.2.4
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_configuration.php';
12
  include_once dirname( __FILE__ ) . '/miniorange_2_factor_mobile_configuration.php';
13
+ include_once dirname( __FILE__ ) . '/api/class-rba-attributes.php';
14
+ include_once dirname( __FILE__ ) . '/api/class-two-factor-setup.php';
15
+ include_once dirname( __FILE__ ) . '/api/class-customer-setup.php';
16
  include_once dirname( __FILE__ ) . '/database/database_functions.php';
17
  include dirname( __FILE__ ) . '/views/feedback_form.php';
18
  include dirname( __FILE__ ) . '/views/test_2fa_notification.php';
26
  require('resources/constants.php');
27
  require('resources/messages.php');
28
  define( 'MOAUTH_PATH', plugins_url( __FILE__ ) );
29
+ define( 'MO2F_VERSION', '5.2.4' );
30
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
31
 
32
 
readme.txt CHANGED
@@ -5,7 +5,7 @@ Donate link: https://miniorange.com/
5
  Requires at least: 3.0.1
6
  Tested up to: 5.2
7
  Requires PHP: 5.3.0
8
- Stable tag: 5.2.3
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -271,6 +271,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
271
 
272
  == Changelog ==
273
 
 
 
 
274
  = 5.2.3 =
275
  * Google Authenticator-Two Factor Authentication (2FA) : Fix for some users facing issues in api calls.
276
 
@@ -650,6 +653,9 @@ More descriptive setup messages and UI changes.
650
 
651
  == Upgrade Notice ==
652
 
 
 
 
653
  = 5.2.3 =
654
  * Google Authenticator-Two Factor Authentication (2FA) : Fix for some users facing issues in api calls.
655
 
5
  Requires at least: 3.0.1
6
  Tested up to: 5.2
7
  Requires PHP: 5.3.0
8
+ Stable tag: 5.2.4
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
271
 
272
  == Changelog ==
273
 
274
+ = 5.2.4 =
275
+ * Google Authenticator-Two Factor Authentication (2FA) : Removed curl calls and unncessary files.
276
+
277
  = 5.2.3 =
278
  * Google Authenticator-Two Factor Authentication (2FA) : Fix for some users facing issues in api calls.
279
 
653
 
654
  == Upgrade Notice ==
655
 
656
+ = 5.2.4 =
657
+ * Google Authenticator-Two Factor Authentication (2FA) : Removed curl calls and unncessary files.
658
+
659
  = 5.2.3 =
660
  * Google Authenticator-Two Factor Authentication (2FA) : Fix for some users facing issues in api calls.
661
 
views/feedback_form.php CHANGED
@@ -3,8 +3,8 @@
3
  return;
4
  }
5
 
6
- $setup_guide_link_std = plugins_url( '/../includes/guides/Guide for Standard Plugin.pdf', __FILE__ );
7
- $setup_guide_link_prem = plugins_url( '/../includes/guides/Guide for Premium Plugin.pdf', __FILE__ );
8
  $plugins = MO2f_Utility::get_all_plugins_installed();
9
 
10
  wp_enqueue_style( 'wp-pointer' );
@@ -136,7 +136,7 @@
136
  jQuery('#other_plugins_installed').hide();
137
  jQuery('#query_feedback').attr("placeholder", "Write your query here.");
138
  jQuery('#link_id').html('<p style="background-color:#a3e8c2;padding:5px;">Thanks for upgrading. For Standard plugin guide,' +
139
- ' <a href="<?php echo $setup_guide_link_std; ?>" download><b>click here.</b></a> For Premium plugin guide, <a href="<?php echo $setup_guide_link_prem; ?>" download><b>click here.</b></a></p>');
140
  jQuery('#link_id').show();
141
  }else if(reason=="Database Error"){
142
  jQuery('#query_feedback').attr("placeholder", "Can you please mention the plugin name, and the issue?");
3
  return;
4
  }
5
 
6
+ $setup_guide_link_std = "https://plugins.miniorange.com/guide-to-install-wordpress-2fa-standard-plugin";
7
+ $setup_guide_link_prem = "https://plugins.miniorange.com/guide-to-install-wordpress-2fa-premium-plugin";
8
  $plugins = MO2f_Utility::get_all_plugins_installed();
9
 
10
  wp_enqueue_style( 'wp-pointer' );
136
  jQuery('#other_plugins_installed').hide();
137
  jQuery('#query_feedback').attr("placeholder", "Write your query here.");
138
  jQuery('#link_id').html('<p style="background-color:#a3e8c2;padding:5px;">Thanks for upgrading. For Standard plugin guide,' +
139
+ ' <a target="_blank" href="<?php echo $setup_guide_link_std; ?>" download><b>click here.</b></a> For Premium plugin guide, <a href="<?php echo $setup_guide_link_prem; ?>" download><b>click here.</b></a></p>');
140
  jQuery('#link_id').show();
141
  }else if(reason=="Database Error"){
142
  jQuery('#query_feedback').attr("placeholder", "Can you please mention the plugin name, and the issue?");