Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.16

Version Description

  • Google Authenticator-Two Factor Authentication (2FA, OTP) : Quick form fix.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.16
Comparing to
See all releases

Code changes from version 5.4.12 to 5.4.16

Files changed (74) hide show
  1. api/Mo2f_OnPremRedirect.php +17 -6
  2. api/class-customer-common-setup.php +6 -6
  3. api/class-customer-onprem-setup.php +72 -72
  4. api/class-customer-setup.php +33 -33
  5. api/class-rba-attributes.php +177 -177
  6. api/class-two-factor-setup.php +1 -1
  7. api/mo2f_api.php +1 -0
  8. controllers/account.php +5 -4
  9. controllers/addons.php +4 -4
  10. controllers/backup/backup_ajax.php +156 -156
  11. controllers/backup/backup_created_result.php +13 -13
  12. controllers/backup/backup_schdule.php +21 -21
  13. controllers/content-protection.php +93 -93
  14. controllers/dashboard_ajax.php +210 -210
  15. controllers/ip-blocking.php +256 -256
  16. controllers/licensing.php +49 -49
  17. controllers/login-security.php +4 -4
  18. controllers/main_controller.php +111 -111
  19. controllers/malware_scanner/scan_malware.php +0 -1
  20. controllers/malware_scanner/scan_malware_report.php +4 -4
  21. controllers/malware_scanner/scan_malware_settings.php +2 -4
  22. controllers/navbar.php +1 -1
  23. controllers/newtork_security_features.php +23 -23
  24. controllers/notification-settings.php +100 -100
  25. controllers/pointers.php +2 -1
  26. controllers/registration-security.php +128 -128
  27. controllers/reports.php +24 -24
  28. controllers/request_demo.php +50 -50
  29. controllers/tour-model.php +334 -334
  30. controllers/tour/tour_ajax.php +1 -1
  31. controllers/twofa/mo2fa_common_login.php +132 -20
  32. controllers/twofa/mo2fa_inline_registration.php +16 -12
  33. controllers/twofa/setup_twofa.php +4 -1
  34. controllers/twofa/two_fa_custom_form.php +8 -1
  35. controllers/twofa/two_fa_custom_login.php +2 -2
  36. controllers/twofa/two_fa_unlimittedUser.php +3 -3
  37. controllers/twofa/two_factor_ajax.php +121 -28
  38. controllers/wpns-loginsecurity-ajax.php +38 -0
  39. database/database_functions.php +819 -813
  40. database/database_functions_2fa.php +4 -2
  41. database/mo2f_db_options.php +37 -0
  42. handler/WAF/database/mo-waf-db-common.php +25 -0
  43. handler/WAF/database/mo-waf-db.php +1 -1
  44. handler/WAF/database/mo-waf-plugin-db.php +4 -1
  45. handler/WAF/mo-waf-plugin.php +2 -1
  46. handler/WAF/mo-waf.php +1 -1
  47. handler/WAF/waf-include.php +91 -91
  48. handler/backup.php +8 -6
  49. handler/feedback_form.php +1 -1
  50. handler/login.php +354 -354
  51. handler/mo-error.html +10 -10
  52. handler/recaptcha.php +106 -106
  53. handler/security_features.php +3 -3
  54. handler/signature/APLFI.php +4 -4
  55. handler/signature/APSQLI.php +10 -10
  56. handler/signature/APXSS.php +6 -6
  57. handler/twofa/class_miniorange_2fa_strong_password.php +107 -110
  58. handler/twofa/encryption.php +45 -45
  59. handler/twofa/setup_twofa.php +918 -877
  60. handler/twofa/two_fa_constants.php +1 -1
  61. handler/twofa/two_fa_get_details.php +0 -2
  62. handler/twofa/two_fa_login.php +8 -2
  63. handler/twofa/two_fa_pass2login.php +2654 -2516
  64. handler/twofa/two_fa_settings.php +83 -67
  65. handler/twofa/two_fa_short_call.php +43 -0
  66. handler/twofa/two_fa_short_custom.php +80 -0
  67. handler/twofa/two_fa_short_gateway.php +67 -0
  68. handler/twofa/two_fa_utility.php +17 -3
  69. helper/curl.php +7 -6
  70. helper/dashboard_security_notification.php +23 -17
  71. helper/mo_twofa_sessions.php +53 -0
  72. helper/pluginUtility.php +512 -507
  73. helper/utility.php +22 -8
  74. includes/css/bootstrap.min.css +2358 -5734
api/Mo2f_OnPremRedirect.php CHANGED
@@ -108,7 +108,6 @@ class Mo2f_OnPremRedirect {
108
  function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
109
  {
110
  global $Mo2fdbQueries;
111
-
112
  if(!isset($current_user) or is_null($current_user))
113
  {
114
  if(is_user_logged_in()){
@@ -117,10 +116,21 @@ class Mo2f_OnPremRedirect {
117
  $current_user = unserialize($_SESSION['mo2f_current_user']);
118
  }
119
  }
120
- //$email = get_user_meta($current_user->ID,'email',true);
121
 
122
  if(is_null($email) or empty($email) or $email == '' or !isset($email) )
 
123
  $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
 
 
 
 
 
 
 
 
 
 
 
124
  $subject = '2-Factor Authentication';
125
  $headers = array('Content-Type: text/html; charset=UTF-8');
126
  $otpToken = '';
@@ -131,7 +141,6 @@ class Mo2f_OnPremRedirect {
131
  update_user_meta($current_user->ID,$tokenName,$otpToken);
132
  update_user_meta($current_user->ID,$timeName,time());
133
  update_user_meta($current_user->ID,'tempRegEmail',$email);
134
- //update_site_option('otpTokenEmailV',$otpTokenH);
135
  $message = '<table cellpadding="25" style="margin:0px auto">
136
  <tbody>
137
  <tr>
@@ -218,11 +227,14 @@ class Mo2f_OnPremRedirect {
218
  {
219
  $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
220
  delete_user_meta( $user_id, $dtoken );
221
- if($dtoken == 'mo2f_email_check_code')
222
  {
223
  $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
224
  if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
225
- $Mo2fdbQueries->update_user_details($user_id,array('mo2f_user_email'=> $tempRegEmail));
 
 
 
226
  }
227
  delete_user_meta( $user_id,'tempRegEmail');
228
  }
@@ -231,7 +243,6 @@ class Mo2f_OnPremRedirect {
231
  $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
232
  }
233
 
234
- //exit;
235
  $content = json_encode($arr);
236
  return $content;
237
 
108
  function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
109
  {
110
  global $Mo2fdbQueries;
 
111
  if(!isset($current_user) or is_null($current_user))
112
  {
113
  if(is_user_logged_in()){
116
  $current_user = unserialize($_SESSION['mo2f_current_user']);
117
  }
118
  }
 
119
 
120
  if(is_null($email) or empty($email) or $email == '' or !isset($email) )
121
+ {
122
  $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
123
+ if($email == '' or empty($email))
124
+ {
125
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
126
+
127
+ }
128
+
129
+ }
130
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
131
+ $email = $current_user->user_email;
132
+
133
+ delete_user_meta($current_user->ID,'tempEmail');
134
  $subject = '2-Factor Authentication';
135
  $headers = array('Content-Type: text/html; charset=UTF-8');
136
  $otpToken = '';
141
  update_user_meta($current_user->ID,$tokenName,$otpToken);
142
  update_user_meta($current_user->ID,$timeName,time());
143
  update_user_meta($current_user->ID,'tempRegEmail',$email);
 
144
  $message = '<table cellpadding="25" style="margin:0px auto">
145
  <tbody>
146
  <tr>
227
  {
228
  $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
229
  delete_user_meta( $user_id, $dtoken );
230
+ if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
231
  {
232
  $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
233
  if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
234
+ $Mo2fdbQueries->update_user_details($user_id,array(
235
+ 'mo2f_configured_2FA_method' => 'OTP Over Email',
236
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
237
+ 'mo2f_user_email'=> $tempRegEmail));
238
  }
239
  delete_user_meta( $user_id,'tempRegEmail');
240
  }
243
  $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
244
  }
245
 
 
246
  $content = json_encode($arr);
247
  return $content;
248
 
api/class-customer-common-setup.php CHANGED
@@ -104,8 +104,8 @@ class Customer_Cloud_Setup {
104
 
105
  global $user;
106
  $user = wp_get_current_user();
107
- $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
108
- $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
109
 
110
 
111
  $customer_feature = "";
@@ -255,7 +255,7 @@ class Customer_Cloud_Setup {
255
  $field_string = json_encode( $fields );
256
 
257
  $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
- //{"txId":"8eb0f8d1-bb72-11ea-aad7-02c931e36dd8","authType":"KBA","responseType":"CHALLENGE","phoneDelivery":{"contact":null,"sendStatus":null,"sendTime":null},"emailDelivery":{"contact":null,"sendStatus":null,"sendTime":null},"status":"SUCCESS","message":"Please answer the following security questions.","questions":[{"question":"What is your first company name?"},{"question":"What was your childhood nickname?"}]}
259
  return $content;
260
  }
261
 
@@ -346,7 +346,7 @@ class Customer_Cloud_Setup {
346
  }
347
  $field_string = json_encode( $fields );
348
 
349
-
350
  $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
351
 
352
  return $content;
@@ -362,8 +362,8 @@ class Customer_Cloud_Setup {
362
  $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
363
  global $user;
364
  $user = wp_get_current_user();
365
- $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
366
- $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
367
 
368
  $mo2fApi= new Mo2f_Api();
369
  $customer_feature = "";
104
 
105
  global $user;
106
  $user = wp_get_current_user();
107
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
 
110
 
111
  $customer_feature = "";
255
  $field_string = json_encode( $fields );
256
 
257
  $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
+
259
  return $content;
260
  }
261
 
346
  }
347
  $field_string = json_encode( $fields );
348
 
349
+
350
  $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
351
 
352
  return $content;
362
  $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
363
  global $user;
364
  $user = wp_get_current_user();
365
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
366
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
367
 
368
  $mo2fApi= new Mo2f_Api();
369
  $customer_feature = "";
api/class-customer-onprem-setup.php CHANGED
@@ -1,73 +1,73 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
-
31
-
32
- function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
33
-
34
- $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
- if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
- if(is_null($currentuser) or !isset($currentuser))
39
- $currentuser = wp_get_current_user();
40
- $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
-
42
- }else {
43
-
44
- $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
45
-
46
- }
47
-
48
- return $content;
49
- }
50
-
51
-
52
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
- $content='';
54
- if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
- if(!isset($current_user) or is_null($current_user) )
58
- $current_user = wp_get_current_user();
59
- $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
- //change parameters as per your requirement but make sure other methods are not affected.
61
-
62
- }else{
63
-
64
- $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
-
66
- }
67
- return $content;
68
- }
69
-
70
-
71
- }
72
-
73
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+
31
+
32
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
33
+
34
+ $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
+ if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
+ if(is_null($currentuser) or !isset($currentuser))
39
+ $currentuser = wp_get_current_user();
40
+ $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
+
42
+ }else {
43
+
44
+ $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
45
+
46
+ }
47
+
48
+ return $content;
49
+ }
50
+
51
+
52
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
+ $content='';
54
+ if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
+ if(!isset($current_user) or is_null($current_user) )
58
+ $current_user = wp_get_current_user();
59
+ $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
+ //change parameters as per your requirement but make sure other methods are not affected.
61
+
62
+ }else{
63
+
64
+ $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
+
66
+ }
67
+ return $content;
68
+ }
69
+
70
+
71
+ }
72
+
73
  ?>
api/class-customer-setup.php CHANGED
@@ -1,34 +1,34 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
- //all parent methods
31
- }
32
-
33
-
34
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+ //all parent methods
31
+ }
32
+
33
+
34
  ?>
api/class-rba-attributes.php CHANGED
@@ -1,178 +1,178 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Miniorange_Rba_Attributes {
29
-
30
- private $auth_mode = 2; // miniorange test or not
31
- private $https_mode = false; // website http or https
32
-
33
- function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
-
35
- if ( ! MO2f_Utility::is_curl_installed() ) {
36
- return $this->get_curl_error_message();
37
- }
38
-
39
- $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
- $customerKey = get_option( 'mo2f_customerKey' );
41
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
- $mo2fApi= new Mo2f_Api();
43
- $http_header_array = $mo2fApi->get_http_header_array();
44
-
45
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
- }
47
-
48
- function get_curl_error_message() {
49
- $message = mo2f_lt( 'Please enable curl extension.' ) .
50
- ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
- mo2f_lt( 'Click here' ) .
52
- ' </a> ' .
53
- mo2f_lt( 'for the steps to enable curl.' );
54
-
55
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
- }
57
-
58
- function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
-
60
- if ( ! MO2f_Utility::is_curl_installed() ) {
61
- return $this->get_curl_error_message();
62
- }
63
-
64
- $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
- $customerKey = get_option( 'mo2f_customerKey' );
66
- $field_string = array(
67
- 'customerKey' => $customerKey,
68
- 'appSecret' => get_option( 'mo2f_app_secret' ),
69
- 'userKey' => $useremail,
70
- 'sessionUuid' => $sessionUuid
71
- );
72
- $mo2fApi= new Mo2f_Api();
73
-
74
- $http_header_array = $mo2fApi->get_http_header_array();
75
-
76
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
- }
78
-
79
- function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
-
81
- if ( ! MO2f_Utility::is_curl_installed() ) {
82
- return $this->get_curl_error_message();
83
- }
84
-
85
- $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
- $customerKey = get_option( 'mo2f_customerKey' );
87
- $field_string = array(
88
- 'customerKey' => $customerKey,
89
- 'userKey' => $useremail,
90
- 'sessionUuid' => $sessionUuid
91
- );
92
- $mo2fApi= new Mo2f_Api();
93
- $http_header_array = $mo2fApi->get_http_header_array();
94
-
95
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
- }
97
-
98
- function mo2f_get_app_secret() {
99
-
100
- if ( ! MO2f_Utility::is_curl_installed() ) {
101
- return $this->get_curl_error_message();
102
- }
103
-
104
- $mo2fApi= new Mo2f_Api();
105
-
106
- $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
- $customerKey = get_option( 'mo2f_customerKey' );
108
- $field_string = array(
109
- 'customerId' => $customerKey
110
- );
111
-
112
- $http_header_array = $mo2fApi->get_http_header_array();
113
-
114
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
- }
116
-
117
- function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
-
119
- if ( ! MO2f_Utility::is_curl_installed() ) {
120
- return $this->get_curl_error_message();
121
- }
122
- $mo2fApi= new Mo2f_Api();
123
- $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
- $customerKey = get_option( 'mo2f_customerKey' );
125
- $field_string = array(
126
- 'customerKey' => $customerKey,
127
- 'username' => $useremail,
128
- 'googleAuthenticatorName' => $googleAuthenticatorName
129
- );
130
-
131
- $http_header_array = $mo2fApi->get_http_header_array();
132
-
133
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
- }
135
-
136
- function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
- if(MO2F_IS_ONPREM){
138
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
- $gauth_obj= new Google_auth_onpremise();
140
- $secret = isset($_SESSION['secret_ga'])? $_SESSION['secret_ga'] : $secret;
141
- $content=$gauth_obj->verifyCode($secret , $otptoken );
142
- $value = json_decode($content,true);
143
- if($value['status'] == 'SUCCESS'){
144
- $user = wp_get_current_user();
145
- $user_id = $user->ID;
146
- $gauth_obj->mo_GAuth_set_secret($user_id, $secret);
147
- update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
148
- update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
149
- global $Mo2fdbQueries;//might not need this
150
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
151
- }
152
- }else{
153
- if ( ! MO2f_Utility::is_curl_installed() ) {
154
- return $this->get_curl_error_message();
155
- }
156
-
157
-
158
- $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
159
- $mo2fApi= new Mo2f_Api();
160
-
161
- $customerKey = get_option( 'mo2f_customerKey' );
162
- $field_string = array(
163
- 'customerKey' => $customerKey,
164
- 'username' => $useremail,
165
- 'secret' => $secret,
166
- 'otpToken' => $otptoken
167
- );
168
-
169
- $http_header_array = $mo2fApi->get_http_header_array();
170
- $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
171
- }
172
-
173
- return $content;
174
- }
175
-
176
- }
177
-
178
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Miniorange_Rba_Attributes {
29
+
30
+ private $auth_mode = 2; // miniorange test or not
31
+ private $https_mode = false; // website http or https
32
+
33
+ function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
+ $customerKey = get_option( 'mo2f_customerKey' );
41
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
+ $mo2fApi= new Mo2f_Api();
43
+ $http_header_array = $mo2fApi->get_http_header_array();
44
+
45
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
+ }
47
+
48
+ function get_curl_error_message() {
49
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
50
+ ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
+ mo2f_lt( 'Click here' ) .
52
+ ' </a> ' .
53
+ mo2f_lt( 'for the steps to enable curl.' );
54
+
55
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
+ }
57
+
58
+ function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
+
60
+ if ( ! MO2f_Utility::is_curl_installed() ) {
61
+ return $this->get_curl_error_message();
62
+ }
63
+
64
+ $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
+ $customerKey = get_option( 'mo2f_customerKey' );
66
+ $field_string = array(
67
+ 'customerKey' => $customerKey,
68
+ 'appSecret' => get_option( 'mo2f_app_secret' ),
69
+ 'userKey' => $useremail,
70
+ 'sessionUuid' => $sessionUuid
71
+ );
72
+ $mo2fApi= new Mo2f_Api();
73
+
74
+ $http_header_array = $mo2fApi->get_http_header_array();
75
+
76
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
+ }
78
+
79
+ function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
+
81
+ if ( ! MO2f_Utility::is_curl_installed() ) {
82
+ return $this->get_curl_error_message();
83
+ }
84
+
85
+ $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
+ $customerKey = get_option( 'mo2f_customerKey' );
87
+ $field_string = array(
88
+ 'customerKey' => $customerKey,
89
+ 'userKey' => $useremail,
90
+ 'sessionUuid' => $sessionUuid
91
+ );
92
+ $mo2fApi= new Mo2f_Api();
93
+ $http_header_array = $mo2fApi->get_http_header_array();
94
+
95
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
+ }
97
+
98
+ function mo2f_get_app_secret() {
99
+
100
+ if ( ! MO2f_Utility::is_curl_installed() ) {
101
+ return $this->get_curl_error_message();
102
+ }
103
+
104
+ $mo2fApi= new Mo2f_Api();
105
+
106
+ $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
+ $customerKey = get_option( 'mo2f_customerKey' );
108
+ $field_string = array(
109
+ 'customerId' => $customerKey
110
+ );
111
+
112
+ $http_header_array = $mo2fApi->get_http_header_array();
113
+
114
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
+ }
116
+
117
+ function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
+
119
+ if ( ! MO2f_Utility::is_curl_installed() ) {
120
+ return $this->get_curl_error_message();
121
+ }
122
+ $mo2fApi= new Mo2f_Api();
123
+ $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
+ $customerKey = get_option( 'mo2f_customerKey' );
125
+ $field_string = array(
126
+ 'customerKey' => $customerKey,
127
+ 'username' => $useremail,
128
+ 'googleAuthenticatorName' => $googleAuthenticatorName
129
+ );
130
+
131
+ $http_header_array = $mo2fApi->get_http_header_array();
132
+
133
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
+ }
135
+
136
+ function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
+ if(MO2F_IS_ONPREM){
138
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
+ $gauth_obj= new Google_auth_onpremise();
140
+ $secret = isset($_SESSION['secret_ga'])? $_SESSION['secret_ga'] : $secret;
141
+ $content=$gauth_obj->verifyCode($secret , $otptoken );
142
+ $value = json_decode($content,true);
143
+ if($value['status'] == 'SUCCESS'){
144
+ $user = wp_get_current_user();
145
+ $user_id = $user->ID;
146
+ $gauth_obj->mo_GAuth_set_secret($user_id, $secret);
147
+ update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
148
+ update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
149
+ global $Mo2fdbQueries;//might not need this
150
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
151
+ }
152
+ }else{
153
+ if ( ! MO2f_Utility::is_curl_installed() ) {
154
+ return $this->get_curl_error_message();
155
+ }
156
+
157
+
158
+ $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
159
+ $mo2fApi= new Mo2f_Api();
160
+
161
+ $customerKey = get_option( 'mo2f_customerKey' );
162
+ $field_string = array(
163
+ 'customerKey' => $customerKey,
164
+ 'username' => $useremail,
165
+ 'secret' => $secret,
166
+ 'otpToken' => $otptoken
167
+ );
168
+
169
+ $http_header_array = $mo2fApi->get_http_header_array();
170
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
171
+ }
172
+
173
+ return $content;
174
+ }
175
+
176
+ }
177
+
178
  ?>
api/class-two-factor-setup.php CHANGED
@@ -159,7 +159,7 @@ class Two_Factor_Setup {
159
 
160
  $http_header_array = $mo2fApi->get_http_header_array();
161
 
162
- $response= $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
163
  }
164
  return $response;
165
  }
159
 
160
  $http_header_array = $mo2fApi->get_http_header_array();
161
 
162
+ $response = $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
163
  }
164
  return $response;
165
  }
api/mo2f_api.php CHANGED
@@ -33,6 +33,7 @@ class Mo2f_Api
33
  'body' => $fields,
34
  'timeout' => '5',
35
  'redirection' => '5',
 
36
  'httpversion' => '1.0',
37
  'blocking' => true,
38
  'headers' => $http_header_array
33
  'body' => $fields,
34
  'timeout' => '5',
35
  'redirection' => '5',
36
+ 'sslverify' =>true,
37
  'httpversion' => '1.0',
38
  'blocking' => true,
39
  'headers' => $http_header_array
controllers/account.php CHANGED
@@ -48,7 +48,8 @@
48
  $key = get_option('mo2f_customerKey');
49
  $api = get_option('mo2f_api_key');
50
  $token = get_option('mo2f_customer_token');
51
- $EmailTransactions = get_site_option('cmVtYWluaW5nT1RQ')? get_site_option('cmVtYWluaW5nT1RQ') : 0;
 
52
  $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
53
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'profile.php';
54
  }
@@ -231,7 +232,7 @@
231
  $configured_2FA_method = 'NONE';
232
  }else if ( $mo2f_second_factor != 'NONE' ) {
233
  $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
234
- if ( get_option( 'mo2f_is_NC' ) == 0 ) {
235
  $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
236
  } else {
237
  if ( in_array( $configured_2FA_method, array(
@@ -245,7 +246,7 @@
245
  }
246
 
247
  $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
248
- if ( $configured_2FA_method != 'NONE' && get_option( 'mo2f_is_NC' ) == 0 ) {
249
  $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '. ';
250
  }
251
  $mo2f_message .= '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
@@ -256,7 +257,7 @@
256
  if ( ! empty( $mo2f_customer_selected_plan ) ) {
257
  delete_option( 'mo2f_customer_selected_plan' );
258
 
259
- if (get_option('mo2f_planname') == 'addon_plan')
260
  {
261
  ?><script>window.location.href="admin.php?page=mo_2fa_addons";</script><?php
262
  }
48
  $key = get_option('mo2f_customerKey');
49
  $api = get_option('mo2f_api_key');
50
  $token = get_option('mo2f_customer_token');
51
+ $EmailTransactions = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
52
+ $EmailTransactions = $EmailTransactions? $EmailTransactions : 0;
53
  $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
54
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'profile.php';
55
  }
232
  $configured_2FA_method = 'NONE';
233
  }else if ( $mo2f_second_factor != 'NONE' ) {
234
  $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
235
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
236
  $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
237
  } else {
238
  if ( in_array( $configured_2FA_method, array(
246
  }
247
 
248
  $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
249
+ if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
250
  $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '. ';
251
  }
252
  $mo2f_message .= '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
257
  if ( ! empty( $mo2f_customer_selected_plan ) ) {
258
  delete_option( 'mo2f_customer_selected_plan' );
259
 
260
+ if (MoWpnsUtility::get_mo2f_db_option('mo2f_planname', 'get_option') == 'addon_plan')
261
  {
262
  ?><script>window.location.href="admin.php?page=mo_2fa_addons";</script><?php
263
  }
controllers/addons.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'addons.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'addons.php';
controllers/backup/backup_ajax.php CHANGED
@@ -1,157 +1,157 @@
1
- <?php
2
- class Mo_wpns_file_db_backup{
3
-
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_file_db_backup_functions' ) );
6
- }
7
-
8
- public function mo_wpns_file_db_backup_functions(){
9
- add_action('wp_ajax_mo_wpns_backup_redirect', array( $this, 'mo_wpns_backup_redirect' ));
10
- }
11
-
12
- public function mo_wpns_backup_redirect(){
13
-
14
- switch($_POST['call_type'])
15
- {
16
- case "submit_backup_settings_form":
17
- $this->mo_wpns_save_backup_config_form($_POST);
18
- break;
19
- case "submit_schedule_settings_form":
20
- $this->mo_wpns_save_schedule_backup_config_form($_POST);
21
- break;
22
- case "delete_backup":
23
- $this->delete_backup($_POST);
24
- break;
25
- }
26
- }
27
-
28
- public function mo_wpns_save_backup_config_form($postData){
29
- $nonce = $postData['nonce'];
30
- if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
- wp_send_json('ERROR');
32
- }
33
-
34
- if(! isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database'])){
35
- wp_send_json('folder_error');
36
- }
37
-
38
- isset($postData['backup_plugin']) ? update_site_option( 'mo_file_manual_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_manual_backup_plugins', 0);
39
-
40
- isset($postData['backup_themes']) ? update_site_option( 'mo_file_manual_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_manual_backup_themes', 0);
41
-
42
- isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_manual_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_manual_backup_wp_files', 0);
43
-
44
- isset($postData['database']) ? update_site_option( 'mo_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_database_backup', 0);
45
-
46
- if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
47
- $handler_obj = new MoBackupSite();
48
- update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
49
- $handler_obj->file_manual_backup();
50
- }
51
- if(isset($postData['database'])) {
52
- $handler_obj = new MoBackupSite();
53
- update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
54
- $handler_obj->backupDB();
55
- }
56
- wp_send_json('created_backup');
57
- }
58
-
59
- function mo_wpns_save_schedule_backup_config_form($postData){
60
- $nonce = $postData['nonce'];
61
- if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
- wp_send_json('ERROR');
63
-
64
- }
65
-
66
- $handler_obj = new MoBackupSite;
67
- if(!isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database']))
68
- {
69
- wp_send_json('folder_error');
70
-
71
- }
72
-
73
- isset($postData['backup_plugin']) ? update_site_option( 'mo_file_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_backup_plugins', 0);
74
-
75
- isset($postData['backup_themes']) ? update_site_option( 'mo_file_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_backup_themes', 0);
76
-
77
- isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_backup_wp_files', 0);
78
-
79
- isset($postData['database']) ? update_site_option( 'mo_schedule_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_schedule_database_backup', 0);
80
-
81
- if($postData['backup_time']==='12'||$postData['backup_time']==='24'||$postData['backup_time']==='168'||$postData['backup_time']==='360'||$postData['backup_time']==='720')
82
- {
83
- isset($postData['backup_time']) ? update_site_option( 'mo_wpns_backup_time', sanitize_text_field($postData['backup_time'])) : update_site_option( 'mo_wpns_backup_time', 0);
84
- }else{
85
- wp_send_json('invalid_hours');
86
-
87
- }
88
-
89
- isset($postData['enable_backup_schedule']) ? update_site_option( 'enable_backup_schedule', sanitize_text_field($postData['enable_backup_schedule'])) : update_site_option( 'enable_backup_schedule', 0);
90
-
91
- isset($postData['local_storage']) ? update_site_option( 'storage_type', sanitize_text_field($postData['local_storage'])) : update_site_option( 'storage_type', 0);
92
-
93
- if(get_site_option('enable_backup_schedule') === '1'){
94
-
95
- if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
96
- $handler_obj-> file_backup_deactivate();
97
- if (!wp_next_scheduled( 'mo_eb_file_cron_hook')) {
98
- wp_schedule_event( time(), 'file_eb_backup_time', 'mo_eb_file_cron_hook' );
99
- }
100
- update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
101
- update_site_option('scheduled_file_backup',1);
102
- }
103
- else
104
- $handler_obj-> file_backup_deactivate();
105
-
106
- if(get_site_option('mo_schedule_database_backup') === '1'){
107
- $handler_obj->bl_deactivate();
108
- if ( ! wp_next_scheduled( 'mo_eb_bl_cron_hook' ) ) {
109
- wp_schedule_event( time(), 'db_eb_backup_time', 'mo_eb_bl_cron_hook' );
110
- }
111
- update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
112
- update_site_option('scheduled_db_backup',1);
113
- }
114
- else
115
- $handler_obj->bl_deactivate();
116
-
117
- wp_send_json('success');
118
-
119
- }else{
120
- $handler_obj-> file_backup_deactivate();
121
- $handler_obj->bl_deactivate();
122
- update_site_option('scheduled_db_backup',0);
123
- update_site_option('scheduled_file_backup',0);
124
- wp_send_json('disable');
125
-
126
- }
127
- }
128
-
129
-
130
-
131
- function delete_backup($postData){
132
-
133
- $nonce = $postData['nonce'];
134
- if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
- wp_send_json('ERROR');
136
-
137
- }
138
-
139
- if(current_user_can('administrator')){
140
- global $wpnsDbQueries;
141
- $id = $postData['id'];
142
- $row_exist = (int)$wpnsDbQueries->row_exist($id);
143
- $status = file_exists($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
144
- if($status){
145
- unlink($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
146
- if($row_exist)
147
- $wpnsDbQueries->delete_file($id);
148
- wp_send_json('success');
149
-
150
- }else{
151
- $wpnsDbQueries->delete_file($id);
152
- wp_send_json('notexist');
153
- }
154
- }
155
- }
156
- }new Mo_wpns_file_db_backup();
157
  ?>
1
+ <?php
2
+ class Mo_wpns_file_db_backup{
3
+
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_file_db_backup_functions' ) );
6
+ }
7
+
8
+ public function mo_wpns_file_db_backup_functions(){
9
+ add_action('wp_ajax_mo_wpns_backup_redirect', array( $this, 'mo_wpns_backup_redirect' ));
10
+ }
11
+
12
+ public function mo_wpns_backup_redirect(){
13
+
14
+ switch($_POST['call_type'])
15
+ {
16
+ case "submit_backup_settings_form":
17
+ $this->mo_wpns_save_backup_config_form($_POST);
18
+ break;
19
+ case "submit_schedule_settings_form":
20
+ $this->mo_wpns_save_schedule_backup_config_form($_POST);
21
+ break;
22
+ case "delete_backup":
23
+ $this->delete_backup($_POST);
24
+ break;
25
+ }
26
+ }
27
+
28
+ public function mo_wpns_save_backup_config_form($postData){
29
+ $nonce = $postData['nonce'];
30
+ if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
+ wp_send_json('ERROR');
32
+ }
33
+
34
+ if(! isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database'])){
35
+ wp_send_json('folder_error');
36
+ }
37
+
38
+ isset($postData['backup_plugin']) ? update_site_option( 'mo_file_manual_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_manual_backup_plugins', 0);
39
+
40
+ isset($postData['backup_themes']) ? update_site_option( 'mo_file_manual_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_manual_backup_themes', 0);
41
+
42
+ isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_manual_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_manual_backup_wp_files', 0);
43
+
44
+ isset($postData['database']) ? update_site_option( 'mo_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_database_backup', 0);
45
+
46
+ if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
47
+ $handler_obj = new MoBackupSite();
48
+ update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
49
+ $handler_obj->file_manual_backup();
50
+ }
51
+ if(isset($postData['database'])) {
52
+ $handler_obj = new MoBackupSite();
53
+ update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
54
+ $handler_obj->backupDB();
55
+ }
56
+ wp_send_json('created_backup');
57
+ }
58
+
59
+ function mo_wpns_save_schedule_backup_config_form($postData){
60
+ $nonce = $postData['nonce'];
61
+ if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
+ wp_send_json('ERROR');
63
+
64
+ }
65
+
66
+ $handler_obj = new MoBackupSite;
67
+ if(!isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database']))
68
+ {
69
+ wp_send_json('folder_error');
70
+
71
+ }
72
+
73
+ isset($postData['backup_plugin']) ? update_site_option( 'mo_file_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_backup_plugins', 0);
74
+
75
+ isset($postData['backup_themes']) ? update_site_option( 'mo_file_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_backup_themes', 0);
76
+
77
+ isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_backup_wp_files', 0);
78
+
79
+ isset($postData['database']) ? update_site_option( 'mo_schedule_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_schedule_database_backup', 0);
80
+
81
+ if($postData['backup_time']==='12'||$postData['backup_time']==='24'||$postData['backup_time']==='168'||$postData['backup_time']==='360'||$postData['backup_time']==='720')
82
+ {
83
+ isset($postData['backup_time']) ? update_site_option( 'mo_wpns_backup_time', sanitize_text_field($postData['backup_time'])) : update_site_option( 'mo_wpns_backup_time', 0);
84
+ }else{
85
+ wp_send_json('invalid_hours');
86
+
87
+ }
88
+
89
+ isset($postData['enable_backup_schedule']) ? update_site_option( 'enable_backup_schedule', sanitize_text_field($postData['enable_backup_schedule'])) : update_site_option( 'enable_backup_schedule', 0);
90
+
91
+ isset($postData['local_storage']) ? update_site_option( 'storage_type', sanitize_text_field($postData['local_storage'])) : update_site_option( 'storage_type', 0);
92
+
93
+ if(get_site_option('enable_backup_schedule') === '1'){
94
+
95
+ if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
96
+ $handler_obj-> file_backup_deactivate();
97
+ if (!wp_next_scheduled( 'mo_eb_file_cron_hook')) {
98
+ wp_schedule_event( time(), 'file_eb_backup_time', 'mo_eb_file_cron_hook' );
99
+ }
100
+ update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
101
+ update_site_option('scheduled_file_backup',1);
102
+ }
103
+ else
104
+ $handler_obj-> file_backup_deactivate();
105
+
106
+ if(MoWpnsUtility::get_mo2f_db_option('mo_schedule_database_backup', 'site_option') === '1'){
107
+ $handler_obj->bl_deactivate();
108
+ if ( ! wp_next_scheduled( 'mo_eb_bl_cron_hook' ) ) {
109
+ wp_schedule_event( time(), 'db_eb_backup_time', 'mo_eb_bl_cron_hook' );
110
+ }
111
+ update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
112
+ update_site_option('scheduled_db_backup',1);
113
+ }
114
+ else
115
+ $handler_obj->bl_deactivate();
116
+
117
+ wp_send_json('success');
118
+
119
+ }else{
120
+ $handler_obj-> file_backup_deactivate();
121
+ $handler_obj->bl_deactivate();
122
+ update_site_option('scheduled_db_backup',0);
123
+ update_site_option('scheduled_file_backup',0);
124
+ wp_send_json('disable');
125
+
126
+ }
127
+ }
128
+
129
+
130
+
131
+ function delete_backup($postData){
132
+
133
+ $nonce = $postData['nonce'];
134
+ if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
+ wp_send_json('ERROR');
136
+
137
+ }
138
+
139
+ if(current_user_can('administrator')){
140
+ global $wpnsDbQueries;
141
+ $id = $postData['id'];
142
+ $row_exist = (int)$wpnsDbQueries->row_exist($id);
143
+ $status = file_exists($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
144
+ if($status){
145
+ unlink($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
146
+ if($row_exist)
147
+ $wpnsDbQueries->delete_file($id);
148
+ wp_send_json('success');
149
+
150
+ }else{
151
+ $wpnsDbQueries->delete_file($id);
152
+ wp_send_json('notexist');
153
+ }
154
+ }
155
+ }
156
+ }new Mo_wpns_file_db_backup();
157
  ?>
controllers/backup/backup_created_result.php CHANGED
@@ -1,14 +1,14 @@
1
- <?php
2
- function showBackupResults(){
3
- global $wpnsDbQueries;
4
- $array = $wpnsDbQueries->get_table_content();
5
- $array_size = sizeof($array);
6
- for($i=0; $i<(int)$array_size; $i++){
7
- $backup_file_path = $array[$i]->plugin_path.DIRECTORY_SEPARATOR.$array[$i]->file_name;
8
- if(file_exists($backup_file_path))
9
- show_backup_report($array[$i]->plugin_path, $array[$i]->file_name, $array[$i]->created_timestamp,$array[$i]->id);
10
- else
11
- $wpnsDbQueries->delete_file($array[$i]->id);
12
- }
13
- }
14
  ?>
1
+ <?php
2
+ function showBackupResults(){
3
+ global $wpnsDbQueries;
4
+ $array = $wpnsDbQueries->get_table_content();
5
+ $array_size = sizeof($array);
6
+ for($i=0; $i<(int)$array_size; $i++){
7
+ $backup_file_path = $array[$i]->plugin_path.DIRECTORY_SEPARATOR.$array[$i]->file_name;
8
+ if(file_exists($backup_file_path))
9
+ show_backup_report($array[$i]->plugin_path, $array[$i]->file_name, $array[$i]->created_timestamp,$array[$i]->id);
10
+ else
11
+ $wpnsDbQueries->delete_file($array[$i]->id);
12
+ }
13
+ }
14
  ?>
controllers/backup/backup_schdule.php CHANGED
@@ -1,22 +1,22 @@
1
- <?php
2
-
3
- $file_backup_time =get_site_option('file_backup_created_time');
4
- $db_eb_backup_time = get_site_option('db_backup_created_time');
5
- $file_schedule_status = get_site_option('scheduled_file_backup');
6
- $db_backup_status = get_site_option('scheduled_db_backup');
7
- $next_file_backup_hours = get_site_option('mo_wpns_backup_time');
8
- $next_db_backup_hours = get_site_option('mo_wpns_backup_time');
9
- $img_loader_url = plugins_url('backup-wordpress'.DIRECTORY_SEPARATOR .'includes'.DIRECTORY_SEPARATOR .'images'.DIRECTORY_SEPARATOR .'loader.gif');
10
- $page_url = "";
11
- $file_next_backup_timestamp = wp_next_scheduled( 'mo_eb_file_cron_hook' );
12
- $db_next_backup_timestamp = wp_next_scheduled( 'mo_eb_bl_cron_hook' );
13
-
14
- $file_date = date('d-m-Y', $file_next_backup_timestamp);
15
- $file_time = date('H:i', $file_next_backup_timestamp);
16
- $file_day = date('l',$file_next_backup_timestamp);
17
-
18
- $db_date = date('d-m-Y', $db_next_backup_timestamp);
19
- $db_time = date('H:i', $db_next_backup_timestamp);
20
- $db_day = date('l',$db_next_backup_timestamp);
21
-
22
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_schdule.php';
1
+ <?php
2
+
3
+ $file_backup_time = MoWpnsUtility::get_mo2f_db_option('file_backup_created_time', 'site_option');
4
+ $db_eb_backup_time = MoWpnsUtility::get_mo2f_db_option('db_backup_created_time', 'site_option');
5
+ $file_schedule_status = MoWpnsUtility::get_mo2f_db_option('scheduled_file_backup', 'site_option');
6
+ $db_backup_status = MoWpnsUtility::get_mo2f_db_option('scheduled_db_backup', 'site_option');
7
+ $next_file_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option');
8
+ $next_db_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option');
9
+ $img_loader_url = plugins_url('backup-wordpress'.DIRECTORY_SEPARATOR .'includes'.DIRECTORY_SEPARATOR .'images'.DIRECTORY_SEPARATOR .'loader.gif');
10
+ $page_url = "";
11
+ $file_next_backup_timestamp = wp_next_scheduled( 'mo_eb_file_cron_hook' );
12
+ $db_next_backup_timestamp = wp_next_scheduled( 'mo_eb_bl_cron_hook' );
13
+
14
+ $file_date = date('d-m-Y', $file_next_backup_timestamp);
15
+ $file_time = date('H:i', $file_next_backup_timestamp);
16
+ $file_day = date('l',$file_next_backup_timestamp);
17
+
18
+ $db_date = date('d-m-Y', $db_next_backup_timestamp);
19
+ $db_time = date('H:i', $db_next_backup_timestamp);
20
+ $db_day = date('l',$db_next_backup_timestamp);
21
+
22
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_schdule.php';
controllers/content-protection.php CHANGED
@@ -1,94 +1,94 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_wpns_content_protection":
9
- wpns_handle_content_protection($_POST); break;
10
- case "mo_wpns_enable_comment_spam_blocking":
11
- wpns_handle_comment_spam_blocking($_POST); break;
12
- case "mo_wpns_enable_comment_recaptcha":
13
- wpns_handle_comment_recaptcha($_POST); break;
14
- case "mo_wpns_comment_recaptcha_settings":
15
- wpns_save_comment_recaptcha($_POST); break;
16
- }
17
- }
18
-
19
-
20
- $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
- $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
- $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
- $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
- $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
- $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
- $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
- $test_recaptcha_url = "";
28
- $wp_config = site_url().'/wp-config.php';
29
- $wp_uploads = get_site_url().'/wp-content/uploads';
30
- $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
31
- $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
32
- $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
33
- if($enable_recaptcha)
34
- {
35
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
36
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
37
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
38
- }
39
-
40
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
41
-
42
- /* CONTENT PROTECTION FUNCTIONS */
43
-
44
- //Function to save content protection settings
45
- function wpns_handle_content_protection()
46
- {
47
- isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , $_POST['protect_wp_config']) : update_option('mo2f_protect_wp_config' ,0);
48
- isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', $_POST['prevent_directory_browsing']): update_option('mo2f_prevent_directory_browsing',0);
49
- isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , $_POST['disable_file_editing']) : update_option('mo2f_disable_file_editing' ,0);
50
- isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , $_POST['mo2f_htaccess_file']) : update_option('mo2f_htaccess_file',0);
51
- if(isset($_POST['restrictAPI'])){
52
- update_site_option('mo2f_restrict_restAPI', 1);
53
- }
54
- else{
55
- update_site_option('mo2f_restrict_restAPI',0);
56
- }
57
-
58
-
59
-
60
-
61
- $mo_wpns_htaccess_handler = new MoWpnsHandler();
62
- $mo_wpns_htaccess_handler->update_htaccess_configuration();
63
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
64
- }
65
-
66
-
67
- //Function to handle comment spam blocking
68
- function wpns_handle_comment_spam_blocking($postvalue)
69
- {
70
- $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
71
- update_option('mo_wpns_enable_comment_spam_blocking', $enable);
72
- if($enable)
73
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
74
- else
75
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
76
- }
77
-
78
-
79
- //Function to handle reCAPTCHA for comments
80
- function wpns_handle_comment_recaptcha($postvalue)
81
- {
82
- $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
83
- update_option('mo_wpns_enable_comment_recaptcha', $enable);
84
- if($enable)
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
86
- else
87
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
88
- }
89
-
90
- function wpns_save_comment_recaptcha($postvalue){
91
- update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
92
- update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
93
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
94
  }
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_wpns_content_protection":
9
+ wpns_handle_content_protection($_POST); break;
10
+ case "mo_wpns_enable_comment_spam_blocking":
11
+ wpns_handle_comment_spam_blocking($_POST); break;
12
+ case "mo_wpns_enable_comment_recaptcha":
13
+ wpns_handle_comment_recaptcha($_POST); break;
14
+ case "mo_wpns_comment_recaptcha_settings":
15
+ wpns_save_comment_recaptcha($_POST); break;
16
+ }
17
+ }
18
+
19
+
20
+ $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
+ $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
+ $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
+ $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
+ $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
+ $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
+ $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
+ $test_recaptcha_url = "";
28
+ $wp_config = site_url().'/wp-config.php';
29
+ $wp_uploads = get_site_url().'/wp-content/uploads';
30
+ $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
31
+ $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
32
+ $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
33
+ if($enable_recaptcha)
34
+ {
35
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
36
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
37
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
38
+ }
39
+
40
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
41
+
42
+ /* CONTENT PROTECTION FUNCTIONS */
43
+
44
+ //Function to save content protection settings
45
+ function wpns_handle_content_protection()
46
+ {
47
+ isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , $_POST['protect_wp_config']) : update_option('mo2f_protect_wp_config' ,0);
48
+ isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', $_POST['prevent_directory_browsing']): update_option('mo2f_prevent_directory_browsing',0);
49
+ isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , $_POST['disable_file_editing']) : update_option('mo2f_disable_file_editing' ,0);
50
+ isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , $_POST['mo2f_htaccess_file']) : update_option('mo2f_htaccess_file',0);
51
+ if(isset($_POST['restrictAPI'])){
52
+ update_site_option('mo2f_restrict_restAPI', 1);
53
+ }
54
+ else{
55
+ update_site_option('mo2f_restrict_restAPI',0);
56
+ }
57
+
58
+
59
+
60
+
61
+ $mo_wpns_htaccess_handler = new MoWpnsHandler();
62
+ $mo_wpns_htaccess_handler->update_htaccess_configuration();
63
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
64
+ }
65
+
66
+
67
+ //Function to handle comment spam blocking
68
+ function wpns_handle_comment_spam_blocking($postvalue)
69
+ {
70
+ $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
71
+ update_option('mo_wpns_enable_comment_spam_blocking', $enable);
72
+ if($enable)
73
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
74
+ else
75
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
76
+ }
77
+
78
+
79
+ //Function to handle reCAPTCHA for comments
80
+ function wpns_handle_comment_recaptcha($postvalue)
81
+ {
82
+ $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
83
+ update_option('mo_wpns_enable_comment_recaptcha', $enable);
84
+ if($enable)
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
86
+ else
87
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
88
+ }
89
+
90
+ function wpns_save_comment_recaptcha($postvalue){
91
+ update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
92
+ update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
93
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
94
  }
controllers/dashboard_ajax.php CHANGED
@@ -1,211 +1,211 @@
1
- <?php
2
- class Mo2f_ajax_dashboard
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
- }
7
-
8
- public function mo2f_switch_functions(){
9
- if(isset($_POST) && isset($_POST['option'])){
10
- $tab_count= get_site_option('mo2f_tab_count', 0);
11
- if($tab_count == 5)
12
- update_site_option('mo_2f_switch_all', 1);
13
- else if($tab_count == 0)
14
- update_site_option('mo_2f_switch_all', 0);
15
- $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
- switch($_POST['option'])
17
- {
18
- case "tab_all_switch":
19
- $this->mo2f_handle_all_enable($santizied_post);
20
- break;
21
- case "tab_2fa_switch":
22
- $this->mo2f_handle_2fa_enable($santizied_post);
23
- break;
24
- case "tab_waf_switch":
25
- $this->mo2f_handle_waf_enable($santizied_post);
26
- break;
27
- case "tab_login_switch":
28
- $this->mo2f_handle_login_enable($santizied_post);
29
- break;
30
- case "tab_backup_switch":
31
- $this->mo2f_handle_backup_enable($santizied_post);
32
- break;
33
- case "tab_malware_switch":
34
- $this->mo2f_handle_malware_enable($santizied_post);
35
- break;
36
- case "tab_block_switch":
37
- $this->mo2f_handle_block_enable($santizied_post);
38
- break;
39
-
40
- }
41
- }
42
- }
43
-
44
- public function mo2f_handle_all_enable($POSTED){
45
- $this->mo2f_handle_waf_enable($POSTED);
46
- $this->mo2f_handle_login_enable($POSTED);
47
- $this->mo2f_handle_backup_enable($POSTED);
48
- $this->mo2f_handle_malware_enable($POSTED);
49
- $this->mo2f_handle_block_enable($POSTED);
50
- if($POSTED){
51
- update_option('mo_2f_switch_all',1);
52
- update_site_option('mo2f_tab_count', 5);
53
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
- }
55
- else{
56
- update_option('mo_2f_switch_all', 0);
57
- update_site_option('mo2f_tab_count', 0);
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
- }
60
- }
61
-
62
- public function mo2f_handle_2fa_enable($POSTED){
63
- global $Mo2fdbQueries;
64
- $user= wp_get_current_user();
65
- $user_id= $user->user_ID;
66
- if($POSTED){
67
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
- if($_POST['tab_2fa_switch'])
69
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
- }
71
- else{
72
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
- if($_POST['tab_2fa_switch'])
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
- }
76
- }
77
-
78
- public function mo2f_handle_waf_enable($POSTED){
79
- if($POSTED){
80
- update_site_option('mo_2f_switch_waf', 1);
81
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
- if (isset($_POST['option'] ))
83
- {
84
- if($_POST['option'] == 'tab_waf_switch')
85
- {
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
- }
88
- }
89
- }
90
- else{
91
- update_site_option('mo_2f_switch_waf', 0);
92
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
- update_site_option('WAFEnabled', 0);
94
- update_site_option('WAF','wafDisable');
95
- update_site_option('Rate_limiting', 0);
96
- $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
- $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
- $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
- $filePath = str_replace('\\', '/', $filePath);
100
- $file = file_get_contents($dir_name1);
101
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
- $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
- $cont .= '# END miniOrange WAF'.PHP_EOL;
104
- $file =str_replace($cont,'',$file);
105
- file_put_contents($dir_name1, $file);
106
- if($_POST['option'] == 'tab_waf_switch')
107
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
- }
109
- }
110
-
111
- public function mo2f_handle_login_enable($POSTED){
112
- if($POSTED){
113
- update_site_option('mo_2f_switch_loginspam', 1);
114
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
- if (isset($_POST['option'] ))
116
- {
117
- if($_POST['option'] == 'tab_login_switch')
118
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
- }
120
- }
121
- else{
122
- update_site_option('mo_2f_switch_loginspam', 0);
123
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
- update_site_option('mo2f_enable_brute_force', false);
125
- update_site_option('mo_wpns_activate_recaptcha', false);
126
- update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
- update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
- update_site_option('mo2f_enforce_strong_passswords', 0);
131
- update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
- update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
- update_site_option('mo_wpns_enable_social_integration', false);
134
- update_site_option('mo2f_protect_wp_config', 0);
135
- update_site_option('mo2f_prevent_directory_browsing', 0);
136
- update_site_option('mo2f_disable_file_editing', 0);
137
- update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
- update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
- update_site_option('mo2f_htaccess_file', 0);
140
- if($_POST['option'] == 'tab_login_switch')
141
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
- }
143
- }
144
-
145
- public function mo2f_handle_backup_enable($POSTED){
146
- if($POSTED){
147
- update_site_option('mo_2f_switch_backup', 1);
148
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
- if (isset($_POST['option'] ))
150
- {
151
- if($_POST['option'] == 'tab_backup_switch')
152
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
- }
154
- }
155
- else{
156
- update_site_option('mo_2f_switch_backup', 0);
157
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
- $handler_obj = new MoBackupSite;
159
- $handler_obj->bl_deactivate();
160
- update_site_option('mo2f_enable_cron_backup', 0);
161
- $handler_obj->file_backup_deactivate();
162
- update_site_option('mo2f_enable_cron_file_backup', 0);
163
- if($_POST['option'] == 'tab_backup_switch')
164
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
- }
166
- }
167
-
168
- public function mo2f_handle_malware_enable($POSTED){
169
- if($POSTED){
170
- update_site_option('mo_2f_switch_malware', 1);
171
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
- if (isset($_POST['option'] ))
173
- {
174
- if($_POST['option'] == 'tab_malware_switch')
175
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
- }
177
- }else{
178
- update_site_option('mo_2f_switch_malware', 0);
179
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
- if($_POST['option'] == 'tab_malware_switch')
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
- }
183
- }
184
-
185
- public function mo2f_handle_block_enable($POSTED){
186
- if($POSTED){
187
- update_site_option('mo_2f_switch_adv_block', 1);
188
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
- if (isset($_POST['option'] ))
190
- {
191
- if($_POST['option'] == 'tab_block_switch')
192
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
- }
194
- }
195
- else{
196
- update_site_option('mo_2f_switch_adv_block', 0);
197
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
- update_site_option('mo_wpns_iprange_count', 0);
199
- update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
- update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
- update_site_option('mo_wpns_referrers', false);
202
- update_site_option('mo_wpns_countrycodes', false);
203
- if($_POST['option'] == 'tab_block_switch')
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
- }
206
- }
207
-
208
-
209
- }
210
- new Mo2f_ajax_dashboard();
211
  ?>
1
+ <?php
2
+ class Mo2f_ajax_dashboard
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
+ }
7
+
8
+ public function mo2f_switch_functions(){
9
+ if(isset($_POST) && isset($_POST['option'])){
10
+ $tab_count= get_site_option('mo2f_tab_count', 0);
11
+ if($tab_count == 5)
12
+ update_site_option('mo_2f_switch_all', 1);
13
+ else if($tab_count == 0)
14
+ update_site_option('mo_2f_switch_all', 0);
15
+ $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
+ switch($_POST['option'])
17
+ {
18
+ case "tab_all_switch":
19
+ $this->mo2f_handle_all_enable($santizied_post);
20
+ break;
21
+ case "tab_2fa_switch":
22
+ $this->mo2f_handle_2fa_enable($santizied_post);
23
+ break;
24
+ case "tab_waf_switch":
25
+ $this->mo2f_handle_waf_enable($santizied_post);
26
+ break;
27
+ case "tab_login_switch":
28
+ $this->mo2f_handle_login_enable($santizied_post);
29
+ break;
30
+ case "tab_backup_switch":
31
+ $this->mo2f_handle_backup_enable($santizied_post);
32
+ break;
33
+ case "tab_malware_switch":
34
+ $this->mo2f_handle_malware_enable($santizied_post);
35
+ break;
36
+ case "tab_block_switch":
37
+ $this->mo2f_handle_block_enable($santizied_post);
38
+ break;
39
+
40
+ }
41
+ }
42
+ }
43
+
44
+ public function mo2f_handle_all_enable($POSTED){
45
+ $this->mo2f_handle_waf_enable($POSTED);
46
+ $this->mo2f_handle_login_enable($POSTED);
47
+ $this->mo2f_handle_backup_enable($POSTED);
48
+ $this->mo2f_handle_malware_enable($POSTED);
49
+ $this->mo2f_handle_block_enable($POSTED);
50
+ if($POSTED){
51
+ update_option('mo_2f_switch_all',1);
52
+ update_site_option('mo2f_tab_count', 5);
53
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
+ }
55
+ else{
56
+ update_option('mo_2f_switch_all', 0);
57
+ update_site_option('mo2f_tab_count', 0);
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
+ }
60
+ }
61
+
62
+ public function mo2f_handle_2fa_enable($POSTED){
63
+ global $Mo2fdbQueries;
64
+ $user= wp_get_current_user();
65
+ $user_id= $user->user_ID;
66
+ if($POSTED){
67
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
+ if($_POST['tab_2fa_switch'])
69
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
+ }
71
+ else{
72
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
+ if($_POST['tab_2fa_switch'])
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
+ }
76
+ }
77
+
78
+ public function mo2f_handle_waf_enable($POSTED){
79
+ if($POSTED){
80
+ update_site_option('mo_2f_switch_waf', 1);
81
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
+ if (isset($_POST['option'] ))
83
+ {
84
+ if($_POST['option'] == 'tab_waf_switch')
85
+ {
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
+ }
88
+ }
89
+ }
90
+ else{
91
+ update_site_option('mo_2f_switch_waf', 0);
92
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
+ update_site_option('WAFEnabled', 0);
94
+ update_site_option('WAF','wafDisable');
95
+ update_site_option('Rate_limiting', 0);
96
+ $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
+ $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
+ $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
+ $filePath = str_replace('\\', '/', $filePath);
100
+ $file = file_get_contents($dir_name1);
101
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
+ $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
104
+ $file =str_replace($cont,'',$file);
105
+ file_put_contents($dir_name1, $file);
106
+ if($_POST['option'] == 'tab_waf_switch')
107
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
+ }
109
+ }
110
+
111
+ public function mo2f_handle_login_enable($POSTED){
112
+ if($POSTED){
113
+ update_site_option('mo_2f_switch_loginspam', 1);
114
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
+ if (isset($_POST['option'] ))
116
+ {
117
+ if($_POST['option'] == 'tab_login_switch')
118
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
+ }
120
+ }
121
+ else{
122
+ update_site_option('mo_2f_switch_loginspam', 0);
123
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
+ update_site_option('mo2f_enable_brute_force', false);
125
+ update_site_option('mo_wpns_activate_recaptcha', false);
126
+ update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
+ update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
+ update_site_option('mo2f_enforce_strong_passswords', 0);
131
+ update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
+ update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
+ update_site_option('mo_wpns_enable_social_integration', false);
134
+ update_site_option('mo2f_protect_wp_config', 0);
135
+ update_site_option('mo2f_prevent_directory_browsing', 0);
136
+ update_site_option('mo2f_disable_file_editing', 0);
137
+ update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
+ update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
+ update_site_option('mo2f_htaccess_file', 0);
140
+ if($_POST['option'] == 'tab_login_switch')
141
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
+ }
143
+ }
144
+
145
+ public function mo2f_handle_backup_enable($POSTED){
146
+ if($POSTED){
147
+ update_site_option('mo_2f_switch_backup', 1);
148
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
+ if (isset($_POST['option'] ))
150
+ {
151
+ if($_POST['option'] == 'tab_backup_switch')
152
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
+ }
154
+ }
155
+ else{
156
+ update_site_option('mo_2f_switch_backup', 0);
157
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
+ $handler_obj = new MoBackupSite;
159
+ $handler_obj->bl_deactivate();
160
+ update_site_option('mo2f_enable_cron_backup', 0);
161
+ $handler_obj->file_backup_deactivate();
162
+ update_site_option('mo2f_enable_cron_file_backup', 0);
163
+ if($_POST['option'] == 'tab_backup_switch')
164
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
+ }
166
+ }
167
+
168
+ public function mo2f_handle_malware_enable($POSTED){
169
+ if($POSTED){
170
+ update_site_option('mo_2f_switch_malware', 1);
171
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
+ if (isset($_POST['option'] ))
173
+ {
174
+ if($_POST['option'] == 'tab_malware_switch')
175
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
+ }
177
+ }else{
178
+ update_site_option('mo_2f_switch_malware', 0);
179
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
+ if($_POST['option'] == 'tab_malware_switch')
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
+ }
183
+ }
184
+
185
+ public function mo2f_handle_block_enable($POSTED){
186
+ if($POSTED){
187
+ update_site_option('mo_2f_switch_adv_block', 1);
188
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
+ if (isset($_POST['option'] ))
190
+ {
191
+ if($_POST['option'] == 'tab_block_switch')
192
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
+ }
194
+ }
195
+ else{
196
+ update_site_option('mo_2f_switch_adv_block', 0);
197
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
+ update_site_option('mo_wpns_iprange_count', 0);
199
+ update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
+ update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
+ update_site_option('mo_wpns_referrers', false);
202
+ update_site_option('mo_wpns_countrycodes', false);
203
+ if($_POST['option'] == 'tab_block_switch')
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
+ }
206
+ }
207
+
208
+
209
+ }
210
+ new Mo2f_ajax_dashboard();
211
  ?>
controllers/ip-blocking.php CHANGED
@@ -1,257 +1,257 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- $mo_wpns_handler = new MoWpnsHandler();
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch($_POST['option'])
9
- {
10
- case "mo_wpns_manual_block_ip":
11
- wpns_handle_manual_block_ip($_POST['IP']); break;
12
- case "mo_wpns_unblock_ip":
13
- wpns_handle_unblock_ip($_POST['id']); break;
14
- case "mo_wpns_whitelist_ip":
15
- wpns_handle_whitelist_ip($_POST['IP']); break;
16
- case "mo_wpns_remove_whitelist":
17
- wpns_handle_remove_whitelist($_POST['id'] ); break;
18
- }
19
- }
20
-
21
- $blockedips = $mo_wpns_handler->get_blocked_ips();
22
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
- $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
- $path = explode('plugins', $path);
25
- $img_loader_url = plugins_url().$path[1];
26
-
27
- $page_url = "";
28
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
-
30
-
31
- /** IP BLOCKING RELATED FUNCTIONS **/
32
-
33
- // Function to handle Manual Block IP form submit
34
- function wpns_handle_manual_block_ip($ip)
35
- {
36
-
37
- global $moWpnsUtility;
38
-
39
- if( $moWpnsUtility->check_empty_or_null( $ip) )
40
- {
41
- //Improper message
42
- echo("empty IP");
43
- exit;
44
- }
45
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
- {
47
- echo("INVALID_IP_FORMAT");
48
- exit;
49
- }
50
- else
51
- {
52
- $ipAddress = sanitize_text_field( $ip );
53
- $mo_wpns_config = new MoWpnsHandler();
54
- $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
- if(!$isWhitelisted)
56
- {
57
- if($mo_wpns_config->is_ip_blocked($ipAddress)){
58
- //Change message
59
- echo("already blocked");
60
- exit;
61
- } else{
62
- $mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
- //not in structures
64
- ?>
65
- <table id="blockedips_table1" class="display">
66
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
- <tbody>
68
- <?php
69
- $mo_wpns_handler = new MoWpnsHandler();
70
- $blockedips = $mo_wpns_handler->get_blocked_ips();
71
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
- global $mo2f_dirName;
73
- foreach($blockedips as $blockedip)
74
- {
75
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
- if(empty($blockedip->blocked_for_time))
77
- echo "<span class=redtext>Permanently</span>";
78
- else
79
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
- }
82
- ?>
83
- </tbody>
84
- </table>
85
- <script type="text/javascript">
86
- jQuery("#blockedips_table1").DataTable({
87
- "order": [[ 3, "desc" ]]
88
- });
89
- </script>
90
- <?php
91
- exit;
92
- }
93
- }
94
- else
95
- {
96
- // Change message
97
- echo("IP_IN_WHITELISTED");
98
- exit;
99
- }
100
- }
101
- }
102
-
103
-
104
- // Function to handle Manual Block IP form submit
105
- function wpns_handle_unblock_ip($entryID)
106
- {
107
- global $moWpnsUtility;
108
-
109
- if( $moWpnsUtility->check_empty_or_null($entryID))
110
- {
111
- // Change message
112
- echo("UNKNOWN_ERROR");
113
- exit;
114
- }
115
- else
116
- {
117
- $entryid = sanitize_text_field($entryID);
118
- $mo_wpns_config = new MoWpnsHandler();
119
- $mo_wpns_config->unblock_ip_entry($entryid);
120
- //not is structure
121
- ?>
122
- <table id="blockedips_table1" class="display">
123
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
- <tbody>
125
- <?php
126
- $mo_wpns_handler = new MoWpnsHandler();
127
- $blockedips = $mo_wpns_handler->get_blocked_ips();
128
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
- global $mo2f_dirName;
130
- foreach($blockedips as $blockedip)
131
- {
132
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
- if(empty($blockedip->blocked_for_time))
134
- echo "<span class=redtext>Permanently</span>";
135
- else
136
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
- }
139
- ?>
140
- </tbody>
141
- </table>
142
- <script type="text/javascript">
143
- jQuery("#blockedips_table1").DataTable({
144
- "order": [[ 3, "desc" ]]
145
- });
146
- </script>
147
- <?php
148
-
149
- exit;
150
- }
151
- }
152
-
153
-
154
- // Function to handle Whitelist IP form submit
155
- function wpns_handle_whitelist_ip($ip)
156
- {
157
- global $moWpnsUtility;
158
- if( $moWpnsUtility->check_empty_or_null($ip))
159
- {
160
- //change message
161
- echo("EMPTY IP");
162
- exit;
163
- }
164
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
- { //change message
166
- echo("INVALID_IP");
167
- exit;
168
- }
169
- else
170
- {
171
- $ipAddress = sanitize_text_field($ip);
172
- $mo_wpns_config = new MoWpnsHandler();
173
- if($mo_wpns_config->is_whitelisted($ipAddress))
174
- {
175
- //change message
176
- echo("IP_ALREADY_WHITELISTED");
177
- exit;
178
- }
179
- else
180
- {
181
- $mo_wpns_config->whitelist_ip($ip);
182
- //Structures issues
183
- $mo_wpns_handler = new MoWpnsHandler();
184
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
-
186
- ?>
187
- <table id="whitelistedips_table1" class="display">
188
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
- <tbody>
190
- <?php
191
- foreach($whitelisted_ips as $whitelisted_ip)
192
- {
193
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
- }
195
-
196
-
197
- ?>
198
- </tbody>
199
- </table>
200
- <script type="text/javascript">
201
- jQuery("#whitelistedips_table1").DataTable({
202
- "order": [[ 1, "desc" ]]
203
- });
204
- </script>
205
-
206
- <?php
207
- exit;
208
- }
209
- }
210
- }
211
-
212
-
213
- // Function to handle remove whitelisted IP form submit
214
- function wpns_handle_remove_whitelist($entryID)
215
- {
216
- global $moWpnsUtility;
217
- if( $moWpnsUtility->check_empty_or_null($entryID))
218
- {
219
- //change Message
220
- echo("UNKNOWN_ERROR");
221
- exit;
222
- }
223
- else
224
- {
225
- $entryid = sanitize_text_field($entryID);
226
- $mo_wpns_config = new MoWpnsHandler();
227
- $mo_wpns_config->remove_whitelist_entry($entryid);
228
- //structures
229
- $mo_wpns_handler = new MoWpnsHandler();
230
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
-
232
- ?>
233
- <table id="whitelistedips_table1" class="display">
234
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
- <tbody>
236
- <?php
237
- foreach($whitelisted_ips as $whitelisted_ip)
238
- {
239
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
- }
241
-
242
-
243
- ?>
244
- </tbody>
245
- </table>
246
- <script type="text/javascript">
247
- jQuery("#whitelistedips_table1").DataTable({
248
- "order": [[ 1, "desc" ]]
249
- });
250
- </script>
251
-
252
- <?php
253
- exit;
254
- }
255
- }
256
-
257
 
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ $mo_wpns_handler = new MoWpnsHandler();
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch($_POST['option'])
9
+ {
10
+ case "mo_wpns_manual_block_ip":
11
+ wpns_handle_manual_block_ip($_POST['IP']); break;
12
+ case "mo_wpns_unblock_ip":
13
+ wpns_handle_unblock_ip($_POST['id']); break;
14
+ case "mo_wpns_whitelist_ip":
15
+ wpns_handle_whitelist_ip($_POST['IP']); break;
16
+ case "mo_wpns_remove_whitelist":
17
+ wpns_handle_remove_whitelist($_POST['id'] ); break;
18
+ }
19
+ }
20
+
21
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
22
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
+ $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
+ $path = explode('plugins', $path);
25
+ $img_loader_url = plugins_url().$path[1];
26
+
27
+ $page_url = "";
28
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
+
30
+
31
+ /** IP BLOCKING RELATED FUNCTIONS **/
32
+
33
+ // Function to handle Manual Block IP form submit
34
+ function wpns_handle_manual_block_ip($ip)
35
+ {
36
+
37
+ global $moWpnsUtility;
38
+
39
+ if( $moWpnsUtility->check_empty_or_null( $ip) )
40
+ {
41
+ //Improper message
42
+ echo("empty IP");
43
+ exit;
44
+ }
45
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
+ {
47
+ echo("INVALID_IP_FORMAT");
48
+ exit;
49
+ }
50
+ else
51
+ {
52
+ $ipAddress = sanitize_text_field( $ip );
53
+ $mo_wpns_config = new MoWpnsHandler();
54
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
+ if(!$isWhitelisted)
56
+ {
57
+ if($mo_wpns_config->is_ip_blocked($ipAddress)){
58
+ //Change message
59
+ echo("already blocked");
60
+ exit;
61
+ } else{
62
+ $mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
+ //not in structures
64
+ ?>
65
+ <table id="blockedips_table1" class="display">
66
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
+ <tbody>
68
+ <?php
69
+ $mo_wpns_handler = new MoWpnsHandler();
70
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
71
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
+ global $mo2f_dirName;
73
+ foreach($blockedips as $blockedip)
74
+ {
75
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
+ if(empty($blockedip->blocked_for_time))
77
+ echo "<span class=redtext>Permanently</span>";
78
+ else
79
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
+ }
82
+ ?>
83
+ </tbody>
84
+ </table>
85
+ <script type="text/javascript">
86
+ jQuery("#blockedips_table1").DataTable({
87
+ "order": [[ 3, "desc" ]]
88
+ });
89
+ </script>
90
+ <?php
91
+ exit;
92
+ }
93
+ }
94
+ else
95
+ {
96
+ // Change message
97
+ echo("IP_IN_WHITELISTED");
98
+ exit;
99
+ }
100
+ }
101
+ }
102
+
103
+
104
+ // Function to handle Manual Block IP form submit
105
+ function wpns_handle_unblock_ip($entryID)
106
+ {
107
+ global $moWpnsUtility;
108
+
109
+ if( $moWpnsUtility->check_empty_or_null($entryID))
110
+ {
111
+ // Change message
112
+ echo("UNKNOWN_ERROR");
113
+ exit;
114
+ }
115
+ else
116
+ {
117
+ $entryid = sanitize_text_field($entryID);
118
+ $mo_wpns_config = new MoWpnsHandler();
119
+ $mo_wpns_config->unblock_ip_entry($entryid);
120
+ //not is structure
121
+ ?>
122
+ <table id="blockedips_table1" class="display">
123
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
+ <tbody>
125
+ <?php
126
+ $mo_wpns_handler = new MoWpnsHandler();
127
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
128
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
+ global $mo2f_dirName;
130
+ foreach($blockedips as $blockedip)
131
+ {
132
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
+ if(empty($blockedip->blocked_for_time))
134
+ echo "<span class=redtext>Permanently</span>";
135
+ else
136
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
+ }
139
+ ?>
140
+ </tbody>
141
+ </table>
142
+ <script type="text/javascript">
143
+ jQuery("#blockedips_table1").DataTable({
144
+ "order": [[ 3, "desc" ]]
145
+ });
146
+ </script>
147
+ <?php
148
+
149
+ exit;
150
+ }
151
+ }
152
+
153
+
154
+ // Function to handle Whitelist IP form submit
155
+ function wpns_handle_whitelist_ip($ip)
156
+ {
157
+ global $moWpnsUtility;
158
+ if( $moWpnsUtility->check_empty_or_null($ip))
159
+ {
160
+ //change message
161
+ echo("EMPTY IP");
162
+ exit;
163
+ }
164
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
+ { //change message
166
+ echo("INVALID_IP");
167
+ exit;
168
+ }
169
+ else
170
+ {
171
+ $ipAddress = sanitize_text_field($ip);
172
+ $mo_wpns_config = new MoWpnsHandler();
173
+ if($mo_wpns_config->is_whitelisted($ipAddress))
174
+ {
175
+ //change message
176
+ echo("IP_ALREADY_WHITELISTED");
177
+ exit;
178
+ }
179
+ else
180
+ {
181
+ $mo_wpns_config->whitelist_ip($ip);
182
+ //Structures issues
183
+ $mo_wpns_handler = new MoWpnsHandler();
184
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
+
186
+ ?>
187
+ <table id="whitelistedips_table1" class="display">
188
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
+ <tbody>
190
+ <?php
191
+ foreach($whitelisted_ips as $whitelisted_ip)
192
+ {
193
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
+ }
195
+
196
+
197
+ ?>
198
+ </tbody>
199
+ </table>
200
+ <script type="text/javascript">
201
+ jQuery("#whitelistedips_table1").DataTable({
202
+ "order": [[ 1, "desc" ]]
203
+ });
204
+ </script>
205
+
206
+ <?php
207
+ exit;
208
+ }
209
+ }
210
+ }
211
+
212
+
213
+ // Function to handle remove whitelisted IP form submit
214
+ function wpns_handle_remove_whitelist($entryID)
215
+ {
216
+ global $moWpnsUtility;
217
+ if( $moWpnsUtility->check_empty_or_null($entryID))
218
+ {
219
+ //change Message
220
+ echo("UNKNOWN_ERROR");
221
+ exit;
222
+ }
223
+ else
224
+ {
225
+ $entryid = sanitize_text_field($entryID);
226
+ $mo_wpns_config = new MoWpnsHandler();
227
+ $mo_wpns_config->remove_whitelist_entry($entryid);
228
+ //structures
229
+ $mo_wpns_handler = new MoWpnsHandler();
230
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
+
232
+ ?>
233
+ <table id="whitelistedips_table1" class="display">
234
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
+ <tbody>
236
+ <?php
237
+ foreach($whitelisted_ips as $whitelisted_ip)
238
+ {
239
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
+ }
241
+
242
+
243
+ ?>
244
+ </tbody>
245
+ </table>
246
+ <script type="text/javascript">
247
+ jQuery("#whitelistedips_table1").DataTable({
248
+ "order": [[ 1, "desc" ]]
249
+ });
250
+ </script>
251
+
252
+ <?php
253
+ exit;
254
+ }
255
+ }
256
+
257
 
controllers/licensing.php CHANGED
@@ -1,50 +1,50 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $default_url = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
6
- $form_action = MoWpnsConstants::HOST_NAME.'/moas/login';
7
- $admin_email = get_option('mo2f_email');
8
- $redirect_url = MoWpnsConstants::HOST_NAME .'/moas/initializepayment';
9
-
10
- $basic_plan_price = '$9 / year';
11
- $premium_plan_price = '$9 / year + One Time Setup Fees';
12
-
13
-
14
- $basic_plan_features= array(
15
- "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
16
- "User Registration Security - Disallow Disposable / Fake email addresses",
17
- "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
18
- "Advanced Blocking based on: IP range",
19
- "Protection for WP files",
20
- "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
21
- "Database Backup",
22
- "Google reCAPTCHA",
23
- "Password protection - Enforce Strong Password : Check Password strength for all users",
24
- "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
25
- "Advanced activity logs auditing and reporting",
26
- "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
27
- "Advanced User Verification",
28
- "Social Login Integration",
29
- ""
30
- );
31
-
32
- $premium_plan_features= array(
33
- "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
34
- "User Registration Security - Disallow Disposable / Fake email addresses",
35
- "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
36
- "Advanced Blocking based on: IP range",
37
- "Protection for WP files",
38
- "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
39
- "Database Backup",
40
- "Google reCAPTCHA",
41
- "Password protection - Enforce Strong Password : Check Password strength for all users",
42
- "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
43
- "Advanced activity logs auditing and reporting",
44
- "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
45
- "Advanced User Verification",
46
- "Social Login Integration",
47
- 'End to End Integration Support'
48
- );
49
-
50
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'licensing.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $default_url = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
6
+ $form_action = MoWpnsConstants::HOST_NAME.'/moas/login';
7
+ $admin_email = get_option('mo2f_email');
8
+ $redirect_url = MoWpnsConstants::HOST_NAME .'/moas/initializepayment';
9
+
10
+ $basic_plan_price = '$9 / year';
11
+ $premium_plan_price = '$9 / year + One Time Setup Fees';
12
+
13
+
14
+ $basic_plan_features= array(
15
+ "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
16
+ "User Registration Security - Disallow Disposable / Fake email addresses",
17
+ "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
18
+ "Advanced Blocking based on: IP range",
19
+ "Protection for WP files",
20
+ "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
21
+ "Database Backup",
22
+ "Google reCAPTCHA",
23
+ "Password protection - Enforce Strong Password : Check Password strength for all users",
24
+ "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
25
+ "Advanced activity logs auditing and reporting",
26
+ "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
27
+ "Advanced User Verification",
28
+ "Social Login Integration",
29
+ ""
30
+ );
31
+
32
+ $premium_plan_features= array(
33
+ "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
34
+ "User Registration Security - Disallow Disposable / Fake email addresses",
35
+ "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
36
+ "Advanced Blocking based on: IP range",
37
+ "Protection for WP files",
38
+ "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
39
+ "Database Backup",
40
+ "Google reCAPTCHA",
41
+ "Password protection - Enforce Strong Password : Check Password strength for all users",
42
+ "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
43
+ "Advanced activity logs auditing and reporting",
44
+ "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
45
+ "Advanced User Verification",
46
+ "Social Login Integration",
47
+ 'End to End Integration Support'
48
+ );
49
+
50
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'licensing.php';
controllers/login-security.php CHANGED
@@ -41,12 +41,12 @@
41
  $allwed_login_attempts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
42
  $time_of_blocking_type = get_option('mo2f_time_of_blocking_type') ? get_option('mo2f_time_of_blocking_type') : "permanent";
43
  $time_of_blocking_val = get_option('mo2f_time_of_blocking_val') ? get_option('mo2f_time_of_blocking_val') : 3;
44
- $brute_force_enabled = get_option('mo2f_enable_brute_force') ? "checked" : "";
45
- $remaining_attempts = get_option('mo2f_show_remaining_attempts') ? "checked" : "";
46
  $slow_down_attacks = get_option('mo_wpns_slow_down_attacks') ? "checked" : "";
47
  $enable_2fa = get_option('mo_wpns_enable_2fa') ? "checked" : "";
48
 
49
- $enforce_strong_password= get_option('mo2f_enforce_strong_passswords') ? "checked" : "";
50
  $attack_delay = get_option('mo_wpns_slow_down_attacks_delay') ? get_option('mo_wpns_slow_down_attacks_delay'): 2 ;
51
  $google_recaptcha = get_option('mo_wpns_activate_recaptcha') ? "checked" : "";
52
  $test_recaptcha_url = "";
@@ -58,7 +58,7 @@
58
  $captcha_reg = get_option('mo_wpns_activate_recaptcha_for_registration') ? "checked" : "";
59
 
60
 
61
- $strong_password_account= get_option('mo2f_enforce_strong_passswords_for_accounts') ? get_option('mo2f_enforce_strong_passswords_for_accounts') : "all";
62
 
63
 
64
  $mo2FAPlugin = new TwoFAPlugin();
41
  $allwed_login_attempts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
42
  $time_of_blocking_type = get_option('mo2f_time_of_blocking_type') ? get_option('mo2f_time_of_blocking_type') : "permanent";
43
  $time_of_blocking_val = get_option('mo2f_time_of_blocking_val') ? get_option('mo2f_time_of_blocking_val') : 3;
44
+ $brute_force_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option') ? "checked" : "";
45
+ $remaining_attempts = MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option') ? "checked" : "";
46
  $slow_down_attacks = get_option('mo_wpns_slow_down_attacks') ? "checked" : "";
47
  $enable_2fa = get_option('mo_wpns_enable_2fa') ? "checked" : "";
48
 
49
+ $enforce_strong_password= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') ? "checked" : "";
50
  $attack_delay = get_option('mo_wpns_slow_down_attacks_delay') ? get_option('mo_wpns_slow_down_attacks_delay'): 2 ;
51
  $google_recaptcha = get_option('mo_wpns_activate_recaptcha') ? "checked" : "";
52
  $test_recaptcha_url = "";
58
  $captcha_reg = get_option('mo_wpns_activate_recaptcha_for_registration') ? "checked" : "";
59
 
60
 
61
+ $strong_password_account= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') ? MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') : "all";
62
 
63
 
64
  $mo2FAPlugin = new TwoFAPlugin();
controllers/main_controller.php CHANGED
@@ -1,111 +1,111 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
-
7
-
8
- if(current_user_can('administrator'))
9
- {
10
- include $controller . 'navbar.php';
11
- include $controller . 'newtork_security_features.php';
12
-
13
- $tour_started=get_option('mo2f_tour_started',0);
14
-
15
-
16
- if($tour_started<1)
17
- include $controller . 'two-fa-intro.php';
18
- else if($tour_started != 0)
19
- include $controller . 'tour-model.php';
20
-
21
- if( isset( $_GET[ 'page' ]))
22
- {
23
- switch($_GET['page'])
24
- {
25
- case 'mo_2fa_dashboard':
26
- include $controller . 'dashboard.php'; break;
27
- case 'mo_2fa_login_and_spam':
28
- include $controller . 'login-spam.php'; break;
29
- case 'default':
30
- include $controller . 'login-security.php'; break;
31
- case 'mo_2fa_account':
32
- include $controller . 'account.php'; break;
33
- case 'mo_2fa_backup':
34
- include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
35
- case 'mo_2fa_upgrade':
36
- include $controller . 'upgrade.php'; break;
37
- case 'mo_2fa_waf':
38
- include $controller . 'waf.php'; break;
39
- case 'mo_2fa_blockedips':
40
- include $controller . 'ip-blocking.php'; break;
41
- case 'mo_2fa_advancedblocking':
42
- include $controller . 'advanced-blocking.php'; break;
43
- case 'mo_2fa_notifications':
44
- include $controller . 'notification-settings.php'; break;
45
- case 'mo_2fa_reports':
46
- include $controller . 'reports.php'; break;
47
- case 'mo_2fa_licensing':
48
- include $controller . 'licensing.php'; break;
49
- case 'mo_2fa_troubleshooting':
50
- include $controller . 'troubleshooting.php'; break;
51
- case 'mo_2fa_addons':
52
- include $controller . 'addons.php'; break;
53
- case 'mo_2fa_malwarescan':
54
- include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
55
- case 'mo_2fa_two_fa':
56
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
57
- case 'mo_2fa_request_demo':
58
- include $controller . 'request_demo.php';
59
- }
60
- }
61
-
62
- }
63
- else
64
- {
65
- if( isset( $_GET[ 'page' ]))
66
- {
67
- switch($_GET['page'])
68
- {
69
- case 'mo_2fa_two_fa':
70
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
71
-
72
- }
73
-
74
- }
75
-
76
- }
77
- if (isset( $_GET[ 'page' ])) {
78
-
79
- if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
80
- {
81
- include $controller . 'feedback_footer.php';
82
- }
83
- else
84
- {
85
- include $controller . 'support.php';
86
- }
87
- }
88
- ?>
89
- <?php //if(get_option('mo_wpns_scan_initialize')) { ?>
90
- <!-- <script>
91
- jQuery(document).ready(function(){
92
- var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
93
- var data={
94
- 'action':'mo_wpns_malware_redirect',
95
- 'call_type':'malware_scan_initiate',
96
- 'scan':'scan_start',
97
- 'scantype':'quick_scan',
98
- 'nonce': nonce
99
- };
100
- jQuery.post(ajaxurl, data, function(response){
101
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
102
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
103
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
104
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
105
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
106
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
107
- document.getElementById("quick_scan_button").value = "Quick Scan";
108
- });
109
- });
110
- </script> -->
111
- <?php //} ?>
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
+
7
+
8
+ if(current_user_can('administrator'))
9
+ {
10
+ include $controller . 'navbar.php';
11
+ include $controller . 'newtork_security_features.php';
12
+
13
+ $tour_started=get_option('mo2f_tour_started',0);
14
+
15
+
16
+ if($tour_started<1)
17
+ include $controller . 'two-fa-intro.php';
18
+ else if($tour_started != 0)
19
+ include $controller . 'tour-model.php';
20
+
21
+ if( isset( $_GET[ 'page' ]))
22
+ {
23
+ switch($_GET['page'])
24
+ {
25
+ case 'mo_2fa_dashboard':
26
+ include $controller . 'dashboard.php'; break;
27
+ case 'mo_2fa_login_and_spam':
28
+ include $controller . 'login-spam.php'; break;
29
+ case 'default':
30
+ include $controller . 'login-security.php'; break;
31
+ case 'mo_2fa_account':
32
+ include $controller . 'account.php'; break;
33
+ case 'mo_2fa_backup':
34
+ include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
35
+ case 'mo_2fa_upgrade':
36
+ include $controller . 'upgrade.php'; break;
37
+ case 'mo_2fa_waf':
38
+ include $controller . 'waf.php'; break;
39
+ case 'mo_2fa_blockedips':
40
+ include $controller . 'ip-blocking.php'; break;
41
+ case 'mo_2fa_advancedblocking':
42
+ include $controller . 'advanced-blocking.php'; break;
43
+ case 'mo_2fa_notifications':
44
+ include $controller . 'notification-settings.php'; break;
45
+ case 'mo_2fa_reports':
46
+ include $controller . 'reports.php'; break;
47
+ case 'mo_2fa_licensing':
48
+ include $controller . 'licensing.php'; break;
49
+ case 'mo_2fa_troubleshooting':
50
+ include $controller . 'troubleshooting.php'; break;
51
+ case 'mo_2fa_addons':
52
+ include $controller . 'addons.php'; break;
53
+ case 'mo_2fa_malwarescan':
54
+ include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
55
+ case 'mo_2fa_two_fa':
56
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
57
+ case 'mo_2fa_request_demo':
58
+ include $controller . 'request_demo.php';
59
+ }
60
+ }
61
+
62
+ }
63
+ else
64
+ {
65
+ if( isset( $_GET[ 'page' ]))
66
+ {
67
+ switch($_GET['page'])
68
+ {
69
+ case 'mo_2fa_two_fa':
70
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
71
+
72
+ }
73
+
74
+ }
75
+
76
+ }
77
+ if (isset( $_GET[ 'page' ])) {
78
+
79
+ if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
80
+ {
81
+ include $controller . 'feedback_footer.php';
82
+ }
83
+ else
84
+ {
85
+ include $controller . 'support.php';
86
+ }
87
+ }
88
+ ?>
89
+
90
+ <!-- <script>
91
+ jQuery(document).ready(function(){
92
+ var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
93
+ var data={
94
+ 'action':'mo_wpns_malware_redirect',
95
+ 'call_type':'malware_scan_initiate',
96
+ 'scan':'scan_start',
97
+ 'scantype':'quick_scan',
98
+ 'nonce': nonce
99
+ };
100
+ jQuery.post(ajaxurl, data, function(response){
101
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
102
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
103
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
104
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
105
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
106
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
107
+ document.getElementById("quick_scan_button").value = "Quick Scan";
108
+ });
109
+ });
110
+ </script> -->
111
+
controllers/malware_scanner/scan_malware.php CHANGED
@@ -2,7 +2,6 @@
2
 
3
  global $moWpnsUtility,$mo2f_dirName;
4
 
5
- add_option('mo_wpns_skip_folders');
6
  update_site_option('mo2f_visit_malware',true);
7
 
8
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
2
 
3
  global $moWpnsUtility,$mo2f_dirName;
4
 
 
5
  update_site_option('mo2f_visit_malware',true);
6
 
7
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
controllers/malware_scanner/scan_malware_report.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_report_view.php';
4
-
5
  ?>
1
+ <?php
2
+
3
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_report_view.php';
4
+
5
  ?>
controllers/malware_scanner/scan_malware_settings.php CHANGED
@@ -24,23 +24,21 @@ if(is_null($scan_configuration)){
24
  $mo_wpns_check_extl = $scan_configuration->ext_link_check;
25
  $mo_wpns_check_repo = $scan_configuration->check_repo;
26
  }
27
- //$mo_wpns_scan_files_extensions = get_option('mo_wpns_scan_files_extensions');
28
  $mo_wpns_check_rfi = 0;
29
  $mo_wpns_adv_sign = 0;
30
  $mo_wpns_check_domain = 0;
31
  $mo_wpns_check_trojan = 0;
32
  $mo_wpns_check_backdoor = 0;
33
- //$mo_wpns_skip_folders = get_option('mo_wpns_skip_folders');
34
  $mo_wpns_skip_folders_array = array();
35
  if(!empty($mo_wpns_skip_folders)){
36
  $mo_wpns_skip_folders_array = explode(";",$mo_wpns_skip_folders);
37
  }
38
- $mo_wpns_white_url = "";//get_option('mo_wpns_white_url');
39
  $mo_wpns_white_urls_array = array();
40
  if(!empty($mo_wpns_white_url)){
41
  $mo_wpns_white_urls_array = explode(";",$mo_wpns_white_url);
42
  }
43
- $mo_wpns_custom_sign = "";//get_option('mo_wpns_custom_sign');
44
  $mo_wpns_custom_sign_array = array();
45
  if(!empty($mo_wpns_custom_sign)){
46
  $mo_wpns_custom_sign_array = explode(";",$mo_wpns_custom_sign);
24
  $mo_wpns_check_extl = $scan_configuration->ext_link_check;
25
  $mo_wpns_check_repo = $scan_configuration->check_repo;
26
  }
 
27
  $mo_wpns_check_rfi = 0;
28
  $mo_wpns_adv_sign = 0;
29
  $mo_wpns_check_domain = 0;
30
  $mo_wpns_check_trojan = 0;
31
  $mo_wpns_check_backdoor = 0;
 
32
  $mo_wpns_skip_folders_array = array();
33
  if(!empty($mo_wpns_skip_folders)){
34
  $mo_wpns_skip_folders_array = explode(";",$mo_wpns_skip_folders);
35
  }
36
+ $mo_wpns_white_url = "";
37
  $mo_wpns_white_urls_array = array();
38
  if(!empty($mo_wpns_white_url)){
39
  $mo_wpns_white_urls_array = explode(";",$mo_wpns_white_url);
40
  }
41
+ $mo_wpns_custom_sign = "";
42
  $mo_wpns_custom_sign_array = array();
43
  if(!empty($mo_wpns_custom_sign)){
44
  $mo_wpns_custom_sign_array = explode(";",$mo_wpns_custom_sign);
controllers/navbar.php CHANGED
@@ -10,7 +10,7 @@
10
  $security_features->wpns_2fa_with_network_security($_POST); break;
11
  }
12
  }
13
- $network_security_features= get_option('mo_wpns_2fa_with_network_security') ? "checked" : "";
14
 
15
  if( isset( $_GET[ 'page' ])){
16
  $tab_count= get_site_option('mo2f_tab_count', 0);
10
  $security_features->wpns_2fa_with_network_security($_POST); break;
11
  }
12
  }
13
+ $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
 
15
  if( isset( $_GET[ 'page' ])){
16
  $tab_count= get_site_option('mo2f_tab_count', 0);
controllers/newtork_security_features.php CHANGED
@@ -1,24 +1,24 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
- if(current_user_can( 'manage_options' ) && isset($_POST['mo_wpns_features']))
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['mo_wpns_features'])))
7
- {
8
- case "mo_wpns_2fa_with_network_security":
9
- $security_features = new Mo_2fa_security_features();
10
- $security_features->wpns_2fa_with_network_security($_POST); break;
11
- case "mo_wpns_2fa_features":
12
- $security_features = new Mo_2fa_security_features();
13
- $security_features->wpns_2fa_features_only(); break;
14
-
15
-
16
- }
17
- }
18
-
19
-
20
- $network_security_features= get_option('mo_wpns_2fa_with_network_security') ? "checked" : "";
21
-
22
-
23
-
24
  // include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'network_security_features.php';
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['mo_wpns_features']))
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['mo_wpns_features'])))
7
+ {
8
+ case "mo_wpns_2fa_with_network_security":
9
+ $security_features = new Mo_2fa_security_features();
10
+ $security_features->wpns_2fa_with_network_security($_POST); break;
11
+ case "mo_wpns_2fa_features":
12
+ $security_features = new Mo_2fa_security_features();
13
+ $security_features->wpns_2fa_features_only(); break;
14
+
15
+
16
+ }
17
+ }
18
+
19
+
20
+ $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
21
+
22
+
23
+
24
  // include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'network_security_features.php';
controllers/notification-settings.php CHANGED
@@ -1,101 +1,101 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
- $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
-
8
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
- {
10
- switch($_POST['option'])
11
- {
12
- case "mo_wpns_enable_ip_blocked_email_to_admin":
13
- wpns_handle_notify_admin_on_ip_block($_POST); break;
14
- case "mo_wpns_enable_unusual_activity_email_to_user":
15
- wpns_handle_notify_unusual_activity($_POST); break;
16
- case "custom_user_template":
17
- wpns_handle_custom_template($_POST['custom_user_template']); break;
18
- case "mo_wpns_get_manual_email" :
19
- wpns_handle_admin_email($_POST); break;
20
- case "custom_admin_template":
21
- wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
- }
23
- }
24
- if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
- update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
- $notify_admin_on_ip_block = get_option('mo_wpns_enable_ip_blocked_email_to_admin') ? "" : "unchacked";
27
- }
28
- $notify_admin_on_ip_block = get_option('mo_wpns_enable_ip_blocked_email_to_admin') ? "checked" : "";
29
- $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
-
31
- $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
- $template_type1 = 'custom_admin_template';
33
- $ip_blocking_template = array(
34
- 'textarea_name' => 'custom_admin_template',
35
- 'wpautop' => false
36
- );
37
- $fromEmail = get_option('mo2f_email');
38
- $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
- $template_type2 = 'custom_user_template';
40
- $user_activity_template = array(
41
- 'textarea_name' => 'custom_user_template',
42
- 'wpautop' => false
43
- );
44
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
-
46
-
47
-
48
- /* ADMIN NOTIFICATION SETTINGS */
49
- function wpns_handle_admin_email($postValue)
50
- {
51
-
52
- if(validate_email($_POST['admin_email_address'])){
53
- $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
54
- update_option('admin_email_address',$postValue['admin_email_address']);
55
- update_option( 'admin_email_address_status', $admin_email_address_status);
56
- do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
57
- }else{
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
59
- }
60
- }
61
- function validate_email($str) {
62
- return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
63
- }
64
-
65
- //Function to handle enabling and disabling of admin notification on ip blocking
66
- function wpns_handle_notify_admin_on_ip_block($postValue)
67
- {
68
- $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
69
- update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
70
-
71
- if($enable_ip_blocked_email_to_admin)
72
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
73
- else
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
75
- }
76
-
77
-
78
- //Function to handle enabling and disabling of admin notification on unusual activity
79
- function wpns_handle_notify_unusual_activity($postValue)
80
- {
81
- $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
82
- update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
83
-
84
- if($enable_unusual_activity_email_to_user)
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
86
- else
87
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
88
- }
89
-
90
-
91
- //Function to save unusual activity email template
92
- function wpns_handle_custom_template($template1,$template2=null)
93
- {
94
- if(!is_null($template1))
95
- update_option('custom_user_template', stripslashes($template1));
96
-
97
- if(!is_null($template2))
98
- update_option('custom_admin_template', stripslashes($template2));
99
-
100
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
101
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
+ $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
+
8
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
+ {
10
+ switch($_POST['option'])
11
+ {
12
+ case "mo_wpns_enable_ip_blocked_email_to_admin":
13
+ wpns_handle_notify_admin_on_ip_block($_POST); break;
14
+ case "mo_wpns_enable_unusual_activity_email_to_user":
15
+ wpns_handle_notify_unusual_activity($_POST); break;
16
+ case "custom_user_template":
17
+ wpns_handle_custom_template($_POST['custom_user_template']); break;
18
+ case "mo_wpns_get_manual_email" :
19
+ wpns_handle_admin_email($_POST); break;
20
+ case "custom_admin_template":
21
+ wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
+ }
23
+ }
24
+ if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
+ update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "" : "unchacked";
27
+ }
28
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "checked" : "";
29
+ $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
+
31
+ $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
+ $template_type1 = 'custom_admin_template';
33
+ $ip_blocking_template = array(
34
+ 'textarea_name' => 'custom_admin_template',
35
+ 'wpautop' => false
36
+ );
37
+ $fromEmail = get_option('mo2f_email');
38
+ $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
+ $template_type2 = 'custom_user_template';
40
+ $user_activity_template = array(
41
+ 'textarea_name' => 'custom_user_template',
42
+ 'wpautop' => false
43
+ );
44
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
+
46
+
47
+
48
+ /* ADMIN NOTIFICATION SETTINGS */
49
+ function wpns_handle_admin_email($postValue)
50
+ {
51
+
52
+ if(validate_email($_POST['admin_email_address'])){
53
+ $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
54
+ update_option('admin_email_address',$postValue['admin_email_address']);
55
+ update_option( 'admin_email_address_status', $admin_email_address_status);
56
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
57
+ }else{
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
59
+ }
60
+ }
61
+ function validate_email($str) {
62
+ return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
63
+ }
64
+
65
+ //Function to handle enabling and disabling of admin notification on ip blocking
66
+ function wpns_handle_notify_admin_on_ip_block($postValue)
67
+ {
68
+ $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
69
+ update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
70
+
71
+ if($enable_ip_blocked_email_to_admin)
72
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
73
+ else
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
75
+ }
76
+
77
+
78
+ //Function to handle enabling and disabling of admin notification on unusual activity
79
+ function wpns_handle_notify_unusual_activity($postValue)
80
+ {
81
+ $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
82
+ update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
83
+
84
+ if($enable_unusual_activity_email_to_user)
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
86
+ else
87
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
88
+ }
89
+
90
+
91
+ //Function to save unusual activity email template
92
+ function wpns_handle_custom_template($template1,$template2=null)
93
+ {
94
+ if(!is_null($template1))
95
+ update_option('custom_user_template', stripslashes($template1));
96
+
97
+ if(!is_null($template2))
98
+ update_option('custom_admin_template', stripslashes($template2));
99
+
100
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
101
  }
controllers/pointers.php CHANGED
@@ -5,7 +5,8 @@ $tab= 'default';
5
  if(array_key_exists('tab',$_GET))
6
  $tab = $_GET['tab'];
7
 
8
- if(get_option('mo2f_two_factor_tour')==1)
 
9
  {
10
  $pointers['default-miniorange-2fa-select-authentication'] = array(
11
  'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
5
  if(array_key_exists('tab',$_GET))
6
  $tab = $_GET['tab'];
7
 
8
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
+
10
  {
11
  $pointers['default-miniorange-2fa-select-authentication'] = array(
12
  'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
controllers/registration-security.php CHANGED
@@ -1,129 +1,129 @@
1
- <?php
2
-
3
- global $moWpnsUtility, $mo2f_dirName;
4
-
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch($_POST['option'])
9
- {
10
- case "mo_wpns_enable_fake_domain_blocking":
11
- wpns_handle_domain_blocking($_POST); break;
12
- case "mo_wpns_advanced_user_verification":
13
- wpns_handle_advanced_user_verification($_POST); break;
14
- case "mo_wpns_social_integration":
15
- wpns_handle_enable_social_login($_POST); break;
16
-
17
- }
18
- }
19
-
20
- $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), $_SERVER['REQUEST_URI'] );
21
- $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), $_SERVER['REQUEST_URI'] );
22
- $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
- $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
- $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
-
26
- if($user_verify)
27
- {
28
- $moOTPPlugin = new OTPPlugin();
29
- $status = $moOTPPlugin->getstatus();
30
- switch ($status)
31
- {
32
- case "ACTIVE":
33
- $html1 = "<br><a href='".$otpVerify_url."'>Click here to configure.</a>";
34
- $moOTPPlugin->updatePluginConfiguration();
35
- break;
36
- case "INSTALLED":
37
- $path = "miniorange-otp-verification/miniorange_validation_settings.php";
38
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
39
- $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate OTP Verification Plugin</a>';
40
- break;
41
- default:
42
- $action = 'install-plugin';
43
- $slug = 'miniorange-otp-verification';
44
- $install_link = wp_nonce_url(
45
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
46
- $action.'_'.$slug
47
- );
48
- $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="'.$install_link.'">Install OTP Verification plugin</a>';
49
- break;
50
- }
51
- }
52
-
53
-
54
- if($social_login)
55
- {
56
- $moSocialLogin = new SocialPlugin();
57
- $status = $moSocialLogin->getstatus();
58
- switch ($status)
59
- {
60
- case "ACTIVE":
61
- $html2 = "<br><a href='".$openid_url."'>Click here to configure.</a>";
62
- break;
63
- case "INSTALLED":
64
- $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
65
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
66
- $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate Social Login, Sharing Plugin</a>';
67
- break;
68
- default:
69
- $action = 'install-plugin';
70
- $slug = 'miniorange-login-openid';
71
- $install_link = wp_nonce_url(
72
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
73
- $action.'_'.$slug
74
- );
75
- $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="'.$install_link.'">Install Social Login, Sharing plugin</a>';
76
- break;
77
- }
78
- }
79
-
80
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
81
-
82
-
83
-
84
-
85
- /* REGISTRATION SECURITY RELATED FUNCTIONS*/
86
-
87
- //Function to handle enabling and disabling domain blocking
88
- function wpns_handle_domain_blocking($postvalue)
89
- {
90
- $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
91
- update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
92
-
93
- if($enable_fake_emails)
94
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
95
- else
96
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
97
- }
98
-
99
-
100
- //Function to enable and disable User Verification for the Default Registration Page
101
- function wpns_handle_advanced_user_verification($postvalue)
102
- {
103
- $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
104
- update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
105
-
106
- if($enable_advanced_user_verification)
107
- {
108
- update_option('mo_customer_validation_wp_default_enable',1);
109
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
110
- }
111
- else
112
- {
113
- update_option('mo_customer_validation_wp_default_enable',0);
114
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
115
- }
116
- }
117
-
118
-
119
- //Function to enable and disable Social Login
120
- function wpns_handle_enable_social_login($postvalue)
121
- {
122
- $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
123
- update_option( 'mo_wpns_enable_social_integration', $social_login);
124
-
125
- if($social_login)
126
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
127
- else
128
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
129
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility, $mo2f_dirName;
4
+
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch($_POST['option'])
9
+ {
10
+ case "mo_wpns_enable_fake_domain_blocking":
11
+ wpns_handle_domain_blocking($_POST); break;
12
+ case "mo_wpns_advanced_user_verification":
13
+ wpns_handle_advanced_user_verification($_POST); break;
14
+ case "mo_wpns_social_integration":
15
+ wpns_handle_enable_social_login($_POST); break;
16
+
17
+ }
18
+ }
19
+
20
+ $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), $_SERVER['REQUEST_URI'] );
21
+ $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), $_SERVER['REQUEST_URI'] );
22
+ $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
+ $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
+ $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
+
26
+ if($user_verify)
27
+ {
28
+ $moOTPPlugin = new OTPPlugin();
29
+ $status = $moOTPPlugin->getstatus();
30
+ switch ($status)
31
+ {
32
+ case "ACTIVE":
33
+ $html1 = "<br><a href='".$otpVerify_url."'>Click here to configure.</a>";
34
+ $moOTPPlugin->updatePluginConfiguration();
35
+ break;
36
+ case "INSTALLED":
37
+ $path = "miniorange-otp-verification/miniorange_validation_settings.php";
38
+ $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
39
+ $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate OTP Verification Plugin</a>';
40
+ break;
41
+ default:
42
+ $action = 'install-plugin';
43
+ $slug = 'miniorange-otp-verification';
44
+ $install_link = wp_nonce_url(
45
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
46
+ $action.'_'.$slug
47
+ );
48
+ $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="'.$install_link.'">Install OTP Verification plugin</a>';
49
+ break;
50
+ }
51
+ }
52
+
53
+
54
+ if($social_login)
55
+ {
56
+ $moSocialLogin = new SocialPlugin();
57
+ $status = $moSocialLogin->getstatus();
58
+ switch ($status)
59
+ {
60
+ case "ACTIVE":
61
+ $html2 = "<br><a href='".$openid_url."'>Click here to configure.</a>";
62
+ break;
63
+ case "INSTALLED":
64
+ $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
65
+ $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
66
+ $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate Social Login, Sharing Plugin</a>';
67
+ break;
68
+ default:
69
+ $action = 'install-plugin';
70
+ $slug = 'miniorange-login-openid';
71
+ $install_link = wp_nonce_url(
72
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
73
+ $action.'_'.$slug
74
+ );
75
+ $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="'.$install_link.'">Install Social Login, Sharing plugin</a>';
76
+ break;
77
+ }
78
+ }
79
+
80
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
81
+
82
+
83
+
84
+
85
+ /* REGISTRATION SECURITY RELATED FUNCTIONS*/
86
+
87
+ //Function to handle enabling and disabling domain blocking
88
+ function wpns_handle_domain_blocking($postvalue)
89
+ {
90
+ $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
91
+ update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
92
+
93
+ if($enable_fake_emails)
94
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
95
+ else
96
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
97
+ }
98
+
99
+
100
+ //Function to enable and disable User Verification for the Default Registration Page
101
+ function wpns_handle_advanced_user_verification($postvalue)
102
+ {
103
+ $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
104
+ update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
105
+
106
+ if($enable_advanced_user_verification)
107
+ {
108
+ update_option('mo_customer_validation_wp_default_enable',1);
109
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
110
+ }
111
+ else
112
+ {
113
+ update_option('mo_customer_validation_wp_default_enable',0);
114
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
115
+ }
116
+ }
117
+
118
+
119
+ //Function to enable and disable Social Login
120
+ function wpns_handle_enable_social_login($postvalue)
121
+ {
122
+ $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
123
+ update_option( 'mo_wpns_enable_social_integration', $social_login);
124
+
125
+ if($social_login)
126
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
127
+ else
128
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
129
  }
controllers/reports.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(isset($_POST['option']) and $_POST['option']=='mo_wpns_manual_clear'){
6
- global $wpdb;
7
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
-
9
- }
10
-
11
-
12
-
13
- if(isset($_POST['option']) and $_POST['option']=='mo_wpns_manual_errorclear'){
14
- global $wpdb;
15
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
-
17
- }
18
-
19
- $mo_wpns_handler = new MoWpnsHandler();
20
- $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
- $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
-
23
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
-
25
  ?>
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(isset($_POST['option']) and $_POST['option']=='mo_wpns_manual_clear'){
6
+ global $wpdb;
7
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
+
9
+ }
10
+
11
+
12
+
13
+ if(isset($_POST['option']) and $_POST['option']=='mo_wpns_manual_errorclear'){
14
+ global $wpdb;
15
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
+
17
+ }
18
+
19
+ $mo_wpns_handler = new MoWpnsHandler();
20
+ $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
+ $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
+
23
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
+
25
  ?>
controllers/request_demo.php CHANGED
@@ -1,51 +1,51 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_demo_request_form":
9
- wpns_handle_demo_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
-
15
- function wpns_handle_demo_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
- $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
- $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
- return;
22
- }
23
- if(empty($usecase) || empty($email) || empty($demo_plan) )
24
- {
25
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
- return;
27
- }
28
- else{
29
-
30
- $usecase = sanitize_text_field( $usecase );
31
- $email = sanitize_text_field( $email );
32
- $demo_plan = sanitize_text_field($demo_plan);
33
- $query = 'REQUEST FOR DEMO';
34
- $query .= ' =>';
35
- $query .= $demo_plan;
36
- $query .= ' : ';
37
- $query .= $usecase;
38
- $contact_us = new MocURL();
39
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
-
41
- if(json_last_error() == JSON_ERROR_NONE && $submited)
42
- {
43
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
- return;
45
- }
46
- else{
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
- }
49
- }
50
- }
51
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_demo_request_form":
9
+ wpns_handle_demo_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
+
15
+ function wpns_handle_demo_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
+ $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
+ return;
22
+ }
23
+ if(empty($usecase) || empty($email) || empty($demo_plan) )
24
+ {
25
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
+ return;
27
+ }
28
+ else{
29
+
30
+ $usecase = sanitize_text_field( $usecase );
31
+ $email = sanitize_text_field( $email );
32
+ $demo_plan = sanitize_text_field($demo_plan);
33
+ $query = 'REQUEST FOR DEMO';
34
+ $query .= ' =>';
35
+ $query .= $demo_plan;
36
+ $query .= ' : ';
37
+ $query .= $usecase;
38
+ $contact_us = new MocURL();
39
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
+
41
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
42
+ {
43
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
+ return;
45
+ }
46
+ else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ }
49
+ }
50
+ }
51
  ?>
controllers/tour-model.php CHANGED
@@ -1,334 +1,334 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
- $current_user = wp_get_current_user();
5
- $email = get_option("mo2f_email");
6
- $phone = get_option("mo_wpns_admin_phone");
7
- $display = get_option('mo2f_tour_started') == 2?'block':'none';
8
- $networkSEnable = get_option("mo_wpns_2fa_with_network_security");
9
- if(empty($email))
10
- $email = $current_user->user_email;
11
- $counter = 0;
12
- $enableTour = $networkSEnable == 1 ? '' : 'disabled';
13
- $tour_body = '<p class="modal-body-para">Hey, Thank you for installing <b style="color: #E85700">miniOrange 2-Factor plugin</b>.</p>
14
- <p class="modal-body-para">Two-factor will provide extra layer of security to your users account which will help to protect your users accounts from any outside attack.</p>';
15
- if($networkSEnable != 1)
16
- {
17
- $tour_body .= '<div style="margin-left:37.5%;margin-right:37.5%;">';
18
- }
19
-
20
- $tour_body .= '<table style="width: 100%; text-align: center; table-layout: fixed; font-size: medium;">
21
- <div class="mo2f_hiddenradio">
22
- <tr>
23
-
24
- <td style="border: 1px solid black;" id="2fa">
25
- <label>
26
- <input type="radio" name="mo2f_two_factor" value="2fa" checked style="display:none">
27
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/google-authenticator.png">
28
- </label>
29
- </td>';
30
- if($networkSEnable == 1)
31
- {
32
- $tour_body .= '<td style="border: 1px solid black;" id="waf">
33
- <label >
34
- <input type="radio" name="mo2f_two_factor" value="waf" style="display:none" '.$enableTour.'>
35
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/mo-waf-logo.png">
36
- </label>
37
- </td>
38
-
39
- <td style="border: 1px solid black;" id="login">
40
- <label >
41
- <input type="radio" name="mo2f_two_factor" value="login" style="display:none"'.$enableTour.'>
42
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-protection-logo.png">
43
- </label>
44
- </td>
45
-
46
- <td style="border: 1px solid black;" id="backup">
47
- <label>
48
- <input type="radio" name="mo2f_two_factor" value="backup" style="display:none"'.$enableTour.'>
49
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/database-backup-logo.png">
50
- </label>
51
- </td>
52
-
53
- <td style="border: 1px solid black;" id="malware">
54
- <label >
55
- <input type="radio" name="mo2f_two_factor" value="malware" style="display:none"'.$enableTour.'>
56
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/malware-scanner-logo.png">
57
- </label>
58
- </td>';
59
- }
60
- $tour_body .= '</tr>
61
- <tr>
62
- <th>
63
- Two-factor authentication
64
- </th>';
65
-
66
- if($networkSEnable == 1)
67
- {
68
-
69
- $tour_body .= '<th>
70
- Web Application Firewall(WAF)
71
- </th>
72
-
73
- <th>
74
- Login Protection
75
- </th>
76
-
77
- <th>
78
- Database Backup
79
- </th>
80
-
81
- <th>
82
- Malware scanner
83
- </th>';
84
- }
85
-
86
- $tour_body .= '</tr>
87
- </div>
88
- </table>';
89
- if($networkSEnable != 1)
90
- {
91
- $tour_body .= '</div>';
92
- }
93
-
94
- $waf_arr_ecc = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It includes very sensitive data such as user details, credit/debit card or bank details. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping, price scraping are also some scraping techniques which are used to degrade/destroy media files and change the price of products.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business. <div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
95
-
96
- $waf_arr_busi = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It may include company privileged data, admin users data which will affect on the business. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Price scraping is part of web scraping which is used to change prices of the products which affects a lot on business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
97
-
98
- $waf_arr_blog = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation. The data may include user details, privileged data, privileged blogs, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping can be done in the blog/news site which alter, degrade or destroy media files.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations. Content modification may mislead to blog/news site subscriber. It can be used to spread fake/malicious imformation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
99
-
100
- $waf_arr_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business. </div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
101
-
102
- $waf_body_ecommerce = '<div class="modal-body-div">
103
- <p class="modal-body-para" style="margin: 0;">Ecommerce sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
104
- $waf_body_business = '<div class="modal-body-div">
105
- <p class="modal-body-para" style="margin: 0;">Business sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
106
- $waf_body_blog = '<div class="modal-body-div">
107
- <p class="modal-body-para" style="margin: 0;">Blogs/News sites are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
108
- $waf_body_other = '<div class="modal-body-div">
109
- <p class="modal-body-para" style="margin: 0;">Other sites such as employment, portfolio, multilingual, etc are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
110
-
111
- $waf_body = '<div style="width:100%; display:inline-flex; margin-left: 20px;">
112
- <div style="width:50%;font-size: medium;">1: <b>Data theft and manipulation</b></div>
113
- <div style="width:50%;font-size: medium;">2: <b>Web Scraping</b></div></div>
114
- <div style="width:100%; display:inline-flex; margin-left: 20px;">
115
- <div style="width:50%;font-size: medium;">3: <b>File manipulation</b></div>
116
- <div style="width:50%;font-size: medium;">4: <b>Content modification</b></div></div>
117
- </div>';
118
-
119
- $registration_security_ecommerce = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Ecommerce sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
120
- $registration_security_business = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Business sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
121
-
122
- $registration_security_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> The sites such as employment, social networking, etc. need to prevent fake user registrations. The user will spam other users and share private data of others.';
123
-
124
- $registration_security = '<div style="margin:1em;"><ul>
125
- <li>
126
- <p class="modal-body-para" style="margin: 0;">1. Temporary/Fake email ban</p>
127
- </li>
128
- <li>
129
- <p class="modal-body-para" style="margin: 0;">2. OTP Verification during registrations</p>
130
- </li>
131
- <li>
132
- <p class="modal-body-para" style="margin: 0;">3. Social login</p>
133
- </li>
134
- </ul>
135
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-13" onclick="open_hide(this);">+</a></div></div>';
136
-
137
- $login_security_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites should have strong login security to prevent unauthorised access.</p></div>';
138
- $login_security_business = '<div class="modal-body-div"><p class="modal-body-para">Business sites should have strong login security to prevent unauthorised access.</p></div>';
139
- $login_security_blog = '<div class="modal-body-div"><p class="modal-body-para">Blogs/News sites should have strong login security to prevent unauthorised access.</p></div>';
140
- $login_security_other = '<div class="modal-body-div"><p class="modal-body-para">Other sites such as employment, portfolio, etc. should have strong login security to prevent unauthorised access.</p></div>';
141
-
142
- $login_security_body = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-10" style="width: 98%; overflow:; height: ;line-height: 1.5;"><b><u>Limit Login:</u></b> Password guessing/Brute force attack can be controlled/prevented by limiting the login attempts. Paasword guessing can be protected by:
143
- <div style="margin:1em;">
144
- <ul>
145
- <li>
146
- <p class="modal-body-para">1. Limit Login attempts: 10 (<b>Recommended</b>)</p>
147
- </li>
148
- <li>
149
- <p class="modal-body-para">2. Enforce Strong passwords</p>
150
- </li>
151
- </ul>
152
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-10" onclick="open_hide(this);">-</a></div></div>
153
-
154
- <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-11" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>2-Factor:</u></b> 2-factor authentication is important to prevent unauthorised login. 2-factor authentication can be enabled on top of login credentials at the time of login. Google authenticator, Authy authenticator, Lastpass authenticator applications can be used to configure 2FA. miniOrange supports 15+ 2FA methods, it includes OTP over SMS, Email, Security Questions, QR code authentication, push notification, Hardware Token, etc. 2FA can enabled to:
155
- <div style="margin:1em;">
156
- <ul>
157
- <li>
158
- <p class="modal-body-para">1. Enable 2FA for employees (<b>Recommended</b>)</p>
159
- </li>
160
- <li>
161
- <p class="modal-body-para">2. Enable 2FA for users</p>
162
- </li>
163
- <li>
164
- <p class="modal-body-para">3. Backup methods in case of emergency login</p>
165
- </li>
166
- </ul>
167
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-11" onclick="open_hide(this);">+</a></div></div>
168
- <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-12" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Remember device:</u></b> Remember device allows user to login from trusted devices. It keeps safe from unauthorised users who tries to gain access. It improves your login security by allowing you to login from limited and trusted deivces.
169
- <div style="margin:1em;">
170
- <ul>
171
- <li>
172
- <p class="modal-body-para">1. Allows multiple trusted devices</p>
173
- </li>
174
- <li>
175
- <p class="modal-body-para">2. Limit no. of trusted devices</p>
176
- </li>
177
- <li>
178
- <p class="modal-body-para">3. Block IP\'s of unauthorised users</p>
179
- </li>
180
- </ul>
181
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-12" onclick="open_hide(this);">+</a></div></div>';
182
-
183
-
184
- $media_body = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites are often attacked to degrade and destroy media files such as images of product, audios and videos about products. You need to secure your media data. Media protection is important because the users of ecommerce site buy product by viewing the media of products. The broad word media scraping can be used for these types attacks.</p>
185
- <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
186
- <div class="modal-body-div">The Media protection prevents media files listed below:</div>
187
- </div>
188
- <div style="margin:1em;">
189
- <ul>
190
- <li>
191
- <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
192
- </li>
193
- <li>
194
- <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
195
- </li>
196
- </ul>
197
- </div>';
198
-
199
- $media_body_1 = '<div class="modal-body-div"><p class="modal-body-para">Some sites such as Photo Gallery or other site which contains media files are often attacked to degrade and destroy media files. You need to secure your media data. Media protection is important because the these sites are totally based on media files.</p>
200
- <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
201
- <div class="modal-body-div">The Media protection prevents media files listed below:</div>
202
- </div>
203
- <div style="margin:1em;">
204
- <ul>
205
- <li>
206
- <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
207
- </li>
208
- <li>
209
- <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
210
- </li>
211
- </ul>
212
- </div>';
213
-
214
- $backup_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any e-commerce site. The ecommerce sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
215
- $backup_business = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Business site. The business sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
216
- $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Blog/News site. These sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
217
- $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any site such as social networking, employment, etc. There are several attacks happens on these sites to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
218
-
219
-
220
- $backup_body = '<div class="modal-body-div">
221
- <ul>
222
- <li>
223
- <p class="modal-body-para"><b>1. <u>Scheduled backup:</u></b> Scheduled backup used to create automatic backup after scheduled time. It allows you to relax because you know that all of your information is being backed up, and you are limiting what you may lose. Using this feature you can set a time interval to create a continuous backup. ';
224
- $backup_body_1 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">Set scheduled backup time 1/2 hr for ecommerce site.</span></div>';
225
- $backup_body_2 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 12 hrs time interval.</span></div>';
226
- $backup_body_3 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 4-5 hrs time interval.</span></div>';
227
- $backup_body_4 = '</p>
228
- </li>
229
- <li>
230
- <p class="modal-body-para"><b>2. <u>Manual backup:</u></b> Manual backup can be taken manually whenever user wants. It is important when you made any crucial changes and don\'t want to loose data then you can immediately take a backup and keep it securely.</p>
231
- </li>
232
- <li>
233
- <p class="modal-body-para"><b>3. <u>Password protected encrypted backup:</u></b> Password protected encrypted backup is very secure way to take a backup. If anyone gets it still no one can decode it because of its highly secure nature.</p>
234
- </li>
235
- <li>
236
- <p class="modal-body-para"><b>4. <u>Easy restoring and recovering:</u></b> Simple one-click restore using installer files created for your website. During backup, we create an installer.php file. At the time of restore and recovery, you just need to upload the zip file of backup and installer.php and run the installer file and follow instructions to set up your website.</p>
237
- </li>
238
- </ul>
239
- </div>';
240
-
241
- $comment_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce websites are attacked to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
242
- $comment_business = '<div class="modal-body-div"><p class="modal-body-para">Business websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
243
- $comment_blog = '<div class="modal-body-div"><p class="modal-body-para">Blog/News websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
244
- $comment_other = '<div class="modal-body-div"><p class="modal-body-para">Other websites such as employment, multilingual, etc. are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
245
-
246
- $comment_spam = '<div style="margin:1em;">
247
- <ul>
248
- <li>
249
- <p class="modal-body-para"><b>1. <u>Comment protection:</u></b> Spam comments generated by automated scripts can be prevented using captcha. Honeypot is another widely used technique to catch bots and block them.</p>
250
- </li>
251
- <li>
252
- <p class="modal-body-para"><b>2. <u>Post protection:</u></b> Automated scripts or botnets can prevented by using captcha. There are three forms of captcha availble text, math and google recaptcha. Honeypot is also another way to detect spam posts. Malware scanner can also used to scan the malware in the posts.</p>
253
- </li>
254
- </ul>
255
- </div>';
256
-
257
-
258
- $scanner = '<div class="modal-body-div"><p class="modal-body-para">Malware scanner detects the malicious code in the files. Compares the wordpress, plugins and theme files with Wordpress repo files. Detects changes present in any wordpress, theme and plugin files. It also checks outdated/vulnerable plugins, themes. It is also useful to detect malware in posts and comments.</p></div>
259
- <div style="margin:1em;">
260
- <ul>
261
- <li>
262
- <p class="modal-body-para"><b>1. <u>Malware scan:</u></b> Malware scan scans the wordpress core files, plugins and theme files to check malware. It detects the trojans, backdoors, viruses, worms, etc. in the files. </p>
263
- </li>
264
- <li>
265
- <p class="modal-body-para"><b>2. <u>Wordpress version and file compare:</u></b> Checks WordPress, plugins and themes version with Wordpress.org repository and compare WordPress core, plugins and themes files with the repository to detect any file changes. Detect any changes in the files present in the WordPress plugins and themes folder.</p>
266
- </li>
267
- <li>
268
- <p class="modal-body-para"><b>3. <u>Check vulnerable plugins and themes:</u></b> Checks vulnerable plugins and themes which contains malicious code. You can remove it to enhance your site security.</p>
269
- </li>
270
- </ul>
271
- </div>';
272
-
273
- $support_modal = '<div>
274
-
275
- <div style="width: unset; float: unset; margin: 10px 20%;" class="mo_wpns_support_layout_model">
276
-
277
- <img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/support3.png">
278
- <h1>Support</h1>
279
- <p>Need any help? We are available any time, Just send us a query so we can help you.</p>
280
- <form name="f" method="post" action="">
281
- <input type="hidden" name="option" value="mo_wpns_send_query"/>
282
- <table class="mo_wpns_settings_table">
283
- <tr><td>
284
- <input type="email" class="mo_wpns_table_textbox" id="query_email" name="query_email" value="'.$email.'" placeholder="Enter your email" required />
285
- </td>
286
- </tr>
287
- <tr><td>
288
- <input type="text" class="mo_wpns_table_textbox" name="query_phone" id="query_phone" value="'.$phone.'" placeholder="Enter your phone"/>
289
- </td>
290
- </tr>
291
- <tr>
292
- <td>
293
- <textarea id="query" name="query" class="mo_wpns_settings_textarea" style="resize: vertical;width:100%" cols="52" rows="7" onkeyup="mo_wpns_valid(this)" onblur="mo_wpns_valid(this)" onkeypress="mo_wpns_valid(this)" placeholder="Write your query here"></textarea>
294
- </td>
295
- </tr>
296
- </table>
297
- <input type="submit" name="send_query" id="send_query" value="Submit Query" class="mo_wpns_button mo_wpns_button1" />
298
- </form>
299
- <br />
300
- </div>
301
- </div>
302
- <script>
303
- function moSharingSizeValidate(e){
304
- var t=parseInt(e.value.trim());t>60?e.value=60:10>t&&(e.value=10)
305
- }
306
- function moSharingSpaceValidate(e){
307
- var t=parseInt(e.value.trim());t>50?e.value=50:0>t&&(e.value=0)
308
- }
309
- function moLoginSizeValidate(e){
310
- var t=parseInt(e.value.trim());t>60?e.value=60:20>t&&(e.value=20)
311
- }
312
- function moLoginSpaceValidate(e){
313
- var t=parseInt(e.value.trim());t>60?e.value=60:0>t&&(e.value=0)
314
- }
315
- function moLoginWidthValidate(e){
316
- var t=parseInt(e.value.trim());t>1000?e.value=1000:140>t&&(e.value=140)
317
- }
318
- function moLoginHeightValidate(e){
319
- var t=parseInt(e.value.trim());t>50?e.value=50:35>t&&(e.value=35)
320
- }
321
- </script>';
322
-
323
-
324
- $ecommerce_site = array(array('Web Application Firewall(WAF)', $waf_body_ecommerce.$waf_body.$waf_arr_ecc), array('Login Security', $login_security_ecommerce.$login_security_body.$registration_security_ecommerce.$registration_security), array('Media Protection', $media_body), array('Encrypted Backup', $backup_ecommerce.$backup_body.$backup_body_1.$backup_body_4), array('Comment and Spam Protection', $comment_ecommerce.$comment_spam), array('Malware Scanner', $scanner), array('Support', $support_modal));
325
-
326
- $business_site = array(array('Web Application Firewall(WAF)', $waf_body_business.$waf_body.$waf_arr_busi), array('Encrypted Backup', $backup_business.$backup_body.$backup_body_2.$backup_body_4), array('Comment and Spam Protection', $comment_business.$comment_spam), array('Login Security', $login_security_business.$login_security_body.$registration_security_business.$registration_security), array('Malware Scanner', $scanner), array('Support', $support_modal));
327
-
328
- $blog_site = array(array('Web Application Firewall(WAF)', $waf_body_blog.$waf_body.$waf_arr_blog), array('Comment and Spam Protection', $comment_blog.$comment_spam), array('Login Security', $login_security_blog.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_3.$backup_body_4), array('Malware Scanner', $scanner), array('Support', $support_modal));
329
-
330
- $other_site = array(array('Web Application Firewall(WAF)', $waf_body_other.$waf_body.$waf_arr_other), array('Comment and Spam Protection', $comment_other.$comment_spam), array('Login Security', $login_security_other.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_4), array('Media Protection', $media_body_1), array('Malware Scanner', $scanner), array('Support', $support_modal));
331
-
332
- $main_pointer = array('Main' => array('Let\'s get Started', $tour_body), 'Ecommerce' => $ecommerce_site, 'Business' => $business_site, 'Blogs/News' => $blog_site, 'Other' => $other_site);
333
-
334
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'tour-model.php';
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+ $current_user = wp_get_current_user();
5
+ $email = get_option("mo2f_email");
6
+ $phone = get_option("mo_wpns_admin_phone");
7
+ $display = get_option('mo2f_tour_started') == 2?'block':'none';
8
+ $networkSEnable = MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option');
9
+ if(empty($email))
10
+ $email = $current_user->user_email;
11
+ $counter = 0;
12
+ $enableTour = $networkSEnable == 1 ? '' : 'disabled';
13
+ $tour_body = '<p class="modal-body-para">Hey, Thank you for installing <b style="color: #E85700">miniOrange 2-Factor plugin</b>.</p>
14
+ <p class="modal-body-para">Two-factor will provide extra layer of security to your users account which will help to protect your users accounts from any outside attack.</p>';
15
+ if($networkSEnable != 1)
16
+ {
17
+ $tour_body .= '<div style="margin-left:37.5%;margin-right:37.5%;">';
18
+ }
19
+
20
+ $tour_body .= '<table style="width: 100%; text-align: center; table-layout: fixed; font-size: medium;">
21
+ <div class="mo2f_hiddenradio">
22
+ <tr>
23
+
24
+ <td style="border: 1px solid black;" id="2fa">
25
+ <label>
26
+ <input type="radio" name="mo2f_two_factor" value="2fa" checked style="display:none">
27
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/google-authenticator.png">
28
+ </label>
29
+ </td>';
30
+ if($networkSEnable == 1)
31
+ {
32
+ $tour_body .= '<td style="border: 1px solid black;" id="waf">
33
+ <label >
34
+ <input type="radio" name="mo2f_two_factor" value="waf" style="display:none" '.$enableTour.'>
35
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/mo-waf-logo.png">
36
+ </label>
37
+ </td>
38
+
39
+ <td style="border: 1px solid black;" id="login">
40
+ <label >
41
+ <input type="radio" name="mo2f_two_factor" value="login" style="display:none"'.$enableTour.'>
42
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-protection-logo.png">
43
+ </label>
44
+ </td>
45
+
46
+ <td style="border: 1px solid black;" id="backup">
47
+ <label>
48
+ <input type="radio" name="mo2f_two_factor" value="backup" style="display:none"'.$enableTour.'>
49
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/database-backup-logo.png">
50
+ </label>
51
+ </td>
52
+
53
+ <td style="border: 1px solid black;" id="malware">
54
+ <label >
55
+ <input type="radio" name="mo2f_two_factor" value="malware" style="display:none"'.$enableTour.'>
56
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/malware-scanner-logo.png">
57
+ </label>
58
+ </td>';
59
+ }
60
+ $tour_body .= '</tr>
61
+ <tr>
62
+ <th>
63
+ Two-factor authentication
64
+ </th>';
65
+
66
+ if($networkSEnable == 1)
67
+ {
68
+
69
+ $tour_body .= '<th>
70
+ Web Application Firewall(WAF)
71
+ </th>
72
+
73
+ <th>
74
+ Login Protection
75
+ </th>
76
+
77
+ <th>
78
+ Database Backup
79
+ </th>
80
+
81
+ <th>
82
+ Malware scanner
83
+ </th>';
84
+ }
85
+
86
+ $tour_body .= '</tr>
87
+ </div>
88
+ </table>';
89
+ if($networkSEnable != 1)
90
+ {
91
+ $tour_body .= '</div>';
92
+ }
93
+
94
+ $waf_arr_ecc = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It includes very sensitive data such as user details, credit/debit card or bank details. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping, price scraping are also some scraping techniques which are used to degrade/destroy media files and change the price of products.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business. <div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
95
+
96
+ $waf_arr_busi = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It may include company privileged data, admin users data which will affect on the business. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Price scraping is part of web scraping which is used to change prices of the products which affects a lot on business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
97
+
98
+ $waf_arr_blog = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation. The data may include user details, privileged data, privileged blogs, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping can be done in the blog/news site which alter, degrade or destroy media files.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations. Content modification may mislead to blog/news site subscriber. It can be used to spread fake/malicious imformation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
99
+
100
+ $waf_arr_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business. </div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
101
+
102
+ $waf_body_ecommerce = '<div class="modal-body-div">
103
+ <p class="modal-body-para" style="margin: 0;">Ecommerce sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
104
+ $waf_body_business = '<div class="modal-body-div">
105
+ <p class="modal-body-para" style="margin: 0;">Business sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
106
+ $waf_body_blog = '<div class="modal-body-div">
107
+ <p class="modal-body-para" style="margin: 0;">Blogs/News sites are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
108
+ $waf_body_other = '<div class="modal-body-div">
109
+ <p class="modal-body-para" style="margin: 0;">Other sites such as employment, portfolio, multilingual, etc are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
110
+
111
+ $waf_body = '<div style="width:100%; display:inline-flex; margin-left: 20px;">
112
+ <div style="width:50%;font-size: medium;">1: <b>Data theft and manipulation</b></div>
113
+ <div style="width:50%;font-size: medium;">2: <b>Web Scraping</b></div></div>
114
+ <div style="width:100%; display:inline-flex; margin-left: 20px;">
115
+ <div style="width:50%;font-size: medium;">3: <b>File manipulation</b></div>
116
+ <div style="width:50%;font-size: medium;">4: <b>Content modification</b></div></div>
117
+ </div>';
118
+
119
+ $registration_security_ecommerce = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Ecommerce sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
120
+ $registration_security_business = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Business sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
121
+
122
+ $registration_security_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> The sites such as employment, social networking, etc. need to prevent fake user registrations. The user will spam other users and share private data of others.';
123
+
124
+ $registration_security = '<div style="margin:1em;"><ul>
125
+ <li>
126
+ <p class="modal-body-para" style="margin: 0;">1. Temporary/Fake email ban</p>
127
+ </li>
128
+ <li>
129
+ <p class="modal-body-para" style="margin: 0;">2. OTP Verification during registrations</p>
130
+ </li>
131
+ <li>
132
+ <p class="modal-body-para" style="margin: 0;">3. Social login</p>
133
+ </li>
134
+ </ul>
135
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-13" onclick="open_hide(this);">+</a></div></div>';
136
+
137
+ $login_security_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites should have strong login security to prevent unauthorised access.</p></div>';
138
+ $login_security_business = '<div class="modal-body-div"><p class="modal-body-para">Business sites should have strong login security to prevent unauthorised access.</p></div>';
139
+ $login_security_blog = '<div class="modal-body-div"><p class="modal-body-para">Blogs/News sites should have strong login security to prevent unauthorised access.</p></div>';
140
+ $login_security_other = '<div class="modal-body-div"><p class="modal-body-para">Other sites such as employment, portfolio, etc. should have strong login security to prevent unauthorised access.</p></div>';
141
+
142
+ $login_security_body = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-10" style="width: 98%; overflow:; height: ;line-height: 1.5;"><b><u>Limit Login:</u></b> Password guessing/Brute force attack can be controlled/prevented by limiting the login attempts. Paasword guessing can be protected by:
143
+ <div style="margin:1em;">
144
+ <ul>
145
+ <li>
146
+ <p class="modal-body-para">1. Limit Login attempts: 10 (<b>Recommended</b>)</p>
147
+ </li>
148
+ <li>
149
+ <p class="modal-body-para">2. Enforce Strong passwords</p>
150
+ </li>
151
+ </ul>
152
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-10" onclick="open_hide(this);">-</a></div></div>
153
+
154
+ <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-11" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>2-Factor:</u></b> 2-factor authentication is important to prevent unauthorised login. 2-factor authentication can be enabled on top of login credentials at the time of login. Google authenticator, Authy authenticator, Lastpass authenticator applications can be used to configure 2FA. miniOrange supports 15+ 2FA methods, it includes OTP over SMS, Email, Security Questions, QR code authentication, push notification, Hardware Token, etc. 2FA can enabled to:
155
+ <div style="margin:1em;">
156
+ <ul>
157
+ <li>
158
+ <p class="modal-body-para">1. Enable 2FA for employees (<b>Recommended</b>)</p>
159
+ </li>
160
+ <li>
161
+ <p class="modal-body-para">2. Enable 2FA for users</p>
162
+ </li>
163
+ <li>
164
+ <p class="modal-body-para">3. Backup methods in case of emergency login</p>
165
+ </li>
166
+ </ul>
167
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-11" onclick="open_hide(this);">+</a></div></div>
168
+ <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-12" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Remember device:</u></b> Remember device allows user to login from trusted devices. It keeps safe from unauthorised users who tries to gain access. It improves your login security by allowing you to login from limited and trusted deivces.
169
+ <div style="margin:1em;">
170
+ <ul>
171
+ <li>
172
+ <p class="modal-body-para">1. Allows multiple trusted devices</p>
173
+ </li>
174
+ <li>
175
+ <p class="modal-body-para">2. Limit no. of trusted devices</p>
176
+ </li>
177
+ <li>
178
+ <p class="modal-body-para">3. Block IP\'s of unauthorised users</p>
179
+ </li>
180
+ </ul>
181
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-12" onclick="open_hide(this);">+</a></div></div>';
182
+
183
+
184
+ $media_body = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites are often attacked to degrade and destroy media files such as images of product, audios and videos about products. You need to secure your media data. Media protection is important because the users of ecommerce site buy product by viewing the media of products. The broad word media scraping can be used for these types attacks.</p>
185
+ <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
186
+ <div class="modal-body-div">The Media protection prevents media files listed below:</div>
187
+ </div>
188
+ <div style="margin:1em;">
189
+ <ul>
190
+ <li>
191
+ <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
192
+ </li>
193
+ <li>
194
+ <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
195
+ </li>
196
+ </ul>
197
+ </div>';
198
+
199
+ $media_body_1 = '<div class="modal-body-div"><p class="modal-body-para">Some sites such as Photo Gallery or other site which contains media files are often attacked to degrade and destroy media files. You need to secure your media data. Media protection is important because the these sites are totally based on media files.</p>
200
+ <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
201
+ <div class="modal-body-div">The Media protection prevents media files listed below:</div>
202
+ </div>
203
+ <div style="margin:1em;">
204
+ <ul>
205
+ <li>
206
+ <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
207
+ </li>
208
+ <li>
209
+ <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
210
+ </li>
211
+ </ul>
212
+ </div>';
213
+
214
+ $backup_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any e-commerce site. The ecommerce sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
215
+ $backup_business = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Business site. The business sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
216
+ $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Blog/News site. These sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
217
+ $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any site such as social networking, employment, etc. There are several attacks happens on these sites to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
218
+
219
+
220
+ $backup_body = '<div class="modal-body-div">
221
+ <ul>
222
+ <li>
223
+ <p class="modal-body-para"><b>1. <u>Scheduled backup:</u></b> Scheduled backup used to create automatic backup after scheduled time. It allows you to relax because you know that all of your information is being backed up, and you are limiting what you may lose. Using this feature you can set a time interval to create a continuous backup. ';
224
+ $backup_body_1 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">Set scheduled backup time 1/2 hr for ecommerce site.</span></div>';
225
+ $backup_body_2 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 12 hrs time interval.</span></div>';
226
+ $backup_body_3 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 4-5 hrs time interval.</span></div>';
227
+ $backup_body_4 = '</p>
228
+ </li>
229
+ <li>
230
+ <p class="modal-body-para"><b>2. <u>Manual backup:</u></b> Manual backup can be taken manually whenever user wants. It is important when you made any crucial changes and don\'t want to loose data then you can immediately take a backup and keep it securely.</p>
231
+ </li>
232
+ <li>
233
+ <p class="modal-body-para"><b>3. <u>Password protected encrypted backup:</u></b> Password protected encrypted backup is very secure way to take a backup. If anyone gets it still no one can decode it because of its highly secure nature.</p>
234
+ </li>
235
+ <li>
236
+ <p class="modal-body-para"><b>4. <u>Easy restoring and recovering:</u></b> Simple one-click restore using installer files created for your website. During backup, we create an installer.php file. At the time of restore and recovery, you just need to upload the zip file of backup and installer.php and run the installer file and follow instructions to set up your website.</p>
237
+ </li>
238
+ </ul>
239
+ </div>';
240
+
241
+ $comment_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce websites are attacked to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
242
+ $comment_business = '<div class="modal-body-div"><p class="modal-body-para">Business websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
243
+ $comment_blog = '<div class="modal-body-div"><p class="modal-body-para">Blog/News websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
244
+ $comment_other = '<div class="modal-body-div"><p class="modal-body-para">Other websites such as employment, multilingual, etc. are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
245
+
246
+ $comment_spam = '<div style="margin:1em;">
247
+ <ul>
248
+ <li>
249
+ <p class="modal-body-para"><b>1. <u>Comment protection:</u></b> Spam comments generated by automated scripts can be prevented using captcha. Honeypot is another widely used technique to catch bots and block them.</p>
250
+ </li>
251
+ <li>
252
+ <p class="modal-body-para"><b>2. <u>Post protection:</u></b> Automated scripts or botnets can prevented by using captcha. There are three forms of captcha availble text, math and google recaptcha. Honeypot is also another way to detect spam posts. Malware scanner can also used to scan the malware in the posts.</p>
253
+ </li>
254
+ </ul>
255
+ </div>';
256
+
257
+
258
+ $scanner = '<div class="modal-body-div"><p class="modal-body-para">Malware scanner detects the malicious code in the files. Compares the wordpress, plugins and theme files with Wordpress repo files. Detects changes present in any wordpress, theme and plugin files. It also checks outdated/vulnerable plugins, themes. It is also useful to detect malware in posts and comments.</p></div>
259
+ <div style="margin:1em;">
260
+ <ul>
261
+ <li>
262
+ <p class="modal-body-para"><b>1. <u>Malware scan:</u></b> Malware scan scans the wordpress core files, plugins and theme files to check malware. It detects the trojans, backdoors, viruses, worms, etc. in the files. </p>
263
+ </li>
264
+ <li>
265
+ <p class="modal-body-para"><b>2. <u>Wordpress version and file compare:</u></b> Checks WordPress, plugins and themes version with Wordpress.org repository and compare WordPress core, plugins and themes files with the repository to detect any file changes. Detect any changes in the files present in the WordPress plugins and themes folder.</p>
266
+ </li>
267
+ <li>
268
+ <p class="modal-body-para"><b>3. <u>Check vulnerable plugins and themes:</u></b> Checks vulnerable plugins and themes which contains malicious code. You can remove it to enhance your site security.</p>
269
+ </li>
270
+ </ul>
271
+ </div>';
272
+
273
+ $support_modal = '<div>
274
+
275
+ <div style="width: unset; float: unset; margin: 10px 20%;" class="mo_wpns_support_layout_model">
276
+
277
+ <img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/support3.png">
278
+ <h1>Support</h1>
279
+ <p>Need any help? We are available any time, Just send us a query so we can help you.</p>
280
+ <form name="f" method="post" action="">
281
+ <input type="hidden" name="option" value="mo_wpns_send_query"/>
282
+ <table class="mo_wpns_settings_table">
283
+ <tr><td>
284
+ <input type="email" class="mo_wpns_table_textbox" id="query_email" name="query_email" value="'.$email.'" placeholder="Enter your email" required />
285
+ </td>
286
+ </tr>
287
+ <tr><td>
288
+ <input type="text" class="mo_wpns_table_textbox" name="query_phone" id="query_phone" value="'.$phone.'" placeholder="Enter your phone"/>
289
+ </td>
290
+ </tr>
291
+ <tr>
292
+ <td>
293
+ <textarea id="query" name="query" class="mo_wpns_settings_textarea" style="resize: vertical;width:100%" cols="52" rows="7" onkeyup="mo_wpns_valid(this)" onblur="mo_wpns_valid(this)" onkeypress="mo_wpns_valid(this)" placeholder="Write your query here"></textarea>
294
+ </td>
295
+ </tr>
296
+ </table>
297
+ <input type="submit" name="send_query" id="send_query" value="Submit Query" class="mo_wpns_button mo_wpns_button1" />
298
+ </form>
299
+ <br />
300
+ </div>
301
+ </div>
302
+ <script>
303
+ function moSharingSizeValidate(e){
304
+ var t=parseInt(e.value.trim());t>60?e.value=60:10>t&&(e.value=10)
305
+ }
306
+ function moSharingSpaceValidate(e){
307
+ var t=parseInt(e.value.trim());t>50?e.value=50:0>t&&(e.value=0)
308
+ }
309
+ function moLoginSizeValidate(e){
310
+ var t=parseInt(e.value.trim());t>60?e.value=60:20>t&&(e.value=20)
311
+ }
312
+ function moLoginSpaceValidate(e){
313
+ var t=parseInt(e.value.trim());t>60?e.value=60:0>t&&(e.value=0)
314
+ }
315
+ function moLoginWidthValidate(e){
316
+ var t=parseInt(e.value.trim());t>1000?e.value=1000:140>t&&(e.value=140)
317
+ }
318
+ function moLoginHeightValidate(e){
319
+ var t=parseInt(e.value.trim());t>50?e.value=50:35>t&&(e.value=35)
320
+ }
321
+ </script>';
322
+
323
+
324
+ $ecommerce_site = array(array('Web Application Firewall(WAF)', $waf_body_ecommerce.$waf_body.$waf_arr_ecc), array('Login Security', $login_security_ecommerce.$login_security_body.$registration_security_ecommerce.$registration_security), array('Media Protection', $media_body), array('Encrypted Backup', $backup_ecommerce.$backup_body.$backup_body_1.$backup_body_4), array('Comment and Spam Protection', $comment_ecommerce.$comment_spam), array('Malware Scanner', $scanner), array('Support', $support_modal));
325
+
326
+ $business_site = array(array('Web Application Firewall(WAF)', $waf_body_business.$waf_body.$waf_arr_busi), array('Encrypted Backup', $backup_business.$backup_body.$backup_body_2.$backup_body_4), array('Comment and Spam Protection', $comment_business.$comment_spam), array('Login Security', $login_security_business.$login_security_body.$registration_security_business.$registration_security), array('Malware Scanner', $scanner), array('Support', $support_modal));
327
+
328
+ $blog_site = array(array('Web Application Firewall(WAF)', $waf_body_blog.$waf_body.$waf_arr_blog), array('Comment and Spam Protection', $comment_blog.$comment_spam), array('Login Security', $login_security_blog.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_3.$backup_body_4), array('Malware Scanner', $scanner), array('Support', $support_modal));
329
+
330
+ $other_site = array(array('Web Application Firewall(WAF)', $waf_body_other.$waf_body.$waf_arr_other), array('Comment and Spam Protection', $comment_other.$comment_spam), array('Login Security', $login_security_other.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_4), array('Media Protection', $media_body_1), array('Malware Scanner', $scanner), array('Support', $support_modal));
331
+
332
+ $main_pointer = array('Main' => array('Let\'s get Started', $tour_body), 'Ecommerce' => $ecommerce_site, 'Business' => $business_site, 'Blogs/News' => $blog_site, 'Other' => $other_site);
333
+
334
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'tour-model.php';
controllers/tour/tour_ajax.php CHANGED
@@ -11,7 +11,7 @@ class Mo_wpns_Tour
11
  {
12
  switch ($_REQUEST['page']) {
13
  case 'mo_2fa_two_fa':
14
- if(!get_option('mo2f_two_factor_tour'))
15
  update_option('mo2f_two_factor_tour',1);
16
 
17
  break;
11
  {
12
  switch ($_REQUEST['page']) {
13
  case 'mo_2fa_two_fa':
14
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
  update_option('mo2f_two_factor_tour',1);
16
 
17
  break;
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -51,13 +51,21 @@ function redirect_user_to( $user, $redirect_to ) {
51
  $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
52
  if ( $current_role == 'administrator' ) {
53
  $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
54
- wp_redirect( $redirectUrl );
55
  } else {
56
  $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
57
- wp_redirect( $redirectUrl );
58
  }
 
 
 
 
 
 
 
 
 
59
  }
60
 
 
61
  // used in shortcode addon
62
 
63
  function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
@@ -163,7 +171,7 @@ function mo2f_get_user_2ndfactor( $user ) {
163
  }
164
 
165
  function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
166
- $mo2f_forgotphone_enabled = get_option( 'mo2f_enable_forgotphone' );
167
  $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
168
  $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
169
  ?>
@@ -249,8 +257,7 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
249
 
250
  function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
251
  $mo_wpns_config = new MoWpnsHandler();
252
-
253
- $mo2f_login_option = get_option( 'mo2f_login_option' );
254
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
255
  ?>
256
  <html>
@@ -342,6 +349,48 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
342
  function mologinback() {
343
  jQuery('#mo2f_backto_mo_loginform').submit();
344
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
345
  </script>
346
  </body>
347
 
@@ -353,9 +402,9 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
353
  $mo_wpns_config = new MoWpnsHandler();
354
 
355
  global $Mo2fdbQueries,$txid;
356
- $mo2f_enable_forgotphone = get_option( 'mo2f_enable_forgotphone' );
357
  $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
358
- $mo2f_is_new_customer = get_option( 'mo2f_is_NC' );
359
  $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
360
  if(!MO2F_IS_ONPREM)
361
  $mo2f_EV_txid = $_SESSION['mo2f_transactionId'];
@@ -478,8 +527,9 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
478
  var timeout;
479
  var login_status = '<?php echo $login_status;?>';
480
  var calls = 0;
481
-
482
- if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS")
 
483
  {
484
  pollPushValidation();
485
  function pollPushValidation()
@@ -565,9 +615,9 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
565
  }
566
 
567
  function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
568
- $mo2f_enable_forgotphone = get_option( 'mo2f_enable_forgotphone' );
569
  $mo_wpns_config = new MoWpnsHandler();
570
- $mo2f_is_new_customer = get_option( 'mo2f_is_NC' );
571
  ?>
572
  <html>
573
  <head>
@@ -712,10 +762,10 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
712
  <?php
713
  }
714
 
715
- function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id ) {
716
- $mo2f_enable_forgotphone = get_option( 'mo2f_enable_forgotphone' );
717
  $mo_wpns_config = new MoWpnsHandler();
718
- $mo2f_is_new_customer = get_option( 'mo2f_is_NC' );
719
  $attempts = get_option('mo2f_attempts_before_redirect', 3);
720
  ?>
721
  <html>
@@ -765,6 +815,17 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
765
  <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
766
  class="miniorange_otp_token_submit"
767
  value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
 
 
 
 
 
 
 
 
 
 
 
768
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
769
  <input type="hidden" name="miniorange_soft_token_nonce"
770
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
@@ -772,7 +833,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
772
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
773
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
774
  </form>
775
- <?php
776
  $Kbaset = get_user_meta( $user_id ,'Security Questions' );
777
  if ( ! $mo2f_is_new_customer ) { ?>
778
  <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
@@ -792,13 +853,24 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
792
  </div>
793
  </div>
794
  </div>
 
 
 
 
 
 
 
 
 
 
 
795
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
796
  class="mo2f_display_none_forms">
797
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
798
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
799
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
800
  </form>
801
- <?php if ( get_option( 'mo2f_enable_forgotphone' ) && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
802
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
803
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
804
  <input type="hidden" name="miniorange_forgotphone"
@@ -807,9 +879,14 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
807
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
808
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
809
  </form>
 
810
  <?php } ?>
811
 
812
  <script>
 
 
 
 
813
  function mologinback() {
814
  jQuery('#mo2f_backto_mo_loginform').submit();
815
  }
@@ -817,6 +894,41 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
817
  function mologinforgotphone() {
818
  jQuery('#mo2f_show_forgotphone_loginform').submit();
819
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
820
  </script>
821
  </body>
822
  </html>
@@ -901,14 +1013,14 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
901
  }
902
 
903
  function mo_check_device_confirm() {
904
- jQuery('#mo2f_device_content').hide();
905
- jQuery('#showLoadingBar').show();
906
  jQuery('#mo2f_trust_device_confirm_form').submit();
907
  }
908
 
909
  function mo_check_device_cancel() {
910
- jQuery('#mo2f_device_content').hide();
911
- jQuery('#showLoadingBar').show();
912
  jQuery('#mo2f_trust_device_cancel_form').submit();
913
  }
914
  </script>
51
  $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
52
  if ( $current_role == 'administrator' ) {
53
  $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
 
54
  } else {
55
  $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
 
56
  }
57
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
58
+ $redirect = array(
59
+ 'redirect' => $redirectUrl,
60
+ ) ;
61
+
62
+ wp_send_json_success($redirect);
63
+ }
64
+ else
65
+ wp_redirect( $redirectUrl );
66
  }
67
 
68
+
69
  // used in shortcode addon
70
 
71
  function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
171
  }
172
 
173
  function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
174
+ $mo2f_forgotphone_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
175
  $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
176
  $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
177
  ?>
257
 
258
  function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
259
  $mo_wpns_config = new MoWpnsHandler();
260
+ $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
 
261
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
262
  ?>
263
  <html>
349
  function mologinback() {
350
  jQuery('#mo2f_backto_mo_loginform').submit();
351
  }
352
+ var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
353
+ if(is_ajax){
354
+ jQuery('#mo2f_answer_1').keypress(function (e) {
355
+ if (e.which == 13) {//Enter key pressed
356
+ e.preventDefault();
357
+ mo2f_kba_ajax();
358
+ }
359
+ });
360
+ jQuery('#mo2f_answer_2').keypress(function (e) {
361
+ if (e.which == 13) {//Enter key pressed
362
+ e.preventDefault();
363
+ mo2f_kba_ajax();
364
+ }
365
+ });
366
+ jQuery("#miniorange_kba_validate").click(function(e){
367
+ e.preventDefault();
368
+ mo2f_kba_ajax();
369
+ });
370
+
371
+ function mo2f_kba_ajax(){
372
+ jQuery('#mo2f_answer_1').prop('disabled','true');
373
+ jQuery('#mo2f_answer_2').prop('disabled','true');
374
+ jQuery('#miniorange_kba_validate').prop('disabled','true');
375
+ var data = {
376
+ "action" : "mo2f_ajax",
377
+ "mo2f_ajax_option" : "mo2f_ajax_kba",
378
+ "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
379
+ "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
380
+ "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
381
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
382
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
383
+ "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
384
+ };
385
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
386
+ if ( typeof response.data === "undefined") {
387
+ jQuery("html").html(response);
388
+ }
389
+ else
390
+ location.href = response.data.redirect;
391
+ });
392
+ }
393
+ }
394
  </script>
395
  </body>
396
 
402
  $mo_wpns_config = new MoWpnsHandler();
403
 
404
  global $Mo2fdbQueries,$txid;
405
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
406
  $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
407
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
408
  $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
409
  if(!MO2F_IS_ONPREM)
410
  $mo2f_EV_txid = $_SESSION['mo2f_transactionId'];
527
  var timeout;
528
  var login_status = '<?php echo $login_status;?>';
529
  var calls = 0;
530
+ var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
531
+
532
+ if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
533
  {
534
  pollPushValidation();
535
  function pollPushValidation()
615
  }
616
 
617
  function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
618
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
619
  $mo_wpns_config = new MoWpnsHandler();
620
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
621
  ?>
622
  <html>
623
  <head>
762
  <?php
763
  }
764
 
765
+ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ) {
766
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
767
  $mo_wpns_config = new MoWpnsHandler();
768
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
769
  $attempts = get_option('mo2f_attempts_before_redirect', 3);
770
  ?>
771
  <html>
815
  <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
816
  class="miniorange_otp_token_submit"
817
  value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
818
+ <?php
819
+
820
+ if($show_back_button == 1)
821
+ {
822
+ ?>
823
+ <input type="button" name="miniorange_otp_token_back" id="miniorange_otp_token_back"
824
+ class="miniorange_otp_token_submit"
825
+ value="<?php echo mo2f_lt( 'Back' ); ?>"/>
826
+ <?php
827
+ }
828
+ ?>
829
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
830
  <input type="hidden" name="miniorange_soft_token_nonce"
831
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
833
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
834
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
835
  </form>
836
+ <?php
837
  $Kbaset = get_user_meta( $user_id ,'Security Questions' );
838
  if ( ! $mo2f_is_new_customer ) { ?>
839
  <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
853
  </div>
854
  </div>
855
  </div>
856
+
857
+ <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo wp_login_url(); ?>"
858
+ class="mo2f_display_none_forms">
859
+ <input type="hidden" name="miniorange_back_inline_reg_nonce"
860
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
861
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
862
+ <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
863
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
864
+
865
+ </form>
866
+
867
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
868
  class="mo2f_display_none_forms">
869
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
870
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
871
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
872
  </form>
873
+ <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
874
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
875
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
876
  <input type="hidden" name="miniorange_forgotphone"
879
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
880
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
881
  </form>
882
+
883
  <?php } ?>
884
 
885
  <script>
886
+ jQuery('#miniorange_otp_token_back').click(function(){
887
+ jQuery('#mo2f_backto_inline_registration').submit();
888
+ });
889
+
890
  function mologinback() {
891
  jQuery('#mo2f_backto_mo_loginform').submit();
892
  }
894
  function mologinforgotphone() {
895
  jQuery('#mo2f_show_forgotphone_loginform').submit();
896
  }
897
+ var is_ajax = '<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>';
898
+ if(is_ajax){
899
+ jQuery('#mo2fa_softtoken').keypress(function (e) {
900
+ if (e.which == 13) {//Enter key pressed
901
+ e.preventDefault();
902
+ mo2f_otp_ajax();
903
+ }
904
+ });
905
+ jQuery("#miniorange_otp_token_submit").click(function(e){
906
+ e.preventDefault();
907
+ mo2f_otp_ajax();
908
+ });
909
+
910
+ function mo2f_otp_ajax(){
911
+ jQuery('#mo2fa_softtoken').prop('disabled','true');
912
+ jQuery('#miniorange_otp_token_submit').prop('disabled','true');
913
+ var data = {
914
+ "action" : "mo2f_ajax",
915
+ "mo2f_ajax_option" : "mo2f_ajax_otp",
916
+ "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
917
+ "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
918
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
919
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
920
+ "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
921
+ };
922
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
923
+ if(typeof response.data === "undefined")
924
+ jQuery("html").html(response);
925
+ else if(response.data.reload)
926
+ location.reload( true );
927
+ else
928
+ location.href = response.data.redirect;
929
+ });
930
+ }
931
+ }
932
  </script>
933
  </body>
934
  </html>
1013
  }
1014
 
1015
  function mo_check_device_confirm() {
1016
+ jQuery('#mo2f_device_content').css("display", "none");
1017
+ jQuery('#showLoadingBar').css("display", "block");
1018
  jQuery('#mo2f_trust_device_confirm_form').submit();
1019
  }
1020
 
1021
  function mo_check_device_cancel() {
1022
+ jQuery('#mo2f_device_content').css("display", "none");
1023
+ jQuery('#showLoadingBar').css("display", "block");
1024
  jQuery('#mo2f_trust_device_cancel_form').submit();
1025
  }
1026
  </script>
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -170,15 +170,13 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
170
  </label>
171
  <br>
172
  </span>
173
- <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_hide"; }?>">
174
  <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
175
  <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
176
  <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
177
  </label>
178
  </span>
179
- <?php //if(isset($login_message) && !empty($login_message)){ ?>
180
  <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
181
- <?php//} ?>
182
  <br />
183
  <?php mo2f_customize_logo() ?>
184
  </div>
@@ -195,7 +193,7 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
195
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
196
  <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
197
  </form>
198
- <!-- --><?php //if(isset($login_message) && !empty($login_message)){ ?>
199
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
200
  <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
201
  <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
@@ -203,8 +201,7 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
203
  <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
204
 
205
  </form>
206
- <!-- --><?php //} ?>
207
- </body>
208
  <script>
209
  function mologinback(){
210
  jQuery('#mo2f_backto_mo_loginform').submit();
@@ -219,6 +216,7 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
219
  jQuery('#mo2f_skip_loginform').submit();
220
  });
221
  </script>
 
222
  </html>
223
  <?php
224
  }
@@ -340,7 +338,7 @@ function mo2f_inline_email_form($email,$current_user_id)
340
  <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
341
  </form>
342
  <?php } ?>
343
- </body>
344
  <script type="text/javascript">
345
  jQuery('#save_entered_email_inlinecloud1').click(function(){
346
  var email = jQuery('#emailInlineCloud').val();
@@ -373,6 +371,7 @@ function mo2f_inline_email_form($email,$current_user_id)
373
 
374
 
375
  </script>
 
376
 
377
  <?php
378
  }
@@ -625,7 +624,7 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
625
  <input type="hidden" name="google_phone_type" />
626
  <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
627
  </form>
628
- </body>
629
  <script>
630
  jQuery('#authenticator_type').change(function(){
631
  var auth_type = jQuery(this).val();
@@ -675,6 +674,7 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
675
  jQuery("#mo2f_scanbarcode_a").toggle();
676
  });
677
  </script>
 
678
  <?php
679
  echo '<head>';
680
  echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
@@ -827,7 +827,7 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
827
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
828
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
829
  </form>
830
- </body>
831
  <script>
832
 
833
 
@@ -843,6 +843,7 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
843
  jQuery('#mo2f_goto_two_factor_form').submit();
844
  }
845
  </script>
 
846
  </html>
847
  <?php
848
  }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message){
@@ -940,7 +941,7 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
940
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
941
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
942
  </form>
943
- </body>
944
  <script>
945
  jQuery('#mo2f_inline_back_btn').click(function() {
946
  jQuery('#mo2f_goto_two_factor_form').submit();
@@ -957,6 +958,7 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
957
  jQuery('#mo2f_backto_mo_loginform').submit();
958
  }
959
  </script>
 
960
  </html>
961
  <?php
962
  }
@@ -1073,12 +1075,13 @@ function prompt_user_for_setup_success($id, $login_status, $login_message){
1073
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1074
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1075
  </form>
1076
- </body>
1077
  <script>
1078
  function mologinback(){
1079
  jQuery('#mo2f_backto_mo_loginform').submit();
1080
  }
1081
  </script>
 
1082
  </html>
1083
  <?php
1084
  }
@@ -1205,7 +1208,6 @@ $current_user = get_userdata($current_user_id);
1205
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1206
  </form>
1207
  <?php } ?>
1208
- </body>
1209
  <script>
1210
  jQuery("#phone").intlTelInput();
1211
  function mologinback(){
@@ -1218,6 +1220,8 @@ $current_user = get_userdata($current_user_id);
1218
  jQuery('#mo2fa_inline_resend_otp_form').submit();
1219
  });
1220
  </script>
 
 
1221
  </html>
1222
  <?php
1223
  }
170
  </label>
171
  <br>
172
  </span>
173
+ <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
174
  <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
175
  <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
176
  <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
177
  </label>
178
  </span>
 
179
  <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
 
180
  <br />
181
  <?php mo2f_customize_logo() ?>
182
  </div>
193
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
194
  <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
195
  </form>
196
+
197
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
198
  <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
199
  <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
201
  <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
202
 
203
  </form>
204
+
 
205
  <script>
206
  function mologinback(){
207
  jQuery('#mo2f_backto_mo_loginform').submit();
216
  jQuery('#mo2f_skip_loginform').submit();
217
  });
218
  </script>
219
+ </body>
220
  </html>
221
  <?php
222
  }
338
  <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
339
  </form>
340
  <?php } ?>
341
+
342
  <script type="text/javascript">
343
  jQuery('#save_entered_email_inlinecloud1').click(function(){
344
  var email = jQuery('#emailInlineCloud').val();
371
 
372
 
373
  </script>
374
+ </body>
375
 
376
  <?php
377
  }
624
  <input type="hidden" name="google_phone_type" />
625
  <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
626
  </form>
627
+
628
  <script>
629
  jQuery('#authenticator_type').change(function(){
630
  var auth_type = jQuery(this).val();
674
  jQuery("#mo2f_scanbarcode_a").toggle();
675
  });
676
  </script>
677
+ </body>
678
  <?php
679
  echo '<head>';
680
  echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
827
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
828
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
829
  </form>
830
+
831
  <script>
832
 
833
 
843
  jQuery('#mo2f_goto_two_factor_form').submit();
844
  }
845
  </script>
846
+ </body>
847
  </html>
848
  <?php
849
  }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message){
941
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
942
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
943
  </form>
944
+
945
  <script>
946
  jQuery('#mo2f_inline_back_btn').click(function() {
947
  jQuery('#mo2f_goto_two_factor_form').submit();
958
  jQuery('#mo2f_backto_mo_loginform').submit();
959
  }
960
  </script>
961
+ </body>
962
  </html>
963
  <?php
964
  }
1075
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1076
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1077
  </form>
1078
+
1079
  <script>
1080
  function mologinback(){
1081
  jQuery('#mo2f_backto_mo_loginform').submit();
1082
  }
1083
  </script>
1084
+ </body>
1085
  </html>
1086
  <?php
1087
  }
1208
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1209
  </form>
1210
  <?php } ?>
 
1211
  <script>
1212
  jQuery("#phone").intlTelInput();
1213
  function mologinback(){
1220
  jQuery('#mo2fa_inline_resend_otp_form').submit();
1221
  });
1222
  </script>
1223
+ </body>
1224
+
1225
  </html>
1226
  <?php
1227
  }
controllers/twofa/setup_twofa.php CHANGED
@@ -3,6 +3,9 @@
3
  $email_registered = 1;
4
  global $Mo2fdbQueries;
5
  $email =$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', get_current_user_id() );
 
 
 
6
  if(isset($email))
7
  $email_registered = 1;
8
  else
@@ -23,7 +26,7 @@
23
 
24
  function wpns_handle_enable_2fa_login_prompt($postvalue)
25
  {
26
- if( get_option( 'mo2f_enable_2fa_prompt_on_login_page' ) == 1 )
27
  do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_ENABLED'),'SUCCESS');
28
  else{
29
  if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page'])){
3
  $email_registered = 1;
4
  global $Mo2fdbQueries;
5
  $email =$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', get_current_user_id() );
6
+ if($email == '' or !isset($email))
7
+ $email = wp_get_current_user()->user_email;
8
+
9
  if(isset($email))
10
  $email_registered = 1;
11
  else
26
 
27
  function wpns_handle_enable_2fa_login_prompt($postvalue)
28
  {
29
+ if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') == 1 )
30
  do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_ENABLED'),'SUCCESS');
31
  else{
32
  if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page'])){
controllers/twofa/two_fa_custom_form.php CHANGED
@@ -1,2 +1,9 @@
1
  <?php
2
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
 
 
 
 
 
 
 
1
  <?php
2
+
3
+ $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
+ $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
+ $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
+ $is_custom = get_site_option('mo2f_custom_reg_custom');
7
+ $is_registered = get_site_option('mo2f_customerkey');
8
+
9
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
controllers/twofa/two_fa_custom_login.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_login.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_login.php';
controllers/twofa/two_fa_unlimittedUser.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
- global $moWpnsUtility, $mo2f_dirName;
3
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
1
+ <?php
2
+ global $moWpnsUtility, $mo2f_dirName;
3
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
controllers/twofa/two_factor_ajax.php CHANGED
@@ -6,7 +6,7 @@ class mo_2f_ajax
6
  add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
  }
8
 
9
- function mo_2f_two_factor(){
10
  add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
  }
12
 
@@ -25,13 +25,95 @@ class mo_2f_ajax
25
  case 'mo2f_role_based_2_factor':
26
  $this->mo2f_role_based_2_factor();break;
27
  case 'mo2f_enable_disable_twofactor':
28
- $this->mo2f_enable_disable_twofactor(); break;
29
  case 'mo2f_enable_disable_inline':
30
  $this->mo2f_enable_disable_inline(); break;
31
  case 'mo2f_shift_to_onprem':
32
  $this->mo2f_shift_to_onprem();break;
 
 
 
33
  }
34
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
35
  function mo2f_check_user_exist_miniOrange()
36
  {
37
  $nonce = sanitize_text_field($_POST['nonce']);
@@ -54,16 +136,16 @@ class mo_2f_ajax
54
  $email = $user->user_email;
55
 
56
 
57
-
58
  if(isset($_POST['email']))
59
  {
60
  $email = sanitize_text_field($_POST['email']);
61
  }
62
-
63
  $enduser = new Two_Factor_Setup();
64
  $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
65
-
66
-
67
  if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
68
  echo "alreadyExist";
69
  exit;
@@ -83,7 +165,7 @@ function mo2f_shift_to_onprem(){
83
  $current_userID = $current_user->ID;
84
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
85
  if(is_null($miniorangeID) or $miniorangeID =='')
86
- $is_customer_admin = true;
87
  else
88
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
89
  if($is_customer_admin)
@@ -96,9 +178,9 @@ function mo2f_shift_to_onprem(){
96
  {
97
  $adminUser = get_user_by('id',$miniorangeID);
98
  $email = $adminUser->user_email;
99
- wp_send_json($email);
100
  }
101
-
102
  }
103
 
104
 
@@ -109,7 +191,6 @@ function mo2f_shift_to_onprem(){
109
  $error = new WP_Error();
110
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
111
 
112
- //return $error;
113
  }
114
 
115
  $enable = sanitize_text_field($_POST['mo2f_enable_2fa']);
@@ -119,7 +200,7 @@ function mo2f_shift_to_onprem(){
119
  }
120
  else{
121
  update_site_option('mo2f_activate_plugin' , false);
122
- wp_send_json('false');
123
  }
124
  }
125
 
@@ -136,7 +217,7 @@ function mo2f_shift_to_onprem(){
136
  }
137
  else{
138
  update_site_option('mo2f_inline_registration' , 0);
139
- wp_send_json('false');
140
  }
141
  }
142
 
@@ -159,7 +240,7 @@ function mo2f_shift_to_onprem(){
159
  $enabledrole = array();
160
  }
161
  foreach($enabledrole as $role){
162
- update_option($role, 1);
163
  }
164
  wp_send_json('true');
165
  return;
@@ -177,10 +258,10 @@ function mo2f_shift_to_onprem(){
177
  $current_userID = $current_user->ID;
178
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
179
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
180
-
181
  if(is_null($miniorangeID) or $miniorangeID =='')
182
  $is_customer_admin = true;
183
-
184
  if($is_customer_admin)
185
  {
186
  update_option('is_onprem', 0);
@@ -190,14 +271,14 @@ function mo2f_shift_to_onprem(){
190
  {
191
  $adminUser = get_user_by('id',$miniorangeID);
192
  $email = $adminUser->user_email;
193
- wp_send_json($email);
194
  }
195
-
196
  }
197
  }
198
 
199
  function mo2f_unlimitted_user()
200
- {
201
  if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
202
  {
203
  echo "NonceDidNotMatch";
@@ -224,13 +305,13 @@ function mo2f_shift_to_onprem(){
224
  else
225
  {
226
  echo "OnPremiseDeactive";
227
- exit;
228
  }
229
  }
230
  }
231
  function mo2f_save_email_verification()
232
- {
233
-
234
  if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
235
  {
236
  echo "NonceDidNotMatch";
@@ -247,25 +328,37 @@ function mo2f_shift_to_onprem(){
247
  {
248
  $twofactor_transactions = new Mo2fDB;
249
  $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
250
-
251
  if($exceeded){
252
  echo "USER_LIMIT_EXCEEDED";
253
  exit;
254
  }
255
  }
256
- if (!filter_var($email, FILTER_VALIDATE_EMAIL))
257
  {
258
  $error = true;
259
  }
260
  if($email!='' && !$error)
261
  {
262
  global $Mo2fdbQueries;
263
- $Mo2fdbQueries->update_user_details(get_current_user_id(),array(
 
 
264
  'mo2f_EmailVerification_config_status'=>true,
265
  'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
266
  'mo2f_configured_2FA_method'=>"Email Verification",
267
  'mo2f_user_email' => $email
268
- ));
 
 
 
 
 
 
 
 
 
 
269
  echo "settingsSaved";
270
  exit;
271
  }
@@ -276,14 +369,14 @@ function mo2f_shift_to_onprem(){
276
  }
277
 
278
  }
279
-
280
  }
281
  function CheckEVStatus()
282
  {
283
  if(isset($_POST['txid']))
284
  {
285
  $txid = sanitize_text_field($_POST['txid']);
286
- $status = get_site_option($_POST['txid']);
287
  if($status ==1 || $status ==0)
288
  delete_site_option($_POST['txid']);
289
  echo $status;
@@ -295,6 +388,6 @@ function mo2f_shift_to_onprem(){
295
 
296
 
297
  }
298
-
299
  new mo_2f_ajax;
300
  ?>
6
  add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
  }
8
 
9
+ function mo_2f_two_factor(){
10
  add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
  }
12
 
25
  case 'mo2f_role_based_2_factor':
26
  $this->mo2f_role_based_2_factor();break;
27
  case 'mo2f_enable_disable_twofactor':
28
+ $this->mo2f_enable_disable_twofactor(); break;
29
  case 'mo2f_enable_disable_inline':
30
  $this->mo2f_enable_disable_inline(); break;
31
  case 'mo2f_shift_to_onprem':
32
  $this->mo2f_shift_to_onprem();break;
33
+ case 'mo2f_save_custom_form_settings':
34
+ $this ->mo2f_save_custom_form_settings();
35
+ break;
36
  }
37
  }
38
+ function mo2f_save_custom_form_settings()
39
+ {
40
+
41
+ $customForm = false;
42
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_save_form_settings']);
43
+
44
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-save-form-settings' ) ) {
45
+ $error = new WP_Error();
46
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
47
+ //return $error;
48
+ }
49
+ if(isset($_POST['submit_selector']) and
50
+ isset($_POST['email_selector']) and
51
+ isset($_POST['authType']) and
52
+ isset($_POST['customForm']) and
53
+ isset($_POST['form_selector']) and
54
+
55
+ $_POST['submit_selector']!="" and
56
+ $_POST['email_selector']!="" and
57
+ $_POST['customForm']!="" and
58
+ $_POST['form_selector']!="")
59
+ {
60
+ $submit_selector = sanitize_text_field($_POST['submit_selector']);
61
+ $form_selector = sanitize_text_field($_POST['form_selector']);
62
+ $email_selector = sanitize_text_field($_POST['email_selector']);
63
+ $phone_selector = sanitize_text_field($_POST['phone_selector']);
64
+ $authType = sanitize_text_field($_POST['authType']);
65
+ $customForm = sanitize_text_field( $_POST['customForm']);
66
+ $enableShortcode = sanitize_text_field($_POST['enableShortcode']);
67
+
68
+ switch ($form_selector)
69
+ {
70
+ case '.bbp-login-form':
71
+ update_site_option('mo2f_custom_reg_bbpress',true);
72
+ update_site_option('mo2f_custom_reg_wocommerce',false);
73
+ update_site_option('mo2f_custom_reg_custom',false);
74
+ break;
75
+ case '.woocommerce-form woocommerce-form-register':
76
+ update_site_option('mo2f_custom_reg_bbpress',false);
77
+ update_site_option('mo2f_custom_reg_wocommerce',true);
78
+ update_site_option('mo2f_custom_reg_custom',false);
79
+ break;
80
+ default:
81
+ update_site_option('mo2f_custom_reg_bbpress',false);
82
+ update_site_option('mo2f_custom_reg_wocommerce',false);
83
+ update_site_option('mo2f_custom_reg_custom',true);
84
+ }
85
+
86
+ update_site_option('mo2f_custom_form_name', $form_selector);
87
+ update_site_option('mo2f_custom_email_selector', $email_selector);
88
+ update_site_option('mo2f_custom_phone_selector', $phone_selector);
89
+ update_site_option('mo2f_custom_submit_selector', $submit_selector);
90
+ update_site_option('mo2f_custom_auth_type', $authType);
91
+
92
+ update_site_option('enable_form_shortcode',$enableShortcode);
93
+ $saved = true;
94
+ }
95
+ else
96
+ {
97
+ $submit_selector = 'NA';
98
+ $form_selector = 'NA';
99
+ $email_selector = 'NA';
100
+ $authType ='NA';
101
+ $saved = false;
102
+ }
103
+ $return = array(
104
+ 'authType' => $authType,
105
+ 'submit' => $submit_selector,
106
+ 'emailSelector' => $email_selector,
107
+ 'phone_selector' => $phone_selector,
108
+ 'form' => $form_selector,
109
+ 'saved' => $saved,
110
+ 'customForm' => $customForm,
111
+ 'enableShortcode' => $enableShortcode
112
+ );
113
+
114
+ return wp_send_json($return);
115
+ }
116
+
117
  function mo2f_check_user_exist_miniOrange()
118
  {
119
  $nonce = sanitize_text_field($_POST['nonce']);
136
  $email = $user->user_email;
137
 
138
 
139
+
140
  if(isset($_POST['email']))
141
  {
142
  $email = sanitize_text_field($_POST['email']);
143
  }
144
+
145
  $enduser = new Two_Factor_Setup();
146
  $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
147
+
148
+
149
  if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
150
  echo "alreadyExist";
151
  exit;
165
  $current_userID = $current_user->ID;
166
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
167
  if(is_null($miniorangeID) or $miniorangeID =='')
168
+ $is_customer_admin = true;
169
  else
170
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
171
  if($is_customer_admin)
178
  {
179
  $adminUser = get_user_by('id',$miniorangeID);
180
  $email = $adminUser->user_email;
181
+ wp_send_json($email);
182
  }
183
+
184
  }
185
 
186
 
191
  $error = new WP_Error();
192
  $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
193
 
 
194
  }
195
 
196
  $enable = sanitize_text_field($_POST['mo2f_enable_2fa']);
200
  }
201
  else{
202
  update_site_option('mo2f_activate_plugin' , false);
203
+ wp_send_json('false');
204
  }
205
  }
206
 
217
  }
218
  else{
219
  update_site_option('mo2f_inline_registration' , 0);
220
+ wp_send_json('false');
221
  }
222
  }
223
 
240
  $enabledrole = array();
241
  }
242
  foreach($enabledrole as $role){
243
+ update_option($role, 1);
244
  }
245
  wp_send_json('true');
246
  return;
258
  $current_userID = $current_user->ID;
259
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
260
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
261
+
262
  if(is_null($miniorangeID) or $miniorangeID =='')
263
  $is_customer_admin = true;
264
+
265
  if($is_customer_admin)
266
  {
267
  update_option('is_onprem', 0);
271
  {
272
  $adminUser = get_user_by('id',$miniorangeID);
273
  $email = $adminUser->user_email;
274
+ wp_send_json($email);
275
  }
276
+
277
  }
278
  }
279
 
280
  function mo2f_unlimitted_user()
281
+ {
282
  if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
283
  {
284
  echo "NonceDidNotMatch";
305
  else
306
  {
307
  echo "OnPremiseDeactive";
308
+ exit;
309
  }
310
  }
311
  }
312
  function mo2f_save_email_verification()
313
+ {
314
+
315
  if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
316
  {
317
  echo "NonceDidNotMatch";
328
  {
329
  $twofactor_transactions = new Mo2fDB;
330
  $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
331
+
332
  if($exceeded){
333
  echo "USER_LIMIT_EXCEEDED";
334
  exit;
335
  }
336
  }
337
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL))
338
  {
339
  $error = true;
340
  }
341
  if($email!='' && !$error)
342
  {
343
  global $Mo2fdbQueries;
344
+ if($currentMethod == 'EmailVerification')
345
+ {
346
+ $Mo2fdbQueries->update_user_details(get_current_user_id(),array(
347
  'mo2f_EmailVerification_config_status'=>true,
348
  'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
349
  'mo2f_configured_2FA_method'=>"Email Verification",
350
  'mo2f_user_email' => $email
351
+ ));
352
+ }
353
+ else
354
+ {
355
+ $Mo2fdbQueries->update_user_details(get_current_user_id(),array(
356
+ 'mo2f_EmailVerification_config_status'=>true,
357
+ 'mo2f_user_email' => $email
358
+ ));
359
+
360
+ }
361
+ update_user_meta($user_id,'tempEmail',$email);
362
  echo "settingsSaved";
363
  exit;
364
  }
369
  }
370
 
371
  }
372
+
373
  }
374
  function CheckEVStatus()
375
  {
376
  if(isset($_POST['txid']))
377
  {
378
  $txid = sanitize_text_field($_POST['txid']);
379
+ $status = get_site_option($txid);
380
  if($status ==1 || $status ==0)
381
  delete_site_option($_POST['txid']);
382
  echo $status;
388
 
389
 
390
  }
391
+
392
  new mo_2f_ajax;
393
  ?>
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -9,6 +9,20 @@ class wpns_ajax
9
  function mo_login_security_ajax(){
10
 
11
  add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  }
13
 
14
  function wpns_login_security(){
@@ -37,6 +51,30 @@ class wpns_ajax
37
 
38
  }
39
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
  function wpns_logout_form()
41
  {
42
  global $moWpnsUtility;
9
  function mo_login_security_ajax(){
10
 
11
  add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
12
+ add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
13
+ add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
14
+ }
15
+
16
+ function mo2f_ajax(){
17
+ $GLOBALS['mo2f_is_ajax_request'] = true;
18
+ switch ($_POST['mo2f_ajax_option']) {
19
+ case "mo2f_ajax_kba":
20
+ $this->mo2f_ajax_kba();break;
21
+ case "mo2f_ajax_login":
22
+ $this->mo2f_ajax_login(); break;
23
+ case "mo2f_ajax_otp":
24
+ $this->mo2f_ajax_otp(); break;
25
+ }
26
  }
27
 
28
  function wpns_login_security(){
51
 
52
  }
53
  }
54
+
55
+
56
+ function mo2f_ajax_otp(){
57
+ $obj = new Miniorange_Password_2Factor_Login();
58
+ $obj->check_miniorange_soft_token($_POST);
59
+ }
60
+ function mo2f_ajax_kba(){
61
+ $obj = new Miniorange_Password_2Factor_Login();
62
+ $obj->check_kba_validation($_POST);
63
+ }
64
+ function mo2f_ajax_login()
65
+ {
66
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
67
+ {
68
+ wp_send_json("ERROR");
69
+ exit;
70
+ }
71
+ else
72
+ {
73
+ $username = sanitize_text_field($_POST['username']);
74
+ $password = sanitize_text_field($_POST['password'] );
75
+ apply_filters( 'authenticate', null, $username, $password );
76
+ }
77
+ }
78
  function wpns_logout_form()
79
  {
80
  global $moWpnsUtility;
database/database_functions.php CHANGED
@@ -1,814 +1,820 @@
1
- <?php
2
-
3
- require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
-
5
- class MoWpnsDB
6
- {
7
- private $transactionTable;
8
- private $blockedIPsTable;
9
- private $whitelistIPsTable;
10
- private $emailAuditTable;
11
- private $malwarereportTable;
12
- private $scanreportdetails;
13
- private $skipfiles;
14
- private $hashfile;
15
-
16
- function __construct()
17
- {
18
- global $wpdb;
19
- $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
- $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
- $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
- $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
- $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
- $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
- $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
- $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
- $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
- $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
- $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
- $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
- $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
- }
33
-
34
- function mo_plugin_activate()
35
- {
36
- global $wpdb;
37
- if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
- $this->generate_tables();
40
- } else {
41
- $current_db_version = get_option('mo_wpns_dbversion');
42
- if($current_db_version < MoWpnsConstants::DB_VERSION){
43
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
-
45
- }
46
- }
47
- }
48
-
49
- function generate_tables(){
50
- global $wpdb;
51
-
52
- $tableName = $this->transactionTable;
53
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
- {
55
- $sql = "CREATE TABLE " . $tableName . " (
56
- `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
- `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
- dbDelta($sql);
59
- }
60
-
61
- $tableName = $this->blockedIPsTable;
62
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
- {
64
- $sql = "CREATE TABLE " . $tableName . " (
65
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
- `created_timestamp` int, UNIQUE KEY id (id) );";
67
- dbDelta($sql);
68
- }
69
-
70
-
71
- $tableName = $this->whitelistIPsTable;
72
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
- {
74
- $sql = "CREATE TABLE " . $tableName . " (
75
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
- dbDelta($sql);
77
- }
78
-
79
- $tableName = $this->backupdetails;
80
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
- {
82
- $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
- `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
- dbDelta($sql);
85
- }
86
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
- if(is_null($result)){
88
- $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
- $results1 = $wpdb->query($sql);
90
- }
91
-
92
- $tableName = $this->emailAuditTable;
93
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
- {
95
- $sql = "CREATE TABLE " . $tableName . " (
96
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
- dbDelta($sql);
98
- }
99
- $tableName = $this->IPrateDetails;
100
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
- {
102
- $sql = "CREATE TABLE " . $tableName . " (
103
- ip varchar(20) , time bigint );";
104
- dbDelta($sql);
105
- }
106
-
107
- $tableName = $this->attackLogs;
108
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
- {
110
- $sql = "create table ". $tableName ." (
111
- ip varchar(20),
112
- type varchar(20),
113
- time bigint,
114
- input mediumtext );";
115
- //dbDelta($sql);
116
- $results = $wpdb->get_results($sql);
117
-
118
- }
119
- $tableName = $this->malwarereportTable;
120
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
- {
122
- $sql = "CREATE TABLE " . $tableName . " (
123
- `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
- dbDelta($sql);
125
- }
126
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
- if(is_null($result)){
128
- $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
- $results1 = $wpdb->query($sql);
130
- $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
- $resluts = $wpdb->query($sql1);
132
- }
133
-
134
- $tableName = $this->scanreportdetails;
135
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
136
- {
137
- $sql = "CREATE TABLE " . $tableName . " (
138
- `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
139
- dbDelta($sql);
140
- }
141
-
142
- $tableName = $this->skipfiles;
143
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
144
- {
145
- $sql = "CREATE TABLE " . $tableName . " (
146
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
147
- dbDelta($sql);
148
- }
149
-
150
- $tableName = $this->filescan;
151
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
152
- {
153
- $sql = "CREATE TABLE " . $tableName . " (
154
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
155
- dbDelta($sql);
156
- }
157
-
158
- $tableName = $this->hashfile;
159
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
160
- {
161
- $sql = "CREATE TABLE " . $tableName . " (
162
- `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
163
- dbDelta($sql);
164
- }
165
-
166
- $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
167
- $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
168
- $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
169
- if(empty($row1) && empty($row1) && empty($row1)){
170
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
171
- if($result){
172
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
173
- foreach ($report_ids as $key => $value) {
174
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
175
- $result = $this->mo_wpns_get_scan_count($scan_detail);
176
- $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
177
- }
178
- }
179
- }
180
- $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
181
- if(empty($rowhash)){
182
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
183
- }
184
- }
185
-
186
- function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
187
- global $wpdb;
188
- $wpdb->insert(
189
- $this->backupdetails,
190
- array(
191
- 'backup_id' =>$backup_id,
192
- 'file_name' =>$file_name,
193
- 'created_timestamp'=> $backup_created_timestamp,
194
- 'plugin_path' => $plugin_path
195
- ));
196
- }
197
-
198
- function get_table_content(){
199
- global $wpdb;
200
- return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
201
- }
202
-
203
- function get_number_of_plugin_backup(){
204
- global $wpdb;
205
-
206
- $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
207
- $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
208
- $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
209
- $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
210
- $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
211
- $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
212
-
213
- return $array;
214
- }
215
-
216
- function delete_file($id){
217
- global $wpdb;
218
- $wpdb->query(
219
- "DELETE FROM ".$this->backupdetails."
220
- WHERE id = ".$id
221
- );
222
- return;
223
- }
224
-
225
- function row_exist($id){
226
- global $wpdb;
227
- $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
228
- return $is_exist;
229
- }
230
-
231
- function get_ip_blocked_count($ipAddress)
232
- {
233
- global $wpdb;
234
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
235
- }
236
- function get_total_blocked_ips()
237
- {
238
- global $wpdb;
239
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
240
- }
241
- function get_total_manual_blocked_ips()
242
- {
243
- global $wpdb;
244
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
245
- }
246
- function get_total_blocked_ips_waf()
247
- {
248
- global $wpdb;
249
- $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
250
- return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
251
- }
252
- function get_blocked_attack_count($attack)
253
- {
254
- global $wpdb;
255
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
256
- }
257
-
258
- function get_count_of_blocked_ips(){
259
- global $wpdb;
260
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
261
- }
262
-
263
-
264
- function get_blocked_ip($entryid)
265
- {
266
- global $wpdb;
267
- return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
268
- }
269
-
270
- function get_blocked_ip_list()
271
- {
272
- global $wpdb;
273
- return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
274
- }
275
-
276
-
277
- function get_blocked_sqli_list()
278
- {
279
- global $wpdb;
280
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
281
- }
282
- function get_blocked_rfi_list()
283
- {
284
- global $wpdb;
285
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
286
- }
287
- function get_blocked_lfi_list()
288
- {
289
- global $wpdb;
290
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
291
- }
292
- function get_blocked_rce_list()
293
- {
294
- global $wpdb;
295
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
296
- }
297
- function get_blocked_xss_list()
298
- {
299
- global $wpdb;
300
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
301
- }
302
-
303
- function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
304
- {
305
- global $wpdb;
306
- $wpdb->insert(
307
- $this->blockedIPsTable,
308
- array(
309
- 'ip_address' => $ipAddress,
310
- 'reason' => $reason,
311
- 'blocked_for_time' => $blocked_for_time,
312
- 'created_timestamp' => current_time( 'timestamp' )
313
- )
314
- );
315
- return;
316
- }
317
-
318
- function delete_blocked_ip($entryid)
319
- {
320
- global $wpdb;
321
- $wpdb->query(
322
- "DELETE FROM ".$this->blockedIPsTable."
323
- WHERE id = ".$entryid
324
- );
325
- return;
326
- }
327
-
328
- function get_whitelisted_ip_count($ipAddress)
329
- {
330
- global $wpdb;
331
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
332
- }
333
-
334
- function insert_whitelisted_ip($ipAddress)
335
- {
336
- global $wpdb;
337
- $wpdb->insert(
338
- $this->whitelistIPsTable,
339
- array(
340
- 'ip_address' => $ipAddress,
341
- 'created_timestamp' => current_time( 'timestamp' )
342
- )
343
- );
344
- }
345
-
346
- function get_number_of_whitelisted_ips(){
347
- global $wpdb;
348
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
349
- }
350
-
351
- function delete_whitelisted_ip($entryid)
352
- {
353
- global $wpdb;
354
- $wpdb->query(
355
- "DELETE FROM ".$this->whitelistIPsTable."
356
- WHERE id = ".$entryid
357
- );
358
- return;
359
- }
360
-
361
- function get_whitelisted_ips_list()
362
- {
363
- global $wpdb;
364
- return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
365
- }
366
-
367
- function get_email_audit_count($ipAddress,$username)
368
- {
369
- global $wpdb;
370
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
371
- username='".$username."'" );
372
- }
373
-
374
- function insert_email_audit($ipAddress,$username,$reason)
375
- {
376
- global $wpdb;
377
- $wpdb->insert(
378
- $this->emailAuditTable,
379
- array(
380
- 'ip_address' => $ipAddress,
381
- 'username' => $username,
382
- 'reason' => $reason,
383
- 'created_timestamp' => current_time( 'timestamp' )
384
- )
385
- );
386
- return;
387
- }
388
-
389
- function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
390
- {
391
- global $wpdb;
392
- $data = array(
393
- 'ip_address' => $ipAddress,
394
- 'username' => $username,
395
- 'type' => $type,
396
- 'status' => $status,
397
- 'created_timestamp' => current_time( 'timestamp' )
398
- );
399
- $data['url'] = is_null($url) ? '' : $url;
400
- $wpdb->insert( $this->transactionTable, $data);
401
- return;
402
- }
403
-
404
- function get_transasction_list()
405
- {
406
- global $wpdb;
407
- return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
408
- }
409
-
410
- function get_login_transaction_report()
411
- {
412
- global $wpdb;
413
- return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
414
- }
415
-
416
- function get_error_transaction_report()
417
- {
418
- global $wpdb;
419
- return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
420
- }
421
-
422
- function update_transaction_table($where,$update)
423
- {
424
- global $wpdb;
425
-
426
- $sql = "UPDATE ".$this->transactionTable." SET ";
427
- $i = 0;
428
- foreach($update as $key=>$value)
429
- {
430
- if($i%2!=0)
431
- $sql .= ' , ';
432
- $sql .= $key."='".$value."'";
433
- $i++;
434
- }
435
- $sql .= " WHERE ";
436
- $i = 0;
437
- foreach($where as $key=>$value)
438
- {
439
- if($i%2!=0)
440
- $sql .= ' AND ';
441
- $sql .= $key."='".$value."'";
442
- $i++;
443
- }
444
-
445
- $wpdb->query($sql);
446
- return;
447
- }
448
-
449
- function get_count_of_attacks_blocked(){
450
- global $wpdb;
451
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
452
- }
453
-
454
- function get_failed_transaction_count($ipAddress)
455
- {
456
- global $wpdb;
457
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
458
- AND status = '".MoWpnsConstants::FAILED."'" );
459
- }
460
-
461
- function delete_transaction($ipAddress)
462
- {
463
- global $wpdb;
464
- $wpdb->query(
465
- "DELETE FROM ".$this->transactionTable."
466
- WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
467
- );
468
- return;
469
- }
470
-
471
- function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
472
- global $wpdb;
473
- $wpdb->insert(
474
- $this->malwarereportTable,
475
- array(
476
- 'scan_mode' => $scan_type,
477
- 'scanned_folders' => $folderNames,
478
- 'scanned_files' => 0,
479
- 'start_timestamp' => $start_timestamp,
480
- 'malware_count' => 0,
481
- 'repo_issues' => $repo_check_status_code,
482
- 'malicious_links' => 0
483
- )
484
- );
485
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
486
- if($result){
487
- $record = $result[0];
488
- return $record->id;
489
- }
490
- }
491
-
492
- function add_report_details($reportid, $filename, $report){
493
- global $wpdb;
494
- $wpdb->insert(
495
- $this->scanreportdetails,
496
- array(
497
- 'report_id' => $reportid,
498
- 'filename' => $filename,
499
- 'report' => serialize($report),
500
- 'created_timestamp' => current_time('timestamp')
501
- )
502
- );
503
- }
504
-
505
- function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
506
- global $wpdb;
507
- $wpdb->query(
508
- "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
509
- );
510
- }
511
-
512
- function count_files(){
513
- global $wpdb;
514
- $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
515
- return $sql[0]->scan_count;
516
- }
517
-
518
- function count_malicious_files(){
519
- global $wpdb;
520
- $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
521
- return $sql[0]->total_mal;
522
- }
523
-
524
- function count_files_last_scan($reportid){
525
- global $wpdb;
526
- $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
527
- return $sql[0]->scanned_files;
528
- }
529
-
530
- function count_malicious_last_scan($reportid){
531
- global $wpdb;
532
- $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
533
- return $sql[0]->mal_file;
534
- }
535
-
536
- function check_hash($hash_of_file){
537
- global $wpdb;
538
- $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
539
- $result=$wpdb->get_results( $sql );
540
- return $result;
541
- }
542
-
543
- function insert_hash($source_file_path,$hash_of_file, $scan_data){
544
- global $wpdb;
545
- $source_file_path = addslashes($source_file_path);
546
- $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
547
- $res=$wpdb->query( $query );
548
- }
549
-
550
- function update_hash($source_file_path, $hash_of_file, $scan_data){
551
- global $wpdb;
552
- $source_file_path = addslashes($source_file_path);
553
- $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
554
- $res=$wpdb->query( $query );
555
- }
556
-
557
- function delete_hash($source_file_path){
558
- global $wpdb;
559
- $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
560
- $res=$wpdb->query( $query );
561
- }
562
-
563
- function get_infected_file($filename){
564
- global $wpdb;
565
- $filename = addslashes($filename);
566
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
567
- return $result;
568
- }
569
-
570
- function insert_files_in_parts($file_path_array){
571
- global $wpdb;
572
- if(!empty($file_path_array)){
573
- $size=sizeof($file_path_array);
574
- $default=0;
575
- $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`) VALUES";
576
- for ($i=1; $i <= $size ; $i++) {
577
- $value= $file_path_array[$i];
578
- $value = addslashes($value);
579
- $hash_value= md5($value);
580
- $query.= "('".$value."', '".$hash_value."', '".$default."', '".$default."', '".$default."')";
581
- if($i < $size){
582
- $query.= ",";
583
- }
584
- }
585
- $query.=";";
586
- $res=$wpdb->query( $query );
587
- }
588
- }
589
-
590
- function update_files_scan($file_path_array, $file_count){
591
- global $wpdb;
592
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
593
- for ($i=0; $i < $file_count ; $i++) {
594
- $value= $file_path_array[$i]->path;
595
- $value = addslashes($value);
596
- $value = md5($value);
597
- $query.= "('".$value."', 1)";
598
- if($i < $file_count-1){
599
- $query.= ",";
600
- }
601
- }
602
- $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
603
- $res=$wpdb->query( $query );
604
- }
605
-
606
- function update_files_scan_ext_link($file_path_array, $file_count){
607
- global $wpdb;
608
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
609
- for ($i=0; $i < $file_count ; $i++) {
610
- $value= $file_path_array[$i]->path;
611
- $value = addslashes($value);
612
- $value = md5($value);
613
- $query.= "('".$value."', 1)";
614
- if($i < $file_count-1){
615
- $query.= ",";
616
- }
617
- }
618
- $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
619
- $res=$wpdb->query( $query );
620
- }
621
-
622
- function update_files_scan_repo($file_path_array, $file_count){
623
- global $wpdb;
624
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
625
- for ($i=0; $i < $file_count ; $i++) {
626
- $value= $file_path_array[$i]->path;
627
- $value = addslashes($value);
628
- $value = md5($value);
629
- $query.= "('".$value."', 1)";
630
- if($i < $file_count-1){
631
- $query.= ",";
632
- }
633
- }
634
- $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
635
- $res=$wpdb->query( $query );
636
- }
637
-
638
- function get_files_in_parts(){
639
- global $wpdb;
640
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
641
- $result=$wpdb->get_results($sql);
642
- return $result;
643
- }
644
-
645
- function get_files_for_link(){
646
- global $wpdb;
647
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
648
- $result=$wpdb->get_results($sql);
649
- return $result;
650
- }
651
-
652
- function get_files_for_repo(){
653
- global $wpdb;
654
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 LIMIT 100';
655
- $result=$wpdb->get_results($sql);
656
- return $result;
657
- }
658
-
659
- function delete_files_parts(){
660
- global $wpdb;
661
- $sql= "TRUNCATE TABLE ".$this->filescan.";";
662
- $res=$wpdb->query($sql);
663
- }
664
-
665
- function get_last_id(){
666
- global $wpdb;
667
- $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
668
- return $result;
669
- }
670
-
671
- function get_report_with_id($reportid){
672
- global $wpdb;
673
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
674
- return $result;
675
- }
676
-
677
- function delete_report($reportid){
678
- global $wpdb;
679
- $wpdb->query(
680
- "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
681
- );
682
- $warning_count=0;
683
- $malware_count=0;
684
- $last_id=$this->get_last_id();
685
- $send_id=$last_id[0]->max;
686
- if(!is_null($send_id)){
687
- $res = $this->get_report_with_id($send_id);
688
- $record = $res[0];
689
- if($record->malware_count >= 0){
690
- $malware_count = $record->malware_count;
691
- }
692
- if($record->repo_issues < 0){
693
- $warning_count = $record->malicious_links;
694
- }else{
695
- $warning_count = $record->repo_issues + $record->malicious_links;
696
- }
697
- }
698
-
699
- update_option('mo_wpns_infected_files', $malware_count);
700
- update_option('mo_wpns_warning_files', $warning_count);
701
-
702
- }
703
-
704
- function get_report(){
705
- global $wpdb;
706
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
707
- return $result;
708
- }
709
-
710
- function get_vulnerable_files_count_for_reportid($reportid){
711
- global $wpdb;
712
- $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
713
- return $result;
714
- }
715
-
716
- function ignorefile($filename){
717
- $signature = md5_file($filename);
718
- global $wpdb;
719
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
720
- if($result){
721
- $wpdb->query(
722
- "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
723
- );
724
- } else {
725
- $wpdb->insert(
726
- $this->skipfiles,
727
- array(
728
- 'path' => $filename,
729
- 'signature' => $signature,
730
- 'created_timestamp' => current_time('timestamp')
731
- )
732
- );
733
- }
734
- }
735
-
736
- function ignorechangedfile($recordId){
737
- global $wpdb;
738
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
739
- if($result){
740
- $record = $result[0];
741
- $signature = md5_file($record->path);
742
- $wpdb->query(
743
- "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
744
- );
745
- }
746
- }
747
-
748
- function getlistofignorefiles(){
749
- global $wpdb;
750
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
751
- return $result;
752
- }
753
-
754
- function get_detail_report_with_id($reportid){
755
- global $wpdb;
756
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
757
- return $result;
758
- }
759
-
760
- function mo_wpns_upgrade_process_complete(){
761
- $current_db_version = get_option('mo_wpns_dbversion');
762
- if($current_db_version < MoWpnsConstants::DB_VERSION){
763
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
764
- $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
765
- if(empty($row)){
766
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
767
- if($result){
768
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
769
- foreach ($report_ids as $key => $value) {
770
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
771
- $result = $this->mo_wpns_get_scan_count($scan_detail);
772
- $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
773
- }
774
- }
775
- }
776
- $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
777
- if(empty($rowhash)){
778
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
779
- }
780
- }
781
- }
782
-
783
- function mo_wpns_get_scan_count($result){
784
- $scan_count = 0;
785
- $repo_count = 0;
786
- $link_count = 0;
787
- $total = 0;
788
- foreach ($result as $key => $value) {
789
- $total+=1;
790
- $temp = unserialize($result[$key]->report);
791
- if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
792
- $scan_count++;
793
- $repo_count++;
794
- $link_count++;
795
- }else if(isset($temp['scan'])&&isset($temp['repo'])){
796
- $scan_count++;
797
- $repo_count++;
798
- }else if(isset($temp['scan'])&&isset($temp['extl'])){
799
- $scan_count++;
800
- $link_count++;
801
- }else if(isset($temp['repo'])&&isset($temp['extl'])){
802
- $repo_count++;
803
- $link_count++;
804
- }else if(isset($temp['scan'])){
805
- $scan_count++;
806
- }else if(isset($temp['repo'])){
807
- $repo_count++;
808
- }else if(isset($temp['extl'])){
809
- $link_count++;
810
- }
811
- }
812
- return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
813
- }
 
 
 
 
 
 
814
  }
1
+ <?php
2
+
3
+ require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
+
5
+ class MoWpnsDB
6
+ {
7
+ private $transactionTable;
8
+ private $blockedIPsTable;
9
+ private $whitelistIPsTable;
10
+ private $emailAuditTable;
11
+ private $malwarereportTable;
12
+ private $scanreportdetails;
13
+ private $skipfiles;
14
+ private $hashfile;
15
+
16
+ function __construct()
17
+ {
18
+ global $wpdb;
19
+ $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
+ $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
+ $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
+ $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
+ $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
+ $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
+ $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
+ $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
+ $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
+ $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
+ $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
+ $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
+ $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
+ }
33
+
34
+ function mo_plugin_activate()
35
+ {
36
+ global $wpdb;
37
+ if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
+ $this->generate_tables();
40
+ } else {
41
+ $current_db_version = get_option('mo_wpns_dbversion');
42
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
43
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
+
45
+ }
46
+ }
47
+ }
48
+
49
+ function generate_tables(){
50
+ global $wpdb;
51
+
52
+ $tableName = $this->transactionTable;
53
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
+ {
55
+ $sql = "CREATE TABLE " . $tableName . " (
56
+ `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
+ `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
+ dbDelta($sql);
59
+ }
60
+
61
+ $tableName = $this->blockedIPsTable;
62
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
+ {
64
+ $sql = "CREATE TABLE " . $tableName . " (
65
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
+ `created_timestamp` int, UNIQUE KEY id (id) );";
67
+ dbDelta($sql);
68
+ }
69
+
70
+
71
+ $tableName = $this->whitelistIPsTable;
72
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
+ {
74
+ $sql = "CREATE TABLE " . $tableName . " (
75
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
+ dbDelta($sql);
77
+ }
78
+
79
+ $tableName = $this->backupdetails;
80
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
+ {
82
+ $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
+ `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
+ dbDelta($sql);
85
+ }
86
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
+ if(is_null($result)){
88
+ $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
+ $results1 = $wpdb->query($sql);
90
+ }
91
+
92
+ $tableName = $this->emailAuditTable;
93
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
+ {
95
+ $sql = "CREATE TABLE " . $tableName . " (
96
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
+ dbDelta($sql);
98
+ }
99
+ $tableName = $this->IPrateDetails;
100
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
+ {
102
+ $sql = "CREATE TABLE " . $tableName . " (
103
+ ip varchar(20) , time bigint );";
104
+ dbDelta($sql);
105
+ }
106
+
107
+ $tableName = $this->attackLogs;
108
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
+ {
110
+ $sql = "create table ". $tableName ." (
111
+ ip varchar(20),
112
+ type varchar(20),
113
+ time bigint,
114
+ input mediumtext );";
115
+ //dbDelta($sql);
116
+ $results = $wpdb->get_results($sql);
117
+
118
+ }
119
+ $tableName = $this->malwarereportTable;
120
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
+ {
122
+ $sql = "CREATE TABLE " . $tableName . " (
123
+ `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
+ dbDelta($sql);
125
+ }
126
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
+ if(is_null($result)){
128
+ $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
+ $results1 = $wpdb->query($sql);
130
+ $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
+ $resluts = $wpdb->query($sql1);
132
+ }
133
+
134
+ $tableName = $this->scanreportdetails;
135
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
136
+ {
137
+ $sql = "CREATE TABLE " . $tableName . " (
138
+ `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
139
+ dbDelta($sql);
140
+ }
141
+
142
+ $tableName = $this->skipfiles;
143
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
144
+ {
145
+ $sql = "CREATE TABLE " . $tableName . " (
146
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
147
+ dbDelta($sql);
148
+ }
149
+
150
+ $tableName = $this->filescan;
151
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
152
+ {
153
+ $sql = "CREATE TABLE " . $tableName . " (
154
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
155
+ dbDelta($sql);
156
+ }
157
+
158
+ $tableName = $this->hashfile;
159
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
160
+ {
161
+ $sql = "CREATE TABLE " . $tableName . " (
162
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
163
+ dbDelta($sql);
164
+ }
165
+
166
+ $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
167
+ $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
168
+ $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
169
+ if(empty($row1) && empty($row1) && empty($row1)){
170
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
171
+ if($result){
172
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
173
+ foreach ($report_ids as $key => $value) {
174
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
175
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
176
+ $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
177
+ }
178
+ }
179
+ }
180
+ $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
181
+ if(empty($rowhash)){
182
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
183
+ }
184
+ }
185
+
186
+ function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
187
+ global $wpdb;
188
+ $wpdb->insert(
189
+ $this->backupdetails,
190
+ array(
191
+ 'backup_id' =>$backup_id,
192
+ 'file_name' =>$file_name,
193
+ 'created_timestamp'=> $backup_created_timestamp,
194
+ 'plugin_path' => $plugin_path
195
+ ));
196
+ }
197
+
198
+ function get_table_content(){
199
+ global $wpdb;
200
+ return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
201
+ }
202
+
203
+ function get_number_of_plugin_backup(){
204
+ global $wpdb;
205
+
206
+ $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
207
+ $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
208
+ $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
209
+ $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
210
+ $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
211
+ $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
212
+
213
+ return $array;
214
+ }
215
+
216
+ function delete_file($id){
217
+ global $wpdb;
218
+ $wpdb->query(
219
+ "DELETE FROM ".$this->backupdetails."
220
+ WHERE id = ".$id
221
+ );
222
+ return;
223
+ }
224
+
225
+ function row_exist($id){
226
+ global $wpdb;
227
+ $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
228
+ return $is_exist;
229
+ }
230
+
231
+ function get_ip_blocked_count($ipAddress)
232
+ {
233
+ global $wpdb;
234
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
235
+ }
236
+ function get_total_blocked_ips()
237
+ {
238
+ global $wpdb;
239
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
240
+ }
241
+ function get_total_manual_blocked_ips()
242
+ {
243
+ global $wpdb;
244
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
245
+ }
246
+ function get_total_blocked_ips_waf()
247
+ {
248
+ global $wpdb;
249
+ $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
250
+ return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
251
+ }
252
+ function get_blocked_attack_count($attack)
253
+ {
254
+ global $wpdb;
255
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
256
+ }
257
+
258
+ function get_count_of_blocked_ips(){
259
+ global $wpdb;
260
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
261
+ }
262
+
263
+
264
+ function get_blocked_ip($entryid)
265
+ {
266
+ global $wpdb;
267
+ return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
268
+ }
269
+
270
+ function get_blocked_ip_list()
271
+ {
272
+ global $wpdb;
273
+ return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
274
+ }
275
+
276
+ function get_blocked_attack_list($tableName)
277
+ {
278
+ global $wpdb;
279
+ $tableName = $wpdb->base_prefix.$tableName;
280
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
281
+ }
282
+
283
+ function get_blocked_sqli_list()
284
+ {
285
+ global $wpdb;
286
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
287
+ }
288
+ function get_blocked_rfi_list()
289
+ {
290
+ global $wpdb;
291
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
292
+ }
293
+ function get_blocked_lfi_list()
294
+ {
295
+ global $wpdb;
296
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
297
+ }
298
+ function get_blocked_rce_list()
299
+ {
300
+ global $wpdb;
301
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
302
+ }
303
+ function get_blocked_xss_list()
304
+ {
305
+ global $wpdb;
306
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
307
+ }
308
+
309
+ function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
310
+ {
311
+ global $wpdb;
312
+ $wpdb->insert(
313
+ $this->blockedIPsTable,
314
+ array(
315
+ 'ip_address' => $ipAddress,
316
+ 'reason' => $reason,
317
+ 'blocked_for_time' => $blocked_for_time,
318
+ 'created_timestamp' => current_time( 'timestamp' )
319
+ )
320
+ );
321
+ return;
322
+ }
323
+
324
+ function delete_blocked_ip($entryid)
325
+ {
326
+ global $wpdb;
327
+ $wpdb->query(
328
+ "DELETE FROM ".$this->blockedIPsTable."
329
+ WHERE id = ".$entryid
330
+ );
331
+ return;
332
+ }
333
+
334
+ function get_whitelisted_ip_count($ipAddress)
335
+ {
336
+ global $wpdb;
337
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
338
+ }
339
+
340
+ function insert_whitelisted_ip($ipAddress)
341
+ {
342
+ global $wpdb;
343
+ $wpdb->insert(
344
+ $this->whitelistIPsTable,
345
+ array(
346
+ 'ip_address' => $ipAddress,
347
+ 'created_timestamp' => current_time( 'timestamp' )
348
+ )
349
+ );
350
+ }
351
+
352
+ function get_number_of_whitelisted_ips(){
353
+ global $wpdb;
354
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
355
+ }
356
+
357
+ function delete_whitelisted_ip($entryid)
358
+ {
359
+ global $wpdb;
360
+ $wpdb->query(
361
+ "DELETE FROM ".$this->whitelistIPsTable."
362
+ WHERE id = ".$entryid
363
+ );
364
+ return;
365
+ }
366
+
367
+ function get_whitelisted_ips_list()
368
+ {
369
+ global $wpdb;
370
+ return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
371
+ }
372
+
373
+ function get_email_audit_count($ipAddress,$username)
374
+ {
375
+ global $wpdb;
376
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
377
+ username='".$username."'" );
378
+ }
379
+
380
+ function insert_email_audit($ipAddress,$username,$reason)
381
+ {
382
+ global $wpdb;
383
+ $wpdb->insert(
384
+ $this->emailAuditTable,
385
+ array(
386
+ 'ip_address' => $ipAddress,
387
+ 'username' => $username,
388
+ 'reason' => $reason,
389
+ 'created_timestamp' => current_time( 'timestamp' )
390
+ )
391
+ );
392
+ return;
393
+ }
394
+
395
+ function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
396
+ {
397
+ global $wpdb;
398
+ $data = array(
399
+ 'ip_address' => $ipAddress,
400
+ 'username' => $username,
401
+ 'type' => $type,
402
+ 'status' => $status,
403
+ 'created_timestamp' => current_time( 'timestamp' )
404
+ );
405
+ $data['url'] = is_null($url) ? '' : $url;
406
+ $wpdb->insert( $this->transactionTable, $data);
407
+ return;
408
+ }
409
+
410
+ function get_transasction_list()
411
+ {
412
+ global $wpdb;
413
+ return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
414
+ }
415
+
416
+ function get_login_transaction_report()
417
+ {
418
+ global $wpdb;
419
+ return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
420
+ }
421
+
422
+ function get_error_transaction_report()
423
+ {
424
+ global $wpdb;
425
+ return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
426
+ }
427
+
428
+ function update_transaction_table($where,$update)
429
+ {
430
+ global $wpdb;
431
+
432
+ $sql = "UPDATE ".$this->transactionTable." SET ";
433
+ $i = 0;
434
+ foreach($update as $key=>$value)
435
+ {
436
+ if($i%2!=0)
437
+ $sql .= ' , ';
438
+ $sql .= $key."='".$value."'";
439
+ $i++;
440
+ }
441
+ $sql .= " WHERE ";
442
+ $i = 0;
443
+ foreach($where as $key=>$value)
444
+ {
445
+ if($i%2!=0)
446
+ $sql .= ' AND ';
447
+ $sql .= $key."='".$value."'";
448
+ $i++;
449
+ }
450
+
451
+ $wpdb->query($sql);
452
+ return;
453
+ }
454
+
455
+ function get_count_of_attacks_blocked(){
456
+ global $wpdb;
457
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
458
+ }
459
+
460
+ function get_failed_transaction_count($ipAddress)
461
+ {
462
+ global $wpdb;
463
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
464
+ AND status = '".MoWpnsConstants::FAILED."'" );
465
+ }
466
+
467
+ function delete_transaction($ipAddress)
468
+ {
469
+ global $wpdb;
470
+ $wpdb->query(
471
+ "DELETE FROM ".$this->transactionTable."
472
+ WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
473
+ );
474
+ return;
475
+ }
476
+
477
+ function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
478
+ global $wpdb;
479
+ $wpdb->insert(
480
+ $this->malwarereportTable,
481
+ array(
482
+ 'scan_mode' => $scan_type,
483
+ 'scanned_folders' => $folderNames,
484
+ 'scanned_files' => 0,
485
+ 'start_timestamp' => $start_timestamp,
486
+ 'malware_count' => 0,
487
+ 'repo_issues' => $repo_check_status_code,
488
+ 'malicious_links' => 0
489
+ )
490
+ );
491
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
492
+ if($result){
493
+ $record = $result[0];
494
+ return $record->id;
495
+ }
496
+ }
497
+
498
+ function add_report_details($reportid, $filename, $report){
499
+ global $wpdb;
500
+ $wpdb->insert(
501
+ $this->scanreportdetails,
502
+ array(
503
+ 'report_id' => $reportid,
504
+ 'filename' => $filename,
505
+ 'report' => serialize($report),
506
+ 'created_timestamp' => current_time('timestamp')
507
+ )
508
+ );
509
+ }
510
+
511
+ function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
512
+ global $wpdb;
513
+ $wpdb->query(
514
+ "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
515
+ );
516
+ }
517
+
518
+ function count_files(){
519
+ global $wpdb;
520
+ $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
521
+ return $sql[0]->scan_count;
522
+ }
523
+
524
+ function count_malicious_files(){
525
+ global $wpdb;
526
+ $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
527
+ return $sql[0]->total_mal;
528
+ }
529
+
530
+ function count_files_last_scan($reportid){
531
+ global $wpdb;
532
+ $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
533
+ return $sql[0]->scanned_files;
534
+ }
535
+
536
+ function count_malicious_last_scan($reportid){
537
+ global $wpdb;
538
+ $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
539
+ return $sql[0]->mal_file;
540
+ }
541
+
542
+ function check_hash($hash_of_file){
543
+ global $wpdb;
544
+ $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
545
+ $result=$wpdb->get_results( $sql );
546
+ return $result;
547
+ }
548
+
549
+ function insert_hash($source_file_path,$hash_of_file, $scan_data){
550
+ global $wpdb;
551
+ $source_file_path = addslashes($source_file_path);
552
+ $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
553
+ $res=$wpdb->query( $query );
554
+ }
555
+
556
+ function update_hash($source_file_path, $hash_of_file, $scan_data){
557
+ global $wpdb;
558
+ $source_file_path = addslashes($source_file_path);
559
+ $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
560
+ $res=$wpdb->query( $query );
561
+ }
562
+
563
+ function delete_hash($source_file_path){
564
+ global $wpdb;
565
+ $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
566
+ $res=$wpdb->query( $query );
567
+ }
568
+
569
+ function get_infected_file($filename){
570
+ global $wpdb;
571
+ $filename = addslashes($filename);
572
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
573
+ return $result;
574
+ }
575
+
576
+ function insert_files_in_parts($file_path_array){
577
+ global $wpdb;
578
+ if(!empty($file_path_array)){
579
+ $size=sizeof($file_path_array);
580
+ $default=0;
581
+ $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`) VALUES";
582
+ for ($i=1; $i <= $size ; $i++) {
583
+ $value= $file_path_array[$i];
584
+ $value = addslashes($value);
585
+ $hash_value= md5($value);
586
+ $query.= "('".$value."', '".$hash_value."', '".$default."', '".$default."', '".$default."')";
587
+ if($i < $size){
588
+ $query.= ",";
589
+ }
590
+ }
591
+ $query.=";";
592
+ $res=$wpdb->query( $query );
593
+ }
594
+ }
595
+
596
+ function update_files_scan($file_path_array, $file_count){
597
+ global $wpdb;
598
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
599
+ for ($i=0; $i < $file_count ; $i++) {
600
+ $value= $file_path_array[$i]->path;
601
+ $value = addslashes($value);
602
+ $value = md5($value);
603
+ $query.= "('".$value."', 1)";
604
+ if($i < $file_count-1){
605
+ $query.= ",";
606
+ }
607
+ }
608
+ $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
609
+ $res=$wpdb->query( $query );
610
+ }
611
+
612
+ function update_files_scan_ext_link($file_path_array, $file_count){
613
+ global $wpdb;
614
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
615
+ for ($i=0; $i < $file_count ; $i++) {
616
+ $value= $file_path_array[$i]->path;
617
+ $value = addslashes($value);
618
+ $value = md5($value);
619
+ $query.= "('".$value."', 1)";
620
+ if($i < $file_count-1){
621
+ $query.= ",";
622
+ }
623
+ }
624
+ $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
625
+ $res=$wpdb->query( $query );
626
+ }
627
+
628
+ function update_files_scan_repo($file_path_array, $file_count){
629
+ global $wpdb;
630
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
631
+ for ($i=0; $i < $file_count ; $i++) {
632
+ $value= $file_path_array[$i]->path;
633
+ $value = addslashes($value);
634
+ $value = md5($value);
635
+ $query.= "('".$value."', 1)";
636
+ if($i < $file_count-1){
637
+ $query.= ",";
638
+ }
639
+ }
640
+ $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
641
+ $res=$wpdb->query( $query );
642
+ }
643
+
644
+ function get_files_in_parts(){
645
+ global $wpdb;
646
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
647
+ $result=$wpdb->get_results($sql);
648
+ return $result;
649
+ }
650
+
651
+ function get_files_for_link(){
652
+ global $wpdb;
653
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
654
+ $result=$wpdb->get_results($sql);
655
+ return $result;
656
+ }
657
+
658
+ function get_files_for_repo(){
659
+ global $wpdb;
660
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 LIMIT 100';
661
+ $result=$wpdb->get_results($sql);
662
+ return $result;
663
+ }
664
+
665
+ function delete_files_parts(){
666
+ global $wpdb;
667
+ $sql= "TRUNCATE TABLE ".$this->filescan.";";
668
+ $res=$wpdb->query($sql);
669
+ }
670
+
671
+ function get_last_id(){
672
+ global $wpdb;
673
+ $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
674
+ return $result;
675
+ }
676
+
677
+ function get_report_with_id($reportid){
678
+ global $wpdb;
679
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
680
+ return $result;
681
+ }
682
+
683
+ function delete_report($reportid){
684
+ global $wpdb;
685
+ $wpdb->query(
686
+ "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
687
+ );
688
+ $warning_count=0;
689
+ $malware_count=0;
690
+ $last_id=$this->get_last_id();
691
+ $send_id=$last_id[0]->max;
692
+ if(!is_null($send_id)){
693
+ $res = $this->get_report_with_id($send_id);
694
+ $record = $res[0];
695
+ if($record->malware_count >= 0){
696
+ $malware_count = $record->malware_count;
697
+ }
698
+ if($record->repo_issues < 0){
699
+ $warning_count = $record->malicious_links;
700
+ }else{
701
+ $warning_count = $record->repo_issues + $record->malicious_links;
702
+ }
703
+ }
704
+
705
+ update_option('mo_wpns_infected_files', $malware_count);
706
+ update_option('mo_wpns_warning_files', $warning_count);
707
+
708
+ }
709
+
710
+ function get_report(){
711
+ global $wpdb;
712
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
713
+ return $result;
714
+ }
715
+
716
+ function get_vulnerable_files_count_for_reportid($reportid){
717
+ global $wpdb;
718
+ $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
719
+ return $result;
720
+ }
721
+
722
+ function ignorefile($filename){
723
+ $signature = md5_file($filename);
724
+ global $wpdb;
725
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
726
+ if($result){
727
+ $wpdb->query(
728
+ "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
729
+ );
730
+ } else {
731
+ $wpdb->insert(
732
+ $this->skipfiles,
733
+ array(
734
+ 'path' => $filename,
735
+ 'signature' => $signature,
736
+ 'created_timestamp' => current_time('timestamp')
737
+ )
738
+ );
739
+ }
740
+ }
741
+
742
+ function ignorechangedfile($recordId){
743
+ global $wpdb;
744
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
745
+ if($result){
746
+ $record = $result[0];
747
+ $signature = md5_file($record->path);
748
+ $wpdb->query(
749
+ "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
750
+ );
751
+ }
752
+ }
753
+
754
+ function getlistofignorefiles(){
755
+ global $wpdb;
756
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
757
+ return $result;
758
+ }
759
+
760
+ function get_detail_report_with_id($reportid){
761
+ global $wpdb;
762
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
763
+ return $result;
764
+ }
765
+
766
+ function mo_wpns_upgrade_process_complete(){
767
+ $current_db_version = get_option('mo_wpns_dbversion');
768
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
769
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
770
+ $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
771
+ if(empty($row)){
772
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
773
+ if($result){
774
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
775
+ foreach ($report_ids as $key => $value) {
776
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
777
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
778
+ $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
779
+ }
780
+ }
781
+ }
782
+ $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
783
+ if(empty($rowhash)){
784
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
785
+ }
786
+ }
787
+ }
788
+
789
+ function mo_wpns_get_scan_count($result){
790
+ $scan_count = 0;
791
+ $repo_count = 0;
792
+ $link_count = 0;
793
+ $total = 0;
794
+ foreach ($result as $key => $value) {
795
+ $total+=1;
796
+ $temp = unserialize($result[$key]->report);
797
+ if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
798
+ $scan_count++;
799
+ $repo_count++;
800
+ $link_count++;
801
+ }else if(isset($temp['scan'])&&isset($temp['repo'])){
802
+ $scan_count++;
803
+ $repo_count++;
804
+ }else if(isset($temp['scan'])&&isset($temp['extl'])){
805
+ $scan_count++;
806
+ $link_count++;
807
+ }else if(isset($temp['repo'])&&isset($temp['extl'])){
808
+ $repo_count++;
809
+ $link_count++;
810
+ }else if(isset($temp['scan'])){
811
+ $scan_count++;
812
+ }else if(isset($temp['repo'])){
813
+ $repo_count++;
814
+ }else if(isset($temp['extl'])){
815
+ $link_count++;
816
+ }
817
+ }
818
+ return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
819
+ }
820
  }
database/database_functions_2fa.php CHANGED
@@ -60,8 +60,10 @@ class Mo2fDB {
60
  add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
61
  add_site_option( 'bGltaXRSZWFjaGVk' ,0);
62
  add_site_option( base64_encode('totalUsersCloud'),0);
63
- add_site_option( 'mo2f_inline_registration',1);
64
-
 
 
65
  $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
66
 
67
  if ( ! $check_if_column_exists ) {
60
  add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
61
  add_site_option( 'bGltaXRSZWFjaGVk' ,0);
62
  add_site_option( base64_encode('totalUsersCloud'),0);
63
+
64
+
65
+
66
+
67
  $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
68
 
69
  if ( ! $check_if_column_exists ) {
database/mo2f_db_options.php ADDED
@@ -0,0 +1,37 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ $GLOBALS['mo2f_enable_brute_force'] = false;
3
+ $GLOBALS['mo2f_show_remaining_attempts'] = false;
4
+ $GLOBALS['mo_wpns_enable_ip_blocked_email_to_admin'] = false;
5
+ $GLOBALS['mo2f_activate_plugin'] = 1;
6
+ $GLOBALS['mo2f_login_option'] = 1;
7
+ $GLOBALS['mo2f_number_of_transactions'] = 1;
8
+ $GLOBALS['mo2f_set_transactions'] = 0;
9
+ $GLOBALS['mo2f_enable_forgotphone'] = 0;
10
+ $GLOBALS['mo2f_enable_2fa_for_users'] = 1;
11
+ $GLOBALS['mo2f_enable_2fa_prompt_on_login_page'] = 0;
12
+ $GLOBALS['mo2f_enable_xmlrpc'] = 0;
13
+ $GLOBALS['mo2f_custom_plugin_name'] = 'miniOrange 2-Factor';
14
+ $GLOBALS['mo2f_show_sms_transaction_message'] = 0;
15
+ $GLOBALS['mo2f_enforce_strong_passswords_for_accounts'] = 'all';
16
+ $GLOBALS['mo_file_backup_plugins'] = 1;
17
+ $GLOBALS['mo_file_backup_themes'] = 1;
18
+ $GLOBALS['mo_wpns_backup_time'] = 12;
19
+ $GLOBALS['scheduled_file_backup'] = 0;
20
+ $GLOBALS['scheduled_db_backup'] = 0;
21
+ $GLOBALS['file_backup_created_time'] = 0;
22
+ $GLOBALS['db_backup_created_time'] = 0;
23
+ $GLOBALS['mo2f_inline_registration'] = 1;
24
+ $GLOBALS['mo_database_backup'] = 1;
25
+ $GLOBALS['mo_wpns_scan_initialize'] = 1;
26
+ $GLOBALS['mo_file_manual_backup_plugins'] = 1;
27
+ $GLOBALS['mo_file_manual_backup_themes'] = 1;
28
+ $GLOBALS['mo_schedule_database_backup'] = 1;
29
+ $GLOBALS['mo_wpns_2fa_with_network_security'] = 0;
30
+ $GLOBALS['mo_wpns_2fa_with_network_security_popup_visible'] = 1;
31
+ $GLOBALS['mo2f_two_factor_tour'] = -1;
32
+ $GLOBALS['mo2f_planname'] = '';
33
+ $GLOBALS['cmVtYWluaW5nT1RQ'] = 30;
34
+ $GLOBALS['bGltaXRSZWFjaGVk'] = 0;
35
+ $GLOBALS['mo2f_is_NC'] = 1;
36
+ $GLOBALS['mo2f_is_NNC'] = 1;
37
+ $GLOBALS['mo2f_enforce_strong_passswords'] = false;
handler/WAF/database/mo-waf-db-common.php ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function retrivefullname($name)
3
+ {
4
+
5
+ switch ($name) {
6
+ case 'XSS':
7
+ return 'Cross-site Scripting';
8
+ case 'SQL':
9
+ return 'SQL injection';
10
+ case 'RCE':
11
+ return 'Remote Code Execution';
12
+ case 'LFI':
13
+ return 'Local File Inclusion';
14
+ case 'RFI':
15
+ return 'Remote File Inclusion';
16
+ case 'RLE':
17
+ return 'Rate limiting Exceeded';
18
+ case 'RLECrawler':
19
+ return 'Rate limit Exceeded for crawler';
20
+ default:
21
+ return $name;
22
+
23
+ }
24
+
25
+ }
handler/WAF/database/mo-waf-db.php CHANGED
@@ -1,5 +1,6 @@
1
  <?php
2
  global $dbcon,$prefix;
 
3
  function log_attack($ipaddress,$value1,$value)
4
  {
5
  global $prefix,$dbcon;
@@ -11,7 +12,6 @@
11
  $rows = mysqli_fetch_array($results);
12
  return $rows['count(*)'];
13
  }
14
-
15
  function setting_file()
16
  {
17
  global $prefix,$dbcon;
1
  <?php
2
  global $dbcon,$prefix;
3
+ include_once('mo-waf-db-common.php');
4
  function log_attack($ipaddress,$value1,$value)
5
  {
6
  global $prefix,$dbcon;
12
  $rows = mysqli_fetch_array($results);
13
  return $rows['count(*)'];
14
  }
 
15
  function setting_file()
16
  {
17
  global $prefix,$dbcon;
handler/WAF/database/mo-waf-plugin-db.php CHANGED
@@ -1,4 +1,6 @@
1
  <?php
 
 
2
  function setting_file()
3
  {
4
  global $prefix,$dbcon;
@@ -55,7 +57,8 @@
55
  $results = $wpdb->get_results($query);
56
  return $results[0]->count;
57
  }
58
-
 
59
  function CheckRate($ipaddress)
60
  {
61
  global $wpdb;
1
  <?php
2
+
3
+ include_once('mo-waf-db-common.php');
4
  function setting_file()
5
  {
6
  global $prefix,$dbcon;
57
  $results = $wpdb->get_results($query);
58
  return $results[0]->count;
59
  }
60
+
61
+
62
  function CheckRate($ipaddress)
63
  {
64
  global $wpdb;
handler/WAF/mo-waf-plugin.php CHANGED
@@ -17,6 +17,7 @@
17
  global $wpdb,$mowpnshandle;
18
  $mowpnshandle = new MoWpnsHandler();
19
  $ipaddress = get_ipaddress();
 
20
  if($mowpnshandle->is_ip_blocked($ipaddress))
21
  {
22
  if(!$mowpnshandle->is_whitelisted($ipaddress))
@@ -121,7 +122,7 @@
121
  if(!$mowpnshandle->is_whitelisted($ipaddress))
122
  {
123
  if(!$mowpnshandle->is_ip_blocked($ipaddress))
124
- $mowpnshandle->block_ip($ipaddress,'ALE',true); //Attack Limit Exceed
125
  }
126
  }
127
 
17
  global $wpdb,$mowpnshandle;
18
  $mowpnshandle = new MoWpnsHandler();
19
  $ipaddress = get_ipaddress();
20
+ $ipaddress = sanitize_text_field($ipaddress);
21
  if($mowpnshandle->is_ip_blocked($ipaddress))
22
  {
23
  if(!$mowpnshandle->is_whitelisted($ipaddress))
122
  if(!$mowpnshandle->is_whitelisted($ipaddress))
123
  {
124
  if(!$mowpnshandle->is_ip_blocked($ipaddress))
125
+ $mowpnshandle->block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
  }
127
  }
128
 
handler/WAF/mo-waf.php CHANGED
@@ -116,7 +116,7 @@
116
  {
117
  if(!is_ip_whitelisted($ipaddress))
118
  {
119
- block_ip($ipaddress,'ALE'); //Attack Limit Exceed
120
  }
121
  }
122
 
116
  {
117
  if(!is_ip_whitelisted($ipaddress))
118
  {
119
+ block_ip($ipaddress,'Attack limit Exceeded'); //Attack Limit Exceed
120
  }
121
  }
122
 
handler/WAF/waf-include.php CHANGED
@@ -1,92 +1,92 @@
1
- <?php
2
- $dir = dirname(__FILE__);
3
- $dir = str_replace('\\', "/", $dir);
4
- $dir = explode('WAF', $dir);
5
- $dir = $dir[0];
6
- $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
- $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
- $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
- $configfilepath = explode('wp-content', $dir);
10
- $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include_once($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
- function get_ipaddress()
26
- {
27
- $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['REMOTE_ADDR']))
31
- $ipaddress = $_SERVER['REMOTE_ADDR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
- else if(isset($_SERVER['HTTP_FORWARDED']))
39
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
- else
41
- $ipaddress = 'UNKNOWN';
42
-
43
- return $ipaddress;
44
- }
45
- function is_crawler()
46
- {
47
- $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
48
- $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
- foreach ($Botsign as $key => $value)
50
- {
51
- if(preg_match('/'.$value.'/', $USER_AGENT))
52
- {
53
- return true;
54
- }
55
- }
56
- return false;
57
- }
58
- function is_fake_googlebot($ipaddress)
59
- {
60
- $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
61
- if(preg_match('/Googlebot/', $USER_AGENT))
62
- {
63
- if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
- {
65
- header('HTTP/1.1 403 Forbidden');
66
- include_once("mo-error.html");
67
- exit;
68
- }
69
- }
70
- }
71
- function is_fake($crawler,$USER_AGENT,$ipaddress)
72
- {
73
- // $hostName = gethostbyaddr($ipaddress);
74
- // $hostIP = gethostbyname($hostName);
75
- // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
- // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
- // for($i = 1 ; $i <= $range_count ; $i++){
78
- // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
- // $rangearray = explode("-",$blockedrange);
80
- // if(sizeof($rangearray)==2){
81
- // $lowip = ip2long(trim($rangearray[0]));
82
- // $highip = ip2long(trim($rangearray[1]));
83
- // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
- // $mo_wpns_config = new MoWpnsHandler();
85
- // $mo_wpns_config->block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
- // return true;
87
- // }
88
- // }
89
- // }
90
- // return false;
91
- }
92
  ?>
1
+ <?php
2
+ $dir = dirname(__FILE__);
3
+ $dir = str_replace('\\', "/", $dir);
4
+ $dir = explode('WAF', $dir);
5
+ $dir = $dir[0];
6
+ $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
+ $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
+ $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
+ $configfilepath = explode('wp-content', $dir);
10
+ $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include_once($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+ function get_ipaddress()
26
+ {
27
+ $ipaddress = '';
28
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
29
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
+ else if(isset($_SERVER['REMOTE_ADDR']))
31
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
32
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
+ else if(isset($_SERVER['HTTP_FORWARDED']))
39
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
+ else
41
+ $ipaddress = 'UNKNOWN';
42
+
43
+ return $ipaddress;
44
+ }
45
+ function is_crawler()
46
+ {
47
+ $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
48
+ $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
+ foreach ($Botsign as $key => $value)
50
+ {
51
+ if(preg_match('/'.$value.'/', $USER_AGENT))
52
+ {
53
+ return true;
54
+ }
55
+ }
56
+ return false;
57
+ }
58
+ function is_fake_googlebot($ipaddress)
59
+ {
60
+ $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
61
+ if(preg_match('/Googlebot/', $USER_AGENT))
62
+ {
63
+ if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
+ {
65
+ header('HTTP/1.1 403 Forbidden');
66
+ include_once("mo-error.html");
67
+ exit;
68
+ }
69
+ }
70
+ }
71
+ function is_fake($crawler,$USER_AGENT,$ipaddress)
72
+ {
73
+ // $hostName = gethostbyaddr($ipaddress);
74
+ // $hostIP = gethostbyname($hostName);
75
+ // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
+ // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
+ // for($i = 1 ; $i <= $range_count ; $i++){
78
+ // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
+ // $rangearray = explode("-",$blockedrange);
80
+ // if(sizeof($rangearray)==2){
81
+ // $lowip = ip2long(trim($rangearray[0]));
82
+ // $highip = ip2long(trim($rangearray[1]));
83
+ // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
+ // $mo_wpns_config = new MoWpnsHandler();
85
+ // $mo_wpns_config->block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
+ // return true;
87
+ // }
88
+ // }
89
+ // }
90
+ // return false;
91
+ }
92
  ?>
handler/backup.php CHANGED
@@ -18,7 +18,7 @@ function db_cron_backup(){
18
  }
19
 
20
  function db_eb_backup_interval($schedules){
21
- $mo2f_cron_hours = get_site_option('mo_wpns_backup_time')*3600;
22
  $schedules['db_eb_backup_time'] = array(
23
  'interval' => $mo2f_cron_hours,
24
  'display' => esc_html__( 'Cron Activated' ),
@@ -37,10 +37,10 @@ function file_cron_backup(){
37
  $time = time();
38
  update_site_option('backup_created_time',$time);
39
 
40
- if(get_site_option('mo_file_backup_plugins') =='1'){
41
  $this->plugin_backup($backup_store_path, $time);
42
  }
43
- if(get_site_option('mo_file_backup_themes')=='1'){
44
  $this->themes_backup($backup_store_path ,$time);
45
  }
46
 
@@ -56,10 +56,12 @@ function file_manual_backup(){
56
  $time = time();
57
  update_site_option('backup_created_time',$time);
58
 
59
- if(get_site_option('mo_file_manual_backup_plugins') =='1'){
 
60
  $this->plugin_backup($backup_store_path, $time);
61
  }
62
- if(get_site_option('mo_file_manual_backup_themes')=='1'){
 
63
  $this->themes_backup($backup_store_path ,$time);
64
  }
65
 
@@ -70,7 +72,7 @@ function file_manual_backup(){
70
  }
71
 
72
  function file_eb_backup_interval($schedules){
73
- $mo2f_cron_file_backup_hours = get_site_option('mo_wpns_backup_time')*3600;
74
  $schedules['file_eb_backup_time'] = array(
75
  'interval' => $mo2f_cron_file_backup_hours,
76
  'display' => esc_html__( 'Cron Activated' ),
18
  }
19
 
20
  function db_eb_backup_interval($schedules){
21
+ $mo2f_cron_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option')*3600;
22
  $schedules['db_eb_backup_time'] = array(
23
  'interval' => $mo2f_cron_hours,
24
  'display' => esc_html__( 'Cron Activated' ),
37
  $time = time();
38
  update_site_option('backup_created_time',$time);
39
 
40
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_backup_plugins', 'site_option') =='1'){
41
  $this->plugin_backup($backup_store_path, $time);
42
  }
43
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_backup_themes','site_option') =='1'){
44
  $this->themes_backup($backup_store_path ,$time);
45
  }
46
 
56
  $time = time();
57
  update_site_option('backup_created_time',$time);
58
 
59
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_manual_backup_plugins', 'site_option') =='1'){
60
+ // if(get_option('mo_file_manual_backup_plugins') =='1'){
61
  $this->plugin_backup($backup_store_path, $time);
62
  }
63
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_manual_backup_themes', 'site_option') =='1'){
64
+ // if(get_option('mo_file_manual_backup_themes') =='1'){
65
  $this->themes_backup($backup_store_path ,$time);
66
  }
67
 
72
  }
73
 
74
  function file_eb_backup_interval($schedules){
75
+ $mo2f_cron_file_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option')*3600;
76
  $schedules['file_eb_backup_time'] = array(
77
  'interval' => $mo2f_cron_file_backup_hours,
78
  'display' => esc_html__( 'Cron Activated' ),
handler/feedback_form.php CHANGED
@@ -72,7 +72,7 @@ class FeedbackHandler
72
  $message ='[' ;
73
  }
74
  $message .= 'D:' . $days . ',';
75
- if(get_option("mo_wpns_2fa_with_network_security")){
76
  $message .= '2FA+NS]';
77
  }
78
  else{
72
  $message ='[' ;
73
  }
74
  $message .= 'D:' . $days . ',';
75
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
76
  $message .= '2FA+NS]';
77
  }
78
  else{
handler/login.php CHANGED
@@ -1,354 +1,354 @@
1
- <?php
2
- class LoginHandler
3
- {
4
- function __construct()
5
- {
6
- add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
- if(get_site_option('mo2f_restrict_restAPI')){
8
- add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
- }
10
- if(get_option('mo2f_enforce_strong_passswords') || get_option('mo_wpns_activate_recaptcha_for_login')
11
- || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
- {
13
-
14
- remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
- add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
- }
17
-
18
- add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
- add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
- //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
- //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
-
23
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
- add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
- }
26
- }
27
-
28
- function mo_block_restAPI(){
29
- global $moWpnsUtility,$mo2f_dirName;
30
- if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
- include_once("mo-block.html");
32
- exit;
33
- }
34
- }
35
-
36
- function mo_wpns_init()
37
- {
38
-
39
- global $moWpnsUtility,$mo2f_dirName;
40
- $WAFEnabled = get_option('WAFEnabled');
41
- $WAFLevel = get_option('WAF');
42
-
43
- $mo2f_scanner_parts = new mo2f_scanner_parts();
44
- $mo2f_scanner_parts->file_cron_scan();
45
-
46
- if($WAFEnabled == 1)
47
- {
48
- if($WAFLevel == 'PluginLevel')
49
- {
50
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
51
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
52
- else
53
- {
54
- //UNable to find file. Please reconfigure.
55
- }
56
- }
57
- }
58
-
59
-
60
- $userIp = $moWpnsUtility->get_client_ip();
61
- $mo_wpns_config = new MoWpnsHandler();
62
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
63
- $isIpBlocked = false;
64
- if(!$isWhitelisted){
65
- $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
66
- }
67
- if($isIpBlocked){
68
- include_once("mo-block.html");
69
- exit;
70
- }
71
-
72
- $requested_uri = $_SERVER["REQUEST_URI"];
73
- $option = false;
74
- if (is_user_logged_in()) { //chr?
75
- if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
76
- wp_redirect(site_url());
77
- die;
78
- }
79
- } else {
80
- $option = get_option('mo_wpns_enable_rename_login_url');
81
- }
82
- if ($option) {
83
- if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
84
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
85
- wp_redirect($requested_uri);
86
- die;
87
- } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
88
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
89
- wp_redirect($requested_uri);
90
- die;
91
- }
92
-
93
- if (strpos($requested_uri, '/wp-login.php') !== false) {
94
- wp_redirect(site_url());
95
- }
96
- else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
97
- @require_once ABSPATH . 'wp-login.php';
98
- die;
99
- }
100
- }
101
-
102
- if(isset($_POST['option']))
103
- {
104
- switch($_POST['option'])
105
- {
106
- case "mo_wpns_change_password":
107
- $this->handle_change_password($_POST['username']
108
- ,$_POST['new_password'],$_POST['confirm_password']);
109
- break;
110
- }
111
- }
112
-
113
- }
114
-
115
- function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
116
-
117
- if (empty($_POST['g-recaptcha-response'])) {
118
- $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
119
- }
120
- }
121
-
122
- //Function to Handle Change Password Form
123
- function handle_change_password($username,$newpassword,$confirmpassword)
124
- {
125
- global $mo2f_dirName;
126
- $user = get_user_by("login",$username);
127
- $error = wp_authenticate_username_password($user,$username,$newpassword);
128
-
129
- if(is_wp_error($error))
130
- {
131
- $this->mo_wpns_login_failed($username);
132
- return $error;
133
- }
134
-
135
- if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
136
- {
137
- wp_set_auth_cookie($user->ID,false,false);
138
- $this->mo_wpns_login_success($username);
139
- wp_redirect(get_site_option('siteurl'),301);
140
- }
141
- }
142
-
143
-
144
- //Function to Update User password
145
- function update_strong_password($username,$newpassword,$confirmpassword)
146
- {
147
- global $mo2f_dirName;
148
-
149
- if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
150
- && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
151
- {
152
- $user = get_user_by("login",$username);
153
- wp_set_password($_POST['new_password'],$user->ID);
154
- return "success";
155
- }
156
- else
157
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
158
- }
159
-
160
-
161
- //Our custom logic for user authentication
162
- function custom_authenticate($user, $username, $password)
163
- {
164
- global $moWpnsUtility;
165
- $error = new WP_Error();
166
-
167
- if(empty($username) && empty ($password))
168
- return $error;
169
-
170
- if(empty($username)) {
171
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
172
- }
173
- if(empty($password)) {
174
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
175
- }
176
-
177
- $user = wp_authenticate_username_password( $user, $username, $password );
178
-
179
- if ( is_wp_error( $user ) ) {
180
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
181
- return $user;
182
- }
183
- if(empty($error->errors))
184
- {
185
- $user = get_user_by("login",$username);
186
-
187
- if($user)
188
- {
189
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
190
- $recaptchaError = $moWpnsUtility->verify_recaptcha($_POST['g-recaptcha-response']);
191
-
192
- if(!empty($recaptchaError->errors))
193
- $error = $recaptchaError;
194
- if(empty($error->errors)){
195
- if(!get_option('mo2f_enable_brute_force'))
196
- {
197
- $this->mo_wpns_login_success($username);
198
- }
199
- return $user;
200
- }
201
- }
202
- else
203
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
204
-
205
- }
206
-
207
- return $error;
208
- }
209
-
210
-
211
- //Function to check user password
212
- function check_password($user,$error,$password)
213
- {
214
- global $moWpnsUtility, $mo2f_dirName;
215
- if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
216
- {
217
- if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
218
- {
219
- if(get_option('mo2f_enable_brute_force'))
220
- $this->mo_wpns_login_success($user->data->user_login);
221
- return $user;
222
- }
223
- else
224
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
225
- }
226
- else
227
- $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
228
-
229
- return $error;
230
- }
231
-
232
-
233
- //Function to handle successful user login
234
- function mo_wpns_login_success($username)
235
- {
236
- global $moWpnsUtility;
237
-
238
- $mo_wpns_config = new MoWpnsHandler();
239
- $userIp = $moWpnsUtility->get_client_ip();
240
-
241
- $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
242
-
243
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
244
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
245
-
246
-
247
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
248
-
249
- if(isset($_POST['log']) && isset($_POST['pwd'])){
250
- $username = $_POST['log'];
251
- $pass = $_POST['pwd'];
252
- $user = get_user_by('login',$username);
253
-
254
- if(!get_option('mo2f_enforce_strong_passswords')){
255
- if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
256
- if(!get_user_meta($user->ID,'password_strong?')){
257
- update_user_meta($user->ID,'password_strong?', true);
258
- $count = get_site_option('users_with_weak_pass');
259
- $count = $count + 1;
260
- update_site_option('users_with_weak_pass', $count);
261
- }
262
- }
263
- else{
264
- if(get_user_meta($user->ID,'password_strong?')){
265
- $count = get_site_option('users_with_weak_pass');
266
- $count = $count - 1;
267
- update_site_option('users_with_weak_pass', $count);
268
- }
269
- delete_user_meta($user->ID,'password_strong?');
270
- }
271
-
272
-
273
- }
274
-
275
- }
276
- }
277
-
278
-
279
- //Function to handle failed user login attempt
280
- function mo_wpns_login_failed($username)
281
- {
282
- global $moWpnsUtility;
283
- $userIp = $moWpnsUtility->get_client_ip();
284
-
285
- if(empty($userIp) || empty($username) || !get_option('mo2f_enable_brute_force'))
286
- return;
287
-
288
- $mo_wpns_config = new MoWpnsHandler();
289
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
290
-
291
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
292
-
293
- if(!$isWhitelisted)
294
- {
295
-
296
-
297
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
298
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
299
-
300
- $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
301
- $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
302
-
303
- if($allowedLoginAttepts - $failedAttempts<=0)
304
- $this->handle_login_attempt_exceeded($userIp);
305
- else if(get_option('mo2f_show_remaining_attempts'))
306
- $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
307
- }
308
-
309
- }
310
-
311
-
312
-
313
-
314
-
315
- //Function to show number of attempts remaining
316
- function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
317
- {
318
- global $error;
319
- $diff = $allowedLoginAttepts - $failedAttempts;
320
- $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
321
- }
322
-
323
-
324
- //Function to handle login limit exceeded
325
- function handle_login_attempt_exceeded($userIp)
326
- {
327
- global $moWpnsUtility, $mo2f_dirName;
328
- $mo_wpns_config = new MoWpnsHandler();
329
- $mo_wpns_config->block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
330
- include_once("mo-block.html");
331
- exit;
332
-
333
- }
334
-
335
- function setup_registration_closed($user){
336
- global $Mo2fdbQueries;
337
- if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
338
- $nonce = $_POST['mo2f_registration_closed_nonce'];
339
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
340
- $error = new WP_Error();
341
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
342
- return $error;
343
- } else {
344
- if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
345
- //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
346
- delete_user_meta( $user->ID, 'register_account_popup' );
347
-
348
- }
349
- }
350
- }
351
- }
352
-
353
- }
354
- new LoginHandler;
1
+ <?php
2
+ class LoginHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
+ if(get_site_option('mo2f_restrict_restAPI')){
8
+ add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
+ }
10
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
+ || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
+ {
13
+
14
+ remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
+ add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
+ }
17
+
18
+ add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
+ add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
+ //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
+ //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
+
23
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
+ add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
+ }
26
+ }
27
+
28
+ function mo_block_restAPI(){
29
+ global $moWpnsUtility,$mo2f_dirName;
30
+ if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
+ include_once("mo-block.html");
32
+ exit;
33
+ }
34
+ }
35
+
36
+ function mo_wpns_init()
37
+ {
38
+
39
+ global $moWpnsUtility,$mo2f_dirName;
40
+ $WAFEnabled = get_option('WAFEnabled');
41
+ $WAFLevel = get_option('WAF');
42
+
43
+ $mo2f_scanner_parts = new mo2f_scanner_parts();
44
+ $mo2f_scanner_parts->file_cron_scan();
45
+
46
+ if($WAFEnabled == 1)
47
+ {
48
+ if($WAFLevel == 'PluginLevel')
49
+ {
50
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
51
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
52
+ else
53
+ {
54
+ //UNable to find file. Please reconfigure.
55
+ }
56
+ }
57
+ }
58
+
59
+
60
+ $userIp = $moWpnsUtility->get_client_ip();
61
+ $mo_wpns_config = new MoWpnsHandler();
62
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
63
+ $isIpBlocked = false;
64
+ if(!$isWhitelisted){
65
+ $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
66
+ }
67
+ if($isIpBlocked){
68
+ include_once("mo-block.html");
69
+ exit;
70
+ }
71
+
72
+ $requested_uri = $_SERVER["REQUEST_URI"];
73
+ $option = false;
74
+ if (is_user_logged_in()) { //chr?
75
+ if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
76
+ wp_redirect(site_url());
77
+ die;
78
+ }
79
+ } else {
80
+ $option = get_option('mo_wpns_enable_rename_login_url');
81
+ }
82
+ if ($option) {
83
+ if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
84
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
85
+ wp_redirect($requested_uri);
86
+ die;
87
+ } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
88
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
89
+ wp_redirect($requested_uri);
90
+ die;
91
+ }
92
+
93
+ if (strpos($requested_uri, '/wp-login.php') !== false) {
94
+ wp_redirect(site_url());
95
+ }
96
+ else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
97
+ @require_once ABSPATH . 'wp-login.php';
98
+ die;
99
+ }
100
+ }
101
+
102
+ if(isset($_POST['option']))
103
+ {
104
+ switch($_POST['option'])
105
+ {
106
+ case "mo_wpns_change_password":
107
+ $this->handle_change_password($_POST['username']
108
+ ,$_POST['new_password'],$_POST['confirm_password']);
109
+ break;
110
+ }
111
+ }
112
+
113
+ }
114
+
115
+ function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
116
+
117
+ if (empty($_POST['g-recaptcha-response'])) {
118
+ $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
119
+ }
120
+ }
121
+
122
+ //Function to Handle Change Password Form
123
+ function handle_change_password($username,$newpassword,$confirmpassword)
124
+ {
125
+ global $mo2f_dirName;
126
+ $user = get_user_by("login",$username);
127
+ $error = wp_authenticate_username_password($user,$username,$newpassword);
128
+
129
+ if(is_wp_error($error))
130
+ {
131
+ $this->mo_wpns_login_failed($username);
132
+ return $error;
133
+ }
134
+
135
+ if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
136
+ {
137
+ wp_set_auth_cookie($user->ID,false,false);
138
+ $this->mo_wpns_login_success($username);
139
+ wp_redirect(get_site_option('siteurl'),301);
140
+ }
141
+ }
142
+
143
+
144
+ //Function to Update User password
145
+ function update_strong_password($username,$newpassword,$confirmpassword)
146
+ {
147
+ global $mo2f_dirName;
148
+
149
+ if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
150
+ && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
151
+ {
152
+ $user = get_user_by("login",$username);
153
+ wp_set_password($_POST['new_password'],$user->ID);
154
+ return "success";
155
+ }
156
+ else
157
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
158
+ }
159
+
160
+
161
+ //Our custom logic for user authentication
162
+ function custom_authenticate($user, $username, $password)
163
+ {
164
+ global $moWpnsUtility;
165
+ $error = new WP_Error();
166
+
167
+ if(empty($username) && empty ($password))
168
+ return $error;
169
+
170
+ if(empty($username)) {
171
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
172
+ }
173
+ if(empty($password)) {
174
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
175
+ }
176
+
177
+ $user = wp_authenticate_username_password( $user, $username, $password );
178
+
179
+ if ( is_wp_error( $user ) ) {
180
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
181
+ return $user;
182
+ }
183
+ if(empty($error->errors))
184
+ {
185
+ $user = get_user_by("login",$username);
186
+
187
+ if($user)
188
+ {
189
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
190
+ $recaptchaError = $moWpnsUtility->verify_recaptcha($_POST['g-recaptcha-response']);
191
+
192
+ if(!empty($recaptchaError->errors))
193
+ $error = $recaptchaError;
194
+ if(empty($error->errors)){
195
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
196
+ {
197
+ $this->mo_wpns_login_success($username);
198
+ }
199
+ return $user;
200
+ }
201
+ }
202
+ else
203
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
204
+
205
+ }
206
+
207
+ return $error;
208
+ }
209
+
210
+
211
+ //Function to check user password
212
+ function check_password($user,$error,$password)
213
+ {
214
+ global $moWpnsUtility, $mo2f_dirName;
215
+ if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
216
+ {
217
+ if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
218
+ {
219
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
220
+ $this->mo_wpns_login_success($user->data->user_login);
221
+ return $user;
222
+ }
223
+ else
224
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
225
+ }
226
+ else
227
+ $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
228
+
229
+ return $error;
230
+ }
231
+
232
+
233
+ //Function to handle successful user login
234
+ function mo_wpns_login_success($username)
235
+ {
236
+ global $moWpnsUtility;
237
+
238
+ $mo_wpns_config = new MoWpnsHandler();
239
+ $userIp = $moWpnsUtility->get_client_ip();
240
+
241
+ $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
242
+
243
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
244
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
245
+
246
+
247
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
248
+
249
+ if(isset($_POST['log']) && isset($_POST['pwd'])){
250
+ $username = $_POST['log'];
251
+ $pass = $_POST['pwd'];
252
+ $user = get_user_by('login',$username);
253
+
254
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
255
+ if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
256
+ if(!get_user_meta($user->ID,'password_strong?')){
257
+ update_user_meta($user->ID,'password_strong?', true);
258
+ $count = get_site_option('users_with_weak_pass');
259
+ $count = $count + 1;
260
+ update_site_option('users_with_weak_pass', $count);
261
+ }
262
+ }
263
+ else{
264
+ if(get_user_meta($user->ID,'password_strong?')){
265
+ $count = get_site_option('users_with_weak_pass');
266
+ $count = $count - 1;
267
+ update_site_option('users_with_weak_pass', $count);
268
+ }
269
+ delete_user_meta($user->ID,'password_strong?');
270
+ }
271
+
272
+
273
+ }
274
+
275
+ }
276
+ }
277
+
278
+
279
+ //Function to handle failed user login attempt
280
+ function mo_wpns_login_failed($username)
281
+ {
282
+ global $moWpnsUtility;
283
+ $userIp = $moWpnsUtility->get_client_ip();
284
+
285
+ if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
286
+ return;
287
+
288
+ $mo_wpns_config = new MoWpnsHandler();
289
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
290
+
291
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
292
+
293
+ if(!$isWhitelisted)
294
+ {
295
+
296
+
297
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
298
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
299
+
300
+ $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
301
+ $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
302
+
303
+ if($allowedLoginAttepts - $failedAttempts<=0)
304
+ $this->handle_login_attempt_exceeded($userIp);
305
+ else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
306
+ $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
307
+ }
308
+
309
+ }
310
+
311
+
312
+
313
+
314
+
315
+ //Function to show number of attempts remaining
316
+ function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
317
+ {
318
+ global $error;
319
+ $diff = $allowedLoginAttepts - $failedAttempts;
320
+ $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
321
+ }
322
+
323
+
324
+ //Function to handle login limit exceeded
325
+ function handle_login_attempt_exceeded($userIp)
326
+ {
327
+ global $moWpnsUtility, $mo2f_dirName;
328
+ $mo_wpns_config = new MoWpnsHandler();
329
+ $mo_wpns_config->block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
330
+ include_once("mo-block.html");
331
+ exit;
332
+
333
+ }
334
+
335
+ function setup_registration_closed($user){
336
+ global $Mo2fdbQueries;
337
+ if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
338
+ $nonce = $_POST['mo2f_registration_closed_nonce'];
339
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
340
+ $error = new WP_Error();
341
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
342
+ return $error;
343
+ } else {
344
+ if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
345
+ //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
346
+ delete_user_meta( $user->ID, 'register_account_popup' );
347
+
348
+ }
349
+ }
350
+ }
351
+ }
352
+
353
+ }
354
+ new LoginHandler;
handler/mo-error.html CHANGED
@@ -1,11 +1,11 @@
1
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
- <div>
3
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
- <div>
5
- <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
- <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
- <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
- <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
- <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
- </div>
11
  </div>
1
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
+ <div>
3
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
+ <div>
5
+ <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
+ <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
+ <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
+ <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
+ <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
+ </div>
11
  </div>
handler/recaptcha.php CHANGED
@@ -1,106 +1,106 @@
1
- <?php
2
-
3
- class mo2f_ReCaptcha
4
- {
5
- function __construct()
6
- {
7
- add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
- add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
- add_action( 'register_form' , array($this, 'register_with_captcha') );
10
- add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
- add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
- add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
- }
14
-
15
-
16
- //Function to handle Testing reCaptcha
17
- function handle_recaptcha()
18
- {
19
- global $moWpnsUtility,$mo2f_dirName;
20
- if (current_user_can( 'manage_options' ))
21
- {
22
- if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig')
23
- {
24
- if(array_key_exists('g-recaptcha-response',$_POST))
25
- {
26
- $userIp = $moWpnsUtility->get_client_ip();
27
- $mocURL = new MocURL;
28
- $response = $mocURL->validate_recaptcha($userIp,$_POST['g-recaptcha-response']);
29
- $content = json_decode($response, true);
30
- if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
31
- echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
32
- else if(isset($content['success']) && $content['success']==1)
33
- echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
34
- else
35
- echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
36
- }
37
- show_google_recaptcha_form();
38
- }
39
- }
40
- }
41
-
42
-
43
- function custom_login_fields()
44
- {
45
- if(get_option('mo_wpns_activate_recaptcha_for_login') && get_option('mo2f_login_option'))
46
- {
47
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
48
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
49
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
50
- }
51
- }
52
-
53
- function register_with_captcha(){
54
- if(get_option('mo_wpns_activate_recaptcha_for_registration'))
55
- {
56
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
57
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
58
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
59
- }
60
- }
61
-
62
- function woocommerce_register_with_captcha(){
63
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
64
- {
65
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
66
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
67
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
68
- }
69
- }
70
-
71
- function woocommerce_login_with_captcha(){
72
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
73
- {
74
-
75
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
76
-
77
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
78
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
79
- }
80
- }
81
-
82
- function woocommerce_register_with_captcha_checkout(){
83
-
84
- if (!is_user_logged_in()){
85
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
86
- {
87
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
88
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
89
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
90
- }
91
- }
92
- }
93
-
94
- public static function recaptcha_verify($response)
95
- {
96
- global $moWpnsUtility;
97
- $userIp = $moWpnsUtility->get_client_ip();
98
- $mocURL = new MocURL;
99
- $response = $mocURL->validate_recaptcha($userIp,$response);
100
- $content = json_decode($response, true);
101
- $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
102
- return $isvalid;
103
- }
104
-
105
- }
106
- new mo2f_ReCaptcha;
1
+ <?php
2
+
3
+ class mo2f_ReCaptcha
4
+ {
5
+ function __construct()
6
+ {
7
+ add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
+ add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
+ add_action( 'register_form' , array($this, 'register_with_captcha') );
10
+ add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
+ add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
+ add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
+ }
14
+
15
+
16
+ //Function to handle Testing reCaptcha
17
+ function handle_recaptcha()
18
+ {
19
+ global $moWpnsUtility,$mo2f_dirName;
20
+ if (current_user_can( 'manage_options' ))
21
+ {
22
+ if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig')
23
+ {
24
+ if(array_key_exists('g-recaptcha-response',$_POST))
25
+ {
26
+ $userIp = $moWpnsUtility->get_client_ip();
27
+ $mocURL = new MocURL;
28
+ $response = $mocURL->validate_recaptcha($userIp,$_POST['g-recaptcha-response']);
29
+ $content = json_decode($response, true);
30
+ if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
31
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
32
+ else if(isset($content['success']) && $content['success']==1)
33
+ echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
34
+ else
35
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
36
+ }
37
+ show_google_recaptcha_form();
38
+ }
39
+ }
40
+ }
41
+
42
+
43
+ function custom_login_fields()
44
+ {
45
+ if(get_option('mo_wpns_activate_recaptcha_for_login') && MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'))
46
+ {
47
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
48
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
49
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
50
+ }
51
+ }
52
+
53
+ function register_with_captcha(){
54
+ if(get_option('mo_wpns_activate_recaptcha_for_registration'))
55
+ {
56
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
57
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
58
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
59
+ }
60
+ }
61
+
62
+ function woocommerce_register_with_captcha(){
63
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
64
+ {
65
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
66
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
67
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
68
+ }
69
+ }
70
+
71
+ function woocommerce_login_with_captcha(){
72
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
73
+ {
74
+
75
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
76
+
77
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
78
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
79
+ }
80
+ }
81
+
82
+ function woocommerce_register_with_captcha_checkout(){
83
+
84
+ if (!is_user_logged_in()){
85
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
86
+ {
87
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
88
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
89
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
90
+ }
91
+ }
92
+ }
93
+
94
+ public static function recaptcha_verify($response)
95
+ {
96
+ global $moWpnsUtility;
97
+ $userIp = $moWpnsUtility->get_client_ip();
98
+ $mocURL = new MocURL;
99
+ $response = $mocURL->validate_recaptcha($userIp,$response);
100
+ $content = json_decode($response, true);
101
+ $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
102
+ return $isvalid;
103
+ }
104
+
105
+ }
106
+ new mo2f_ReCaptcha;
handler/security_features.php CHANGED
@@ -12,7 +12,7 @@ class Mo_2fa_security_features
12
  function wpns_2fa_with_network_security($postvalue)
13
  {
14
  $nonce= sanitize_text_field(wp_unslash($_POST['mo_security_features_nonce']));
15
- add_option( 'mo2f_two_factor_tour',0);
16
  if ( wp_verify_nonce( $nonce, 'mo_2fa_security_features_nonce' ) )
17
  {
18
  $enable_newtwork_security_features = isset($postvalue['mo_wpns_2fa_with_network_security']) ? true : false;
@@ -28,7 +28,7 @@ class Mo_2fa_security_features
28
 
29
 
30
  update_option( 'mo_wpns_2fa_with_network_security_popup_visible', 0);
31
- if(get_option('mo_wpns_2fa_with_network_security'))
32
  {
33
  ?><script>window.location.href="admin.php?page=mo_2fa_dashboard";</script><?php
34
  }
@@ -44,4 +44,4 @@ class Mo_2fa_security_features
44
 
45
  }
46
  }new Mo_2fa_security_features;
47
- ?>
12
  function wpns_2fa_with_network_security($postvalue)
13
  {
14
  $nonce= sanitize_text_field(wp_unslash($_POST['mo_security_features_nonce']));
15
+
16
  if ( wp_verify_nonce( $nonce, 'mo_2fa_security_features_nonce' ) )
17
  {
18
  $enable_newtwork_security_features = isset($postvalue['mo_wpns_2fa_with_network_security']) ? true : false;
28
 
29
 
30
  update_option( 'mo_wpns_2fa_with_network_security_popup_visible', 0);
31
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option'))
32
  {
33
  ?><script>window.location.href="admin.php?page=mo_2fa_dashboard";</script><?php
34
  }
44
 
45
  }
46
  }new Mo_2fa_security_features;
47
+ ?>
handler/signature/APLFI.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
- $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
1
+ <?php
2
+
3
+ $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
+ $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
handler/signature/APSQLI.php CHANGED
@@ -1,11 +1,11 @@
1
- <?php
2
- $regex['SQL'][1] = array( "#(?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)|db)|aster\.\.sysdatabases|ysql\.db)|pg_(?:catalog|toast)|information_schema|northwind|tempdb)\b|s(?:(?:ys(?:\.database_name|aux)|qlite(?:_temp)?_master)\b|chema(?:_name\b|\W*\())|d(?:atabas|b_nam)e\W*\())#" , "#(?i:sleep\(\s*?\d*?\s*?\)|benchmark\(.*?\,.*?\))#" , "#(?i:(?:select|;)\s+(?:benchmark|sleep|if)\s*?\(\s*?\(?\s*?\w+)#" , "#(?i:(?:[\'`](?:;?\s*?(?:having|select|union)\b\s*?[^\s]|\s*?!\s*?[\'`\w])|(?:c(?:onnection_id|urrent_user)|database)\s*?\([^\)]*?|u(?:nion(?:[\w(\s]*?select|select@)|ser\s*?\([^\)]*?)|s(?:chema\s*?\([^\)]*?|elect.*?\w?user\()|into[\s+]+(?:dump|out)file\s*?[\'`]|\s*?exec(?:ute)?.*?\Wxp_cmdshell|from\W+information_schema\W|exec(?:ute)?\s+master\.|\wiif\s*?\())#" , "#^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$#" , "#(?i:[\s()]case\s*?\(|\)\s*?like\s*?\(|having\s*?[^\s]+\s*?[^\w\s]|if\s?\([\d\w]\s*?[=<>~])#" , "#(?i:(?:[\'`](?:;*?\s*?waitfor\s+(?:delay|time)\s+[\'`]|;.*?:\s*?goto)|alter\s*?\w+.*?cha(?:racte)?r\s+set\s+\w+))#" , "#(?i:merge.*?using\s*?\(|execute\s*?immediate\s*?[\'`]|match\s*?[\w(),+-]+\s*?against\s*?\()#" , "#(?i)union.*?select.*?from#" , "@(?i:(?:;\s*?shutdown\s*?(?:[#;]|\/\*|--|\{)|waitfor\s*?delay\s?[\'`]+\s?\d|select\s*?pg_sleep))@" , "#(?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))#" , "%(?i:(?:create\s+(?:procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-|;\s*?(?:declare|open)\s+[\w-]+|procedure\s+analyse\s*?\(|declare[^\w]+[@#]\s*?\w+|exec\s*?\(\s*?\@))%" , "#(?i:(?:;\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?[\[(]?\w{2,}|create\s+function\s+.+\s+returns))#" , "#(?i:(?:^[\W\d]+\s*?(?:alter\s*(?:a(?:(?:pplication\s*rol|ggregat)e|s(?:ymmetric\s*ke|sembl)y|u(?:thorization|dit)|vailability\s*group)|c(?:r(?:yptographic\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\s*key|k)|terialized)|e(?:ssage\s*type|thod)|odule)|l(?:o(?:g(?:file\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\s*priority|ufferpool)|x(?:ml\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|u(?:nion\s*(?:(?:distin|sele)ct|all)|pdate)|(?:(?:trunc|cre)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|load)\b|(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s+(?:group_concat|load_file|char)\s?\(?|[\d\W]\s+as\s*?[\'`\w]+\s*?from|[\s(]load_file\s*?\(|[\'`]\s+regexp\W|end\s*?\);))#" , "#(?i:/\*[!+](?:[\w\s=_\-()]+)?\*/)#" );
3
- $score['SQL'][1] = array( 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 );
4
- $regex['SQL'][2] = array( "#(?:^\s*[\'`;]+|[\'`]+\s*$)#" , "#(?i:(?:(?:^|\W)in[+\s]*\([\s\d\]+[^()]*\)|\b(?:r(?:egexp|like)|isnull|xor)\b|<(?:>(?:\s+binary)?|=>?|<)|r(?:egexp|like)\s+binary|not\s+between\s+0\s+and|(?:like|is)\s+null|>[=>]|\|\||!=|&&))#" , "#(?i:[\s'\`()]*?([\d\w]++)[\s'\`()]*?(?:<(?:=(?:[\s'\`()]*?(?!\1)[\d\w]+|>[\s'\`()]*?(?:\1))|>?[\s'\`()]*?(?!\1)[\d\w]+)|(?:not\s+(?:regexp|like)|is\s+not|>=?|!=|\^)[\s'\`()]*?(?!\1)[\d\w]+|(?:(?:sounds\s+)?like|r(?:egexp|like)|=)[\s'\`()]*?(?:\1)))#" , "#(?i)\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|llation|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:inser_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|r(?:e(?:p(?:lace|eat)|lease_lock|verse)|a(?:wtohex|dians|nd)|o(?:w_count|und)|ight|trim|pad)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*\(#" , "@(?i:[\'`](?:\s*?(?:(?:between|x?or|and|div)[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|like(?:[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|\W+[\w\'`(])|[!=|](?:[\d\s!=+-]+.*?[\'`(].*?|[\d\s!=]+.*?\d+)$|[^\w\s]?=\s*?[\'`])|(?:\W*?[+=]+\W*?|[<>~]+)[\'`])|(?:/\*)+[\'`]+\s?(?:\/\*|--|\{|#)?|\d[\'`]\s+[\'`]\s+\d|where\s[\s\w\.,-]+\s=|^admin\s*?[\'`]|\sis\s*?0\W)@" , "#(?i:(?:(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?\(\s*?space\s*?\(|,.*?[)\da-f\'`][\'`](?:[\'`].*?[\'`]|(?:\r?\n)?\z|[^\'`]+)|\Wselect.+\W*?from))#" , "%(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)[\s(]+\w+[\s)]*?[!=+]+[\s\d]*?[\'`=()]|\/\w+;?\s+(?:between|having|select|like|x?or|and|div)\W|\d+\s*?(?:between|like|x?or|and|div)\s*?\d+\s*?[\-+]|--\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|#\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|;\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|\@.+=\s*?\(\s*?select|\d\s+group\s+by.+\(|[^\w]SET\s*?\@\w+))%" , "#(?i:[\'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\'`\d])|[^?\w\s=.,;)(]++\s*?[(@\'`]*?\s*?\w+\W+\w|\*\s*?\w+\W+[\'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\'`-]+from)\s+|\w+\s+like\s+[\'`]|find_in_set\s*?\(|like\s*?[\'`]%)#" , "@(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s+\s*?\w+\(|\)\s*?when\s*?\d+\s*?then|[\'`]\s*?(?:--|\{|#)|cha?r\s*?\(\s*?\d|\/\*!\s?\d+))@" , "#(?i:(?:[\'`](?:;\s*?(?:begin|while|if)|[\s\d]+=\s*?\d|\s+and\s*?=\W)|(?:\(\s*?select\s*?\w+|order\s+by\s+if\w*?|coalesce)\s*?\(|\w[\'`]\s*?(?:(?:[-+=|@]+\s+?)+|[-+=|@]+)[\d(]|[\s(]+case\d*?\W.+[tw]hen[\s(]|\+\s*?\d+\s*?\+\s*?\@|\@\@\w+\s*?[^\w\s]|\W!+[\'`]\w|\*\/from))#" , "#(?i:(?:(?:(?:^[\'`\\\\]*?[^\'`]+[\'`])+|(?:^[\'`\\\\]*?[\d\'`]+)+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\'`][+&!@(),.-]|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\'`\d]+)|[\'`]\s*?(?:between|like|x?or|and|div)\s*?[\'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\'`].|[^\w\s]\w+\s*?[|-]\s*?[\'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W|^.?[\'`]$))#" , "@(?i:(?:[\'`](?:\s*?(?:is\s*?(?:[\d.]+\s*?\W.*?[\'`]|\d.+[\'`]?\w)|\d\s*?(?:--|#))|(?:\W+[\w+-]+\s*?=\s*?\d\W+|\|?[\w-]{3,}[^\w\s.,]+)[\'`]|[\%&<>^=]+\d\s*?(?:between|like|x?or|and|div|=))|(?i:n?and|x?x?or|div|like|between|not|\|\||\&\&)\s+[\s\w+]+(?:sounds\s+like\s*?[\'`]|regexp\s*?\(|[=\d]+x)|in\s*?\(+\s*?select))@" , "#(?i:^[\W\d]+\s*?(?:alter|union)\b)#" , "@(?i:[\'`](?:\s*?(?:(?:\*.+(?:(?:an|i)d|between|like|x?or|div)\W*?[\'`]|(?:between|like|x?or|and|div)\s[^\d]+[\w-]+.*?)\d|[^\w\s?]+\s*?[^\w\s]+\s*?[\'`]|[^\w\s]+\s*?[\W\d].*?(?:--|#))|.*?\*\s*?\d)|[()\*<>%+-][\w-]+[^\w\s]+[\'`][^,]|\^[\'`])@" , "#(?:\b(?:having\b?(?:[\'\][^=]{1,10}[\'\?[=<>]+|\d{1,10}?[=<>]+)|(?i:having)\b\s+(?:'[^=]{1,10}'|\d{1,10})\s*?[=<>])|exists\s(?:s(?:elect\S(?:if(?:null)?\s\(|concat|top)|ystem\s\()|\b(?i:having)\b\s+\d{1,10}|'[^=]{1,10}'|\sselect)|(?i:\bexecute\s{1,5}[\w\.$]{1,5}\s{0,3})|(?i:\bcreate\s+?table.{0,20}?\()|(?i:\blike\W*?char\W*?\()|(?i:select.*?case)|(?i:from.*?limit)|(?i:\bexecute\()|(?i:order\sby))#" , "#(?:\b(?:(?i:xor)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|(?i:or)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?))|(?i:\bor\b?[\'\][^=]{1,10}[\'\]?[=<>]+)|(?i:'\s+xor\s+.{1,20}[+\-!<>=])|(?i:'\s+or\s+.{1,20}[+\-!<>=])|(?i:\bor\b?\d{1,10}?[=<>]+))#" , "#(?i:\band\b(?:\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|?(?:[\'\][^=]{1,10}[\'\]|\d{1,10})?[=<>]+))#" , "#(?i:\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:t(?:d(?:dev(?:_(?:sam|po)p)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)?|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:insert_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|r(?:a(?:wto(?:nhex(?:toraw)?|hex)|dians|nd)|e(?:p(?:lace|eat)|lease_lock|verse)|o(?:w_count|und)|ight|trim|pad)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o_(?:(?:second|day)s|base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*?\()#" , "#(?i:(?:xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|(?:servicecontro|cmdshel)l|e(?:xecresultset|numdsn)|ntsec(?:_enumdomains)?|terminate(?:_process)?|availablemedia|loginconfig|filelist|dirtree|makecab)|s(?:p_(?:(?:addextendedpro|sqlexe)c|p(?:assword|repare)|replwritetovarbin|is_srvrolemember|execute(?:sql)?|makewebtask|oacreate|help)|ql_(?:longvarchar|variant))|open(?:owa_util|rowset|query)|(?:n?varcha|tbcreato)r|autonomous_transaction|db(?:a_users|ms_java)|utl_(?:file|http)))#" , "#(?i:(?:\b(?:(?:s(?:elect\b.{1,100}?\b(?:(?:(?:length|count)\b.{1,100}?|.*?\bdump\b.*)\bfrom|to(?:p\b.{1,100}?\bfrom|_(?:numbe|cha)r)|(?:from\b.{1,100}?\bwher|data_typ)e|instr)|ys_context)|in(?:to\b\W*?\b(?:dump|out)file|sert\b\W*?\binto|ner\b\W*?\bjoin)|u(?:nion\b.{1,100}?\bselect|tl_inaddr)|group\b.*?\bby\b.{1,100}?\bhaving|d(?:elete\b\W*?\bfrom|bms_\w+\.)|load\b\W*?\bdata\b.*?\binfile)\b|print\b\W*?\@\@)|(?:;\W*?\b(?:shutdown|drop)|collation\W*?\(a|\@\@version)\b|'(?:s(?:qloledb|a)|msdasql|dbo)'))#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){12})/ " , "@(?:/\*!?|\*/|[';]--|--[\s\r\n\v\f]|--[^-]*?-|[^&-]#.*?[\s\r\n\v\f]|;?\\x00)@" , "#(?i:(?:\A|[^\d])0x[a-f\d]{3,})#" , " (?:`((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)`)" );
5
- $score['SQL'][2] = array( 3 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 3 , 5 , 5 , 5 );
6
- $regex['SQL'][3] = array( "#(?i)\W+\d*?\s*?having\s*?[^\s\-]#" , "#[\'`][\s\d]*?[^\w\s]\W*?\d\W*?.*?[\'`\d]#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){8})/ " , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){6})/ " , " /(?:'((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)')/ " );
7
- $score['SQL'][3] = array( 5 , 5 , 3 , 3 , 3 , 5 );
8
- $regex['SQL'][4] = array( "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){3})/ " , " /((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){2})/" );
9
- $score['SQL'][4] = array( 3 , 3 );
10
-
11
  ?>
1
+ <?php
2
+ $regex['SQL'][1] = array( "#(?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)|db)|aster\.\.sysdatabases|ysql\.db)|pg_(?:catalog|toast)|information_schema|northwind|tempdb)\b|s(?:(?:ys(?:\.database_name|aux)|qlite(?:_temp)?_master)\b|chema(?:_name\b|\W*\())|d(?:atabas|b_nam)e\W*\())#" , "#(?i:sleep\(\s*?\d*?\s*?\)|benchmark\(.*?\,.*?\))#" , "#(?i:(?:select|;)\s+(?:benchmark|sleep|if)\s*?\(\s*?\(?\s*?\w+)#" , "#(?i:(?:[\'`](?:;?\s*?(?:having|select|union)\b\s*?[^\s]|\s*?!\s*?[\'`\w])|(?:c(?:onnection_id|urrent_user)|database)\s*?\([^\)]*?|u(?:nion(?:[\w(\s]*?select|select@)|ser\s*?\([^\)]*?)|s(?:chema\s*?\([^\)]*?|elect.*?\w?user\()|into[\s+]+(?:dump|out)file\s*?[\'`]|\s*?exec(?:ute)?.*?\Wxp_cmdshell|from\W+information_schema\W|exec(?:ute)?\s+master\.|\wiif\s*?\())#" , "#^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$#" , "#(?i:[\s()]case\s*?\(|\)\s*?like\s*?\(|having\s*?[^\s]+\s*?[^\w\s]|if\s?\([\d\w]\s*?[=<>~])#" , "#(?i:(?:[\'`](?:;*?\s*?waitfor\s+(?:delay|time)\s+[\'`]|;.*?:\s*?goto)|alter\s*?\w+.*?cha(?:racte)?r\s+set\s+\w+))#" , "#(?i:merge.*?using\s*?\(|execute\s*?immediate\s*?[\'`]|match\s*?[\w(),+-]+\s*?against\s*?\()#" , "#(?i)union.*?select.*?from#" , "@(?i:(?:;\s*?shutdown\s*?(?:[#;]|\/\*|--|\{)|waitfor\s*?delay\s?[\'`]+\s?\d|select\s*?pg_sleep))@" , "#(?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))#" , "%(?i:(?:create\s+(?:procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-|;\s*?(?:declare|open)\s+[\w-]+|procedure\s+analyse\s*?\(|declare[^\w]+[@#]\s*?\w+|exec\s*?\(\s*?\@))%" , "#(?i:(?:;\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?[\[(]?\w{2,}|create\s+function\s+.+\s+returns))#" , "#(?i:(?:^[\W\d]+\s*?(?:alter\s*(?:a(?:(?:pplication\s*rol|ggregat)e|s(?:ymmetric\s*ke|sembl)y|u(?:thorization|dit)|vailability\s*group)|c(?:r(?:yptographic\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\s*key|k)|terialized)|e(?:ssage\s*type|thod)|odule)|l(?:o(?:g(?:file\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\s*priority|ufferpool)|x(?:ml\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|u(?:nion\s*(?:(?:distin|sele)ct|all)|pdate)|(?:(?:trunc|cre)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|load)\b|(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s+(?:group_concat|load_file|char)\s?\(?|[\d\W]\s+as\s*?[\'`\w]+\s*?from|[\s(]load_file\s*?\(|[\'`]\s+regexp\W|end\s*?\);))#" , "#(?i:/\*[!+](?:[\w\s=_\-()]+)?\*/)#" );
3
+ $score['SQL'][1] = array( 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 );
4
+ $regex['SQL'][2] = array( "#(?:^\s*[\'`;]+|[\'`]+\s*$)#" , "#(?i:(?:(?:^|\W)in[+\s]*\([\s\d\]+[^()]*\)|\b(?:r(?:egexp|like)|isnull|xor)\b|<(?:>(?:\s+binary)?|=>?|<)|r(?:egexp|like)\s+binary|not\s+between\s+0\s+and|(?:like|is)\s+null|>[=>]|\|\||!=|&&))#" , "#(?i:[\s'\`()]*?([\d\w]++)[\s'\`()]*?(?:<(?:=(?:[\s'\`()]*?(?!\1)[\d\w]+|>[\s'\`()]*?(?:\1))|>?[\s'\`()]*?(?!\1)[\d\w]+)|(?:not\s+(?:regexp|like)|is\s+not|>=?|!=|\^)[\s'\`()]*?(?!\1)[\d\w]+|(?:(?:sounds\s+)?like|r(?:egexp|like)|=)[\s'\`()]*?(?:\1)))#" , "#(?i)\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|llation|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:inser_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|r(?:e(?:p(?:lace|eat)|lease_lock|verse)|a(?:wtohex|dians|nd)|o(?:w_count|und)|ight|trim|pad)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*\(#" , "@(?i:[\'`](?:\s*?(?:(?:between|x?or|and|div)[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|like(?:[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|\W+[\w\'`(])|[!=|](?:[\d\s!=+-]+.*?[\'`(].*?|[\d\s!=]+.*?\d+)$|[^\w\s]?=\s*?[\'`])|(?:\W*?[+=]+\W*?|[<>~]+)[\'`])|(?:/\*)+[\'`]+\s?(?:\/\*|--|\{|#)?|\d[\'`]\s+[\'`]\s+\d|where\s[\s\w\.,-]+\s=|^admin\s*?[\'`]|\sis\s*?0\W)@" , "#(?i:(?:(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?\(\s*?space\s*?\(|,.*?[)\da-f\'`][\'`](?:[\'`].*?[\'`]|(?:\r?\n)?\z|[^\'`]+)|\Wselect.+\W*?from))#" , "%(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)[\s(]+\w+[\s)]*?[!=+]+[\s\d]*?[\'`=()]|\/\w+;?\s+(?:between|having|select|like|x?or|and|div)\W|\d+\s*?(?:between|like|x?or|and|div)\s*?\d+\s*?[\-+]|--\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|#\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|;\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|\@.+=\s*?\(\s*?select|\d\s+group\s+by.+\(|[^\w]SET\s*?\@\w+))%" , "#(?i:[\'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\'`\d])|[^?\w\s=.,;)(]++\s*?[(@\'`]*?\s*?\w+\W+\w|\*\s*?\w+\W+[\'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\'`-]+from)\s+|\w+\s+like\s+[\'`]|find_in_set\s*?\(|like\s*?[\'`]%)#" , "@(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s+\s*?\w+\(|\)\s*?when\s*?\d+\s*?then|[\'`]\s*?(?:--|\{|#)|cha?r\s*?\(\s*?\d|\/\*!\s?\d+))@" , "#(?i:(?:[\'`](?:;\s*?(?:begin|while|if)|[\s\d]+=\s*?\d|\s+and\s*?=\W)|(?:\(\s*?select\s*?\w+|order\s+by\s+if\w*?|coalesce)\s*?\(|\w[\'`]\s*?(?:(?:[-+=|@]+\s+?)+|[-+=|@]+)[\d(]|[\s(]+case\d*?\W.+[tw]hen[\s(]|\+\s*?\d+\s*?\+\s*?\@|\@\@\w+\s*?[^\w\s]|\W!+[\'`]\w|\*\/from))#" , "#(?i:(?:(?:(?:^[\'`\\\\]*?[^\'`]+[\'`])+|(?:^[\'`\\\\]*?[\d\'`]+)+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\'`][+&!@(),.-]|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\'`\d]+)|[\'`]\s*?(?:between|like|x?or|and|div)\s*?[\'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\'`].|[^\w\s]\w+\s*?[|-]\s*?[\'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W|^.?[\'`]$))#" , "@(?i:(?:[\'`](?:\s*?(?:is\s*?(?:[\d.]+\s*?\W.*?[\'`]|\d.+[\'`]?\w)|\d\s*?(?:--|#))|(?:\W+[\w+-]+\s*?=\s*?\d\W+|\|?[\w-]{3,}[^\w\s.,]+)[\'`]|[\%&<>^=]+\d\s*?(?:between|like|x?or|and|div|=))|(?i:n?and|x?x?or|div|like|between|not|\|\||\&\&)\s+[\s\w+]+(?:sounds\s+like\s*?[\'`]|regexp\s*?\(|[=\d]+x)|in\s*?\(+\s*?select))@" , "#(?i:^[\W\d]+\s*?(?:alter|union)\b)#" , "@(?i:[\'`](?:\s*?(?:(?:\*.+(?:(?:an|i)d|between|like|x?or|div)\W*?[\'`]|(?:between|like|x?or|and|div)\s[^\d]+[\w-]+.*?)\d|[^\w\s?]+\s*?[^\w\s]+\s*?[\'`]|[^\w\s]+\s*?[\W\d].*?(?:--|#))|.*?\*\s*?\d)|[()\*<>%+-][\w-]+[^\w\s]+[\'`][^,]|\^[\'`])@" , "#(?:\b(?:having\b?(?:[\'\][^=]{1,10}[\'\?[=<>]+|\d{1,10}?[=<>]+)|(?i:having)\b\s+(?:'[^=]{1,10}'|\d{1,10})\s*?[=<>])|exists\s(?:s(?:elect\S(?:if(?:null)?\s\(|concat|top)|ystem\s\()|\b(?i:having)\b\s+\d{1,10}|'[^=]{1,10}'|\sselect)|(?i:\bexecute\s{1,5}[\w\.$]{1,5}\s{0,3})|(?i:\bcreate\s+?table.{0,20}?\()|(?i:\blike\W*?char\W*?\()|(?i:select.*?case)|(?i:from.*?limit)|(?i:\bexecute\()|(?i:order\sby))#" , "#(?:\b(?:(?i:xor)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|(?i:or)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?))|(?i:\bor\b?[\'\][^=]{1,10}[\'\]?[=<>]+)|(?i:'\s+xor\s+.{1,20}[+\-!<>=])|(?i:'\s+or\s+.{1,20}[+\-!<>=])|(?i:\bor\b?\d{1,10}?[=<>]+))#" , "#(?i:\band\b(?:\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|?(?:[\'\][^=]{1,10}[\'\]|\d{1,10})?[=<>]+))#" , "#(?i:\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:t(?:d(?:dev(?:_(?:sam|po)p)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)?|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:insert_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|r(?:a(?:wto(?:nhex(?:toraw)?|hex)|dians|nd)|e(?:p(?:lace|eat)|lease_lock|verse)|o(?:w_count|und)|ight|trim|pad)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o_(?:(?:second|day)s|base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*?\()#" , "#(?i:(?:xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|(?:servicecontro|cmdshel)l|e(?:xecresultset|numdsn)|ntsec(?:_enumdomains)?|terminate(?:_process)?|availablemedia|loginconfig|filelist|dirtree|makecab)|s(?:p_(?:(?:addextendedpro|sqlexe)c|p(?:assword|repare)|replwritetovarbin|is_srvrolemember|execute(?:sql)?|makewebtask|oacreate|help)|ql_(?:longvarchar|variant))|open(?:owa_util|rowset|query)|(?:n?varcha|tbcreato)r|autonomous_transaction|db(?:a_users|ms_java)|utl_(?:file|http)))#" , "#(?i:(?:\b(?:(?:s(?:elect\b.{1,100}?\b(?:(?:(?:length|count)\b.{1,100}?|.*?\bdump\b.*)\bfrom|to(?:p\b.{1,100}?\bfrom|_(?:numbe|cha)r)|(?:from\b.{1,100}?\bwher|data_typ)e|instr)|ys_context)|in(?:to\b\W*?\b(?:dump|out)file|sert\b\W*?\binto|ner\b\W*?\bjoin)|u(?:nion\b.{1,100}?\bselect|tl_inaddr)|group\b.*?\bby\b.{1,100}?\bhaving|d(?:elete\b\W*?\bfrom|bms_\w+\.)|load\b\W*?\bdata\b.*?\binfile)\b|print\b\W*?\@\@)|(?:;\W*?\b(?:shutdown|drop)|collation\W*?\(a|\@\@version)\b|'(?:s(?:qloledb|a)|msdasql|dbo)'))#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){12})/ " , "@(?:/\*!?|\*/|[';]--|--[\s\r\n\v\f]|--[^-]*?-|[^&-]#.*?[\s\r\n\v\f]|;?\\x00)@" , "#(?i:(?:\A|[^\d])0x[a-f\d]{3,})#" , " (?:`((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)`)" );
5
+ $score['SQL'][2] = array( 3 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 3 , 5 , 5 , 5 );
6
+ $regex['SQL'][3] = array( "#(?i)\W+\d*?\s*?having\s*?[^\s\-]#" , "#[\'`][\s\d]*?[^\w\s]\W*?\d\W*?.*?[\'`\d]#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){8})/ " , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){6})/ " , " /(?:'((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)')/ " );
7
+ $score['SQL'][3] = array( 5 , 5 , 3 , 3 , 3 , 5 );
8
+ $regex['SQL'][4] = array( "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){3})/ " , " /((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){2})/" );
9
+ $score['SQL'][4] = array( 3 , 3 );
10
+
11
  ?>
handler/signature/APXSS.php CHANGED
@@ -1,7 +1,7 @@
1
- <?php
2
-
3
- $regex['XSS'][1] = array( "#(?i)<script[^>]*>[\s\S]*?#" , "#(?i)[\s\'`;\/0-9=\x0B\x09\x0C\x3B\x2C\x28\x3B]+on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=#" , "#(?i)[\s\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\/html|formaction|\@import|base64)\b|pattern\b.*?=)#" , "#(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\b[^>]*?>[\s\S]*?|(?:=|U\s*?R\s*?L\s*?\()\s*?[^>]*?\s*?S\s*?C\s*?R\s*?I\s*?P\s*?T\s*?:)#" , "#(?i:(?:<\w[\s\S]*[\s\/]|['\](?:[\s\S]*[\s\/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|(?:peech|ound)(?:start|end)|u(?:ccess|spend|bmit)|croll|how)|m(?:o(?:z(?:(?:pointerlock|fullscreen)(?:change|error)|(?:orientation|time)change|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|b(?:e(?:fore(?:(?:(?:de)?activa|scriptexecu)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ransition(?:cancel|end|run)|ime(?:update|out)|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom)|s(?:tyle|rc)|background|formaction|lowsrc|ping)[\s\x08]*?=|<[^\w<>]*(?:[^<>\'\s]*:)?[^\w<>]*\W*?(?:(?:a\W*?(?:n\W*?i\W*?m\W*?a\W*?t\W*?e|p\W*?p\W*?l\W*?e\W*?t|u\W*?d\W*?i\W*?o)|b\W*?(?:i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|a\W*?s\W*?e|o\W*?d\W*?y)|i?\W*?f\W*?r\W*?a\W*?m\W*?e|o\W*?b\W*?j\W*?e\W*?c\W*?t|i\W*?m\W*?a?\W*?g\W*?e?|e\W*?m\W*?b\W*?e\W*?d|p\W*?a\W*?r\W*?a\W*?m|v\W*?i\W*?d\W*?e\W*?o|l\W*?i\W*?n\W*?k)[^>\w]|s\W*?(?:c\W*?r\W*?i\W*?p\W*?t|t\W*?y\W*?l\W*?e|e\W*?t[^>\w]|v\W*?g)|m\W*?(?:a\W*?r\W*?q\W*?u\W*?e\W*?e|e\W*?t\W*?a[^>\w])|f\W*?o\W*?r\W*?m)#" , "%(?i:<style.*?>.*?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))%" , "#(?i:<.*[:]?vmlframe.*?[\s/+]*?src[\s/+]*=)#" , "@(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)@" , "@(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)@" , "#(?i)<EMBED[\s/+].*?(?:src|type).*?=#" , "#<[?]?import[\s\/+\S]*?implementation[\s\/+]*?=#" , "@(?i:<META[\s/+].*?http-equiv[\s/+]*=[\s/+]*[\'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))@" , "#(?i:<META[\s/+].*?charset[\s/+]*=)#" , "#(?i)<LINK[\s/+].*?href[\s/+]*=#" , "#(?i)<BASE[\s/+].*?href[\s/+]*=#" , "#(?i)<APPLET[\s/+>]#" , "#(?i)<OBJECT[\s/+].*?(?:type|codetype|classid|code|data)[\s/+]*=#" , "#(?:¾|¼).*(?:¾|¼|>)|(?:¾|¼|<).*(?:¾|¼)#" , "#(?:\+ADw\-|\+AD4\-).*(?:\+ADw\-|\+AD4\-|>)|(?:\+ADw\-|\+AD4\-|<).*(?:\+ADw\-|\+AD4\-)#" , "#![!+]\[\]#" , " #(?:self|document|this|top|window)\s*\)*(?:\[[^\]]+\]|\.\s*document|\.\s*cookie)#" );
4
- $score['XSS'][1] = array( 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 );
5
- $regex['XSS'][2] = array( "#(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=#" , "#<(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)\W#" , "#(?i:[\'][]*(?:[^a-z0-9~_:']|in).*?(?:(?:l|\\\\u006C)(?:o|\\\\u006F)(?:c|\\\\u0063)(?:a|\\\\u0061)(?:t|\\\\u0074)(?:i|\\\\u0069)(?:o|\\\\u006F)(?:n|\\\\u006E)|(?:n|\\\\u006E)(?:a|\\\\u0061)(?:m|\\\\u006D)(?:e|\\\\u0065)|(?:o|\\\\u006F)(?:n|\\\\u006E)(?:e|\\\\u0065)(?:r|\\\\u0072)(?:r|\\\\u0072)(?:o|\\\\u006F)(?:r|\\\\u0072)|(?:v|\\\\u0076)(?:a|\\\\u0061)(?:l|\\\\u006C)(?:u|\\\\u0075)(?:e|\\\\u0065)(?:O|\\\\u004F)(?:f|\\\\u0066)).*?=)#" , "#(?i)[\\'][]*(?:[^a-z0-9~_:\']|in).+?[.].+?=#" , " {{.*?}}" );
6
- $score['XSS'][2] = array( 5 , 5 , 5 , 5 , 5 );
7
  ?>
1
+ <?php
2
+
3
+ $regex['XSS'][1] = array( "#(?i)<script[^>]*>[\s\S]*?#" , "#(?i)[\s\'`;\/0-9=\x0B\x09\x0C\x3B\x2C\x28\x3B]+on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=#" , "#(?i)[\s\S]((?:x(?:link:href|html|mlns)|!ENTITY.*?(?:SYSTEM|PUBLIC)|data:text\/html|formaction|\@import|base64)\b|pattern\b.*?=)#" , "#(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\b[^>]*?>[\s\S]*?|(?:=|U\s*?R\s*?L\s*?\()\s*?[^>]*?\s*?S\s*?C\s*?R\s*?I\s*?P\s*?T\s*?:)#" , "#(?i:(?:<\w[\s\S]*[\s\/]|['\](?:[\s\S]*[\s\/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|(?:peech|ound)(?:start|end)|u(?:ccess|spend|bmit)|croll|how)|m(?:o(?:z(?:(?:pointerlock|fullscreen)(?:change|error)|(?:orientation|time)change|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|b(?:e(?:fore(?:(?:(?:de)?activa|scriptexecu)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ransition(?:cancel|end|run)|ime(?:update|out)|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom)|s(?:tyle|rc)|background|formaction|lowsrc|ping)[\s\x08]*?=|<[^\w<>]*(?:[^<>\'\s]*:)?[^\w<>]*\W*?(?:(?:a\W*?(?:n\W*?i\W*?m\W*?a\W*?t\W*?e|p\W*?p\W*?l\W*?e\W*?t|u\W*?d\W*?i\W*?o)|b\W*?(?:i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|a\W*?s\W*?e|o\W*?d\W*?y)|i?\W*?f\W*?r\W*?a\W*?m\W*?e|o\W*?b\W*?j\W*?e\W*?c\W*?t|i\W*?m\W*?a?\W*?g\W*?e?|e\W*?m\W*?b\W*?e\W*?d|p\W*?a\W*?r\W*?a\W*?m|v\W*?i\W*?d\W*?e\W*?o|l\W*?i\W*?n\W*?k)[^>\w]|s\W*?(?:c\W*?r\W*?i\W*?p\W*?t|t\W*?y\W*?l\W*?e|e\W*?t[^>\w]|v\W*?g)|m\W*?(?:a\W*?r\W*?q\W*?u\W*?e\W*?e|e\W*?t\W*?a[^>\w])|f\W*?o\W*?r\W*?m)#" , "%(?i:<style.*?>.*?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))%" , "#(?i:<.*[:]?vmlframe.*?[\s/+]*?src[\s/+]*=)#" , "@(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)@" , "@(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)@" , "#(?i)<EMBED[\s/+].*?(?:src|type).*?=#" , "#<[?]?import[\s\/+\S]*?implementation[\s\/+]*?=#" , "@(?i:<META[\s/+].*?http-equiv[\s/+]*=[\s/+]*[\'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))@" , "#(?i:<META[\s/+].*?charset[\s/+]*=)#" , "#(?i)<LINK[\s/+].*?href[\s/+]*=#" , "#(?i)<BASE[\s/+].*?href[\s/+]*=#" , "#(?i)<APPLET[\s/+>]#" , "#(?i)<OBJECT[\s/+].*?(?:type|codetype|classid|code|data)[\s/+]*=#" , "#(?:¾|¼).*(?:¾|¼|>)|(?:¾|¼|<).*(?:¾|¼)#" , "#(?:\+ADw\-|\+AD4\-).*(?:\+ADw\-|\+AD4\-|>)|(?:\+ADw\-|\+AD4\-|<).*(?:\+ADw\-|\+AD4\-)#" , "#![!+]\[\]#" , " #(?:self|document|this|top|window)\s*\)*(?:\[[^\]]+\]|\.\s*document|\.\s*cookie)#" );
4
+ $score['XSS'][1] = array( 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 );
5
+ $regex['XSS'][2] = array( "#(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=#" , "#<(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)\W#" , "#(?i:[\'][]*(?:[^a-z0-9~_:']|in).*?(?:(?:l|\\\\u006C)(?:o|\\\\u006F)(?:c|\\\\u0063)(?:a|\\\\u0061)(?:t|\\\\u0074)(?:i|\\\\u0069)(?:o|\\\\u006F)(?:n|\\\\u006E)|(?:n|\\\\u006E)(?:a|\\\\u0061)(?:m|\\\\u006D)(?:e|\\\\u0065)|(?:o|\\\\u006F)(?:n|\\\\u006E)(?:e|\\\\u0065)(?:r|\\\\u0072)(?:r|\\\\u0072)(?:o|\\\\u006F)(?:r|\\\\u0072)|(?:v|\\\\u0076)(?:a|\\\\u0061)(?:l|\\\\u006C)(?:u|\\\\u0075)(?:e|\\\\u0065)(?:O|\\\\u004F)(?:f|\\\\u0066)).*?=)#" , "#(?i)[\\'][]*(?:[^a-z0-9~_:\']|in).+?[.].+?=#" , " {{.*?}}" );
6
+ $score['XSS'][2] = array( 5 , 5 , 5 , 5 , 5 );
7
  ?>
handler/twofa/class_miniorange_2fa_strong_password.php CHANGED
@@ -1,111 +1,108 @@
1
- <?php
2
-
3
- class class_miniorange_2fa_strong_password {
4
-
5
- function __construct(){
6
-
7
- add_option( 'mo2f_enforce_strong_passswords', false);
8
-
9
- }
10
-
11
- public static function woocommerce_password_protection($errors, $username, $password, $email) {
12
- if ($password == false) { return $errors; }
13
- if ($errors->get_error_data("pass")) { return $errors; }
14
-
15
- $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
16
-
17
- if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
18
- $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
19
- return $errors;
20
- }
21
-
22
- return $errors;
23
- }
24
- public static function validatePassword($errors, $update, $userData){
25
- $Users = get_option('mo2f_enforce_strong_passswords_for_accounts');
26
- $UserRole = $_POST['role'];
27
- if(is_null($UserRole) and $Users == 'user')
28
- {
29
- return true;
30
- }
31
-
32
- if($Users == 'all' or ($Users == 'admin' and $UserRole == 'administrator') or ($Users == 'user' and $UserRole != 'administrator' ) or ($Users == 'admin' and is_null($UserRole)))
33
- {
34
- $password = (isset($_POST['pass1']) && trim($_POST['pass1'])) ? $_POST['pass1'] : false;
35
- $password=($password==false)?(isset($_POST['password_1'])?$_POST['password_1']:false):$password ;
36
- $user_id = isset($userData->ID) ? $userData->ID : false;
37
- $username = isset($_POST["user_login"]) ? $_POST["user_login"] : (isset($userData->user_login)?$userData->user_login:$userData->user_email);
38
-
39
- if ($password == false) { return $errors; }
40
- if ($errors->get_error_data("pass")) { return $errors; }
41
-
42
- $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
43
- if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
44
- $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
45
- return $errors;
46
- }
47
-
48
- return $errors;
49
- }
50
-
51
- return true;
52
- }
53
- public static function woocommerce_password_registration_protection($errors, $username, $email) {
54
- if(get_option( 'woocommerce_registration_generate_password' )=='yes')
55
- return $errors;
56
- $password=$_POST['account_password'];
57
- return class_miniorange_2fa_strong_password::is_validPassword($errors, $username, $password);
58
- }
59
-
60
- public static function woocommerce_password_edit_account($errors, $user) {
61
- $password=$_POST['password_1'];
62
- $user =get_userdata($user->ID);
63
- $username=$user->user_login;
64
- $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
65
-
66
- if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
67
- $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
68
- return $errors;
69
- }
70
- }
71
-
72
- public static function is_validPassword($errors, $username, $password){
73
-
74
- $enforceStrongPasswds = get_option('mo2f_enforce_strong_passswords');
75
- if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
76
- $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
77
- return $errors;
78
- }
79
-
80
- return $errors;
81
-
82
- }
83
- public static function mo2f_isStrongPasswd($passwd, $username ) {
84
- $strength = 0;
85
-
86
- if(strlen( trim( $passwd ) ) < 5)
87
- return false;
88
-
89
- if(strtolower( $passwd ) == strtolower( $username ) )
90
- return false;
91
-
92
- if(preg_match('/(?:password|passwd|mypass|wordpress)/i', $passwd)){
93
- return false;
94
- }
95
- if($num = preg_match_all( "/\d/", $passwd, $matches) ){
96
- $strength += ((int)$num * 10);
97
- }
98
- if ( preg_match( "/[a-z]/", $passwd ) )
99
- $strength += 26;
100
- if ( preg_match( "/[A-Z]/", $passwd ) )
101
- $strength += 26;
102
- if ($num = preg_match_all( "/[^a-zA-Z0-9]/", $passwd, $matches)){
103
- $strength += (31 * (int)$num);
104
-
105
- }
106
- if($strength > 60){
107
- return true;
108
- }
109
- }
110
- }
111
  ?>
1
+ <?php
2
+
3
+ class class_miniorange_2fa_strong_password {
4
+
5
+ function __construct(){
6
+ }
7
+
8
+ public static function woocommerce_password_protection($errors, $username, $password, $email) {
9
+ if ($password == false) { return $errors; }
10
+ if ($errors->get_error_data("pass")) { return $errors; }
11
+
12
+ $enforceStrongPasswds = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option');
13
+
14
+ if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
15
+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
16
+ return $errors;
17
+ }
18
+
19
+ return $errors;
20
+ }
21
+ public static function validatePassword($errors, $update, $userData){
22
+ $Users = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option');
23
+ $UserRole = $_POST['role'];
24
+ if(is_null($UserRole) and $Users == 'user')
25
+ {
26
+ return true;
27
+ }
28
+
29
+ if($Users == 'all' or ($Users == 'admin' and $UserRole == 'administrator') or ($Users == 'user' and $UserRole != 'administrator' ) or ($Users == 'admin' and is_null($UserRole)))
30
+ {
31
+ $password = (isset($_POST['pass1']) && trim($_POST['pass1'])) ? $_POST['pass1'] : false;
32
+ $password=($password==false)?(isset($_POST['password_1'])?$_POST['password_1']:false):$password ;
33
+ $user_id = isset($userData->ID) ? $userData->ID : false;
34
+ $username = isset($_POST["user_login"]) ? $_POST["user_login"] : (isset($userData->user_login)?$userData->user_login:$userData->user_email);
35
+
36
+ if ($password == false) { return $errors; }
37
+ if ($errors->get_error_data("pass")) { return $errors; }
38
+
39
+ $enforceStrongPasswds = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option');
40
+ if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
41
+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
42
+ return $errors;
43
+ }
44
+
45
+ return $errors;
46
+ }
47
+
48
+ return true;
49
+ }
50
+ public static function woocommerce_password_registration_protection($errors, $username, $email) {
51
+ if(get_option( 'woocommerce_registration_generate_password' )=='yes')
52
+ return $errors;
53
+ $password=$_POST['account_password'];
54
+ return class_miniorange_2fa_strong_password::is_validPassword($errors, $username, $password);
55
+ }
56
+
57
+ public static function woocommerce_password_edit_account($errors, $user) {
58
+ $password=$_POST['password_1'];
59
+ $user =get_userdata($user->ID);
60
+ $username=$user->user_login;
61
+ $enforceStrongPasswds = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option');
62
+
63
+ if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
64
+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
65
+ return $errors;
66
+ }
67
+ }
68
+
69
+ public static function is_validPassword($errors, $username, $password){
70
+
71
+ $enforceStrongPasswds = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option');
72
+ if ($enforceStrongPasswds && !class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($password, $username)) {
73
+ $errors->add('pass', __('Please choose a stronger password. Try including numbers, symbols, and a mix of upper and lowercase letters and remove common words.'));
74
+ return $errors;
75
+ }
76
+
77
+ return $errors;
78
+
79
+ }
80
+ public static function mo2f_isStrongPasswd($passwd, $username ) {
81
+ $strength = 0;
82
+
83
+ if(strlen( trim( $passwd ) ) < 5)
84
+ return false;
85
+
86
+ if(strtolower( $passwd ) == strtolower( $username ) )
87
+ return false;
88
+
89
+ if(preg_match('/(?:password|passwd|mypass|wordpress)/i', $passwd)){
90
+ return false;
91
+ }
92
+ if($num = preg_match_all( "/\d/", $passwd, $matches) ){
93
+ $strength += ((int)$num * 10);
94
+ }
95
+ if ( preg_match( "/[a-z]/", $passwd ) )
96
+ $strength += 26;
97
+ if ( preg_match( "/[A-Z]/", $passwd ) )
98
+ $strength += 26;
99
+ if ($num = preg_match_all( "/[^a-zA-Z0-9]/", $passwd, $matches)){
100
+ $strength += (31 * (int)$num);
101
+
102
+ }
103
+ if($strength > 60){
104
+ return true;
105
+ }
106
+ }
107
+ }
 
 
 
108
  ?>
handler/twofa/encryption.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
- /**
3
- * @package miniOrange
4
- * @author miniOrange Security Software Pvt. Ltd.
5
- * @license GNU/GPLv3
6
- * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
- *
8
- *
9
- * This file is part of miniOrange Gauth plugin.
10
- */
11
-
12
- class mo2f_GAuth_AESEncryption {
13
- /**
14
- * @param string $data - the key=value pairs separated with &
15
- * @return string
16
- */
17
- public static function encrypt_data_ga($data, $key) {
18
- $plaintext = $data;
19
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
- $iv = openssl_random_pseudo_bytes($ivlen);
21
- $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
- $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
- $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
- return $ciphertext;
25
- }
26
-
27
-
28
- /**
29
- * @param string $data - crypt response from Sagepay
30
- * @return string
31
- */
32
- public static function decrypt_data($data, $key) {
33
- $c = base64_decode($data);
34
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
- $iv = substr($c, 0, $ivlen);
36
- $hmac = substr($c, $ivlen, $sha2len=32);
37
- $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
- $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
- $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
-
41
-
42
- return $original_plaintext;
43
- }
44
-
45
- }
46
  ?>
1
+ <?php
2
+ /**
3
+ * @package miniOrange
4
+ * @author miniOrange Security Software Pvt. Ltd.
5
+ * @license GNU/GPLv3
6
+ * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
+ *
8
+ *
9
+ * This file is part of miniOrange Gauth plugin.
10
+ */
11
+
12
+ class mo2f_GAuth_AESEncryption {
13
+ /**
14
+ * @param string $data - the key=value pairs separated with &
15
+ * @return string
16
+ */
17
+ public static function encrypt_data_ga($data, $key) {
18
+ $plaintext = $data;
19
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
+ $iv = openssl_random_pseudo_bytes($ivlen);
21
+ $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
+ $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
+ $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
+ return $ciphertext;
25
+ }
26
+
27
+
28
+ /**
29
+ * @param string $data - crypt response from Sagepay
30
+ * @return string
31
+ */
32
+ public static function decrypt_data($data, $key) {
33
+ $c = base64_decode($data);
34
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
+ $iv = substr($c, 0, $ivlen);
36
+ $hmac = substr($c, $ivlen, $sha2len=32);
37
+ $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
+ $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
+ $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
+
41
+
42
+ return $original_plaintext;
43
+ }
44
+
45
+ }
46
  ?>
handler/twofa/setup_twofa.php CHANGED
@@ -1,877 +1,918 @@
1
- <?php
2
- $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup'.DIRECTORY_SEPARATOR;
3
- $test_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'test'.DIRECTORY_SEPARATOR;
4
- include $setup_dirName.'setup_google_authenticator.php';
5
- include $setup_dirName.'setup_google_authenticator_onpremise.php';
6
- include $setup_dirName.'setup_authy_authenticator.php';
7
- include $setup_dirName.'setup_kba_questions.php';
8
- include $setup_dirName.'setup_miniorange_authenticator.php';
9
- include $setup_dirName.'setup_otp_over_sms.php';
10
- include $test_dirName.'test_twofa_email_verification.php';
11
- include $test_dirName.'test_twofa_google_authy_authenticator.php';
12
- include $test_dirName.'test_twofa_miniorange_qrcode_authentication.php';
13
- include $test_dirName.'test_twofa_kba_questions.php';
14
- include $test_dirName.'test_twofa_miniorange_push_notification.php';
15
- include $test_dirName.'test_twofa_miniorange_soft_token.php';
16
- include $test_dirName.'test_twofa_otp_over_sms.php';
17
-
18
- function mo2f_decode_2_factor( $selected_2_factor_method, $decode_type ) {
19
-
20
- if ( $selected_2_factor_method == 'NONE' ) {
21
- return $selected_2_factor_method;
22
- }else if($selected_2_factor_method == "OTP Over Email")
23
- {
24
- $selected_2_factor_method = "EMAIL";
25
- }
26
-
27
- $wpdb_2fa_methods = array(
28
- "miniOrangeQRCodeAuthentication" => "miniOrange QR Code Authentication",
29
- "miniOrangeSoftToken" => "miniOrange Soft Token",
30
- "miniOrangePushNotification" => "miniOrange Push Notification",
31
- "GoogleAuthenticator" => "Google Authenticator",
32
- "AuthyAuthenticator" => "Authy Authenticator",
33
- "SecurityQuestions" => "Security Questions",
34
- "EmailVerification" => "Email Verification",
35
- "OTPOverSMS" => "OTP Over SMS",
36
- "OTPOverEmail" => "OTP Over Email",
37
- "EMAIL" => "OTP Over Email",
38
- );
39
-
40
- $server_2fa_methods = array(
41
- "miniOrange QR Code Authentication" => "MOBILE AUTHENTICATION",
42
- "miniOrange Soft Token" => "SOFT TOKEN",
43
- "miniOrange Push Notification" => "PUSH NOTIFICATIONS",
44
- "Google Authenticator" => "GOOGLE AUTHENTICATOR",
45
- "Authy Authenticator" => "GOOGLE AUTHENTICATOR",
46
- "Security Questions" => "KBA",
47
- "Email Verification" => "OUT OF BAND EMAIL",
48
- "OTP Over SMS" => "SMS",
49
- "EMAIL" => "OTP Over Email",
50
- "OTPOverEmail" => "OTP Over Email"
51
- );
52
-
53
- $server_to_wpdb_2fa_methods = array(
54
- "MOBILE AUTHENTICATION" => "miniOrange QR Code Authentication",
55
- "SOFT TOKEN" => "miniOrange Soft Token",
56
- "PUSH NOTIFICATIONS" => "miniOrange Push Notification",
57
- "GOOGLE AUTHENTICATOR" => "Google Authenticator",
58
- "KBA" => "Security Questions",
59
- "OUT OF BAND EMAIL" => "Email Verification",
60
- "SMS" => "OTP Over SMS",
61
- "EMAIL" => "OTP Over Email",
62
- "OTPOverEmail" => "OTP Over Email",
63
- "OTP OVER EMAIL" => "OTP Over Email",
64
- );
65
- $methodname='';
66
- if ( $decode_type == "wpdb" ) {
67
- $methodname = isset($wpdb_2fa_methods[ $selected_2_factor_method ])?$wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
68
- } else if ( $decode_type == "server" ) {
69
- $methodname = isset($server_2fa_methods[ $selected_2_factor_method ])?$server_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
70
- } else {
71
- $methodname = isset($server_to_wpdb_2fa_methods[ $selected_2_factor_method ])?$server_to_wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
72
- }
73
- return $methodname;
74
-
75
- }
76
-
77
-
78
- function mo2f_create_2fa_form( $user, $category, $auth_methods, $can_display_admin_features='' ) {
79
- global $Mo2fdbQueries;
80
- $all_two_factor_methods = array(
81
- "miniOrange QR Code Authentication",
82
- "miniOrange Soft Token",
83
- "miniOrange Push Notification",
84
- "Google Authenticator",
85
- "Security Questions",
86
- "OTP Over SMS",
87
- "OTP Over Email",
88
- "Authy Authenticator",
89
- "Email Verification",
90
- "OTP Over SMS and Email",
91
- "Hardware Token"
92
- );
93
- $two_factor_methods_descriptions = array(
94
- ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
95
- "miniOrange QR Code Authentication" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
96
- "miniOrange Soft Token" => "Enter the soft token from the account in your miniOrange Authenticator App to login.",
97
- "miniOrange Push Notification" => "Accept a push notification in your miniOrange Authenticator App to login.",
98
- "Google Authenticator" => "Enter the soft token from the account in your <b>Google/Authy/LastPass Authenticator App</b> to login.",
99
- "Security Questions" => "Answer the three security questions you had set, to login.",
100
- "OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
101
- "OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
102
- "Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
103
- "Email Verification" => "Accept the verification link sent to your email to login.",
104
- "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
105
- "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
106
- );
107
- $two_factor_methods_doc = array(
108
- "Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
109
- "Google Authenticator" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/google-authenticator",
110
- "miniOrange QR Code Authentication" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-QR-code",
111
- "Email Verification" => "",
112
- "miniOrange Soft Token" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-soft-token",
113
- "miniOrange Push Notification" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-push-notification",
114
- "Authy Authenticator" => "",
115
- "OTP Over SMS" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-otp-over-sms",
116
- "OTP Over Email" => "",
117
- "OTP Over SMS and Email" => "",
118
- "Hardware Token" => "",
119
- "" => ""
120
- );
121
- $two_factor_methods_video = array(
122
- "Security Questions" => "",
123
- "Google Authenticator" => "https://www.youtube.com/watch?v=vVGXjedIaGs",
124
- "miniOrange QR Code Authentication" => "",
125
- "Email Verification" => "",
126
- "miniOrange Soft Token" => "",
127
- "miniOrange Push Notification" => "",
128
- "Authy Authenticator" => "",
129
- "OTP Over SMS" => "",
130
- "OTP Over Email" => "",
131
- "OTP Over SMS and Email" => "",
132
- "Hardware Token" => "",
133
- "" => ""
134
- );
135
-
136
- $two_factor_methods_EC = array_slice( $all_two_factor_methods, 0, 9 );
137
- $two_factor_methods_NC = array_slice( $all_two_factor_methods, 0, 7 );
138
- if(MO2F_IS_ONPREM or $category != 'free_plan')
139
- {
140
- $all_two_factor_methods = array(
141
- "Security Questions",
142
- "Google Authenticator",
143
- "Email Verification",
144
- "miniOrange QR Code Authentication",
145
- "miniOrange Soft Token",
146
- "miniOrange Push Notification",
147
- "Authy Authenticator",
148
- "OTP Over SMS",
149
- "OTP Over Email",
150
- "OTP Over SMS and Email",
151
- "Hardware Token"
152
- );
153
- $two_factor_methods_descriptions = array(
154
- ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
155
- "Security Questions" => "Answer the three security questions you had set, to login.",
156
- "Google Authenticator" => "Enter the soft token from the account in your <b>Google/Authy/LastPass Authenticator App</b> to login.",
157
- "Email Verification" => "Accept the verification link sent to your email to login.",
158
- "miniOrange QR Code Authentication" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
159
- "miniOrange Soft Token" => "Enter the soft token from the account in your miniOrange Authenticator App to login.",
160
- "miniOrange Push Notification" => "Accept a push notification in your miniOrange Authenticator App to login.",
161
- "Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
162
- "OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
163
- "OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
164
- "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
165
- "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
166
- );
167
- }
168
-
169
- $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
170
- $can_user_configure_2fa_method = $can_display_admin_features || ( !$can_display_admin_features && $is_customer_registered );
171
- $is_NC = get_option( 'mo2f_is_NC' );
172
- $is_EC = ! $is_NC;
173
-
174
- $form = '<div class="overlay1" id="overlay" hidden ></div>';
175
- $form .= '<form name="f" method="post" action="" id="mo2f_save_' . $category . '_auth_methods_form">
176
- <div id="mo2f_' . $category . '_auth_methods" >
177
- <br>
178
- <table class="mo2f_auth_methods_table">';
179
-
180
- for ( $i = 0; $i < count( $auth_methods ); $i ++ ) {
181
-
182
- $form .= '<tr>';
183
- for ( $j = 0; $j < count( $auth_methods[ $i ] ); $j ++ ) {
184
- $auth_method = $auth_methods[ $i ][ $j ];
185
- if(MO2F_IS_ONPREM and $category =='free_plan')
186
- {
187
-
188
- if($auth_method != 'Email Verification' and $auth_method != 'Security Questions' and $auth_method != 'Google Authenticator' and $auth_method !='miniOrange QR Code Authentication' and $auth_method !='miniOrange Soft Token' and $auth_method != 'miniOrange Push Notification' and $auth_method != 'OTP Over SMS' and $auth_method != 'OTP Over Email')
189
- {
190
- //continue;
191
- }
192
- }
193
- $auth_method_abr = str_replace( ' ', '', $auth_method );
194
- $configured_auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
195
- $is_auth_method_selected = ( $configured_auth_method == $auth_method ? true : false );
196
-
197
- $is_auth_method_av = false;
198
- if ( ( $is_EC && in_array( $auth_method, $two_factor_methods_EC ) ) ||
199
- ( $is_NC && in_array( $auth_method, $two_factor_methods_NC ) ) ) {
200
- $is_auth_method_av = true;
201
- }
202
-
203
- $thumbnail_height = $is_auth_method_av && $category == 'free_plan' ? 190 : 160;
204
- $is_image = $auth_method == "" ? 0 :1;
205
-
206
- $form .= '<td style="width:33%;height: 203px;">
207
- <div class="mo2f_thumbnail" id="'.$auth_method_abr.'_thumbnail_2_factor" style="height:' . $thumbnail_height . 'px;border:1px solid ';
208
- if(MO2F_IS_ONPREM)
209
- {
210
- $iscurrentMethod = 0;
211
- $currentMethod = $configured_auth_method;
212
- if($currentMethod == $auth_method)
213
- $iscurrentMethod = 1;
214
-
215
- $form .= $iscurrentMethod ? '#48b74b' : '#20b2aa';
216
- $form .= ';border-top:3px solid ';
217
- $form .= $iscurrentMethod ? '#48b74b' : '#20b2aa';
218
- $form .= ';">';
219
- }
220
- else
221
- {
222
- $form .= $is_auth_method_selected ? '#48b74b' : '#20b2aa';
223
- $form .= ';border-top:3px solid ';
224
- $form .= $is_auth_method_selected ? '#48b74b' : '#20b2aa';
225
- $form .= ';">';
226
-
227
- }
228
- $form .= '<div>
229
- <div class="mo2f_thumbnail_method" style="width:100%";>
230
- <div style="width: 17%; float:left;padding-top:5px;padding-left:5px;">';
231
-
232
- if($is_image){
233
- $form .= '<img src="' . plugins_url( "includes/images/authmethods/" . $auth_method_abr . ".png", dirname(dirname(__FILE__ ))) . '" style="width: 40px;height: 40px !important; " line-height: 80px;" />';
234
- }
235
-
236
- $form .= '</div>
237
- <div class="mo2f_thumbnail_method_desc" style="padding: 8px;width: 83%;">';
238
- switch ($auth_method) {
239
- case 'Google Authenticator':
240
- $form .=' <span style="float:right">
241
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
242
- <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
243
-
244
- </a>
245
-
246
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
247
- <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
248
- </a>
249
- </span>';
250
- break;
251
-
252
- case 'Security Questions':
253
- $form .=' <span style="float:right">
254
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
255
- <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
256
-
257
- </a>
258
-
259
-
260
- </span>';
261
- break;
262
-
263
- case 'OTP Over SMS':
264
- $form .=' <span style="float:right">
265
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
266
- <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
267
-
268
- </a>
269
-
270
-
271
- </span>';
272
- break;
273
-
274
-
275
- case 'miniOrange Soft Token':
276
- $form .=' <span style="float:right">
277
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
278
- <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
279
-
280
- </a>
281
-
282
-
283
- </span>';
284
-
285
- break;
286
-
287
- case 'miniOrange QR Code Authentication':
288
- $form .=' <span style="float:right">
289
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
290
- <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
291
-
292
- </a>
293
-
294
-
295
- </span>';
296
-
297
- break;
298
-
299
- case 'miniOrange Push Notification':
300
- $form .=' <span style="float:right">
301
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
302
- <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
303
-
304
- </a>
305
-
306
-
307
- </span>';
308
- break;
309
-
310
- default:
311
- {$form .= "";}
312
- break;
313
- }
314
- $form .=' <b>' . $auth_method .
315
- '</b><br>
316
- <p style="padding:0px; padding-left:0px;font-size: 14px;"> ' . $two_factor_methods_descriptions[ $auth_method ] . '</p>
317
-
318
- </div>
319
- </div>
320
- </div>';
321
-
322
- if ( $is_auth_method_av && $category == 'free_plan' ) {
323
-
324
- $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
325
-
326
- $form .= '<div style="height:40px;width:100%;position: absolute;bottom: 0;background-color:';
327
- $iscurrentMethod = 0;
328
- if(MO2F_IS_ONPREM)
329
- {
330
- $currentMethod = $configured_auth_method;
331
- if($currentMethod == $auth_method)
332
- $iscurrentMethod = 1;
333
- $form .= $iscurrentMethod ? '#48b74b' : '#20b2aa';
334
- }
335
- else
336
- $form .= $is_auth_method_selected ? '#48b74b' : '#20b2aa';
337
- if(MO2F_IS_ONPREM)
338
- {
339
- $twofactor_transactions = new Mo2fDB;
340
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user->ID);
341
- if($exceeded){
342
- if(empty($configured_auth_method)){
343
- $can_user_configure_2fa_method = false;
344
- }
345
- else{
346
- $can_user_configure_2fa_method = true;
347
- }
348
- }
349
- else{
350
- $can_user_configure_2fa_method = true;
351
- }
352
- $is_customer_registered = true;
353
- $user = wp_get_current_user();
354
- $form .= ';color:white">';
355
-
356
- $check = $is_customer_registered? true : false;
357
- $show = 0;
358
-
359
-
360
-
361
- $cloud_methods = array('miniOrange QR Code Authentication' , 'miniOrange Soft Token','miniOrange Push Notification');
362
-
363
- if($auth_method == 'Email Verification' || $auth_method == 'Security Questions' || $auth_method == 'Google Authenticator' || $auth_method == 'miniOrange QR Code Authentication' || $auth_method =='miniOrange Soft Token' || $auth_method == 'miniOrange Push Notification' || $auth_method == 'OTP Over SMS' || $auth_method == 'OTP Over Email')
364
- {
365
- $show = 1;
366
- }
367
-
368
- if ( $check ) {
369
- $form .= '<div class="mo2f_configure_2_factor">
370
- <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\');"';
371
- $form .= $show==1 ? "" : " disabled ";
372
- $form .= '>';
373
- if($show)
374
- $form .= $is_auth_method_configured? 'Reconfigure' : 'Configure';
375
- else
376
- $form .= 'Available in cloud solution';
377
- $form .= '</button></div>';
378
- }
379
- if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM) {
380
- $form .= '<div class="mo2f_set_2_factor">
381
- <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\');"';
382
- $form .= $can_user_configure_2fa_method ? "" : " disabled ";
383
- $form .= $show==1 ? "" : " disabled ";
384
- if($show == 1 and $is_auth_method_configured and $iscurrentMethod == 0)
385
- $form .= '>Set as 2-factor</button>
386
- </div>';
387
- }
388
-
389
- $form .= '</div>';
390
-
391
- }
392
- else
393
- {
394
- if(get_option('mo2f_miniorange_admin'))
395
- $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
396
- else
397
- $allowed = 1;
398
- $cloudswitch = 0;
399
- if(!$allowed)
400
- $allowed = 2;
401
- $form .= ';color:white">';
402
- $check = !$is_customer_registered? true : ($auth_method != "Email Verification" and $auth_method != "OTP Over Email"? true : false);
403
-
404
- if ( $check ) {
405
- $form .= '<div class="mo2f_configure_2_factor">
406
- <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\','.$cloudswitch.','.$allowed.');"';
407
- $form .= $can_user_configure_2fa_method ? "" : " ";
408
- $form .= '>';
409
- $form .= $is_auth_method_configured ? 'Reconfigure' : 'Configure';
410
- $form .= '</button></div>';
411
- }
412
-
413
- if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM ) {
414
- $form .= '<div class="mo2f_set_2_factor">
415
- <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\','.$cloudswitch.','.$allowed.');"';
416
- $form .= $can_user_configure_2fa_method ? "" : " ";
417
- $form .= '>Set as 2-factor</button>
418
- </div>';
419
- }
420
-
421
- $form .= '</div>';
422
- }
423
- }
424
- $form .= '</div></div></td>';
425
- }
426
-
427
- $form .= '</tr>';
428
- }
429
-
430
-
431
- $form .= '</table>';
432
- if( $category!="free_plan")
433
- if(current_user_can('administrator')){
434
- $form .= '<div style="background-color: #f1f1f1;padding:10px">
435
- <p style="font-size:16px;margin-left: 1%">In addition to these authentication methods, for other features in this plan, <a href="admin.php?page=mo_2fa_upgrade"><i>Click here.</i></a></p>
436
- </div>';
437
- }
438
-
439
- $form .= '</div> <input type="hidden" name="miniorange_save_form_auth_methods_nonce"
440
- value="'. wp_create_nonce( "miniorange-save-form-auth-methods-nonce" ) .'"/>
441
- <input type="hidden" name="option" value="mo2f_save_' . $category . '_auth_methods" />
442
- <input type="hidden" name="mo2f_configured_2FA_method_' . $category . '" id="mo2f_configured_2FA_method_' . $category . '" />
443
- <input type="hidden" name="mo2f_selected_action_' . $category . '" id="mo2f_selected_action_' . $category . '" />
444
- </form>';
445
-
446
- return $form;
447
- }
448
-
449
-
450
- function mo2f_get_activated_second_factor( $user ) {
451
-
452
- global $Mo2fdbQueries;
453
- $user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
454
- $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
455
- $useremail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
456
-
457
- if ( $user_registration_status == 'MO_2_FACTOR_SUCCESS' ) {
458
- //checking this option for existing users
459
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mobile_registration_status' => true ) );
460
- $mo2f_second_factor = 'MOBILE AUTHENTICATION';
461
-
462
- return $mo2f_second_factor;
463
- } else if ( $user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ) {
464
- return 'NONE';
465
- } else {
466
- //for new users
467
- if ( $user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && $is_customer_registered ) {
468
- $enduser = new Two_Factor_Setup();
469
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $useremail ), true );
470
- if ( json_last_error() == JSON_ERROR_NONE ) {
471
- if ( $userinfo['status'] == 'ERROR' ) {
472
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $userinfo['message'] ) );
473
- $mo2f_second_factor = 'NONE';
474
- } else if ( $userinfo['status'] == 'SUCCESS' ) {
475
- $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
476
- } else if ( $userinfo['status'] == 'FAILED' ) {
477
- $mo2f_second_factor = 'NONE';
478
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_REMOVED" ) );
479
- } else {
480
- $mo2f_second_factor = 'NONE';
481
- }
482
- } else {
483
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
484
- $mo2f_second_factor = 'NONE';
485
- }
486
- } else {
487
- $mo2f_second_factor = 'NONE';
488
- }
489
-
490
- return $mo2f_second_factor;
491
- }
492
- }
493
-
494
- function mo2f_update_and_sync_user_two_factor( $user_id, $userinfo ) {
495
- global $Mo2fdbQueries;
496
- $mo2f_second_factor = isset( $userinfo['authType'] ) && ! empty( $userinfo['authType'] ) ? $userinfo['authType'] : 'NONE';
497
-
498
- if(MO2F_IS_ONPREM)
499
- {
500
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
501
- $mo2f_second_factor = $mo2f_second_factor ? $mo2f_second_factor : 'NONE';
502
- return $mo2f_second_factor;
503
- }
504
-
505
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_email' => $userinfo['email'] ) );
506
- if ( $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
507
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_EmailVerification_config_status' => true ) );
508
- } else if ( $mo2f_second_factor == 'SMS' and !MO2F_IS_ONPREM) {
509
- $phone_num = $userinfo['phone'];
510
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_OTPOverSMS_config_status' => true ) );
511
- $_SESSION['user_phone'] = $phone_num;
512
- } else if ( in_array( $mo2f_second_factor, array(
513
- 'SOFT TOKEN',
514
- 'MOBILE AUTHENTICATION',
515
- 'PUSH NOTIFICATIONS'
516
- ) ) ) {
517
- if(!MO2F_IS_ONPREM)
518
- $Mo2fdbQueries->update_user_details( $user_id, array(
519
- 'mo2f_miniOrangeSoftToken_config_status' => true,
520
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
521
- 'mo2f_miniOrangePushNotification_config_status' => true
522
- ) );
523
- } else if ( $mo2f_second_factor == 'KBA' ) {
524
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_SecurityQuestions_config_status' => true ) );
525
- } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
526
- $app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true );
527
-
528
- if ( $app_type == 'Google Authenticator' ) {
529
- $Mo2fdbQueries->update_user_details( $user_id, array(
530
- 'mo2f_GoogleAuthenticator_config_status' => true
531
- ) );
532
- update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
533
- } else if ( $app_type == 'Authy Authenticator' ) {
534
- $Mo2fdbQueries->update_user_details( $user_id, array(
535
- 'mo2f_AuthyAuthenticator_config_status' => true
536
- ) );
537
- update_user_meta( $user_id, 'mo2f_external_app_type', 'Authy Authenticator' );
538
- } else {
539
- $Mo2fdbQueries->update_user_details( $user_id, array(
540
- 'mo2f_GoogleAuthenticator_config_status' => true
541
- ) );
542
-
543
- update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
544
- }
545
- }
546
-
547
- return $mo2f_second_factor;
548
- }
549
-
550
- function display_customer_registration_forms($user){
551
-
552
- global $Mo2fdbQueries;
553
- $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
554
- $mo2f_message = get_option( 'mo2f_message' );
555
- ?>
556
-
557
- <div id="smsAlertModal" class="modal" role="dialog" data-backdrop="static" data-keyboard="false" >
558
- <div class="mo2f_modal-dialog" style="margin-left:30%;">
559
- <!-- Modal content-->
560
- <div class="modal-content">
561
- <div class="mo2f_modal-header">
562
- <h2 class="mo2f_modal-title">You are just one step away from setting up 2FA.</h2><span type="button" id="mo2f_registration_closed" class="modal-span-close" data-dismiss="modal">&times;</span>
563
- </div>
564
- <div class="mo2f_modal-body">
565
- <span style="color:green;cursor: pointer;float:right;" onclick="show_content();">Why Register with miniOrange?</span><br>
566
- <div id="mo2f_register" style="background-color:#f1f1f1;padding: 1px 4px 1px 14px;display: none;">
567
- <p>miniOrange Two Factor plugin uses highly secure miniOrange APIs to communicate with the plugin. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users can be only accessed by API keys assigned to you. Also, you can use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.</p>
568
- </div>
569
- <?php if ( $mo2f_message ) { ?>
570
- <div style="padding:5px;">
571
- <div class="alert alert-info" style="margin-bottom:0px;padding:3px;">
572
- <p style="font-size:15px;margin-left: 2%;"><?php echo $mo2f_message; ?></p>
573
- </div>
574
- </div>
575
- <?php }
576
- if(in_array($mo2f_current_registration_status, array("REGISTRATION_STARTED", "MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE", "MO_2_FACTOR_VERIFY_CUSTOMER")) ){
577
- mo2f_show_registration_screen($user);
578
- }
579
- ?>
580
- </div>
581
- </div>
582
- </div>
583
- <form name="f" method="post" action="" class="mo2f_registration_closed_form">
584
- <input type="hidden" name="mo2f_registration_closed_nonce"
585
- value="<?php echo wp_create_nonce( "mo2f-registration-closed-nonce" ) ?>"/>
586
- <input type="hidden" name="option" value="mo2f_registration_closed"/>
587
- </form>
588
- </div>
589
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
590
- <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
591
- <script>
592
- function show_content() {
593
- jQuery('#mo2f_register').slideToggle();
594
- }
595
- jQuery(function () {
596
- jQuery('#smsAlertModal').modal();
597
- });
598
-
599
- jQuery('#mo2f_registration_closed').click(function () {
600
- jQuery('.mo2f_registration_closed_form').submit();
601
- });
602
- </script>
603
-
604
- <?php
605
- }
606
-
607
- function mo2f_show_registration_screen($user){
608
- global $mo2f_dirName;
609
-
610
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'account.php';
611
-
612
- }
613
-
614
- function mo2f_show_2FA_configuration_screen( $user, $selected2FAmethod ) {
615
- global $mo2f_dirName;
616
- switch ( $selected2FAmethod ) {
617
- case "Google Authenticator":
618
- if(MO2F_IS_ONPREM){
619
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR. 'gaonprem.php';
620
- $obj = new Google_auth_onpremise();
621
- $obj->mo_GAuth_get_details();
622
- }
623
- else{
624
- Miniorange_Authentication::mo2f_get_GA_parameters($user);
625
- mo2f_configure_google_authenticator( $user );
626
- }
627
- break;
628
- case "Authy Authenticator":
629
- mo2f_configure_authy_authenticator( $user );
630
- break;
631
- case "Security Questions":
632
- mo2f_configure_for_mobile_suppport_kba( $user );
633
- break;
634
- case "Email Verification":
635
- mo2f_configure_for_mobile_suppport_kba( $user );
636
- break;
637
- case "OTP Over SMS":
638
- mo2f_configure_otp_over_sms( $user );
639
- break;
640
- case "miniOrange Soft Token":
641
- mo2f_configure_miniorange_authenticator( $user );
642
- break;
643
- case "miniOrange QR Code Authentication":
644
- mo2f_configure_miniorange_authenticator( $user );
645
- break;
646
- case "miniOrange Push Notification":
647
- mo2f_configure_miniorange_authenticator( $user );
648
- break;
649
- }
650
-
651
- }
652
-
653
- function mo2f_show_2FA_test_screen( $user, $selected2FAmethod ) {
654
-
655
-
656
- switch ( $selected2FAmethod ) {
657
- case "miniOrange QR Code Authentication":
658
- mo2f_test_miniorange_qr_code_authentication( $user );
659
- break;
660
- case "miniOrange Push Notification":
661
- mo2f_test_miniorange_push_notification( $user );
662
- break;
663
- case "miniOrange Soft Token":
664
- mo2f_test_miniorange_soft_token( $user );
665
- break;
666
- case "Email Verification":
667
- mo2f_test_email_verification();
668
- break;
669
- case "OTP Over SMS":
670
- mo2f_test_otp_over_sms( $user );
671
- break;
672
- case "Security Questions":
673
- mo2f_test_kba_security_questions( $user );
674
- break;
675
- case "OTP Over Email":
676
- mo2f_test_otp_over_email($user,$selected2FAmethod);
677
- break;
678
- default:
679
- mo2f_test_google_authy_authenticator( $user, $selected2FAmethod );
680
- }
681
-
682
- }
683
-
684
- function mo2f_method_display_name($user,$mo2f_second_factor){
685
-
686
- if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
687
- $app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
688
-
689
- if ( $app_type == 'Google Authenticator' ) {
690
- $selectedMethod = 'Google Authenticator';
691
- } else if ( $app_type == 'Authy Authenticator' ) {
692
- $selectedMethod = 'Authy Authenticator';
693
- } else {
694
- $selectedMethod = 'Google Authenticator';
695
- update_user_meta( $user->ID, 'mo2f_external_app_type', $selectedMethod );
696
- }
697
- } else {
698
- $selectedMethod = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
699
- }
700
- return $selectedMethod;
701
-
702
- }
703
-
704
- function mo2f_lt( $string ) {
705
- return __($string ,'miniorange-2-factor-authentication' );
706
- }
707
-
708
- function mo2f_rba_description($mo2f_user_email) {?>
709
- <div id="mo2f_rba_addon">
710
- <?php if ( get_option( 'mo2f_rba_installed' ) ) { ?>
711
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_rba_addon"
712
- class="mo_wpns_button mo_wpns_button1"
713
- style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
714
- <?php } ?>
715
- <?php if ( ! get_option( 'mo2f_rba_purchased' ) ) { ?>
716
- <a onclick="mo2f_addonform('wp_2fa_addon_rba')" id="mo2f_purchase_rba_addon"
717
- class="mo_wpns_button mo_wpns_button1"
718
- style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a><?php } ?>
719
- <div id="mo2f_rba_addon_hide">
720
-
721
- <br>
722
- <div id="mo2f_hide_rba_content">
723
-
724
- <div class="mo2f_box">
725
- <h3><?php echo __( 'Remember Device', 'miniorange-2-factor-authentication' ); ?></h3>
726
- <hr>
727
- <p id="mo2f_hide_rba_content"><?php echo __( 'With this feature, User would get an option to remember the personal device where Two Factor is not required. Every time the user logs in with the same device it detects the saved device so he will directly login without being prompted for the 2nd factor. If user logs in from new device he will be prompted with 2nd Factor.', 'miniorange-2-factor-authentication' ); ?>
728
-
729
- </p>
730
- </div>
731
- <br><br>
732
- <div class="mo2f_box">
733
- <h3><?php echo __( 'Limit Number Of Device', 'miniorange-2-factor-authentication' ); ?></h3>
734
- <hr>
735
- <p><?php echo __( 'With this feature, the admin can restrict the number of devices from which the user can access the website. If the device limit is exceeded the admin can set three actions where it can allow the users to login, deny the access or challenge the user for authentication.', 'miniorange-2-factor-authentication' ); ?>
736
- </p>
737
-
738
- </div>
739
- <br><br>
740
- <div class="mo2f_box">
741
- <h3><?php echo __( 'IP Restriction: Limit users to login from specific IPs', 'miniorange-2-factor-authentication' ); ?></h3>
742
- <hr>
743
- <p><?php echo __( 'The Admin can enable IP restrictions for the users. It will provide additional security to the accounts and perform different action to the accounts only from the listed IP Ranges. If user tries to access with a restricted IP, Admin can set three action: Allow, challenge or deny. Depending upon the action it will allow the user to login, challenge(prompt) for authentication or deny the access.', 'miniorange-2-factor-authentication' ); ?>
744
-
745
- </div>
746
- <br>
747
- </div>
748
-
749
- </div>
750
- <div id="mo2f_rba_addon_show">
751
- <?php $x = apply_filters( 'mo2f_rba', "rba" );?>
752
- </div>
753
- </div>
754
- <form style="display:none;" id="mo2fa_loginform"
755
- action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
756
- target="_blank" method="post">
757
- <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
758
- <input type="text" name="redirectUrl"
759
- value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
760
- <input type="text" name="requestOrigin" id="requestOrigin"/>
761
- </form>
762
- <script>
763
- function mo2f_addonform(planType) {
764
- jQuery('#requestOrigin').val(planType);
765
- jQuery('#mo2fa_loginform').submit();
766
- }
767
- </script>
768
- <?php
769
- }
770
-
771
- function mo2f_personalization_description($mo2f_user_email) {?>
772
- <div id="mo2f_custom_addon">
773
- <?php if ( get_option( 'mo2f_personalization_installed' ) ) { ?>
774
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_custom_addon"
775
- class="mo_wpns_button mo_wpns_button1"
776
- style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
777
- <?php } ?>
778
- <?php if ( ! get_option( 'mo2f_personalization_purchased' ) ) { ?> <a
779
- onclick="mo2f_addonform('wp_2fa_addon_shortcode')" id="mo2f_purchase_custom_addon"
780
- class="mo_wpns_button mo_wpns_button1"
781
- style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
782
- <?php } ?>
783
- <div id="mo2f_custom_addon_hide">
784
-
785
-
786
- <br>
787
- <div id="mo2f_hide_custom_content">
788
- <div class="mo2f_box">
789
- <h3><?php echo __( 'Customize Plugin Icon', 'miniorange-2-factor-authentication' ); ?></h3>
790
- <hr>
791
- <p>
792
- <?php echo __( 'With this feature, you can customize the plugin icon in the dashboard which is useful when you want your custom logo to be displayed to the users.', 'miniorange-2-factor-authentication' ); ?>
793
- </p>
794
- <br>
795
- <h3><?php echo __( 'Customize Plugin Name', 'miniorange-2-factor-authentication' ); ?></h3>
796
- <hr>
797
- <p>
798
- <?php echo __( 'With this feature, you can customize the name of the plugin in the dashboard.', 'miniorange-2-factor-authentication' ); ?>
799
- </p>
800
-
801
- </div>
802
- <br>
803
- <div class="mo2f_box">
804
- <h3><?php echo __( 'Customize UI of Login Pop up\'s', 'miniorange-2-factor-authentication' ); ?></h3>
805
- <hr>
806
- <p>
807
- <?php echo __( 'With this feature, you can customize the login pop-ups during two factor authentication according to the theme of your website.', 'miniorange-2-factor-authentication' ); ?>
808
- </p>
809
- </div>
810
-
811
- <br>
812
- <div class="mo2f_box">
813
- <h3><?php echo __( 'Custom Email and SMS Templates', 'miniorange-2-factor-authentication' ); ?></h3>
814
- <hr>
815
-
816
- <p><?php echo __( 'You can change the templates for Email and SMS which user receives during authentication.', 'miniorange-2-factor-authentication' ); ?></p>
817
-
818
- </div>
819
- </div>
820
- </div>
821
- <div id="mo2f_custom_addon_show"><?php $x = apply_filters( 'mo2f_custom', "custom"); ?></div>
822
- </div>
823
-
824
- <?php
825
- }
826
-
827
- function mo2f_shortcode_description($mo2f_user_email) { ?>
828
- <div id="mo2f_Shortcode_addon_hide">
829
- <?php if ( get_option( 'mo2f_shortcode_installed' ) ) { ?>
830
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_shortcode_addon"
831
- class="mo_wpns_button mo_wpns_button1" style="float:right; margin-top:2%;"><?php echo __( 'Activate
832
- Plugin', 'miniorange-2-factor-authentication' ); ?></a>
833
- <?php } if ( ! get_option( 'mo2f_shortcode_purchased' ) ) { ?>
834
- <a onclick="mo2f_addonform('wp_2fa_addon_personalization')" id="mo2f_purchase_shortcode_addon"
835
- class="mo_wpns_button mo_wpns_button1"
836
- style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
837
- <?php } ?>
838
-
839
- <div id="shortcode" class="description">
840
-
841
-
842
- <br>
843
- <div id="mo2f_hide_shortcode_content" class="mo2f_box">
844
- <h3><?php echo __( 'List of Shortcodes', 'miniorange-2-factor-authentication' ); ?>:</h3>
845
- <hr>
846
- <ol style="margin-left:2%">
847
- <li>
848
- <b><?php echo __( 'Enable Two Factor: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to turn on/off 2-factor by user.', 'miniorange-2-factor-authentication' ); ?>
849
- </li>
850
- <li>
851
- <b><?php echo __( 'Enable Reconfiguration: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to configure the Google Authenticator and Security Questions by user.', 'miniorange-2-factor-authentication' ); ?>
852
- </li>
853
- <li>
854
- <b><?php echo __( 'Enable Remember Device: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( ' This shortcode provides\'Enable Remember Device\' from your custom login form.', 'miniorange-2-factor-authentication' ); ?>
855
- </li>
856
- </ol>
857
- </div>
858
- <div id="mo2f_Shortcode_addon_show"><?php $x = apply_filters( 'mo2f_shortcode', "shortcode" ); ?></div>
859
- </div>
860
- <br>
861
- </div>
862
- <form style="display:none;" id="mo2fa_loginform" action="<?php echo MO_HOST_NAME . '/moas/login'; ?>" target="_blank" method="post">
863
- <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
864
- <input type="text" name="redirectUrl"
865
- value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
866
- <input type="text" name="requestOrigin" id="requestOrigin"/>
867
- </form>
868
- <script>
869
- function mo2f_addonform(planType) {
870
- jQuery('#requestOrigin').val(planType);
871
- jQuery('#mo2fa_loginform').submit();
872
- }
873
- </script>
874
- <?php
875
- }
876
-
877
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup'.DIRECTORY_SEPARATOR;
3
+ $test_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'test'.DIRECTORY_SEPARATOR;
4
+ include $setup_dirName.'setup_google_authenticator.php';
5
+ include $setup_dirName.'setup_google_authenticator_onpremise.php';
6
+ include $setup_dirName.'setup_authy_authenticator.php';
7
+ include $setup_dirName.'setup_kba_questions.php';
8
+ include $setup_dirName.'setup_miniorange_authenticator.php';
9
+ include $setup_dirName.'setup_otp_over_sms.php';
10
+ include $test_dirName.'test_twofa_email_verification.php';
11
+ include $test_dirName.'test_twofa_google_authy_authenticator.php';
12
+ include $test_dirName.'test_twofa_miniorange_qrcode_authentication.php';
13
+ include $test_dirName.'test_twofa_kba_questions.php';
14
+ include $test_dirName.'test_twofa_miniorange_push_notification.php';
15
+ include $test_dirName.'test_twofa_miniorange_soft_token.php';
16
+ include $test_dirName.'test_twofa_otp_over_sms.php';
17
+
18
+ function mo2f_decode_2_factor( $selected_2_factor_method, $decode_type ) {
19
+
20
+ if ( $selected_2_factor_method == 'NONE' ) {
21
+ return $selected_2_factor_method;
22
+ }else if($selected_2_factor_method == "OTP Over Email")
23
+ {
24
+ $selected_2_factor_method = "EMAIL";
25
+ }
26
+
27
+ $wpdb_2fa_methods = array(
28
+ "miniOrangeQRCodeAuthentication" => "miniOrange QR Code Authentication",
29
+ "miniOrangeSoftToken" => "miniOrange Soft Token",
30
+ "miniOrangePushNotification" => "miniOrange Push Notification",
31
+ "GoogleAuthenticator" => "Google Authenticator",
32
+ "AuthyAuthenticator" => "Authy Authenticator",
33
+ "SecurityQuestions" => "Security Questions",
34
+ "EmailVerification" => "Email Verification",
35
+ "OTPOverSMS" => "OTP Over SMS",
36
+ "OTPOverEmail" => "OTP Over Email",
37
+ "EMAIL" => "OTP Over Email",
38
+ );
39
+
40
+ $server_2fa_methods = array(
41
+ "miniOrange QR Code Authentication" => "MOBILE AUTHENTICATION",
42
+ "miniOrange Soft Token" => "SOFT TOKEN",
43
+ "miniOrange Push Notification" => "PUSH NOTIFICATIONS",
44
+ "Google Authenticator" => "GOOGLE AUTHENTICATOR",
45
+ "Authy Authenticator" => "GOOGLE AUTHENTICATOR",
46
+ "Security Questions" => "KBA",
47
+ "Email Verification" => "OUT OF BAND EMAIL",
48
+ "OTP Over SMS" => "SMS",
49
+ "EMAIL" => "OTP Over Email",
50
+ "OTPOverEmail" => "OTP Over Email"
51
+ );
52
+
53
+ $server_to_wpdb_2fa_methods = array(
54
+ "MOBILE AUTHENTICATION" => "miniOrange QR Code Authentication",
55
+ "SOFT TOKEN" => "miniOrange Soft Token",
56
+ "PUSH NOTIFICATIONS" => "miniOrange Push Notification",
57
+ "GOOGLE AUTHENTICATOR" => "Google Authenticator",
58
+ "KBA" => "Security Questions",
59
+ "OUT OF BAND EMAIL" => "Email Verification",
60
+ "SMS" => "OTP Over SMS",
61
+ "EMAIL" => "OTP Over Email",
62
+ "OTPOverEmail" => "OTP Over Email",
63
+ "OTP OVER EMAIL" => "OTP Over Email",
64
+ );
65
+ $methodname='';
66
+ if ( $decode_type == "wpdb" ) {
67
+ $methodname = isset($wpdb_2fa_methods[ $selected_2_factor_method ])?$wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
68
+ } else if ( $decode_type == "server" ) {
69
+ $methodname = isset($server_2fa_methods[ $selected_2_factor_method ])?$server_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
70
+ } else {
71
+ $methodname = isset($server_to_wpdb_2fa_methods[ $selected_2_factor_method ])?$server_to_wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
72
+ }
73
+ return $methodname;
74
+
75
+ }
76
+
77
+
78
+ function mo2f_create_2fa_form( $user, $category, $auth_methods, $can_display_admin_features='' ) {
79
+ global $Mo2fdbQueries;
80
+ $all_two_factor_methods = array(
81
+ "miniOrange QR Code Authentication",
82
+ "miniOrange Soft Token",
83
+ "miniOrange Push Notification",
84
+ "Google Authenticator",
85
+ "Security Questions",
86
+ "OTP Over SMS",
87
+ "OTP Over Email",
88
+ "Authy Authenticator",
89
+ "Email Verification",
90
+ "OTP Over SMS and Email",
91
+ "Hardware Token"
92
+ );
93
+ $two_factor_methods_descriptions = array(
94
+ ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
95
+ "miniOrange QR Code Authentication" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
96
+ "miniOrange Soft Token" => "Enter the soft token from the account in your miniOrange Authenticator App to login.",
97
+ "miniOrange Push Notification" => "Accept a push notification in your miniOrange Authenticator App to login.",
98
+ "Google Authenticator" => "Enter the soft token from the account in your <b>Google/Authy/LastPass Authenticator App</b> to login.",
99
+ "Security Questions" => "Answer the three security questions you had set, to login.",
100
+ "OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
101
+ "OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
102
+ "Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
103
+ "Email Verification" => "Accept the verification link sent to your email to login.",
104
+ "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
105
+ "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
106
+ );
107
+ $two_factor_methods_doc = array(
108
+ "Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
109
+ "Google Authenticator" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/google-authenticator",
110
+ "miniOrange QR Code Authentication" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-QR-code",
111
+ "Email Verification" => "",
112
+ "miniOrange Soft Token" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-soft-token",
113
+ "miniOrange Push Notification" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-push-notification",
114
+ "Authy Authenticator" => "",
115
+ "OTP Over SMS" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-otp-over-sms",
116
+ "OTP Over Email" => "",
117
+ "OTP Over SMS and Email" => "",
118
+ "Hardware Token" => "",
119
+ "" => ""
120
+ );
121
+ $two_factor_methods_video = array(
122
+ "Security Questions" => "https://www.youtube.com/watch?v=pXPqQ047o-0",
123
+ "Google Authenticator" => "https://www.youtube.com/watch?v=BS6tY-Goa1Q",
124
+ "miniOrange QR Code Authentication" => "https://www.youtube.com/watch?v=IPYizmgzTd8",
125
+ "Email Verification" => "https://www.youtube.com/watch?v=OacJWBYx_AE",
126
+ "miniOrange Soft Token" => "https://www.youtube.com/watch?v=9HV8V4f80k8",
127
+ "miniOrange Push Notification" => "https://www.youtube.com/watch?v=it_dAhFcxvw",
128
+ "Authy Authenticator" => "https://www.youtube.com/watch?v=fV-VnC_5Q5c",
129
+ "OTP Over SMS" => "https://www.youtube.com/watch?v=ag_E1Bmen-c",
130
+ "OTP Over Email" => "",
131
+ "OTP Over SMS and Email" => "",
132
+ "Hardware Token" => "",
133
+ "" => ""
134
+ );
135
+
136
+ $two_factor_methods_EC = array_slice( $all_two_factor_methods, 0, 9 );
137
+ $two_factor_methods_NC = array_slice( $all_two_factor_methods, 0, 7 );
138
+ if(MO2F_IS_ONPREM or $category != 'free_plan')
139
+ {
140
+ $all_two_factor_methods = array(
141
+ "Security Questions",
142
+ "Google Authenticator",
143
+ "Email Verification",
144
+ "miniOrange QR Code Authentication",
145
+ "miniOrange Soft Token",
146
+ "miniOrange Push Notification",
147
+ "Authy Authenticator",
148
+ "OTP Over SMS",
149
+ "OTP Over Email",
150
+ "OTP Over SMS and Email",
151
+ "Hardware Token"
152
+ );
153
+ $two_factor_methods_descriptions = array(
154
+ ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
155
+ "Security Questions" => "Answer the three security questions you had set, to login.",
156
+ "Google Authenticator" => "Enter the soft token from the account in your <b>Google/Authy/LastPass Authenticator App</b> to login.",
157
+ "Email Verification" => "Accept the verification link sent to your email to login.",
158
+ "miniOrange QR Code Authentication" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
159
+ "miniOrange Soft Token" => "Enter the soft token from the account in your miniOrange Authenticator App to login.",
160
+ "miniOrange Push Notification" => "Accept a push notification in your miniOrange Authenticator App to login.",
161
+ "Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
162
+ "OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
163
+ "OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
164
+ "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
165
+ "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
166
+ );
167
+ }
168
+
169
+ $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
170
+ $can_user_configure_2fa_method = $can_display_admin_features || ( !$can_display_admin_features && $is_customer_registered );
171
+ $is_NC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
172
+ $is_EC = ! $is_NC;
173
+
174
+ $form = '<div class="overlay1" id="overlay" hidden ></div>';
175
+ $form .= '<form name="f" method="post" action="" id="mo2f_save_' . $category . '_auth_methods_form">
176
+ <div id="mo2f_' . $category . '_auth_methods" >
177
+ <br>
178
+ <table class="mo2f_auth_methods_table">';
179
+
180
+ for ( $i = 0; $i < count( $auth_methods ); $i ++ ) {
181
+
182
+ $form .= '<tr>';
183
+ for ( $j = 0; $j < count( $auth_methods[ $i ] ); $j ++ ) {
184
+ $auth_method = $auth_methods[ $i ][ $j ];
185
+ if(MO2F_IS_ONPREM and $category =='free_plan')
186
+ {
187
+
188
+ if($auth_method != 'Email Verification' and $auth_method != 'Security Questions' and $auth_method != 'Google Authenticator' and $auth_method !='miniOrange QR Code Authentication' and $auth_method !='miniOrange Soft Token' and $auth_method != 'miniOrange Push Notification' and $auth_method != 'OTP Over SMS' and $auth_method != 'OTP Over Email')
189
+ {
190
+ //continue;
191
+ }
192
+ }
193
+ $auth_method_abr = str_replace( ' ', '', $auth_method );
194
+ $configured_auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
195
+ $is_auth_method_selected = ( $configured_auth_method == $auth_method ? true : false );
196
+
197
+ $is_auth_method_av = false;
198
+ if ( ( $is_EC && in_array( $auth_method, $two_factor_methods_EC ) ) ||
199
+ ( $is_NC && in_array( $auth_method, $two_factor_methods_NC ) ) ) {
200
+ $is_auth_method_av = true;
201
+ }
202
+
203
+ $thumbnail_height = $is_auth_method_av && $category == 'free_plan' ? 190 : 160;
204
+ $is_image = $auth_method == "" ? 0 :1;
205
+
206
+ $form .= '<td style="width:33%;height: 203px;">
207
+ <div class="mo2f_thumbnail" id="'.$auth_method_abr.'_thumbnail_2_factor" style="height:' . $thumbnail_height . 'px;border:1px solid ';
208
+ if(MO2F_IS_ONPREM)
209
+ {
210
+ $iscurrentMethod = 0;
211
+ $currentMethod = $configured_auth_method;
212
+ if($currentMethod == $auth_method)
213
+ $iscurrentMethod = 1;
214
+
215
+ $form .= $iscurrentMethod ? '#48b74b' : '#20b2aa';
216
+ $form .= ';border-top:3px solid ';
217
+ $form .= $iscurrentMethod ? '#48b74b' : '#20b2aa';
218
+ $form .= ';">';
219
+ }
220
+ else
221
+ {
222
+ $form .= $is_auth_method_selected ? '#48b74b' : '#20b2aa';
223
+ $form .= ';border-top:3px solid ';
224
+ $form .= $is_auth_method_selected ? '#48b74b' : '#20b2aa';
225
+ $form .= ';">';
226
+
227
+ }
228
+ $form .= '<div>
229
+ <div class="mo2f_thumbnail_method" style="width:100%";>
230
+ <div style="width: 17%; float:left;padding-top:5px;padding-left:5px;">';
231
+
232
+ if($is_image){
233
+ $form .= '<img src="' . plugins_url( "includes/images/authmethods/" . $auth_method_abr . ".png", dirname(dirname(__FILE__ ))) . '" style="width: 40px;height: 40px !important; " line-height: 80px;" />';
234
+ }
235
+
236
+ $form .= '</div>
237
+ <div class="mo2f_thumbnail_method_desc" style="padding: 8px;width: 83%;">';
238
+ switch ($auth_method) {
239
+ case 'Google Authenticator':
240
+ $form .=' <span style="float:right">
241
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
242
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
243
+
244
+ </a>
245
+
246
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
247
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
248
+ </a>
249
+ </span>';
250
+ break;
251
+
252
+ case 'Security Questions':
253
+ $form .=' <span style="float:right">
254
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
255
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
256
+ </a>
257
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
258
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
259
+ </a>
260
+
261
+
262
+ </span>';
263
+ break;
264
+
265
+ case 'OTP Over SMS':
266
+ $form .=' <span style="float:right">
267
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
268
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
269
+
270
+ </a>
271
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
272
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
273
+ </a>
274
+
275
+ </span>';
276
+ break;
277
+
278
+
279
+ case 'miniOrange Soft Token':
280
+ $form .=' <span style="float:right">
281
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
282
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
283
+
284
+ </a>
285
+
286
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
287
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
288
+ </a>
289
+ </span>';
290
+
291
+ break;
292
+
293
+ case 'miniOrange QR Code Authentication':
294
+ $form .=' <span style="float:right">
295
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
296
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
297
+
298
+ </a>
299
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
300
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
301
+ </a>
302
+
303
+ </span>';
304
+
305
+ break;
306
+
307
+ case 'miniOrange Push Notification':
308
+ $form .=' <span style="float:right">
309
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
310
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
311
+
312
+ </a>
313
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
314
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
315
+ </a>
316
+
317
+ </span>';
318
+ break;
319
+
320
+ case 'Email Verification':
321
+ $form .=' <span style="float:right">
322
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
323
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
324
+
325
+ </a>
326
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
327
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
328
+ </a>
329
+
330
+ </span>';
331
+ break;
332
+ case 'Authy Authenticator':
333
+ $form .=' <span style="float:right">
334
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
335
+ <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
336
+
337
+ </a>
338
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
339
+ <span class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
340
+ </a>
341
+
342
+ </span>';
343
+
344
+ break;
345
+
346
+ default:
347
+ {$form .= "";}
348
+ break;
349
+ }
350
+ $form .=' <b>' . $auth_method .
351
+ '</b><br>
352
+ <p style="padding:0px; padding-left:0px;font-size: 14px;"> ' . $two_factor_methods_descriptions[ $auth_method ] . '</p>
353
+
354
+ </div>
355
+ </div>
356
+ </div>';
357
+
358
+ if ( $is_auth_method_av && $category == 'free_plan' ) {
359
+
360
+ $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
361
+ if(($auth_method == 'OUT OF BAND EMAIL' or $auth_method == 'OTP Over Email') and !MO2F_IS_ONPREM )
362
+ $is_auth_method_configured = 1;
363
+ $form .= '<div style="height:40px;width:100%;position: absolute;bottom: 0;background-color:';
364
+ $iscurrentMethod = 0;
365
+ if(MO2F_IS_ONPREM)
366
+ {
367
+ $currentMethod = $configured_auth_method;
368
+ if($currentMethod == $auth_method)
369
+ $iscurrentMethod = 1;
370
+ $form .= $iscurrentMethod ? '#48b74b' : '#20b2aa';
371
+ }
372
+ else
373
+ $form .= $is_auth_method_selected ? '#48b74b' : '#20b2aa';
374
+ if(MO2F_IS_ONPREM)
375
+ {
376
+ $twofactor_transactions = new Mo2fDB;
377
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user->ID);
378
+ if($exceeded){
379
+ if(empty($configured_auth_method)){
380
+ $can_user_configure_2fa_method = false;
381
+ }
382
+ else{
383
+ $can_user_configure_2fa_method = true;
384
+ }
385
+ }
386
+ else{
387
+ $can_user_configure_2fa_method = true;
388
+ }
389
+ $is_customer_registered = true;
390
+ $user = wp_get_current_user();
391
+ $form .= ';color:white">';
392
+
393
+ $check = $is_customer_registered? true : false;
394
+ $show = 0;
395
+
396
+
397
+
398
+ $cloud_methods = array('miniOrange QR Code Authentication' , 'miniOrange Soft Token','miniOrange Push Notification');
399
+
400
+ if($auth_method == 'Email Verification' || $auth_method == 'Security Questions' || $auth_method == 'Google Authenticator' || $auth_method == 'miniOrange QR Code Authentication' || $auth_method =='miniOrange Soft Token' || $auth_method == 'miniOrange Push Notification' || $auth_method == 'OTP Over SMS' || $auth_method == 'OTP Over Email')
401
+ {
402
+ $show = 1;
403
+ }
404
+
405
+ if ( $check ) {
406
+ $form .= '<div class="mo2f_configure_2_factor">
407
+ <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\');"';
408
+ $form .= $show==1 ? "" : " disabled ";
409
+ $form .= '>';
410
+ if($show)
411
+ $form .= $is_auth_method_configured? 'Reconfigure' : 'Configure';
412
+ else
413
+ $form .= 'Available in cloud solution';
414
+ $form .= '</button></div>';
415
+ }
416
+ if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM) {
417
+ $form .= '<div class="mo2f_set_2_factor">
418
+ <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\');"';
419
+ $form .= $can_user_configure_2fa_method ? "" : " disabled ";
420
+ $form .= $show==1 ? "" : " disabled ";
421
+ if($show == 1 and $is_auth_method_configured and $iscurrentMethod == 0)
422
+ $form .= '>Set as 2-factor</button>
423
+ </div>';
424
+ }
425
+
426
+ $form .= '</div>';
427
+
428
+ }
429
+ else
430
+ {
431
+ if(get_option('mo2f_miniorange_admin'))
432
+ $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
433
+ else
434
+ $allowed = 1;
435
+ $cloudswitch = 0;
436
+ if(!$allowed)
437
+ $allowed = 2;
438
+ $form .= ';color:white">';
439
+ $check = !$is_customer_registered? true : ($auth_method != "Email Verification" and $auth_method != "OTP Over Email"? true : false);
440
+ $is_auth_method_configured = !$is_customer_registered ? 0 :1;
441
+ if(!MO2F_IS_ONPREM and ($auth_method == "Email Verification" or $auth_method == "OTP Over Email"))
442
+ $check = 0;
443
+ if ( $check ) {
444
+ $form .= '<div class="mo2f_configure_2_factor">
445
+ <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\','.$cloudswitch.','.$allowed.');"';
446
+ $form .= $can_user_configure_2fa_method ? "" : " ";
447
+ $form .= '>';
448
+ $form .= $is_auth_method_configured ? 'Reconfigure' : 'Configure';
449
+ $form .= '</button></div>';
450
+ }
451
+
452
+ if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM ) {
453
+ $form .= '<div class="mo2f_set_2_factor">
454
+ <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\','.$cloudswitch.','.$allowed.');"';
455
+ $form .= $can_user_configure_2fa_method ? "" : " ";
456
+ $form .= '>Set as 2-factor</button>
457
+ </div>';
458
+ }
459
+
460
+ $form .= '</div>';
461
+ }
462
+ }
463
+ $form .= '</div></div></td>';
464
+ }
465
+
466
+ $form .= '</tr>';
467
+ }
468
+
469
+
470
+ $form .= '</table>';
471
+ if( $category!="free_plan")
472
+ if(current_user_can('administrator')){
473
+ $form .= '<div style="background-color: #f1f1f1;padding:10px">
474
+ <p style="font-size:16px;margin-left: 1%">In addition to these authentication methods, for other features in this plan, <a href="admin.php?page=mo_2fa_upgrade"><i>Click here.</i></a></p>
475
+ </div>';
476
+ }
477
+
478
+ $form .= '</div> <input type="hidden" name="miniorange_save_form_auth_methods_nonce"
479
+ value="'. wp_create_nonce( "miniorange-save-form-auth-methods-nonce" ) .'"/>
480
+ <input type="hidden" name="option" value="mo2f_save_' . $category . '_auth_methods" />
481
+ <input type="hidden" name="mo2f_configured_2FA_method_' . $category . '" id="mo2f_configured_2FA_method_' . $category . '" />
482
+ <input type="hidden" name="mo2f_selected_action_' . $category . '" id="mo2f_selected_action_' . $category . '" />
483
+ </form>';
484
+
485
+ return $form;
486
+ }
487
+
488
+
489
+ function mo2f_get_activated_second_factor( $user ) {
490
+
491
+ global $Mo2fdbQueries;
492
+ $user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
493
+ $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
494
+ $useremail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
495
+
496
+ if ( $user_registration_status == 'MO_2_FACTOR_SUCCESS' ) {
497
+ //checking this option for existing users
498
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mobile_registration_status' => true ) );
499
+ $mo2f_second_factor = 'MOBILE AUTHENTICATION';
500
+
501
+ return $mo2f_second_factor;
502
+ } else if ( $user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ) {
503
+ return 'NONE';
504
+ } else {
505
+ //for new users
506
+ if ( $user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && $is_customer_registered ) {
507
+ $enduser = new Two_Factor_Setup();
508
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $useremail ), true );
509
+ if ( json_last_error() == JSON_ERROR_NONE ) {
510
+ if ( $userinfo['status'] == 'ERROR' ) {
511
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $userinfo['message'] ) );
512
+ $mo2f_second_factor = 'NONE';
513
+ } else if ( $userinfo['status'] == 'SUCCESS' ) {
514
+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
515
+ } else if ( $userinfo['status'] == 'FAILED' ) {
516
+ $mo2f_second_factor = 'NONE';
517
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_REMOVED" ) );
518
+ } else {
519
+ $mo2f_second_factor = 'NONE';
520
+ }
521
+ } else {
522
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
523
+ $mo2f_second_factor = 'NONE';
524
+ }
525
+ } else {
526
+ $mo2f_second_factor = 'NONE';
527
+ }
528
+
529
+ return $mo2f_second_factor;
530
+ }
531
+ }
532
+
533
+ function mo2f_update_and_sync_user_two_factor( $user_id, $userinfo ) {
534
+ global $Mo2fdbQueries;
535
+ $mo2f_second_factor = isset( $userinfo['authType'] ) && ! empty( $userinfo['authType'] ) ? $userinfo['authType'] : 'NONE';
536
+ if(MO2F_IS_ONPREM)
537
+ {
538
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
539
+ $mo2f_second_factor = $mo2f_second_factor ? $mo2f_second_factor : 'NONE';
540
+ return $mo2f_second_factor;
541
+ }
542
+
543
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_email' => $userinfo['email'] ) );
544
+ if ( $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
545
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_EmailVerification_config_status' => true ) );
546
+ } else if ( $mo2f_second_factor == 'SMS' and !MO2F_IS_ONPREM) {
547
+ $phone_num = $userinfo['phone'];
548
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_OTPOverSMS_config_status' => true ) );
549
+ $_SESSION['user_phone'] = $phone_num;
550
+ } else if ( in_array( $mo2f_second_factor, array(
551
+ 'SOFT TOKEN',
552
+ 'MOBILE AUTHENTICATION',
553
+ 'PUSH NOTIFICATIONS'
554
+ ) ) ) {
555
+ if(!MO2F_IS_ONPREM)
556
+ $Mo2fdbQueries->update_user_details( $user_id, array(
557
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
558
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
559
+ 'mo2f_miniOrangePushNotification_config_status' => true
560
+ ) );
561
+ } else if ( $mo2f_second_factor == 'KBA' ) {
562
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_SecurityQuestions_config_status' => true ) );
563
+ } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
564
+ $app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true );
565
+
566
+ if ( $app_type == 'Google Authenticator' ) {
567
+ $Mo2fdbQueries->update_user_details( $user_id, array(
568
+ 'mo2f_GoogleAuthenticator_config_status' => true
569
+ ) );
570
+ update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
571
+ } else if ( $app_type == 'Authy Authenticator' ) {
572
+ $Mo2fdbQueries->update_user_details( $user_id, array(
573
+ 'mo2f_AuthyAuthenticator_config_status' => true
574
+ ) );
575
+ update_user_meta( $user_id, 'mo2f_external_app_type', 'Authy Authenticator' );
576
+ } else {
577
+ $Mo2fdbQueries->update_user_details( $user_id, array(
578
+ 'mo2f_GoogleAuthenticator_config_status' => true
579
+ ) );
580
+
581
+ update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
582
+ }
583
+ }
584
+
585
+ return $mo2f_second_factor;
586
+ }
587
+
588
+ function display_customer_registration_forms($user){
589
+
590
+ global $Mo2fdbQueries;
591
+ $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
592
+ $mo2f_message = get_option( 'mo2f_message' );
593
+ ?>
594
+
595
+ <div id="smsAlertModal" class="modal" role="dialog" data-backdrop="static" data-keyboard="false" >
596
+ <div class="mo2f_modal-dialog" style="margin-left:30%;">
597
+ <!-- Modal content-->
598
+ <div class="modal-content">
599
+ <div class="mo2f_modal-header">
600
+ <h2 class="mo2f_modal-title">You are just one step away from setting up 2FA.</h2><span type="button" id="mo2f_registration_closed" class="modal-span-close" data-dismiss="modal">&times;</span>
601
+ </div>
602
+ <div class="mo2f_modal-body">
603
+ <span style="color:green;cursor: pointer;float:right;" onclick="show_content();">Why Register with miniOrange?</span><br>
604
+ <div id="mo2f_register" style="background-color:#f1f1f1;padding: 1px 4px 1px 14px;display: none;">
605
+ <p>miniOrange Two Factor plugin uses highly secure miniOrange APIs to communicate with the plugin. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users can be only accessed by API keys assigned to you. Also, you can use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.</p>
606
+ </div>
607
+ <?php if ( $mo2f_message ) { ?>
608
+ <div style="padding:5px;">
609
+ <div class="alert alert-info" style="margin-bottom:0px;padding:3px;">
610
+ <p style="font-size:15px;margin-left: 2%;"><?php echo $mo2f_message; ?></p>
611
+ </div>
612
+ </div>
613
+ <?php }
614
+ if(in_array($mo2f_current_registration_status, array("REGISTRATION_STARTED", "MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE", "MO_2_FACTOR_VERIFY_CUSTOMER")) ){
615
+ mo2f_show_registration_screen($user);
616
+ }
617
+ ?>
618
+ </div>
619
+ </div>
620
+ </div>
621
+ <form name="f" method="post" action="" class="mo2f_registration_closed_form">
622
+ <input type="hidden" name="mo2f_registration_closed_nonce"
623
+ value="<?php echo wp_create_nonce( "mo2f-registration-closed-nonce" ) ?>"/>
624
+ <input type="hidden" name="option" value="mo2f_registration_closed"/>
625
+ </form>
626
+ </div>
627
+ <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
628
+ <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
629
+ <script>
630
+ function show_content() {
631
+ jQuery('#mo2f_register').slideToggle();
632
+ }
633
+ jQuery(function () {
634
+ jQuery('#smsAlertModal').modal();
635
+ });
636
+
637
+ jQuery('#mo2f_registration_closed').click(function () {
638
+ jQuery('.mo2f_registration_closed_form').submit();
639
+ });
640
+ </script>
641
+
642
+ <?php
643
+ }
644
+
645
+ function mo2f_show_registration_screen($user){
646
+ global $mo2f_dirName;
647
+
648
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'account.php';
649
+
650
+ }
651
+
652
+ function mo2f_show_2FA_configuration_screen( $user, $selected2FAmethod ) {
653
+ global $mo2f_dirName;
654
+ switch ( $selected2FAmethod ) {
655
+ case "Google Authenticator":
656
+ if(MO2F_IS_ONPREM){
657
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR. 'gaonprem.php';
658
+ $obj = new Google_auth_onpremise();
659
+ $obj->mo_GAuth_get_details();
660
+ }
661
+ else{
662
+ Miniorange_Authentication::mo2f_get_GA_parameters($user);
663
+ mo2f_configure_google_authenticator( $user );
664
+ }
665
+ break;
666
+ case "Authy Authenticator":
667
+ mo2f_configure_authy_authenticator( $user );
668
+ break;
669
+ case "Security Questions":
670
+ mo2f_configure_for_mobile_suppport_kba( $user );
671
+ break;
672
+ case "Email Verification":
673
+ mo2f_configure_for_mobile_suppport_kba( $user );
674
+ break;
675
+ case "OTP Over SMS":
676
+ mo2f_configure_otp_over_sms( $user );
677
+ break;
678
+ case "miniOrange Soft Token":
679
+ mo2f_configure_miniorange_authenticator( $user );
680
+ break;
681
+ case "miniOrange QR Code Authentication":
682
+ mo2f_configure_miniorange_authenticator( $user );
683
+ break;
684
+ case "miniOrange Push Notification":
685
+ mo2f_configure_miniorange_authenticator( $user );
686
+ break;
687
+ case "OTP Over Email":
688
+ mo2f_test_otp_over_email($user,$selected2FAmethod);
689
+ break;
690
+ }
691
+
692
+ }
693
+
694
+ function mo2f_show_2FA_test_screen( $user, $selected2FAmethod ) {
695
+
696
+
697
+ switch ( $selected2FAmethod ) {
698
+ case "miniOrange QR Code Authentication":
699
+ mo2f_test_miniorange_qr_code_authentication( $user );
700
+ break;
701
+ case "miniOrange Push Notification":
702
+ mo2f_test_miniorange_push_notification( $user );
703
+ break;
704
+ case "miniOrange Soft Token":
705
+ mo2f_test_miniorange_soft_token( $user );
706
+ break;
707
+ case "Email Verification":
708
+ mo2f_test_email_verification();
709
+ break;
710
+ case "OTP Over SMS":
711
+ mo2f_test_otp_over_sms( $user );
712
+ break;
713
+ case "Security Questions":
714
+ mo2f_test_kba_security_questions( $user );
715
+ break;
716
+ case "OTP Over Email":
717
+ mo2f_test_otp_over_email($user,$selected2FAmethod);
718
+ break;
719
+ default:
720
+ mo2f_test_google_authy_authenticator( $user, $selected2FAmethod );
721
+ }
722
+
723
+ }
724
+
725
+ function mo2f_method_display_name($user,$mo2f_second_factor){
726
+
727
+ if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
728
+ $app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
729
+
730
+ if ( $app_type == 'Google Authenticator' ) {
731
+ $selectedMethod = 'Google Authenticator';
732
+ } else if ( $app_type == 'Authy Authenticator' ) {
733
+ $selectedMethod = 'Authy Authenticator';
734
+ } else {
735
+ $selectedMethod = 'Google Authenticator';
736
+ update_user_meta( $user->ID, 'mo2f_external_app_type', $selectedMethod );
737
+ }
738
+ } else {
739
+ $selectedMethod = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
740
+ }
741
+ return $selectedMethod;
742
+
743
+ }
744
+
745
+ function mo2f_lt( $string ) {
746
+ return __($string ,'miniorange-2-factor-authentication' );
747
+ }
748
+
749
+ function mo2f_rba_description($mo2f_user_email) {?>
750
+ <div id="mo2f_rba_addon">
751
+ <?php if ( get_option( 'mo2f_rba_installed' ) ) { ?>
752
+ <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_rba_addon"
753
+ class="mo_wpns_button mo_wpns_button1"
754
+ style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
755
+ <?php } ?>
756
+ <?php if ( ! get_option( 'mo2f_rba_purchased' ) ) { ?>
757
+ <a onclick="mo2f_addonform('wp_2fa_addon_rba')" id="mo2f_purchase_rba_addon"
758
+ class="mo_wpns_button mo_wpns_button1"
759
+ style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a><?php } ?>
760
+ <div id="mo2f_rba_addon_hide">
761
+
762
+ <br>
763
+ <div id="mo2f_hide_rba_content">
764
+
765
+ <div class="mo2f_box">
766
+ <h3><?php echo __( 'Remember Device', 'miniorange-2-factor-authentication' ); ?></h3>
767
+ <hr>
768
+ <p id="mo2f_hide_rba_content"><?php echo __( 'With this feature, User would get an option to remember the personal device where Two Factor is not required. Every time the user logs in with the same device it detects the saved device so he will directly login without being prompted for the 2nd factor. If user logs in from new device he will be prompted with 2nd Factor.', 'miniorange-2-factor-authentication' ); ?>
769
+
770
+ </p>
771
+ </div>
772
+ <br><br>
773
+ <div class="mo2f_box">
774
+ <h3><?php echo __( 'Limit Number Of Device', 'miniorange-2-factor-authentication' ); ?></h3>
775
+ <hr>
776
+ <p><?php echo __( 'With this feature, the admin can restrict the number of devices from which the user can access the website. If the device limit is exceeded the admin can set three actions where it can allow the users to login, deny the access or challenge the user for authentication.', 'miniorange-2-factor-authentication' ); ?>
777
+ </p>
778
+
779
+ </div>
780
+ <br><br>
781
+ <div class="mo2f_box">
782
+ <h3><?php echo __( 'IP Restriction: Limit users to login from specific IPs', 'miniorange-2-factor-authentication' ); ?></h3>
783
+ <hr>
784
+ <p><?php echo __( 'The Admin can enable IP restrictions for the users. It will provide additional security to the accounts and perform different action to the accounts only from the listed IP Ranges. If user tries to access with a restricted IP, Admin can set three action: Allow, challenge or deny. Depending upon the action it will allow the user to login, challenge(prompt) for authentication or deny the access.', 'miniorange-2-factor-authentication' ); ?>
785
+
786
+ </div>
787
+ <br>
788
+ </div>
789
+
790
+ </div>
791
+ <div id="mo2f_rba_addon_show">
792
+ <?php $x = apply_filters( 'mo2f_rba', "rba" );?>
793
+ </div>
794
+ </div>
795
+ <form style="display:none;" id="mo2fa_loginform"
796
+ action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
797
+ target="_blank" method="post">
798
+ <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
799
+ <input type="text" name="redirectUrl"
800
+ value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
801
+ <input type="text" name="requestOrigin" id="requestOrigin"/>
802
+ </form>
803
+ <script>
804
+ function mo2f_addonform(planType) {
805
+ jQuery('#requestOrigin').val(planType);
806
+ jQuery('#mo2fa_loginform').submit();
807
+ }
808
+ </script>
809
+ <?php
810
+ }
811
+
812
+ function mo2f_personalization_description($mo2f_user_email) {?>
813
+ <div id="mo2f_custom_addon">
814
+ <?php if ( get_option( 'mo2f_personalization_installed' ) ) { ?>
815
+ <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_custom_addon"
816
+ class="mo_wpns_button mo_wpns_button1"
817
+ style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
818
+ <?php } ?>
819
+ <?php if ( ! get_option( 'mo2f_personalization_purchased' ) ) { ?> <a
820
+ onclick="mo2f_addonform('wp_2fa_addon_shortcode')" id="mo2f_purchase_custom_addon"
821
+ class="mo_wpns_button mo_wpns_button1"
822
+ style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
823
+ <?php } ?>
824
+ <div id="mo2f_custom_addon_hide">
825
+
826
+
827
+ <br>
828
+ <div id="mo2f_hide_custom_content">
829
+ <div class="mo2f_box">
830
+ <h3><?php echo __( 'Customize Plugin Icon', 'miniorange-2-factor-authentication' ); ?></h3>
831
+ <hr>
832
+ <p>
833
+ <?php echo __( 'With this feature, you can customize the plugin icon in the dashboard which is useful when you want your custom logo to be displayed to the users.', 'miniorange-2-factor-authentication' ); ?>
834
+ </p>
835
+ <br>
836
+ <h3><?php echo __( 'Customize Plugin Name', 'miniorange-2-factor-authentication' ); ?></h3>
837
+ <hr>
838
+ <p>
839
+ <?php echo __( 'With this feature, you can customize the name of the plugin in the dashboard.', 'miniorange-2-factor-authentication' ); ?>
840
+ </p>
841
+
842
+ </div>
843
+ <br>
844
+ <div class="mo2f_box">
845
+ <h3><?php echo __( 'Customize UI of Login Pop up\'s', 'miniorange-2-factor-authentication' ); ?></h3>
846
+ <hr>
847
+ <p>
848
+ <?php echo __( 'With this feature, you can customize the login pop-ups during two factor authentication according to the theme of your website.', 'miniorange-2-factor-authentication' ); ?>
849
+ </p>
850
+ </div>
851
+
852
+ <br>
853
+ <div class="mo2f_box">
854
+ <h3><?php echo __( 'Custom Email and SMS Templates', 'miniorange-2-factor-authentication' ); ?></h3>
855
+ <hr>
856
+
857
+ <p><?php echo __( 'You can change the templates for Email and SMS which user receives during authentication.', 'miniorange-2-factor-authentication' ); ?></p>
858
+
859
+ </div>
860
+ </div>
861
+ </div>
862
+ <div id="mo2f_custom_addon_show"><?php $x = apply_filters( 'mo2f_custom', "custom"); ?></div>
863
+ </div>
864
+
865
+ <?php
866
+ }
867
+
868
+ function mo2f_shortcode_description($mo2f_user_email) { ?>
869
+ <div id="mo2f_Shortcode_addon_hide">
870
+ <?php if ( get_option( 'mo2f_shortcode_installed' ) ) { ?>
871
+ <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_shortcode_addon"
872
+ class="mo_wpns_button mo_wpns_button1" style="float:right; margin-top:2%;"><?php echo __( 'Activate
873
+ Plugin', 'miniorange-2-factor-authentication' ); ?></a>
874
+ <?php } if ( ! get_option( 'mo2f_shortcode_purchased' ) ) { ?>
875
+ <a onclick="mo2f_addonform('wp_2fa_addon_personalization')" id="mo2f_purchase_shortcode_addon"
876
+ class="mo_wpns_button mo_wpns_button1"
877
+ style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
878
+ <?php } ?>
879
+
880
+ <div id="shortcode" class="description">
881
+
882
+
883
+ <br>
884
+ <div id="mo2f_hide_shortcode_content" class="mo2f_box">
885
+ <h3><?php echo __( 'List of Shortcodes', 'miniorange-2-factor-authentication' ); ?>:</h3>
886
+ <hr>
887
+ <ol style="margin-left:2%">
888
+ <li>
889
+ <b><?php echo __( 'Enable Two Factor: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to turn on/off 2-factor by user.', 'miniorange-2-factor-authentication' ); ?>
890
+ </li>
891
+ <li>
892
+ <b><?php echo __( 'Enable Reconfiguration: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to configure the Google Authenticator and Security Questions by user.', 'miniorange-2-factor-authentication' ); ?>
893
+ </li>
894
+ <li>
895
+ <b><?php echo __( 'Enable Remember Device: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( ' This shortcode provides\'Enable Remember Device\' from your custom login form.', 'miniorange-2-factor-authentication' ); ?>
896
+ </li>
897
+ </ol>
898
+ </div>
899
+ <div id="mo2f_Shortcode_addon_show"><?php $x = apply_filters( 'mo2f_shortcode', "shortcode" ); ?></div>
900
+ </div>
901
+ <br>
902
+ </div>
903
+ <form style="display:none;" id="mo2fa_loginform" action="<?php echo MO_HOST_NAME . '/moas/login'; ?>" target="_blank" method="post">
904
+ <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
905
+ <input type="text" name="redirectUrl"
906
+ value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
907
+ <input type="text" name="requestOrigin" id="requestOrigin"/>
908
+ </form>
909
+ <script>
910
+ function mo2f_addonform(planType) {
911
+ jQuery('#requestOrigin').val(planType);
912
+ jQuery('#mo2fa_loginform').submit();
913
+ }
914
+ </script>
915
+ <?php
916
+ }
917
+
918
+ ?>
handler/twofa/two_fa_constants.php CHANGED
@@ -369,7 +369,7 @@ class Mo2fConstants {
369
  break;
370
 
371
  case 'SET_2FA_otp':
372
- Return mo2f_lt( 'is set as your Two-Factor method. You have 10 free transactions.' );
373
  break;
374
 
375
 
369
  break;
370
 
371
  case 'SET_2FA_otp':
372
+ Return mo2f_lt( 'is set as your Two-Factor method.' );
373
  break;
374
 
375
 
handler/twofa/two_fa_get_details.php CHANGED
@@ -8,13 +8,11 @@ class two_fa_get_details {
8
  }
9
  function setUserMethod($userid,$currentMethod){
10
  $response= update_user_meta($userid,'currentMethod',$currentMethod);
11
- //$userMethod = get_user_meta($userid,'currentMethod',true);
12
  return $response;
13
  }
14
 
15
  function setUserEmail($userid,$email){
16
  $response= update_user_meta($userid,'email',$email);
17
- //$userMethod = get_user_meta($userid,'currentMethod',true);
18
  return $response;
19
  }
20
 
8
  }
9
  function setUserMethod($userid,$currentMethod){
10
  $response= update_user_meta($userid,'currentMethod',$currentMethod);
 
11
  return $response;
12
  }
13
 
14
  function setUserEmail($userid,$email){
15
  $response= update_user_meta($userid,'email',$email);
 
16
  return $response;
17
  }
18
 
handler/twofa/two_fa_login.php CHANGED
@@ -30,9 +30,15 @@ class Miniorange_Mobile_Login {
30
  global $Mo2fdbQueries;
31
  $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
  if ( is_wp_error( $currentuser ) ) {
33
- return $currentuser;
 
 
 
 
 
 
34
  } else {
35
- if(MO2F_IS_ONPREM and (!get_option('mo2f_login_option') or get_option('mo2f_enable_login_with_2nd_factor')))
36
  {
37
  $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
38
  $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
30
  global $Mo2fdbQueries;
31
  $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
  if ( is_wp_error( $currentuser ) ) {
33
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
+ wp_send_json_success($data);
36
+ }
37
+ else{
38
+ return $currentuser;
39
+ }
40
  } else {
41
+ if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
  {
43
  $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
  $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1,2516 +1,2654 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
-
25
- include 'two_fa_login.php';
26
- class Miniorange_Password_2Factor_Login {
27
-
28
- private $mo2f_kbaquestions;
29
- private $mo2f_userID;
30
- private $mo2f_rbastatus;
31
- private $mo2f_transactionid;
32
-
33
- function mo2f_inline_login(){
34
- global $moWpnsUtility;
35
- $email = sanitize_email( $_POST['email'] );
36
- $password = sanitize_text_field( $_POST['password'] );
37
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
38
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
39
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
40
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
- {
42
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
- return;
46
- }
47
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
- }
49
- function mo2f_inline_register(){
50
- global $moWpnsUtility, $Mo2fdbQueries;
51
- $email = sanitize_email($_POST['email']);
52
- $company = $_SERVER["SERVER_NAME"];
53
- $password = sanitize_text_field($_POST['password']);
54
- $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
56
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
57
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
58
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
59
- {
60
- $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
61
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
62
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
63
- }
64
- if( $password != $confirmPassword )
65
- {
66
- $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
67
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
68
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
69
- }
70
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
71
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
72
- {
73
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
74
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
75
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
76
- }
77
-
78
- update_option( 'mo2f_email', $email );
79
-
80
- update_option( 'mo_wpns_company' , $company );
81
-
82
- update_option( 'mo_wpns_password' , $password );
83
-
84
- $customer = new MocURL();
85
- $content = json_decode($customer->check_customer($email), true);
86
- $Mo2fdbQueries->insert_user( $user_id );
87
- switch ($content['status'])
88
- {
89
- case 'CUSTOMER_NOT_FOUND':
90
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
91
-
92
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
93
- {
94
- $this->inline_save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
95
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
96
- }
97
-
98
- break;
99
- default:
100
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
101
- break;
102
- }
103
-
104
- }
105
-
106
- function inline_get_current_customer($user,$email,$password,$redirect_to,$session_id_encrypt)
107
- {
108
- global $Mo2fdbQueries;
109
- $customer = new MocURL();
110
- $content = $customer->get_customer_key($email, $password);
111
- $customerKey = json_decode($content, true);
112
- if(json_last_error() == JSON_ERROR_NONE)
113
- {
114
- if(isset($customerKey['phone'])){
115
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
116
- $Mo2fdbQueries->update_user_details( $user, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
117
- }
118
- update_option('mo2f_email',$email);
119
- $this->inline_save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
120
- $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
121
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
122
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
123
- }
124
- else
125
- {
126
- $Mo2fdbQueries->update_user_details( $user, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
127
- $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
128
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
129
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
130
- }
131
- }
132
-
133
- function inline_save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
134
- {
135
- global $Mo2fdbQueries;
136
- update_option( 'mo2f_customerKey' , $id );
137
- update_option( 'mo2f_api_key' , $apiKey );
138
- update_option( 'mo2f_customer_token' , $token );
139
- update_option( 'mo2f_app_secret' , $appSecret );
140
- update_option( 'mo_wpns_enable_log_requests' , true );
141
- update_option( 'mo2f_miniorange_admin', $id );
142
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
143
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
144
- }
145
- function mo2f_inline_validate_otp(){
146
- if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
147
- $nonce = $_POST['miniorange_inline_validate_otp_nonce'];
148
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
149
- $error = new WP_Error();
150
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
151
- return $error;
152
- } else {
153
- global $Mo2fdbQueries;
154
- $this->miniorange_pass2login_start_session();
155
- $otp_token = '';
156
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
157
- $mo2fa_login_message = '';
158
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
159
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
160
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
161
- } else{
162
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
163
- }
164
-
165
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
166
- $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
167
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
168
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
169
- $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
170
- $customer = new Customer_Setup();
171
- $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
172
- if($content['status'] == 'ERROR'){
173
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
174
- }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
175
- $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
176
- if($user_phone && strlen($user_phone) >= 4){
177
- if($phone != $user_phone ){
178
-
179
- $Mo2fdbQueries->update_user_details( $current_user, array(
180
- 'mobile_registration_status' =>false
181
- ) );
182
- }
183
- }
184
-
185
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
186
- if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
187
- $Mo2fdbQueries->update_user_details( $current_user, array(
188
- 'mo2f_OTPOverSMS_config_status' =>true,
189
- 'mo2f_user_phone' =>$phone
190
- ) );
191
- }else{
192
- $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
193
-
194
- }
195
- // unset($_SESSION[ 'mo2f_phone']);
196
- // if(MO2F_IS_ONPREM)
197
- // update_user_meta($current_user,'currentMethod','OTP Over SMS'); ///current_user = current_user_id
198
- // else
199
- // {
200
- $Mo2fdbQueries->update_user_details($current_user, array(
201
- "mo2f_configured_2FA_method" => 'OTP Over SMS',
202
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
203
- ) );
204
- $TwoF_setup = new Two_Factor_Setup();
205
- $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
206
-
207
- // }
208
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
209
-
210
- }else{ // OTP Validation failed.
211
- $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
212
- }
213
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
214
- }
215
- }
216
-
217
- }
218
- function mo2f_inline_send_otp(){
219
- if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
220
- $nonce = $_POST['miniorange_inline_verify_phone_nonce'];
221
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
222
- $error = new WP_Error();
223
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
224
- return $error;
225
- } else {
226
- global $Mo2fdbQueries;
227
- $this->miniorange_pass2login_start_session();
228
- $phone = sanitize_text_field( $_POST['verify_phone'] );
229
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
230
- $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
231
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
232
- $customer = new Customer_Setup();
233
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
234
- $parameters = array();
235
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
236
-
237
- $mo2fa_login_message = '';
238
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
239
- if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
240
- $phone = sanitize_text_field( $_POST['verify_phone'] );
241
- $phone = sanitize_text_field( $_POST['verify_phone'] );
242
- if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
243
- $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
244
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
245
- }
246
- $phone = str_replace(' ', '', $phone);
247
- // $_SESSION['mo2f_phone'] = $phone;
248
- update_user_meta($current_user,'mo2f_user_phone',$phone);
249
- }
250
- if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
251
- $currentMethod = "SMS";
252
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
253
- $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
254
- $parameters = array("phone" => $phone, "email" => $email);
255
- }else if($selected_2factor_method == 'PHONE VERIFICATION'){
256
- $currentMethod = "PHONE_VERIFICATION";
257
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
258
- $currentMethod = "OTP_OVER_EMAIL";
259
- $parameters = $email;
260
- }
261
- if($selected_2factor_method == 'SMS AND EMAIL'){
262
- $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
263
- }
264
- else if($selected_2factor_method == 'OTP OVER EMAIL'){
265
- $content = json_decode($customer->send_otp_token($email,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
266
- }
267
- else{
268
- $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
269
-
270
- }
271
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
272
- if($content['status'] == 'ERROR'){
273
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
274
- }else if($content['status'] == 'SUCCESS'){
275
- // $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
276
- update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
277
- if($selected_2factor_method == 'SMS'){
278
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
279
- $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
280
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
281
- $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
282
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
283
- $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
284
- }else if($selected_2factor_method== 'PHONE VERIFICATION'){
285
- $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
286
- }
287
- }else if($content['status'] == 'FAILED'){
288
- $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
289
- }else{
290
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
291
- }
292
- }else{
293
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
294
- }
295
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
296
- }
297
- }
298
-
299
- }
300
- function mo2f_inline_validate_kba(){
301
- if(isset($_POST['mo2f_inline_save_kba_nonce'])){
302
- $nonce = $_POST['mo2f_inline_save_kba_nonce'];
303
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
304
- $error = new WP_Error();
305
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
306
- return $error;
307
- } else {
308
- global $Mo2fdbQueries;
309
- $this->miniorange_pass2login_start_session();
310
- $mo2fa_login_message = '';
311
- $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
312
- $temp_array = array($_POST['mo2f_kbaquestion_1'],$_POST['mo2f_kbaquestion_2'],$_POST['mo2f_kbaquestion_3']);
313
- $kba_questions = array();
314
- foreach($temp_array as $question){
315
- if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
316
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
317
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
318
- }else{
319
- $ques = sanitize_text_field($question);
320
- $ques = addcslashes(stripslashes($ques), '"\\');
321
- array_push($kba_questions, $ques);
322
- }
323
- }
324
- if(!(array_unique($kba_questions) == $kba_questions)){
325
- $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
326
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
327
- }
328
- $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
329
- $kba_answers = array();
330
- foreach($temp_array_ans as $answer){
331
- if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
332
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
333
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
334
- }else{
335
- $ques = sanitize_text_field($answer);
336
- $answer = strtolower($answer);
337
- array_push($kba_answers, $answer);
338
- }
339
- }
340
- $size = sizeof($kba_questions);
341
- $kba_q_a_list = array();
342
- for($c = 0; $c < $size; $c++){
343
- array_push($kba_q_a_list, $kba_questions[$c]);
344
- array_push($kba_q_a_list, $kba_answers[$c]);
345
- }
346
-
347
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
348
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
349
- $current_user = get_user_by('id',$user_id);
350
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
351
-
352
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
353
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
354
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
355
- 'mo2f_SecurityQuestions_config_status' =>true,
356
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
357
- ) );
358
- if(!MO2F_IS_ONPREM)
359
- {
360
- $kba_q1 = $_POST['mo2f_kbaquestion_1'];
361
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
362
- $kba_q2 = $_POST['mo2f_kbaquestion_2'];
363
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
364
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
365
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
366
-
367
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
368
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
369
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
370
-
371
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
372
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
373
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
374
-
375
- $kba_registration = new Two_Factor_Setup();
376
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
377
-
378
- if ( json_last_error() == JSON_ERROR_NONE ) {
379
-
380
- if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
381
- $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
382
- }
383
-
384
- }
385
- }
386
-
387
- $kba_q1 = $kba_q_a_list[0];
388
- $kba_a1 = md5($kba_q_a_list[1]);
389
- $kba_q2 = $kba_q_a_list[2];
390
- $kba_a2 = md5($kba_q_a_list[3]);
391
- $kba_q3 = $kba_q_a_list[4];
392
- $kba_a3 = md5($kba_q_a_list[5]);
393
- $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
394
- update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
395
- if(!isset($_POST['mo2f_inline_kba_status'])){
396
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
397
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
398
- // update_user_meta($current_user->ID, 'currentMethod','Security Questions');
399
- }
400
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
401
- }
402
- }
403
- }
404
-
405
- function mo2f_inline_validate_mobile_authentication(){
406
- if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
407
- $nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce'];
408
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
409
- $error = new WP_Error();
410
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
411
- return $error;
412
- } else {
413
- global $Mo2fdbQueries;
414
- $this->miniorange_pass2login_start_session();
415
- // unset($_SESSION[ 'mo2f-login-qrCode' ]);
416
- // unset($_SESSION[ 'mo2f-login-transactionId' ]);
417
- // unset($_SESSION[ 'mo2f_show_qr_code'] );
418
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
419
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
420
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
421
- // $current_user = get_user_by('id',$user_id);
422
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
423
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
424
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
425
- $mo2fa_login_message = '';
426
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
427
- $enduser = new Two_Factor_Setup();
428
- if($selected_2factor_method == 'SOFT TOKEN')
429
- $selected_2factor_method_onprem = 'miniOrange Soft Token';
430
- else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
431
- $selected_2factor_method_onprem = 'miniOrange Push Notification';
432
- else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
433
- $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
434
-
435
- // update_user_meta($user_id,'currentMethod',$selected_2factor_method_onprem);
436
- $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
437
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
438
- if($response['status'] == 'ERROR'){
439
- $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
440
- }else if($response['status'] == 'SUCCESS'){
441
- $Mo2fdbQueries->update_user_details( $user_id, array(
442
- 'mobile_registration_status' =>true,
443
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
444
- 'mo2f_miniOrangeSoftToken_config_status' => true,
445
- 'mo2f_miniOrangePushNotification_config_status' => true,
446
- 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
447
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
448
- ) );
449
- // $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
450
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
451
- }else{
452
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
453
- }
454
- }else{
455
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
456
- }
457
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
458
- }
459
- }
460
-
461
- }
462
-
463
- function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
464
- global $Mo2fdbQueries;
465
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
466
- $pass2fa= new Miniorange_Password_2Factor_Login();
467
- $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
468
- exit;
469
- }
470
-
471
- function mo2f_inline_get_qr_code_for_mobile($email,$id){
472
- $registerMobile = new Two_Factor_Setup();
473
- $content = $registerMobile->register_mobile($email);
474
- $response = json_decode($content, true);
475
- $message = '';
476
- $miniorageqr=array();
477
- if(json_last_error() == JSON_ERROR_NONE) {
478
- if($response['status'] == 'ERROR'){
479
- $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
480
- delete_user_meta( $id, 'miniorageqr' );
481
- }else{
482
- if($response['status'] == 'IN_PROGRESS'){
483
-
484
- $miniorageqr['message']='';
485
- $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
486
- $miniorageqr['mo2f-login-transactionId']=$response['txId'];
487
- $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
488
- update_user_meta($id,'miniorageqr',$miniorageqr);
489
- }else{
490
- $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
491
- delete_user_meta( $id, 'miniorageqr' );
492
- }
493
- }
494
- }
495
- return $miniorageqr;
496
- }
497
-
498
- function inline_mobile_configure(){
499
- if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
500
- $nonce = $_POST['miniorange_inline_show_qrcode_nonce'];
501
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
502
- $error = new WP_Error();
503
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
504
- return $error;
505
- } else {
506
- global $Mo2fdbQueries;
507
- $this->miniorange_pass2login_start_session();
508
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
509
-
510
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
511
-
512
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
513
- $current_user = get_user_by('id',$user_id);
514
- $mo2fa_login_message = '';
515
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
516
- $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
517
- if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
518
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
519
- $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
520
- $mo2fa_login_message=$miniorageqr['message'];
521
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
522
- $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
523
- }else{
524
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
525
- }
526
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
527
- }
528
- }
529
- }
530
-
531
- function inline_validate_and_set_ga(){
532
- if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
533
- $nonce = $_POST['mo2f_inline_validate_ga_nonce'];
534
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
535
- $error = new WP_Error();
536
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
537
- return $error;
538
- } else {
539
- global $Mo2fdbQueries;
540
- $this->miniorange_pass2login_start_session();
541
- $otpToken = $_POST['google_auth_code'];
542
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
543
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
544
- $current_user = get_user_by('id',$user_id);
545
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
546
- $mo2f_google_auth=json_decode(get_user_meta($user_id,'mo2f_google_auth', true),true);
547
- $mo2f_google_auth = isset($mo2f_google_auth) ?$mo2f_google_auth : null;
548
- // $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
549
- $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
550
- $mo2fa_login_message = '';
551
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
552
- if(MO2f_Utility::mo2f_check_number_length($otpToken)){
553
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
554
- //$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user->ID);
555
- $google_auth = new Miniorange_Rba_Attributes();
556
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
557
- if(json_last_error() == JSON_ERROR_NONE) {
558
- if($google_response['status'] == 'SUCCESS'){
559
- $response = $google_response;
560
- if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
561
- if($response['status'] == 'SUCCESS'){
562
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
563
- 'mo2f_GoogleAuthenticator_config_status' => true,
564
- 'mo2f_configured_2FA_method' => 'Google Authenticator',
565
- 'mo2f_AuthyAuthenticator_config_status' => false,
566
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
567
- ) );
568
-
569
- if(MO2F_IS_ONPREM){
570
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
571
- //update_user_meta($current_user->ID, 'currentMethod','Google Authenticator');
572
- //update_user_meta($current_user->ID,'Google Authenticator',true);
573
- $gauth_obj= new Google_auth_onpremise();
574
- $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
575
- }
576
- update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
577
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
578
- unset($_SESSION['mo2f_google_auth']);
579
- }else{
580
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
581
- }
582
- }else{
583
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
584
- }
585
- }else{
586
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
587
- }
588
- }else{
589
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
590
- }
591
- }else{
592
- $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
593
- }
594
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
595
- }
596
- }
597
- }
598
-
599
- function back_to_select_2fa(){
600
- if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
601
- $nonce = $_POST['miniorange_inline_two_factor_setup'];
602
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
603
- $error = new WP_Error();
604
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
605
- return $error;
606
- } else {
607
- global $Mo2fdbQueries;
608
- $this->miniorange_pass2login_start_session();
609
- unset($_SESSION['mo2f_google_auth']);
610
- unset($_SESSION['mo2f_authy_keys']);
611
- unset($_SESSION['secret_ga']);
612
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
613
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
614
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
615
- $current_user = get_user_by('id',$user_id);
616
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
617
- $mo2fa_login_message = '';
618
- $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
619
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
620
- }
621
- }
622
- }
623
-
624
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
625
- {
626
- $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
627
- if(isset($tempEmail) and $tempEmail != '')
628
- $email = $tempEmail;
629
- global $Mo2fdbQueries;
630
-
631
- $enduser = new Two_Factor_Setup();
632
- if($current_user_id == get_option('mo2f_miniorange_admin'))
633
- $email = get_option('mo2f_email');
634
-
635
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
636
-
637
- if(json_last_error() == JSON_ERROR_NONE){
638
-
639
-
640
-
641
- if($check_user['status'] == 'ERROR'){
642
- return $check_user;
643
-
644
- }
645
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
646
-
647
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
648
- 'user_registration_with_miniorange' =>'SUCCESS',
649
- 'mo2f_user_email' =>$email,
650
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
651
- ) );
652
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
653
-
654
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
655
- return $check_user;
656
- }
657
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
658
- $current_user = get_user_by('id',$current_user_id);
659
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
660
-
661
- if(json_last_error() == JSON_ERROR_NONE) {
662
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
663
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
664
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
665
- 'user_registration_with_miniorange' =>'SUCCESS',
666
- 'mo2f_user_email' =>$email,
667
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
668
- ) );
669
-
670
- $mo2fa_login_message = '';
671
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
672
- return $check_user;
673
- }else{
674
- $check_user['status']='ERROR';
675
- $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
676
- return $check_user;
677
- }
678
- }
679
-
680
-
681
- }
682
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
683
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
684
- $check_user['status']='ERROR';
685
- $check_user['message']=$mo2fa_login_message;
686
- return $check_user;
687
- // $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
688
- }
689
-
690
- }
691
- // }
692
-
693
- }
694
- function mo2f_skip_2fa_setup()
695
- {
696
- if(isset($_POST['miniorange_skip_2fa_nonce'])){
697
- $nonce = $_POST['miniorange_skip_2fa_nonce'];
698
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
699
- $error = new WP_Error();
700
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
701
- return $error;
702
- }
703
- else{
704
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
705
- global $Mo2fdbQueries;
706
- $redirect_to = sanitize_text_field($_POST['redirect_to']);
707
- $session_id_encrypt = sanitize_text_field($session_id_encrypt);
708
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
709
-
710
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
711
-
712
- $this->mo2fa_pass2login($redirect_to);
713
- }
714
- }
715
- }
716
-
717
- function save_inline_2fa_method(){
718
- if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
719
- $nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
720
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
721
- $error = new WP_Error();
722
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
723
- return $error;
724
- } else {
725
-
726
-
727
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
728
- global $Mo2fdbQueries;
729
- $this->miniorange_pass2login_start_session();
730
- $mo2fa_login_message = '';
731
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
732
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
733
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
734
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
735
- $current_user = get_user_by('id',$user_id);
736
- $currentUserId = $current_user->ID;
737
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
738
- $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
739
- if($user_registration_with_miniorange == 'SUCCESS'){
740
- $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? $_POST['mo2f_selected_2factor_method'] : 'NONE';
741
-
742
- if($selected_method == 'OUT OF BAND EMAIL'){
743
- if(!MO2F_IS_ONPREM)
744
- {
745
- $current_user = get_userdata($currentUserId);
746
- $email = $current_user->user_email;
747
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
748
-
749
- if($response['status']=='ERROR') {
750
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
751
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
752
- }
753
- else
754
- {
755
- $enduser = new Two_Factor_Setup();
756
-
757
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
758
- 'mo2f_email_verification_status' =>true,
759
- 'mo2f_configured_2FA_method' =>'Email Verification',
760
- 'mo2f_user_email' => $email
761
- ) );
762
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
763
- }
764
- }
765
- else
766
- {
767
- $enduser = new Two_Factor_Setup();
768
-
769
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
770
- 'mo2f_email_verification_status' =>true,
771
- 'mo2f_configured_2FA_method' =>'Email Verification',
772
- 'mo2f_user_email' => $email
773
- ) );
774
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
775
- }
776
- }else if($selected_method == 'OTP OVER EMAIL'){
777
- if(!MO2F_IS_ONPREM)
778
- {
779
- $current_user = get_userdata($currentUserId);
780
- $email = $current_user->user_email;
781
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
782
- if($response['status']=='ERROR') {
783
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
784
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
785
- }
786
- else
787
- {
788
- $enduser = new Two_Factor_Setup();
789
-
790
- $Mo2fdbQueries->update_user_details( $currentUserId,
791
- array('mo2f_OTPOverEmail_config_status'=>true,
792
- 'mo2f_configured_2FA_method' =>'OTP Over Email',
793
- 'mo2f_user_email' => $email,
794
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
795
- ) );
796
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
797
- $response = json_decode($enduser->mo2f_update_userinfo($email,'EMAIL',null,null,null),true);
798
-
799
- }
800
- }
801
- else
802
- {
803
- $enduser = new Two_Factor_Setup();
804
-
805
- $Mo2fdbQueries->update_user_details( $currentUserId,
806
- array('mo2f_OTPOverEmail_config_status'=>true,
807
- 'mo2f_configured_2FA_method' =>'OTP Over Email',
808
- 'mo2f_user_email' => $email,
809
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
810
- ) );
811
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
812
- $response = json_decode($enduser->mo2f_update_userinfo($email,'EMAIL',null,null,null),true);
813
- }
814
- }else if($selected_method == "GOOGLE AUTHENTICATOR"){
815
- $this->miniorange_pass2login_start_session();
816
- $mo2fa_login_message = '';
817
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
818
- $google_auth = new Miniorange_Rba_Attributes();
819
-
820
- $gauth_name= get_site_option('mo2f_google_appname');
821
- $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
822
-
823
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
824
-
825
- if ( MO2F_IS_ONPREM ) { //this should not be here
826
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
827
- 'mo2f_configured_2FA_method' =>$selected_method,
828
- ) );
829
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
830
- $gauth_obj = new Google_auth_onpremise();
831
-
832
- $onpremise_secret = $gauth_obj->createSecret();
833
- $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
834
- $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
835
- $mo2f_google_auth = array();
836
- $mo2f_google_auth['ga_qrCode'] = $url;
837
- $mo2f_google_auth['ga_secret'] = $onpremise_secret;
838
- $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
839
- update_user_meta($current_user->ID,'mo2f_google_auth', json_encode($mo2f_google_auth));
840
-
841
- }else{
842
- $current_user = get_userdata($currentUserId);
843
- $email = $current_user->user_email;
844
- $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
845
-
846
- if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
847
- {
848
- $email = $tempemail;
849
- }
850
-
851
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
852
- if($response['status']=='ERROR') {
853
- $mo2fa_login_message=$response['message'];
854
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
855
-
856
- }else{
857
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
858
- 'mo2f_configured_2FA_method' =>$selected_method,
859
- ) );
860
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
861
- if ( json_last_error() == JSON_ERROR_NONE ) {
862
- if ( $google_response['status'] == 'SUCCESS' ) {
863
-
864
- $mo2f_google_auth = array();
865
- $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
866
- $mo2f_google_auth['ga_secret'] = $google_response['secret'];
867
- $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
868
- update_user_meta( $current_user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
869
-
870
- } else {
871
- $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
872
- }
873
- }
874
- }
875
- }
876
-
877
-
878
- }else{
879
- //inline for others
880
- if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
881
- {
882
- $current_user = get_userdata($currentUserId);
883
- $email = $current_user->user_email;
884
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
885
- if($response['status']=='ERROR') {
886
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
887
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
888
- }else {
889
- $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
890
- }
891
- }else{
892
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
893
- 'mo2f_configured_2FA_method' =>$selected_method,
894
- ) );
895
- }
896
- }
897
- }else{
898
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
899
- }
900
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
901
- }
902
- }
903
- }
904
-
905
- function check_kba_validation($POSTED){
906
- if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
907
- $nonce = $POSTED['miniorange_kba_nonce'];
908
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
909
- $error = new WP_Error();
910
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
911
- return $error;
912
- }else{
913
- $this->miniorange_pass2login_start_session();
914
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
915
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
916
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
917
- if ( isset( $user_id ) ) {
918
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
919
- $mo2fa_login_message = 'Please provide both the answers.';
920
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
921
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
922
- }
923
- $otpToken = array();
924
- $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
925
- $otpToken[0] = $kba_questions[0]['question'];
926
- $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
927
- $otpToken[2] = $kba_questions[1]['question'];
928
- $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
929
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? $_POST['mo2f_trust_device'] : 'false';
930
- //if the php session folder has insufficient permissions, cookies to be used
931
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
932
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
933
- $kba_validate = new Customer_Setup();
934
- $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
935
- Global $Mo2fdbQueries;
936
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
937
- if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
938
- if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
939
- try {
940
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
941
- } catch ( Exception $e ) {
942
- echo $e->getMessage();
943
- }
944
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
945
- } else {
946
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
947
- }
948
- } else {
949
- $mo2fa_login_message = 'The answers you have provided are incorrect.';
950
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
951
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
952
- }
953
- } else {
954
- $this->remove_current_activity($session_id_encrypt);
955
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
956
- }
957
- }
958
- }
959
- }
960
- function check_rba_cancalation($POSTED){
961
- $nonce = $POSTED['mo2f_trust_device_cancel_nonce'];
962
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
963
- $error = new WP_Error();
964
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
965
- return $error;
966
- } else {
967
- $this->miniorange_pass2login_start_session();
968
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
969
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
970
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
971
- }
972
- }
973
- function check_rba_validation($POSTED){
974
- $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
975
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
976
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
977
- $this->remove_current_activity($session_id_encrypt);
978
- $error = new WP_Error();
979
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
980
- return $error;
981
- } else {
982
- $this->miniorange_pass2login_start_session();
983
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
984
- try {
985
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
986
- Global $Mo2fdbQueries;
987
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
988
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
989
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
990
- } catch ( Exception $e ) {
991
- echo $e->getMessage();
992
- }
993
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
994
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
995
- }
996
- }
997
- function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
998
- $nonce = $_POST['miniorange_forgotphone'];
999
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1000
- $error = new WP_Error();
1001
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1002
- return $error;
1003
- } else {
1004
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1005
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1006
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1007
- $mo2fa_login_message = '';
1008
- $this->miniorange_pass2login_start_session();
1009
- $customer = new Customer_Setup();
1010
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1011
- Global $Mo2fdbQueries;
1012
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1013
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1014
- if ( $kba_configuration_status ) {
1015
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1016
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1017
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1018
- } else {
1019
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1020
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1021
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1022
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1023
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1024
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1025
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1026
- //if the php session folder has insufficient permissions, cookies to be used
1027
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1028
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1029
- $this->mo2f_transactionid=$content['txId'];
1030
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1031
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1032
- } else {
1033
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1034
- }
1035
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1036
- }
1037
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1038
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1039
- }
1040
- }
1041
- function check_miniorange_alternate_login_kba($POSTED){
1042
- $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1043
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1044
- $error = new WP_Error();
1045
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1046
- return $error;
1047
- } else {
1048
- $this->miniorange_pass2login_start_session();
1049
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1050
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1051
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1052
- $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1053
- }
1054
- }
1055
- function check_miniorange_mobile_validation($POSTED){
1056
- /*check mobile validation */
1057
- $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1058
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1059
- $error = new WP_Error();
1060
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1061
- return $error;
1062
- } else {
1063
- if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1064
- {
1065
- $txid = $POSTED['TxidEmail'];
1066
- $status = get_option($txid);
1067
- if($status != '')
1068
- {
1069
- if($status != 1)
1070
- {
1071
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1072
- }
1073
- }
1074
- }
1075
- $this->miniorange_pass2login_start_session();
1076
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1077
- //if the php session folder has insufficient permissions, cookies to be used
1078
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1079
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1080
- $checkMobileStatus = new Two_Factor_Setup();
1081
- $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1082
- $response = json_decode( $content, true );
1083
- if(MO2F_IS_ONPREM)
1084
- {
1085
- $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1086
- }
1087
- if ( json_last_error() == JSON_ERROR_NONE ) {
1088
- if ( $response['status'] == 'SUCCESS' ) {
1089
- if ( get_option( 'mo2f_remember_device' ) ) {
1090
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1091
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1092
- } else {
1093
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1094
- }
1095
- } else {
1096
- $this->remove_current_activity($session_id_encrypt);
1097
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1098
- }
1099
- } else {
1100
- $this->remove_current_activity($session_id_encrypt);
1101
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1102
- }
1103
- }
1104
- }
1105
- function check_miniorange_mobile_validation_failed($POSTED){
1106
- /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1107
- $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1108
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1109
- $error = new WP_Error();
1110
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1111
- return $error;
1112
- } else {
1113
- $this->miniorange_pass2login_start_session();
1114
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1115
- $this->remove_current_activity($session_id_encrypt);
1116
-
1117
- }
1118
- }
1119
- function check_miniorange_forgotphone($POSTED){
1120
- $nonce = $POSTED['miniorange_forgotphone'];
1121
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1122
- $error = new WP_Error();
1123
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1124
- return $error;
1125
- } else {
1126
- global $Mo2fdbQueries;
1127
- $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1128
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1129
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1130
- $mo2fa_login_message = '';
1131
- $this->miniorange_pass2login_start_session();
1132
- $customer = new Customer_Setup();
1133
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1134
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1135
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1136
- if ( $kba_configuration_status ) {
1137
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1138
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1139
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1140
- } else {
1141
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1142
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1143
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1144
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1145
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1146
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1147
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1148
- //if the php session folder has insufficient permissions, cookies to be used
1149
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1150
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1151
- $this->mo2f_transactionid=$content['txId'];
1152
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1153
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1154
- } else {
1155
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1156
- }
1157
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1158
- }
1159
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1160
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1161
- }
1162
- }
1163
- function check_miniorange_softtoken($POSTED){
1164
- /*Click on the link of phone is offline */
1165
- $nonce = $POSTED['miniorange_softtoken'];
1166
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1167
- $error = new WP_Error();
1168
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1169
- return $error;
1170
- } else {
1171
- $this->miniorange_pass2login_start_session();
1172
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1173
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1174
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1175
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1176
- MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1177
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1178
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1179
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1180
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1181
- }
1182
- }
1183
- function check_miniorange_soft_token($POSTED){
1184
- /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1185
- $nonce = $_POST['miniorange_soft_token_nonce'];
1186
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1187
- $error = new WP_Error();
1188
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1189
- return $error;
1190
- }else {
1191
- $this->miniorange_pass2login_start_session();
1192
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1193
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1194
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1195
- $softtoken = '';
1196
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1197
- $attempts = get_option('mo2f_attempts_before_redirect', 3);
1198
- if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1199
- if($attempts>1 || $attempts=='disabled')
1200
- {
1201
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1202
- $mo2fa_login_message = 'Please enter OTP to proceed.';
1203
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1204
- }else{
1205
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1206
- $this->remove_current_activity($session_id_encrypt);
1207
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1208
- }
1209
- } else {
1210
- $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1211
- if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1212
- if($attempts>1|| $attempts=='disabled')
1213
- {
1214
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1215
- $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1216
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1217
- }else{
1218
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1219
- $this->remove_current_activity($session_id_encrypt);
1220
- update_option('mo2f_attempts_before_redirect', 3);
1221
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1222
- }
1223
- }
1224
- }
1225
- global $Mo2fdbQueries;
1226
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1227
- if ( isset( $user_id ) ) {
1228
- $customer = new Customer_Setup();
1229
- $content = '';
1230
- $current_user = get_userdata($user_id);
1231
- //if the php session folder has insufficient permissions, cookies to be used
1232
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1233
- if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1234
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1235
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1236
- $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1237
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1238
- $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1239
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1240
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1241
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1242
- $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1243
- } else {
1244
- $this->remove_current_activity($session_id_encrypt);
1245
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1246
- }
1247
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1248
- update_option('mo2f_attempts_before_redirect', 3);
1249
- if ( get_option( 'mo2f_remember_device' ) ) {
1250
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1251
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1252
- } else {
1253
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1254
- }
1255
- } else {
1256
- if($attempts>1 || $attempts=='disabled')
1257
- {
1258
- update_option('mo2f_attempts_before_redirect', $attempts-1);
1259
- $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1260
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1261
- }else{
1262
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1263
- $this->remove_current_activity($session_id_encrypt);
1264
- update_option('mo2f_attempts_before_redirect', 3);
1265
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1266
- }
1267
- }
1268
- } else {
1269
- $this->remove_current_activity($session_id_encrypt);
1270
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1271
- }
1272
- }
1273
- }
1274
- function check_miniorange_attribute_collection($POSTED){
1275
- $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1276
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1277
- $error = new WP_Error();
1278
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1279
- return $error;
1280
- } else {
1281
- $this->miniorange_pass2login_start_session();
1282
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1283
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1284
- $currentuser = get_user_by( 'id', $user_id );
1285
- $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1286
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1287
- $session_id = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1288
- $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1289
- }
1290
- }
1291
- function check_miniorange_inline_skip_registration($POSTED){
1292
- $error = new WP_Error();
1293
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1294
- }
1295
- function miniorange_pass2login_redirect() {
1296
- do_action('mo2f_network_init');
1297
- global $Mo2fdbQueries;
1298
-
1299
- if ( ! get_option( 'mo2f_login_option' ) ) {
1300
- if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1301
- $nonce = $_POST['miniorange_login_nonce'];
1302
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1303
-
1304
- if(is_null($session_id)) {
1305
- $session_id=$this->create_session();
1306
- }
1307
-
1308
-
1309
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1310
- $this->remove_current_activity($session_id);
1311
- $error = new WP_Error();
1312
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1313
- return $error;
1314
- } else {
1315
- $this->miniorange_pass2login_start_session();
1316
- $mobile_login = new Miniorange_Mobile_Login();
1317
- //validation and sanitization
1318
- $username = '';
1319
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
1320
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1321
- $mobile_login->mo_auth_show_error_message();
1322
- return;
1323
- } else {
1324
- $username = sanitize_text_field( $_POST['mo2fa_username'] );
1325
- }
1326
- if ( username_exists( $username ) ) { /*if username exists in wp site */
1327
- $user = new WP_User( $username );
1328
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
1329
- MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
1330
- MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
1331
- $this->mo2f_userId=$user->ID;
1332
- $this->fstfactor='VALIDATE_SUCCESS';
1333
- $current_roles = miniorange_get_user_role( $user );
1334
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1335
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1336
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1337
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1338
-
1339
- if(MO2F_IS_ONPREM )
1340
- {
1341
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1342
-
1343
- }
1344
- if ( $mo2f_configured_2FA_method ) {
1345
- if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
1346
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
1347
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1348
- } else {
1349
- $mo2f_second_factor = '';
1350
-
1351
- if(MO2F_IS_ONPREM)
1352
- {
1353
- global $Mo2fdbQueries;
1354
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1355
- if($mo2f_second_factor == 'Security Questions')
1356
- {
1357
- $mo2f_second_factor = 'KBA';
1358
- }
1359
- else if($mo2f_second_factor == 'Google Authenticator')
1360
- {
1361
- $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
1362
- }
1363
- else if($mo2f_second_factor != 'Email Verification')
1364
- $mo2f_second_factor = 'NONE';
1365
- }else{
1366
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
1367
- }
1368
-
1369
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
1370
- $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
1371
- } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
1372
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1373
- }
1374
- else if($mo2f_second_factor == 'Email Verification'){
1375
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1376
- }
1377
- else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
1378
- $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1379
- } else if ( $mo2f_second_factor == 'KBA' ) {
1380
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1381
- } else {
1382
- $this->remove_current_activity($session_id);
1383
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
1384
- $mobile_login->mo_auth_show_success_message();
1385
- }
1386
- }
1387
- } else {
1388
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
1389
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1390
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1391
- $mobile_login->mo2f_redirectto_wp_login();
1392
- }
1393
- } else {
1394
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
1395
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1396
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1397
- $mobile_login->mo2f_redirectto_wp_login();
1398
- }
1399
- } else {
1400
- $mobile_login->remove_current_activity($session_id);
1401
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
1402
- $mobile_login->mo_auth_show_error_message('Invalid Username.');
1403
- }
1404
- }
1405
- }
1406
-
1407
- }
1408
- if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
1409
- {
1410
- $userIDGet = sanitize_text_field($_GET['userID']);
1411
- $txIdGet = sanitize_text_field($_GET['Txid']);
1412
- $otpToken = get_site_option($userIDGet);
1413
- $txidstatus = get_site_option($txIdGet);
1414
- $userIDd = $userIDGet.'D';
1415
- $otpTokenD = get_site_option($userIDd);
1416
- $mo2f_dirName = dirname(__FILE__);
1417
- $mo2f_dirName = explode('wp-content', $mo2f_dirName);
1418
- $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
1419
-
1420
- $head = "You are not authorized to perform this action";
1421
- $body = "Please contact to your admin";
1422
- $color = "red";
1423
- if(3 == $txidstatus)
1424
- {
1425
- $time = "time".$txIdGet;
1426
- $currentTimeInMillis = round(microtime(true) * 1000);
1427
- $generatedTimeINMillis = get_site_option($time);
1428
- $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
1429
- if($difference <= 300)
1430
- {
1431
- $accessTokenGet = sanitize_text_field($_GET['accessToken']);
1432
- if( $accessTokenGet == $otpToken)
1433
- {
1434
- update_site_option($txIdGet,1);
1435
- $body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
1436
- $head = "TRANSACTION SUCCESSFUL";
1437
- $color = "green";
1438
- }
1439
- else if($accessTokenGet==$otpTokenD)
1440
- {
1441
- update_site_option($txIdGet,0);
1442
- $body = "Transaction has been Canceled.<br><br>Please Try Again.";
1443
- $head = "TRANSACTION DENIED";
1444
- }
1445
- }
1446
- delete_site_option($userIDGet);
1447
- delete_site_option($userIDd);
1448
- delete_site_option($time);
1449
-
1450
- }
1451
-
1452
- $this->display_email_verification($head,$body,$color);
1453
- exit;
1454
-
1455
- }
1456
- elseif (isset($_POST['emailInlineCloud'])) {
1457
- $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
1458
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
1459
- $error = new WP_Error();
1460
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1461
- return $error;
1462
- } else {
1463
- $email = sanitize_text_field($_POST['emailInlineCloud']);
1464
- $current_user_id = sanitize_text_field($_POST['current_user_id']);
1465
- //$session_id = sanitize_text_field($_POST['session_id']);
1466
- if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
1467
- global $Mo2fdbQueries;
1468
- $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
1469
- prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','','','',null);
1470
- }
1471
- }
1472
- }
1473
- else if(isset($_POST['txid']))
1474
- {
1475
- $txidpost = sanitize_text_field($_POST['txid']);
1476
- $status = get_site_option($txidpost);
1477
- update_option('optionVal1',$status); //??
1478
- if($status ==1 || $status ==0)
1479
- delete_site_option($txidpost);
1480
- echo $status;
1481
- exit();
1482
- }
1483
-
1484
-
1485
-
1486
- else{
1487
-
1488
- $value=isset($_POST['option'])?$_POST['option']:false;
1489
-
1490
- switch ($value) {
1491
- case 'miniorange_rba_validate':
1492
- $this->check_rba_validation($_POST);
1493
- break;
1494
-
1495
- case 'miniorange_rba_cancle':
1496
-
1497
- $this->check_rba_cancalation($_POST);
1498
- break;
1499
-
1500
- case 'miniorange_forgotphone':
1501
- $this->check_miniorange_challenge_forgotphone($_POST);
1502
- break;
1503
-
1504
- case 'miniorange_alternate_login_kba':
1505
-
1506
- $this->check_miniorange_alternate_login_kba($_POST);
1507
- break;
1508
-
1509
- case 'miniorange_kba_validate':
1510
- $this->check_kba_validation($_POST);
1511
-
1512
- break;
1513
-
1514
- case 'miniorange_mobile_validation':
1515
- $this->check_miniorange_mobile_validation($_POST);
1516
- break;
1517
-
1518
- case 'miniorange_mobile_validation_failed':
1519
- $this->check_miniorange_mobile_validation_failed($_POST);
1520
- break;
1521
-
1522
- case 'miniorange_softtoken':
1523
- $this->check_miniorange_softtoken($_POST);
1524
-
1525
- break;
1526
-
1527
-
1528
- case 'miniorange_soft_token':
1529
-
1530
- $this->check_miniorange_soft_token($_POST);
1531
- break;
1532
-
1533
- case 'miniorange_inline_skip_registration':
1534
- $this->check_miniorange_inline_skip_registration($_POST);
1535
- break;
1536
-
1537
- case 'miniorange_attribute_collection':
1538
- $this->check_miniorange_attribute_collection($_POST);
1539
- break;
1540
-
1541
- case 'miniorange_inline_save_2factor_method':
1542
- $this->save_inline_2fa_method();
1543
- break;
1544
-
1545
- case 'mo2f_skip_2fa_setup':
1546
- $this->mo2f_skip_2fa_setup();
1547
- break;
1548
-
1549
- case 'miniorange_back_inline':
1550
- $this->back_to_select_2fa();
1551
- break;
1552
-
1553
- case 'miniorange_inline_ga_validate':
1554
- $this->inline_validate_and_set_ga();
1555
- break;
1556
-
1557
- case 'miniorange_inline_show_mobile_config':
1558
- $this->inline_mobile_configure();
1559
- break;
1560
-
1561
- case 'miniorange_inline_complete_mobile':
1562
- $this->mo2f_inline_validate_mobile_authentication();
1563
- break;
1564
-
1565
- case 'mo2f_inline_kba_option':
1566
- $this->mo2f_inline_validate_kba();
1567
- break;
1568
-
1569
- case 'miniorange_inline_complete_otp_over_sms':
1570
- $this->mo2f_inline_send_otp();
1571
- break;
1572
-
1573
- case 'miniorange_inline_complete_otp':
1574
- $this->mo2f_inline_validate_otp();
1575
- break;
1576
-
1577
- case 'miniorange_inline_login':
1578
- $this->mo2f_inline_login();
1579
- break;
1580
- case 'miniorange_inline_register':
1581
- $this->mo2f_inline_register();
1582
- break;
1583
- default:
1584
- $error = new WP_Error();
1585
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1586
-
1587
- return $error;
1588
- break;
1589
-
1590
-
1591
- }
1592
- }
1593
- }
1594
-
1595
- function deniedMessage($message)
1596
- {
1597
- if(empty($message) && get_option("deniedMessage") )
1598
- {
1599
- delete_option('deniedMessage');
1600
- }
1601
- else
1602
- return $message;
1603
- }
1604
- function remove_current_activity($session_id) {
1605
- global $Mo2fdbQueries;
1606
- $session_variables = array(
1607
- 'mo2f_current_user_id',
1608
- 'mo2f_1stfactor_status',
1609
- 'mo_2factor_login_status',
1610
- 'mo2f-login-qrCode',
1611
- 'mo2f_transactionId',
1612
- 'mo2f_login_message',
1613
- 'mo2f_rba_status',
1614
- 'mo_2_factor_kba_questions',
1615
- 'mo2f_show_qr_code',
1616
- 'mo2f_google_auth',
1617
- 'mo2f_authy_keys'
1618
- );
1619
-
1620
- $cookie_variables = array(
1621
- 'mo2f_current_user_id',
1622
- 'mo2f_1stfactor_status',
1623
- 'mo_2factor_login_status',
1624
- 'mo2f-login-qrCode',
1625
- 'mo2f_transactionId',
1626
- 'mo2f_login_message',
1627
- 'mo2f_rba_status_status',
1628
- 'mo2f_rba_status_sessionUuid',
1629
- 'mo2f_rba_status_decision_flag',
1630
- 'kba_question1',
1631
- 'kba_question2',
1632
- 'mo2f_show_qr_code',
1633
- 'mo2f_google_auth',
1634
- 'mo2f_authy_keys'
1635
- );
1636
-
1637
- $temp_table_variables = array(
1638
- 'session_id',
1639
- 'mo2f_current_user_id',
1640
- 'mo2f_login_message',
1641
- 'mo2f_1stfactor_status',
1642
- 'mo2f_transactionId',
1643
- 'mo_2_factor_kba_questions',
1644
- 'mo2f_rba_status',
1645
- 'ts_created'
1646
- );
1647
-
1648
- MO2f_Utility::unset_session_variables( $session_variables );
1649
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
1650
- $key = get_option( 'mo2f_encryption_key' );
1651
- $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
1652
- $Mo2fdbQueries->save_user_login_details( $session_id, array(
1653
-
1654
- 'mo2f_current_user_id' => '',
1655
- 'mo2f_login_message' => '',
1656
- 'mo2f_1stfactor_status' => '',
1657
- 'mo2f_transactionId' => '',
1658
- 'mo_2_factor_kba_questions' => '',
1659
- 'mo2f_rba_status' => '',
1660
- 'ts_created' => ''
1661
- ) );
1662
-
1663
-
1664
- }
1665
-
1666
- public function miniorange_pass2login_start_session() {
1667
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1668
- $session_path = ini_get('session.save_path');
1669
- if( is_writable($session_path) && is_readable($session_path) ) {
1670
- session_start();
1671
- }
1672
- }
1673
- }
1674
-
1675
- function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
1676
- global $Mo2fdbQueries,$LoginuserID;
1677
- $LoginuserID = $user_id;
1678
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1679
- if(is_null($session_id)) {
1680
- $session_id=$this->create_session();
1681
- }
1682
- if(MO2F_IS_ONPREM){
1683
- $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
1684
- $challenge_questions = array_keys($question_answers);
1685
- $random_keys = array_rand($challenge_questions,2);
1686
- $challenge_ques1 = $challenge_questions[$random_keys[0]];
1687
- $challenge_ques2 = $challenge_questions[$random_keys[1]];
1688
- $questions[0] = array('question'=>$challenge_ques1);
1689
- $questions[1] = array('question'=>$challenge_ques2);
1690
- update_user_meta( $user_id, 'kba_questions_user', $questions );
1691
- $mo2fa_login_message = 'Please answer the following questions:';
1692
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1693
- $mo2f_kbaquestions = $questions;
1694
- MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1695
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1696
- }
1697
-
1698
- else{
1699
- $challengeKba = new Customer_Setup();
1700
- $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1701
- $response = json_decode( $content, true );
1702
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1703
- if ( $response['status'] == 'SUCCESS' ) {
1704
- MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
1705
- $this->mo2f_transactionid = $response['txId'];
1706
- $questions = array();
1707
- $questions[0] = $response['questions'][0];
1708
- $questions[1] = $response['questions'][1];
1709
- MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1710
- $this->mo2f_kbaquestions=$questions;
1711
- $mo2fa_login_message = 'Please answer the following questions:';
1712
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1713
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1714
- } else if ( $response['status'] == 'ERROR' ) {
1715
- $this->remove_current_activity($session_id);
1716
- $error = new WP_Error();
1717
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1718
-
1719
- return $error;
1720
- }
1721
- } else {
1722
- $this->remove_current_activity($session_id);
1723
- $error = new WP_Error();
1724
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1725
-
1726
- return $error;
1727
- }
1728
- }
1729
- }
1730
-
1731
- function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt ) {
1732
-
1733
- $login_status = $mo2fa_login_status;
1734
- $login_message = $mo2fa_login_message;
1735
- switch ($login_status) {
1736
- case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
1737
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1738
- mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
1739
- exit;
1740
- break;
1741
- case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
1742
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1743
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1744
- exit;
1745
- break;
1746
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
1747
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1748
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1749
- exit;
1750
- break;
1751
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
1752
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1753
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1754
- exit;
1755
- break;
1756
- case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
1757
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1758
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1759
- exit;
1760
- break;
1761
- case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
1762
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1763
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1764
- exit;
1765
- break;
1766
- case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
1767
- mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
1768
- exit;
1769
- break;
1770
-
1771
- case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
1772
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1773
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1774
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1775
- exit;
1776
- break;
1777
-
1778
- case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
1779
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1780
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1781
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1782
- exit;
1783
- break;
1784
-
1785
- case 'MO_2_FACTOR_RECONFIG_GOOGLE':
1786
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1787
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
1788
- exit;
1789
- break;
1790
-
1791
- case 'MO_2_FACTOR_RECONFIG_KBA':
1792
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1793
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
1794
- exit;
1795
- break;
1796
-
1797
- case 'MO_2_FACTOR_SETUP_SUCCESS':
1798
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1799
- $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
1800
- break;
1801
-
1802
- case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
1803
- $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
1804
- if(MO2F_IS_ONPREM){
1805
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1806
- $ques = get_user_meta( $user_id, 'kba_questions_user');
1807
- mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
1808
- }
1809
- else{
1810
- mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
1811
- }
1812
- exit;
1813
- break;
1814
-
1815
- case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
1816
- mo2f_get_device_form( $redirect_to, $session_id_encrypt );
1817
- exit;
1818
- break;
1819
-
1820
- case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
1821
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1822
- prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
1823
- exit;
1824
- break;
1825
-
1826
- default:
1827
- $this->mo_2_factor_pass2login_show_wp_login_form();
1828
- if(MO2F_IS_ONPREM){
1829
- $this->mo_2_factor_pass2login_show_wp_login_form();
1830
- }
1831
- break;
1832
- }
1833
- }
1834
-
1835
- function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
1836
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
1837
- return true;
1838
- }
1839
-
1840
- return false;
1841
- }
1842
-
1843
- function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
1844
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1845
- return true;
1846
- }
1847
-
1848
- return false;
1849
- }
1850
-
1851
- function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
1852
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
1853
- return true;
1854
- }
1855
-
1856
- return false;
1857
- }
1858
-
1859
- function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
1860
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
1861
- return true;
1862
- }
1863
-
1864
- return false;
1865
- }
1866
-
1867
- function miniorange_pass2login_reconfig_google( $login_status ) {
1868
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
1869
- return true;
1870
- }
1871
-
1872
- return false;
1873
- }
1874
-
1875
- function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
1876
-
1877
- do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
1878
-
1879
-
1880
- }
1881
-
1882
- function miniorange_pass2login_reconfig_kba( $login_status ) {
1883
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
1884
- return true;
1885
- }
1886
-
1887
- return false;
1888
- }
1889
-
1890
- function miniorange_pass2login_check_kba_status( $login_status ) {
1891
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
1892
- return true;
1893
- }
1894
-
1895
- return false;
1896
- }
1897
-
1898
- function miniorange_pass2login_check_trusted_device_status( $login_status ) {
1899
-
1900
- if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
1901
- return true;
1902
- }
1903
-
1904
- return false;
1905
- }
1906
-
1907
- function mo_2_factor_pass2login_woocommerce(){
1908
- ?>
1909
- <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
1910
- <?php
1911
- }
1912
- function mo_2_factor_pass2login_show_wp_login_form() {
1913
-
1914
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
1915
- if(is_null($session_id_encrypt)) {
1916
- $session_id_encrypt=$this->create_session();
1917
- }
1918
- ?>
1919
- <p><input type="hidden" name="miniorange_login_nonce"
1920
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
1921
-
1922
- <input type="hidden" id="sessid" name="session_id"
1923
- value="<?php echo $session_id_encrypt; ?>"/>
1924
-
1925
- </p>
1926
-
1927
- <?php
1928
- if ( get_option( 'mo2f_remember_device' ) ) {
1929
- ?>
1930
- <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
1931
- <?php
1932
- wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
1933
- wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
1934
- wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
1935
- wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
1936
- wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
1937
- wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
1938
- wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
1939
- wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
1940
- wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
1941
- }else{
1942
-
1943
-
1944
- if( get_option('mo2f_enable_2fa_prompt_on_login_page'))
1945
- {
1946
- echo "\t<p>\n";
1947
- echo "\t\t<label class=\"mo2f_instuction1\" title=\"".__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('2 Factor Authentication code*','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
1948
- echo "\t\t<input type=\"text\" placeholder=\"No soft Token ? Skip\" name=\"mo_softtoken\" id=\"mo2f_2fa_code\" class=\"mo2f_2fa_code\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
1949
- echo "\t<p class=\"mo2f_instuction2\" style='color:red; font-size:12px;padding:5px'>* Skip the authentication code if it doesn't apply.</p>\n";
1950
- echo "\t</p>\n";
1951
- echo " \r\n";
1952
- echo " \r\n";
1953
- echo "\n";
1954
- }
1955
- }
1956
-
1957
- }
1958
-
1959
- function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
1960
- global $Mo2fdbQueries;
1961
- if (is_null($session_id_encrypt)){
1962
- $session_id_encrypt=$this->create_session();
1963
- }
1964
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1965
- $useragent = $_SERVER['HTTP_USER_AGENT'];
1966
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
1967
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1968
-
1969
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1970
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
1971
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
1972
-
1973
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1974
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1975
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1976
- } else {
1977
- $challengeMobile = new Customer_Setup();
1978
- $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1979
- $response = json_decode( $content, true );
1980
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1981
- if ( $response['status'] == 'SUCCESS' ) {
1982
- $qrCode = $response['qrCode'];
1983
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
1984
- $this->mo2f_transactionid=$response['txId'];
1985
- $mo2fa_login_message = '';
1986
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
1987
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
1988
- } else if ( $response['status'] == 'ERROR' ) {
1989
- $this->remove_current_activity($session_id_encrypt);
1990
- $error = new WP_Error();
1991
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1992
-
1993
- return $error;
1994
- }
1995
- } else {
1996
- $this->remove_current_activity($session_id_encrypt);
1997
- $error = new WP_Error();
1998
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1999
-
2000
- return $error;
2001
- }
2002
- }
2003
-
2004
- }
2005
-
2006
- function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2007
-
2008
- global $Mo2fdbQueries;
2009
- if(is_null($session_id)){
2010
- $session_id=$this->create_session();
2011
- }
2012
- $challengeMobile = new Customer_Setup();
2013
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2014
- if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2015
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2016
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2017
- $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2018
-
2019
- }else {
2020
- $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2021
- }
2022
- $response = json_decode( $content, true );
2023
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2024
- if ( $response['status'] == 'SUCCESS' ) {
2025
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2026
- $this->mo2f_transactionid=$response['txId'];
2027
-
2028
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2029
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2030
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2031
- } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2032
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2033
- $this->mo2f_transactionid=$response['txId'];
2034
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2035
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2036
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2037
- }
2038
- } else {
2039
- $this->remove_current_activity($session_id);
2040
- $error = new WP_Error();
2041
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2042
-
2043
- return $error;
2044
- }
2045
- }
2046
-
2047
- function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2048
- global $Mo2fdbQueries;
2049
- if(is_null($session_id)){
2050
- $session_id=$this->create_session();
2051
- }
2052
- $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2053
- if($mo2f_second_factor == 'EMAIL')
2054
- {
2055
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2056
- $wdewdeqdqq = get_option(base64_encode("remainingOTP"));
2057
-
2058
- if($wdewdeqdqq >10 or get_option(base64_encode("limitReached")))
2059
- {
2060
- update_option(base64_encode("remainingOTP"),0);
2061
- }
2062
- }
2063
- else
2064
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2065
- if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2066
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2067
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2068
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2069
- } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2070
- $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2071
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2072
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2073
- } else {
2074
- $challengeMobile = new Customer_Setup();
2075
- $content = '';
2076
- $response = [];
2077
- $otpLIMiTE = 0;
2078
- if(get_site_option("cmVtYWluaW5nT1RQ")>0 or $mo2f_second_factor != 'EMAIL')
2079
- {
2080
- if($mo2f_second_factor == 'OTP Over SMS')
2081
- $mo2f_second_factor = 'SMS';
2082
- $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2083
- $response = json_decode( $content, true );
2084
-
2085
- }
2086
- else
2087
- {
2088
- $response['status'] = 'FAILED';
2089
- $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2090
- $otpLIMiTE = 1;
2091
- }
2092
- if ( json_last_error() == JSON_ERROR_NONE ) {
2093
- if ( $response['status'] == 'SUCCESS' ) {
2094
- if($mo2f_second_factor == 'EMAIL')
2095
- {
2096
- $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
2097
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2098
- }
2099
- elseif($mo2f_second_factor == 'SMS')
2100
- {
2101
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2102
- }
2103
- if(!isset($response['phoneDelivery']['contact']))
2104
- $response['phoneDelivery']['contact'] = '';
2105
- $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2106
- update_option( 'mo2f_number_of_transactions', get_option( 'mo2f_number_of_transactions' ) - 1 );
2107
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2108
- $this->mo2f_transactionid=$response['txId'];
2109
- $mo2fa_login_message = $message;
2110
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2111
-
2112
- if($currentMethod == 'OTP Over Email')
2113
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2114
- else
2115
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2116
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2117
- } else {
2118
-
2119
-
2120
- if($response['message'] == 'TEST FAILED.')
2121
- $response['message'] = 'There is an error in sending the OTP.';
2122
-
2123
- $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
2124
-
2125
- if($otpLIMiTE ==1)
2126
- $last_message = 'or contact miniOrange';
2127
-
2128
- else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
2129
- $last_message = 'Or check your SMTP Server and remaining transacions.';
2130
- else
2131
- $last_message = 'Or check your remaining transacions';
2132
-
2133
- $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
2134
- if(!isset($response['txId']))
2135
- $response['txId'] = '';
2136
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2137
- $this->mo2f_transactionid=$response['txId'];
2138
- $mo2fa_login_message = $message;
2139
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2140
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2141
- }
2142
- } else {
2143
- $this->remove_current_activity($session_id);
2144
- $error = new WP_Error();
2145
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2146
- return $error;
2147
- }
2148
- }
2149
- }
2150
-
2151
- function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
2152
- if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
2153
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
2154
- $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
2155
- } else {
2156
- $user_id=$this->mo2f_userID;
2157
- $mo2f_1stfactor_status=$this->fstfactor;
2158
- }
2159
- if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
2160
- $currentuser = get_user_by( 'id', $user_id );
2161
- wp_set_current_user( $user_id, $currentuser->user_login );
2162
- $mobile_login = new Miniorange_Mobile_Login();
2163
- $mobile_login->remove_current_activity($session_id_encrypted);
2164
- wp_set_auth_cookie( $user_id, true );
2165
- do_action( 'wp_login', $currentuser->user_login, $currentuser );
2166
- redirect_user_to( $currentuser, $redirect_to );
2167
- exit;
2168
- } else {
2169
- $this->remove_current_activity($session_id_encrypted);
2170
- }
2171
- }
2172
-
2173
- function create_session(){
2174
- global $Mo2fdbQueries;
2175
- $session_id = MO2f_Utility::random_str(20);
2176
- $Mo2fdbQueries->insert_user_login_session($session_id);
2177
- $key = get_option( 'mo2f_encryption_key' );
2178
- $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
2179
- return $session_id_encrypt;
2180
- }
2181
-
2182
- function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
2183
-
2184
- global $Mo2fdbQueries;
2185
- $this->miniorange_pass2login_start_session();
2186
- if(is_null($session_id_encrypt)) {
2187
- $session_id_encrypt=$this->create_session();
2188
- }
2189
-
2190
- MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
2191
- MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
2192
-
2193
- $this->mo2f_userID=$currentuser->ID;
2194
- $this->fstfactor='VALIDATE_SUCCESS';
2195
-
2196
- $is_customer_admin = true;
2197
-
2198
- $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
2199
- if($dG90YWxVc2Vyc0Nsb3Vk<3)
2200
- $is_customer_admin = true;
2201
-
2202
- $roles = ( array ) $currentuser->roles;
2203
- $twofactor_enabled = 0;
2204
- foreach ( $roles as $role ) {
2205
- if(get_option('mo2fa_'.$role)=='1')
2206
- $twofactor_enabled=1;
2207
- }
2208
-
2209
- if ( $is_customer_admin && $twofactor_enabled ) {
2210
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
2211
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
2212
-
2213
- if(get_option( 'mo2f_enable_brute_force' )){
2214
- $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
2215
- }else{
2216
- $mo2f_allwed_login_attempts= 'disabled';
2217
- }
2218
- update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
2219
-
2220
- $twofactor_transactions = new Mo2fDB;
2221
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
2222
-
2223
- if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
2224
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2225
- try {
2226
- $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
2227
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
2228
- $this->mo2f_rbastatus=$mo2f_rba_status;
2229
- } catch ( Exception $e ) {
2230
- echo $e->getMessage();
2231
- }
2232
-
2233
- if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
2234
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2235
- } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
2236
-
2237
- $this->mo2f_restrict_access( 'Access_denied' );
2238
- exit;
2239
- } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
2240
- $this->mo2f_restrict_access( 'Access_denied' );
2241
- exit;
2242
- } else {
2243
-
2244
- $mo2f_second_factor = '';
2245
-
2246
- if(MO2F_IS_ONPREM)
2247
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2248
- else
2249
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
2250
-
2251
- if($mo2f_second_factor == 'miniOrange Soft Token')
2252
- $mo2f_second_factor = "SOFT TOKEN";
2253
- else if($mo2f_second_factor == "miniOrange Push Notification")
2254
- $mo2f_second_factor = "PUSH NOTIFICATIONS";
2255
- else if($mo2f_second_factor == "miniOrange QR Code Authentication")
2256
- $mo2f_second_factor = "MOBILE AUTHENTICATION";
2257
- else if($mo2f_second_factor == 'Security Questions')
2258
- $mo2f_second_factor = 'KBA';
2259
- else if($mo2f_second_factor == 'Google Authenticator')
2260
- $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2261
- else if($mo2f_second_factor == 'OTP Over SMS')
2262
- $mo2f_second_factor = 'SMS';
2263
- else if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
2264
- $mo2f_second_factor = "EMAIL";
2265
-
2266
- if(get_site_option("cmVtYWluaW5nT1RQ")<=0)
2267
- {
2268
- update_site_option("bGltaXRSZWFjaGVk",1);
2269
-
2270
- }
2271
- }
2272
-
2273
-
2274
-
2275
- if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && get_option('mo2f_enable_2fa_prompt_on_login_page')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
2276
- {
2277
- $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
2278
- if(is_wp_error( $error))
2279
- {
2280
- return $error;
2281
- }
2282
- }
2283
- else{
2284
-
2285
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2286
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
2287
- } else {
2288
-
2289
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2290
- $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
2291
- } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification') {
2292
- $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2293
- } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL') {
2294
- $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2295
- } else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
2296
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
2297
- } else if ( $mo2f_second_factor == 'NONE' ) {
2298
- return $currentuser;
2299
- } else {
2300
- $this->remove_current_activity($session_id_encrypt);
2301
- $error = new WP_Error();
2302
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
2303
- return $error;
2304
- }
2305
- }
2306
- }
2307
-
2308
- }
2309
- }else if(!$exceeded && get_site_option('mo2f_inline_registration')){
2310
- $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
2311
-
2312
- } else {
2313
- return $currentuser;
2314
- }
2315
-
2316
- } else { //plugin is not activated for current role then logged him in without asking 2 factor
2317
- return $currentuser;
2318
- }
2319
-
2320
- }
2321
-
2322
- function mo2fa_inline($currentuser,$redirect_to,$session_id){
2323
-
2324
- global $Mo2fdbQueries;
2325
- $currentUserId = $currentuser->ID;
2326
- $email = $currentuser->user_email;
2327
- $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
2328
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
2329
- 'user_registration_with_miniorange' =>'SUCCESS',
2330
- 'mo2f_user_email' =>$email,
2331
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
2332
- ) );
2333
-
2334
- $mo2fa_login_message = '';
2335
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2336
-
2337
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
2338
- //}
2339
- }
2340
-
2341
- function mo2f_validate_soft_token($currentuser, $redirect_to = null, $mo2f_second_factor, $softtoken,$session_id_encrypt){
2342
- global $Mo2fdbQueries;
2343
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2344
- $customer = new Customer_Setup();
2345
- $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2346
-
2347
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2348
- if ( get_option( 'mo2f_remember_device' ) ) {
2349
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
2350
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
2351
- } else {
2352
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2353
- }
2354
- } else {
2355
- return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
2356
- }
2357
- }
2358
-
2359
- function mo2f_restrict_access( $identity ) {
2360
- apply_filters( 'mo2f_rba_addon', $identity );
2361
- exit;
2362
- }
2363
-
2364
- function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
2365
- global $Mo2fdbQueries;
2366
- if ( get_option( 'mo2f_remember_device' ) ) {
2367
- $this->miniorange_pass2login_start_session();
2368
-
2369
- $session_id=$this->create_session();
2370
- MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
2371
- $this->mo2f_userID=$currentuser->ID;
2372
-
2373
- mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
2374
- exit;
2375
- } else {
2376
- $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to );
2377
- }
2378
- }
2379
-
2380
- function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
2381
- if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
2382
- return $user;
2383
- }
2384
- if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
2385
- return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
2386
- }
2387
-
2388
- // if an app password is enabled, this is an XMLRPC / APP login ?
2389
- if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
2390
-
2391
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
2392
- if ( is_wp_error( $currentuser ) ) {
2393
- $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
2394
-
2395
- return false;
2396
- } else {
2397
- return $currentuser;
2398
- }
2399
-
2400
- } else {
2401
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
2402
- if ( is_wp_error( $currentuser ) ) {
2403
- $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
2404
- return $currentuser;
2405
- } else {
2406
- global $Mo2fdbQueries;
2407
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2408
-
2409
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2410
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2411
- $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
2412
- if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
2413
- {
2414
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
2415
- }
2416
- else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
2417
- {
2418
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
2419
- }
2420
- else
2421
- {
2422
- if ( empty( $_POST['mo_softtoken'] ) && get_option('mo2f_enable_2fa_prompt_on_login_page') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')))
2423
- {
2424
-
2425
-
2426
- if(isset($_POST['mo_woocommerce_login_prompt'])){
2427
-
2428
- $this->miniorange_initiate_2nd_factor( $currentuser, "", "","");
2429
- }
2430
- return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
2431
- // Prevent PHP notices when using app password login
2432
-
2433
- }
2434
- else
2435
- {
2436
- $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
2437
- }
2438
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
2439
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2440
-
2441
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2442
-
2443
- if(is_null($session_id)) {
2444
- $session_id=$this->create_session();
2445
- }
2446
-
2447
-
2448
- $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
2449
-
2450
-
2451
- if(is_wp_error( $error)){
2452
- return $error;
2453
- }
2454
- return $error;
2455
- }
2456
- }
2457
- }
2458
-
2459
- }
2460
-
2461
- function display_email_verification($head,$body,$color)
2462
- {
2463
- echo "<div style='background-color: #d5e3d9; height:850px;' >
2464
- <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
2465
- <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
2466
- <img alt='logo' style='margin-left:240px ;
2467
- margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
2468
- <div><hr></div>
2469
-
2470
- <tbody>
2471
- <tr>
2472
- <td>
2473
-
2474
- <p style='margin-top:0;margin-bottom:10px'>
2475
- <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".$head ."</h1></p>
2476
- <p style='margin-top:0;margin-bottom:10px'>
2477
- <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".$body."</h2></p>
2478
- <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
2479
-
2480
- </td>
2481
- </tr>
2482
-
2483
- </div>
2484
- </div>
2485
- </div>";
2486
- }
2487
-
2488
- function mo_2_factor_enable_jquery_default_login() {
2489
- wp_enqueue_script( 'jquery' );
2490
- }
2491
-
2492
- function miniorange_pass2login_footer_form() {
2493
- ?>
2494
- <script>
2495
- jQuery(document).ready(function () {
2496
- if (document.getElementById('loginform') != null) {
2497
- jQuery('#loginform').on('submit', function (e) {
2498
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2499
- });
2500
- } else {
2501
- if (document.getElementsByClassName('login') != null) {
2502
- jQuery('.login').on('submit', function (e) {
2503
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2504
- });
2505
- }
2506
- }
2507
- });
2508
- </script>
2509
- <?php
2510
-
2511
- }
2512
-
2513
-
2514
- }
2515
-
2516
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+
25
+ include 'two_fa_login.php';
26
+ class Miniorange_Password_2Factor_Login {
27
+
28
+ private $mo2f_kbaquestions;
29
+ private $mo2f_userID;
30
+ private $mo2f_rbastatus;
31
+ private $mo2f_transactionid;
32
+
33
+ function mo2f_inline_login(){
34
+ global $moWpnsUtility;
35
+ $email = sanitize_email( $_POST['email'] );
36
+ $password = sanitize_text_field( $_POST['password'] );
37
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
38
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
39
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
40
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
+ {
42
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
+ return;
46
+ }
47
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
+ }
49
+ function mo2f_inline_register(){
50
+ global $moWpnsUtility, $Mo2fdbQueries;
51
+ $email = sanitize_email($_POST['email']);
52
+ $company = $_SERVER["SERVER_NAME"];
53
+ $password = sanitize_text_field($_POST['password']);
54
+ $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
56
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
57
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
58
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
59
+ {
60
+ $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
61
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
62
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
63
+ }
64
+ if( $password != $confirmPassword )
65
+ {
66
+ $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
67
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
68
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
69
+ }
70
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
71
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
72
+ {
73
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
74
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
75
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
76
+ }
77
+
78
+ update_option( 'mo2f_email', $email );
79
+
80
+ update_option( 'mo_wpns_company' , $company );
81
+
82
+ update_option( 'mo_wpns_password' , $password );
83
+
84
+ $customer = new MocURL();
85
+ $content = json_decode($customer->check_customer($email), true);
86
+ $Mo2fdbQueries->insert_user( $user_id );
87
+ switch ($content['status'])
88
+ {
89
+ case 'CUSTOMER_NOT_FOUND':
90
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
91
+
92
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
93
+ {
94
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
95
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
96
+ }
97
+
98
+ break;
99
+ default:
100
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
101
+ break;
102
+ }
103
+
104
+ }
105
+
106
+ function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
107
+ {
108
+ global $Mo2fdbQueries;
109
+ $customer = new MocURL();
110
+
111
+ $content = $customer->get_customer_key($email, $password);
112
+ $customerKey = json_decode($content, true);
113
+ if(json_last_error() == JSON_ERROR_NONE)
114
+ {
115
+ if(isset($customerKey['phone'])){
116
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
117
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
118
+ }
119
+ update_option('mo2f_email',$email);
120
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
121
+ $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
122
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
123
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
124
+ }
125
+ else
126
+ {
127
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
128
+ $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
129
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
130
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
131
+ }
132
+ }
133
+
134
+ function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
135
+ {
136
+ global $Mo2fdbQueries;
137
+ update_option( 'mo2f_customerKey' , $id );
138
+ update_option( 'mo2f_api_key' , $apiKey );
139
+ update_option( 'mo2f_customer_token' , $token );
140
+ update_option( 'mo2f_app_secret' , $appSecret );
141
+ update_option( 'mo_wpns_enable_log_requests' , true );
142
+ update_option( 'mo2f_miniorange_admin', $id );
143
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
144
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
145
+ $Mo2fdbQueries->update_user_details( $user_id, array(
146
+ 'mo2f_user_email' =>$email
147
+ ) );
148
+ }
149
+ function mo2f_inline_validate_otp(){
150
+ if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
151
+ $nonce = $_POST['miniorange_inline_validate_otp_nonce'];
152
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
153
+ $error = new WP_Error();
154
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
155
+ return $error;
156
+ } else {
157
+ global $Mo2fdbQueries;
158
+ $this->miniorange_pass2login_start_session();
159
+ $otp_token = '';
160
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
161
+ $mo2fa_login_message = '';
162
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
163
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
164
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
165
+ } else{
166
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
167
+ }
168
+
169
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
170
+ $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
171
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
172
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
173
+ $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
174
+ $customer = new Customer_Setup();
175
+ $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
176
+ if($content['status'] == 'ERROR'){
177
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
178
+ }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
179
+ $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
180
+ if($user_phone && strlen($user_phone) >= 4){
181
+ if($phone != $user_phone ){
182
+
183
+ $Mo2fdbQueries->update_user_details( $current_user, array(
184
+ 'mobile_registration_status' =>false
185
+ ) );
186
+ }
187
+ }
188
+
189
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
190
+ if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
191
+ $Mo2fdbQueries->update_user_details( $current_user, array(
192
+ 'mo2f_OTPOverSMS_config_status' =>true,
193
+ 'mo2f_user_phone' =>$phone
194
+ ) );
195
+ }else{
196
+ $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
197
+
198
+ }
199
+ // unset($_SESSION[ 'mo2f_phone']);
200
+ // if(MO2F_IS_ONPREM)
201
+ // update_user_meta($current_user,'currentMethod','OTP Over SMS'); ///current_user = current_user_id
202
+ // else
203
+ // {
204
+ $Mo2fdbQueries->update_user_details($current_user, array(
205
+ "mo2f_configured_2FA_method" => 'OTP Over SMS',
206
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
207
+ ) );
208
+ $TwoF_setup = new Two_Factor_Setup();
209
+ $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
210
+
211
+ // }
212
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
213
+
214
+ }else{ // OTP Validation failed.
215
+ $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
216
+ }
217
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
218
+ }
219
+ }
220
+
221
+ }
222
+ function mo2f_inline_send_otp(){
223
+ if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
224
+ $nonce = $_POST['miniorange_inline_verify_phone_nonce'];
225
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
226
+ $error = new WP_Error();
227
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
228
+ return $error;
229
+ } else {
230
+ global $Mo2fdbQueries;
231
+ $this->miniorange_pass2login_start_session();
232
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
233
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
234
+ $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
235
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
236
+ $customer = new Customer_Setup();
237
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
238
+ $parameters = array();
239
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
240
+
241
+ $mo2fa_login_message = '';
242
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
243
+ if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
244
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
245
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
246
+ if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
247
+ $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
248
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
249
+ }
250
+ $phone = str_replace(' ', '', $phone);
251
+ // $_SESSION['mo2f_phone'] = $phone;
252
+ update_user_meta($current_user,'mo2f_user_phone',$phone);
253
+ }
254
+ if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
255
+ $currentMethod = "SMS";
256
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
257
+ $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
258
+ $parameters = array("phone" => $phone, "email" => $email);
259
+ }else if($selected_2factor_method == 'PHONE VERIFICATION'){
260
+ $currentMethod = "PHONE_VERIFICATION";
261
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
262
+ $currentMethod = "OTP_OVER_EMAIL";
263
+ $parameters = $email;
264
+ }
265
+ if($selected_2factor_method == 'SMS AND EMAIL'){
266
+ $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
267
+ }
268
+ else if($selected_2factor_method == 'OTP OVER EMAIL'){
269
+ $content = json_decode($customer->send_otp_token($email,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
270
+ }
271
+ else{
272
+ $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
273
+
274
+ }
275
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
276
+ if($content['status'] == 'ERROR'){
277
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
278
+ }else if($content['status'] == 'SUCCESS'){
279
+ // $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
280
+ update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
281
+ if($selected_2factor_method == 'SMS'){
282
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
283
+ $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
284
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
285
+ $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
286
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
287
+ $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
288
+ }else if($selected_2factor_method== 'PHONE VERIFICATION'){
289
+ $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
290
+ }
291
+ }else if($content['status'] == 'FAILED'){
292
+ $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
293
+ }else{
294
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
295
+ }
296
+ }else{
297
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
298
+ }
299
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
300
+ }
301
+ }
302
+
303
+ }
304
+ function mo2f_inline_validate_kba(){
305
+ if(isset($_POST['mo2f_inline_save_kba_nonce'])){
306
+ $nonce = $_POST['mo2f_inline_save_kba_nonce'];
307
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
308
+ $error = new WP_Error();
309
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
310
+ return $error;
311
+ } else {
312
+ global $Mo2fdbQueries;
313
+ $this->miniorange_pass2login_start_session();
314
+ $mo2fa_login_message = '';
315
+ $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
316
+ $temp_array = array($_POST['mo2f_kbaquestion_1'],$_POST['mo2f_kbaquestion_2'],$_POST['mo2f_kbaquestion_3']);
317
+ $kba_questions = array();
318
+ foreach($temp_array as $question){
319
+ if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
320
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
321
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
322
+ }else{
323
+ $ques = sanitize_text_field($question);
324
+ $ques = addcslashes(stripslashes($ques), '"\\');
325
+ array_push($kba_questions, $ques);
326
+ }
327
+ }
328
+ if(!(array_unique($kba_questions) == $kba_questions)){
329
+ $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
330
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
331
+ }
332
+ $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
333
+ $kba_answers = array();
334
+ foreach($temp_array_ans as $answer){
335
+ if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
336
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
337
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
338
+ }else{
339
+ $ques = sanitize_text_field($answer);
340
+ $answer = strtolower($answer);
341
+ array_push($kba_answers, $answer);
342
+ }
343
+ }
344
+ $size = sizeof($kba_questions);
345
+ $kba_q_a_list = array();
346
+ for($c = 0; $c < $size; $c++){
347
+ array_push($kba_q_a_list, $kba_questions[$c]);
348
+ array_push($kba_q_a_list, $kba_answers[$c]);
349
+ }
350
+
351
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
352
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
353
+ $current_user = get_user_by('id',$user_id);
354
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
355
+
356
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
357
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
358
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
359
+ 'mo2f_SecurityQuestions_config_status' =>true,
360
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
361
+ ) );
362
+ if(!MO2F_IS_ONPREM)
363
+ {
364
+ $kba_q1 = $_POST['mo2f_kbaquestion_1'];
365
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
366
+ $kba_q2 = $_POST['mo2f_kbaquestion_2'];
367
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
368
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
369
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
370
+
371
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
372
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
373
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
374
+
375
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
376
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
377
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
378
+
379
+ $kba_registration = new Two_Factor_Setup();
380
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
381
+
382
+ if ( json_last_error() == JSON_ERROR_NONE ) {
383
+
384
+ if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
385
+ $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
386
+ }
387
+
388
+ }
389
+ }
390
+
391
+ $kba_q1 = $kba_q_a_list[0];
392
+ $kba_a1 = md5($kba_q_a_list[1]);
393
+ $kba_q2 = $kba_q_a_list[2];
394
+ $kba_a2 = md5($kba_q_a_list[3]);
395
+ $kba_q3 = $kba_q_a_list[4];
396
+ $kba_a3 = md5($kba_q_a_list[5]);
397
+ $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
398
+ update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
399
+ if(!isset($_POST['mo2f_inline_kba_status'])){
400
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
401
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
402
+ // update_user_meta($current_user->ID, 'currentMethod','Security Questions');
403
+ }
404
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
405
+ }
406
+ }
407
+ }
408
+
409
+ function mo2f_inline_validate_mobile_authentication(){
410
+ if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
411
+ $nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce'];
412
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
413
+ $error = new WP_Error();
414
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
415
+ return $error;
416
+ } else {
417
+ global $Mo2fdbQueries;
418
+ $this->miniorange_pass2login_start_session();
419
+ // unset($_SESSION[ 'mo2f-login-qrCode' ]);
420
+ // unset($_SESSION[ 'mo2f-login-transactionId' ]);
421
+ // unset($_SESSION[ 'mo2f_show_qr_code'] );
422
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
423
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
424
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
425
+ // $current_user = get_user_by('id',$user_id);
426
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
427
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
428
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
429
+ $mo2fa_login_message = '';
430
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
431
+ $enduser = new Two_Factor_Setup();
432
+ if($selected_2factor_method == 'SOFT TOKEN')
433
+ $selected_2factor_method_onprem = 'miniOrange Soft Token';
434
+ else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
435
+ $selected_2factor_method_onprem = 'miniOrange Push Notification';
436
+ else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
437
+ $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
438
+
439
+ $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
440
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
441
+ if($response['status'] == 'ERROR'){
442
+ $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
443
+ }else if($response['status'] == 'SUCCESS'){
444
+ $Mo2fdbQueries->update_user_details( $user_id, array(
445
+ 'mobile_registration_status' =>true,
446
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
447
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
448
+ 'mo2f_miniOrangePushNotification_config_status' => true,
449
+ 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
450
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
451
+ ) );
452
+ // $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
453
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
454
+ }else{
455
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
456
+ }
457
+ }else{
458
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
459
+ }
460
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
461
+ }
462
+ }
463
+
464
+ }
465
+
466
+ function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
467
+ global $Mo2fdbQueries;
468
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
469
+ $pass2fa= new Miniorange_Password_2Factor_Login();
470
+ $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
471
+ exit;
472
+ }
473
+
474
+ function mo2f_inline_get_qr_code_for_mobile($email,$id){
475
+ $registerMobile = new Two_Factor_Setup();
476
+ $content = $registerMobile->register_mobile($email);
477
+ $response = json_decode($content, true);
478
+ $message = '';
479
+ $miniorageqr=array();
480
+ if(json_last_error() == JSON_ERROR_NONE) {
481
+ if($response['status'] == 'ERROR'){
482
+ $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
483
+ delete_user_meta( $id, 'miniorageqr' );
484
+ }else{
485
+ if($response['status'] == 'IN_PROGRESS'){
486
+
487
+ $miniorageqr['message']='';
488
+ $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
489
+ $miniorageqr['mo2f-login-transactionId']=$response['txId'];
490
+ $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
491
+ update_user_meta($id,'miniorageqr',$miniorageqr);
492
+ }else{
493
+ $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
494
+ delete_user_meta( $id, 'miniorageqr' );
495
+ }
496
+ }
497
+ }
498
+ return $miniorageqr;
499
+ }
500
+
501
+ function inline_mobile_configure(){
502
+ if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
503
+ $nonce = $_POST['miniorange_inline_show_qrcode_nonce'];
504
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
505
+ $error = new WP_Error();
506
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
507
+ return $error;
508
+ } else {
509
+ global $Mo2fdbQueries;
510
+ $this->miniorange_pass2login_start_session();
511
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
512
+
513
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
514
+
515
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
516
+ $current_user = get_user_by('id',$user_id);
517
+ $mo2fa_login_message = '';
518
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
519
+ $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
520
+ if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
521
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
522
+ $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
523
+ $mo2fa_login_message=$miniorageqr['message'];
524
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
525
+ $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
526
+ }else{
527
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
528
+ }
529
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
530
+ }
531
+ }
532
+ }
533
+
534
+ function inline_validate_and_set_ga(){
535
+ if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
536
+ $nonce = $_POST['mo2f_inline_validate_ga_nonce'];
537
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
538
+ $error = new WP_Error();
539
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
540
+ return $error;
541
+ } else {
542
+ global $Mo2fdbQueries;
543
+ $this->miniorange_pass2login_start_session();
544
+ $otpToken = $_POST['google_auth_code'];
545
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
546
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
547
+ $current_user = get_user_by('id',$user_id);
548
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
549
+ $mo2f_google_auth=json_decode(get_user_meta($user_id,'mo2f_google_auth', true),true);
550
+ $mo2f_google_auth = isset($mo2f_google_auth) ?$mo2f_google_auth : null;
551
+ // $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
552
+ $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
553
+ $mo2fa_login_message = '';
554
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
555
+ if(MO2f_Utility::mo2f_check_number_length($otpToken)){
556
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
557
+ //$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user->ID);
558
+ $google_auth = new Miniorange_Rba_Attributes();
559
+ $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
560
+ if(json_last_error() == JSON_ERROR_NONE) {
561
+ if($google_response['status'] == 'SUCCESS'){
562
+ $response = $google_response;
563
+ if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
564
+ if($response['status'] == 'SUCCESS'){
565
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
566
+ 'mo2f_GoogleAuthenticator_config_status' => true,
567
+ 'mo2f_configured_2FA_method' => 'Google Authenticator',
568
+ 'mo2f_AuthyAuthenticator_config_status' => false,
569
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
570
+ ) );
571
+
572
+ if(MO2F_IS_ONPREM){
573
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
574
+ //update_user_meta($current_user->ID, 'currentMethod','Google Authenticator');
575
+ //update_user_meta($current_user->ID,'Google Authenticator',true);
576
+ $gauth_obj= new Google_auth_onpremise();
577
+ $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
578
+ }
579
+ update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
580
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
581
+ unset($_SESSION['mo2f_google_auth']);
582
+ }else{
583
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
584
+ }
585
+ }else{
586
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
587
+ }
588
+ }else{
589
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
590
+ }
591
+ }else{
592
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
593
+ }
594
+ }else{
595
+ $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
596
+ }
597
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
598
+ }
599
+ }
600
+ }
601
+
602
+ function back_to_select_2fa(){
603
+ if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
604
+ $nonce = $_POST['miniorange_inline_two_factor_setup'];
605
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
606
+ $error = new WP_Error();
607
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
608
+ return $error;
609
+ } else {
610
+ global $Mo2fdbQueries;
611
+ $this->miniorange_pass2login_start_session();
612
+ unset($_SESSION['mo2f_google_auth']);
613
+ unset($_SESSION['mo2f_authy_keys']);
614
+ unset($_SESSION['secret_ga']);
615
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
616
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
617
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
618
+ $current_user = get_user_by('id',$user_id);
619
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
620
+ $mo2fa_login_message = '';
621
+ $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
622
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
623
+ }
624
+ }
625
+ }
626
+
627
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
628
+ {
629
+ $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
630
+ if(isset($tempEmail) and $tempEmail != '')
631
+ $email = $tempEmail;
632
+ global $Mo2fdbQueries;
633
+
634
+ $enduser = new Two_Factor_Setup();
635
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
636
+ $email = get_option('mo2f_email');
637
+
638
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
639
+
640
+ if(json_last_error() == JSON_ERROR_NONE){
641
+
642
+
643
+
644
+ if($check_user['status'] == 'ERROR'){
645
+ return $check_user;
646
+
647
+ }
648
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
649
+
650
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
651
+ 'user_registration_with_miniorange' =>'SUCCESS',
652
+ 'mo2f_user_email' =>$email,
653
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
654
+ ) );
655
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
656
+
657
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
658
+ return $check_user;
659
+ }
660
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
661
+ $current_user = get_user_by('id',$current_user_id);
662
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
663
+
664
+ if(json_last_error() == JSON_ERROR_NONE) {
665
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
666
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
667
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
668
+ 'user_registration_with_miniorange' =>'SUCCESS',
669
+ 'mo2f_user_email' =>$email,
670
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
671
+ ) );
672
+
673
+ $mo2fa_login_message = '';
674
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
675
+ return $check_user;
676
+ }else{
677
+ $check_user['status']='ERROR';
678
+ $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
679
+ return $check_user;
680
+ }
681
+ }
682
+
683
+
684
+ }
685
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
686
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
687
+ $check_user['status']='ERROR';
688
+ $check_user['message']=$mo2fa_login_message;
689
+ return $check_user;
690
+ // $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
691
+ }
692
+
693
+ }
694
+ // }
695
+
696
+ }
697
+ function mo2f_skip_2fa_setup()
698
+ {
699
+ if(isset($_POST['miniorange_skip_2fa_nonce'])){
700
+ $nonce = $_POST['miniorange_skip_2fa_nonce'];
701
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
702
+ $error = new WP_Error();
703
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
704
+ return $error;
705
+ }
706
+ else{
707
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
708
+ global $Mo2fdbQueries;
709
+ $redirect_to = sanitize_text_field($_POST['redirect_to']);
710
+ $session_id_encrypt = sanitize_text_field($session_id_encrypt);
711
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
712
+
713
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
714
+
715
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
716
+ }
717
+ }
718
+ }
719
+
720
+ function save_inline_2fa_method(){
721
+ if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
722
+ $nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
723
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
724
+ $error = new WP_Error();
725
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
726
+ return $error;
727
+ } else {
728
+
729
+
730
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
731
+ global $Mo2fdbQueries;
732
+ $this->miniorange_pass2login_start_session();
733
+ $mo2fa_login_message = '';
734
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
735
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
736
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
737
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
738
+ $current_user = get_user_by('id',$user_id);
739
+ $currentUserId = $current_user->ID;
740
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
741
+ $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
742
+ if($user_registration_with_miniorange == 'SUCCESS'){
743
+ $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? $_POST['mo2f_selected_2factor_method'] : 'NONE';
744
+
745
+ if($selected_method == 'OUT OF BAND EMAIL'){
746
+ if(!MO2F_IS_ONPREM)
747
+ {
748
+ $current_user = get_userdata($currentUserId);
749
+ $email = $current_user->user_email;
750
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
751
+
752
+ if($response['status']=='ERROR') {
753
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
754
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
755
+ }
756
+ else
757
+ {
758
+ $enduser = new Two_Factor_Setup();
759
+
760
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
761
+ 'mo2f_email_verification_status' =>true,
762
+ 'mo2f_configured_2FA_method' =>'Email Verification',
763
+ 'mo2f_user_email' => $email
764
+ ) );
765
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
766
+ }
767
+ }
768
+ else
769
+ {
770
+ $enduser = new Two_Factor_Setup();
771
+
772
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
773
+ 'mo2f_email_verification_status' =>true,
774
+ 'mo2f_configured_2FA_method' =>'Email Verification',
775
+ 'mo2f_user_email' => $email
776
+ ) );
777
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
778
+ }
779
+ }else if($selected_method == 'OTP OVER EMAIL'){
780
+ $email = $current_user->user_email;
781
+ if(!MO2F_IS_ONPREM)
782
+ {
783
+ $current_user = get_userdata($currentUserId);
784
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
785
+ if($response['status']=='ERROR') {
786
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
787
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
788
+ }
789
+ else
790
+ {
791
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
792
+ if($user_email != '' and !is_null($user_email))
793
+ $email = $user_email;
794
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
795
+
796
+ }
797
+ }
798
+ else
799
+ {
800
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
801
+ }
802
+ }else if($selected_method == "GOOGLE AUTHENTICATOR"){
803
+ $this->miniorange_pass2login_start_session();
804
+ $mo2fa_login_message = '';
805
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
806
+ $google_auth = new Miniorange_Rba_Attributes();
807
+
808
+ $gauth_name= get_site_option('mo2f_google_appname');
809
+ $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
810
+
811
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
812
+
813
+ if ( MO2F_IS_ONPREM ) { //this should not be here
814
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
815
+ 'mo2f_configured_2FA_method' =>$selected_method,
816
+ ) );
817
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
818
+ $gauth_obj = new Google_auth_onpremise();
819
+
820
+ $onpremise_secret = $gauth_obj->createSecret();
821
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
822
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
823
+ $mo2f_google_auth = array();
824
+ $mo2f_google_auth['ga_qrCode'] = $url;
825
+ $mo2f_google_auth['ga_secret'] = $onpremise_secret;
826
+ $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
827
+ update_user_meta($current_user->ID,'mo2f_google_auth', json_encode($mo2f_google_auth));
828
+
829
+ }else{
830
+ $current_user = get_userdata($currentUserId);
831
+ $email = $current_user->user_email;
832
+ $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
833
+
834
+ if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
835
+ {
836
+ $email = $tempemail;
837
+ }
838
+
839
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
840
+ if($response['status']=='ERROR') {
841
+ $mo2fa_login_message=$response['message'];
842
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
843
+
844
+ }else{
845
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
846
+ 'mo2f_configured_2FA_method' =>$selected_method,
847
+ ) );
848
+ $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
849
+ if ( json_last_error() == JSON_ERROR_NONE ) {
850
+ if ( $google_response['status'] == 'SUCCESS' ) {
851
+
852
+ $mo2f_google_auth = array();
853
+ $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
854
+ $mo2f_google_auth['ga_secret'] = $google_response['secret'];
855
+ $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
856
+ update_user_meta( $current_user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
857
+
858
+ } else {
859
+ $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
860
+ }
861
+ }
862
+ }
863
+ }
864
+
865
+
866
+ }else{
867
+ //inline for others
868
+ if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
869
+ {
870
+ $current_user = get_userdata($currentUserId);
871
+ $email = $current_user->user_email;
872
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
873
+ if($response['status']=='ERROR') {
874
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
875
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
876
+ }else {
877
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
878
+ }
879
+ }else{
880
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
881
+ 'mo2f_configured_2FA_method' =>$selected_method,
882
+ ) );
883
+ }
884
+ }
885
+ }else{
886
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
887
+ }
888
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
889
+ }
890
+ }
891
+ }
892
+
893
+ function check_kba_validation($POSTED){
894
+ if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
895
+ $nonce = $POSTED['miniorange_kba_nonce'];
896
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
897
+ $error = new WP_Error();
898
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
899
+ return $error;
900
+ }else{
901
+ $this->miniorange_pass2login_start_session();
902
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
903
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
904
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
905
+ if ( isset( $user_id ) ) {
906
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
907
+ $mo2fa_login_message = 'Please provide both the answers.';
908
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
909
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
910
+ }
911
+ $otpToken = array();
912
+ $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
913
+ $otpToken[0] = $kba_questions[0]['question'];
914
+ $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
915
+ $otpToken[2] = $kba_questions[1]['question'];
916
+ $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
917
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? $_POST['mo2f_trust_device'] : 'false';
918
+ //if the php session folder has insufficient permissions, cookies to be used
919
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
920
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
921
+ $kba_validate = new Customer_Setup();
922
+ $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
923
+ global $Mo2fdbQueries;
924
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
925
+ if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
926
+ if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
927
+ try {
928
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
929
+ } catch ( Exception $e ) {
930
+ echo $e->getMessage();
931
+ }
932
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
933
+ } else {
934
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
935
+ }
936
+ } else {
937
+ $mo2fa_login_message = 'The answers you have provided are incorrect.';
938
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
939
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
940
+ }
941
+ } else {
942
+ $this->remove_current_activity($session_id_encrypt);
943
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
944
+ }
945
+ }
946
+ }
947
+ }
948
+ function check_rba_cancalation($POSTED){
949
+ $nonce = $POSTED['mo2f_trust_device_cancel_nonce'];
950
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
951
+ $error = new WP_Error();
952
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
953
+ return $error;
954
+ } else {
955
+ $this->miniorange_pass2login_start_session();
956
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
957
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
958
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
959
+ }
960
+ }
961
+ function check_rba_validation($POSTED){
962
+ $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
963
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
964
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
965
+ $this->remove_current_activity($session_id_encrypt);
966
+ $error = new WP_Error();
967
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
968
+ return $error;
969
+ } else {
970
+ $this->miniorange_pass2login_start_session();
971
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
972
+ try {
973
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
974
+ Global $Mo2fdbQueries;
975
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
976
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
977
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
978
+ } catch ( Exception $e ) {
979
+ echo $e->getMessage();
980
+ }
981
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
982
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
983
+ }
984
+ }
985
+
986
+ function miniorange2f_back_to_inline_registration($POSTED)
987
+ {
988
+ $nonce = $_POST['miniorange_back_inline_reg_nonce'];
989
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
990
+ $error = new WP_Error();
991
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
992
+ return $error;
993
+ } else {
994
+
995
+ $session_id_encrypt = sanitize_text_field($POSTED['session_id']);
996
+ $redirect_to = sanitize_text_field($POSTED['redirect_to']);
997
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
998
+ $mo2fa_login_message = '';
999
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
1000
+ }
1001
+
1002
+ }
1003
+
1004
+ function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
1005
+ $nonce = $_POST['miniorange_forgotphone'];
1006
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1007
+ $error = new WP_Error();
1008
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1009
+ return $error;
1010
+ } else {
1011
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1012
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1013
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1014
+ $mo2fa_login_message = '';
1015
+ $this->miniorange_pass2login_start_session();
1016
+ $customer = new Customer_Setup();
1017
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1018
+ Global $Mo2fdbQueries;
1019
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1020
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1021
+ if ( $kba_configuration_status ) {
1022
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1023
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1024
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1025
+ } else {
1026
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1027
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1028
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1029
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1030
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1031
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1032
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1033
+ //if the php session folder has insufficient permissions, cookies to be used
1034
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1035
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1036
+ $this->mo2f_transactionid=$content['txId'];
1037
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1038
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1039
+ } else {
1040
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1041
+ }
1042
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1043
+ }
1044
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1045
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1046
+ }
1047
+ }
1048
+ function check_miniorange_alternate_login_kba($POSTED){
1049
+ $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1050
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1051
+ $error = new WP_Error();
1052
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1053
+ return $error;
1054
+ } else {
1055
+ $this->miniorange_pass2login_start_session();
1056
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1057
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1058
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1059
+ $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1060
+ }
1061
+ }
1062
+ function check_miniorange_mobile_validation($POSTED){
1063
+ /*check mobile validation */
1064
+
1065
+ $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1066
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1067
+ $error = new WP_Error();
1068
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1069
+ return $error;
1070
+ } else {
1071
+ if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1072
+ {
1073
+ $txid = $POSTED['TxidEmail'];
1074
+ $status = get_option($txid);
1075
+ if($status != '')
1076
+ {
1077
+ if($status != 1)
1078
+ {
1079
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1080
+ }
1081
+ }
1082
+ }
1083
+ $this->miniorange_pass2login_start_session();
1084
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1085
+ //if the php session folder has insufficient permissions, cookies to be used
1086
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1087
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1088
+ $checkMobileStatus = new Two_Factor_Setup();
1089
+ $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1090
+ $response = json_decode( $content, true );
1091
+ if(MO2F_IS_ONPREM)
1092
+ {
1093
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1094
+ }
1095
+ if ( json_last_error() == JSON_ERROR_NONE ) {
1096
+ if ( $response['status'] == 'SUCCESS' ) {
1097
+ if ( get_option( 'mo2f_remember_device' ) ) {
1098
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1099
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1100
+ } else {
1101
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1102
+ }
1103
+ } else {
1104
+ $this->remove_current_activity($session_id_encrypt);
1105
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1106
+ }
1107
+ } else {
1108
+ $this->remove_current_activity($session_id_encrypt);
1109
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1110
+ }
1111
+ }
1112
+ }
1113
+ function check_miniorange_mobile_validation_failed($POSTED){
1114
+ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1115
+ $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1116
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1117
+ $error = new WP_Error();
1118
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1119
+ return $error;
1120
+ } else {
1121
+ $this->miniorange_pass2login_start_session();
1122
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1123
+ $this->remove_current_activity($session_id_encrypt);
1124
+
1125
+ }
1126
+ }
1127
+ function check_miniorange_forgotphone($POSTED){
1128
+ $nonce = $POSTED['miniorange_forgotphone'];
1129
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1130
+ $error = new WP_Error();
1131
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1132
+ return $error;
1133
+ } else {
1134
+ global $Mo2fdbQueries;
1135
+ $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1136
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1137
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1138
+ $mo2fa_login_message = '';
1139
+ $this->miniorange_pass2login_start_session();
1140
+ $customer = new Customer_Setup();
1141
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1142
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1143
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1144
+ if ( $kba_configuration_status ) {
1145
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1146
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1147
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1148
+ } else {
1149
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1150
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1151
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1152
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1153
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1154
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1155
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1156
+ //if the php session folder has insufficient permissions, cookies to be used
1157
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1158
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1159
+ $this->mo2f_transactionid=$content['txId'];
1160
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1161
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1162
+ } else {
1163
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1164
+ }
1165
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1166
+ }
1167
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1168
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1169
+ }
1170
+ }
1171
+ function check_miniorange_softtoken($POSTED){
1172
+ /*Click on the link of phone is offline */
1173
+ $nonce = $POSTED['miniorange_softtoken'];
1174
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1175
+ $error = new WP_Error();
1176
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1177
+ return $error;
1178
+ } else {
1179
+ $this->miniorange_pass2login_start_session();
1180
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1181
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1182
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1183
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1184
+ MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1185
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1186
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1187
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1188
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1189
+ }
1190
+ }
1191
+ function check_miniorange_soft_token($POSTED){
1192
+ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1193
+ $nonce = $_POST['miniorange_soft_token_nonce'];
1194
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1195
+ $error = new WP_Error();
1196
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1197
+ return $error;
1198
+ }else {
1199
+ $this->miniorange_pass2login_start_session();
1200
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1201
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1202
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1203
+ $softtoken = '';
1204
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1205
+ $attempts = get_option('mo2f_attempts_before_redirect', 3);
1206
+ if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1207
+ if($attempts>1 || $attempts=='disabled')
1208
+ {
1209
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1210
+ $mo2fa_login_message = 'Please enter OTP to proceed.';
1211
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1212
+ }else{
1213
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1214
+ $this->remove_current_activity($session_id_encrypt);
1215
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1216
+ }
1217
+ } else {
1218
+ $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1219
+ if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1220
+ if($attempts>1|| $attempts=='disabled')
1221
+ {
1222
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1223
+ $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1224
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1225
+ }else{
1226
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1227
+ $this->remove_current_activity($session_id_encrypt);
1228
+ update_option('mo2f_attempts_before_redirect', 3);
1229
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1230
+ $data = array('reload' => "reload", );
1231
+ wp_send_json_success($data);
1232
+ }
1233
+ else
1234
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1235
+ }
1236
+ }
1237
+ }
1238
+
1239
+ global $Mo2fdbQueries;
1240
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1241
+ if ( isset( $user_id ) ) {
1242
+ $customer = new Customer_Setup();
1243
+ $content = '';
1244
+ $current_user = get_userdata($user_id);
1245
+ //if the php session folder has insufficient permissions, cookies to be used
1246
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1247
+
1248
+ if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1249
+ $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1250
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1251
+ $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1252
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1253
+ $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1254
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1255
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1256
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1257
+ $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1258
+ } else {
1259
+ $this->remove_current_activity($session_id_encrypt);
1260
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1261
+ }
1262
+
1263
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1264
+ update_option('mo2f_attempts_before_redirect', 3);
1265
+ if ( get_option( 'mo2f_remember_device' ) ) {
1266
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1267
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1268
+ } else {
1269
+ if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1270
+ {
1271
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1272
+ $enduser = new Two_Factor_Setup();
1273
+
1274
+ $enduser->mo2f_update_userinfo( $user_email, 'OTP Over Email', null, null, null );
1275
+
1276
+ }
1277
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1278
+ }
1279
+ } else {
1280
+ if($attempts>1 || $attempts=='disabled')
1281
+ {
1282
+ update_option('mo2f_attempts_before_redirect', $attempts-1);
1283
+ $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1284
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1285
+ }else{
1286
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1287
+ $this->remove_current_activity($session_id_encrypt);
1288
+ update_option('mo2f_attempts_before_redirect', 3);
1289
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1290
+ $data = array('reload' => "reload", );
1291
+ wp_send_json_success($data);
1292
+ }
1293
+ else
1294
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1295
+ }
1296
+ }
1297
+ } else {
1298
+ $this->remove_current_activity($session_id_encrypt);
1299
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1300
+ }
1301
+ }
1302
+ }
1303
+ function check_miniorange_attribute_collection($POSTED){
1304
+ $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1305
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1306
+ $error = new WP_Error();
1307
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1308
+ return $error;
1309
+ } else {
1310
+ $this->miniorange_pass2login_start_session();
1311
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1312
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1313
+ $currentuser = get_user_by( 'id', $user_id );
1314
+ $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1315
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1316
+ $session_id = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1317
+ $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1318
+ }
1319
+ }
1320
+ function check_miniorange_inline_skip_registration($POSTED){
1321
+ $error = new WP_Error();
1322
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1323
+ }
1324
+ function miniorange_pass2login_redirect() {
1325
+ do_action('mo2f_network_init');
1326
+ global $Mo2fdbQueries;
1327
+
1328
+ if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
1329
+ if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1330
+ $nonce = $_POST['miniorange_login_nonce'];
1331
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1332
+
1333
+ if(is_null($session_id)) {
1334
+ $session_id=$this->create_session();
1335
+ }
1336
+
1337
+
1338
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1339
+ $this->remove_current_activity($session_id);
1340
+ $error = new WP_Error();
1341
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1342
+ return $error;
1343
+ } else {
1344
+ $this->miniorange_pass2login_start_session();
1345
+ $mobile_login = new Miniorange_Mobile_Login();
1346
+ //validation and sanitization
1347
+ $username = '';
1348
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
1349
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1350
+ $mobile_login->mo_auth_show_error_message();
1351
+ return;
1352
+ } else {
1353
+ $username = sanitize_text_field( $_POST['mo2fa_username'] );
1354
+ }
1355
+ if ( username_exists( $username ) ) { /*if username exists in wp site */
1356
+ $user = new WP_User( $username );
1357
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
1358
+ MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
1359
+ MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
1360
+ $this->mo2f_userId=$user->ID;
1361
+ $this->fstfactor='VALIDATE_SUCCESS';
1362
+ $current_roles = miniorange_get_user_role( $user );
1363
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1364
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1365
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1366
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1367
+
1368
+ if(MO2F_IS_ONPREM )
1369
+ {
1370
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1371
+
1372
+ }
1373
+ if ( $mo2f_configured_2FA_method ) {
1374
+ if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
1375
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
1376
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1377
+ } else {
1378
+ $mo2f_second_factor = '';
1379
+
1380
+ if(MO2F_IS_ONPREM)
1381
+ {
1382
+ global $Mo2fdbQueries;
1383
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1384
+ if($mo2f_second_factor == 'Security Questions')
1385
+ {
1386
+ $mo2f_second_factor = 'KBA';
1387
+ }
1388
+ else if($mo2f_second_factor == 'Google Authenticator')
1389
+ {
1390
+ $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
1391
+ }
1392
+ else if($mo2f_second_factor != 'Email Verification')
1393
+ $mo2f_second_factor = 'NONE';
1394
+ }else{
1395
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
1396
+ }
1397
+
1398
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
1399
+ $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
1400
+ } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
1401
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1402
+ }
1403
+ else if($mo2f_second_factor == 'Email Verification'){
1404
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1405
+ }
1406
+ else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
1407
+ $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1408
+ } else if ( $mo2f_second_factor == 'KBA' ) {
1409
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1410
+ } else {
1411
+ $this->remove_current_activity($session_id);
1412
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
1413
+ $mobile_login->mo_auth_show_success_message();
1414
+ }
1415
+ }
1416
+ } else {
1417
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
1418
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1419
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1420
+ $mobile_login->mo2f_redirectto_wp_login();
1421
+ }
1422
+ } else {
1423
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
1424
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1425
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1426
+ $mobile_login->mo2f_redirectto_wp_login();
1427
+ }
1428
+ } else {
1429
+ $mobile_login->remove_current_activity($session_id);
1430
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
1431
+ $mobile_login->mo_auth_show_error_message('Invalid Username.');
1432
+ }
1433
+ }
1434
+ }
1435
+
1436
+ }
1437
+ if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
1438
+ {
1439
+ $userIDGet = sanitize_text_field($_GET['userID']);
1440
+ $txIdGet = sanitize_text_field($_GET['Txid']);
1441
+ $otpToken = get_site_option($userIDGet);
1442
+ $txidstatus = get_site_option($txIdGet);
1443
+ $userIDd = $userIDGet.'D';
1444
+ $otpTokenD = get_site_option($userIDd);
1445
+ $mo2f_dirName = dirname(__FILE__);
1446
+ $mo2f_dirName = explode('wp-content', $mo2f_dirName);
1447
+ $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
1448
+
1449
+ $head = "You are not authorized to perform this action";
1450
+ $body = "Please contact to your admin";
1451
+ $color = "red";
1452
+ if(3 == $txidstatus)
1453
+ {
1454
+ $time = "time".$txIdGet;
1455
+ $currentTimeInMillis = round(microtime(true) * 1000);
1456
+ $generatedTimeINMillis = get_site_option($time);
1457
+ $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
1458
+ if($difference <= 300)
1459
+ {
1460
+ $accessTokenGet = sanitize_text_field($_GET['accessToken']);
1461
+ if( $accessTokenGet == $otpToken)
1462
+ {
1463
+ update_site_option($txIdGet,1);
1464
+ $body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
1465
+ $head = "TRANSACTION SUCCESSFUL";
1466
+ $color = "green";
1467
+ }
1468
+ else if($accessTokenGet==$otpTokenD)
1469
+ {
1470
+ update_site_option($txIdGet,0);
1471
+ $body = "Transaction has been Canceled.<br><br>Please Try Again.";
1472
+ $head = "TRANSACTION DENIED";
1473
+ }
1474
+ }
1475
+ delete_site_option($userIDGet);
1476
+ delete_site_option($userIDd);
1477
+ delete_site_option($time);
1478
+
1479
+ }
1480
+
1481
+ $this->display_email_verification($head,$body,$color);
1482
+ exit;
1483
+
1484
+ }
1485
+ elseif (isset($_POST['emailInlineCloud'])) {
1486
+ $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
1487
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
1488
+ $error = new WP_Error();
1489
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1490
+ return $error;
1491
+ } else {
1492
+ $email = sanitize_text_field($_POST['emailInlineCloud']);
1493
+ $current_user_id = sanitize_text_field($_POST['current_user_id']);
1494
+ //$session_id = sanitize_text_field($_POST['session_id']);
1495
+ if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
1496
+ global $Mo2fdbQueries;
1497
+ $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
1498
+ prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','','','',null);
1499
+ }
1500
+ }
1501
+ }
1502
+ else if(isset($_POST['txid']))
1503
+ {
1504
+ $txidpost = sanitize_text_field($_POST['txid']);
1505
+ $status = get_site_option($txidpost);
1506
+ update_option('optionVal1',$status); //??
1507
+ if($status ==1 || $status ==0)
1508
+ delete_site_option($txidpost);
1509
+ echo $status;
1510
+ exit();
1511
+ }
1512
+
1513
+
1514
+
1515
+ else{
1516
+
1517
+ $value=isset($_POST['option'])?$_POST['option']:false;
1518
+
1519
+ switch ($value) {
1520
+ case 'miniorange_rba_validate':
1521
+ $this->check_rba_validation($_POST);
1522
+ break;
1523
+
1524
+ case 'miniorange_rba_cancle':
1525
+
1526
+ $this->check_rba_cancalation($_POST);
1527
+ break;
1528
+
1529
+ case 'miniorange_forgotphone':
1530
+ $this->check_miniorange_challenge_forgotphone($_POST);
1531
+ break;
1532
+
1533
+ case 'miniorange2f_back_to_inline_registration':
1534
+ $this->miniorange2f_back_to_inline_registration($_POST);
1535
+ exit;
1536
+
1537
+ case 'miniorange_alternate_login_kba':
1538
+
1539
+ $this->check_miniorange_alternate_login_kba($_POST);
1540
+ break;
1541
+
1542
+ case 'miniorange_kba_validate':
1543
+ $this->check_kba_validation($_POST);
1544
+
1545
+ break;
1546
+
1547
+ case 'miniorange_mobile_validation':
1548
+ $this->check_miniorange_mobile_validation($_POST);
1549
+ break;
1550
+
1551
+ case 'miniorange_mobile_validation_failed':
1552
+ $this->check_miniorange_mobile_validation_failed($_POST);
1553
+ break;
1554
+
1555
+ case 'miniorange_softtoken':
1556
+ $this->check_miniorange_softtoken($_POST);
1557
+
1558
+ break;
1559
+
1560
+
1561
+ case 'miniorange_soft_token':
1562
+
1563
+ $this->check_miniorange_soft_token($_POST);
1564
+ break;
1565
+
1566
+ case 'miniorange_inline_skip_registration':
1567
+ $this->check_miniorange_inline_skip_registration($_POST);
1568
+ break;
1569
+
1570
+ case 'miniorange_attribute_collection':
1571
+ $this->check_miniorange_attribute_collection($_POST);
1572
+ break;
1573
+
1574
+ case 'miniorange_inline_save_2factor_method':
1575
+ $this->save_inline_2fa_method();
1576
+ break;
1577
+
1578
+ case 'mo2f_skip_2fa_setup':
1579
+ $this->mo2f_skip_2fa_setup();
1580
+ break;
1581
+
1582
+ case 'miniorange_back_inline':
1583
+ $this->back_to_select_2fa();
1584
+ break;
1585
+
1586
+ case 'miniorange_inline_ga_validate':
1587
+ $this->inline_validate_and_set_ga();
1588
+ break;
1589
+
1590
+ case 'miniorange_inline_show_mobile_config':
1591
+ $this->inline_mobile_configure();
1592
+ break;
1593
+
1594
+ case 'miniorange_inline_complete_mobile':
1595
+ $this->mo2f_inline_validate_mobile_authentication();
1596
+ break;
1597
+
1598
+ case 'mo2f_inline_kba_option':
1599
+ $this->mo2f_inline_validate_kba();
1600
+ break;
1601
+
1602
+ case 'miniorange_inline_complete_otp_over_sms':
1603
+ $this->mo2f_inline_send_otp();
1604
+ break;
1605
+
1606
+ case 'miniorange_inline_complete_otp':
1607
+ $this->mo2f_inline_validate_otp();
1608
+ break;
1609
+
1610
+ case 'miniorange_inline_login':
1611
+ $this->mo2f_inline_login();
1612
+ break;
1613
+ case 'miniorange_inline_register':
1614
+ $this->mo2f_inline_register();
1615
+ break;
1616
+ default:
1617
+ $error = new WP_Error();
1618
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1619
+
1620
+ return $error;
1621
+ break;
1622
+
1623
+
1624
+ }
1625
+ }
1626
+ }
1627
+
1628
+ function deniedMessage($message)
1629
+ {
1630
+ if(empty($message) && get_option("deniedMessage") )
1631
+ {
1632
+ delete_option('deniedMessage');
1633
+ }
1634
+ else
1635
+ return $message;
1636
+ }
1637
+ function remove_current_activity($session_id) {
1638
+ global $Mo2fdbQueries;
1639
+ $session_variables = array(
1640
+ 'mo2f_current_user_id',
1641
+ 'mo2f_1stfactor_status',
1642
+ 'mo_2factor_login_status',
1643
+ 'mo2f-login-qrCode',
1644
+ 'mo2f_transactionId',
1645
+ 'mo2f_login_message',
1646
+ 'mo2f_rba_status',
1647
+ 'mo_2_factor_kba_questions',
1648
+ 'mo2f_show_qr_code',
1649
+ 'mo2f_google_auth',
1650
+ 'mo2f_authy_keys'
1651
+ );
1652
+
1653
+ $cookie_variables = array(
1654
+ 'mo2f_current_user_id',
1655
+ 'mo2f_1stfactor_status',
1656
+ 'mo_2factor_login_status',
1657
+ 'mo2f-login-qrCode',
1658
+ 'mo2f_transactionId',
1659
+ 'mo2f_login_message',
1660
+ 'mo2f_rba_status_status',
1661
+ 'mo2f_rba_status_sessionUuid',
1662
+ 'mo2f_rba_status_decision_flag',
1663
+ 'kba_question1',
1664
+ 'kba_question2',
1665
+ 'mo2f_show_qr_code',
1666
+ 'mo2f_google_auth',
1667
+ 'mo2f_authy_keys'
1668
+ );
1669
+
1670
+ $temp_table_variables = array(
1671
+ 'session_id',
1672
+ 'mo2f_current_user_id',
1673
+ 'mo2f_login_message',
1674
+ 'mo2f_1stfactor_status',
1675
+ 'mo2f_transactionId',
1676
+ 'mo_2_factor_kba_questions',
1677
+ 'mo2f_rba_status',
1678
+ 'ts_created'
1679
+ );
1680
+
1681
+ MO2f_Utility::unset_session_variables( $session_variables );
1682
+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
1683
+ $key = get_option( 'mo2f_encryption_key' );
1684
+ $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
1685
+ $Mo2fdbQueries->save_user_login_details( $session_id, array(
1686
+
1687
+ 'mo2f_current_user_id' => '',
1688
+ 'mo2f_login_message' => '',
1689
+ 'mo2f_1stfactor_status' => '',
1690
+ 'mo2f_transactionId' => '',
1691
+ 'mo_2_factor_kba_questions' => '',
1692
+ 'mo2f_rba_status' => '',
1693
+ 'ts_created' => ''
1694
+ ) );
1695
+
1696
+
1697
+ }
1698
+
1699
+ public function miniorange_pass2login_start_session() {
1700
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1701
+ $session_path = ini_get('session.save_path');
1702
+ if( is_writable($session_path) && is_readable($session_path) ) {
1703
+ session_start();
1704
+ }
1705
+ }
1706
+ }
1707
+
1708
+ function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
1709
+ global $Mo2fdbQueries,$LoginuserID;
1710
+ $LoginuserID = $user_id;
1711
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1712
+ if(is_null($session_id)) {
1713
+ $session_id=$this->create_session();
1714
+ }
1715
+ if(MO2F_IS_ONPREM){
1716
+ $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
1717
+ $challenge_questions = array_keys($question_answers);
1718
+ $random_keys = array_rand($challenge_questions,2);
1719
+ $challenge_ques1 = $challenge_questions[$random_keys[0]];
1720
+ $challenge_ques2 = $challenge_questions[$random_keys[1]];
1721
+ $questions[0] = array('question'=>$challenge_ques1);
1722
+ $questions[1] = array('question'=>$challenge_ques2);
1723
+ update_user_meta( $user_id, 'kba_questions_user', $questions );
1724
+ $mo2fa_login_message = 'Please answer the following questions:';
1725
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1726
+ $mo2f_kbaquestions = $questions;
1727
+ MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1728
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1729
+ }
1730
+
1731
+ else{
1732
+ $challengeKba = new Customer_Setup();
1733
+ $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1734
+ $response = json_decode( $content, true );
1735
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1736
+ if ( $response['status'] == 'SUCCESS' ) {
1737
+ MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
1738
+ $this->mo2f_transactionid = $response['txId'];
1739
+ $questions = array();
1740
+ $questions[0] = $response['questions'][0];
1741
+ $questions[1] = $response['questions'][1];
1742
+ MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1743
+ $this->mo2f_kbaquestions=$questions;
1744
+ $mo2fa_login_message = 'Please answer the following questions:';
1745
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1746
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1747
+ } else if ( $response['status'] == 'ERROR' ) {
1748
+ $this->remove_current_activity($session_id);
1749
+ $error = new WP_Error();
1750
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1751
+
1752
+ return $error;
1753
+ }
1754
+ } else {
1755
+ $this->remove_current_activity($session_id);
1756
+ $error = new WP_Error();
1757
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1758
+
1759
+ return $error;
1760
+ }
1761
+ }
1762
+ }
1763
+
1764
+ function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt,$show_back_button =null ) {
1765
+
1766
+ $login_status = $mo2fa_login_status;
1767
+ $login_message = $mo2fa_login_message;
1768
+ switch ($login_status) {
1769
+ case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
1770
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1771
+ mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
1772
+ exit;
1773
+ break;
1774
+ case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
1775
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1776
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1777
+ exit;
1778
+ break;
1779
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
1780
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1781
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button );
1782
+ exit;
1783
+ break;
1784
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
1785
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1786
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1787
+ exit;
1788
+ break;
1789
+ case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
1790
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1791
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1792
+ exit;
1793
+ break;
1794
+ case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
1795
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1796
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1797
+ exit;
1798
+ break;
1799
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
1800
+ mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
1801
+ exit;
1802
+ break;
1803
+
1804
+ case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
1805
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1806
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1807
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1808
+ exit;
1809
+ break;
1810
+
1811
+ case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
1812
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1813
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1814
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1815
+ exit;
1816
+ break;
1817
+
1818
+ case 'MO_2_FACTOR_RECONFIG_GOOGLE':
1819
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1820
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
1821
+ exit;
1822
+ break;
1823
+
1824
+ case 'MO_2_FACTOR_RECONFIG_KBA':
1825
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1826
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
1827
+ exit;
1828
+ break;
1829
+
1830
+ case 'MO_2_FACTOR_SETUP_SUCCESS':
1831
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1832
+ $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
1833
+ break;
1834
+
1835
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
1836
+ $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
1837
+ if(MO2F_IS_ONPREM){
1838
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1839
+ $ques = get_user_meta( $user_id, 'kba_questions_user');
1840
+ mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
1841
+ }
1842
+ else{
1843
+ mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
1844
+ }
1845
+ exit;
1846
+ break;
1847
+
1848
+ case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
1849
+ mo2f_get_device_form( $redirect_to, $session_id_encrypt );
1850
+ exit;
1851
+ break;
1852
+
1853
+ case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
1854
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1855
+ prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
1856
+ exit;
1857
+ break;
1858
+
1859
+ default:
1860
+ $this->mo_2_factor_pass2login_show_wp_login_form();
1861
+ if(MO2F_IS_ONPREM){
1862
+ $this->mo_2_factor_pass2login_show_wp_login_form();
1863
+ }
1864
+ break;
1865
+ }
1866
+ }
1867
+
1868
+ function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
1869
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
1870
+ return true;
1871
+ }
1872
+
1873
+ return false;
1874
+ }
1875
+
1876
+ function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
1877
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1878
+ return true;
1879
+ }
1880
+
1881
+ return false;
1882
+ }
1883
+
1884
+ function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
1885
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
1886
+ return true;
1887
+ }
1888
+
1889
+ return false;
1890
+ }
1891
+
1892
+ function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
1893
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
1894
+ return true;
1895
+ }
1896
+
1897
+ return false;
1898
+ }
1899
+
1900
+ function miniorange_pass2login_reconfig_google( $login_status ) {
1901
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
1902
+ return true;
1903
+ }
1904
+
1905
+ return false;
1906
+ }
1907
+
1908
+ function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
1909
+
1910
+ do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
1911
+
1912
+
1913
+ }
1914
+
1915
+ function miniorange_pass2login_reconfig_kba( $login_status ) {
1916
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
1917
+ return true;
1918
+ }
1919
+
1920
+ return false;
1921
+ }
1922
+
1923
+ function miniorange_pass2login_check_kba_status( $login_status ) {
1924
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
1925
+ return true;
1926
+ }
1927
+
1928
+ return false;
1929
+ }
1930
+
1931
+ function miniorange_pass2login_check_trusted_device_status( $login_status ) {
1932
+
1933
+ if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
1934
+ return true;
1935
+ }
1936
+
1937
+ return false;
1938
+ }
1939
+
1940
+ function mo_2_factor_pass2login_woocommerce(){
1941
+ ?>
1942
+ <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
1943
+ <?php
1944
+ }
1945
+ function mo_2_factor_pass2login_show_wp_login_form() {
1946
+
1947
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
1948
+ if(is_null($session_id_encrypt)) {
1949
+ $session_id_encrypt=$this->create_session();
1950
+ }
1951
+ wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
1952
+ wp_localize_script( 'tmlajax_script', 'my_ajax_object',
1953
+ array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
1954
+ ?>
1955
+ <p><input type="hidden" name="miniorange_login_nonce"
1956
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
1957
+
1958
+ <input type="hidden" id="sessid" name="session_id"
1959
+ value="<?php echo $session_id_encrypt; ?>"/>
1960
+
1961
+ </p>
1962
+
1963
+ <?php
1964
+ if ( get_option( 'mo2f_remember_device' ) ) {
1965
+ ?>
1966
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
1967
+ <?php
1968
+ wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
1969
+ wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
1970
+ wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
1971
+ wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
1972
+ wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
1973
+ wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
1974
+ wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
1975
+ wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
1976
+ wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
1977
+ }else{
1978
+
1979
+
1980
+ if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option'))
1981
+ {
1982
+ echo "\t<p>\n";
1983
+ echo "\t\t<label class=\"mo2f_instuction1\" title=\"".__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('2 Factor Authentication code*','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
1984
+ echo "\t\t<input type=\"text\" placeholder=\"No soft Token ? Skip\" name=\"mo_softtoken\" id=\"mo2f_2fa_code\" class=\"mo2f_2fa_code\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
1985
+ echo "\t<p class=\"mo2f_instuction2\" style='color:red; font-size:12px;padding:5px'>* Skip the authentication code if it doesn't apply.</p>\n";
1986
+ echo "\t</p>\n";
1987
+ echo " \r\n";
1988
+ echo " \r\n";
1989
+ echo "\n";
1990
+ }
1991
+ }
1992
+
1993
+ }
1994
+
1995
+ function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
1996
+ global $Mo2fdbQueries;
1997
+ if (is_null($session_id_encrypt)){
1998
+ $session_id_encrypt=$this->create_session();
1999
+ }
2000
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2001
+ $useragent = $_SERVER['HTTP_USER_AGENT'];
2002
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
2003
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
2004
+
2005
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
2006
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
2007
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
2008
+
2009
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2010
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2011
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
2012
+ } else {
2013
+ $challengeMobile = new Customer_Setup();
2014
+ $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2015
+ $response = json_decode( $content, true );
2016
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2017
+ if ( $response['status'] == 'SUCCESS' ) {
2018
+ $qrCode = $response['qrCode'];
2019
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
2020
+ $this->mo2f_transactionid=$response['txId'];
2021
+ $mo2fa_login_message = '';
2022
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
2023
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
2024
+ } else if ( $response['status'] == 'ERROR' ) {
2025
+ $this->remove_current_activity($session_id_encrypt);
2026
+ $error = new WP_Error();
2027
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2028
+
2029
+ return $error;
2030
+ }
2031
+ } else {
2032
+ $this->remove_current_activity($session_id_encrypt);
2033
+ $error = new WP_Error();
2034
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2035
+
2036
+ return $error;
2037
+ }
2038
+ }
2039
+
2040
+ }
2041
+
2042
+ function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2043
+
2044
+ global $Mo2fdbQueries;
2045
+ if(is_null($session_id)){
2046
+ $session_id=$this->create_session();
2047
+ }
2048
+ $challengeMobile = new Customer_Setup();
2049
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2050
+ if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2051
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2052
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2053
+ $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2054
+
2055
+ }else {
2056
+ $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2057
+ }
2058
+ $response = json_decode( $content, true );
2059
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2060
+ if ( $response['status'] == 'SUCCESS' ) {
2061
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2062
+ $this->mo2f_transactionid=$response['txId'];
2063
+
2064
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2065
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2066
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2067
+ } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2068
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2069
+ $this->mo2f_transactionid=$response['txId'];
2070
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2071
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2072
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2073
+ }
2074
+ } else {
2075
+ $this->remove_current_activity($session_id);
2076
+ $error = new WP_Error();
2077
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2078
+
2079
+ return $error;
2080
+ }
2081
+ }
2082
+
2083
+ function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2084
+ global $Mo2fdbQueries;
2085
+ if(is_null($session_id)){
2086
+ $session_id=$this->create_session();
2087
+ }
2088
+ $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2089
+ if($mo2f_second_factor == 'EMAIL')
2090
+ {
2091
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2092
+ $wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
2093
+ if($wdewdeqdqq >30 or get_site_option(base64_encode("limitReached")))
2094
+ {
2095
+ update_site_option(base64_encode("remainingOTP"),0);
2096
+ }
2097
+ }
2098
+ else
2099
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2100
+ if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2101
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2102
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2103
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2104
+ } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2105
+ $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2106
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2107
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2108
+ } else {
2109
+ $challengeMobile = new Customer_Setup();
2110
+ $content = '';
2111
+ $response = [];
2112
+ $otpLIMiTE = 0;
2113
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
2114
+ {
2115
+ if($mo2f_second_factor == 'OTP Over SMS')
2116
+ $mo2f_second_factor = 'SMS';
2117
+ $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2118
+ $response = json_decode( $content, true );
2119
+
2120
+ }
2121
+ else
2122
+ {
2123
+ $response['status'] = 'FAILED';
2124
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2125
+ $otpLIMiTE = 1;
2126
+ }
2127
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2128
+ if ( $response['status'] == 'SUCCESS' ) {
2129
+ if($mo2f_second_factor == 'EMAIL')
2130
+ {
2131
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2132
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2133
+ }
2134
+ elseif($mo2f_second_factor == 'SMS')
2135
+ {
2136
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2137
+ }
2138
+ if(!isset($response['phoneDelivery']['contact']))
2139
+ $response['phoneDelivery']['contact'] = '';
2140
+ $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2141
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2142
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2143
+ $this->mo2f_transactionid=$response['txId'];
2144
+ $mo2fa_login_message = $message;
2145
+ $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2146
+
2147
+ if($currentMethod == 'OTP Over Email')
2148
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2149
+ else
2150
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2151
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2152
+ } else {
2153
+
2154
+
2155
+ if($response['message'] == 'TEST FAILED.')
2156
+ $response['message'] = 'There is an error in sending the OTP.';
2157
+
2158
+ $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
2159
+
2160
+ if($otpLIMiTE ==1)
2161
+ $last_message = 'or contact miniOrange';
2162
+
2163
+ else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
2164
+ $last_message = 'Or check your SMTP Server and remaining transacions.';
2165
+ else
2166
+ $last_message = 'Or check your remaining transacions';
2167
+
2168
+ $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
2169
+ if(!isset($response['txId']))
2170
+ $response['txId'] = '';
2171
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2172
+ $this->mo2f_transactionid=$response['txId'];
2173
+ $mo2fa_login_message = $message;
2174
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2175
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2176
+ }
2177
+ } else {
2178
+ $this->remove_current_activity($session_id);
2179
+ $error = new WP_Error();
2180
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2181
+ return $error;
2182
+ }
2183
+ }
2184
+ }
2185
+
2186
+ function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
2187
+ if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
2188
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
2189
+ $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
2190
+ } else {
2191
+ $user_id=$this->mo2f_userID;
2192
+ $mo2f_1stfactor_status=$this->fstfactor;
2193
+ }
2194
+ if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
2195
+ $currentuser = get_user_by( 'id', $user_id );
2196
+ wp_set_current_user( $user_id, $currentuser->user_login );
2197
+ $mobile_login = new Miniorange_Mobile_Login();
2198
+ $mobile_login->remove_current_activity($session_id_encrypted);
2199
+ wp_set_auth_cookie( $user_id, true );
2200
+ do_action( 'wp_login', $currentuser->user_login, $currentuser );
2201
+ redirect_user_to( $currentuser, $redirect_to );
2202
+ exit;
2203
+ } else {
2204
+ $this->remove_current_activity($session_id_encrypted);
2205
+ }
2206
+ }
2207
+
2208
+ function create_session(){
2209
+ global $Mo2fdbQueries;
2210
+ $session_id = MO2f_Utility::random_str(20);
2211
+ $Mo2fdbQueries->insert_user_login_session($session_id);
2212
+ $key = get_option( 'mo2f_encryption_key' );
2213
+ $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
2214
+ return $session_id_encrypt;
2215
+ }
2216
+
2217
+ function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
2218
+
2219
+ global $Mo2fdbQueries;
2220
+ $this->miniorange_pass2login_start_session();
2221
+ if(is_null($session_id_encrypt)) {
2222
+ $session_id_encrypt=$this->create_session();
2223
+ }
2224
+
2225
+ if(class_exists('UM_Functions'))
2226
+ {
2227
+ if(!isset($_POST['wp-submit']) and isset($_POST['um_request']))
2228
+ {
2229
+ $meta = get_option('um_role_'.$currentuser->roles[0].'_meta');
2230
+ if(isset($meta) and $meta != '')
2231
+ {
2232
+ if(isset($meta['_um_login_redirect_url']))
2233
+ $redirect_to = $meta['_um_login_redirect_url'];
2234
+ if($redirect_to == '')
2235
+ {
2236
+ $redirect_to = get_site_url();
2237
+ }
2238
+ }
2239
+ $login_form_url = '';
2240
+ if(isset($_POST['redirect_to']))
2241
+ $login_form_url = sanitize_text_field($_POST['redirect_to']);
2242
+
2243
+ if($login_form_url != '' and !is_null($login_form_url))
2244
+ {
2245
+ $redirect_to = $login_form_url;
2246
+ }
2247
+
2248
+ }
2249
+
2250
+ }
2251
+ MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
2252
+ MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
2253
+
2254
+ $this->mo2f_userID=$currentuser->ID;
2255
+ $this->fstfactor='VALIDATE_SUCCESS';
2256
+
2257
+ $is_customer_admin = true;
2258
+
2259
+ $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
2260
+ if($dG90YWxVc2Vyc0Nsb3Vk<3)
2261
+ $is_customer_admin = true;
2262
+
2263
+ $roles = ( array ) $currentuser->roles;
2264
+ $twofactor_enabled = 0;
2265
+ foreach ( $roles as $role ) {
2266
+ if(get_option('mo2fa_'.$role)=='1')
2267
+ $twofactor_enabled=1;
2268
+ }
2269
+
2270
+ if ( $is_customer_admin && $twofactor_enabled ) {
2271
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
2272
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
2273
+
2274
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
2275
+ $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
2276
+ }else{
2277
+ $mo2f_allwed_login_attempts= 'disabled';
2278
+ }
2279
+ update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
2280
+
2281
+ $twofactor_transactions = new Mo2fDB;
2282
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
2283
+ $tfa_enabled = $Mo2fdbQueries->get_user_detail( 'mo2f_2factor_enable_2fa_byusers', $currentuser->ID );
2284
+ if($tfa_enabled == 0 && ($mo_2factor_user_registration_status != 'MO_2_FACTOR_PLUGIN_SETTINGS') && $tfa_enabled != '')
2285
+ $exceeded =1;
2286
+
2287
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
2288
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2289
+ try {
2290
+ $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
2291
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
2292
+ $this->mo2f_rbastatus=$mo2f_rba_status;
2293
+ } catch ( Exception $e ) {
2294
+ echo $e->getMessage();
2295
+ }
2296
+
2297
+ if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
2298
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2299
+ } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
2300
+
2301
+ $this->mo2f_restrict_access( 'Access_denied' );
2302
+ exit;
2303
+ } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
2304
+ $this->mo2f_restrict_access( 'Access_denied' );
2305
+ exit;
2306
+ } else {
2307
+
2308
+ $mo2f_second_factor = '';
2309
+
2310
+ if(MO2F_IS_ONPREM)
2311
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2312
+ else
2313
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
2314
+
2315
+ if($mo2f_second_factor == 'miniOrange Soft Token')
2316
+ $mo2f_second_factor = "SOFT TOKEN";
2317
+ else if($mo2f_second_factor == "miniOrange Push Notification")
2318
+ $mo2f_second_factor = "PUSH NOTIFICATIONS";
2319
+ else if($mo2f_second_factor == "miniOrange QR Code Authentication")
2320
+ $mo2f_second_factor = "MOBILE AUTHENTICATION";
2321
+ else if($mo2f_second_factor == 'Security Questions')
2322
+ $mo2f_second_factor = 'KBA';
2323
+ else if($mo2f_second_factor == 'Google Authenticator')
2324
+ $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2325
+ else if($mo2f_second_factor == 'OTP Over SMS')
2326
+ $mo2f_second_factor = 'SMS';
2327
+ else if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
2328
+ $mo2f_second_factor = "EMAIL";
2329
+
2330
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
2331
+ {
2332
+ update_site_option("bGltaXRSZWFjaGVk",1);
2333
+
2334
+ }
2335
+ }
2336
+
2337
+
2338
+ if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
2339
+ {
2340
+ $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
2341
+ if(is_wp_error( $error))
2342
+ {
2343
+ return $error;
2344
+ }
2345
+ }
2346
+ else{
2347
+
2348
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2349
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
2350
+ } else {
2351
+
2352
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2353
+ $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
2354
+ } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification') {
2355
+ $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2356
+ } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL') {
2357
+ $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2358
+ } else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
2359
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
2360
+ } else if ( $mo2f_second_factor == 'NONE' ) {
2361
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2362
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2363
+ else
2364
+ return $currentuser;
2365
+ } else {
2366
+ $this->remove_current_activity($session_id_encrypt);
2367
+ $error = new WP_Error();
2368
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2369
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Two Factor method has not been configured.', );
2370
+ wp_send_json_success($data);
2371
+ }
2372
+ else{
2373
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
2374
+ return $error;
2375
+ }
2376
+ }
2377
+ }
2378
+ }
2379
+
2380
+ }
2381
+ }else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
2382
+ $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
2383
+
2384
+ } else {
2385
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2386
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2387
+ else
2388
+ return $currentuser;
2389
+ }
2390
+
2391
+ } else { //plugin is not activated for current role then logged him in without asking 2 factor
2392
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2393
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2394
+ else
2395
+ return $currentuser;
2396
+ }
2397
+
2398
+ }
2399
+
2400
+ function mo2fa_inline($currentuser,$redirect_to,$session_id){
2401
+
2402
+ global $Mo2fdbQueries;
2403
+ $currentUserId = $currentuser->ID;
2404
+ $email = $currentuser->user_email;
2405
+ $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
2406
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
2407
+ 'user_registration_with_miniorange' =>'SUCCESS',
2408
+ 'mo2f_user_email' =>$email,
2409
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
2410
+ ) );
2411
+
2412
+ $mo2fa_login_message = '';
2413
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2414
+
2415
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
2416
+ //}
2417
+ }
2418
+
2419
+ function mo2f_validate_soft_token($currentuser, $redirect_to = null, $mo2f_second_factor, $softtoken,$session_id_encrypt){
2420
+ global $Mo2fdbQueries;
2421
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2422
+ $customer = new Customer_Setup();
2423
+ $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2424
+
2425
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2426
+ if ( get_option( 'mo2f_remember_device' ) ) {
2427
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
2428
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
2429
+ } else {
2430
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2431
+ }
2432
+ } else {
2433
+ if( MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2434
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid One Time Passcode.', );
2435
+ wp_send_json_success($data);
2436
+ }
2437
+ else
2438
+ return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
2439
+ }
2440
+ }
2441
+
2442
+ function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
2443
+ {
2444
+
2445
+ $challengeMobile = new Customer_Setup();
2446
+ $content = '';
2447
+ $response = [];
2448
+ $otpLIMiTE = 0;
2449
+ if(get_site_option("cmVtYWluaW5nT1RQ")>0)
2450
+ {
2451
+ $content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
2452
+ $response = json_decode( $content, true );
2453
+ if(!MO2F_IS_ONPREM)
2454
+ {
2455
+ if(isset($response['txId']))
2456
+ MO2f_Utility::set_user_values( $session_id_encrypt, "mo2f_transactionId", $response['txId'] );
2457
+ }
2458
+
2459
+ }
2460
+ else
2461
+ {
2462
+ $response['status'] = 'FAILED';
2463
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2464
+ $otpLIMiTE = 1;
2465
+ }
2466
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2467
+ if ( $response['status'] == 'SUCCESS' ) {
2468
+ $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
2469
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2470
+ $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
2471
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2472
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 );
2473
+ }
2474
+ else
2475
+ {
2476
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2477
+ $mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
2478
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
2479
+ }
2480
+ }
2481
+ }
2482
+ function mo2f_restrict_access( $identity ) {
2483
+ apply_filters( 'mo2f_rba_addon', $identity );
2484
+ exit;
2485
+ }
2486
+
2487
+ function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
2488
+ global $Mo2fdbQueries;
2489
+ if ( get_option( 'mo2f_remember_device' ) ) {
2490
+ $this->miniorange_pass2login_start_session();
2491
+
2492
+ $session_id=$this->create_session();
2493
+ MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
2494
+ $this->mo2f_userID=$currentuser->ID;
2495
+
2496
+ mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
2497
+ exit;
2498
+ } else {
2499
+ $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to );
2500
+ }
2501
+ }
2502
+
2503
+ function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
2504
+ if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
2505
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2506
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp;Invalid User Credentials', );
2507
+ wp_send_json_success($data);
2508
+ }
2509
+ else
2510
+ return $user;
2511
+ }
2512
+ if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
2513
+ return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
2514
+ }
2515
+ // if an app password is enabled, this is an XMLRPC / APP login ?
2516
+ if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
2517
+
2518
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
2519
+ if ( is_wp_error( $currentuser ) ) {
2520
+ $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
2521
+
2522
+ return false;
2523
+ } else {
2524
+ return $currentuser;
2525
+ }
2526
+
2527
+ } else {
2528
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
2529
+ if ( is_wp_error( $currentuser ) ) {
2530
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2531
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
2532
+ wp_send_json_success($data);
2533
+ }
2534
+ else{
2535
+ $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
2536
+ return $currentuser;
2537
+ }
2538
+ } else {
2539
+ global $Mo2fdbQueries;
2540
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2541
+
2542
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2543
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2544
+ $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
2545
+ if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
2546
+ {
2547
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
2548
+ }
2549
+ else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
2550
+ {
2551
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
2552
+ }
2553
+ else
2554
+ {
2555
+ if ( empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')))
2556
+ {
2557
+
2558
+
2559
+ if(isset($_POST['mo_woocommerce_login_prompt'])){
2560
+
2561
+ $this->miniorange_initiate_2nd_factor( $currentuser, "", "","");
2562
+ }
2563
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2564
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Please enter the One Time Passcode', );
2565
+ wp_send_json_success($data);
2566
+ }
2567
+ else
2568
+ return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
2569
+ // Prevent PHP notices when using app password login
2570
+
2571
+ }
2572
+ else
2573
+ {
2574
+ $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
2575
+ }
2576
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
2577
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2578
+
2579
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2580
+
2581
+ if(is_null($session_id)) {
2582
+ $session_id=$this->create_session();
2583
+ }
2584
+
2585
+
2586
+ $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
2587
+
2588
+
2589
+ if(is_wp_error( $error)){
2590
+ return $error;
2591
+ }
2592
+ return $error;
2593
+ }
2594
+ }
2595
+ }
2596
+
2597
+ }
2598
+
2599
+ function display_email_verification($head,$body,$color)
2600
+ {
2601
+ echo "<div style='background-color: #d5e3d9; height:850px;' >
2602
+ <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
2603
+ <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
2604
+ <img alt='logo' style='margin-left:240px ;
2605
+ margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
2606
+ <div><hr></div>
2607
+
2608
+ <tbody>
2609
+ <tr>
2610
+ <td>
2611
+
2612
+ <p style='margin-top:0;margin-bottom:10px'>
2613
+ <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".$head ."</h1></p>
2614
+ <p style='margin-top:0;margin-bottom:10px'>
2615
+ <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".$body."</h2></p>
2616
+ <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
2617
+
2618
+ </td>
2619
+ </tr>
2620
+
2621
+ </div>
2622
+ </div>
2623
+ </div>";
2624
+ }
2625
+
2626
+ function mo_2_factor_enable_jquery_default_login() {
2627
+ wp_enqueue_script( 'jquery' );
2628
+ }
2629
+
2630
+ function miniorange_pass2login_footer_form() {
2631
+ ?>
2632
+ <script>
2633
+ jQuery(document).ready(function () {
2634
+ if (document.getElementById('loginform') != null) {
2635
+ jQuery('#loginform').on('submit', function (e) {
2636
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2637
+ });
2638
+ } else {
2639
+ if (document.getElementsByClassName('login') != null) {
2640
+ jQuery('.login').on('submit', function (e) {
2641
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2642
+ });
2643
+ }
2644
+ }
2645
+ });
2646
+ </script>
2647
+ <?php
2648
+
2649
+ }
2650
+
2651
+
2652
+ }
2653
+
2654
+ ?>
handler/twofa/two_fa_settings.php CHANGED
@@ -18,7 +18,7 @@ class Miniorange_Authentication {
18
  $wp_roles = new WP_Roles();
19
  }
20
 
21
- if ( get_option( 'mo2f_activate_plugin' ) == 1 ) {
22
  $mo2f_rba_attributes = new Miniorange_Rba_Attributes();
23
  $pass2fa_login = new Miniorange_Password_2Factor_Login();
24
  $mo2f_2factor_setup = new Two_Factor_Setup();
@@ -45,7 +45,7 @@ class Miniorange_Authentication {
45
  'miniorange_pass2login_form_fields'
46
  ), 10, 5 );
47
  add_filter( 'mo2f_gauth_service', array( $mo2f_rba_attributes, 'mo2f_google_auth_service' ), 10, 1 );
48
- if ( get_option( 'mo2f_login_option' ) ) { //password + 2nd factor enabled
49
  if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
50
 
51
  remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
@@ -75,7 +75,7 @@ class Miniorange_Authentication {
75
  'mo_2_factor_pass2login_show_wp_login_form'
76
  ) );
77
  }
78
- else if(!get_site_option('mo2f_woocommerce_login_prompt') && get_site_option('mo2f_enable_2fa_prompt_on_login_page') ) {
79
  add_action('woocommerce_login_form_end' ,array(
80
  $pass2fa_login,
81
  'mo_2_factor_pass2login_woocommerce'
@@ -128,8 +128,8 @@ class Miniorange_Authentication {
128
  $userid = wp_get_current_user()->ID;
129
  add_option('mo2f_onprem_admin' , $userid );
130
  // Deciding on On-Premise solution
131
- $is_NC=get_option( 'mo2f_is_NC' );
132
- $is_NNC=get_option( 'mo2f_is_NNC' );
133
  // Old users
134
  if ( get_option( 'mo2f_customerKey' ) && ! $is_NC )
135
  add_option( 'is_onprem', 0 );
@@ -173,13 +173,13 @@ class Miniorange_Authentication {
173
 
174
  if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
175
 
176
- if ( get_option( 'mo2f_customerKey' ) && ! get_option( 'mo2f_is_NC' ) ) {
177
  update_option( 'mo2f_is_NC', 0 );
178
  }
179
 
180
  $check_if_user_column_exists = false;
181
 
182
- if ( $user_id && ! get_option( 'mo2f_is_NC' ) ) {
183
  $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
184
  if ( $does_table_exist ) {
185
  $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
@@ -268,14 +268,7 @@ class Miniorange_Authentication {
268
 
269
 
270
  }
271
-
272
-
273
- /**
274
- * Function tells where to look for translations.
275
- */
276
- function mo2fa_load_textdomain() {
277
- load_plugin_textdomain( 'miniorange-2-factor-authentication', false, dirname( plugin_basename( __FILE__ ) ) . '/lang/' );
278
- }
279
 
280
  function feedback_request() {
281
  display_feedback_form();
@@ -283,8 +276,8 @@ class Miniorange_Authentication {
283
 
284
  function get_customer_SMS_transactions() {
285
 
286
- if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && get_option( 'mo2f_show_sms_transaction_message' ) ) {
287
- if ( ! get_option( 'mo2f_set_transactions' ) ) {
288
  $customer = new Customer_Setup();
289
 
290
  $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
@@ -301,7 +294,7 @@ class Miniorange_Authentication {
301
  }
302
  update_option( 'mo2f_number_of_transactions', $smsRemaining );
303
  } else {
304
- $smsRemaining = get_option( 'mo2f_number_of_transactions' );
305
  }
306
 
307
  $this->display_customer_transactions( $smsRemaining );
@@ -317,7 +310,7 @@ class Miniorange_Authentication {
317
  $user = wp_get_current_user();
318
  $selected_2_Factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
319
  if ( $selected_2_Factor_method == 'NONE' ) {
320
- if ( get_option( 'mo2f_enable_2fa_for_users' ) || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
321
  echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
322
  '<a href="admin.php?page=mo_2fa_two_fa">' . mo2f_lt( ' Click here' ) . '</a>' . mo2f_lt( ' to set it up.' ) .
323
  '<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
@@ -356,9 +349,9 @@ class Miniorange_Authentication {
356
  $roles = $user->roles;
357
  $miniorange_role = array_shift( $roles );
358
 
359
- $is_plugin_activated = get_option( 'mo2f_activate_plugin' );
360
  $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $user->ID ? true : false;
361
- $is_2fa_enabled_for_users = get_option( 'mo2f_enable_2fa_for_users' );
362
  $can_current_user_manage_options = current_user_can( 'manage_options' );
363
  $admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
364
  ? true : false;
@@ -386,7 +379,7 @@ class Miniorange_Authentication {
386
  else
387
  $iconurl = site_url(). '/wp-content/uploads/miniorange/plugin_icon.png';
388
  $menu_slug = 'miniOrange_2_factor_settings';
389
- add_menu_page( 'miniOrange 2 Factor Auth', get_option('mo2f_custom_plugin_name'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
390
  }
391
 
392
  function mo_auth_login_options() {
@@ -431,11 +424,10 @@ class Miniorange_Authentication {
431
  }
432
 
433
  function miniorange_auth_save_settings() {
434
- if (get_option('mo2f_plugin_redirect')) {
435
- delete_option('mo2f_plugin_redirect');
436
- wp_redirect(admin_url() . 'admin.php?page=mo_2fa_two_fa');
437
- exit;
438
-
439
  }
440
  if ( array_key_exists( 'page', $_REQUEST ) && $_REQUEST['page'] == 'mo_2fa_two_fa' ) {
441
  if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
@@ -722,7 +714,7 @@ class Miniorange_Authentication {
722
  $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
723
  update_option( 'mo2f_miniorange_admin', $user->ID );
724
 
725
- $mo2f_emailVerification_config_status = get_option( 'mo2f_is_NC' ) == 0 ? true : false;
726
 
727
  delete_option( 'mo2f_password' );
728
  update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
@@ -751,7 +743,7 @@ class Miniorange_Authentication {
751
  if ( $mo2f_second_factor != 'NONE' ) {
752
  $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
753
 
754
- if ( get_option( 'mo2f_is_NC' ) == 0 ) {
755
 
756
  $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
757
  $Mo2fdbQueries->update_user_details( $user->ID, array(
@@ -773,7 +765,7 @@ class Miniorange_Authentication {
773
  }
774
 
775
  $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
776
- if ( $configured_2FA_method != 'NONE' && get_option( 'mo2f_is_NC' ) == 0 ) {
777
  $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '.';
778
  }
779
  $mo2f_message .= ' ' . '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
@@ -1023,13 +1015,13 @@ class Miniorange_Authentication {
1023
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1024
  if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM ) {
1025
 
1026
- if($_POST['mo2f_login_option'] == 0 && get_option('mo2f_enable_2fa_prompt_on_login_page')){
1027
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "LOGIN_WITH_2ND_FACTOR" ) );
1028
  $this->mo_auth_show_error_message();
1029
  }else{
1030
  update_option( 'mo2f_login_option', isset( $_POST['mo2f_login_option'] ) ? $_POST['mo2f_login_option'] : 0 );
1031
  update_option( 'mo2f_remember_device', isset( $_POST['mo2f_remember_device'] ) ? $_POST['mo2f_remember_device'] : 0 );
1032
- if ( get_option( 'mo2f_login_option' ) == 0 ) {
1033
  update_option( 'mo2f_remember_device', 0 );
1034
  }
1035
  if(isset($_POST['mo2f_enable_login_with_2nd_factor']))
@@ -1530,7 +1522,7 @@ class Miniorange_Authentication {
1530
  $show = 1;
1531
  if(MO2F_IS_ONPREM )
1532
  {
1533
- $txid = isset($_POST['TxidEmail'])?_POST['TxidEmail']:null;
1534
  $status = get_option($txid);
1535
  if($status != '')
1536
  {
@@ -1544,6 +1536,9 @@ class Miniorange_Authentication {
1544
  }
1545
  }
1546
  $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
 
 
 
1547
  $mo2f_EmailVerification_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_EmailVerification_config_status', $user->ID );
1548
  if ( ! current_user_can( 'manage_options' ) && $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL' ) {
1549
  if ( $mo2f_EmailVerification_config_status ) {
@@ -1661,6 +1656,8 @@ class Miniorange_Authentication {
1661
 
1662
  if ( current_user_can( 'manage_options' ) ) {
1663
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
 
 
1664
  } else {
1665
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
1666
  }
@@ -2039,7 +2036,7 @@ class Miniorange_Authentication {
2039
  $_SESSION['mo2f_transactionId'] = $content['txId'];
2040
  update_option( 'mo2f_transactionId', $content['txId'] );
2041
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2042
- update_option( 'mo2f_number_of_transactions', get_option( 'mo2f_number_of_transactions' ) - 1 );
2043
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2044
  $this->mo_auth_show_success_message();
2045
  } else {
@@ -2213,8 +2210,8 @@ class Miniorange_Authentication {
2213
  $allowed = false;
2214
  if(get_option('mo2f_miniorange_admin'))
2215
  $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
2216
-
2217
- if($is_customer_registered && !$is_end_user_registered and !$allowed){
2218
  $enduser = new Two_Factor_Setup();
2219
  $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
2220
  if(json_last_error() == JSON_ERROR_NONE){
@@ -2257,7 +2254,8 @@ class Miniorange_Authentication {
2257
  }
2258
 
2259
  }
2260
- update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
 
2261
  if(MO2F_IS_ONPREM)
2262
  {
2263
  if($selected_2FA_method == 'EmailVerification')
@@ -2267,6 +2265,7 @@ class Miniorange_Authentication {
2267
  if($selected_2FA_method == 'OTPOverSMS')
2268
  $selected_2FA_method = 'OTP Over SMS';
2269
  }
 
2270
  if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification'))
2271
  $is_customer_registered = 1;
2272
 
@@ -2290,28 +2289,48 @@ class Miniorange_Authentication {
2290
  $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2291
  $customer_key = get_option( 'mo2f_customerKey' );
2292
  $api_key = get_option( 'mo2f_api_key' );
2293
-
2294
  $cloud_method1 = array('miniOrange QR Code Authentication','miniOrange Push Notification','miniOrange Soft Token');
2295
-
2296
- if($selected_2FA_method == "OTP Over Email" or in_array($selected_2FA_method,$cloud_method1))
2297
  {
2298
- $TwoF_setup = new Two_Factor_Setup();
2299
- $current_method = MO2f_Utility::mo2f_decode_2_factor( $selected_2FA_method, "server" );
 
 
 
 
 
 
2300
 
2301
- if($selected_2FA_method == "OTP Over Email")
2302
- $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'EMAIL',null,null,null),true);
2303
  else
2304
- $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,$current_method,null,null,null),true);
2305
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
 
 
 
 
2306
 
2307
- mo2f_display_test_2fa_notification($user);
 
 
 
 
 
 
 
 
 
 
2308
  }else if($selected_2FA_method == "Email Verification")
2309
  {
2310
  $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key);
2311
  }
2312
 
2313
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
2314
 
 
 
2315
 
2316
  // update the server
2317
  if(!MO2F_IS_ONPREM)
@@ -2489,7 +2508,7 @@ class Miniorange_Authentication {
2489
  if($selected_2FA_method == 'OTP Over Email')
2490
  {
2491
  $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2492
- if(get_site_option("cmVtYWluaW5nT1RQ")<=0)
2493
  {
2494
  update_site_option("bGltaXRSZWFjaGVk",1);
2495
  $check = 0;
@@ -2505,15 +2524,15 @@ class Miniorange_Authentication {
2505
  if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0 ) {
2506
  if($selected_2FA_method == 'OTP Over Email')
2507
  {
2508
- $cmVtYWluaW5nT1RQ = get_option("cmVtYWluaW5nT1RQ");
2509
- update_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2510
  }
2511
  else if($selected_2FA_method == 'OTP Over SMS')
2512
  {
2513
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2514
  }
2515
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2516
- update_option( 'mo2f_number_of_transactions', get_option( 'mo2f_number_of_transactions' ) - 1 );
2517
 
2518
  $_SESSION['mo2f_transactionId'] = $response['txId'];
2519
  update_option( 'mo2f_transactionId', $response['txId'] );
@@ -2603,8 +2622,8 @@ class Miniorange_Authentication {
2603
  function mo_auth_deactivate() {
2604
  global $Mo2fdbQueries;
2605
  $mo2f_register_with_another_email = get_option( 'mo2f_register_with_another_email' );
2606
- $is_EC = ! get_option( 'mo2f_is_NC' ) ? 1 : 0;
2607
- $is_NNC = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' ) ? 1 : 0;
2608
 
2609
  if ( $mo2f_register_with_another_email || $is_EC || $is_NNC ) {
2610
  update_option( 'mo2f_register_with_another_email', 0 );
@@ -2951,14 +2970,16 @@ class Miniorange_Authentication {
2951
  $current_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_configured_2FA_method, "server" );
2952
 
2953
  $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $phone, null, null ), true );
2954
-
2955
  if ( json_last_error() == JSON_ERROR_NONE ) {
2956
  if ( $response['status'] == 'ERROR' ) {
2957
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
2958
  $this->mo_auth_show_error_message();
2959
  } else if ( $response['status'] == 'SUCCESS' ) {
2960
- $configured_2fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2961
-
 
 
 
2962
  if ( in_array( $configured_2fa_method, array( "Google Authenticator", "Authy Authenticator" ) ) ) {
2963
  update_user_meta( $user->ID, 'mo2f_external_app_type', $configured_2fa_method );
2964
  }
@@ -2969,8 +2990,9 @@ class Miniorange_Authentication {
2969
  delete_user_meta( $user->ID, 'configure_2FA' );
2970
 
2971
  if($configured_2fa_method == 'OTP Over Email' or $configured_2fa_method=='OTP Over SMS')
2972
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA_otp" ) );
2973
-
 
2974
  else
2975
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA" ) );
2976
 
@@ -3052,13 +3074,7 @@ class Miniorange_Authentication {
3052
  $currentTimeInMillis = round(microtime(true) * 1000);
3053
  update_site_option($time,$currentTimeInMillis);
3054
  update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
3055
- if ( ! $is_flow_driven_setup ) {
3056
- update_user_meta($current_user->ID,'mo2f_configure_test_option','MO2F_TEST');
3057
- $Mo2fdbQueries->update_user_details(
3058
- $current_user->ID, array('mo2f_configured_2FA_method' => 'OUT OF BAND EMAIL',
3059
- 'mo2f_2factor_enable_2fa_byusers' => 1) );
3060
- $this->mo_auth_show_success_message();
3061
- }
3062
  }else{
3063
  update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
3064
  $this->mo_auth_show_error_message();
@@ -3101,7 +3117,7 @@ class Miniorange_Authentication {
3101
  $get_encryption_key = MO2f_Utility::random_str(16);
3102
  update_option('mo2f_encryption_key',$get_encryption_key);
3103
 
3104
- if ( get_option( 'mo2f_customerKey' ) && ! get_option( 'mo2f_is_NC' ) ) {
3105
  update_option( 'mo2f_is_NC', 0 );
3106
  } else {
3107
  update_option( 'mo2f_is_NC', 1 );
18
  $wp_roles = new WP_Roles();
19
  }
20
 
21
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option') == 1 ) {
22
  $mo2f_rba_attributes = new Miniorange_Rba_Attributes();
23
  $pass2fa_login = new Miniorange_Password_2Factor_Login();
24
  $mo2f_2factor_setup = new Two_Factor_Setup();
45
  'miniorange_pass2login_form_fields'
46
  ), 10, 5 );
47
  add_filter( 'mo2f_gauth_service', array( $mo2f_rba_attributes, 'mo2f_google_auth_service' ), 10, 1 );
48
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) { //password + 2nd factor enabled
49
  if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
50
 
51
  remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
75
  'mo_2_factor_pass2login_show_wp_login_form'
76
  ) );
77
  }
78
+ else if(!get_site_option('mo2f_woocommerce_login_prompt') && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option') ) {
79
  add_action('woocommerce_login_form_end' ,array(
80
  $pass2fa_login,
81
  'mo_2_factor_pass2login_woocommerce'
128
  $userid = wp_get_current_user()->ID;
129
  add_option('mo2f_onprem_admin' , $userid );
130
  // Deciding on On-Premise solution
131
+ $is_NC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
132
+ $is_NNC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
133
  // Old users
134
  if ( get_option( 'mo2f_customerKey' ) && ! $is_NC )
135
  add_option( 'is_onprem', 0 );
173
 
174
  if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
175
 
176
+ if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option')) {
177
  update_option( 'mo2f_is_NC', 0 );
178
  }
179
 
180
  $check_if_user_column_exists = false;
181
 
182
+ if ( $user_id && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
183
  $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
184
  if ( $does_table_exist ) {
185
  $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
268
 
269
 
270
  }
271
+
 
 
 
 
 
 
 
272
 
273
  function feedback_request() {
274
  display_feedback_form();
276
 
277
  function get_customer_SMS_transactions() {
278
 
279
+ if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && MoWpnsUtility::get_mo2f_db_option('mo2f_show_sms_transaction_message', 'get_option') ) {
280
+ if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
281
  $customer = new Customer_Setup();
282
 
283
  $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
294
  }
295
  update_option( 'mo2f_number_of_transactions', $smsRemaining );
296
  } else {
297
+ $smsRemaining = MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option');
298
  }
299
 
300
  $this->display_customer_transactions( $smsRemaining );
310
  $user = wp_get_current_user();
311
  $selected_2_Factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
312
  if ( $selected_2_Factor_method == 'NONE' ) {
313
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option') || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
314
  echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
315
  '<a href="admin.php?page=mo_2fa_two_fa">' . mo2f_lt( ' Click here' ) . '</a>' . mo2f_lt( ' to set it up.' ) .
316
  '<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
349
  $roles = $user->roles;
350
  $miniorange_role = array_shift( $roles );
351
 
352
+ $is_plugin_activated = MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option');
353
  $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $user->ID ? true : false;
354
+ $is_2fa_enabled_for_users = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option');
355
  $can_current_user_manage_options = current_user_can( 'manage_options' );
356
  $admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
357
  ? true : false;
379
  else
380
  $iconurl = site_url(). '/wp-content/uploads/miniorange/plugin_icon.png';
381
  $menu_slug = 'miniOrange_2_factor_settings';
382
+ add_menu_page( 'miniOrange 2 Factor Auth', MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
383
  }
384
 
385
  function mo_auth_login_options() {
424
  }
425
 
426
  function miniorange_auth_save_settings() {
427
+ if (get_site_option('mo2f_plugin_redirect')) {
428
+ delete_site_option('mo2f_plugin_redirect');
429
+ wp_redirect(admin_url() . 'admin.php?page=mo_2fa_two_fa');
430
+ exit;
 
431
  }
432
  if ( array_key_exists( 'page', $_REQUEST ) && $_REQUEST['page'] == 'mo_2fa_two_fa' ) {
433
  if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
714
  $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
715
  update_option( 'mo2f_miniorange_admin', $user->ID );
716
 
717
+ $mo2f_emailVerification_config_status = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ? true : false;
718
 
719
  delete_option( 'mo2f_password' );
720
  update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
743
  if ( $mo2f_second_factor != 'NONE' ) {
744
  $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
745
 
746
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
747
 
748
  $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
749
  $Mo2fdbQueries->update_user_details( $user->ID, array(
765
  }
766
 
767
  $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
768
+ if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
769
  $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '.';
770
  }
771
  $mo2f_message .= ' ' . '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
1015
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1016
  if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM ) {
1017
 
1018
+ if($_POST['mo2f_login_option'] == 0 && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option')){
1019
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "LOGIN_WITH_2ND_FACTOR" ) );
1020
  $this->mo_auth_show_error_message();
1021
  }else{
1022
  update_option( 'mo2f_login_option', isset( $_POST['mo2f_login_option'] ) ? $_POST['mo2f_login_option'] : 0 );
1023
  update_option( 'mo2f_remember_device', isset( $_POST['mo2f_remember_device'] ) ? $_POST['mo2f_remember_device'] : 0 );
1024
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') == 0 ) {
1025
  update_option( 'mo2f_remember_device', 0 );
1026
  }
1027
  if(isset($_POST['mo2f_enable_login_with_2nd_factor']))
1522
  $show = 1;
1523
  if(MO2F_IS_ONPREM )
1524
  {
1525
+ $txid = isset($_POST['TxidEmail'])? $_POST['TxidEmail']:null;
1526
  $status = get_option($txid);
1527
  if($status != '')
1528
  {
1536
  }
1537
  }
1538
  $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1539
+ if(MO2F_IS_ONPREM and $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL')
1540
+ $mo2f_configured_2FA_method = 'Email Verification';
1541
+
1542
  $mo2f_EmailVerification_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_EmailVerification_config_status', $user->ID );
1543
  if ( ! current_user_can( 'manage_options' ) && $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL' ) {
1544
  if ( $mo2f_EmailVerification_config_status ) {
1656
 
1657
  if ( current_user_can( 'manage_options' ) ) {
1658
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
1659
+ delete_user_meta( $user->ID, 'configure_2FA');
1660
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Email' ) );
1661
  } else {
1662
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
1663
  }
2036
  $_SESSION['mo2f_transactionId'] = $content['txId'];
2037
  update_option( 'mo2f_transactionId', $content['txId'] );
2038
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2039
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2040
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2041
  $this->mo_auth_show_success_message();
2042
  } else {
2210
  $allowed = false;
2211
  if(get_option('mo2f_miniorange_admin'))
2212
  $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
2213
+
2214
+ if($is_customer_registered && !$is_end_user_registered and !$allowed){
2215
  $enduser = new Two_Factor_Setup();
2216
  $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
2217
  if(json_last_error() == JSON_ERROR_NONE){
2254
  }
2255
 
2256
  }
2257
+
2258
+ update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
2259
  if(MO2F_IS_ONPREM)
2260
  {
2261
  if($selected_2FA_method == 'EmailVerification')
2265
  if($selected_2FA_method == 'OTPOverSMS')
2266
  $selected_2FA_method = 'OTP Over SMS';
2267
  }
2268
+
2269
  if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification'))
2270
  $is_customer_registered = 1;
2271
 
2289
  $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2290
  $customer_key = get_option( 'mo2f_customerKey' );
2291
  $api_key = get_option( 'mo2f_api_key' );
2292
+ $customer = new Customer_Setup();
2293
  $cloud_method1 = array('miniOrange QR Code Authentication','miniOrange Push Notification','miniOrange Soft Token');
2294
+ if(($selected_2FA_method == "OTP Over Email") and MO2F_IS_ONPREM)
 
2295
  {
2296
+ $check = 1;
2297
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
2298
+ {
2299
+ update_site_option("bGltaXRSZWFjaGVk",1);
2300
+ $check = 0;
2301
+
2302
+ }
2303
+
2304
 
2305
+ if($check == 1)
2306
+ $response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method, $customer_key, $api_key ), true );
2307
  else
2308
+ $response['status'] = 'FAILED';
2309
+ if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0) {
2310
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2311
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2312
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2313
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2314
 
2315
+ $_SESSION['mo2f_transactionId'] = $response['txId'];
2316
+ update_option( 'mo2f_transactionId', $response['txId'] );
2317
+ $this->mo_auth_show_success_message();
2318
+
2319
+ } else {
2320
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_ONPREM" ) );
2321
+ $this->mo_auth_show_error_message();
2322
+
2323
+ }
2324
+ update_user_meta( $user->ID, 'configure_2FA', 1 );
2325
+
2326
  }else if($selected_2FA_method == "Email Verification")
2327
  {
2328
  $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key);
2329
  }
2330
 
 
2331
 
2332
+ if($selected_2FA_method != 'OTP Over Email')
2333
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
2334
 
2335
  // update the server
2336
  if(!MO2F_IS_ONPREM)
2508
  if($selected_2FA_method == 'OTP Over Email')
2509
  {
2510
  $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2511
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
2512
  {
2513
  update_site_option("bGltaXRSZWFjaGVk",1);
2514
  $check = 0;
2524
  if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0 ) {
2525
  if($selected_2FA_method == 'OTP Over Email')
2526
  {
2527
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2528
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2529
  }
2530
  else if($selected_2FA_method == 'OTP Over SMS')
2531
  {
2532
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2533
  }
2534
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2535
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2536
 
2537
  $_SESSION['mo2f_transactionId'] = $response['txId'];
2538
  update_option( 'mo2f_transactionId', $response['txId'] );
2622
  function mo_auth_deactivate() {
2623
  global $Mo2fdbQueries;
2624
  $mo2f_register_with_another_email = get_option( 'mo2f_register_with_another_email' );
2625
+ $is_EC = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ? 1 : 0;
2626
+ $is_NNC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option') ? 1 : 0;
2627
 
2628
  if ( $mo2f_register_with_another_email || $is_EC || $is_NNC ) {
2629
  update_option( 'mo2f_register_with_another_email', 0 );
2970
  $current_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_configured_2FA_method, "server" );
2971
 
2972
  $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $phone, null, null ), true );
 
2973
  if ( json_last_error() == JSON_ERROR_NONE ) {
2974
  if ( $response['status'] == 'ERROR' ) {
2975
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
2976
  $this->mo_auth_show_error_message();
2977
  } else if ( $response['status'] == 'SUCCESS' ) {
2978
+ $configured_2fa_method = '';
2979
+ if($mo2f_configured_2FA_method =='')
2980
+ $configured_2fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2981
+ else
2982
+ $configured_2fa_method = $mo2f_configured_2FA_method;
2983
  if ( in_array( $configured_2fa_method, array( "Google Authenticator", "Authy Authenticator" ) ) ) {
2984
  update_user_meta( $user->ID, 'mo2f_external_app_type', $configured_2fa_method );
2985
  }
2990
  delete_user_meta( $user->ID, 'configure_2FA' );
2991
 
2992
  if($configured_2fa_method == 'OTP Over Email' or $configured_2fa_method=='OTP Over SMS')
2993
+ {
2994
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA_otp" ) );
2995
+ }
2996
  else
2997
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA" ) );
2998
 
3074
  $currentTimeInMillis = round(microtime(true) * 1000);
3075
  update_site_option($time,$currentTimeInMillis);
3076
  update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
3077
+
 
 
 
 
 
 
3078
  }else{
3079
  update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
3080
  $this->mo_auth_show_error_message();
3117
  $get_encryption_key = MO2f_Utility::random_str(16);
3118
  update_option('mo2f_encryption_key',$get_encryption_key);
3119
 
3120
+ if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
3121
  update_option( 'mo2f_is_NC', 0 );
3122
  } else {
3123
  update_option( 'mo2f_is_NC', 1 );
handler/twofa/two_fa_short_call.php ADDED
@@ -0,0 +1,43 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ include_once('two_fa_short_gateway.php');
4
+
5
+ class TwoFACustomRegFormAPI
6
+ {
7
+ public function __construct()
8
+ {
9
+
10
+ }
11
+
12
+ public static function challenge($phone_number,$email,$authTypeSend)
13
+ {
14
+
15
+
16
+ if($authTypeSend == 'email')
17
+ {
18
+ $auierpyasdcRy = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
19
+ $cmVtYWluaW5nT1RQ = $auierpyasdcRy? $auierpyasdcRy : 0;
20
+ if($cmVtYWluaW5nT1RQ > 0)
21
+ {
22
+ $response = TwoFAMOGateway:: mo_send_otp_token('EMAIL', '', $email);
23
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
24
+ }
25
+ else
26
+ {
27
+ $response = ['status'=>'ERROR','message'=>'Email Transaction Limit Exceeded'];
28
+ wp_send_json($response);
29
+ }
30
+ }
31
+ else
32
+ {
33
+ $response = TwoFAMOGateway:: mo_send_otp_token('SMS', $phone_number, $email);
34
+ }
35
+ wp_send_json($response);
36
+
37
+ }
38
+
39
+ public static function validate($txId, $otp)
40
+ {
41
+ wp_send_json(TwoFAMOGateway :: mo_validate_otp_token('OTP',$txId, $otp));
42
+ }
43
+ }
handler/twofa/two_fa_short_custom.php ADDED
@@ -0,0 +1,80 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ include_once('two_fa_short_call.php');
4
+
5
+ class TwoFACustomRegFormShortcode
6
+
7
+ {
8
+ public function __construct()
9
+ {
10
+ add_action('woocommerce_created_customer',array($this,'wc_post_registration'), 1, 3);
11
+ }
12
+
13
+ public function mo_enqueue_shortcode()
14
+ {
15
+ add_action("wp_ajax_mo_shortcode",array( $this, 'mo_shortcode' ));
16
+ add_action("wp_ajax_nopriv_mo_shortcode",array($this,'mo_shortcode'));
17
+ add_action("wp_ajax_mo_ajax_register",array( $this, 'mo_ajax_register' ));
18
+ add_action("wp_ajax_nopriv_mo_ajax_register",array($this,'mo_ajax_register'));
19
+ }
20
+
21
+ public function mo_shortcode()
22
+ {
23
+ switch($_POST['mo_action'])
24
+ {
25
+ case "challenge":
26
+ $email = sanitize_text_field($_POST['email']);
27
+ $phone = sanitize_text_field($_POST['phone']);
28
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
29
+
30
+ TwoFACustomRegFormAPI::challenge($phone,$email,$authTypeSend);
31
+ break;
32
+
33
+ case "validate":
34
+ $otp = sanitize_text_field($_POST['otp']);
35
+ $txId = sanitize_text_field($_POST['txId']);
36
+ TwoFACustomRegFormAPI::validate($txId,$otp);
37
+ break;
38
+ }
39
+ }
40
+
41
+ public function mo_ajax_register(){
42
+ switch ($_POST['mo_action']) {
43
+ case 'send_otp_over_email':
44
+ $email = isset($_POST['email'])? $_POST['email']: "";
45
+ $phone = isset($_POST['phone'])? $_POST['phone']: "";
46
+ $email = sanitize_text_field($email);
47
+ $phone = sanitize_text_field($phone);
48
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
49
+ TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
50
+ # code...
51
+ break;
52
+ case 'send_otp_over_sms' :
53
+ $email = isset($_POST['email'])? $_POST['email']: "";
54
+ $phone = isset($_POST['phone'])? $_POST['phone']: "";
55
+ $email = sanitize_text_field($email);
56
+ $phone = sanitize_text_field($phone);
57
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
58
+ TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
59
+ break;
60
+
61
+ default:
62
+ $otp = sanitize_text_field($_POST['otp']);
63
+ $txId = sanitize_text_field($_POST['txId']);
64
+ TwoFACustomRegFormAPI :: validate($txId,$otp);
65
+ # code...
66
+ break;
67
+ }
68
+ }
69
+
70
+ function wc_post_registration( $user_id, $new_customer_data, $password_generated) {
71
+ if ( isset( $_POST['phone'] ))
72
+ update_user_meta($user_id, 'billing_phone', $_POST['phone']);
73
+ }
74
+
75
+
76
+
77
+
78
+ }
79
+
80
+
handler/twofa/two_fa_short_gateway.php ADDED
@@ -0,0 +1,67 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+
5
+ require_once $mo2f_dirName.'helper'.DIRECTORY_SEPARATOR.'mo_twofa_sessions.php';
6
+
7
+ if(! defined( 'ABSPATH' )) exit;
8
+ define('MO2F_DEFAULT_APIKEY',"fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq");
9
+ define('MO2F_FAIL_MODE', false);
10
+ define('MO2F_SESSION_TYPE', "TRANSIENT");
11
+
12
+ class TwoFAMOGateway
13
+ {
14
+ public static function mo_send_otp_token($authType, $phone, $email)
15
+ {
16
+ if(MO2F_TEST_MODE)
17
+ {
18
+ return ['message'=>'OTP Sent Successfully','status'=>'SUCCESS','txId'=> rand(1000,9999)];
19
+ }
20
+ else
21
+ {
22
+ $customerKey = get_site_option('mo2f_customerKey');
23
+ $apiKey = get_site_option('mo2f_api_key');
24
+ TwoFAMoSessions::addSessionVar('mo2f_transactionId',true);
25
+ TwoFAMoSessions::addSessionVar('sent_on',time());
26
+
27
+ if($authType == 'EMAIL')
28
+ {
29
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
30
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
31
+ $content = (new Customer_Cloud_Setup)->send_otp_token($email,$authType,$customerKey,$apiKey);
32
+ }
33
+
34
+ else
35
+ {
36
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
37
+ $content = (new Customer_Cloud_Setup)->send_otp_token($phone,$authType,$customerKey,$apiKey);
38
+ }
39
+ return json_decode($content,TRUE);
40
+ }
41
+ }
42
+
43
+ public static function mo_validate_otp_token($authType,$txId, $otp_token)
44
+ {
45
+ if(MO2F_TEST_MODE)
46
+ {
47
+ TwoFAMoSessions::unsetSession('mo2f_transactionId');
48
+ return MO2F_FAIL_MODE ? ['status'=>"FAILED","message"=>"OTP is Invalid"]:['status'=>"SUCCESS","message"=>"Successfully Validated"];
49
+ }
50
+ else
51
+ {
52
+ $content = "";
53
+ if(TwoFAMoSessions :: getSessionVar('mo2f_transactionId'))
54
+ {
55
+ $customerKey = get_site_option('mo2f_customerKey');
56
+ $apiKey = get_site_option('mo2f_api_key');
57
+ $content = (new Customer_Cloud_Setup)->validate_otp_token($authType,null,$txId,$otp_token,$customerKey,$apiKey);
58
+ $content = json_decode($content, TRUE);
59
+ if($content["status"] == "SUCCESS")
60
+ {
61
+ TwoFAMoSessions :: unsetSession('mo2f_transactionId');
62
+ }
63
+ }
64
+ return $content;
65
+ }
66
+ }
67
+ }
handler/twofa/two_fa_utility.php CHANGED
@@ -115,6 +115,7 @@ class MO2f_Utility {
115
  global $Mo2fdbQueries;
116
  $key = get_option( 'mo2f_encryption_key' );
117
  $data_option=NULL;
 
118
  if(empty($data_option)){
119
 
120
  //setting session
@@ -261,8 +262,9 @@ class MO2f_Utility {
261
  }
262
  } else if ( $variable == 'mo_2_factor_kba_questions' ) {
263
  if ( isset( $_COOKIE['kba_question1'] ) && ! empty( $_COOKIE['kba_question1'] ) ) {
264
- $kba_question1 = MO2f_Utility::mo2f_get_cookie_values( 'kba_question1' );
265
- $kba_question2 = MO2f_Utility::mo2f_get_cookie_values( 'kba_question2' );
 
266
  $cookie_value = array( $kba_question1, $kba_question2 );
267
  }
268
  } else {
@@ -547,6 +549,18 @@ class MO2f_Utility {
547
  return FALSE;
548
  }
549
 
 
 
 
 
 
 
 
 
 
 
 
 
550
  }
551
 
552
- ?>
115
  global $Mo2fdbQueries;
116
  $key = get_option( 'mo2f_encryption_key' );
117
  $data_option=NULL;
118
+
119
  if(empty($data_option)){
120
 
121
  //setting session
262
  }
263
  } else if ( $variable == 'mo_2_factor_kba_questions' ) {
264
  if ( isset( $_COOKIE['kba_question1'] ) && ! empty( $_COOKIE['kba_question1'] ) ) {
265
+
266
+ $kba_question1['question'] = MO2f_Utility::mo2f_get_cookie_values( 'kba_question1' );
267
+ $kba_question2['question'] = MO2f_Utility::mo2f_get_cookie_values( 'kba_question2' );
268
  $cookie_value = array( $kba_question1, $kba_question2 );
269
  }
270
  } else {
549
  return FALSE;
550
  }
551
 
552
+ public static function get_index_value($var,$index){
553
+ switch ($var) {
554
+ case 'GLOBALS':
555
+ return isset($GLOBALS[$index])?$GLOBALS[$index]:false;
556
+ break;
557
+
558
+ default:
559
+ return false;
560
+ break;
561
+ }
562
+ }
563
+
564
  }
565
 
566
+ ?>
helper/curl.php CHANGED
@@ -30,6 +30,7 @@ class MocURL
30
  );
31
  $json = json_encode($fields);
32
  $response = self::callAPI($url, $json);
 
33
  return $response;
34
  }
35
 
@@ -38,8 +39,8 @@ class MocURL
38
  $current_user = wp_get_current_user();
39
  $url = MoWpnsConstants::HOST_NAME . "/moas/rest/customer/contact-us";
40
 
41
- $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
42
- $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
43
  $onprem = MO2F_IS_ONPREM ?'O':'C';
44
 
45
  $customer_feature = "";
@@ -195,8 +196,8 @@ class MocURL
195
 
196
  $user = wp_get_current_user();
197
 
198
- $is_nc_with_1_user = get_option( 'mo2f_is_NC' ) && get_option( 'mo2f_is_NNC' );
199
- $is_ec_with_1_user = ! get_option( 'mo2f_is_NC' );
200
  $onprem = MO2F_IS_ONPREM ? 'O':'C';
201
 
202
  $customer_feature = "";
@@ -254,9 +255,9 @@ class MocURL
254
 
255
  private static function callAPI($url, $json_string, $headers = array("Content-Type: application/json")) {
256
  //For testing (0, false)
257
- //For Production (1, true)
258
 
259
- $sslhost=0;
260
  $sslpeer=false;
261
 
262
  $ch = curl_init($url);
30
  );
31
  $json = json_encode($fields);
32
  $response = self::callAPI($url, $json);
33
+
34
  return $response;
35
  }
36
 
39
  $current_user = wp_get_current_user();
40
  $url = MoWpnsConstants::HOST_NAME . "/moas/rest/customer/contact-us";
41
 
42
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
43
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
44
  $onprem = MO2F_IS_ONPREM ?'O':'C';
45
 
46
  $customer_feature = "";
196
 
197
  $user = wp_get_current_user();
198
 
199
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
200
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
201
  $onprem = MO2F_IS_ONPREM ? 'O':'C';
202
 
203
  $customer_feature = "";
255
 
256
  private static function callAPI($url, $json_string, $headers = array("Content-Type: application/json")) {
257
  //For testing (0, false)
258
+ //For Production (2, true)
259
 
260
+ $sslhost=2;
261
  $sslpeer=false;
262
 
263
  $ch = curl_init($url);
helper/dashboard_security_notification.php CHANGED
@@ -76,27 +76,33 @@ class miniorange_security_notification{
76
  </style>
77
  </head>
78
 
79
- <div style='width:100%;background-color:#555f5f;padding-top:10px;''>
80
- <div style='font-size:25px;color:white;text-align:center'>
81
- <strong style='font-weight:300;color:red;'>Remaining Transactions</strong>
82
- </div>";
83
-
84
- $EmailTransactions = get_site_option('cmVtYWluaW5nT1RQ')? get_site_option('cmVtYWluaW5nT1RQ') : 0;
85
- $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
86
- // $color_tras_sms = $SMSTransactions <= 2 ? 'red' : '#17ede9';
87
- // $color_tras_email = $EmailTransactions <= 2 ? 'red' : '#17ede9';
88
 
 
 
 
 
 
 
 
 
 
89
  $color_tras_sms = 'white';
90
  $color_tras_email = 'white';
91
 
92
- echo '<table border="1" style="background-color:#FFFFFF; border:1px solid #CCCCCC; border-collapse: collapse; padding:0px 0px 0px 10px; margin:2px; width:99%">
93
- <tr>
94
- <td style="width:45%; padding: 10px;background-color:white">Remaining SMS transactions</td>
95
- <td style="width:15%; padding: 10px;background-color:'.$color_tras_sms.'">'.$SMSTransactions.'</td>
 
96
  </tr>
97
  <tr>
98
- <td style="width:45%; padding: 10px;background-color:white">Remaining Email transactions</td>
99
- <td style="width:15%; padding: 10px;background-color:'.$color_tras_email.'">'.$EmailTransactions.'</td>
 
 
100
  </tr>
101
 
102
  </table><br>';
@@ -108,7 +114,7 @@ class miniorange_security_notification{
108
  <br><br>
109
  ";
110
 
111
- if(get_option("mo_wpns_2fa_with_network_security"))
112
  {
113
 
114
  echo "
@@ -261,4 +267,4 @@ class miniorange_security_notification{
261
 
262
  }
263
 
264
- ?>
76
  </style>
77
  </head>
78
 
79
+ <div style='width:100%;background-color:#555f5f;padding-top:10px;''>
80
+ <div style='font-size:25px;color:white;text-align:center'>
81
+ <strong style='font-weight:300;''>Remaining Transactions <span style='color:orange;'>[OTPs]</strong>
 
 
 
 
 
 
82
 
83
+ </div>
84
+ <hr>
85
+
86
+ ";
87
+
88
+ $EmailTransactions = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
89
+ $EmailTransactions = $EmailTransactions? $EmailTransactions : 0;
90
+ $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
91
+
92
  $color_tras_sms = 'white';
93
  $color_tras_email = 'white';
94
 
95
+ echo '<table style="solid #CCCCCC; border-collapse: collapse; padding:0px 0px 0px 10px; margin:2px; width:99%">
96
+ <tr>
97
+ <td style="font-size:18px;color:#ffffff;padding: 10px;"><strong style="font-weight:300;">Remaining SMS transactions </strong></td>
98
+ <td style="text-align:center;font-size:36px;color:#ffffff;font-weight:400" ><strong>'.$SMSTransactions.'</strong></td>
99
+
100
  </tr>
101
  <tr>
102
+ <td style="font-size:18px;color:#ffffff;padding: 10px;"><strong style="font-weight:300;">Remaining Email transactions </strong></td>
103
+ <td style="text-align:center;font-size:36px;color:#ffffff;font-weight:400" ><strong>'.$EmailTransactions.'</strong></td>
104
+
105
+
106
  </tr>
107
 
108
  </table><br>';
114
  <br><br>
115
  ";
116
 
117
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option'))
118
  {
119
 
120
  echo "
267
 
268
  }
269
 
270
+ ?>
helper/mo_twofa_sessions.php ADDED
@@ -0,0 +1,53 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if(! defined( 'ABSPATH' )) exit;
4
+
5
+ class TwoFAMoSessions
6
+ {
7
+ static function addSessionVar($key, $val)
8
+ {
9
+ switch (MO2F_SESSION_TYPE) {
10
+ case 'TRANSIENT':
11
+ if (!isset($_COOKIE["transient_key"])) {
12
+ if (!wp_cache_get("transient_key")) {
13
+ $transient_key = MoWpnsUtility::rand();
14
+ if (ob_get_contents()) ob_clean();
15
+ setcookie('transient_key', $transient_key, time() + 12 * HOUR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
16
+ wp_cache_add('transient_key', $transient_key);
17
+ } else {
18
+ $transient_key = wp_cache_get("transient_key");
19
+ }
20
+ } else {
21
+ $transient_key = $_COOKIE["transient_key"];
22
+ }
23
+ set_site_transient($transient_key . $key, $val, 12 * HOUR_IN_SECONDS);
24
+ break;
25
+ }
26
+ }
27
+
28
+ static function getSessionVar($key)
29
+ {
30
+ switch(MO2F_SESSION_TYPE)
31
+ {
32
+ case 'TRANSIENT':
33
+ $transient_key = isset($_COOKIE["transient_key"])
34
+ ? $_COOKIE["transient_key"] : wp_cache_get("transient_key");
35
+ return get_site_transient( $transient_key.$key );
36
+ }
37
+ }
38
+
39
+ static function unsetSession($key)
40
+ {
41
+ switch(MO2F_SESSION_TYPE)
42
+ {
43
+ case 'TRANSIENT':
44
+ $transient_key = isset($_COOKIE["transient_key"])
45
+ ? $_COOKIE["transient_key"] : wp_cache_get("transient_key");
46
+ if(!MoWpnsUtility::check_empty_or_null($transient_key)) {
47
+ delete_site_transient($transient_key . $key);
48
+ }
49
+ break;
50
+ }
51
+ }
52
+
53
+ }
helper/pluginUtility.php CHANGED
@@ -1,508 +1,513 @@
1
- <?php
2
- /** Copyright (C) 2015 miniOrange
3
-
4
- This program is free software: you can redistribute it and/or modify
5
- it under the terms of the GNU General Public License as published by
6
- the Free Software Foundation, either version 3 of the License, or
7
- (at your option) any later version.
8
-
9
- This program is distributed in the hope that it will be useful,
10
- but WITHOUT ANY WARRANTY; without even the implied warranty of
11
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
- GNU General Public License for more details.
13
-
14
- You should have received a copy of the GNU General Public License
15
- along with this program. If not, see <http://www.gnu.org/licenses/>
16
- * @package miniOrange OAuth
17
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
18
- *
19
- **/
20
-
21
-
22
- // need to have different classes here for each ipblocking, whitelisting, htaccess and transaction related functions
23
- class MoWpnsHandler
24
- {
25
-
26
- function is_ip_blocked($ipAddress)
27
- {
28
- global $wpnsDbQueries;
29
- if(empty($ipAddress))
30
- return false;
31
-
32
- $user_count = $wpnsDbQueries->get_ip_blocked_count($ipAddress);
33
-
34
- if($user_count)
35
- $user_count = intval($user_count);
36
- if($user_count>0)
37
- return true;
38
-
39
- return false;
40
- }
41
- function get_blocked_attacks_count($attackName)
42
- {
43
- global $wpnsDbQueries;
44
- $attackCount = $wpnsDbQueries->get_blocked_attack_count($attackName);
45
- if($attackCount)
46
- $attackCount = intval($attackCount);
47
- return $attackCount;
48
- }
49
- function get_blocked_countries()
50
- {
51
- $countrycodes = get_option('mo_wpns_countrycodes');
52
- $countries = explode(';', $countrycodes);
53
- return sizeof($countries)-1;
54
- }
55
- function get_blocked_ip_waf()
56
- {
57
- global $wpnsDbQueries;
58
- $ip_count = $wpnsDbQueries->get_total_blocked_ips_waf();
59
- if($ip_count)
60
- $ip_count = intval($ip_count);
61
-
62
- return $ip_count;
63
- }
64
- function get_manual_blocked_ip_count()
65
- {
66
- global $wpnsDbQueries;
67
- $ip_count = $wpnsDbQueries->get_total_manual_blocked_ips();
68
- if($ip_count)
69
- $ip_count = intval($ip_count);
70
-
71
- return $ip_count;
72
- }
73
- function get_blocked_ips()
74
- {
75
- global $wpnsDbQueries;
76
- return $wpnsDbQueries->get_blocked_ip_list();
77
- }
78
- function get_blocked_sqli()
79
- {
80
- global $wpnsDbQueries;
81
- return $wpnsDbQueries->get_blocked_sqli_list();
82
- }
83
- function get_blocked_rfi()
84
- {
85
- global $wpnsDbQueries;
86
- return $wpnsDbQueries->get_blocked_rfi_list();
87
- }
88
- function get_blocked_lfi()
89
- {
90
- global $wpnsDbQueries;
91
- return $wpnsDbQueries->get_blocked_lfi_list();
92
- }
93
- function get_blocked_rce()
94
- {
95
- global $wpnsDbQueries;
96
- return $wpnsDbQueries->get_blocked_rce_list();
97
- }
98
- function get_blocked_xss()
99
- {
100
- global $wpnsDbQueries;
101
- return $wpnsDbQueries->get_blocked_xss_list();
102
- }
103
-
104
- function block_ip($ipAddress, $reason, $permenently)
105
- {
106
- global $wpnsDbQueries;
107
- if(empty($ipAddress))
108
- return;
109
- if($this->is_ip_blocked($ipAddress))
110
- return;
111
- $blocked_for_time = null;
112
- if(!$permenently && get_option('mo2f_time_of_blocking_type'))
113
- {
114
- $blocking_type = get_option('mo2f_time_of_blocking_type');
115
- $time_of_blocking_val = 3;
116
- if(get_option('mo2f_time_of_blocking_val'))
117
- $time_of_blocking_val = get_option('mo2f_time_of_blocking_val');
118
- if($blocking_type=="months")
119
- $blocked_for_time = current_time( 'timestamp' )+$time_of_blocking_val * 30 * 24 * 60 * 60;
120
- else if($blocking_type=="days")
121
- $blocked_for_time = current_time( 'timestamp' )+$time_of_blocking_val * 24 * 60 * 60;
122
- else if($blocking_type=="hours")
123
- $blocked_for_time = current_time( 'timestamp' )+$time_of_blocking_val * 60 * 60;
124
- }
125
-
126
- if(get_option('mo_wpns_enable_htaccess_blocking'))
127
- {
128
- $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
129
- $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
130
- fwrite($f, "\ndeny from ".trim($ipAddress));
131
- fclose($f);
132
- }
133
-
134
- $wpnsDbQueries->insert_blocked_ip($ipAddress, $reason,$blocked_for_time);
135
-
136
- //send notification
137
- global $moWpnsUtility;
138
- if(get_option('mo_wpns_enable_ip_blocked_email_to_admin'))
139
- $moWpnsUtility->sendIpBlockedNotification($ipAddress,MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED);
140
-
141
- }
142
-
143
- function unblock_ip_entry($entryid)
144
- {
145
- global $wpnsDbQueries;
146
- $myrows = $wpnsDbQueries->get_blocked_ip($entryid);
147
- if(count($myrows)>0)
148
- if(get_option('mo_wpns_enable_htaccess_blocking'))
149
- {
150
- $ip_address = $myrows[0]->ip_address;
151
- $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
152
- $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
153
- $contents = file_get_contents($hpath);
154
- if (strpos($contents, "\ndeny from ".trim($ip_address)) !== false)
155
- {
156
- $contents = str_replace("\ndeny from ".trim($ip_address), '', $contents);
157
- file_put_contents($hpath, $contents);
158
- }
159
- }
160
-
161
- $wpnsDbQueries->delete_blocked_ip($entryid);
162
- }
163
-
164
- function remove_htaccess_ips()
165
- {
166
- global $wpnsDbQueries;
167
- $myrows = $wpnsDbQueries->get_blocked_ip_list();
168
- $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
169
- $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
170
- $contents = file_get_contents($hpath);
171
- $changed = 0;
172
- foreach($myrows as $row)
173
- {
174
- $ip_address = $row->ip_address;
175
- if (strpos($contents, "\ndeny from ".trim($ip_address)) !== false)
176
- {
177
- $contents = str_replace("\ndeny from ".trim($ip_address), '', $contents);
178
- $changed = 1;
179
- }
180
- }
181
- if($changed==1)
182
- file_put_contents($hpath, $contents);
183
- }
184
-
185
- function add_htaccess_ips()
186
- {
187
- global $wpnsDbQueries;
188
- $myrows = $wpnsDbQueries->get_blocked_ip_list();
189
- $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
190
- $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
191
- $contents = file_get_contents($hpath);
192
- $f = fopen($hpath, "a");
193
- foreach($myrows as $row)
194
- {
195
- $ip_address = $row->ip_address;
196
- if (strpos($contents, "\ndeny from ".trim($ip_address)) === false)
197
- fwrite($f, "\ndeny from ".trim($ip_address));
198
- }
199
- fclose($f);
200
- }
201
-
202
-
203
- function is_whitelisted($ipAddress)
204
- {
205
- global $wpnsDbQueries;
206
- $count = $wpnsDbQueries->get_whitelisted_ip_count($ipAddress);
207
-
208
- if(empty($ipAddress))
209
- return false;
210
- if($count)
211
- $count = intval($count);
212
-
213
- if($count>0)
214
- return true;
215
- return false;
216
- }
217
-
218
- function whitelist_ip($ipAddress)
219
- {
220
- global $wpnsDbQueries;
221
- if(get_option('mo_wpns_enable_htaccess_blocking'))
222
- {
223
- $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
224
- $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
225
- $contents = file_get_contents($hpath);
226
- if (strpos($contents, "\ndeny from ".trim($ipAddress)) !== false)
227
- {
228
- $contents = str_replace("\ndeny from ".trim($ipAddress), '', $contents);
229
- file_put_contents($hpath, $contents);
230
- }
231
- }
232
-
233
- if(empty($ipAddress))
234
- return;
235
- if($this->is_whitelisted($ipAddress))
236
- return;
237
-
238
- $wpnsDbQueries->insert_whitelisted_ip($ipAddress);
239
- }
240
-
241
- function update_htaccess_configuration()
242
- {
243
- $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
244
- $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
245
- if(!file_exists($htaccesspath)){
246
- $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
247
- fwrite($f, "# BEGIN WordPress\r\n<IfModule mod_rewrite.c>\r\nRewriteEngine On\r\nRewriteBase /\r\nRewriteRule ^index\.php$ - [L]\r\nRewriteCond %{REQUEST_FILENAME} !-f\r\nRewriteCond %{REQUEST_FILENAME} !-d\r\nRewriteRule . /index.php [L]\r\n</IfModule>\r\n# END WordPress");
248
- fclose($f);
249
- }
250
- $this->change_wp_config_protection($base);
251
- $this->change_content_protection($base);
252
- $this->mo2f_change_htaccess_file($htaccesspath);
253
- }
254
-
255
- function mo2f_change_htaccess_file($htaccesspath){
256
- $contents = file_get_contents($htaccesspath);
257
- if (strpos($contents, "\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>") !== false) {
258
- if(!get_option('mo2f_htaccess_file')){
259
- $contents = str_replace("\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>", '', $contents);
260
- file_put_contents($htaccesspath, $contents);
261
- }
262
- } else {
263
- if(get_option('mo2f_htaccess_file')){
264
- $f = fopen($htaccesspath, "a");
265
- fwrite($f, "\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>");
266
- fclose($f);
267
- }
268
- }
269
- }
270
-
271
- function change_wp_config_protection($base)
272
- {
273
- $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
274
- $contents = file_get_contents($htaccesspath);
275
- if (strpos($contents, "\n<files wp-config.php>\norder allow,deny\ndeny from all\n</files>") !== false)
276
- {
277
- if(!get_option('mo2f_protect_wp_config'))
278
- {
279
- $contents = str_replace("\n<files wp-config.php>\norder allow,deny\ndeny from all\n</files>", '', $contents);
280
- file_put_contents($htaccesspath, $contents);
281
- }
282
- }
283
- else
284
- {
285
- if(get_option('mo2f_protect_wp_config'))
286
- {
287
- $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
288
- fwrite($f, "\n<files wp-config.php>\norder allow,deny\ndeny from all\n</files>");
289
- fclose($f);
290
- }
291
- }
292
- }
293
-
294
- function change_content_protection($base)
295
- {
296
- $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
297
- $contents = file_get_contents($htaccesspath);
298
- if (strpos($contents, "\nOptions All -Indexes") !== false)
299
- {
300
- if(!get_option('mo2f_prevent_directory_browsing'))
301
- {
302
- $contents = str_replace("\nOptions All -Indexes", '', $contents);
303
- file_put_contents($htaccesspath, $contents);
304
- }
305
- }
306
- else
307
- {
308
- if(get_option('mo2f_prevent_directory_browsing'))
309
- {
310
- $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
311
- fwrite($f, "\nOptions All -Indexes");
312
- fclose($f);
313
- }
314
- }
315
- }
316
-
317
- function remove_whitelist_entry($entryid)
318
- {
319
- global $wpnsDbQueries;
320
- $wpnsDbQueries->delete_whitelisted_ip($entryid);
321
- }
322
-
323
- function get_whitelisted_ips()
324
- {
325
- global $wpnsDbQueries;
326
- return $wpnsDbQueries->get_whitelisted_ips_list();
327
- }
328
-
329
- function is_email_sent_to_user($username, $ipAddress)
330
- {
331
- global $wpnsDbQueries;
332
- if(empty($ipAddress))
333
- return false;
334
- $sent_count = $wpnsDbQueries->get_email_audit_count($ipAddress,$username);
335
- if($sent_count)
336
- $sent_count = intval($sent_count);
337
- if($sent_count>0)
338
- return true;
339
- return false;
340
- }
341
-
342
- function audit_email_notification_sent_to_user($username, $ipAddress, $reason)
343
- {
344
- if(empty($ipAddress) || empty($username))
345
- return;
346
- global $wpnsDbQueries;
347
- $wpnsDbQueries->insert_email_audit($ipAddress,$username,$reason);
348
- }
349
-
350
- function add_transactions($ipAddress, $username, $type, $status, $url=null)
351
- {
352
- global $wpnsDbQueries;
353
- $wpnsDbQueries->insert_transaction_audit($ipAddress, $username, $type, $status, $url);
354
- }
355
-
356
- function get_login_transaction_report()
357
- {
358
- global $wpnsDbQueries;
359
- return $wpnsDbQueries->get_login_transaction_report();
360
- }
361
-
362
- function get_error_transaction_report()
363
- {
364
- global $wpnsDbQueries;
365
- return $wpnsDbQueries->get_error_transaction_report();
366
- }
367
-
368
-
369
- function get_all_transactions()
370
- {
371
- global $wpnsDbQueries;
372
- return $wpnsDbQueries->get_transasction_list();
373
- }
374
-
375
- function move_failed_transactions_to_past_failed($ipAddress)
376
- {
377
- global $wpnsDbQueries;
378
- $wpnsDbQueries->update_transaction_table(array('status'=>MoWpnsConstants::FAILED,'ip_address'=>$ipAddress),
379
- array('status'=>MoWpnsConstants::PAST_FAILED));
380
- }
381
-
382
- function remove_failed_transactions($ipAddress)
383
- {
384
- global $wpnsDbQueries;
385
- $wpnsDbQueries->delete_transaction($ipAddress);
386
- }
387
-
388
- function get_failed_attempts_count($ipAddress)
389
- {
390
- global $wpnsDbQueries;
391
- $count = $wpnsDbQueries->get_failed_transaction_count($ipAddress);
392
- if($count)
393
- {
394
- $count = intval($count);
395
- return $count;
396
- }
397
- return 0;
398
- }
399
-
400
- function is_ip_blocked_in_anyway($userIp)
401
- {
402
- $isBlocked = false;
403
- if($this->is_ip_blocked($userIp))
404
- $isBlocked = true;
405
- else if($this->is_ip_range_blocked($userIp))
406
- $isBlocked = true;
407
- else if($this->is_browser_blocked())
408
- $isBlocked = true;
409
- else if($this->is_country_blocked($userIp))
410
- $isBlocked = true;
411
- else if($this->is_referer_blocked())
412
- $isBlocked = true;
413
-
414
- return $isBlocked;
415
- }
416
-
417
- function is_ip_range_blocked($userIp)
418
- {
419
- if(empty($userIp))
420
- return false;
421
- $range_count = 0;
422
- if(is_numeric(get_option('mo_wpns_iprange_count')))
423
- $range_count = intval(get_option('mo_wpns_iprange_count'));
424
- for($i = 1 ; $i <= $range_count ; $i++){
425
- $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
426
- $rangearray = explode("-",$blockedrange);
427
- if(sizeof($rangearray)==2){
428
- $lowip = ip2long(trim($rangearray[0]));
429
- $highip = ip2long(trim($rangearray[1]));
430
- if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
431
- $mo_wpns_config = new MoWpnsHandler();
432
- $mo_wpns_config->block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
433
- return true;
434
- }
435
- }
436
- }
437
- return false;
438
- }
439
-
440
-
441
- function is_browser_blocked()
442
- {
443
- global $moWpnsUtility;
444
- if(get_option( 'mo_wpns_enable_user_agent_blocking'))
445
- {
446
- $current_browser = $moWpnsUtility->getCurrentBrowser();
447
- if(get_option('mo_wpns_block_chrome') && $current_browser=='chrome')
448
- return true;
449
- else if(get_option('mo_wpns_block_firefox') && $current_browser=='firefox')
450
- return true;
451
- else if(get_option('mo_wpns_block_ie') && $current_browser=='ie')
452
- return true;
453
- else if(get_option('mo_wpns_block_opera') && $current_browser=='opera')
454
- return true;
455
- else if(get_option('mo_wpns_block_safari')&& $current_browser=='safari')
456
- return true;
457
- else if(get_option('mo_wpns_block_edge') && $current_browser=='edge')
458
- return true;
459
- }
460
- return false;
461
- }
462
-
463
-
464
- function is_country_blocked($userIp)
465
- {
466
-
467
- $countrycodes = get_option('mo_wpns_countrycodes');
468
-
469
- if($countrycodes && !empty($countrycodes)){
470
- $ip_data = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$userIp));
471
- if($ip_data && $ip_data->geoplugin_countryName != null){
472
- $country_code = $ip_data->geoplugin_countryCode;
473
- if(!empty($country_code)){
474
- $countrycodes = get_option('mo_wpns_countrycodes');
475
- $codes = explode(";", $countrycodes);
476
- foreach($codes as $code){
477
- if(!empty($code) && strcasecmp($code,$country_code)==0)
478
- return true;
479
- }
480
- }
481
- }
482
- }
483
- return false;
484
- }
485
-
486
- function lockedOutlink(){
487
- if(MO2F_IS_ONPREM){
488
- return MoWpnsConstants::OnPremiseLockedOut;
489
- }else{
490
- return MoWpnsConstants::CloudLockedOut;
491
- }
492
- }
493
-
494
- function is_referer_blocked()
495
- {
496
- if(isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) && get_option('mo_wpns_referrers')){
497
- $userreferer = $_SERVER['HTTP_REFERER'];
498
- $referrers = explode(";",get_option('mo_wpns_referrers'));
499
- foreach($referrers as $referrer){
500
- if(!empty($referrer) && strpos(strtolower($userreferer), strtolower($referrer)) !== false){
501
- return true;
502
- }
503
- }
504
- }
505
- return false;
506
- }
507
-
 
 
 
 
 
508
  } ?>
1
+ <?php
2
+ /** Copyright (C) 2015 miniOrange
3
+
4
+ This program is free software: you can redistribute it and/or modify
5
+ it under the terms of the GNU General Public License as published by
6
+ the Free Software Foundation, either version 3 of the License, or
7
+ (at your option) any later version.
8
+
9
+ This program is distributed in the hope that it will be useful,
10
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
+ GNU General Public License for more details.
13
+
14
+ You should have received a copy of the GNU General Public License
15
+ along with this program. If not, see <http://www.gnu.org/licenses/>
16
+ * @package miniOrange OAuth
17
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
18
+ *
19
+ **/
20
+
21
+
22
+ // need to have different classes here for each ipblocking, whitelisting, htaccess and transaction related functions
23
+ class MoWpnsHandler
24
+ {
25
+
26
+ function is_ip_blocked($ipAddress)
27
+ {
28
+ global $wpnsDbQueries;
29
+ if(empty($ipAddress))
30
+ return false;
31
+
32
+ $user_count = $wpnsDbQueries->get_ip_blocked_count($ipAddress);
33
+
34
+ if($user_count)
35
+ $user_count = intval($user_count);
36
+ if($user_count>0)
37
+ return true;
38
+
39
+ return false;
40
+ }
41
+ function get_blocked_attacks_count($attackName)
42
+ {
43
+ global $wpnsDbQueries;
44
+ $attackCount = $wpnsDbQueries->get_blocked_attack_count($attackName);
45
+ if($attackCount)
46
+ $attackCount = intval($attackCount);
47
+ return $attackCount;
48
+ }
49
+ function get_blocked_countries()
50
+ {
51
+ $countrycodes = get_option('mo_wpns_countrycodes');
52
+ $countries = explode(';', $countrycodes);
53
+ return sizeof($countries)-1;
54
+ }
55
+ function get_blocked_ip_waf()
56
+ {
57
+ global $wpnsDbQueries;
58
+ $ip_count = $wpnsDbQueries->get_total_blocked_ips_waf();
59
+ if($ip_count)
60
+ $ip_count = intval($ip_count);
61
+
62
+ return $ip_count;
63
+ }
64
+ function get_manual_blocked_ip_count()
65
+ {
66
+ global $wpnsDbQueries;
67
+ $ip_count = $wpnsDbQueries->get_total_manual_blocked_ips();
68
+ if($ip_count)
69
+ $ip_count = intval($ip_count);
70
+
71
+ return $ip_count;
72
+ }
73
+ function get_blocked_attacks()
74
+ {
75
+ global $wpnsDbQueries;
76
+ return $wpnsDbQueries->get_blocked_attack_list('wpns_attack_logs');
77
+ }
78
+ function get_blocked_ips()
79
+ {
80
+ global $wpnsDbQueries;
81
+ return $wpnsDbQueries->get_blocked_ip_list();
82
+ }
83
+ function get_blocked_sqli()
84
+ {
85
+ global $wpnsDbQueries;
86
+ return $wpnsDbQueries->get_blocked_sqli_list();
87
+ }
88
+ function get_blocked_rfi()
89
+ {
90
+ global $wpnsDbQueries;
91
+ return $wpnsDbQueries->get_blocked_rfi_list();
92
+ }
93
+ function get_blocked_lfi()
94
+ {
95
+ global $wpnsDbQueries;
96
+ return $wpnsDbQueries->get_blocked_lfi_list();
97
+ }
98
+ function get_blocked_rce()
99
+ {
100
+ global $wpnsDbQueries;
101
+ return $wpnsDbQueries->get_blocked_rce_list();
102
+ }
103
+ function get_blocked_xss()
104
+ {
105
+ global $wpnsDbQueries;
106
+ return $wpnsDbQueries->get_blocked_xss_list();
107
+ }
108
+
109
+ function block_ip($ipAddress, $reason, $permenently)
110
+ {
111
+ global $wpnsDbQueries;
112
+ if(empty($ipAddress))
113
+ return;
114
+ if($this->is_ip_blocked($ipAddress))
115
+ return;
116
+ $blocked_for_time = null;
117
+ if(!$permenently && get_option('mo2f_time_of_blocking_type'))
118
+ {
119
+ $blocking_type = get_option('mo2f_time_of_blocking_type');
120
+ $time_of_blocking_val = 3;
121
+ if(get_option('mo2f_time_of_blocking_val'))
122
+ $time_of_blocking_val = get_option('mo2f_time_of_blocking_val');
123
+ if($blocking_type=="months")
124
+ $blocked_for_time = current_time( 'timestamp' )+$time_of_blocking_val * 30 * 24 * 60 * 60;
125
+ else if($blocking_type=="days")
126
+ $blocked_for_time = current_time( 'timestamp' )+$time_of_blocking_val * 24 * 60 * 60;
127
+ else if($blocking_type=="hours")
128
+ $blocked_for_time = current_time( 'timestamp' )+$time_of_blocking_val * 60 * 60;
129
+ }
130
+
131
+ if(get_option('mo_wpns_enable_htaccess_blocking'))
132
+ {
133
+ $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
134
+ $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
135
+ fwrite($f, "\ndeny from ".trim($ipAddress));
136
+ fclose($f);
137
+ }
138
+
139
+ $wpnsDbQueries->insert_blocked_ip($ipAddress, $reason,$blocked_for_time);
140
+
141
+ //send notification
142
+ global $moWpnsUtility;
143
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option'))
144
+ $moWpnsUtility->sendIpBlockedNotification($ipAddress,MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED);
145
+
146
+ }
147
+
148
+ function unblock_ip_entry($entryid)
149
+ {
150
+ global $wpnsDbQueries;
151
+ $myrows = $wpnsDbQueries->get_blocked_ip($entryid);
152
+ if(count($myrows)>0)
153
+ if(get_option('mo_wpns_enable_htaccess_blocking'))
154
+ {
155
+ $ip_address = $myrows[0]->ip_address;
156
+ $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
157
+ $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
158
+ $contents = file_get_contents($hpath);
159
+ if (strpos($contents, "\ndeny from ".trim($ip_address)) !== false)
160
+ {
161
+ $contents = str_replace("\ndeny from ".trim($ip_address), '', $contents);
162
+ file_put_contents($hpath, $contents);
163
+ }
164
+ }
165
+
166
+ $wpnsDbQueries->delete_blocked_ip($entryid);
167
+ }
168
+
169
+ function remove_htaccess_ips()
170
+ {
171
+ global $wpnsDbQueries;
172
+ $myrows = $wpnsDbQueries->get_blocked_ip_list();
173
+ $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
174
+ $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
175
+ $contents = file_get_contents($hpath);
176
+ $changed = 0;
177
+ foreach($myrows as $row)
178
+ {
179
+ $ip_address = $row->ip_address;
180
+ if (strpos($contents, "\ndeny from ".trim($ip_address)) !== false)
181
+ {
182
+ $contents = str_replace("\ndeny from ".trim($ip_address), '', $contents);
183
+ $changed = 1;
184
+ }
185
+ }
186
+ if($changed==1)
187
+ file_put_contents($hpath, $contents);
188
+ }
189
+
190
+ function add_htaccess_ips()
191
+ {
192
+ global $wpnsDbQueries;
193
+ $myrows = $wpnsDbQueries->get_blocked_ip_list();
194
+ $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
195
+ $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
196
+ $contents = file_get_contents($hpath);
197
+ $f = fopen($hpath, "a");
198
+ foreach($myrows as $row)
199
+ {
200
+ $ip_address = $row->ip_address;
201
+ if (strpos($contents, "\ndeny from ".trim($ip_address)) === false)
202
+ fwrite($f, "\ndeny from ".trim($ip_address));
203
+ }
204
+ fclose($f);
205
+ }
206
+
207
+
208
+ function is_whitelisted($ipAddress)
209
+ {
210
+ global $wpnsDbQueries;
211
+ $count = $wpnsDbQueries->get_whitelisted_ip_count($ipAddress);
212
+
213
+ if(empty($ipAddress))
214
+ return false;
215
+ if($count)
216
+ $count = intval($count);
217
+
218
+ if($count>0)
219
+ return true;
220
+ return false;
221
+ }
222
+
223
+ function whitelist_ip($ipAddress)
224
+ {
225
+ global $wpnsDbQueries;
226
+ if(get_option('mo_wpns_enable_htaccess_blocking'))
227
+ {
228
+ $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
229
+ $hpath = $base.DIRECTORY_SEPARATOR.".htaccess";
230
+ $contents = file_get_contents($hpath);
231
+ if (strpos($contents, "\ndeny from ".trim($ipAddress)) !== false)
232
+ {
233
+ $contents = str_replace("\ndeny from ".trim($ipAddress), '', $contents);
234
+ file_put_contents($hpath, $contents);
235
+ }
236
+ }
237
+
238
+ if(empty($ipAddress))
239
+ return;
240
+ if($this->is_whitelisted($ipAddress))
241
+ return;
242
+
243
+ $wpnsDbQueries->insert_whitelisted_ip($ipAddress);
244
+ }
245
+
246
+ function update_htaccess_configuration()
247
+ {
248
+ $base = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
249
+ $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
250
+ if(!file_exists($htaccesspath)){
251
+ $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
252
+ fwrite($f, "# BEGIN WordPress\r\n<IfModule mod_rewrite.c>\r\nRewriteEngine On\r\nRewriteBase /\r\nRewriteRule ^index\.php$ - [L]\r\nRewriteCond %{REQUEST_FILENAME} !-f\r\nRewriteCond %{REQUEST_FILENAME} !-d\r\nRewriteRule . /index.php [L]\r\n</IfModule>\r\n# END WordPress");
253
+ fclose($f);
254
+ }
255
+ $this->change_wp_config_protection($base);
256
+ $this->change_content_protection($base);
257
+ $this->mo2f_change_htaccess_file($htaccesspath);
258
+ }
259
+
260
+ function mo2f_change_htaccess_file($htaccesspath){
261
+ $contents = file_get_contents($htaccesspath);
262
+ if (strpos($contents, "\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>") !== false) {
263
+ if(!get_option('mo2f_htaccess_file')){
264
+ $contents = str_replace("\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>", '', $contents);
265
+ file_put_contents($htaccesspath, $contents);
266
+ }
267
+ } else {
268
+ if(get_option('mo2f_htaccess_file')){
269
+ $f = fopen($htaccesspath, "a");
270
+ fwrite($f, "\r\n<files ~ \"^.*\.([Hh][Tt][Aa])\">\r\norder allow,deny\r\ndeny from all\r\nsatisfy all\r\n</files>");
271
+ fclose($f);
272
+ }
273
+ }
274
+ }
275
+
276
+ function change_wp_config_protection($base)
277
+ {
278
+ $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
279
+ $contents = file_get_contents($htaccesspath);
280
+ if (strpos($contents, "\n<files wp-config.php>\norder allow,deny\ndeny from all\n</files>") !== false)
281
+ {
282
+ if(!get_option('mo2f_protect_wp_config'))
283
+ {
284
+ $contents = str_replace("\n<files wp-config.php>\norder allow,deny\ndeny from all\n</files>", '', $contents);
285
+ file_put_contents($htaccesspath, $contents);
286
+ }
287
+ }
288
+ else
289
+ {
290
+ if(get_option('mo2f_protect_wp_config'))
291
+ {
292
+ $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
293
+ fwrite($f, "\n<files wp-config.php>\norder allow,deny\ndeny from all\n</files>");
294
+ fclose($f);
295
+ }
296
+ }
297
+ }
298
+
299
+ function change_content_protection($base)
300
+ {
301
+ $htaccesspath = $base.DIRECTORY_SEPARATOR.".htaccess";
302
+ $contents = file_get_contents($htaccesspath);
303
+ if (strpos($contents, "\nOptions All -Indexes") !== false)
304
+ {
305
+ if(!get_option('mo2f_prevent_directory_browsing'))
306
+ {
307
+ $contents = str_replace("\nOptions All -Indexes", '', $contents);
308
+ file_put_contents($htaccesspath, $contents);
309
+ }
310
+ }
311
+ else
312
+ {
313
+ if(get_option('mo2f_prevent_directory_browsing'))
314
+ {
315
+ $f = fopen($base.DIRECTORY_SEPARATOR.".htaccess", "a");
316
+ fwrite($f, "\nOptions All -Indexes");
317
+ fclose($f);
318
+ }
319
+ }
320
+ }
321
+
322
+ function remove_whitelist_entry($entryid)
323
+ {
324
+ global $wpnsDbQueries;
325
+ $wpnsDbQueries->delete_whitelisted_ip($entryid);
326
+ }
327
+
328
+ function get_whitelisted_ips()
329
+ {
330
+ global $wpnsDbQueries;
331
+ return $wpnsDbQueries->get_whitelisted_ips_list();
332
+ }
333
+
334
+ function is_email_sent_to_user($username, $ipAddress)
335
+ {
336
+ global $wpnsDbQueries;
337
+ if(empty($ipAddress))
338
+ return false;
339
+ $sent_count = $wpnsDbQueries->get_email_audit_count($ipAddress,$username);
340
+ if($sent_count)
341
+ $sent_count = intval($sent_count);
342
+ if($sent_count>0)
343
+ return true;
344
+ return false;
345
+ }
346
+
347
+ function audit_email_notification_sent_to_user($username, $ipAddress, $reason)
348
+ {
349
+ if(empty($ipAddress) || empty($username))
350
+ return;
351
+ global $wpnsDbQueries;
352
+ $wpnsDbQueries->insert_email_audit($ipAddress,$username,$reason);
353
+ }
354
+
355
+ function add_transactions($ipAddress, $username, $type, $status, $url=null)
356
+ {
357
+ global $wpnsDbQueries;
358
+ $wpnsDbQueries->insert_transaction_audit($ipAddress, $username, $type, $status, $url);
359
+ }
360
+
361
+ function get_login_transaction_report()
362
+ {
363
+ global $wpnsDbQueries;
364
+ return $wpnsDbQueries->get_login_transaction_report();
365
+ }
366
+
367
+ function get_error_transaction_report()
368
+ {
369
+ global $wpnsDbQueries;
370
+ return $wpnsDbQueries->get_error_transaction_report();
371
+ }
372
+
373
+
374
+ function get_all_transactions()
375
+ {
376
+ global $wpnsDbQueries;
377
+ return $wpnsDbQueries->get_transasction_list();
378
+ }
379
+
380
+ function move_failed_transactions_to_past_failed($ipAddress)
381
+ {
382
+ global $wpnsDbQueries;
383
+ $wpnsDbQueries->update_transaction_table(array('status'=>MoWpnsConstants::FAILED,'ip_address'=>$ipAddress),
384
+ array('status'=>MoWpnsConstants::PAST_FAILED));
385
+ }
386
+
387
+ function remove_failed_transactions($ipAddress)
388
+ {
389
+ global $wpnsDbQueries;
390
+ $wpnsDbQueries->delete_transaction($ipAddress);
391
+ }
392
+
393
+ function get_failed_attempts_count($ipAddress)
394
+ {
395
+ global $wpnsDbQueries;
396
+ $count = $wpnsDbQueries->get_failed_transaction_count($ipAddress);
397
+ if($count)
398
+ {
399
+ $count = intval($count);
400
+ return $count;
401
+ }
402
+ return 0;
403
+ }
404
+
405
+ function is_ip_blocked_in_anyway($userIp)
406
+ {
407
+ $isBlocked = false;
408
+ if($this->is_ip_blocked($userIp))
409
+ $isBlocked = true;
410
+ else if($this->is_ip_range_blocked($userIp))
411
+ $isBlocked = true;
412
+ else if($this->is_browser_blocked())
413
+ $isBlocked = true;
414
+ else if($this->is_country_blocked($userIp))
415
+ $isBlocked = true;
416
+ else if($this->is_referer_blocked())
417
+ $isBlocked = true;
418
+
419
+ return $isBlocked;
420
+ }
421
+
422
+ function is_ip_range_blocked($userIp)
423
+ {
424
+ if(empty($userIp))
425
+ return false;
426
+ $range_count = 0;
427
+ if(is_numeric(get_option('mo_wpns_iprange_count')))
428
+ $range_count = intval(get_option('mo_wpns_iprange_count'));
429
+ for($i = 1 ; $i <= $range_count ; $i++){
430
+ $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
431
+ $rangearray = explode("-",$blockedrange);
432
+ if(sizeof($rangearray)==2){
433
+ $lowip = ip2long(trim($rangearray[0]));
434
+ $highip = ip2long(trim($rangearray[1]));
435
+ if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
436
+ $mo_wpns_config = new MoWpnsHandler();
437
+ $mo_wpns_config->block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
438
+ return true;
439
+ }
440
+ }
441
+ }
442
+ return false;
443
+ }
444
+
445
+
446
+ function is_browser_blocked()
447
+ {
448
+ global $moWpnsUtility;
449
+ if(get_option( 'mo_wpns_enable_user_agent_blocking'))
450
+ {
451
+ $current_browser = $moWpnsUtility->getCurrentBrowser();
452
+ if(get_option('mo_wpns_block_chrome') && $current_browser=='chrome')
453
+ return true;
454
+ else if(get_option('mo_wpns_block_firefox') && $current_browser=='firefox')
455
+ return true;
456
+ else if(get_option('mo_wpns_block_ie') && $current_browser=='ie')
457
+ return true;
458
+ else if(get_option('mo_wpns_block_opera') && $current_browser=='opera')
459
+ return true;
460
+ else if(get_option('mo_wpns_block_safari')&& $current_browser=='safari')
461
+ return true;
462
+ else if(get_option('mo_wpns_block_edge') && $current_browser=='edge')
463
+ return true;
464
+ }
465
+ return false;
466
+ }
467
+
468
+
469
+ function is_country_blocked($userIp)
470
+ {
471
+
472
+ $countrycodes = get_option('mo_wpns_countrycodes');
473
+
474
+ if($countrycodes && !empty($countrycodes)){
475
+ $ip_data = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$userIp));
476
+ if($ip_data && $ip_data->geoplugin_countryName != null){
477
+ $country_code = $ip_data->geoplugin_countryCode;
478
+ if(!empty($country_code)){
479
+ $countrycodes = get_option('mo_wpns_countrycodes');
480
+ $codes = explode(";", $countrycodes);
481
+ foreach($codes as $code){
482
+ if(!empty($code) && strcasecmp($code,$country_code)==0)
483
+ return true;
484
+ }
485
+ }
486
+ }
487
+ }
488
+ return false;
489
+ }
490
+
491
+ function lockedOutlink(){
492
+ if(MO2F_IS_ONPREM){
493
+ return MoWpnsConstants::OnPremiseLockedOut;
494
+ }else{
495
+ return MoWpnsConstants::CloudLockedOut;
496
+ }
497
+ }
498
+
499
+ function is_referer_blocked()
500
+ {
501
+ if(isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) && get_option('mo_wpns_referrers')){
502
+ $userreferer = $_SERVER['HTTP_REFERER'];
503
+ $referrers = explode(";",get_option('mo_wpns_referrers'));
504
+ foreach($referrers as $referrer){
505
+ if(!empty($referrer) && strpos(strtolower($userreferer), strtolower($referrer)) !== false){
506
+ return true;
507
+ }
508
+ }
509
+ }
510
+ return false;
511
+ }
512
+
513
  } ?>
helper/utility.php CHANGED
@@ -38,6 +38,17 @@ class MoWpnsUtility
38
  return true;
39
  return false;
40
  }
 
 
 
 
 
 
 
 
 
 
 
41
 
42
  public static function is_curl_installed()
43
  {
@@ -91,7 +102,7 @@ class MoWpnsUtility
91
 
92
  public static function check_if_strong_password_enabled_for_user_role($userroles)
93
  {
94
- $enforce_strong_pass = get_option('mo2f_enforce_strong_passswords_for_accounts');
95
 
96
  switch($enforce_strong_pass)
97
  {
@@ -148,11 +159,8 @@ class MoWpnsUtility
148
  else
149
  $content = $this->getMessageContent($reason,$ipAddress);
150
 
151
- // $mocURL = new MocURL();
152
-
153
  if(isset($content))
154
  return $this->wp_mail_send_notification($toEmail,$subject,$content);
155
- // return $mocURL->send_notification($toEmail,$subject,$content,MoWpnsConstants::SUPPORT_EMAIL,'miniOrange','Admin');
156
  }
157
 
158
  function wp_mail_send_notification($toEmail,$subject,$content){
@@ -194,9 +202,6 @@ class MoWpnsUtility
194
  else
195
  $content = $this->getMessageContent($reason,$ipAddress,$username,$fromEmail);
196
 
197
- // $mocURL = new MocURL();
198
- // return $mocURL->send_notification($toEmail,$subject,$content,$fromEmail,get_bloginfo(),$username);
199
-
200
  $mo_wpns_config->audit_email_notification_sent_to_user($username,$ipAddress,$reason);
201
  $status = $this->wp_mail_send_notification($toEmail,$subject,$content,$fromEmail);
202
  return $status;
@@ -284,7 +289,7 @@ class MoWpnsUtility
284
  $status.="F1";
285
  if(get_site_option('mo2f_visit_login_and_spam'))
286
  $status.="LS1";
287
- if(get_site_option('mo2f_enable_brute_force'))
288
  $status.="BF1";
289
  if(get_site_option('mo2f_visit_malware'))
290
  $status.="M1";
@@ -314,5 +319,14 @@ class MoWpnsUtility
314
  return $installed;
315
 
316
  }
 
 
 
 
 
 
 
 
 
317
 
318
  }
38
  return true;
39
  return false;
40
  }
41
+
42
+ public static function rand()
43
+ {
44
+ $length = wp_rand(0, 15);
45
+ $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
46
+ $randomString = '';
47
+ for ($i = 0; $i < $length; $i++) {
48
+ $randomString .= $characters[wp_rand(0, strlen($characters) - 1)];
49
+ }
50
+ return $randomString;
51
+ }
52
 
53
  public static function is_curl_installed()
54
  {
102
 
103
  public static function check_if_strong_password_enabled_for_user_role($userroles)
104
  {
105
+ $enforce_strong_pass = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option');
106
 
107
  switch($enforce_strong_pass)
108
  {
159
  else
160
  $content = $this->getMessageContent($reason,$ipAddress);
161
 
 
 
162
  if(isset($content))
163
  return $this->wp_mail_send_notification($toEmail,$subject,$content);
 
164
  }
165
 
166
  function wp_mail_send_notification($toEmail,$subject,$content){
202
  else
203
  $content = $this->getMessageContent($reason,$ipAddress,$username,$fromEmail);
204
 
 
 
 
205
  $mo_wpns_config->audit_email_notification_sent_to_user($username,$ipAddress,$reason);
206
  $status = $this->wp_mail_send_notification($toEmail,$subject,$content,$fromEmail);
207
  return $status;
289
  $status.="F1";
290
  if(get_site_option('mo2f_visit_login_and_spam'))
291
  $status.="LS1";
292
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
293
  $status.="BF1";
294
  if(get_site_option('mo2f_visit_malware'))
295
  $status.="M1";
319
  return $installed;
320
 
321
  }
322
+
323
+ public static function get_mo2f_db_option($value, $type){
324
+ if($type == 'site_option'){
325
+ $db_value = get_site_option($value, $GLOBALS[$value]);
326
+ }else{
327
+ $db_value = get_option($value, $GLOBALS[$value]);
328
+ }
329
+ return $db_value;
330
+ }
331
 
332
  }
includes/css/bootstrap.min.css CHANGED
@@ -1,5735 +1,5735 @@
1
- .mo2f_carousel {
2
-
3
-
4
- position: relative;
5
-
6
-
7
- padding-bottom: 18px !important;
8
-
9
-
10
-
11
-
12
-
13
- }
14
-
15
-
16
-
17
-
18
-
19
- .mo2f_carousel-inner {
20
-
21
-
22
- position: relative;
23
-
24
-
25
- width: 100%;
26
-
27
-
28
- overflow: hidden;
29
-
30
-
31
-
32
-
33
-
34
- }
35
-
36
-
37
-
38
-
39
-
40
- .mo2f_carousel-inner > .item {
41
-
42
-
43
- position: relative;
44
-
45
-
46
- display: none;
47
-
48
-
49
- -webkit-transition: .6s ease-in-out left;
50
-
51
-
52
- -o-transition: .6s ease-in-out left;
53
-
54
-
55
- transition: .6s ease-in-out left;
56
-
57
-
58
- height: 300px !important;
59
-
60
-
61
-
62
-
63
-
64
- }
65
-
66
-
67
-
68
-
69
-
70
- .mo2f_carousel-inner > .item > img, .mo2f_carousel-inner > .item > a > img {
71
-
72
-
73
- line-height: 1;
74
-
75
-
76
-
77
-
78
-
79
- max-height: 300px !important;
80
-
81
-
82
- max-width: 600px !important;
83
-
84
-
85
- }
86
-
87
-
88
-
89
-
90
-
91
- @media all and (transform-3d) , ( -webkit-transform-3d ) {
92
-
93
-
94
- .mo2f_carousel-inner > .item {
95
-
96
-
97
- -webkit-transition: -webkit-transform .6s ease-in-out;
98
-
99
-
100
- -o-transition: -o-transform .6s ease-in-out;
101
-
102
-
103
- transition: transform .6s ease-in-out;
104
-
105
-
106
- -webkit-backface-visibility: hidden;
107
-
108
-
109
- backface-visibility: hidden;
110
-
111
-
112
- -webkit-perspective: 1000;
113
-
114
-
115
- perspective: 1000
116
-
117
-
118
- }
119
-
120
-
121
-
122
-
123
-
124
- .mo2f_carousel-inner > .item.next, .mo2f_carousel-inner > .item.active.right {
125
-
126
-
127
- left: 0;
128
-
129
-
130
- -webkit-transform: translate3d(100%, 0, 0);
131
-
132
-
133
- transform: translate3d(100%, 0, 0)
134
-
135
-
136
- }
137
-
138
-
139
-
140
-
141
-
142
- .mo2f_carousel-inner > .item.prev, .mo2f_carousel-inner > .item.active.left {
143
-
144
-
145
- left: 0;
146
-
147
-
148
- -webkit-transform: translate3d(-100%, 0, 0);
149
-
150
-
151
- transform: translate3d(-100%, 0, 0)
152
-
153
-
154
- }
155
-
156
-
157
-
158
-
159
-
160
- .mo2f_carousel-inner > .item.next.left, .mo2f_carousel-inner > .item.prev.right, .mo2f_carousel-inner > .item.active {
161
-
162
-
163
- left: 0;
164
-
165
-
166
- -webkit-transform: translate3d(0, 0, 0);
167
-
168
-
169
- transform: translate3d(0, 0, 0)
170
-
171
-
172
- }
173
-
174
-
175
- }
176
-
177
-
178
-
179
-
180
-
181
- .mo2f_carousel-inner > .active, .mo2f_carousel-inner > .next, .mo2f_carousel-inner > .prev {
182
-
183
-
184
- display: block
185
-
186
-
187
- }
188
-
189
-
190
-
191
-
192
-
193
- .mo2f_carousel-inner > .active {
194
-
195
-
196
- left: 0
197
-
198
-
199
- }
200
-
201
-
202
-
203
-
204
-
205
- .mo2f_carousel-inner > .next, .mo2f_carousel-inner > .prev {
206
-
207
-
208
- position: absolute;
209
-
210
-
211
- top: 0;
212
-
213
-
214
- width: 100%
215
-
216
-
217
- }
218
-
219
-
220
-
221
-
222
-
223
- .mo2f_carousel-inner > .next {
224
-
225
-
226
- left: 100%
227
-
228
-
229
- }
230
-
231
-
232
-
233
-
234
-
235
- .mo2f_carousel-inner > .prev {
236
-
237
-
238
- left: -100%
239
-
240
-
241
- }
242
-
243
-
244
-
245
-
246
-
247
- .mo2f_carousel-inner > .next.left, .mo2f_carousel-inner > .prev.right {
248
-
249
-
250
- left: 0
251
-
252
-
253
- }
254
-
255
-
256
-
257
-
258
-
259
- .mo2f_carousel-inner > .active.left {
260
-
261
-
262
- left: -100%
263
-
264
-
265
- }
266
-
267
-
268
-
269
-
270
-
271
- .mo2f_carousel-inner > .active.right {
272
-
273
-
274
- left: 100%
275
-
276
-
277
- }
278
-
279
-
280
-
281
-
282
-
283
- .mo2f_carousel-control {
284
-
285
-
286
- position: absolute;
287
-
288
-
289
- top: 0;
290
-
291
-
292
- bottom: 0;
293
-
294
-
295
- left: 0;
296
-
297
-
298
- width: 15%;
299
-
300
-
301
- font-size: 20px;
302
-
303
-
304
- color: #fff;
305
-
306
-
307
- text-align: center;
308
-
309
-
310
- text-shadow: 0 1px 2px rgba(0, 0, 0, .6);
311
-
312
-
313
- filter: alpha(opacity=50);
314
-
315
-
316
- opacity: .5
317
-
318
-
319
- }
320
-
321
-
322
-
323
-
324
-
325
- .mo2f_carousel-control.left {
326
-
327
-
328
- background-image: -webkit-linear-gradient(left, rgba(0, 0, 0, .5) 0,
329
-
330
-
331
- rgba(0, 0, 0, .0001) 100%);
332
-
333
-
334
- background-image: -o-linear-gradient(left, rgba(0, 0, 0, .5) 0,
335
-
336
-
337
- rgba(0, 0, 0, .0001) 100%);
338
-
339
-
340
- background-image: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .5)),
341
-
342
-
343
- to(rgba(0, 0, 0, .0001)));
344
-
345
-
346
- background-image: linear-gradient(to right, rgba(0, 0, 0, .5) 0,
347
-
348
-
349
- rgba(0, 0, 0, .0001) 100%);
350
-
351
-
352
- filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000',
353
-
354
-
355
- endColorstr='#00000000', GradientType=1);
356
-
357
-
358
- background-repeat: repeat-x
359
-
360
-
361
- }
362
-
363
-
364
-
365
-
366
-
367
- .mo2f_carousel-control.right {
368
-
369
-
370
- right: 0;
371
-
372
-
373
- left: auto;
374
-
375
-
376
- background-image: -webkit-linear-gradient(left, rgba(0, 0, 0, .0001) 0,
377
-
378
-
379
- rgba(0, 0, 0, .5) 100%);
380
-
381
-
382
- background-image: -o-linear-gradient(left, rgba(0, 0, 0, .0001) 0,
383
-
384
-
385
- rgba(0, 0, 0, .5) 100%);
386
-
387
-
388
- background-image: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .0001)),
389
-
390
-
391
- to(rgba(0, 0, 0, .5)));
392
-
393
-
394
- background-image: linear-gradient(to right, rgba(0, 0, 0, .0001) 0,
395
-
396
-
397
- rgba(0, 0, 0, .5) 100%);
398
-
399
-
400
- filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000',
401
-
402
-
403
- endColorstr='#80000000', GradientType=1);
404
-
405
-
406
- background-repeat: repeat-x
407
-
408
-
409
- }
410
-
411
-
412
-
413
-
414
-
415
- .mo2f_carousel-control:hover, .mo2f_carousel-control:focus {
416
-
417
-
418
- color: #fff;
419
-
420
-
421
- text-decoration: none;
422
-
423
-
424
- filter: alpha(opacity=90);
425
-
426
-
427
- outline: 0;
428
-
429
-
430
- opacity: .9
431
-
432
-
433
- }
434
-
435
-
436
-
437
-
438
-
439
- .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .icon-next, .mo2f_carousel-control .glyphicon-chevron-left, .mo2f_carousel-control .glyphicon-chevron-right {
440
-
441
-
442
- position: absolute;
443
-
444
-
445
- top: 50%;
446
-
447
-
448
- z-index: 5;
449
-
450
-
451
- display: inline-block
452
-
453
-
454
- }
455
-
456
-
457
-
458
-
459
-
460
- .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .glyphicon-chevron-left {
461
-
462
-
463
- left: 50%;
464
-
465
-
466
- margin-left: -10px
467
-
468
-
469
- }
470
-
471
-
472
-
473
-
474
-
475
- .mo2f_carousel-control .icon-next, .mo2f_carousel-control .glyphicon-chevron-right {
476
-
477
-
478
- right: 50%;
479
-
480
-
481
- margin-right: -10px
482
-
483
-
484
- }
485
-
486
-
487
-
488
-
489
-
490
- .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .icon-next {
491
-
492
-
493
- width: 20px;
494
-
495
-
496
- height: 20px;
497
-
498
-
499
- margin-top: -10px;
500
-
501
-
502
- font-family: serif
503
-
504
-
505
- }
506
-
507
-
508
-
509
-
510
-
511
- .mo2f_carousel-control .icon-prev:before {
512
-
513
-
514
- content: '\2039'
515
-
516
-
517
- }
518
-
519
-
520
-
521
-
522
-
523
- .mo2f_carousel-control .icon-next:before {
524
-
525
-
526
- content: '\203a'
527
-
528
-
529
- }
530
-
531
-
532
-
533
-
534
-
535
- .mo2f_carousel-indicators {
536
-
537
-
538
- position: absolute;
539
-
540
-
541
- bottom: -25px;
542
-
543
-
544
- left: 50%;
545
-
546
-
547
- z-index: 15;
548
-
549
-
550
- width: 60%;
551
-
552
-
553
- padding-left: 0;
554
-
555
-
556
- margin-left: -30%;
557
-
558
-
559
- text-align: center;
560
-
561
-
562
- list-style: none
563
-
564
-
565
- }
566
-
567
-
568
-
569
-
570
-
571
- .mo2f_carousel-indicators li {
572
-
573
-
574
- display: inline-block;
575
-
576
-
577
- width: 10px;
578
-
579
-
580
- height: 10px;
581
-
582
-
583
- margin: 1px;
584
-
585
-
586
- text-indent: -999px;
587
-
588
-
589
- cursor: pointer;
590
-
591
-
592
- background-color: #0 \9;
593
-
594
-
595
- background-color: rgba(0, 0, 0, 0);
596
-
597
-
598
- border: 1px solid #0073aa;
599
-
600
-
601
- border-radius: 10px
602
-
603
-
604
- }
605
-
606
-
607
-
608
-
609
-
610
- .mo2f_carousel-indicators .active {
611
-
612
-
613
- width: 12px;
614
-
615
-
616
- height: 12px;
617
-
618
-
619
- margin: 0;
620
-
621
-
622
- background-color: #0073aa;
623
-
624
-
625
- }
626
-
627
-
628
-
629
-
630
-
631
- .mo2f_carousel-caption {
632
-
633
-
634
- position: absolute;
635
-
636
-
637
- right: 15%;
638
-
639
-
640
- bottom: 20px;
641
-
642
-
643
- left: 15%;
644
-
645
-
646
- z-index: 10;
647
-
648
-
649
- padding-top: 20px;
650
-
651
-
652
- padding-bottom: 20px;
653
-
654
-
655
- color: #fff;
656
-
657
-
658
- text-align: center;
659
-
660
-
661
- text-shadow: 0 1px 2px rgba(0, 0, 0, .6)
662
-
663
-
664
- }
665
-
666
-
667
-
668
-
669
-
670
- .mo2f_carousel-caption .btn {
671
-
672
-
673
- text-shadow: none
674
-
675
-
676
- }
677
-
678
-
679
-
680
-
681
-
682
- @media screen and (min-width: 768px) {
683
-
684
-
685
- .mo2f_carousel-control .glyphicon-chevron-left, .mo2f_carousel-control .glyphicon-chevron-right, .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .icon-next {
686
-
687
-
688
- width: 30px;
689
-
690
-
691
- height: 30px;
692
-
693
-
694
- margin-top: -15px;
695
-
696
-
697
- font-size: 30px
698
-
699
-
700
- }
701
-
702
-
703
-
704
-
705
-
706
- .mo2f_carousel-control .glyphicon-chevron-left, .mo2f_carousel-control .icon-prev {
707
-
708
-
709
- margin-left: -15px
710
-
711
-
712
- }
713
-
714
-
715
-
716
-
717
-
718
- .mo2f_carousel-control .glyphicon-chevron-right, .mo2f_carousel-control .icon-next {
719
-
720
-
721
- margin-right: -15px
722
-
723
-
724
- }
725
-
726
-
727
-
728
-
729
-
730
- .mo2f_carousel-caption {
731
-
732
-
733
- right: 20%;
734
-
735
-
736
- left: 20%;
737
-
738
-
739
- padding-bottom: 30px
740
-
741
-
742
- }
743
-
744
-
745
-
746
-
747
-
748
- .mo2f_carousel-indicators {
749
-
750
-
751
- bottom: -14px
752
-
753
-
754
- }
755
-
756
-
757
- }
758
-
759
-
760
-
761
-
762
-
763
- .hidden {
764
-
765
-
766
- display: none;
767
-
768
-
769
- }
770
-
771
-
772
-
773
-
774
-
775
- .float-right {
776
-
777
-
778
- text-align: right;
779
-
780
-
781
- }
782
-
783
-
784
-
785
-
786
-
787
- .mo2f_collapse {
788
-
789
-
790
- display: none;
791
-
792
-
793
- / / visibility: hidden;
794
-
795
-
796
- font-size: 14px !important;
797
-
798
-
799
-
800
-
801
-
802
- }
803
-
804
-
805
-
806
-
807
-
808
- .mo2f_collapse.in {
809
-
810
-
811
- display: block;
812
-
813
-
814
- visibility: visible;
815
-
816
-
817
-
818
-
819
-
820
- }
821
-
822
-
823
-
824
-
825
-
826
- .mo2f_collapsing {
827
-
828
-
829
- position: relative;
830
-
831
-
832
- font-size: 14px !important;
833
-
834
-
835
- height: 0;
836
-
837
-
838
- overflow: hidden;
839
-
840
-
841
- -webkit-transition-timing-function: ease;
842
-
843
-
844
- -o-transition-timing-function: ease;
845
-
846
-
847
- transition-timing-function: ease;
848
-
849
-
850
- -webkit-transition-duration: .20s;
851
-
852
-
853
- -o-transition-duration: .20s;
854
-
855
-
856
- transition-duration: .20s;
857
-
858
-
859
- -webkit-transition-property: height, visibility;
860
-
861
-
862
- -o-transition-property: height, visibility;
863
-
864
-
865
- transition-property: height, visibility
866
-
867
-
868
- }
869
-
870
-
871
-
872
-
873
-
874
- .mo2f_thumbnail {
875
-
876
-
877
- width: 315px;
878
-
879
-
880
- margin-bottom: 10px;
881
-
882
-
883
- position: relative;
884
-
885
-
886
- background-color: #fff;
887
-
888
-
889
- border: 1px solid #ddd;
890
-
891
-
892
- -webkit-transition: border .2s ease-in-out;
893
-
894
-
895
- -o-transition: border .2s ease-in-out;
896
-
897
-
898
- transition: border .2s ease-in-out
899
-
900
-
901
- }
902
-
903
-
904
-
905
-
906
-
907
- .mo2f_thumbnail > img, .mo2f_thumbnail a > img {
908
-
909
-
910
- margin-right: auto;
911
-
912
-
913
- margin-left: auto
914
-
915
-
916
- }
917
-
918
-
919
-
920
-
921
-
922
- a.mo2f_thumbnail:hover, a.mo2f_thumbnail:focus, a.mo2f_thumbnail.active {
923
-
924
-
925
- border-color: #337ab7
926
-
927
-
928
- }
929
-
930
-
931
-
932
-
933
-
934
- .mo2f_thumbnail .caption {
935
-
936
-
937
- padding: 9px;
938
-
939
-
940
- color: #333
941
-
942
-
943
- }
944
-
945
-
946
-
947
-
948
-
949
- .mo2f_thumbnail label {
950
-
951
-
952
- font-weight: bold;
953
-
954
-
955
-
956
-
957
-
958
- }
959
-
960
-
961
-
962
-
963
-
964
- .mo2f_close {
965
-
966
-
967
- float: right;
968
-
969
-
970
- font-size: 21px;
971
-
972
-
973
- font-weight: 700;
974
-
975
-
976
- line-height: 1;
977
-
978
-
979
- color: #000;
980
-
981
-
982
- text-shadow: 0 1px 0 #fff;
983
-
984
-
985
- filter: alpha(opacity=20);
986
-
987
-
988
- opacity: .2
989
-
990
-
991
- }
992
-
993
-
994
-
995
-
996
-
997
- .mo2f_close:hover, .mo2f_close:focus {
998
-
999
-
1000
- color: #000;
1001
-
1002
-
1003
- text-decoration: none;
1004
-
1005
-
1006
- cursor: pointer;
1007
-
1008
-
1009
- filter: alpha(opacity=50);
1010
-
1011
-
1012
- opacity: .5
1013
-
1014
-
1015
- }
1016
-
1017
-
1018
-
1019
-
1020
-
1021
- button.mo2f_close {
1022
-
1023
-
1024
- -webkit-appearance: none;
1025
-
1026
-
1027
- padding: 0;
1028
-
1029
-
1030
- cursor: pointer;
1031
-
1032
-
1033
- background: 0 0;
1034
-
1035
-
1036
- border: 0
1037
-
1038
-
1039
- }
1040
-
1041
-
1042
-
1043
-
1044
-
1045
- .mo2f_modal-open {
1046
-
1047
-
1048
- overflow: hidden !important;
1049
-
1050
-
1051
- position: fixed !important;
1052
-
1053
-
1054
- width: 100% !important;
1055
-
1056
-
1057
-
1058
-
1059
-
1060
- }
1061
-
1062
-
1063
-
1064
-
1065
-
1066
- .mo2f_modal {
1067
-
1068
-
1069
- position: fixed !important;
1070
-
1071
-
1072
- top: 0;
1073
-
1074
-
1075
- right: 0;
1076
-
1077
-
1078
- bottom: 0;
1079
-
1080
-
1081
- left: 0;
1082
-
1083
-
1084
- z-index: 100000 !important;
1085
-
1086
-
1087
-
1088
-
1089
-
1090
- overflow: hidden !important;
1091
-
1092
-
1093
- -webkit-overflow-scrolling: touch;
1094
-
1095
-
1096
- outline: 0;
1097
-
1098
-
1099
-
1100
-
1101
-
1102
- }
1103
-
1104
-
1105
-
1106
-
1107
-
1108
- .mo2f_modal_inner {
1109
-
1110
-
1111
- display: none;
1112
-
1113
-
1114
- }
1115
-
1116
-
1117
-
1118
-
1119
-
1120
- .mo2f_modal.fade .mo2f_modal-dialog {
1121
-
1122
-
1123
- -webkit-transition: -webkit-transform .3s ease-out;
1124
-
1125
-
1126
- -o-transition: -o-transform .3s ease-out;
1127
-
1128
-
1129
- transition: transform .3s ease-out;
1130
-
1131
-
1132
- -webkit-transform: translate(0, -25%);
1133
-
1134
-
1135
- -ms-transform: translate(0, -25%);
1136
-
1137
-
1138
- -o-transform: translate(0, -25%);
1139
-
1140
-
1141
- transform: translate(0, -25%)
1142
-
1143
-
1144
- }
1145
-
1146
-
1147
-
1148
-
1149
-
1150
- .mo2f_modal.in .mo2f_modal-dialog {
1151
-
1152
-
1153
- -webkit-transform: translate(0, 80px) !important;
1154
-
1155
-
1156
- -ms-transform: translate(0, 80px) !important;
1157
-
1158
-
1159
- -o-transform: translate(0, 80px) !important;
1160
-
1161
-
1162
- transform: translate(0, 80px) !important;
1163
-
1164
-
1165
-
1166
-
1167
-
1168
- }
1169
-
1170
-
1171
-
1172
-
1173
-
1174
- .mo2f_modal-open .mo2f_modal {
1175
-
1176
-
1177
- overflow-x: hidden;
1178
-
1179
-
1180
- overflow-y: hidden;
1181
-
1182
-
1183
- }
1184
-
1185
-
1186
-
1187
-
1188
-
1189
- .mo2f_modal-dialog {
1190
-
1191
-
1192
- position: relative;
1193
-
1194
-
1195
- width: auto;
1196
-
1197
-
1198
- margin: 10px;
1199
-
1200
-
1201
-
1202
-
1203
-
1204
- }
1205
-
1206
-
1207
-
1208
-
1209
-
1210
- .login mo_customer_validation-modal-content {
1211
-
1212
-
1213
- position: relative !important;
1214
-
1215
-
1216
- background-color: #fff !important;
1217
-
1218
-
1219
- -webkit-background-clip: padding-box !important;
1220
-
1221
-
1222
- background-clip: padding-box !important;
1223
-
1224
-
1225
- border: 1px solid #999 !important;
1226
-
1227
-
1228
- border: 1px solid rgba(0, 0, 0, .2) !important;
1229
-
1230
-
1231
- border-radius: 6px !important;
1232
-
1233
-
1234
- outline: 0 !important;
1235
-
1236
-
1237
-
1238
-
1239
-
1240
- -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
1241
-
1242
-
1243
- box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
1244
-
1245
-
1246
- }
1247
-
1248
-
1249
-
1250
-
1251
-
1252
- .mo2f-modal-backdrop {
1253
-
1254
-
1255
- position: absolute;
1256
-
1257
-
1258
- top: 0;
1259
-
1260
-
1261
- right: 0;
1262
-
1263
-
1264
- left: 0;
1265
-
1266
-
1267
- background-color: #f1f1f1 !important;
1268
-
1269
-
1270
- filter: alpha(opacity=50) !important;
1271
-
1272
-
1273
- opacity: 0.8 !important;
1274
-
1275
-
1276
- height: 100% !important;
1277
-
1278
-
1279
- }
1280
-
1281
-
1282
-
1283
-
1284
-
1285
- #smsAlertModal {
1286
-
1287
-
1288
- background-color: black !important;
1289
-
1290
-
1291
- opacity: 0.8 !important;
1292
-
1293
-
1294
- filter: alpha(opacity=50) !important;
1295
-
1296
-
1297
- }
1298
-
1299
-
1300
-
1301
-
1302
-
1303
- .mo2f_modal-header {
1304
-
1305
-
1306
- min-height: 14px;
1307
-
1308
-
1309
- padding: 10px;
1310
-
1311
-
1312
- border-bottom: 1px solid #e5e5e5
1313
-
1314
-
1315
- }
1316
-
1317
-
1318
-
1319
-
1320
-
1321
- .mo2f_modal-title {
1322
-
1323
-
1324
- margin: 0 !important;
1325
-
1326
-
1327
- line-height: 1.0 !important;
1328
-
1329
-
1330
- }
1331
-
1332
-
1333
-
1334
-
1335
-
1336
- .mo2f_modal-body {
1337
-
1338
-
1339
- / / width: 96 % !important;
1340
-
1341
-
1342
- position: relative !important;
1343
-
1344
-
1345
- padding: 15px !important;
1346
-
1347
-
1348
- overflow-y: auto !important;
1349
-
1350
-
1351
- max-height: 550px !important;
1352
-
1353
-
1354
- }
1355
-
1356
-
1357
-
1358
-
1359
-
1360
- .mo2f_modal-footer {
1361
-
1362
-
1363
- padding: 15px;
1364
-
1365
-
1366
- text-align: right;
1367
-
1368
-
1369
- border-top: 1px solid #e5e5e5
1370
-
1371
-
1372
- }
1373
-
1374
-
1375
-
1376
-
1377
-
1378
- .mo2f_modal-footer .btn + .btn {
1379
-
1380
-
1381
- margin-bottom: 0;
1382
-
1383
-
1384
- margin-left: 5px
1385
-
1386
-
1387
- }
1388
-
1389
-
1390
-
1391
-
1392
-
1393
- .mo2f_modal-footer .btn-group .btn + .btn {
1394
-
1395
-
1396
- margin-left: -1px
1397
-
1398
-
1399
- }
1400
-
1401
-
1402
-
1403
-
1404
-
1405
- .mo2f_modal-footer .btn-block + .btn-block {
1406
-
1407
-
1408
- margin-left: 0
1409
-
1410
-
1411
- }
1412
-
1413
-
1414
-
1415
-
1416
-
1417
- .mo2f_modal-scrollbar-measure {
1418
-
1419
-
1420
- position: absolute;
1421
-
1422
-
1423
- top: -9999px;
1424
-
1425
-
1426
- width: 50px;
1427
-
1428
-
1429
- height: 50px;
1430
-
1431
-
1432
- overflow: scroll
1433
-
1434
-
1435
- }
1436
-
1437
-
1438
-
1439
-
1440
-
1441
- @media ( min-width: 768px) {
1442
-
1443
-
1444
- .mo2f_modal-dialog {
1445
-
1446
- width: auto;
1447
- margin: 0px auto
1448
-
1449
-
1450
- }
1451
-
1452
-
1453
-
1454
-
1455
-
1456
- .login mo_customer_validation-modal-content {
1457
-
1458
-
1459
- -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
1460
-
1461
-
1462
- box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
1463
-
1464
-
1465
- }
1466
-
1467
-
1468
-
1469
-
1470
-
1471
- .mo2f_modal-sm {
1472
-
1473
-
1474
- width: 300px
1475
-
1476
-
1477
- }
1478
-
1479
-
1480
-
1481
-
1482
-
1483
- .mo2f_modal-md {
1484
-
1485
-
1486
- width: 550px
1487
-
1488
-
1489
- }
1490
-
1491
-
1492
- }
1493
-
1494
-
1495
-
1496
-
1497
-
1498
- @media ( min-width: 992px) {
1499
-
1500
-
1501
- .mo2f_modal-lg {
1502
-
1503
-
1504
- width: 900px;
1505
-
1506
-
1507
- }
1508
-
1509
-
1510
-
1511
-
1512
-
1513
- .mo2f_modal-md {
1514
-
1515
-
1516
- width: 550px
1517
-
1518
-
1519
- }
1520
-
1521
-
1522
- }
1523
-
1524
-
1525
-
1526
-
1527
-
1528
- .center{
1529
-
1530
-
1531
-
1532
-
1533
-
1534
- text-align: center !important;
1535
-
1536
-
1537
- }
1538
-
1539
-
1540
-
1541
-
1542
-
1543
- #otpMessage {
1544
-
1545
-
1546
- border-radius: 1px;
1547
-
1548
-
1549
- padding: 1px 5px;
1550
-
1551
-
1552
- background: #f1f1f1;
1553
-
1554
-
1555
- }
1556
-
1557
-
1558
-
1559
-
1560
-
1561
- .mo2f_carousel-indicators {
1562
-
1563
-
1564
- position: absolute;
1565
-
1566
-
1567
- bottom: -20px;
1568
-
1569
-
1570
- z-index: 15;
1571
-
1572
-
1573
- width: 60%;
1574
-
1575
-
1576
- list-style: none;
1577
-
1578
-
1579
- text-align: center;
1580
-
1581
-
1582
- }
1583
-
1584
-
1585
-
1586
-
1587
-
1588
- .miniorange_kba_validate:hover, .miniorange_validate_otp:hover, .miniorange_login_forgotphone:hover,
1589
-
1590
-
1591
- .miniorange_login_offline:hover, .miniorange_login_forgotphone:hover, .miniorange_otp_token_submit:hover, .miniorange_button:hover
1592
-
1593
-
1594
- {
1595
-
1596
-
1597
- background-color:#0073AA!important
1598
-
1599
-
1600
- }
1601
-
1602
-
1603
-
1604
-
1605
-
1606
- .miniorange_kba_validate, .miniorange_validate_otp, .miniorange_login_forgotphone,
1607
-
1608
-
1609
- .miniorange_login_offline, .miniorange_login_forgotphone , .miniorange_otp_token_submit,
1610
-
1611
-
1612
- .miniorange_button
1613
-
1614
-
1615
- {
1616
-
1617
-
1618
- background:#00A0D2!important;
1619
-
1620
-
1621
- border-color:#0073AA!important;
1622
-
1623
-
1624
- box-shadow:0 1px 0 rgba(120,200,230,.5) inset,0 1px 0 rgba(0,0,0,.15)!important;
1625
-
1626
-
1627
- color:#FFF!important;
1628
-
1629
-
1630
- text-decoration:none!important;
1631
-
1632
-
1633
- cursor:pointer!important;
1634
-
1635
-
1636
- border-width:1px!important;
1637
-
1638
-
1639
- border-style:solid!important;
1640
-
1641
-
1642
- border-radius:3px!important;
1643
-
1644
-
1645
- white-space:nowrap!important;
1646
-
1647
-
1648
- box-sizing:border-box!important;
1649
-
1650
-
1651
- line-height:28px!important;
1652
-
1653
-
1654
- padding:0 12px!important;
1655
-
1656
-
1657
- font-size:13px!important;
1658
-
1659
-
1660
- }
1661
-
1662
-
1663
-
1664
-
1665
-
1666
- .mo_customer_validation-modal.fade .mo_customer_validation-modal-dialog {
1667
-
1668
-
1669
- -webkit-transition: -webkit-transform .3s ease-out;
1670
-
1671
-
1672
- -o-transition: -o-transform .3s ease-out;
1673
-
1674
-
1675
- transition: transform .3s ease-out;
1676
-
1677
-
1678
- -webkit-transform: translate(0, -25%);
1679
-
1680
-
1681
- -ms-transform: translate(0, -25%);
1682
-
1683
-
1684
- -o-transform: translate(0, -25%);
1685
-
1686
-
1687
- transform: translate(0, -25%)
1688
-
1689
-
1690
- }
1691
-
1692
-
1693
-
1694
-
1695
-
1696
- .mo_customer_validation-modal.in .mo_customer_validation-modal-dialog {
1697
-
1698
-
1699
- -webkit-transform: translate(0, 80px) !important;
1700
-
1701
-
1702
- -ms-transform: translate(0, 80px) !important;
1703
-
1704
-
1705
- -o-transform: translate(0, 80px) !important;
1706
-
1707
-
1708
- transform: translate(0, 80px) !important
1709
-
1710
-
1711
- }
1712
-
1713
-
1714
-
1715
-
1716
-
1717
- .mo_customer_validation-modal-open .mo_customer_validation-modal {
1718
-
1719
-
1720
- overflow-x: hidden;
1721
-
1722
-
1723
- overflow-y: hidden
1724
-
1725
-
1726
- }
1727
-
1728
-
1729
-
1730
-
1731
-
1732
- .mo_customer_validation-modal-dialog {
1733
-
1734
-
1735
- position: relative;
1736
-
1737
-
1738
- width: auto;
1739
-
1740
-
1741
- margin: 10px
1742
-
1743
-
1744
- }
1745
-
1746
-
1747
-
1748
-
1749
-
1750
- .mo_customer_validation-modal-content {
1751
-
1752
-
1753
- position: relative;
1754
-
1755
-
1756
- -webkit-background-clip: padding-box;
1757
-
1758
-
1759
- border: 1px solid #999;
1760
-
1761
-
1762
- border: 1px solid rgba(0, 0, 0, .2);
1763
-
1764
-
1765
- outline: 0;
1766
-
1767
-
1768
- margin-top: 8%;
1769
-
1770
-
1771
- margin-left: 0;
1772
-
1773
-
1774
- padding: 15px 20px 0;
1775
-
1776
-
1777
- font-family: "Open Sans", sans-serif;
1778
-
1779
-
1780
-
1781
- font-size: 14px;
1782
-
1783
-
1784
- line-height: 1.4em;
1785
-
1786
-
1787
- background: #FFF;
1788
-
1789
-
1790
- box-shadow: 0 1px 3px rgba(0, 0, 0, .13)
1791
-
1792
-
1793
- }
1794
-
1795
-
1796
-
1797
-
1798
-
1799
- .mo_customer_validation-modal-backdrop {
1800
-
1801
-
1802
- position: absolute;
1803
-
1804
-
1805
- top: 0;
1806
-
1807
-
1808
- right: 0;
1809
-
1810
-
1811
- left: 0;
1812
-
1813
-
1814
- background-color: #000 !important;
1815
-
1816
-
1817
- filter: alpha(opacity=50) !important;
1818
-
1819
-
1820
- opacity: .9 !important;
1821
-
1822
-
1823
- height: 100% !important
1824
-
1825
-
1826
- }
1827
-
1828
-
1829
-
1830
-
1831
-
1832
- .mo_customer_validation-modal-header {
1833
-
1834
-
1835
- min-height: 14px;
1836
-
1837
-
1838
- padding: 10px 10px 20px;
1839
-
1840
-
1841
- border-bottom: 1px solid #e5e5e5
1842
-
1843
-
1844
- }
1845
-
1846
-
1847
-
1848
-
1849
-
1850
- .mo_customer_validation-modal-title {
1851
-
1852
-
1853
- margin: 0 !important;
1854
-
1855
-
1856
- line-height: 1 !important
1857
-
1858
-
1859
- }
1860
-
1861
-
1862
-
1863
-
1864
-
1865
- .mo_customer_validation-modal-body {
1866
-
1867
-
1868
- position: relative;
1869
-
1870
-
1871
- padding: 5%;
1872
-
1873
-
1874
- overflow: hidden !important;
1875
-
1876
-
1877
- max-height: 550px !important
1878
-
1879
-
1880
- }
1881
-
1882
-
1883
-
1884
-
1885
-
1886
- .mo_customer_validation-modal-footer {
1887
-
1888
-
1889
- padding: 15px;
1890
-
1891
-
1892
- text-align: right;
1893
-
1894
-
1895
- border-top: 1px solid #e5e5e5
1896
-
1897
-
1898
- }
1899
-
1900
-
1901
-
1902
-
1903
-
1904
- .mo_customer_validation-modal-footer .btn + .btn {
1905
-
1906
-
1907
- margin-bottom: 0;
1908
-
1909
-
1910
- margin-left: 5px
1911
-
1912
-
1913
- }
1914
-
1915
-
1916
-
1917
-
1918
-
1919
- .mo_customer_validation-modal-footer .btn-group .btn + .btn {
1920
-
1921
-
1922
- margin-left: -1px
1923
-
1924
-
1925
- }
1926
-
1927
-
1928
-
1929
-
1930
-
1931
- .mo_customer_validation-modal-footer .btn-block + .btn-block {
1932
-
1933
-
1934
- margin-left: 0
1935
-
1936
-
1937
- }
1938
-
1939
-
1940
-
1941
-
1942
-
1943
- .mo_customer_validation-modal-scrollbar-measure {
1944
-
1945
-
1946
- position: absolute;
1947
-
1948
-
1949
- top: -9999px;
1950
-
1951
-
1952
- width: 50px;
1953
-
1954
-
1955
- height: 50px;
1956
-
1957
-
1958
- overflow: scroll
1959
-
1960
-
1961
- }
1962
-
1963
-
1964
-
1965
-
1966
-
1967
- @media (min-width: 768px) {
1968
-
1969
-
1970
- .mo_customer_validation-modal-dialog {
1971
-
1972
-
1973
- width: auto;
1974
-
1975
-
1976
- margin: 0 auto
1977
-
1978
-
1979
- }
1980
-
1981
-
1982
-
1983
-
1984
-
1985
- .mo_customer_validation-modal-content {
1986
-
1987
-
1988
- -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
1989
-
1990
-
1991
- box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
1992
-
1993
-
1994
- }
1995
-
1996
-
1997
-
1998
-
1999
-
2000
- .mo_customer_validation-modal-sm {
2001
-
2002
-
2003
- width: 300px
2004
-
2005
-
2006
- }
2007
-
2008
-
2009
-
2010
-
2011
-
2012
- .mo_customer_validation-modal-md {
2013
-
2014
-
2015
- width: 532px
2016
-
2017
-
2018
- }
2019
-
2020
-
2021
-
2022
-
2023
-
2024
- .mo_customer_validation-modal-lg {
2025
-
2026
-
2027
- width: 50%
2028
-
2029
-
2030
- }
2031
-
2032
-
2033
- }
2034
-
2035
-
2036
-
2037
-
2038
-
2039
- @media (min-width: 992px) {
2040
-
2041
-
2042
- .mo_customer_validation-modal-dialog {
2043
-
2044
-
2045
- width: auto;
2046
-
2047
-
2048
- margin: 0 auto
2049
-
2050
-
2051
- }
2052
-
2053
-
2054
-
2055
-
2056
-
2057
- .mo_customer_validation-modal-lg {
2058
-
2059
-
2060
- width: 490px
2061
-
2062
-
2063
- }
2064
-
2065
-
2066
-
2067
-
2068
-
2069
- .mo_customer_validation-modal-md {
2070
-
2071
-
2072
- width: 532px
2073
-
2074
-
2075
- }
2076
-
2077
-
2078
- }
2079
-
2080
-
2081
-
2082
-
2083
-
2084
- .mo_customer_validation-textbox {
2085
-
2086
-
2087
- background: #FBFBFB;
2088
-
2089
-
2090
- font-family: "Open Sans", sans-serif;
2091
-
2092
-
2093
- font-size: 24px;
2094
-
2095
-
2096
- width: 100%;
2097
-
2098
-
2099
- border: 1px solid #DDD;
2100
-
2101
-
2102
- padding: 3px;
2103
-
2104
-
2105
- margin: 2px 6px 16px 0
2106
-
2107
-
2108
- }
2109
-
2110
-
2111
-
2112
-
2113
-
2114
- .mo_customer_validation-textbox:focus {
2115
-
2116
-
2117
- border-color: #5B9DD9;
2118
-
2119
-
2120
- box-shadow: 0 0 2px rgba(30, 140, 190, .8)
2121
-
2122
-
2123
- }
2124
-
2125
-
2126
-
2127
-
2128
-
2129
- .button-primary,
2130
-
2131
-
2132
- .button-secondary {
2133
-
2134
-
2135
- background: #00A0D2;
2136
-
2137
-
2138
- border-color: #0073AA;
2139
-
2140
-
2141
- box-shadow: 0 1px 0 rgba(120, 200, 230, .5) inset, 0 1px 0 rgba(0, 0, 0, .15);
2142
-
2143
-
2144
- color: #FFF;
2145
-
2146
-
2147
- text-decoration: none;
2148
-
2149
-
2150
- cursor: pointer;
2151
-
2152
-
2153
- border-width: 1px;
2154
-
2155
-
2156
- border-style: solid;
2157
-
2158
-
2159
- border-radius: 3px;
2160
-
2161
-
2162
- white-space: nowrap;
2163
-
2164
-
2165
- box-sizing: border-box;
2166
-
2167
-
2168
- line-height: 28px;
2169
-
2170
-
2171
- padding: 0 12px;
2172
-
2173
-
2174
- font-size: 13px
2175
-
2176
-
2177
- }
2178
-
2179
-
2180
-
2181
-
2182
-
2183
- .button:hover {
2184
-
2185
-
2186
- background-color: #0073AA
2187
-
2188
-
2189
- }
2190
-
2191
-
2192
-
2193
-
2194
-
2195
- .close {
2196
-
2197
-
2198
- float: right;
2199
-
2200
-
2201
- transition: color .1s ease-in-out, background .1s ease-in-out;
2202
-
2203
-
2204
- text-decoration: none;
2205
-
2206
-
2207
- color: #999;
2208
-
2209
-
2210
- font-size: 13px
2211
-
2212
-
2213
- }
2214
-
2215
-
2216
-
2217
-
2218
-
2219
- .mo_validate_close:focus,
2220
-
2221
-
2222
- .mo_validate_close:hover {
2223
-
2224
-
2225
- color: #0085ba
2226
-
2227
-
2228
- }
2229
-
2230
-
2231
-
2232
-
2233
-
2234
- .mo_registration_pricing_text {
2235
-
2236
-
2237
- font-size: 13px;
2238
-
2239
-
2240
- color: darkblue;
2241
-
2242
-
2243
- }
2244
-
2245
-
2246
-
2247
-
2248
-
2249
- .mo_otp_token {
2250
-
2251
-
2252
- font-size: 15px;
2253
-
2254
-
2255
- color: #212F3C;
2256
-
2257
-
2258
- border: none;
2259
-
2260
-
2261
- display: block;
2262
-
2263
-
2264
- border-bottom-style: solid;
2265
-
2266
-
2267
- border-width: 2px;
2268
-
2269
-
2270
- border-color: #D0D3D4;
2271
-
2272
-
2273
- border-radius: 0px;
2274
-
2275
-
2276
- outline: none;
2277
-
2278
-
2279
- width: 140px;
2280
-
2281
-
2282
- text-align: center;
2283
-
2284
-
2285
- }
2286
-
2287
-
2288
-
2289
-
2290
-
2291
- .container {
2292
-
2293
-
2294
- max-width: 960px
2295
-
2296
-
2297
- }
2298
-
2299
-
2300
-
2301
-
2302
-
2303
- }
2304
-
2305
-
2306
- @media (min-width: 1200px) {
2307
-
2308
-
2309
- .container {
2310
-
2311
-
2312
- max-width: 1140px
2313
-
2314
-
2315
- }
2316
-
2317
-
2318
- }
2319
-
2320
-
2321
-
2322
-
2323
-
2324
- .container-fluid {
2325
-
2326
-
2327
- width: 100%;
2328
-
2329
-
2330
- padding-right: 15px;
2331
-
2332
-
2333
- padding-left: 15px;
2334
-
2335
-
2336
- margin-right: auto;
2337
-
2338
-
2339
- margin-left: auto
2340
-
2341
-
2342
- }
2343
-
2344
-
2345
-
2346
-
2347
-
2348
- .row {
2349
-
2350
-
2351
- display: -webkit-box;
2352
-
2353
-
2354
- display: -ms-flexbox;
2355
-
2356
-
2357
- display: flex;
2358
-
2359
-
2360
- -ms-flex-wrap: wrap;
2361
-
2362
-
2363
- flex-wrap: wrap;
2364
-
2365
-
2366
- margin-right: -15px;
2367
-
2368
-
2369
- margin-left: -15px
2370
-
2371
-
2372
- }
2373
-
2374
-
2375
-
2376
-
2377
-
2378
-
2379
-
2380
-
2381
- .no-gutters {
2382
-
2383
-
2384
- margin-right: 0;
2385
-
2386
-
2387
- margin-left: 0
2388
-
2389
-
2390
- }
2391
-
2392
-
2393
-
2394
-
2395
-
2396
- .no-gutters > .col, .no-gutters > [class*=col-] {
2397
-
2398
-
2399
- padding-right: 0;
2400
-
2401
-
2402
- padding-left: 0
2403
-
2404
-
2405
- }
2406
-
2407
-
2408
-
2409
-
2410
-
2411
- .col, .col-1, .col-10, .col-11, .col-12, .col-2, .col-3, .col-4, .col-5, .col-6, .col-7, .col-8, .col-9, .col-auto, .col-lg, .col-lg-1, .col-lg-10, .col-lg-11, .col-lg-12, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-auto, .col-md, .col-md-1, .col-md-10, .col-md-11, .col-md-12, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-auto, .col-sm, .col-sm-1, .col-sm-10, .col-sm-11, .col-sm-12, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-auto, .col-xl, .col-xl-1, .col-xl-10, .col-xl-11, .col-xl-12, .col-xl-2, .col-xl-3, .col-xl-4, .col-xl-5, .col-xl-6, .col-xl-7, .col-xl-8, .col-xl-9, .col-xl-auto {
2412
-
2413
-
2414
- position: relative;
2415
-
2416
-
2417
- width: 100%;
2418
-
2419
-
2420
- min-height: 1px;
2421
-
2422
-
2423
- padding-right: 15px;
2424
-
2425
-
2426
- padding-left: 15px
2427
-
2428
-
2429
- }
2430
-
2431
-
2432
-
2433
-
2434
-
2435
- .col {
2436
-
2437
-
2438
- -ms-flex-preferred-size: 0;
2439
-
2440
-
2441
- flex-basis: 0;
2442
-
2443
-
2444
- -webkit-box-flex: 1;
2445
-
2446
-
2447
- -ms-flex-positive: 1;
2448
-
2449
-
2450
- flex-grow: 1;
2451
-
2452
-
2453
- max-width: 100%
2454
-
2455
-
2456
- }
2457
-
2458
-
2459
-
2460
-
2461
-
2462
- .col-auto {
2463
-
2464
-
2465
- -webkit-box-flex: 0;
2466
-
2467
-
2468
- -ms-flex: 0 0 auto;
2469
-
2470
-
2471
- flex: 0 0 auto;
2472
-
2473
-
2474
- width: auto;
2475
-
2476
-
2477
- max-width: none
2478
-
2479
-
2480
- }
2481
-
2482
-
2483
-
2484
-
2485
-
2486
- .col-1 {
2487
-
2488
-
2489
- -webkit-box-flex: 0;
2490
-
2491
-
2492
- -ms-flex: 0 0 8.333333%;
2493
-
2494
-
2495
- flex: 0 0 8.333333%;
2496
-
2497
-
2498
- max-width: 8.333333%
2499
-
2500
-
2501
- }
2502
-
2503
-
2504
-
2505
-
2506
-
2507
- .col-2 {
2508
-
2509
-
2510
- -webkit-box-flex: 0;
2511
-
2512
-
2513
- -ms-flex: 0 0 16.666667%;
2514
-
2515
-
2516
- flex: 0 0 16.666667%;
2517
-
2518
-
2519
- max-width: 16.666667%
2520
-
2521
-
2522
- }
2523
-
2524
-
2525
-
2526
-
2527
-
2528
- .col-3 {
2529
-
2530
-
2531
- -webkit-box-flex: 0;
2532
-
2533
-
2534
- -ms-flex: 0 0 25%;
2535
-
2536
-
2537
- flex: 0 0 25%;
2538
-
2539
-
2540
- max-width: 25%
2541
-
2542
-
2543
- }
2544
-
2545
-
2546
-
2547
-
2548
-
2549
- .col-4 {
2550
-
2551
-
2552
- -webkit-box-flex: 0;
2553
-
2554
-
2555
- -ms-flex: 0 0 33.333333%;
2556
-
2557
-
2558
- flex: 0 0 33.333333%;
2559
-
2560
-
2561
- max-width: 33.333333%
2562
-
2563
-
2564
- }
2565
-
2566
-
2567
-
2568
-
2569
-
2570
- .col-5 {
2571
-
2572
-
2573
- -webkit-box-flex: 0;
2574
-
2575
-
2576
- -ms-flex: 0 0 41.666667%;
2577
-
2578
-
2579
- flex: 0 0 41.666667%;
2580
-
2581
-
2582
- max-width: 41.666667%
2583
-
2584
-
2585
- }
2586
-
2587
-
2588
-
2589
-
2590
-
2591
- .col-6 {
2592
-
2593
-
2594
- -webkit-box-flex: 0;
2595
-
2596
-
2597
- -ms-flex: 0 0 50%;
2598
-
2599
-
2600
- flex: 0 0 50%;
2601
-
2602
-
2603
- max-width: 50%
2604
-
2605
-
2606
- }
2607
-
2608
-
2609
-
2610
-
2611
-
2612
- .col-7 {
2613
-
2614
-
2615
- -webkit-box-flex: 0;
2616
-
2617
-
2618
- -ms-flex: 0 0 58.333333%;
2619
-
2620
-
2621
- flex: 0 0 58.333333%;
2622
-
2623
-
2624
- max-width: 58.333333%
2625
-
2626
-
2627
- }
2628
-
2629
-
2630
-
2631
-
2632
-
2633
- .col-8 {
2634
-
2635
-
2636
- -webkit-box-flex: 0;
2637
-
2638
-
2639
- -ms-flex: 0 0 66.666667%;
2640
-
2641
-
2642
- flex: 0 0 66.666667%;
2643
-
2644
-
2645
- max-width: 66.666667%
2646
-
2647
-
2648
- }
2649
-
2650
-
2651
-
2652
-
2653
-
2654
- .col-9 {
2655
-
2656
-
2657
- -webkit-box-flex: 0;
2658
-
2659
-
2660
- -ms-flex: 0 0 75%;
2661
-
2662
-
2663
- flex: 0 0 75%;
2664
-
2665
-
2666
- max-width: 75%
2667
-
2668
-
2669
- }
2670
-
2671
-
2672
-
2673
-
2674
-
2675
- .col-10 {
2676
-
2677
-
2678
- -webkit-box-flex: 0;
2679
-
2680
-
2681
- -ms-flex: 0 0 83.333333%;
2682
-
2683
-
2684
- flex: 0 0 83.333333%;
2685
-
2686
-
2687
- max-width: 83.333333%
2688
-
2689
-
2690
- }
2691
-
2692
-
2693
-
2694
-
2695
-
2696
- .col-11 {
2697
-
2698
-
2699
- -webkit-box-flex: 0;
2700
-
2701
-
2702
- -ms-flex: 0 0 91.666667%;
2703
-
2704
-
2705
- flex: 0 0 91.666667%;
2706
-
2707
-
2708
- max-width: 91.666667%
2709
-
2710
-
2711
- }
2712
-
2713
-
2714
-
2715
-
2716
-
2717
- .col-12 {
2718
-
2719
-
2720
- -webkit-box-flex: 0;
2721
-
2722
-
2723
- -ms-flex: 0 0 100%;
2724
-
2725
-
2726
- flex: 0 0 100%;
2727
-
2728
-
2729
- max-width: 100%
2730
-
2731
-
2732
- }
2733
-
2734
-
2735
-
2736
-
2737
-
2738
- .order-first {
2739
-
2740
-
2741
- -webkit-box-ordinal-group: 0;
2742
-
2743
-
2744
- -ms-flex-order: -1;
2745
-
2746
-
2747
- order: -1
2748
-
2749
-
2750
- }
2751
-
2752
-
2753
-
2754
-
2755
-
2756
- .order-last {
2757
-
2758
-
2759
- -webkit-box-ordinal-group: 14;
2760
-
2761
-
2762
- -ms-flex-order: 13;
2763
-
2764
-
2765
- order: 13
2766
-
2767
-
2768
- }
2769
-
2770
-
2771
-
2772
-
2773
-
2774
- .order-0 {
2775
-
2776
-
2777
- -webkit-box-ordinal-group: 1;
2778
-
2779
-
2780
- -ms-flex-order: 0;
2781
-
2782
-
2783
- order: 0
2784
-
2785
-
2786
- }
2787
-
2788
-
2789
-
2790
-
2791
-
2792
- .order-1 {
2793
-
2794
-
2795
- -webkit-box-ordinal-group: 2;
2796
-
2797
-
2798
- -ms-flex-order: 1;
2799
-
2800
-
2801
- order: 1
2802
-
2803
-
2804
- }
2805
-
2806
-
2807
-
2808
-
2809
-
2810
- .order-2 {
2811
-
2812
-
2813
- -webkit-box-ordinal-group: 3;
2814
-
2815
-
2816
- -ms-flex-order: 2;
2817
-
2818
-
2819
- order: 2
2820
-
2821
-
2822
- }
2823
-
2824
-
2825
-
2826
-
2827
-
2828
- .order-3 {
2829
-
2830
-
2831
- -webkit-box-ordinal-group: 4;
2832
-
2833
-
2834
- -ms-flex-order: 3;
2835
-
2836
-
2837
- order: 3
2838
-
2839
-
2840
- }
2841
-
2842
-
2843
-
2844
-
2845
-
2846
- .order-4 {
2847
-
2848
-
2849
- -webkit-box-ordinal-group: 5;
2850
-
2851
-
2852
- -ms-flex-order: 4;
2853
-
2854
-
2855
- order: 4
2856
-
2857
-
2858
- }
2859
-
2860
-
2861
-
2862
-
2863
-
2864
- .order-5 {
2865
-
2866
-
2867
- -webkit-box-ordinal-group: 6;
2868
-
2869
-
2870
- -ms-flex-order: 5;
2871
-
2872
-
2873
- order: 5
2874
-
2875
-
2876
- }
2877
-
2878
-
2879
-
2880
-
2881
-
2882
- .order-6 {
2883
-
2884
-
2885
- -webkit-box-ordinal-group: 7;
2886
-
2887
-
2888
- -ms-flex-order: 6;
2889
-
2890
-
2891
- order: 6
2892
-
2893
-
2894
- }
2895
-
2896
-
2897
-
2898
-
2899
-
2900
- .order-7 {
2901
-
2902
-
2903
- -webkit-box-ordinal-group: 8;
2904
-
2905
-
2906
- -ms-flex-order: 7;
2907
-
2908
-
2909
- order: 7
2910
-
2911
-
2912
- }
2913
-
2914
-
2915
-
2916
-
2917
-
2918
- .order-8 {
2919
-
2920
-
2921
- -webkit-box-ordinal-group: 9;
2922
-
2923
-
2924
- -ms-flex-order: 8;
2925
-
2926
-
2927
- order: 8
2928
-
2929
-
2930
- }
2931
-
2932
-
2933
-
2934
-
2935
-
2936
- .order-9 {
2937
-
2938
-
2939
- -webkit-box-ordinal-group: 10;
2940
-
2941
-
2942
- -ms-flex-order: 9;
2943
-
2944
-
2945
- order: 9
2946
-
2947
-
2948
- }
2949
-
2950
-
2951
-
2952
-
2953
-
2954
- .order-10 {
2955
-
2956
-
2957
- -webkit-box-ordinal-group: 11;
2958
-
2959
-
2960
- -ms-flex-order: 10;
2961
-
2962
-
2963
- order: 10
2964
-
2965
-
2966
- }
2967
-
2968
-
2969
-
2970
-
2971
-
2972
- .order-11 {
2973
-
2974
-
2975
- -webkit-box-ordinal-group: 12;
2976
-
2977
-
2978
- -ms-flex-order: 11;
2979
-
2980
-
2981
- order: 11
2982
-
2983
-
2984
- }
2985
-
2986
-
2987
-
2988
-
2989
-
2990
- .order-12 {
2991
-
2992
-
2993
- -webkit-box-ordinal-group: 13;
2994
-
2995
-
2996
- -ms-flex-order: 12;
2997
-
2998
-
2999
- order: 12
3000
-
3001
-
3002
- }
3003
-
3004
-
3005
-
3006
-
3007
-
3008
- .offset-1 {
3009
-
3010
-
3011
- margin-left: 8.333333%
3012
-
3013
-
3014
- }
3015
-
3016
-
3017
-
3018
-
3019
-
3020
- .offset-2 {
3021
-
3022
-
3023
- margin-left: 16.666667%
3024
-
3025
-
3026
- }
3027
-
3028
-
3029
-
3030
-
3031
-
3032
- .offset-3 {
3033
-
3034
-
3035
- margin-left: 25%
3036
-
3037
-
3038
- }
3039
-
3040
-
3041
-
3042
-
3043
-
3044
- .offset-4 {
3045
-
3046
-
3047
- margin-left: 33.333333%
3048
-
3049
-
3050
- }
3051
-
3052
-
3053
-
3054
-
3055
-
3056
- .offset-5 {
3057
-
3058
-
3059
- margin-left: 41.666667%
3060
-
3061
-
3062
- }
3063
-
3064
-
3065
-
3066
-
3067
-
3068
- .offset-6 {
3069
-
3070
-
3071
- margin-left: 50%
3072
-
3073
-
3074
- }
3075
-
3076
-
3077
-
3078
-
3079
-
3080
- .offset-7 {
3081
-
3082
-
3083
- margin-left: 58.333333%
3084
-
3085
-
3086
- }
3087
-
3088
-
3089
-
3090
-
3091
-
3092
- .offset-8 {
3093
-
3094
-
3095
- margin-left: 66.666667%
3096
-
3097
-
3098
- }
3099
-
3100
-
3101
-
3102
-
3103
-
3104
- .offset-9 {
3105
-
3106
-
3107
- margin-left: 75%
3108
-
3109
-
3110
- }
3111
-
3112
-
3113
-
3114
-
3115
-
3116
- .offset-10 {
3117
-
3118
-
3119
- margin-left: 83.333333%
3120
-
3121
-
3122
- }
3123
-
3124
-
3125
-
3126
-
3127
-
3128
- .offset-11 {
3129
-
3130
-
3131
- margin-left: 91.666667%
3132
-
3133
-
3134
- }
3135
-
3136
-
3137
-
3138
-
3139
-
3140
- @media (min-width: 576px) {
3141
-
3142
-
3143
- .col-sm {
3144
-
3145
-
3146
- -ms-flex-preferred-size: 0;
3147
-
3148
-
3149
- flex-basis: 0;
3150
-
3151
-
3152
- -webkit-box-flex: 1;
3153
-
3154
-
3155
- -ms-flex-positive: 1;
3156
-
3157
-
3158
- flex-grow: 1;
3159
-
3160
-
3161
- max-width: 100%
3162
-
3163
-
3164
- }
3165
-
3166
-
3167
-
3168
-
3169
-
3170
- .col-sm-auto {
3171
-
3172
-
3173
- -webkit-box-flex: 0;
3174
-
3175
-
3176
- -ms-flex: 0 0 auto;
3177
-
3178
-
3179
- flex: 0 0 auto;
3180
-
3181
-
3182
- width: auto;
3183
-
3184
-
3185
- max-width: none
3186
-
3187
-
3188
- }
3189
-
3190
-
3191
-
3192
-
3193
-
3194
- .col-sm-1 {
3195
-
3196
-
3197
- -webkit-box-flex: 0;
3198
-
3199
-
3200
- -ms-flex: 0 0 8.333333%;
3201
-
3202
-
3203
- flex: 0 0 8.333333%;
3204
-
3205
-
3206
- max-width: 8.333333%
3207
-
3208
-
3209
- }
3210
-
3211
-
3212
-
3213
-
3214
-
3215
- .col-sm-2 {
3216
-
3217
-
3218
- -webkit-box-flex: 0;
3219
-
3220
-
3221
- -ms-flex: 0 0 16.666667%;
3222
-
3223
-
3224
- flex: 0 0 16.666667%;
3225
-
3226
-
3227
- max-width: 16.666667%
3228
-
3229
-
3230
- }
3231
-
3232
-
3233
-
3234
-
3235
-
3236
- .col-sm-3 {
3237
-
3238
-
3239
- -webkit-box-flex: 0;
3240
-
3241
-
3242
- -ms-flex: 0 0 25%;
3243
-
3244
-
3245
- flex: 0 0 25%;
3246
-
3247
-
3248
- max-width: 25%
3249
-
3250
-
3251
- }
3252
-
3253
-
3254
-
3255
-
3256
-
3257
- .col-sm-4 {
3258
-
3259
-
3260
- -webkit-box-flex: 0;
3261
-
3262
-
3263
- -ms-flex: 0 0 33.333333%;
3264
-
3265
-
3266
- flex: 0 0 33.333333%;
3267
-
3268
-
3269
- max-width: 33.333333%
3270
-
3271
-
3272
- }
3273
-
3274
-
3275
-
3276
-
3277
-
3278
- .col-sm-5 {
3279
-
3280
-
3281
- -webkit-box-flex: 0;
3282
-
3283
-
3284
- -ms-flex: 0 0 41.666667%;
3285
-
3286
-
3287
- flex: 0 0 41.666667%;
3288
-
3289
-
3290
- max-width: 41.666667%
3291
-
3292
-
3293
- }
3294
-
3295
-
3296
-
3297
-
3298
-
3299
- .col-sm-6 {
3300
-
3301
-
3302
- -webkit-box-flex: 0;
3303
-
3304
-
3305
- -ms-flex: 0 0 50%;
3306
-
3307
-
3308
- flex: 0 0 50%;
3309
-
3310
-
3311
- max-width: 50%
3312
-
3313
-
3314
- }
3315
-
3316
-
3317
-
3318
-
3319
-
3320
- .col-sm-7 {
3321
-
3322
-
3323
- -webkit-box-flex: 0;
3324
-
3325
-
3326
- -ms-flex: 0 0 58.333333%;
3327
-
3328
-
3329
- flex: 0 0 58.333333%;
3330
-
3331
-
3332
- max-width: 58.333333%
3333
-
3334
-
3335
- }
3336
-
3337
-
3338
-
3339
-
3340
-
3341
- .col-sm-8 {
3342
-
3343
-
3344
- -webkit-box-flex: 0;
3345
-
3346
-
3347
- -ms-flex: 0 0 66.666667%;
3348
-
3349
-
3350
- flex: 0 0 66.666667%;
3351
-
3352
-
3353
- max-width: 66.666667%
3354
-
3355
-
3356
- }
3357
-
3358
-
3359
-
3360
-
3361
-
3362
- .col-sm-9 {
3363
-
3364
-
3365
- -webkit-box-flex: 0;
3366
-
3367
-
3368
- -ms-flex: 0 0 75%;
3369
-
3370
-
3371
- flex: 0 0 75%;
3372
-
3373
-
3374
- max-width: 75%
3375
-
3376
-
3377
- }
3378
-
3379
-
3380
-
3381
-
3382
-
3383
- .col-sm-10 {
3384
-
3385
-
3386
- -webkit-box-flex: 0;
3387
-
3388
-
3389
- -ms-flex: 0 0 83.333333%;
3390
-
3391
-
3392
- flex: 0 0 83.333333%;
3393
-
3394
-
3395
- max-width: 83.333333%
3396
-
3397
-
3398
- }
3399
-
3400
-
3401
-
3402
-
3403
-
3404
- .col-sm-11 {
3405
-
3406
-
3407
- -webkit-box-flex: 0;
3408
-
3409
-
3410
- -ms-flex: 0 0 91.666667%;
3411
-
3412
-
3413
- flex: 0 0 91.666667%;
3414
-
3415
-
3416
- max-width: 91.666667%
3417
-
3418
-
3419
- }
3420
-
3421
-
3422
-
3423
-
3424
-
3425
- .col-sm-12 {
3426
-
3427
-
3428
- -webkit-box-flex: 0;
3429
-
3430
-
3431
- -ms-flex: 0 0 100%;
3432
-
3433
-
3434
- flex: 0 0 100%;
3435
-
3436
-
3437
- max-width: 100%
3438
-
3439
-
3440
- }
3441
-
3442
-
3443
-
3444
-
3445
-
3446
- .order-sm-first {
3447
-
3448
-
3449
- -webkit-box-ordinal-group: 0;
3450
-
3451
-
3452
- -ms-flex-order: -1;
3453
-
3454
-
3455
- order: -1
3456
-
3457
-
3458
- }
3459
-
3460
-
3461
-
3462
-
3463
-
3464
- .order-sm-last {
3465
-
3466
-
3467
- -webkit-box-ordinal-group: 14;
3468
-
3469
-
3470
- -ms-flex-order: 13;
3471
-
3472
-
3473
- order: 13
3474
-
3475
-
3476
- }
3477
-
3478
-
3479
-
3480
-
3481
-
3482
- .order-sm-0 {
3483
-
3484
-
3485
- -webkit-box-ordinal-group: 1;
3486
-
3487
-
3488
- -ms-flex-order: 0;
3489
-
3490
-
3491
- order: 0
3492
-
3493
-
3494
- }
3495
-
3496
-
3497
-
3498
-
3499
-
3500
- .order-sm-1 {
3501
-
3502
-
3503
- -webkit-box-ordinal-group: 2;
3504
-
3505
-
3506
- -ms-flex-order: 1;
3507
-
3508
-
3509
- order: 1
3510
-
3511
-
3512
- }
3513
-
3514
-
3515
-
3516
-
3517
-
3518
- .order-sm-2 {
3519
-
3520
-
3521
- -webkit-box-ordinal-group: 3;
3522
-
3523
-
3524
- -ms-flex-order: 2;
3525
-
3526
-
3527
- order: 2
3528
-
3529
-
3530
- }
3531
-
3532
-
3533
-
3534
-
3535
-
3536
- .order-sm-3 {
3537
-
3538
-
3539
- -webkit-box-ordinal-group: 4;
3540
-
3541
-
3542
- -ms-flex-order: 3;
3543
-
3544
-
3545
- order: 3
3546
-
3547
-
3548
- }
3549
-
3550
-
3551
-
3552
-
3553
-
3554
- .order-sm-4 {
3555
-
3556
-
3557
- -webkit-box-ordinal-group: 5;
3558
-
3559
-
3560
- -ms-flex-order: 4;
3561
-
3562
-
3563
- order: 4
3564
-
3565
-
3566
- }
3567
-
3568
-
3569
-
3570
-
3571
-
3572
- .order-sm-5 {
3573
-
3574
-
3575
- -webkit-box-ordinal-group: 6;
3576
-
3577
-
3578
- -ms-flex-order: 5;
3579
-
3580
-
3581
- order: 5
3582
-
3583
-
3584
- }
3585
-
3586
-
3587
-
3588
-
3589
-
3590
- .order-sm-6 {
3591
-
3592
-
3593
- -webkit-box-ordinal-group: 7;
3594
-
3595
-
3596
- -ms-flex-order: 6;
3597
-
3598
-
3599
- order: 6
3600
-
3601
-
3602
- }
3603
-
3604
-
3605
-
3606
-
3607
-
3608
- .order-sm-7 {
3609
-
3610
-
3611
- -webkit-box-ordinal-group: 8;
3612
-
3613
-
3614
- -ms-flex-order: 7;
3615
-
3616
-
3617
- order: 7
3618
-
3619
-
3620
- }
3621
-
3622
-
3623
-
3624
-
3625
-
3626
- .order-sm-8 {
3627
-
3628
-
3629
- -webkit-box-ordinal-group: 9;
3630
-
3631
-
3632
- -ms-flex-order: 8;
3633
-
3634
-
3635
- order: 8
3636
-
3637
-
3638
- }
3639
-
3640
-
3641
-
3642
-
3643
-
3644
- .order-sm-9 {
3645
-
3646
-
3647
- -webkit-box-ordinal-group: 10;
3648
-
3649
-
3650
- -ms-flex-order: 9;
3651
-
3652
-
3653
- order: 9
3654
-
3655
-
3656
- }
3657
-
3658
-
3659
-
3660
-
3661
-
3662
- .order-sm-10 {
3663
-
3664
-
3665
- -webkit-box-ordinal-group: 11;
3666
-
3667
-
3668
- -ms-flex-order: 10;
3669
-
3670
-
3671
- order: 10
3672
-
3673
-
3674
- }
3675
-
3676
-
3677
-
3678
-
3679
-
3680
- .order-sm-11 {
3681
-
3682
-
3683
- -webkit-box-ordinal-group: 12;
3684
-
3685
-
3686
- -ms-flex-order: 11;
3687
-
3688
-
3689
- order: 11
3690
-
3691
-
3692
- }
3693
-
3694
-
3695
-
3696
-
3697
-
3698
- .order-sm-12 {
3699
-
3700
-
3701
- -webkit-box-ordinal-group: 13;
3702
-
3703
-
3704
- -ms-flex-order: 12;
3705
-
3706
-
3707
- order: 12
3708
-
3709
-
3710
- }
3711
-
3712
-
3713
-
3714
-
3715
-
3716
- .offset-sm-0 {
3717
-
3718
-
3719
- margin-left: 0
3720
-
3721
-
3722
- }
3723
-
3724
-
3725
-
3726
-
3727
-
3728
- .offset-sm-1 {
3729
-
3730
-
3731
- margin-left: 8.333333%
3732
-
3733
-
3734
- }
3735
-
3736
-
3737
-
3738
-
3739
-
3740
- .offset-sm-2 {
3741
-
3742
-
3743
- margin-left: 16.666667%
3744
-
3745
-
3746
- }
3747
-
3748
-
3749
-
3750
-
3751
-
3752
- .offset-sm-3 {
3753
-
3754
-
3755
- margin-left: 25%
3756
-
3757
-
3758
- }
3759
-
3760
-
3761
-
3762
-
3763
-
3764
- .offset-sm-4 {
3765
-
3766
-
3767
- margin-left: 33.333333%
3768
-
3769
-
3770
- }
3771
-
3772
-
3773
-
3774
-
3775
-
3776
- .offset-sm-5 {
3777
-
3778
-
3779
- margin-left: 41.666667%
3780
-
3781
-
3782
- }
3783
-
3784
-
3785
-
3786
-
3787
-
3788
- .offset-sm-6 {
3789
-
3790
-
3791
- margin-left: 50%
3792
-
3793
-
3794
- }
3795
-
3796
-
3797
-
3798
-
3799
-
3800
- .offset-sm-7 {
3801
-
3802
-
3803
- margin-left: 58.333333%
3804
-
3805
-
3806
- }
3807
-
3808
-
3809
-
3810
-
3811
-
3812
- .offset-sm-8 {
3813
-
3814
-
3815
- margin-left: 66.666667%
3816
-
3817
-
3818
- }
3819
-
3820
-
3821
-
3822
-
3823
-
3824
- .offset-sm-9 {
3825
-
3826
-
3827
- margin-left: 75%
3828
-
3829
-
3830
- }
3831
-
3832
-
3833
-
3834
-
3835
-
3836
- .offset-sm-10 {
3837
-
3838
-
3839
- margin-left: 83.333333%
3840
-
3841
-
3842
- }
3843
-
3844
-
3845
-
3846
-
3847
-
3848
- .offset-sm-11 {
3849
-
3850
-
3851
- margin-left: 91.666667%
3852
-
3853
-
3854
- }
3855
-
3856
-
3857
- }
3858
-
3859
-
3860
-
3861
-
3862
-
3863
- @media (min-width: 768px) {
3864
-
3865
-
3866
- .col-md {
3867
-
3868
-
3869
- -ms-flex-preferred-size: 0;
3870
-
3871
-
3872
- flex-basis: 0;
3873
-
3874
-
3875
- -webkit-box-flex: 1;
3876
-
3877
-
3878
- -ms-flex-positive: 1;
3879
-
3880
-
3881
- flex-grow: 1;
3882
-
3883
-
3884
- max-width: 100%
3885
-
3886
-
3887
- }
3888
-
3889
-
3890
-
3891
-
3892
-
3893
- .col-md-auto {
3894
-
3895
-
3896
- -webkit-box-flex: 0;
3897
-
3898
-
3899
- -ms-flex: 0 0 auto;
3900
-
3901
-
3902
- flex: 0 0 auto;
3903
-
3904
-
3905
- width: auto;
3906
-
3907
-
3908
- max-width: none
3909
-
3910
-
3911
- }
3912
-
3913
-
3914
-
3915
-
3916
-
3917
- .col-md-1 {
3918
-
3919
-
3920
- -webkit-box-flex: 0;
3921
-
3922
-
3923
- -ms-flex: 0 0 8.333333%;
3924
-
3925
-
3926
- flex: 0 0 8.333333%;
3927
-
3928
-
3929
- max-width: 8.333333%
3930
-
3931
-
3932
- }
3933
-
3934
-
3935
-
3936
-
3937
-
3938
- .col-md-2 {
3939
-
3940
-
3941
- -webkit-box-flex: 0;
3942
-
3943
-
3944
- -ms-flex: 0 0 16.666667%;
3945
-
3946
-
3947
- flex: 0 0 16.666667%;
3948
-
3949
-
3950
- max-width: 16.666667%
3951
-
3952
-
3953
- }
3954
-
3955
-
3956
-
3957
-
3958
-
3959
- .col-md-3 {
3960
-
3961
-
3962
- -webkit-box-flex: 0;
3963
-
3964
-
3965
- -ms-flex: 0 0 25%;
3966
-
3967
-
3968
- flex: 0 0 25%;
3969
-
3970
-
3971
- max-width: 25%
3972
-
3973
-
3974
- }
3975
-
3976
-
3977
-
3978
-
3979
-
3980
- .col-md-4 {
3981
-
3982
-
3983
- -webkit-box-flex: 0;
3984
-
3985
-
3986
- -ms-flex: 0 0 33.333333%;
3987
-
3988
-
3989
- flex: 0 0 33.333333%;
3990
-
3991
-
3992
- max-width: 33.333333%
3993
-
3994
-
3995
- }
3996
-
3997
-
3998
-
3999
-
4000
-
4001
- .col-md-5 {
4002
-
4003
-
4004
- -webkit-box-flex: 0;
4005
-
4006
-
4007
- -ms-flex: 0 0 41.666667%;
4008
-
4009
-
4010
- flex: 0 0 41.666667%;
4011
-
4012
-
4013
- max-width: 41.666667%
4014
-
4015
-
4016
- }
4017
-
4018
-
4019
-
4020
-
4021
-
4022
- .col-md-6 {
4023
-
4024
-
4025
- -webkit-box-flex: 0;
4026
-
4027
-
4028
- -ms-flex: 0 0 50%;
4029
-
4030
-
4031
- flex: 0 0 50%;
4032
-
4033
-
4034
- max-width: 50%
4035
-
4036
-
4037
- }
4038
-
4039
-
4040
-
4041
-
4042
-
4043
- .col-md-7 {
4044
-
4045
-
4046
- -webkit-box-flex: 0;
4047
-
4048
-
4049
- -ms-flex: 0 0 58.333333%;
4050
-
4051
-
4052
- flex: 0 0 58.333333%;
4053
-
4054
-
4055
- max-width: 58.333333%
4056
-
4057
-
4058
- }
4059
-
4060
-
4061
-
4062
-
4063
-
4064
- .col-md-8 {
4065
-
4066
-
4067
- -webkit-box-flex: 0;
4068
-
4069
-
4070
- -ms-flex: 0 0 66.666667%;
4071
-
4072
-
4073
- flex: 0 0 66.666667%;
4074
-
4075
-
4076
- max-width: 66.666667%
4077
-
4078
-
4079
- }
4080
-
4081
-
4082
-
4083
-
4084
-
4085
- .col-md-9 {
4086
-
4087
-
4088
- -webkit-box-flex: 0;
4089
-
4090
-
4091
- -ms-flex: 0 0 75%;
4092
-
4093
-
4094
- flex: 0 0 75%;
4095
-
4096
-
4097
- max-width: 75%
4098
-
4099
-
4100
- }
4101
-
4102
-
4103
-
4104
-
4105
-
4106
- .col-md-10 {
4107
-
4108
-
4109
- -webkit-box-flex: 0;
4110
-
4111
-
4112
- -ms-flex: 0 0 83.333333%;
4113
-
4114
-
4115
- flex: 0 0 83.333333%;
4116
-
4117
-
4118
- max-width: 83.333333%
4119
-
4120
-
4121
- }
4122
-
4123
-
4124
-
4125
-
4126
-
4127
- .col-md-11 {
4128
-
4129
-
4130
- -webkit-box-flex: 0;
4131
-
4132
-
4133
- -ms-flex: 0 0 91.666667%;
4134
-
4135
-
4136
- flex: 0 0 91.666667%;
4137
-
4138
-
4139
- max-width: 91.666667%
4140
-
4141
-
4142
- }
4143
-
4144
-
4145
-
4146
-
4147
-
4148
- .col-md-12 {
4149
-
4150
-
4151
- -webkit-box-flex: 0;
4152
-
4153
-
4154
- -ms-flex: 0 0 100%;
4155
-
4156
-
4157
- flex: 0 0 100%;
4158
-
4159
-
4160
- max-width: 100%
4161
-
4162
-
4163
- }
4164
-
4165
-
4166
-
4167
-
4168
-
4169
- .order-md-first {
4170
-
4171
-
4172
- -webkit-box-ordinal-group: 0;
4173
-
4174
-
4175
- -ms-flex-order: -1;
4176
-
4177
-
4178
- order: -1
4179
-
4180
-
4181
- }
4182
-
4183
-
4184
-
4185
-
4186
-
4187
- .order-md-last {
4188
-
4189
-
4190
- -webkit-box-ordinal-group: 14;
4191
-
4192
-
4193
- -ms-flex-order: 13;
4194
-
4195
-
4196
- order: 13
4197
-
4198
-
4199
- }
4200
-
4201
-
4202
-
4203
-
4204
-
4205
- .order-md-0 {
4206
-
4207
-
4208
- -webkit-box-ordinal-group: 1;
4209
-
4210
-
4211
- -ms-flex-order: 0;
4212
-
4213
-
4214
- order: 0
4215
-
4216
-
4217
- }
4218
-
4219
-
4220
-
4221
-
4222
-
4223
- .order-md-1 {
4224
-
4225
-
4226
- -webkit-box-ordinal-group: 2;
4227
-
4228
-
4229
- -ms-flex-order: 1;
4230
-
4231
-
4232
- order: 1
4233
-
4234
-
4235
- }
4236
-
4237
-
4238
-
4239
-
4240
-
4241
- .order-md-2 {
4242
-
4243
-
4244
- -webkit-box-ordinal-group: 3;
4245
-
4246
-
4247
- -ms-flex-order: 2;
4248
-
4249
-
4250
- order: 2
4251
-
4252
-
4253
- }
4254
-
4255
-
4256
-
4257
-
4258
-
4259
- .order-md-3 {
4260
-
4261
-
4262
- -webkit-box-ordinal-group: 4;
4263
-
4264
-
4265
- -ms-flex-order: 3;
4266
-
4267
-
4268
- order: 3
4269
-
4270
-
4271
- }
4272
-
4273
-
4274
-
4275
-
4276
-
4277
- .order-md-4 {
4278
-
4279
-
4280
- -webkit-box-ordinal-group: 5;
4281
-
4282
-
4283
- -ms-flex-order: 4;
4284
-
4285
-
4286
- order: 4
4287
-
4288
-
4289
- }
4290
-
4291
-
4292
-
4293
-
4294
-
4295
- .order-md-5 {
4296
-
4297
-
4298
- -webkit-box-ordinal-group: 6;
4299
-
4300
-
4301
- -ms-flex-order: 5;
4302
-
4303
-
4304
- order: 5
4305
-
4306
-
4307
- }
4308
-
4309
-
4310
-
4311
-
4312
-
4313
- .order-md-6 {
4314
-
4315
-
4316
- -webkit-box-ordinal-group: 7;
4317
-
4318
-
4319
- -ms-flex-order: 6;
4320
-
4321
-
4322
- order: 6
4323
-
4324
-
4325
- }
4326
-
4327
-
4328
-
4329
-
4330
-
4331
- .order-md-7 {
4332
-
4333
-
4334
- -webkit-box-ordinal-group: 8;
4335
-
4336
-
4337
- -ms-flex-order: 7;
4338
-
4339
-
4340
- order: 7
4341
-
4342
-
4343
- }
4344
-
4345
-
4346
-
4347
-
4348
-
4349
- .order-md-8 {
4350
-
4351
-
4352
- -webkit-box-ordinal-group: 9;
4353
-
4354
-
4355
- -ms-flex-order: 8;
4356
-
4357
-
4358
- order: 8
4359
-
4360
-
4361
- }
4362
-
4363
-
4364
-
4365
-
4366
-
4367
- .order-md-9 {
4368
-
4369
-
4370
- -webkit-box-ordinal-group: 10;
4371
-
4372
-
4373
- -ms-flex-order: 9;
4374
-
4375
-
4376
- order: 9
4377
-
4378
-
4379
- }
4380
-
4381
-
4382
-
4383
-
4384
-
4385
- .order-md-10 {
4386
-
4387
-
4388
- -webkit-box-ordinal-group: 11;
4389
-
4390
-
4391
- -ms-flex-order: 10;
4392
-
4393
-
4394
- order: 10
4395
-
4396
-
4397
- }
4398
-
4399
-
4400
-
4401
-
4402
-
4403
- .order-md-11 {
4404
-
4405
-
4406
- -webkit-box-ordinal-group: 12;
4407
-
4408
-
4409
- -ms-flex-order: 11;
4410
-
4411
-
4412
- order: 11
4413
-
4414
-
4415
- }
4416
-
4417
-
4418
-
4419
-
4420
-
4421
- .order-md-12 {
4422
-
4423
-
4424
- -webkit-box-ordinal-group: 13;
4425
-
4426
-
4427
- -ms-flex-order: 12;
4428
-
4429
-
4430
- order: 12
4431
-
4432
-
4433
- }
4434
-
4435
-
4436
-
4437
-
4438
-
4439
- .offset-md-0 {
4440
-
4441
-
4442
- margin-left: 0
4443
-
4444
-
4445
- }
4446
-
4447
-
4448
-
4449
-
4450
-
4451
- .offset-md-1 {
4452
-
4453
-
4454
- margin-left: 8.333333%
4455
-
4456
-
4457
- }
4458
-
4459
-
4460
-
4461
-
4462
-
4463
- .offset-md-2 {
4464
-
4465
-
4466
- margin-left: 16.666667%
4467
-
4468
-
4469
- }
4470
-
4471
-
4472
-
4473
-
4474
-
4475
- .offset-md-3 {
4476
-
4477
-
4478
- margin-left: 25%
4479
-
4480
-
4481
- }
4482
-
4483
-
4484
-
4485
-
4486
-
4487
- .offset-md-4 {
4488
-
4489
-
4490
- margin-left: 33.333333%
4491
-
4492
-
4493
- }
4494
-
4495
-
4496
-
4497
-
4498
-
4499
- .offset-md-5 {
4500
-
4501
-
4502
- margin-left: 41.666667%
4503
-
4504
-
4505
- }
4506
-
4507
-
4508
-
4509
-
4510
-
4511
- .offset-md-6 {
4512
-
4513
-
4514
- margin-left: 50%
4515
-
4516
-
4517
- }
4518
-
4519
-
4520
-
4521
-
4522
-
4523
- .offset-md-7 {
4524
-
4525
-
4526
- margin-left: 58.333333%
4527
-
4528
-
4529
- }
4530
-
4531
-
4532
-
4533
-
4534
-
4535
- .offset-md-8 {
4536
-
4537
-
4538
- margin-left: 66.666667%
4539
-
4540
-
4541
- }
4542
-
4543
-
4544
-
4545
-
4546
-
4547
- .offset-md-9 {
4548
-
4549
-
4550
- margin-left: 75%
4551
-
4552
-
4553
- }
4554
-
4555
-
4556
-
4557
-
4558
-
4559
- .offset-md-10 {
4560
-
4561
-
4562
- margin-left: 83.333333%
4563
-
4564
-
4565
- }
4566
-
4567
-
4568
-
4569
-
4570
-
4571
- .offset-md-11 {
4572
-
4573
-
4574
- margin-left: 91.666667%
4575
-
4576
-
4577
- }
4578
-
4579
-
4580
- }
4581
-
4582
-
4583
-
4584
-
4585
-
4586
- @media (min-width: 992px) {
4587
-
4588
-
4589
- .col-lg {
4590
-
4591
-
4592
- -ms-flex-preferred-size: 0;
4593
-
4594
-
4595
- flex-basis: 0;
4596
-
4597
-
4598
- -webkit-box-flex: 1;
4599
-
4600
-
4601
- -ms-flex-positive: 1;
4602
-
4603
-
4604
- flex-grow: 1;
4605
-
4606
-
4607
- max-width: 100%
4608
-
4609
-
4610
- }
4611
-
4612
-
4613
-
4614
-
4615
-
4616
- .col-lg-auto {
4617
-
4618
-
4619
- -webkit-box-flex: 0;
4620
-
4621
-
4622
- -ms-flex: 0 0 auto;
4623
-
4624
-
4625
- flex: 0 0 auto;
4626
-
4627
-
4628
- width: auto;
4629
-
4630
-
4631
- max-width: none
4632
-
4633
-
4634
- }
4635
-
4636
-
4637
-
4638
-
4639
-
4640
- .col-lg-1 {
4641
-
4642
-
4643
- -webkit-box-flex: 0;
4644
-
4645
-
4646
- -ms-flex: 0 0 8.333333%;
4647
-
4648
-
4649
- flex: 0 0 8.333333%;
4650
-
4651
-
4652
- max-width: 8.333333%
4653
-
4654
-
4655
- }
4656
-
4657
-
4658
-
4659
-
4660
-
4661
- .col-lg-2 {
4662
-
4663
-
4664
- -webkit-box-flex: 0;
4665
-
4666
-
4667
- -ms-flex: 0 0 16.666667%;
4668
-
4669
-
4670
- flex: 0 0 16.666667%;
4671
-
4672
-
4673
- max-width: 16.666667%
4674
-
4675
-
4676
- }
4677
-
4678
-
4679
-
4680
-
4681
-
4682
- .col-lg-3 {
4683
-
4684
-
4685
- -webkit-box-flex: 0;
4686
-
4687
-
4688
- -ms-flex: 0 0 25%;
4689
-
4690
-
4691
- flex: 0 0 25%;
4692
-
4693
-
4694
- max-width: 25%
4695
-
4696
-
4697
- }
4698
-
4699
-
4700
-
4701
-
4702
-
4703
- .col-lg-4 {
4704
-
4705
-
4706
- -webkit-box-flex: 0;
4707
-
4708
-
4709
- -ms-flex: 0 0 33.333333%;
4710
-
4711
-
4712
- flex: 0 0 33.333333%;
4713
-
4714
-
4715
- max-width: 33.333333%
4716
-
4717
-
4718
- }
4719
-
4720
-
4721
-
4722
-
4723
-
4724
- .col-lg-5 {
4725
-
4726
-
4727
- -webkit-box-flex: 0;
4728
-
4729
-
4730
- -ms-flex: 0 0 41.666667%;
4731
-
4732
-
4733
- flex: 0 0 41.666667%;
4734
-
4735
-
4736
- max-width: 41.666667%
4737
-
4738
-
4739
- }
4740
-
4741
-
4742
-
4743
-
4744
-
4745
- .col-lg-6 {
4746
-
4747
-
4748
- -webkit-box-flex: 0;
4749
-
4750
-
4751
- -ms-flex: 0 0 50%;
4752
-
4753
-
4754
- flex: 0 0 50%;
4755
-
4756
-
4757
- max-width: 50%
4758
-
4759
-
4760
- }
4761
-
4762
-
4763
-
4764
-
4765
-
4766
- .col-lg-7 {
4767
-
4768
-
4769
- -webkit-box-flex: 0;
4770
-
4771
-
4772
- -ms-flex: 0 0 58.333333%;
4773
-
4774
-
4775
- flex: 0 0 58.333333%;
4776
-
4777
-
4778
- max-width: 58.333333%
4779
-
4780
-
4781
- }
4782
-
4783
-
4784
-
4785
-
4786
-
4787
- .col-lg-8 {
4788
-
4789
-
4790
- -webkit-box-flex: 0;
4791
-
4792
-
4793
- -ms-flex: 0 0 66.666667%;
4794
-
4795
-
4796
- flex: 0 0 66.666667%;
4797
-
4798
-
4799
- max-width: 66.666667%
4800
-
4801
-
4802
- }
4803
-
4804
-
4805
-
4806
-
4807
-
4808
- .col-lg-9 {
4809
-
4810
-
4811
- -webkit-box-flex: 0;
4812
-
4813
-
4814
- -ms-flex: 0 0 75%;
4815
-
4816
-
4817
- flex: 0 0 75%;
4818
-
4819
-
4820
- max-width: 75%
4821
-
4822
-
4823
- }
4824
-
4825
-
4826
-
4827
-
4828
-
4829
- .col-lg-10 {
4830
-
4831
-
4832
- -webkit-box-flex: 0;
4833
-
4834
-
4835
- -ms-flex: 0 0 83.333333%;
4836
-
4837
-
4838
- flex: 0 0 83.333333%;
4839
-
4840
-
4841
- max-width: 83.333333%
4842
-
4843
-
4844
- }
4845
-
4846
-
4847
-
4848
-
4849
-
4850
- .col-lg-11 {
4851
-
4852
-
4853
- -webkit-box-flex: 0;
4854
-
4855
-
4856
- -ms-flex: 0 0 91.666667%;
4857
-
4858
-
4859
- flex: 0 0 91.666667%;
4860
-
4861
-
4862
- max-width: 91.666667%
4863
-
4864
-
4865
- }
4866
-
4867
-
4868
-
4869
-
4870
-
4871
- .col-lg-12 {
4872
-
4873
-
4874
- -webkit-box-flex: 0;
4875
-
4876
-
4877
- -ms-flex: 0 0 100%;
4878
-
4879
-
4880
- flex: 0 0 100%;
4881
-
4882
-
4883
- max-width: 100%
4884
-
4885
-
4886
- }
4887
-
4888
-
4889
-
4890
-
4891
-
4892
- .order-lg-first {
4893
-
4894
-
4895
- -webkit-box-ordinal-group: 0;
4896
-
4897
-
4898
- -ms-flex-order: -1;
4899
-
4900
-
4901
- order: -1
4902
-
4903
-
4904
- }
4905
-
4906
-
4907
-
4908
-
4909
-
4910
- .order-lg-last {
4911
-
4912
-
4913
- -webkit-box-ordinal-group: 14;
4914
-
4915
-
4916
- -ms-flex-order: 13;
4917
-
4918
-
4919
- order: 13
4920
-
4921
-
4922
- }
4923
-
4924
-
4925
-
4926
-
4927
-
4928
- .order-lg-0 {
4929
-
4930
-
4931
- -webkit-box-ordinal-group: 1;
4932
-
4933
-
4934
- -ms-flex-order: 0;
4935
-
4936
-
4937
- order: 0
4938
-
4939
-
4940
- }
4941
-
4942
-
4943
-
4944
-
4945
-
4946
- .order-lg-1 {
4947
-
4948
-
4949
- -webkit-box-ordinal-group: 2;
4950
-
4951
-
4952
- -ms-flex-order: 1;
4953
-
4954
-
4955
- order: 1
4956
-
4957
-
4958
- }
4959
-
4960
-
4961
-
4962
-
4963
-
4964
- .order-lg-2 {
4965
-
4966
-
4967
- -webkit-box-ordinal-group: 3;
4968
-
4969
-
4970
- -ms-flex-order: 2;
4971
-
4972
-
4973
- order: 2
4974
-
4975
-
4976
- }
4977
-
4978
-
4979
-
4980
-
4981
-
4982
- .order-lg-3 {
4983
-
4984
-
4985
- -webkit-box-ordinal-group: 4;
4986
-
4987
-
4988
- -ms-flex-order: 3;
4989
-
4990
-
4991
- order: 3
4992
-
4993
-
4994
- }
4995
-
4996
-
4997
-
4998
-
4999
-
5000
- .order-lg-4 {
5001
-
5002
-
5003
- -webkit-box-ordinal-group: 5;
5004
-
5005
-
5006
- -ms-flex-order: 4;
5007
-
5008
-
5009
- order: 4
5010
-
5011
-
5012
- }
5013
-
5014
-
5015
-
5016
-
5017
-
5018
- .order-lg-5 {
5019
-
5020
-
5021
- -webkit-box-ordinal-group: 6;
5022
-
5023
-
5024
- -ms-flex-order: 5;
5025
-
5026
-
5027
- order: 5
5028
-
5029
-
5030
- }
5031
-
5032
-
5033
-
5034
-
5035
-
5036
- .order-lg-6 {
5037
-
5038
-
5039
- -webkit-box-ordinal-group: 7;
5040
-
5041
-
5042
- -ms-flex-order: 6;
5043
-
5044
-
5045
- order: 6
5046
-
5047
-
5048
- }
5049
-
5050
-
5051
-
5052
-
5053
-
5054
- .order-lg-7 {
5055
-
5056
-
5057
- -webkit-box-ordinal-group: 8;
5058
-
5059
-
5060
- -ms-flex-order: 7;
5061
-
5062
-
5063
- order: 7
5064
-
5065
-
5066
- }
5067
-
5068
-
5069
-
5070
-
5071
-
5072
- .order-lg-8 {
5073
-
5074
-
5075
- -webkit-box-ordinal-group: 9;
5076
-
5077
-
5078
- -ms-flex-order: 8;
5079
-
5080
-
5081
- order: 8
5082
-
5083
-
5084
- }
5085
-
5086
-
5087
-
5088
-
5089
-
5090
- .order-lg-9 {
5091
-
5092
-
5093
- -webkit-box-ordinal-group: 10;
5094
-
5095
-
5096
- -ms-flex-order: 9;
5097
-
5098
-
5099
- order: 9
5100
-
5101
-
5102
- }
5103
-
5104
-
5105
-
5106
-
5107
-
5108
- .order-lg-10 {
5109
-
5110
-
5111
- -webkit-box-ordinal-group: 11;
5112
-
5113
-
5114
- -ms-flex-order: 10;
5115
-
5116
-
5117
- order: 10
5118
-
5119
-
5120
- }
5121
-
5122
-
5123
-
5124
-
5125
-
5126
- .order-lg-11 {
5127
-
5128
-
5129
- -webkit-box-ordinal-group: 12;
5130
-
5131
-
5132
- -ms-flex-order: 11;
5133
-
5134
-
5135
- order: 11
5136
-
5137
-
5138
- }
5139
-
5140
-
5141
-
5142
-
5143
-
5144
- .order-lg-12 {
5145
-
5146
-
5147
- -webkit-box-ordinal-group: 13;
5148
-
5149
-
5150
- -ms-flex-order: 12;
5151
-
5152
-
5153
- order: 12
5154
-
5155
-
5156
- }
5157
-
5158
-
5159
-
5160
-
5161
-
5162
- .offset-lg-0 {
5163
-
5164
-
5165
- margin-left: 0
5166
-
5167
-
5168
- }
5169
-
5170
-
5171
-
5172
-
5173
-
5174
- .offset-lg-1 {
5175
-
5176
-
5177
- margin-left: 8.333333%
5178
-
5179
-
5180
- }
5181
-
5182
-
5183
-
5184
-
5185
-
5186
- .offset-lg-2 {
5187
-
5188
-
5189
- margin-left: 16.666667%
5190
-
5191
-
5192
- }
5193
-
5194
-
5195
-
5196
-
5197
-
5198
- .offset-lg-3 {
5199
-
5200
-
5201
- margin-left: 25%
5202
-
5203
-
5204
- }
5205
-
5206
-
5207
-
5208
-
5209
-
5210
- .offset-lg-4 {
5211
-
5212
-
5213
- margin-left: 33.333333%
5214
-
5215
-
5216
- }
5217
-
5218
-
5219
-
5220
-
5221
-
5222
- .offset-lg-5 {
5223
-
5224
-
5225
- margin-left: 41.666667%
5226
-
5227
-
5228
- }
5229
-
5230
-
5231
-
5232
-
5233
-
5234
- .offset-lg-6 {
5235
-
5236
-
5237
- margin-left: 50%
5238
-
5239
-
5240
- }
5241
-
5242
-
5243
-
5244
-
5245
-
5246
- .offset-lg-7 {
5247
-
5248
-
5249
- margin-left: 58.333333%
5250
-
5251
-
5252
- }
5253
-
5254
-
5255
-
5256
-
5257
-
5258
- .offset-lg-8 {
5259
-
5260
-
5261
- margin-left: 66.666667%
5262
-
5263
-
5264
- }
5265
-
5266
-
5267
-
5268
-
5269
-
5270
- .offset-lg-9 {
5271
-
5272
-
5273
- margin-left: 75%
5274
-
5275
-
5276
- }
5277
-
5278
-
5279
-
5280
-
5281
-
5282
- .offset-lg-10 {
5283
-
5284
-
5285
- margin-left: 83.333333%
5286
-
5287
-
5288
- }
5289
-
5290
-
5291
-
5292
-
5293
-
5294
- .offset-lg-11 {
5295
-
5296
-
5297
- margin-left: 91.666667%
5298
-
5299
-
5300
- }
5301
-
5302
-
5303
- }
5304
-
5305
-
5306
-
5307
-
5308
-
5309
- @media (min-width: 1200px) {
5310
-
5311
-
5312
- .col-xl {
5313
-
5314
-
5315
- -ms-flex-preferred-size: 0;
5316
-
5317
-
5318
- flex-basis: 0;
5319
-
5320
-
5321
- -webkit-box-flex: 1;
5322
-
5323
-
5324
- -ms-flex-positive: 1;
5325
-
5326
-
5327
- flex-grow: 1;
5328
-
5329
-
5330
- max-width: 100%
5331
-
5332
-
5333
- }
5334
-
5335
-
5336
-
5337
-
5338
-
5339
- .col-xl-auto {
5340
-
5341
-
5342
- -webkit-box-flex: 0;
5343
-
5344
-
5345
- -ms-flex: 0 0 auto;
5346
-
5347
-
5348
- flex: 0 0 auto;
5349
-
5350
-
5351
- width: auto;
5352
-
5353
-
5354
- max-width: none
5355
-
5356
-
5357
- }
5358
-
5359
-
5360
-
5361
-
5362
-
5363
- .col-xl-1 {
5364
-
5365
-
5366
- -webkit-box-flex: 0;
5367
-
5368
-
5369
- -ms-flex: 0 0 8.333333%;
5370
-
5371
-
5372
- flex: 0 0 8.333333%;
5373
-
5374
-
5375
- max-width: 8.333333%
5376
-
5377
-
5378
- }
5379
-
5380
-
5381
-
5382
-
5383
-
5384
- .col-xl-2 {
5385
-
5386
-
5387
- -webkit-box-flex: 0;
5388
-
5389
-
5390
- -ms-flex: 0 0 16.666667%;
5391
-
5392
-
5393
- flex: 0 0 16.666667%;
5394
-
5395
-
5396
- max-width: 16.666667%
5397
-
5398
-
5399
- }
5400
-
5401
-
5402
-
5403
-
5404
-
5405
- .col-xl-3 {
5406
-
5407
-
5408
- -webkit-box-flex: 0;
5409
-
5410
-
5411
- -ms-flex: 0 0 25%;
5412
-
5413
-
5414
- flex: 0 0 25%;
5415
-
5416
-
5417
- max-width: 25%
5418
-
5419
-
5420
- }
5421
-
5422
-
5423
-
5424
-
5425
-
5426
- .col-xl-4 {
5427
-
5428
-
5429
- -webkit-box-flex: 0;
5430
-
5431
-
5432
- -ms-flex: 0 0 33.333333%;
5433
-
5434
-
5435
- flex: 0 0 33.333333%;
5436
-
5437
-
5438
- max-width: 33.333333%
5439
-
5440
-
5441
- }
5442
-
5443
-
5444
-
5445
-
5446
-
5447
- .col-xl-5 {
5448
-
5449
-
5450
- -webkit-box-flex: 0;
5451
-
5452
-
5453
- -ms-flex: 0 0 41.666667%;
5454
-
5455
-
5456
- flex: 0 0 41.666667%;
5457
-
5458
-
5459
- max-width: 41.666667%
5460
-
5461
-
5462
- }
5463
-
5464
-
5465
-
5466
-
5467
-
5468
- .col-xl-6 {
5469
-
5470
-
5471
- -webkit-box-flex: 0;
5472
-
5473
-
5474
- -ms-flex: 0 0 50%;
5475
-
5476
-
5477
- flex: 0 0 50%;
5478
-
5479
-
5480
- max-width: 50%
5481
-
5482
-
5483
- }
5484
-
5485
-
5486
-
5487
-
5488
-
5489
- .col-xl-7 {
5490
-
5491
-
5492
- -webkit-box-flex: 0;
5493
-
5494
-
5495
- -ms-flex: 0 0 58.333333%;
5496
-
5497
-
5498
- flex: 0 0 58.333333%;
5499
-
5500
-
5501
- max-width: 58.333333%
5502
-
5503
-
5504
- }
5505
-
5506
-
5507
-
5508
-
5509
-
5510
- .col-xl-8 {
5511
-
5512
-
5513
- -webkit-box-flex: 0;
5514
-
5515
-
5516
- -ms-flex: 0 0 66.666667%;
5517
-
5518
-
5519
- flex: 0 0 66.666667%;
5520
-
5521
-
5522
- max-width: 66.666667%
5523
-
5524
-
5525
- }
5526
-
5527
-
5528
-
5529
-
5530
-
5531
- .col-xl-9 {
5532
-
5533
-
5534
- -webkit-box-flex: 0;
5535
-
5536
-
5537
- -ms-flex: 0 0 75%;
5538
-
5539
-
5540
- flex: 0 0 75%;
5541
-
5542
-
5543
- max-width: 75%
5544
-
5545
-
5546
- }
5547
-
5548
-
5549
-
5550
-
5551
-
5552
- .col-xl-10 {
5553
-
5554
-
5555
- -webkit-box-flex: 0;
5556
-
5557
-
5558
- -ms-flex: 0 0 83.333333%;
5559
-
5560
-
5561
- flex: 0 0 83.333333%;
5562
-
5563
-
5564
- max-width: 83.333333%
5565
-
5566
-
5567
- }
5568
-
5569
-
5570
-
5571
-
5572
-
5573
- .col-xl-11 {
5574
-
5575
-
5576
- -webkit-box-flex: 0;
5577
-
5578
-
5579
- -ms-flex: 0 0 91.666667%;
5580
-
5581
-
5582
- flex: 0 0 91.666667%;
5583
-
5584
-
5585
- max-width: 91.666667%
5586
-
5587
-
5588
- }
5589
-
5590
-
5591
-
5592
-
5593
-
5594
- .col-xl-12 {
5595
-
5596
-
5597
- -webkit-box-flex: 0;
5598
-
5599
-
5600
- -ms-flex: 0 0 100%;
5601
-
5602
-
5603
- flex: 0 0 100%;
5604
-
5605
-
5606
- max-width: 100%
5607
-
5608
-
5609
- }
5610
-
5611
-
5612
- }
5613
-
5614
-
5615
-
5616
-
5617
-
5618
-
5619
-
5620
-
5621
- .mo_otp_token, .mo2f_user_email, .mo2f_IR_phone,
5622
-
5623
-
5624
- .mo_IR_otp_token, .mo2f_IR_GA_token, .mo2f_IR_phone_OTP {
5625
-
5626
-
5627
- color:#212F3C;
5628
-
5629
-
5630
- border:none;
5631
-
5632
-
5633
- display:block;
5634
-
5635
-
5636
- border-bottom-style: solid;
5637
-
5638
-
5639
- border-width: 2px;
5640
-
5641
-
5642
- border-color:#D0D3D4;
5643
-
5644
-
5645
- border-radius:0px;
5646
-
5647
-
5648
- outline:none;
5649
-
5650
-
5651
- padding:5px;
5652
-
5653
-
5654
- }
5655
-
5656
-
5657
-
5658
-
5659
-
5660
- .mo_otp_token {
5661
-
5662
-
5663
- font-size:15px;
5664
-
5665
-
5666
- width:130px;
5667
-
5668
-
5669
- text-align:center;
5670
-
5671
-
5672
- }
5673
-
5674
-
5675
-
5676
-
5677
-
5678
- .mo2f_user_email{
5679
-
5680
-
5681
- font-size:16px;
5682
-
5683
-
5684
- width:220px;
5685
-
5686
-
5687
- text-align:center;
5688
-
5689
-
5690
- }
5691
-
5692
-
5693
-
5694
-
5695
-
5696
- .mo2f_IR_phone{
5697
-
5698
-
5699
- font-size:14px;
5700
-
5701
-
5702
- width:170px !important;
5703
-
5704
-
5705
- }
5706
-
5707
-
5708
-
5709
-
5710
-
5711
- .mo2f_IR_GA_token{
5712
-
5713
-
5714
- font-size:15px;
5715
-
5716
-
5717
- width:100px !important;
5718
-
5719
-
5720
- }
5721
-
5722
-
5723
-
5724
-
5725
-
5726
- .mo2f_IR_phone_OTP{
5727
-
5728
-
5729
- font-size:15px;
5730
-
5731
-
5732
- width:150px !important;
5733
-
5734
-
1
+ .mo2f_carousel {
2
+
3
+
4
+ position: relative;
5
+
6
+
7
+ padding-bottom: 18px !important;
8
+
9
+
10
+
11
+
12
+
13
+ }
14
+
15
+
16
+
17
+
18
+
19
+ .mo2f_carousel-inner {
20
+
21
+
22
+ position: relative;
23
+
24
+
25
+ width: 100%;
26
+
27
+
28
+ overflow: hidden;
29
+
30
+
31
+
32
+
33
+
34
+ }
35
+
36
+
37
+
38
+
39
+
40
+ .mo2f_carousel-inner > .item {
41
+
42
+
43
+ position: relative;
44
+
45
+
46
+ display: none;
47
+
48
+
49
+ -webkit-transition: .6s ease-in-out left;
50
+
51
+
52
+ -o-transition: .6s ease-in-out left;
53
+
54
+
55
+ transition: .6s ease-in-out left;
56
+
57
+
58
+ height: 300px !important;
59
+
60
+
61
+
62
+
63
+
64
+ }
65
+
66
+
67
+
68
+
69
+
70
+ .mo2f_carousel-inner > .item > img, .mo2f_carousel-inner > .item > a > img {
71
+
72
+
73
+ line-height: 1;
74
+
75
+
76
+
77
+
78
+
79
+ max-height: 300px !important;
80
+
81
+
82
+ max-width: 600px !important;
83
+
84
+
85
+ }
86
+
87
+
88
+
89
+
90
+
91
+ @media all and (transform-3d) , ( -webkit-transform-3d ) {
92
+
93
+
94
+ .mo2f_carousel-inner > .item {
95
+
96
+
97
+ -webkit-transition: -webkit-transform .6s ease-in-out;
98
+
99
+
100
+ -o-transition: -o-transform .6s ease-in-out;
101
+
102
+
103
+ transition: transform .6s ease-in-out;
104
+
105
+
106
+ -webkit-backface-visibility: hidden;
107
+
108
+
109
+ backface-visibility: hidden;
110
+
111
+
112
+ -webkit-perspective: 1000;
113
+
114
+
115
+ perspective: 1000
116
+
117
+
118
+ }
119
+
120
+
121
+
122
+
123
+
124
+ .mo2f_carousel-inner > .item.next, .mo2f_carousel-inner > .item.active.right {
125
+
126
+
127
+ left: 0;
128
+
129
+
130
+ -webkit-transform: translate3d(100%, 0, 0);
131
+
132
+
133
+ transform: translate3d(100%, 0, 0)
134
+
135
+
136
+ }
137
+
138
+
139
+
140
+
141
+
142
+ .mo2f_carousel-inner > .item.prev, .mo2f_carousel-inner > .item.active.left {
143
+
144
+
145
+ left: 0;
146
+
147
+
148
+ -webkit-transform: translate3d(-100%, 0, 0);
149
+
150
+
151
+ transform: translate3d(-100%, 0, 0)
152
+
153
+
154
+ }
155
+
156
+
157
+
158
+
159
+
160
+ .mo2f_carousel-inner > .item.next.left, .mo2f_carousel-inner > .item.prev.right, .mo2f_carousel-inner > .item.active {
161
+
162
+
163
+ left: 0;
164
+
165
+
166
+ -webkit-transform: translate3d(0, 0, 0);
167
+
168
+
169
+ transform: translate3d(0, 0, 0)
170
+
171
+
172
+ }
173
+
174
+
175
+ }
176
+
177
+
178
+
179
+
180
+
181
+ .mo2f_carousel-inner > .active, .mo2f_carousel-inner > .next, .mo2f_carousel-inner > .prev {
182
+
183
+
184
+ display: block
185
+
186
+
187
+ }
188
+
189
+
190
+
191
+
192
+
193
+ .mo2f_carousel-inner > .active {
194
+
195
+
196
+ left: 0
197
+
198
+
199
+ }
200
+
201
+
202
+
203
+
204
+
205
+ .mo2f_carousel-inner > .next, .mo2f_carousel-inner > .prev {
206
+
207
+
208
+ position: absolute;
209
+
210
+
211
+ top: 0;
212
+
213
+
214
+ width: 100%
215
+
216
+
217
+ }
218
+
219
+
220
+
221
+
222
+
223
+ .mo2f_carousel-inner > .next {
224
+
225
+
226
+ left: 100%
227
+
228
+
229
+ }
230
+
231
+
232
+
233
+
234
+
235
+ .mo2f_carousel-inner > .prev {
236
+
237
+
238
+ left: -100%
239
+
240
+
241
+ }
242
+
243
+
244
+
245
+
246
+
247
+ .mo2f_carousel-inner > .next.left, .mo2f_carousel-inner > .prev.right {
248
+
249
+
250
+ left: 0
251
+
252
+
253
+ }
254
+
255
+
256
+
257
+
258
+
259
+ .mo2f_carousel-inner > .active.left {
260
+
261
+
262
+ left: -100%
263
+
264
+
265
+ }
266
+
267
+
268
+
269
+
270
+
271
+ .mo2f_carousel-inner > .active.right {
272
+
273
+
274
+ left: 100%
275
+
276
+
277
+ }
278
+
279
+
280
+
281
+
282
+
283
+ .mo2f_carousel-control {
284
+
285
+
286
+ position: absolute;
287
+
288
+
289
+ top: 0;
290
+
291
+
292
+ bottom: 0;
293
+
294
+
295
+ left: 0;
296
+
297
+
298
+ width: 15%;
299
+
300
+
301
+ font-size: 20px;
302
+
303
+
304
+ color: #fff;
305
+
306
+
307
+ text-align: center;
308
+
309
+
310
+ text-shadow: 0 1px 2px rgba(0, 0, 0, .6);
311
+
312
+
313
+ filter: alpha(opacity=50);
314
+
315
+
316
+ opacity: .5
317
+
318
+
319
+ }
320
+
321
+
322
+
323
+
324
+
325
+ .mo2f_carousel-control.left {
326
+
327
+
328
+ background-image: -webkit-linear-gradient(left, rgba(0, 0, 0, .5) 0,
329
+
330
+
331
+ rgba(0, 0, 0, .0001) 100%);
332
+
333
+
334
+ background-image: -o-linear-gradient(left, rgba(0, 0, 0, .5) 0,
335
+
336
+
337
+ rgba(0, 0, 0, .0001) 100%);
338
+
339
+
340
+ background-image: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .5)),
341
+
342
+
343
+ to(rgba(0, 0, 0, .0001)));
344
+
345
+
346
+ background-image: linear-gradient(to right, rgba(0, 0, 0, .5) 0,
347
+
348
+
349
+ rgba(0, 0, 0, .0001) 100%);
350
+
351
+
352
+ filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000',
353
+
354
+
355
+ endColorstr='#00000000', GradientType=1);
356
+
357
+
358
+ background-repeat: repeat-x
359
+
360
+
361
+ }
362
+
363
+
364
+
365
+
366
+
367
+ .mo2f_carousel-control.right {
368
+
369
+
370
+ right: 0;
371
+
372
+
373
+ left: auto;
374
+
375
+
376
+ background-image: -webkit-linear-gradient(left, rgba(0, 0, 0, .0001) 0,
377
+
378
+
379
+ rgba(0, 0, 0, .5) 100%);
380
+
381
+
382
+ background-image: -o-linear-gradient(left, rgba(0, 0, 0, .0001) 0,
383
+
384
+
385
+ rgba(0, 0, 0, .5) 100%);
386
+
387
+
388
+ background-image: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .0001)),
389
+
390
+
391
+ to(rgba(0, 0, 0, .5)));
392
+
393
+
394
+ background-image: linear-gradient(to right, rgba(0, 0, 0, .0001) 0,
395
+
396
+
397
+ rgba(0, 0, 0, .5) 100%);
398
+
399
+
400
+ filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000',
401
+
402
+
403
+ endColorstr='#80000000', GradientType=1);
404
+
405
+
406
+ background-repeat: repeat-x
407
+
408
+
409
+ }
410
+
411
+
412
+
413
+
414
+
415
+ .mo2f_carousel-control:hover, .mo2f_carousel-control:focus {
416
+
417
+
418
+ color: #fff;
419
+
420
+
421
+ text-decoration: none;
422
+
423
+
424
+ filter: alpha(opacity=90);
425
+
426
+
427
+ outline: 0;
428
+
429
+
430
+ opacity: .9
431
+
432
+
433
+ }
434
+
435
+
436
+
437
+
438
+
439
+ .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .icon-next, .mo2f_carousel-control .glyphicon-chevron-left, .mo2f_carousel-control .glyphicon-chevron-right {
440
+
441
+
442
+ position: absolute;
443
+
444
+
445
+ top: 50%;
446
+
447
+
448
+ z-index: 5;
449
+
450
+
451
+ display: inline-block
452
+
453
+
454
+ }
455
+
456
+
457
+
458
+
459
+
460
+ .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .glyphicon-chevron-left {
461
+
462
+
463
+ left: 50%;
464
+
465
+
466
+ margin-left: -10px
467
+
468
+
469
+ }
470
+
471
+
472
+
473
+
474
+
475
+ .mo2f_carousel-control .icon-next, .mo2f_carousel-control .glyphicon-chevron-right {
476
+
477
+
478
+ right: 50%;
479
+
480
+
481
+ margin-right: -10px
482
+
483
+
484
+ }
485
+
486
+
487
+
488
+
489
+
490
+ .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .icon-next {
491
+
492
+
493
+ width: 20px;
494
+
495
+
496
+ height: 20px;
497
+
498
+
499
+ margin-top: -10px;
500
+
501
+
502
+ font-family: serif
503
+
504
+
505
+ }
506
+
507
+
508
+
509
+
510
+
511
+ .mo2f_carousel-control .icon-prev:before {
512
+
513
+
514
+ content: '\2039'
515
+
516
+
517
+ }
518
+
519
+
520
+
521
+
522
+
523
+ .mo2f_carousel-control .icon-next:before {
524
+
525
+
526
+ content: '\203a'
527
+
528
+
529
+ }
530
+
531
+
532
+
533
+
534
+
535
+ .mo2f_carousel-indicators {
536
+
537
+
538
+ position: absolute;
539
+
540
+
541
+ bottom: -25px;
542
+
543
+
544
+ left: 50%;
545
+
546
+
547
+ z-index: 15;
548
+
549
+
550
+ width: 60%;
551
+
552
+
553
+ padding-left: 0;
554
+
555
+
556
+ margin-left: -30%;
557
+
558
+
559
+ text-align: center;
560
+
561
+
562
+ list-style: none
563
+
564
+
565
+ }
566
+
567
+
568
+
569
+
570
+
571
+ .mo2f_carousel-indicators li {
572
+
573
+
574
+ display: inline-block;
575
+
576
+
577
+ width: 10px;
578
+
579
+
580
+ height: 10px;
581
+
582
+
583
+ margin: 1px;
584
+
585
+
586
+ text-indent: -999px;
587
+
588
+
589
+ cursor: pointer;
590
+
591
+
592
+ background-color: #0 \9;
593
+
594
+
595
+ background-color: rgba(0, 0, 0, 0);
596
+
597
+
598
+ border: 1px solid #0073aa;
599
+
600
+
601
+ border-radius: 10px
602
+
603
+
604
+ }
605
+
606
+
607
+
608
+
609
+
610
+ .mo2f_carousel-indicators .active {
611
+
612
+
613
+ width: 12px;
614
+
615
+
616
+ height: 12px;
617
+
618
+
619
+ margin: 0;
620
+
621
+
622
+ background-color: #0073aa;
623
+
624
+
625
+ }
626
+
627
+
628
+
629
+
630
+
631
+ .mo2f_carousel-caption {
632
+
633
+
634
+ position: absolute;
635
+
636
+
637
+ right: 15%;
638
+
639
+
640
+ bottom: 20px;
641
+
642
+
643
+ left: 15%;
644
+
645
+
646
+ z-index: 10;
647
+
648
+
649
+ padding-top: 20px;
650
+
651
+
652
+ padding-bottom: 20px;
653
+
654
+
655
+ color: #fff;
656
+
657
+
658
+ text-align: center;
659
+
660
+
661
+ text-shadow: 0 1px 2px rgba(0, 0, 0, .6)
662
+
663
+
664
+ }
665
+
666
+
667
+
668
+
669
+
670
+ .mo2f_carousel-caption .btn {
671
+
672
+
673
+ text-shadow: none
674
+
675
+
676
+ }
677
+
678
+
679
+
680
+
681
+
682
+ @media screen and (min-width: 768px) {
683
+
684
+
685
+ .mo2f_carousel-control .glyphicon-chevron-left, .mo2f_carousel-control .glyphicon-chevron-right, .mo2f_carousel-control .icon-prev, .mo2f_carousel-control .icon-next {
686
+
687
+
688
+ width: 30px;
689
+
690
+
691
+ height: 30px;
692
+
693
+
694
+ margin-top: -15px;
695
+
696
+
697
+ font-size: 30px
698
+
699
+
700
+ }
701
+
702
+
703
+
704
+
705
+
706
+ .mo2f_carousel-control .glyphicon-chevron-left, .mo2f_carousel-control .icon-prev {
707
+
708
+
709
+ margin-left: -15px
710
+
711
+
712
+ }
713
+
714
+
715
+
716
+
717
+
718
+ .mo2f_carousel-control .glyphicon-chevron-right, .mo2f_carousel-control .icon-next {
719
+
720
+
721
+ margin-right: -15px
722
+
723
+
724
+ }
725
+
726
+
727
+
728
+
729
+
730
+ .mo2f_carousel-caption {
731
+
732
+
733
+ right: 20%;
734
+
735
+
736
+ left: 20%;
737
+
738
+
739
+ padding-bottom: 30px
740
+
741
+
742
+ }
743
+
744
+
745
+
746
+
747
+
748
+ .mo2f_carousel-indicators {
749
+
750
+
751
+ bottom: -14px
752
+
753
+
754
+ }
755
+
756
+
757
+ }
758
+
759
+
760
+
761
+
762
+
763
+ .hidden {
764
+
765
+
766
+ display: none;
767
+
768
+
769
+ }
770
+
771
+
772
+
773
+
774
+
775
+ .float-right {
776
+
777
+
778
+ text-align: right;
779
+
780
+
781
+ }
782
+
783
+
784
+
785
+
786
+
787
+ .mo2f_collapse {
788
+
789
+
790
+ display: none;
791
+
792
+
793
+ / / visibility: hidden;
794
+
795
+
796
+ font-size: 14px !important;
797
+
798
+
799
+
800
+
801
+
802
+ }
803
+
804
+
805
+
806
+
807
+
808
+ .mo2f_collapse.in {
809
+
810
+
811
+ display: block;
812
+
813
+
814
+ visibility: visible;
815
+
816
+
817
+
818
+
819
+
820
+ }
821
+
822
+
823
+
824
+
825
+
826
+ .mo2f_collapsing {
827
+
828
+
829
+ position: relative;
830
+
831
+
832
+ font-size: 14px !important;
833
+
834
+
835
+ height: 0;
836
+
837
+
838
+ overflow: hidden;
839
+
840
+
841
+ -webkit-transition-timing-function: ease;
842
+
843
+
844
+ -o-transition-timing-function: ease;
845
+
846
+
847
+ transition-timing-function: ease;
848
+
849
+
850
+ -webkit-transition-duration: .20s;
851
+
852
+
853
+ -o-transition-duration: .20s;
854
+
855
+
856
+ transition-duration: .20s;
857
+
858
+
859
+ -webkit-transition-property: height, visibility;
860
+
861
+
862
+ -o-transition-property: height, visibility;
863
+
864
+
865
+ transition-property: height, visibility
866
+
867
+
868
+ }
869
+
870
+
871
+
872
+
873
+
874
+ .mo2f_thumbnail {
875
+
876
+
877
+ width: 315px;
878
+
879
+
880
+ margin-bottom: 10px;
881
+
882
+
883
+ position: relative;
884
+
885
+
886
+ background-color: #fff;
887
+
888
+
889
+ border: 1px solid #ddd;
890
+
891
+
892
+ -webkit-transition: border .2s ease-in-out;
893
+
894
+
895
+ -o-transition: border .2s ease-in-out;
896
+
897
+
898
+ transition: border .2s ease-in-out
899
+
900
+
901
+ }
902
+
903
+
904
+
905
+
906
+
907
+ .mo2f_thumbnail > img, .mo2f_thumbnail a > img {
908
+
909
+
910
+ margin-right: auto;
911
+
912
+
913
+ margin-left: auto
914
+
915
+
916
+ }
917
+
918
+
919
+
920
+
921
+
922
+ a.mo2f_thumbnail:hover, a.mo2f_thumbnail:focus, a.mo2f_thumbnail.active {
923
+
924
+
925
+ border-color: #337ab7
926
+
927
+
928
+ }
929
+
930
+
931
+
932
+
933
+
934
+ .mo2f_thumbnail .caption {
935
+
936
+
937
+ padding: 9px;
938
+
939
+
940
+ color: #333
941
+
942
+
943
+ }
944
+
945
+
946
+
947
+
948
+
949
+ .mo2f_thumbnail label {
950
+
951
+
952
+ font-weight: bold;
953
+
954
+
955
+
956
+
957
+
958
+ }
959
+
960
+
961
+
962
+
963
+
964
+ .mo2f_close {
965
+
966
+
967
+ float: right;
968
+
969
+
970
+ font-size: 21px;
971
+
972
+
973
+ font-weight: 700;
974
+
975
+
976
+ line-height: 1;
977
+
978
+
979
+ color: #000;
980
+
981
+
982
+ text-shadow: 0 1px 0 #fff;
983
+
984
+
985
+ filter: alpha(opacity=20);
986
+
987
+
988
+ opacity: .2
989
+
990
+
991
+ }
992
+
993
+
994
+
995
+
996
+
997
+ .mo2f_close:hover, .mo2f_close:focus {
998
+
999
+
1000
+ color: #000;
1001
+
1002
+
1003
+ text-decoration: none;
1004
+
1005
+
1006
+ cursor: pointer;
1007
+
1008
+
1009
+ filter: alpha(opacity=50);
1010
+
1011
+
1012
+ opacity: .5
1013
+
1014
+
1015
+ }
1016
+
1017
+
1018
+
1019
+
1020
+
1021
+ button.mo2f_close {
1022
+
1023
+
1024
+ -webkit-appearance: none;
1025
+
1026
+
1027
+ padding: 0;
1028
+
1029
+
1030
+ cursor: pointer;
1031
+
1032
+
1033
+ background: 0 0;
1034
+
1035
+
1036
+ border: 0
1037
+
1038
+
1039
+ }
1040
+
1041
+
1042
+
1043
+
1044
+
1045
+ .mo2f_modal-open {
1046
+
1047
+
1048
+ overflow: hidden !important;
1049
+
1050
+
1051
+ position: fixed !important;
1052
+
1053
+
1054
+ width: 100% !important;
1055
+
1056
+
1057
+
1058
+
1059
+
1060
+ }
1061
+
1062
+
1063
+
1064
+
1065
+
1066
+ .mo2f_modal {
1067
+
1068
+
1069
+ position: fixed !important;
1070
+
1071
+
1072
+ top: 0;
1073
+
1074
+
1075
+ right: 0;
1076
+
1077
+
1078
+ bottom: 0;
1079
+
1080
+
1081
+ left: 0;
1082
+
1083
+
1084
+ z-index: 100000 !important;
1085
+
1086
+
1087
+
1088
+
1089
+
1090
+ overflow: hidden !important;
1091
+
1092
+
1093
+ -webkit-overflow-scrolling: touch;
1094
+
1095
+
1096
+ outline: 0;
1097
+
1098
+
1099
+
1100
+
1101
+
1102
+ }
1103
+
1104
+
1105
+
1106
+
1107
+
1108
+ .mo2f_modal_inner {
1109
+
1110
+
1111
+ display: none;
1112
+
1113
+
1114
+ }
1115
+
1116
+
1117
+
1118
+
1119
+
1120
+ .mo2f_modal.fade .mo2f_modal-dialog {
1121
+
1122
+
1123
+ -webkit-transition: -webkit-transform .3s ease-out;
1124
+
1125
+
1126
+ -o-transition: -o-transform .3s ease-out;
1127
+
1128
+
1129
+ transition: transform .3s ease-out;
1130
+
1131
+
1132
+ -webkit-transform: translate(0, -25%);
1133
+
1134
+
1135
+ -ms-transform: translate(0, -25%);
1136
+
1137
+
1138
+ -o-transform: translate(0, -25%);
1139
+
1140
+
1141
+ transform: translate(0, -25%)
1142
+
1143
+
1144
+ }
1145
+
1146
+
1147
+
1148
+
1149
+
1150
+ .mo2f_modal.in .mo2f_modal-dialog {
1151
+
1152
+
1153
+ -webkit-transform: translate(0, 80px) !important;
1154
+
1155
+
1156
+ -ms-transform: translate(0, 80px) !important;
1157
+
1158
+
1159
+ -o-transform: translate(0, 80px) !important;
1160
+
1161
+
1162
+ transform: translate(0, 80px) !important;
1163
+
1164
+
1165
+
1166
+
1167
+
1168
+ }
1169
+
1170
+
1171
+
1172
+
1173
+
1174
+ .mo2f_modal-open .mo2f_modal {
1175
+
1176
+
1177
+ overflow-x: hidden;
1178
+
1179
+
1180
+ overflow-y: hidden;
1181
+
1182
+
1183
+ }
1184
+
1185
+
1186
+
1187
+
1188
+
1189
+ .mo2f_modal-dialog {
1190
+
1191
+
1192
+ position: relative;
1193
+
1194
+
1195
+ width: auto;
1196
+
1197
+
1198
+ margin: 10px;
1199
+
1200
+
1201
+
1202
+
1203
+
1204
+ }
1205
+
1206
+
1207
+
1208
+
1209
+
1210
+ .login mo_customer_validation-modal-content {
1211
+
1212
+
1213
+ position: relative !important;
1214
+
1215
+
1216
+ background-color: #fff !important;
1217
+
1218
+
1219
+ -webkit-background-clip: padding-box !important;
1220
+
1221
+
1222
+ background-clip: padding-box !important;
1223
+
1224
+
1225
+ border: 1px solid #999 !important;
1226
+
1227
+
1228
+ border: 1px solid rgba(0, 0, 0, .2) !important;
1229
+
1230
+
1231
+ border-radius: 6px !important;
1232
+
1233
+
1234
+ outline: 0 !important;
1235
+
1236
+
1237
+
1238
+
1239
+
1240
+ -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
1241
+
1242
+
1243
+ box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
1244
+
1245
+
1246
+ }
1247
+
1248
+
1249
+
1250
+
1251
+
1252
+ .mo2f-modal-backdrop {
1253
+
1254
+
1255
+ position: absolute;
1256
+
1257
+
1258
+ top: 0;
1259
+
1260
+
1261
+ right: 0;
1262
+
1263
+
1264
+ left: 0;
1265
+
1266
+
1267
+ background-color: #f1f1f1 !important;
1268
+
1269
+
1270
+ filter: alpha(opacity=50) !important;
1271
+
1272
+
1273
+ opacity: 0.8 !important;
1274
+
1275
+
1276
+ height: 100% !important;
1277
+
1278
+
1279
+ }
1280
+
1281
+
1282
+
1283
+
1284
+
1285
+ #smsAlertModal {
1286
+
1287
+
1288
+ background-color: black !important;
1289
+
1290
+
1291
+ opacity: 0.8 !important;
1292
+
1293
+
1294
+ filter: alpha(opacity=50) !important;
1295
+
1296
+
1297
+ }
1298
+
1299
+
1300
+
1301
+
1302
+
1303
+ .mo2f_modal-header {
1304
+
1305
+
1306
+ min-height: 14px;
1307
+
1308
+
1309
+ padding: 10px;
1310
+
1311
+
1312
+ border-bottom: 1px solid #e5e5e5
1313
+
1314
+
1315
+ }
1316
+
1317
+
1318
+
1319
+
1320
+
1321
+ .mo2f_modal-title {
1322
+
1323
+
1324
+ margin: 0 !important;
1325
+
1326
+
1327
+ line-height: 1.0 !important;
1328
+
1329
+
1330
+ }
1331
+
1332
+
1333
+
1334
+
1335
+
1336
+ .mo2f_modal-body {
1337
+
1338
+
1339
+ / / width: 96 % !important;
1340
+
1341
+
1342
+ position: relative !important;
1343
+
1344
+
1345
+ padding: 15px !important;
1346
+
1347
+
1348
+ overflow-y: auto !important;
1349
+
1350
+
1351
+ max-height: 550px !important;
1352
+
1353
+
1354
+ }
1355
+
1356
+
1357
+
1358
+
1359
+
1360
+ .mo2f_modal-footer {
1361
+
1362
+
1363
+ padding: 15px;
1364
+
1365
+
1366
+ text-align: right;
1367
+
1368
+
1369
+ border-top: 1px solid #e5e5e5
1370
+
1371
+
1372
+ }
1373
+
1374
+
1375
+
1376
+
1377
+
1378
+ .mo2f_modal-footer .btn + .btn {
1379
+
1380
+
1381
+ margin-bottom: 0;
1382
+
1383
+
1384
+ margin-left: 5px
1385
+
1386
+
1387
+ }
1388
+
1389
+
1390
+
1391
+
1392
+
1393
+ .mo2f_modal-footer .btn-group .btn + .btn {
1394
+
1395
+
1396
+ margin-left: -1px
1397
+
1398
+
1399
+ }
1400
+
1401
+
1402
+
1403
+
1404
+
1405
+ .mo2f_modal-footer .btn-block + .btn-block {
1406
+
1407
+
1408
+ margin-left: 0
1409
+
1410
+
1411
+ }
1412
+
1413
+
1414
+
1415
+
1416
+
1417
+ .mo2f_modal-scrollbar-measure {
1418
+
1419
+
1420
+ position: absolute;
1421
+
1422
+
1423
+ top: -9999px;
1424
+
1425
+
1426
+ width: 50px;
1427
+
1428
+
1429
+ height: 50px;
1430
+
1431
+
1432
+ overflow: scroll
1433
+
1434
+
1435
+ }
1436
+
1437
+
1438
+
1439
+
1440
+
1441
+ @media ( min-width: 768px) {
1442
+
1443
+
1444
+ .mo2f_modal-dialog {
1445
+
1446
+ width: auto;
1447
+ margin: 0px auto
1448
+
1449
+
1450
+ }
1451
+
1452
+
1453
+
1454
+
1455
+
1456
+ .login mo_customer_validation-modal-content {
1457
+
1458
+
1459
+ -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
1460
+
1461
+
1462
+ box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
1463
+
1464
+
1465
+ }
1466
+
1467
+
1468
+
1469
+
1470
+
1471
+ .mo2f_modal-sm {
1472
+
1473
+
1474
+ width: 300px
1475
+
1476
+
1477
+ }
1478
+
1479
+
1480
+
1481
+
1482
+
1483
+ .mo2f_modal-md {
1484
+
1485
+
1486
+ width: 550px
1487
+
1488
+
1489
+ }
1490
+
1491
+
1492
+ }
1493
+
1494
+
1495
+
1496
+
1497
+
1498
+ @media ( min-width: 992px) {
1499
+
1500
+
1501
+ .mo2f_modal-lg {
1502
+
1503
+
1504
+ width: 900px;
1505
+
1506
+
1507
+ }
1508
+
1509
+
1510
+
1511
+
1512
+
1513
+ .mo2f_modal-md {
1514
+
1515
+
1516
+ width: 550px
1517
+
1518
+
1519
+ }
1520
+
1521
+
1522
+ }
1523
+
1524
+
1525
+
1526
+
1527
+
1528
+ .center{
1529
+
1530
+
1531
+
1532
+
1533
+
1534
+ text-align: center !important;
1535
+
1536
+
1537
+ }
1538
+
1539
+
1540
+
1541
+
1542
+
1543
+ #otpMessage {
1544
+
1545
+
1546
+ border-radius: 1px;
1547
+
1548
+
1549
+ padding: 1px 5px;
1550
+
1551
+
1552
+ background: #f1f1f1;
1553
+
1554
+
1555
+ }
1556
+
1557
+
1558
+
1559
+
1560
+
1561
+ .mo2f_carousel-indicators {
1562
+
1563
+
1564
+ position: absolute;
1565
+
1566
+
1567
+ bottom: -20px;
1568
+
1569
+
1570
+ z-index: 15;
1571
+
1572
+
1573
+ width: 60%;
1574
+
1575
+
1576
+ list-style: none;
1577
+
1578
+
1579
+ text-align: center;
1580
+
1581
+
1582
+ }
1583
+
1584
+
1585
+
1586
+
1587
+
1588
+ .miniorange_kba_validate:hover, .miniorange_validate_otp:hover, .miniorange_login_forgotphone:hover,
1589
+
1590
+
1591
+ .miniorange_login_offline:hover, .miniorange_login_forgotphone:hover, .miniorange_otp_token_submit:hover, .miniorange_button:hover
1592
+
1593
+
1594
+ {
1595
+
1596
+
1597
+ background-color:#0073AA!important
1598
+
1599
+
1600
+ }
1601
+
1602
+
1603
+
1604
+
1605
+
1606
+ .miniorange_kba_validate, .miniorange_validate_otp, .miniorange_login_forgotphone,
1607
+
1608
+
1609
+ .miniorange_login_offline, .miniorange_login_forgotphone , .miniorange_otp_token_submit,
1610
+
1611
+
1612
+ .miniorange_button
1613
+
1614
+
1615
+ {
1616
+
1617
+
1618
+ background:#00A0D2!important;
1619
+
1620
+
1621
+ border-color:#0073AA!important;
1622
+
1623
+
1624
+ box-shadow:0 1px 0 rgba(120,200,230,.5) inset,0 1px 0 rgba(0,0,0,.15)!important;
1625
+
1626
+
1627
+ color:#FFF!important;
1628
+
1629
+
1630
+ text-decoration:none!important;
1631
+
1632
+
1633
+ cursor:pointer!important;
1634
+
1635
+
1636
+ border-width:1px!important;
1637
+
1638
+
1639
+ border-style:solid!important;
1640
+
1641
+
1642
+ border-radius:3px!important;
1643
+
1644
+
1645
+ white-space:nowrap!important;
1646
+
1647
+
1648
+ box-sizing:border-box!important;
1649
+
1650
+
1651
+ line-height:28px!important;
1652
+
1653
+
1654
+ padding:0 12px!important;
1655
+
1656
+
1657
+ font-size:13px!important;
1658
+
1659
+
1660
+ }
1661
+
1662
+
1663
+
1664
+
1665
+
1666
+ .mo_customer_validation-modal.fade .mo_customer_validation-modal-dialog {
1667
+
1668
+
1669
+ -webkit-transition: -webkit-transform .3s ease-out;
1670
+
1671
+
1672
+ -o-transition: -o-transform .3s ease-out;
1673
+
1674
+
1675
+ transition: transform .3s ease-out;
1676
+
1677
+
1678
+ -webkit-transform: translate(0, -25%);
1679
+
1680
+
1681
+ -ms-transform: translate(0, -25%);
1682
+
1683
+
1684
+ -o-transform: translate(0, -25%);
1685
+
1686
+
1687
+ transform: translate(0, -25%)
1688
+
1689
+
1690
+ }
1691
+
1692
+
1693
+
1694
+
1695
+
1696
+ .mo_customer_validation-modal.in .mo_customer_validation-modal-dialog {
1697
+
1698
+
1699
+ -webkit-transform: translate(0, 80px) !important;
1700
+
1701
+
1702
+ -ms-transform: translate(0, 80px) !important;
1703
+
1704
+
1705
+ -o-transform: translate(0, 80px) !important;
1706
+
1707
+
1708
+ transform: translate(0, 80px) !important
1709
+
1710
+
1711
+ }
1712
+
1713
+
1714
+
1715
+
1716
+
1717
+ .mo_customer_validation-modal-open .mo_customer_validation-modal {
1718
+
1719
+
1720
+ overflow-x: hidden;
1721
+
1722
+
1723
+ overflow-y: hidden
1724
+
1725
+
1726
+ }
1727
+
1728
+
1729
+
1730
+
1731
+
1732
+ .mo_customer_validation-modal-dialog {
1733
+
1734
+
1735
+ position: relative;
1736
+
1737
+
1738
+ width: auto;
1739
+
1740
+
1741
+ margin: 10px
1742
+
1743
+
1744
+ }
1745
+
1746
+
1747
+
1748
+
1749
+
1750
+ .mo_customer_validation-modal-content {
1751
+
1752
+
1753
+ position: relative;
1754
+
1755
+
1756
+ -webkit-background-clip: padding-box;
1757
+
1758
+
1759
+ border: 1px solid #999;
1760
+
1761
+
1762
+ border: 1px solid rgba(0, 0, 0, .2);
1763
+
1764
+
1765
+ outline: 0;
1766
+
1767
+
1768
+ margin-top: 8%;
1769
+
1770
+
1771
+ margin-left: 0;
1772
+
1773
+
1774
+ padding: 15px 20px 0;
1775
+
1776
+
1777
+ font-family: "Open Sans", sans-serif;
1778
+
1779
+
1780
+
1781
+ font-size: 14px;
1782
+
1783
+
1784
+ line-height: 1.4em;
1785
+
1786
+
1787
+ background: #FFF;
1788
+
1789
+
1790
+ box-shadow: 0 1px 3px rgba(0, 0, 0, .13)
1791
+
1792
+
1793
+ }
1794
+
1795
+
1796
+
1797
+
1798
+
1799
+ .mo_customer_validation-modal-backdrop {
1800
+
1801
+
1802
+ position: absolute;
1803
+
1804
+
1805
+ top: 0;
1806
+
1807
+
1808
+ right: 0;
1809
+
1810
+
1811
+ left: 0;
1812
+
1813
+
1814
+ background-color: #000 !important;
1815
+
1816
+
1817
+ filter: alpha(opacity=50) !important;
1818
+
1819
+
1820
+ opacity: .9 !important;
1821
+
1822
+
1823
+ height: 100% !important
1824
+
1825
+
1826
+ }
1827
+
1828
+
1829
+
1830
+
1831
+
1832
+ .mo_customer_validation-modal-header {
1833
+
1834
+
1835
+ min-height: 14px;
1836
+
1837
+
1838
+ padding: 10px 10px 20px;
1839
+
1840
+
1841
+ border-bottom: 1px solid #e5e5e5
1842
+
1843
+
1844
+ }
1845
+
1846
+
1847
+
1848
+
1849
+
1850
+ .mo_customer_validation-modal-title {
1851
+
1852
+
1853
+ margin: 0 !important;
1854
+
1855
+
1856
+ line-height: 1 !important
1857
+
1858
+
1859
+ }
1860
+
1861
+
1862
+
1863
+
1864
+
1865
+ .mo_customer_validation-modal-body {
1866
+
1867
+
1868
+ position: relative;
1869
+
1870
+
1871
+ padding: 5%;
1872
+
1873
+
1874
+ overflow: hidden !important;
1875
+
1876
+
1877
+ max-height: 550px !important
1878
+
1879
+
1880
+ }
1881
+
1882
+
1883
+
1884
+
1885
+
1886
+ .mo_customer_validation-modal-footer {
1887
+
1888
+
1889
+ padding: 15px;
1890
+
1891
+
1892
+ text-align: right;
1893
+
1894
+
1895
+ border-top: 1px solid #e5e5e5
1896
+
1897
+
1898
+ }
1899
+
1900
+
1901
+
1902
+
1903
+
1904
+ .mo_customer_validation-modal-footer .btn + .btn {
1905
+
1906
+
1907
+ margin-bottom: 0;
1908
+
1909
+
1910
+ margin-left: 5px
1911
+
1912
+
1913
+ }
1914
+
1915
+
1916
+
1917
+
1918
+
1919
+ .mo_customer_validation-modal-footer .btn-group .btn + .btn {
1920
+
1921
+
1922
+ margin-left: -1px
1923
+
1924
+
1925
+ }
1926
+
1927
+
1928
+
1929
+
1930
+
1931
+ .mo_customer_validation-modal-footer .btn-block + .btn-block {
1932
+
1933
+
1934
+ margin-left: 0
1935
+
1936
+
1937
+ }
1938
+
1939
+
1940
+
1941
+
1942
+
1943
+ .mo_customer_validation-modal-scrollbar-measure {
1944
+
1945
+
1946
+ position: absolute;
1947
+
1948
+
1949
+ top: -9999px;
1950
+
1951
+
1952
+ width: 50px;
1953
+
1954
+
1955
+ height: 50px;
1956
+
1957
+
1958
+ overflow: scroll
1959
+
1960
+
1961
+ }
1962
+
1963
+
1964
+
1965
+
1966
+
1967
+ @media (min-width: 768px) {
1968
+
1969
+
1970
+ .mo_customer_validation-modal-dialog {
1971
+
1972
+
1973
+ width: auto;
1974
+
1975
+
1976
+ margin: 0 auto
1977
+
1978
+
1979
+ }
1980
+
1981
+
1982
+
1983
+
1984
+
1985
+ .mo_customer_validation-modal-content {
1986
+
1987
+
1988
+ -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
1989
+
1990
+
1991
+ box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
1992
+
1993
+
1994
+ }
1995
+
1996
+
1997
+
1998
+
1999
+
2000
+ .mo_customer_validation-modal-sm {
2001
+
2002
+
2003
+ width: 300px
2004
+
2005
+
2006
+ }
2007
+
2008
+
2009
+
2010
+
2011
+
2012
+ .mo_customer_validation-modal-md {
2013
+
2014
+
2015
+ width: 532px
2016
+
2017
+
2018
+ }
2019
+
2020
+
2021
+
2022
+
2023
+
2024
+ .mo_customer_validation-modal-lg {
2025
+
2026
+
2027
+ width: 50%
2028
+
2029
+
2030
+ }
2031
+
2032
+
2033
+ }
2034
+
2035
+
2036
+
2037
+
2038
+
2039
+ @media (min-width: 992px) {
2040
+
2041
+
2042
+ .mo_customer_validation-modal-dialog {
2043
+
2044
+
2045
+ width: auto;
2046
+
2047
+
2048
+ margin: 0 auto
2049
+
2050
+
2051
+ }
2052
+
2053
+
2054
+
2055
+
2056
+
2057
+ .mo_customer_validation-modal-lg {
2058
+
2059
+
2060
+ width: 490px
2061
+
2062
+
2063
+ }
2064
+
2065
+
2066
+
2067
+
2068
+
2069
+ .mo_customer_validation-modal-md {
2070
+
2071
+
2072
+ width: 532px
2073
+
2074
+
2075
+ }
2076
+
2077
+
2078
+ }
2079
+
2080
+
2081
+
2082
+
2083
+
2084
+ .mo_customer_validation-textbox {
2085
+
2086
+
2087
+ background: #FBFBFB;
2088
+
2089
+
2090
+ font-family: "Open Sans", sans-serif;
2091
+
2092
+
2093
+ font-size: 24px;
2094
+
2095
+
2096
+ width: 100%;
2097
+
2098
+
2099
+ border: 1px solid #DDD;
2100
+
2101
+
2102
+ padding: 3px;
2103
+
2104
+
2105
+ margin: 2px 6px 16px 0
2106
+
2107
+
2108
+ }
2109
+
2110
+
2111
+
2112
+
2113
+
2114
+ .mo_customer_validation-textbox:focus {
2115
+
2116
+
2117
+ border-color: #5B9DD9;
2118
+
2119
+
2120
+ box-shadow: 0 0 2px rgba(30, 140, 190, .8)
2121
+
2122
+
2123
+ }
2124
+
2125
+
2126
+
2127
+
2128
+
2129
+ .button-primary,
2130
+
2131
+
2132
+ .button-secondary {
2133
+
2134
+
2135
+ background: #00A0D2;
2136
+
2137
+
2138
+ border-color: #0073AA;
2139
+
2140
+
2141
+ box-shadow: 0 1px 0 rgba(120, 200, 230, .5) inset, 0 1px 0 rgba(0, 0, 0, .15);
2142
+
2143
+
2144
+ color: #FFF;
2145
+
2146
+
2147
+ text-decoration: none;
2148
+
2149
+
2150
+ cursor: pointer;
2151
+
2152
+
2153
+ border-width: 1px;
2154
+
2155
+
2156
+ border-style: solid;
2157
+
2158
+
2159
+ border-radius: 3px;
2160
+
2161
+
2162
+ white-space: nowrap;
2163
+
2164
+
2165
+ box-sizing: border-box;
2166
+
2167
+
2168
+ line-height: 28px;
2169
+
2170
+
2171
+ padding: 0 12px;
2172
+
2173
+
2174
+ font-size: 13px
2175
+
2176
+
2177
+ }
2178
+
2179
+
2180
+
2181
+
2182
+
2183
+ .button:hover {
2184
+
2185
+
2186
+ background-color: #0073AA
2187
+
2188
+
2189
+ }
2190
+
2191
+
2192
+
2193
+
2194
+
2195
+ .close {
2196
+
2197
+
2198
+ float: right;
2199
+
2200
+
2201
+ transition: color .1s ease-in-out, background .1s ease-in-out;
2202
+
2203
+
2204
+ text-decoration: none;
2205
+
2206
+
2207
+ color: #999;
2208
+
2209
+
2210
+ font-size: 13px
2211
+
2212
+
2213
+ }
2214
+
2215
+
2216
+
2217
+
2218
+
2219
+ .mo_validate_close:focus,
2220
+
2221
+
2222
+ .mo_validate_close:hover {
2223
+
2224
+
2225
+ color: #0085ba
2226
+
2227
+
2228
+ }
2229
+
2230
+
2231
+
2232
+
2233
+
2234
+ .mo_registration_pricing_text {
2235
+
2236
+
2237
+ font-size: 13px;
2238
+
2239
+
2240
+ color: darkblue;
2241
+
2242
+
2243
+ }
2244
+
2245
+
2246
+
2247
+
2248
+
2249
+ .mo_otp_token {
2250
+
2251
+
2252
+ font-size: 15px;
2253
+
2254
+
2255
+ color: #212F3C;
2256
+
2257
+
2258
+ border: none;
2259
+
2260
+
2261
+ display: block;
2262
+
2263
+
2264
+ border-bottom-style: solid;
2265
+
2266
+
2267
+ border-width: 2px;
2268
+
2269
+
2270
+ border-color: #D0D3D4;
2271
+
2272
+
2273
+ border-radius: 0px;
2274
+
2275
+
2276
+ outline: none;
2277
+
2278
+
2279
+ width: 140px;
2280
+
2281
+
2282
+ text-align: center;
2283
+
2284
+
2285
+ }
2286
+
2287
+
2288
+
2289
+
2290
+
2291
+ .container {
2292
+
2293
+
2294
+ max-width: 960px
2295
+
2296
+
2297
+ }
2298
+
2299
+
2300
+
2301
+
2302
+
2303
+ }
2304
+
2305
+
2306
+ @media (min-width: 1200px) {
2307
+
2308
+
2309
+ .container {
2310
+
2311
+
2312
+ max-width: 1140px
2313
+
2314
+
2315
+ }
2316
+
2317
+
2318
+ }
2319
+
2320
+
2321
+
2322
+
2323
+
2324
+ .container-fluid {
2325
+
2326
+
2327
+ width: 100%;
2328
+
2329
+
2330
+ padding-right: 15px;
2331
+
2332
+
2333
+ padding-left: 15px;
2334
+
2335
+
2336
+ margin-right: auto;
2337
+
2338
+
2339
+ margin-left: auto
2340
+
2341
+
2342
+ }
2343
+
2344
+
2345
+
2346
+
2347
+
2348
+ .row {
2349
+
2350
+
2351
+ display: -webkit-box;
2352
+
2353
+
2354
+ display: -ms-flexbox;
2355
+
2356
+
2357
+ display: flex;
2358
+