Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.18

Version Description

  • Google Authenticator-Two Factor Authentication (2FA, OTP) : *Added missign file
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.18
Comparing to
See all releases

Code changes from version 5.4.14 to 5.4.18

Files changed (46) hide show
  1. api/class-customer-common-setup.php +400 -400
  2. api/class-customer-onprem-setup.php +72 -72
  3. api/class-customer-setup.php +33 -33
  4. api/mo2f_api.php +1 -0
  5. controllers/content-protection.php +93 -93
  6. controllers/dashboard.php +22 -22
  7. controllers/ip-blocking.php +256 -256
  8. controllers/login-spam.php +9 -9
  9. controllers/main_controller.php +111 -111
  10. controllers/malware_scanner/scan_malware_summary.php +4 -4
  11. controllers/pointers.php +581 -581
  12. controllers/support.php +50 -50
  13. controllers/twofa/mo2fa_common_login.php +92 -8
  14. controllers/twofa/mo2fa_inline_registration.php +1227 -1227
  15. controllers/twofa/two_fa_custom_form.php +8 -1
  16. controllers/twofa/two_fa_rba.php +2 -2
  17. controllers/twofa/two_fa_unlimittedUser.php +3 -3
  18. controllers/twofa/two_fa_unlimittedUser_ajax.php +46 -46
  19. controllers/twofa/two_fa_video_guide.php +3 -3
  20. controllers/twofa/two_factor_ajax.php +108 -26
  21. controllers/wpns-loginsecurity-ajax.php +38 -0
  22. database/database_functions.php +6 -0
  23. handler/WAF/database/mo-waf-db-common.php +25 -0
  24. handler/WAF/database/mo-waf-db.php +1 -1
  25. handler/WAF/database/mo-waf-plugin-db.php +90 -87
  26. handler/WAF/mo-waf-plugin.php +211 -210
  27. handler/WAF/mo-waf.php +1 -1
  28. handler/malware_scanner.php +668 -668
  29. handler/malware_scanner/malware_scanner_cron.php +1049 -1049
  30. handler/malware_scanner/scanner_set_cron.php +260 -260
  31. handler/mo-error.html +10 -10
  32. handler/mo-waf.php +586 -586
  33. handler/signature/APLFI.php +4 -4
  34. handler/spam.php +41 -41
  35. handler/twofa/setup_twofa.php +0 -1
  36. handler/twofa/two_fa_login.php +408 -402
  37. handler/twofa/two_fa_pass2login.php +2654 -2557
  38. handler/twofa/two_fa_settings.php +9 -5
  39. handler/twofa/two_fa_short_call.php +43 -0
  40. handler/twofa/two_fa_short_custom.php +80 -0
  41. handler/twofa/two_fa_short_gateway.php +67 -0
  42. handler/twofa/two_fa_utility.php +12 -0
  43. helper/curl.php +2 -2
  44. helper/mo_twofa_sessions.php +53 -0
  45. helper/pluginUtility.php +5 -0
  46. helper/plugins.php +0 -31
api/class-customer-common-setup.php CHANGED
@@ -1,400 +1,400 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Cloud_Setup {
29
-
30
- public $email;
31
- public $phone;
32
- public $customerKey;
33
- public $transactionId;
34
-
35
- private $auth_mode = 2; // miniorange test or not
36
- private $https_mode = false; // website http or https
37
-
38
-
39
- function check_customer() {
40
- $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
- $email = get_option( "mo2f_email" );
42
- $mo2fApi= new Mo2f_Api();
43
- $fields = array (
44
- 'email' => $email
45
- );
46
- $field_string = json_encode ( $fields );
47
-
48
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
-
50
- $response = $mo2fApi->make_curl_call( $url, $field_string );
51
- return $response;
52
-
53
- }
54
-
55
- function guest_audit() {
56
- $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
- $email = get_option( "mo2f_email" );
58
-
59
- $user = wp_get_current_user();
60
-
61
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
- if (empty($email))
63
- $email = $user->user_email;
64
- }
65
-
66
- $mo2fApi= new Mo2f_Api();
67
- $MoWpnsUtility = new MoWpnsUtility();
68
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
- $applicationName='Wordpress Two Factor;'.$MoWpnsUtility->checkPlugins();
70
- $fields = array (
71
- 'emailAddress' => $email,
72
- 'companyName'=>$company,
73
- 'cmsName'=>"WP",
74
- 'applicationType'=>'Two Factor',
75
- 'applicationName'=>$applicationName,
76
- 'pluginVersion'=>MO2F_VERSION,
77
- 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
- );
79
-
80
-
81
-
82
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
-
84
- $field_string = json_encode ( $fields );
85
-
86
- $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
- return $response;
88
-
89
- }
90
-
91
- function send_email_alert( $email, $phone, $message ) {
92
-
93
- $url = MO_HOST_NAME . '/moas/api/notify/send';
94
-
95
- $mo2fApi= new Mo2f_Api();
96
- $customerKey = "16555";
97
- $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
-
99
- $currentTimeInMillis = $mo2fApi->get_timestamp();
100
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
- $hashValue = hash( "sha512", $stringToHash );
102
- $fromEmail = $email;
103
- $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
-
105
- global $user;
106
- $user = wp_get_current_user();
107
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
-
110
-
111
- $customer_feature = "";
112
-
113
- if ( $is_ec_with_1_user ) {
114
- $customer_feature = "V1";
115
- }else if ( $is_nc_with_1_user ) {
116
- $customer_feature = "V3";
117
- }
118
-
119
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
-
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
-
123
- $fields = array(
124
- 'customerKey' => $customerKey,
125
- 'sendEmail' => true,
126
- 'email' => array(
127
- 'customerKey' => $customerKey,
128
- 'fromEmail' => $fromEmail,
129
- 'fromName' => 'Xecurify',
130
- 'toEmail' => '2fasupport@xecurify.com',
131
- 'toName' => '2fasupport@xecurify.com',
132
- 'subject' => $subject,
133
- 'content' => $content
134
- ),
135
- );
136
- $field_string = json_encode( $fields );
137
-
138
- $headers = $mo2fApi->get_http_header_array();
139
-
140
- $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
- return $response;
142
-
143
-
144
- }
145
-
146
- function create_customer() {
147
- global $Mo2fdbQueries;
148
- if ( ! MO2f_Utility::is_curl_installed() ) {
149
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
-
151
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
- }
153
-
154
- $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
- $mo2fApi= new Mo2f_Api();
156
- global $user;
157
- $user = wp_get_current_user();
158
- $this->email = get_option( 'mo2f_email' );
159
- $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
- $password = get_option( 'mo2f_password' );
161
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
-
163
- $fields = array(
164
- 'companyName' => $company,
165
- 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
- 'productInterest' => 'API_2FA',
167
- 'email' => $this->email,
168
- 'phone' => $this->phone,
169
- 'password' => $password
170
- );
171
- $field_string = json_encode( $fields );
172
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
-
174
- $content = $mo2fApi->make_curl_call( $url, $field_string );
175
-
176
- return $content;
177
- }
178
-
179
-
180
- function get_customer_key() {
181
- if ( ! MO2f_Utility::is_curl_installed() ) {
182
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
-
184
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
- }
186
-
187
- $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
-
189
- $email = get_option( "mo2f_email" );
190
- $password = get_option( "mo2f_password" );
191
- $mo2fApi= new Mo2f_Api();
192
- $fields = array(
193
- 'email' => $email,
194
- 'password' => $password
195
- );
196
- $field_string = json_encode( $fields );
197
-
198
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
-
200
- $content = $mo2fApi->make_curl_call( $url, $field_string );
201
-
202
- return $content;
203
- }
204
-
205
-
206
- function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
207
-
208
- if ( ! MO2f_Utility::is_curl_installed()) {
209
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
-
211
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
- }
213
-
214
- $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
- $mo2fApi = new Mo2f_Api();
216
- /* The customer Key provided to you */
217
- $customerKey = $cKey;
218
-
219
- /* The customer API Key provided to you */
220
- $apiKey = $apiKey;
221
-
222
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
- $currentTimeInMillis = $mo2fApi->get_timestamp();
224
-
225
- /* Creating the Hash using SHA-512 algorithm */
226
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
- $hashValue = hash( "sha512", $stringToHash );
228
-
229
- $headers = $mo2fApi->get_http_header_array();
230
-
231
- $fields = '';
232
- if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
- $fields = array(
234
- 'customerKey' => $customerKey,
235
- 'email' => $uKey,
236
- 'authType' => $authType,
237
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
- );
239
- } else if ( $authType == 'SMS' ) {
240
- $authType = "SMS";
241
- $fields = array(
242
- 'customerKey' => $customerKey,
243
- 'phone' => $uKey,
244
- 'authType' => $authType
245
- );
246
- } else {
247
- $fields = array(
248
- 'customerKey' => $customerKey,
249
- 'username' => $uKey,
250
- 'authType' => $authType,
251
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
- );
253
- }
254
-
255
- $field_string = json_encode( $fields );
256
-
257
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
-
259
- return $content;
260
- }
261
-
262
-
263
- function get_customer_transactions( $cKey, $apiKey ) {
264
-
265
- $url = MO_HOST_NAME . '/moas/rest/customer/license';
266
-
267
- $customerKey = $cKey;
268
- $apiKey = $apiKey;
269
- $mo2fApi= new Mo2f_Api();
270
- $currentTimeInMillis = $mo2fApi->get_timestamp();
271
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
272
- $hashValue = hash( "sha512", $stringToHash );
273
-
274
- $fields = '';
275
- $fields = array(
276
- 'customerId' => $customerKey,
277
- 'applicationName' => 'wp_2fa',
278
- 'licenseType' => 'DEMO'
279
- );
280
-
281
- $field_string = json_encode( $fields );
282
-
283
- $headers = $mo2fApi->get_http_header_array();
284
-
285
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
286
-
287
-
288
- return $content;
289
- }
290
-
291
-
292
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
293
- $content='';
294
- if ( ! MO2f_Utility::is_curl_installed() ) {
295
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
296
-
297
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
298
- }
299
-
300
- $url = MO_HOST_NAME . '/moas/api/auth/validate';
301
- $mo2fApi= new Mo2f_Api();
302
- /* The customer Key provided to you */
303
- $customerKey = $cKey;
304
-
305
- /* The customer API Key provided to you */
306
- $apiKey = $customerApiKey;
307
-
308
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
309
- $currentTimeInMillis = $mo2fApi->get_timestamp();
310
-
311
- /* Creating the Hash using SHA-512 algorithm */
312
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
313
- $hashValue = hash( "sha512", $stringToHash );
314
-
315
- $headers = $mo2fApi->get_http_header_array();
316
- $fields = '';
317
- if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
318
- /*check for soft token*/
319
- $fields = array(
320
- 'customerKey' => $customerKey,
321
- 'username' => $username,
322
- 'token' => $otpToken,
323
- 'authType' => $authType
324
- );
325
- } else if ( $authType == 'KBA' ) {
326
- $fields = array(
327
- 'txId' => $transactionId,
328
- 'answers' => array(
329
- array(
330
- 'question' => $otpToken[0],
331
- 'answer' => $otpToken[1]
332
- ),
333
- array(
334
- 'question' => $otpToken[2],
335
- 'answer' => $otpToken[3]
336
- )
337
- )
338
- );
339
-
340
- } else {
341
- //*check for otp over sms/email
342
- $fields = array(
343
- 'txId' => $transactionId,
344
- 'token' => $otpToken
345
- );
346
- }
347
- $field_string = json_encode( $fields );
348
-
349
-
350
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
351
-
352
- return $content;
353
- }
354
-
355
- function submit_contact_us( $q_email, $q_phone, $query ) {
356
- if ( ! MO2f_Utility::is_curl_installed() ) {
357
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
358
-
359
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
360
- }
361
-
362
- $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
363
- global $user;
364
- $user = wp_get_current_user();
365
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
366
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
367
-
368
- $mo2fApi= new Mo2f_Api();
369
- $customer_feature = "";
370
-
371
- if ( $is_ec_with_1_user ) {
372
- $customer_feature = "V1";
373
- } else if ( $is_nc_with_1_user ) {
374
- $customer_feature = "V3";
375
- }
376
- global $moWpnsUtility;
377
-
378
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
379
- $fields = array(
380
- 'firstName' => $user->user_firstname,
381
- 'lastName' => $user->user_lastname,
382
- 'company' => $_SERVER['SERVER_NAME'],
383
- 'email' => $q_email,
384
- 'ccEmail' => '2fasupport@xecurify.com',
385
- 'phone' => $q_phone,
386
- 'query' => $query
387
- );
388
- $field_string = json_encode( $fields );
389
-
390
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
391
-
392
- $content = $mo2fApi->make_curl_call( $url, $field_string );
393
-
394
- return true;
395
- }
396
-
397
- }
398
-
399
-
400
- ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Cloud_Setup {
29
+
30
+ public $email;
31
+ public $phone;
32
+ public $customerKey;
33
+ public $transactionId;
34
+
35
+ private $auth_mode = 2; // miniorange test or not
36
+ private $https_mode = false; // website http or https
37
+
38
+
39
+ function check_customer() {
40
+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
+ $email = get_option( "mo2f_email" );
42
+ $mo2fApi= new Mo2f_Api();
43
+ $fields = array (
44
+ 'email' => $email
45
+ );
46
+ $field_string = json_encode ( $fields );
47
+
48
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
+
50
+ $response = $mo2fApi->make_curl_call( $url, $field_string );
51
+ return $response;
52
+
53
+ }
54
+
55
+ function guest_audit() {
56
+ $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
+ $email = get_option( "mo2f_email" );
58
+
59
+ $user = wp_get_current_user();
60
+
61
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
+ if (empty($email))
63
+ $email = $user->user_email;
64
+ }
65
+
66
+ $mo2fApi= new Mo2f_Api();
67
+ $MoWpnsUtility = new MoWpnsUtility();
68
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
+ $applicationName='Wordpress Two Factor;'.$MoWpnsUtility->checkPlugins();
70
+ $fields = array (
71
+ 'emailAddress' => $email,
72
+ 'companyName'=>$company,
73
+ 'cmsName'=>"WP",
74
+ 'applicationType'=>'Two Factor',
75
+ 'applicationName'=>$applicationName,
76
+ 'pluginVersion'=>MO2F_VERSION,
77
+ 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
+ );
79
+
80
+
81
+
82
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
+
84
+ $field_string = json_encode ( $fields );
85
+
86
+ $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
+ return $response;
88
+
89
+ }
90
+
91
+ function send_email_alert( $email, $phone, $message ) {
92
+
93
+ $url = MO_HOST_NAME . '/moas/api/notify/send';
94
+
95
+ $mo2fApi= new Mo2f_Api();
96
+ $customerKey = "16555";
97
+ $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
+
99
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
100
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
+ $hashValue = hash( "sha512", $stringToHash );
102
+ $fromEmail = $email;
103
+ $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
+
105
+ global $user;
106
+ $user = wp_get_current_user();
107
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
+
110
+
111
+ $customer_feature = "";
112
+
113
+ if ( $is_ec_with_1_user ) {
114
+ $customer_feature = "V1";
115
+ }else if ( $is_nc_with_1_user ) {
116
+ $customer_feature = "V3";
117
+ }
118
+
119
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
+
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
+
123
+ $fields = array(
124
+ 'customerKey' => $customerKey,
125
+ 'sendEmail' => true,
126
+ 'email' => array(
127
+ 'customerKey' => $customerKey,
128
+ 'fromEmail' => $fromEmail,
129
+ 'fromName' => 'Xecurify',
130
+ 'toEmail' => '2fasupport@xecurify.com',
131
+ 'toName' => '2fasupport@xecurify.com',
132
+ 'subject' => $subject,
133
+ 'content' => $content
134
+ ),
135
+ );
136
+ $field_string = json_encode( $fields );
137
+
138
+ $headers = $mo2fApi->get_http_header_array();
139
+
140
+ $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
+ return $response;
142
+
143
+
144
+ }
145
+
146
+ function create_customer() {
147
+ global $Mo2fdbQueries;
148
+ if ( ! MO2f_Utility::is_curl_installed() ) {
149
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
+
151
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
+ }
153
+
154
+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
+ $mo2fApi= new Mo2f_Api();
156
+ global $user;
157
+ $user = wp_get_current_user();
158
+ $this->email = get_option( 'mo2f_email' );
159
+ $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
+ $password = get_option( 'mo2f_password' );
161
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
+
163
+ $fields = array(
164
+ 'companyName' => $company,
165
+ 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
+ 'productInterest' => 'API_2FA',
167
+ 'email' => $this->email,
168
+ 'phone' => $this->phone,
169
+ 'password' => $password
170
+ );
171
+ $field_string = json_encode( $fields );
172
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
+
174
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
175
+
176
+ return $content;
177
+ }
178
+
179
+
180
+ function get_customer_key() {
181
+ if ( ! MO2f_Utility::is_curl_installed() ) {
182
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
+
184
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
+ }
186
+
187
+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
+
189
+ $email = get_option( "mo2f_email" );
190
+ $password = get_option( "mo2f_password" );
191
+ $mo2fApi= new Mo2f_Api();
192
+ $fields = array(
193
+ 'email' => $email,
194
+ 'password' => $password
195
+ );
196
+ $field_string = json_encode( $fields );
197
+
198
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
+
200
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
201
+
202
+ return $content;
203
+ }
204
+
205
+
206
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
207
+
208
+ if ( ! MO2f_Utility::is_curl_installed()) {
209
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
+
211
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
+ }
213
+
214
+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
+ $mo2fApi = new Mo2f_Api();
216
+ /* The customer Key provided to you */
217
+ $customerKey = $cKey;
218
+
219
+ /* The customer API Key provided to you */
220
+ $apiKey = $apiKey;
221
+
222
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
224
+
225
+ /* Creating the Hash using SHA-512 algorithm */
226
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
+ $hashValue = hash( "sha512", $stringToHash );
228
+
229
+ $headers = $mo2fApi->get_http_header_array();
230
+
231
+ $fields = '';
232
+ if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
+ $fields = array(
234
+ 'customerKey' => $customerKey,
235
+ 'email' => $uKey,
236
+ 'authType' => $authType,
237
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
+ );
239
+ } else if ( $authType == 'SMS' ) {
240
+ $authType = "SMS";
241
+ $fields = array(
242
+ 'customerKey' => $customerKey,
243
+ 'phone' => $uKey,
244
+ 'authType' => $authType
245
+ );
246
+ } else {
247
+ $fields = array(
248
+ 'customerKey' => $customerKey,
249
+ 'username' => $uKey,
250
+ 'authType' => $authType,
251
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
+ );
253
+ }
254
+
255
+ $field_string = json_encode( $fields );
256
+
257
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
+
259
+ return $content;
260
+ }
261
+
262
+
263
+ function get_customer_transactions( $cKey, $apiKey ) {
264
+
265
+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
266
+
267
+ $customerKey = $cKey;
268
+ $apiKey = $apiKey;
269
+ $mo2fApi= new Mo2f_Api();
270
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
271
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
272
+ $hashValue = hash( "sha512", $stringToHash );
273
+
274
+ $fields = '';
275
+ $fields = array(
276
+ 'customerId' => $customerKey,
277
+ 'applicationName' => 'wp_2fa',
278
+ 'licenseType' => 'DEMO'
279
+ );
280
+
281
+ $field_string = json_encode( $fields );
282
+
283
+ $headers = $mo2fApi->get_http_header_array();
284
+
285
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
286
+
287
+
288
+ return $content;
289
+ }
290
+
291
+
292
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
293
+ $content='';
294
+ if ( ! MO2f_Utility::is_curl_installed() ) {
295
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
296
+
297
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
298
+ }
299
+
300
+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
301
+ $mo2fApi= new Mo2f_Api();
302
+ /* The customer Key provided to you */
303
+ $customerKey = $cKey;
304
+
305
+ /* The customer API Key provided to you */
306
+ $apiKey = $customerApiKey;
307
+
308
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
309
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
310
+
311
+ /* Creating the Hash using SHA-512 algorithm */
312
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
313
+ $hashValue = hash( "sha512", $stringToHash );
314
+
315
+ $headers = $mo2fApi->get_http_header_array();
316
+ $fields = '';
317
+ if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
318
+ /*check for soft token*/
319
+ $fields = array(
320
+ 'customerKey' => $customerKey,
321
+ 'username' => $username,
322
+ 'token' => $otpToken,
323
+ 'authType' => $authType
324
+ );
325
+ } else if ( $authType == 'KBA' ) {
326
+ $fields = array(
327
+ 'txId' => $transactionId,
328
+ 'answers' => array(
329
+ array(
330
+ 'question' => $otpToken[0],
331
+ 'answer' => $otpToken[1]
332
+ ),
333
+ array(
334
+ 'question' => $otpToken[2],
335
+ 'answer' => $otpToken[3]
336
+ )
337
+ )
338
+ );
339
+
340
+ } else {
341
+ //*check for otp over sms/email
342
+ $fields = array(
343
+ 'txId' => $transactionId,
344
+ 'token' => $otpToken
345
+ );
346
+ }
347
+ $field_string = json_encode( $fields );
348
+
349
+
350
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
351
+
352
+ return $content;
353
+ }
354
+
355
+ function submit_contact_us( $q_email, $q_phone, $query ) {
356
+ if ( ! MO2f_Utility::is_curl_installed() ) {
357
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
358
+
359
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
360
+ }
361
+
362
+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
363
+ global $user;
364
+ $user = wp_get_current_user();
365
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
366
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
367
+
368
+ $mo2fApi= new Mo2f_Api();
369
+ $customer_feature = "";
370
+
371
+ if ( $is_ec_with_1_user ) {
372
+ $customer_feature = "V1";
373
+ } else if ( $is_nc_with_1_user ) {
374
+ $customer_feature = "V3";
375
+ }
376
+ global $moWpnsUtility;
377
+
378
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
379
+ $fields = array(
380
+ 'firstName' => $user->user_firstname,
381
+ 'lastName' => $user->user_lastname,
382
+ 'company' => $_SERVER['SERVER_NAME'],
383
+ 'email' => $q_email,
384
+ 'ccEmail' => '2fasupport@xecurify.com',
385
+ 'phone' => $q_phone,
386
+ 'query' => $query
387
+ );
388
+ $field_string = json_encode( $fields );
389
+
390
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
391
+
392
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
393
+
394
+ return true;
395
+ }
396
+
397
+ }
398
+
399
+
400
+ ?>
api/class-customer-onprem-setup.php CHANGED
@@ -1,73 +1,73 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
-
31
-
32
- function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
33
-
34
- $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
- if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
- if(is_null($currentuser) or !isset($currentuser))
39
- $currentuser = wp_get_current_user();
40
- $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
-
42
- }else {
43
-
44
- $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
45
-
46
- }
47
-
48
- return $content;
49
- }
50
-
51
-
52
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
- $content='';
54
- if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
- if(!isset($current_user) or is_null($current_user) )
58
- $current_user = wp_get_current_user();
59
- $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
- //change parameters as per your requirement but make sure other methods are not affected.
61
-
62
- }else{
63
-
64
- $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
-
66
- }
67
- return $content;
68
- }
69
-
70
-
71
- }
72
-
73
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+
31
+
32
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
33
+
34
+ $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
+ if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
+ if(is_null($currentuser) or !isset($currentuser))
39
+ $currentuser = wp_get_current_user();
40
+ $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
+
42
+ }else {
43
+
44
+ $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
45
+
46
+ }
47
+
48
+ return $content;
49
+ }
50
+
51
+
52
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
+ $content='';
54
+ if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
+ if(!isset($current_user) or is_null($current_user) )
58
+ $current_user = wp_get_current_user();
59
+ $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
+ //change parameters as per your requirement but make sure other methods are not affected.
61
+
62
+ }else{
63
+
64
+ $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
+
66
+ }
67
+ return $content;
68
+ }
69
+
70
+
71
+ }
72
+
73
  ?>
api/class-customer-setup.php CHANGED
@@ -1,34 +1,34 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
- //all parent methods
31
- }
32
-
33
-
34
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+ //all parent methods
31
+ }
32
+
33
+
34
  ?>
api/mo2f_api.php CHANGED
@@ -33,6 +33,7 @@ class Mo2f_Api
33
  'body' => $fields,
34
  'timeout' => '5',
35
  'redirection' => '5',
 
36
  'httpversion' => '1.0',
37
  'blocking' => true,
38
  'headers' => $http_header_array
33
  'body' => $fields,
34
  'timeout' => '5',
35
  'redirection' => '5',
36
+ 'sslverify' =>true,
37
  'httpversion' => '1.0',
38
  'blocking' => true,
39
  'headers' => $http_header_array
controllers/content-protection.php CHANGED
@@ -1,94 +1,94 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_wpns_content_protection":
9
- wpns_handle_content_protection($_POST); break;
10
- case "mo_wpns_enable_comment_spam_blocking":
11
- wpns_handle_comment_spam_blocking($_POST); break;
12
- case "mo_wpns_enable_comment_recaptcha":
13
- wpns_handle_comment_recaptcha($_POST); break;
14
- case "mo_wpns_comment_recaptcha_settings":
15
- wpns_save_comment_recaptcha($_POST); break;
16
- }
17
- }
18
-
19
-
20
- $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
- $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
- $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
- $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
- $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
- $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
- $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
- $test_recaptcha_url = "";
28
- $wp_config = site_url().'/wp-config.php';
29
- $wp_uploads = get_site_url().'/wp-content/uploads';
30
- $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
31
- $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
32
- $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
33
- if($enable_recaptcha)
34
- {
35
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
36
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
37
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
38
- }
39
-
40
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
41
-
42
- /* CONTENT PROTECTION FUNCTIONS */
43
-
44
- //Function to save content protection settings
45
- function wpns_handle_content_protection()
46
- {
47
- isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , $_POST['protect_wp_config']) : update_option('mo2f_protect_wp_config' ,0);
48
- isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', $_POST['prevent_directory_browsing']): update_option('mo2f_prevent_directory_browsing',0);
49
- isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , $_POST['disable_file_editing']) : update_option('mo2f_disable_file_editing' ,0);
50
- isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , $_POST['mo2f_htaccess_file']) : update_option('mo2f_htaccess_file',0);
51
- if(isset($_POST['restrictAPI'])){
52
- update_site_option('mo2f_restrict_restAPI', 1);
53
- }
54
- else{
55
- update_site_option('mo2f_restrict_restAPI',0);
56
- }
57
-
58
-
59
-
60
-
61
- $mo_wpns_htaccess_handler = new MoWpnsHandler();
62
- $mo_wpns_htaccess_handler->update_htaccess_configuration();
63
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
64
- }
65
-
66
-
67
- //Function to handle comment spam blocking
68
- function wpns_handle_comment_spam_blocking($postvalue)
69
- {
70
- $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
71
- update_option('mo_wpns_enable_comment_spam_blocking', $enable);
72
- if($enable)
73
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
74
- else
75
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
76
- }
77
-
78
-
79
- //Function to handle reCAPTCHA for comments
80
- function wpns_handle_comment_recaptcha($postvalue)
81
- {
82
- $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
83
- update_option('mo_wpns_enable_comment_recaptcha', $enable);
84
- if($enable)
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
86
- else
87
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
88
- }
89
-
90
- function wpns_save_comment_recaptcha($postvalue){
91
- update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
92
- update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
93
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
94
  }
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_wpns_content_protection":
9
+ wpns_handle_content_protection($_POST); break;
10
+ case "mo_wpns_enable_comment_spam_blocking":
11
+ wpns_handle_comment_spam_blocking($_POST); break;
12
+ case "mo_wpns_enable_comment_recaptcha":
13
+ wpns_handle_comment_recaptcha($_POST); break;
14
+ case "mo_wpns_comment_recaptcha_settings":
15
+ wpns_save_comment_recaptcha($_POST); break;
16
+ }
17
+ }
18
+
19
+
20
+ $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
+ $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
+ $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
+ $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
+ $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
+ $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
+ $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
+ $test_recaptcha_url = "";
28
+ $wp_config = site_url().'/wp-config.php';
29
+ $wp_uploads = get_site_url().'/wp-content/uploads';
30
+ $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
31
+ $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
32
+ $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
33
+ if($enable_recaptcha)
34
+ {
35
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
36
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
37
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
38
+ }
39
+
40
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
41
+
42
+ /* CONTENT PROTECTION FUNCTIONS */
43
+
44
+ //Function to save content protection settings
45
+ function wpns_handle_content_protection()
46
+ {
47
+ isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , $_POST['protect_wp_config']) : update_option('mo2f_protect_wp_config' ,0);
48
+ isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', $_POST['prevent_directory_browsing']): update_option('mo2f_prevent_directory_browsing',0);
49
+ isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , $_POST['disable_file_editing']) : update_option('mo2f_disable_file_editing' ,0);
50
+ isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , $_POST['mo2f_htaccess_file']) : update_option('mo2f_htaccess_file',0);
51
+ if(isset($_POST['restrictAPI'])){
52
+ update_site_option('mo2f_restrict_restAPI', 1);
53
+ }
54
+ else{
55
+ update_site_option('mo2f_restrict_restAPI',0);
56
+ }
57
+
58
+
59
+
60
+
61
+ $mo_wpns_htaccess_handler = new MoWpnsHandler();
62
+ $mo_wpns_htaccess_handler->update_htaccess_configuration();
63
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
64
+ }
65
+
66
+
67
+ //Function to handle comment spam blocking
68
+ function wpns_handle_comment_spam_blocking($postvalue)
69
+ {
70
+ $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
71
+ update_option('mo_wpns_enable_comment_spam_blocking', $enable);
72
+ if($enable)
73
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
74
+ else
75
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
76
+ }
77
+
78
+
79
+ //Function to handle reCAPTCHA for comments
80
+ function wpns_handle_comment_recaptcha($postvalue)
81
+ {
82
+ $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
83
+ update_option('mo_wpns_enable_comment_recaptcha', $enable);
84
+ if($enable)
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
86
+ else
87
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
88
+ }
89
+
90
+ function wpns_save_comment_recaptcha($postvalue){
91
+ update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
92
+ update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
93
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
94
  }
controllers/dashboard.php CHANGED
@@ -1,23 +1,23 @@
1
- <?php
2
-
3
-
4
-
5
- //all the variables and links
6
- $wpns_database = new MoWpnsDB;
7
- $wpns_count_ips_blocked = $wpns_database->get_count_of_blocked_ips();
8
- $wpns_count_ips_whitelisted = $wpns_database->get_number_of_whitelisted_ips();
9
- $wpns_attacks_blocked = $wpns_database->get_count_of_attacks_blocked();
10
-
11
- $mo_wpns_handler = new MoWpnsHandler();
12
- $sqlC = $mo_wpns_handler->get_blocked_attacks_count("SQL");
13
- $rceC = $mo_wpns_handler->get_blocked_attacks_count("RCE");
14
- $rfiC = $mo_wpns_handler->get_blocked_attacks_count("RFI");
15
- $lfiC = $mo_wpns_handler->get_blocked_attacks_count("LFI");
16
- $xssC = $mo_wpns_handler->get_blocked_attacks_count("XSS");
17
- $totalAttacks = $sqlC+$lfiC+$rfiC+$xssC+$rceC;
18
- $total_malicious=$wpns_database->count_malicious_files();
19
- if($total_malicious > 999){
20
- $total_malicious=($total_malicious/1000);
21
- $total_malicious= round($total_malicious,1)."k";
22
- }
23
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'dashboard.php';
1
+ <?php
2
+
3
+
4
+
5
+ //all the variables and links
6
+ $wpns_database = new MoWpnsDB;
7
+ $wpns_count_ips_blocked = $wpns_database->get_count_of_blocked_ips();
8
+ $wpns_count_ips_whitelisted = $wpns_database->get_number_of_whitelisted_ips();
9
+ $wpns_attacks_blocked = $wpns_database->get_count_of_attacks_blocked();
10
+
11
+ $mo_wpns_handler = new MoWpnsHandler();
12
+ $sqlC = $mo_wpns_handler->get_blocked_attacks_count("SQL");
13
+ $rceC = $mo_wpns_handler->get_blocked_attacks_count("RCE");
14
+ $rfiC = $mo_wpns_handler->get_blocked_attacks_count("RFI");
15
+ $lfiC = $mo_wpns_handler->get_blocked_attacks_count("LFI");
16
+ $xssC = $mo_wpns_handler->get_blocked_attacks_count("XSS");
17
+ $totalAttacks = $sqlC+$lfiC+$rfiC+$xssC+$rceC;
18
+ $total_malicious=$wpns_database->count_malicious_files();
19
+ if($total_malicious > 999){
20
+ $total_malicious=($total_malicious/1000);
21
+ $total_malicious= round($total_malicious,1)."k";
22
+ }
23
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'dashboard.php';
controllers/ip-blocking.php CHANGED
@@ -1,257 +1,257 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- $mo_wpns_handler = new MoWpnsHandler();
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch($_POST['option'])
9
- {
10
- case "mo_wpns_manual_block_ip":
11
- wpns_handle_manual_block_ip($_POST['IP']); break;
12
- case "mo_wpns_unblock_ip":
13
- wpns_handle_unblock_ip($_POST['id']); break;
14
- case "mo_wpns_whitelist_ip":
15
- wpns_handle_whitelist_ip($_POST['IP']); break;
16
- case "mo_wpns_remove_whitelist":
17
- wpns_handle_remove_whitelist($_POST['id'] ); break;
18
- }
19
- }
20
-
21
- $blockedips = $mo_wpns_handler->get_blocked_ips();
22
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
- $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
- $path = explode('plugins', $path);
25
- $img_loader_url = plugins_url().$path[1];
26
-
27
- $page_url = "";
28
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
-
30
-
31
- /** IP BLOCKING RELATED FUNCTIONS **/
32
-
33
- // Function to handle Manual Block IP form submit
34
- function wpns_handle_manual_block_ip($ip)
35
- {
36
-
37
- global $moWpnsUtility;
38
-
39
- if( $moWpnsUtility->check_empty_or_null( $ip) )
40
- {
41
- //Improper message
42
- echo("empty IP");
43
- exit;
44
- }
45
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
- {
47
- echo("INVALID_IP_FORMAT");
48
- exit;
49
- }
50
- else
51
- {
52
- $ipAddress = sanitize_text_field( $ip );
53
- $mo_wpns_config = new MoWpnsHandler();
54
- $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
- if(!$isWhitelisted)
56
- {
57
- if($mo_wpns_config->is_ip_blocked($ipAddress)){
58
- //Change message
59
- echo("already blocked");
60
- exit;
61
- } else{
62
- $mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
- //not in structures
64
- ?>
65
- <table id="blockedips_table1" class="display">
66
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
- <tbody>
68
- <?php
69
- $mo_wpns_handler = new MoWpnsHandler();
70
- $blockedips = $mo_wpns_handler->get_blocked_ips();
71
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
- global $mo2f_dirName;
73
- foreach($blockedips as $blockedip)
74
- {
75
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
- if(empty($blockedip->blocked_for_time))
77
- echo "<span class=redtext>Permanently</span>";
78
- else
79
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
- }
82
- ?>
83
- </tbody>
84
- </table>
85
- <script type="text/javascript">
86
- jQuery("#blockedips_table1").DataTable({
87
- "order": [[ 3, "desc" ]]
88
- });
89
- </script>
90
- <?php
91
- exit;
92
- }
93
- }
94
- else
95
- {
96
- // Change message
97
- echo("IP_IN_WHITELISTED");
98
- exit;
99
- }
100
- }
101
- }
102
-
103
-
104
- // Function to handle Manual Block IP form submit
105
- function wpns_handle_unblock_ip($entryID)
106
- {
107
- global $moWpnsUtility;
108
-
109
- if( $moWpnsUtility->check_empty_or_null($entryID))
110
- {
111
- // Change message
112
- echo("UNKNOWN_ERROR");
113
- exit;
114
- }
115
- else
116
- {
117
- $entryid = sanitize_text_field($entryID);
118
- $mo_wpns_config = new MoWpnsHandler();
119
- $mo_wpns_config->unblock_ip_entry($entryid);
120
- //not is structure
121
- ?>
122
- <table id="blockedips_table1" class="display">
123
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
- <tbody>
125
- <?php
126
- $mo_wpns_handler = new MoWpnsHandler();
127
- $blockedips = $mo_wpns_handler->get_blocked_ips();
128
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
- global $mo2f_dirName;
130
- foreach($blockedips as $blockedip)
131
- {
132
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
- if(empty($blockedip->blocked_for_time))
134
- echo "<span class=redtext>Permanently</span>";
135
- else
136
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
- }
139
- ?>
140
- </tbody>
141
- </table>
142
- <script type="text/javascript">
143
- jQuery("#blockedips_table1").DataTable({
144
- "order": [[ 3, "desc" ]]
145
- });
146
- </script>
147
- <?php
148
-
149
- exit;
150
- }
151
- }
152
-
153
-
154
- // Function to handle Whitelist IP form submit
155
- function wpns_handle_whitelist_ip($ip)
156
- {
157
- global $moWpnsUtility;
158
- if( $moWpnsUtility->check_empty_or_null($ip))
159
- {
160
- //change message
161
- echo("EMPTY IP");
162
- exit;
163
- }
164
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
- { //change message
166
- echo("INVALID_IP");
167
- exit;
168
- }
169
- else
170
- {
171
- $ipAddress = sanitize_text_field($ip);
172
- $mo_wpns_config = new MoWpnsHandler();
173
- if($mo_wpns_config->is_whitelisted($ipAddress))
174
- {
175
- //change message
176
- echo("IP_ALREADY_WHITELISTED");
177
- exit;
178
- }
179
- else
180
- {
181
- $mo_wpns_config->whitelist_ip($ip);
182
- //Structures issues
183
- $mo_wpns_handler = new MoWpnsHandler();
184
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
-
186
- ?>
187
- <table id="whitelistedips_table1" class="display">
188
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
- <tbody>
190
- <?php
191
- foreach($whitelisted_ips as $whitelisted_ip)
192
- {
193
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
- }
195
-
196
-
197
- ?>
198
- </tbody>
199
- </table>
200
- <script type="text/javascript">
201
- jQuery("#whitelistedips_table1").DataTable({
202
- "order": [[ 1, "desc" ]]
203
- });
204
- </script>
205
-
206
- <?php
207
- exit;
208
- }
209
- }
210
- }
211
-
212
-
213
- // Function to handle remove whitelisted IP form submit
214
- function wpns_handle_remove_whitelist($entryID)
215
- {
216
- global $moWpnsUtility;
217
- if( $moWpnsUtility->check_empty_or_null($entryID))
218
- {
219
- //change Message
220
- echo("UNKNOWN_ERROR");
221
- exit;
222
- }
223
- else
224
- {
225
- $entryid = sanitize_text_field($entryID);
226
- $mo_wpns_config = new MoWpnsHandler();
227
- $mo_wpns_config->remove_whitelist_entry($entryid);
228
- //structures
229
- $mo_wpns_handler = new MoWpnsHandler();
230
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
-
232
- ?>
233
- <table id="whitelistedips_table1" class="display">
234
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
- <tbody>
236
- <?php
237
- foreach($whitelisted_ips as $whitelisted_ip)
238
- {
239
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
- }
241
-
242
-
243
- ?>
244
- </tbody>
245
- </table>
246
- <script type="text/javascript">
247
- jQuery("#whitelistedips_table1").DataTable({
248
- "order": [[ 1, "desc" ]]
249
- });
250
- </script>
251
-
252
- <?php
253
- exit;
254
- }
255
- }
256
-
257
 
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ $mo_wpns_handler = new MoWpnsHandler();
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch($_POST['option'])
9
+ {
10
+ case "mo_wpns_manual_block_ip":
11
+ wpns_handle_manual_block_ip($_POST['IP']); break;
12
+ case "mo_wpns_unblock_ip":
13
+ wpns_handle_unblock_ip($_POST['id']); break;
14
+ case "mo_wpns_whitelist_ip":
15
+ wpns_handle_whitelist_ip($_POST['IP']); break;
16
+ case "mo_wpns_remove_whitelist":
17
+ wpns_handle_remove_whitelist($_POST['id'] ); break;
18
+ }
19
+ }
20
+
21
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
22
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
+ $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
+ $path = explode('plugins', $path);
25
+ $img_loader_url = plugins_url().$path[1];
26
+
27
+ $page_url = "";
28
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
+
30
+
31
+ /** IP BLOCKING RELATED FUNCTIONS **/
32
+
33
+ // Function to handle Manual Block IP form submit
34
+ function wpns_handle_manual_block_ip($ip)
35
+ {
36
+
37
+ global $moWpnsUtility;
38
+
39
+ if( $moWpnsUtility->check_empty_or_null( $ip) )
40
+ {
41
+ //Improper message
42
+ echo("empty IP");
43
+ exit;
44
+ }
45
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
+ {
47
+ echo("INVALID_IP_FORMAT");
48
+ exit;
49
+ }
50
+ else
51
+ {
52
+ $ipAddress = sanitize_text_field( $ip );
53
+ $mo_wpns_config = new MoWpnsHandler();
54
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
+ if(!$isWhitelisted)
56
+ {
57
+ if($mo_wpns_config->is_ip_blocked($ipAddress)){
58
+ //Change message
59
+ echo("already blocked");
60
+ exit;
61
+ } else{
62
+ $mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
+ //not in structures
64
+ ?>
65
+ <table id="blockedips_table1" class="display">
66
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
+ <tbody>
68
+ <?php
69
+ $mo_wpns_handler = new MoWpnsHandler();
70
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
71
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
+ global $mo2f_dirName;
73
+ foreach($blockedips as $blockedip)
74
+ {
75
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
+ if(empty($blockedip->blocked_for_time))
77
+ echo "<span class=redtext>Permanently</span>";
78
+ else
79
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
+ }
82
+ ?>
83
+ </tbody>
84
+ </table>
85
+ <script type="text/javascript">
86
+ jQuery("#blockedips_table1").DataTable({
87
+ "order": [[ 3, "desc" ]]
88
+ });
89
+ </script>
90
+ <?php
91
+ exit;
92
+ }
93
+ }
94
+ else
95
+ {
96
+ // Change message
97
+ echo("IP_IN_WHITELISTED");
98
+ exit;
99
+ }
100
+ }
101
+ }
102
+
103
+
104
+ // Function to handle Manual Block IP form submit
105
+ function wpns_handle_unblock_ip($entryID)
106
+ {
107
+ global $moWpnsUtility;
108
+
109
+ if( $moWpnsUtility->check_empty_or_null($entryID))
110
+ {
111
+ // Change message
112
+ echo("UNKNOWN_ERROR");
113
+ exit;
114
+ }
115
+ else
116
+ {
117
+ $entryid = sanitize_text_field($entryID);
118
+ $mo_wpns_config = new MoWpnsHandler();
119
+ $mo_wpns_config->unblock_ip_entry($entryid);
120
+ //not is structure
121
+ ?>
122
+ <table id="blockedips_table1" class="display">
123
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
+ <tbody>
125
+ <?php
126
+ $mo_wpns_handler = new MoWpnsHandler();
127
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
128
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
+ global $mo2f_dirName;
130
+ foreach($blockedips as $blockedip)
131
+ {
132
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
+ if(empty($blockedip->blocked_for_time))
134
+ echo "<span class=redtext>Permanently</span>";
135
+ else
136
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
+ }
139
+ ?>
140
+ </tbody>
141
+ </table>
142
+ <script type="text/javascript">
143
+ jQuery("#blockedips_table1").DataTable({
144
+ "order": [[ 3, "desc" ]]
145
+ });
146
+ </script>
147
+ <?php
148
+
149
+ exit;
150
+ }
151
+ }
152
+
153
+
154
+ // Function to handle Whitelist IP form submit
155
+ function wpns_handle_whitelist_ip($ip)
156
+ {
157
+ global $moWpnsUtility;
158
+ if( $moWpnsUtility->check_empty_or_null($ip))
159
+ {
160
+ //change message
161
+ echo("EMPTY IP");
162
+ exit;
163
+ }
164
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
+ { //change message
166
+ echo("INVALID_IP");
167
+ exit;
168
+ }
169
+ else
170
+ {
171
+ $ipAddress = sanitize_text_field($ip);
172
+ $mo_wpns_config = new MoWpnsHandler();
173
+ if($mo_wpns_config->is_whitelisted($ipAddress))
174
+ {
175
+ //change message
176
+ echo("IP_ALREADY_WHITELISTED");
177
+ exit;
178
+ }
179
+ else
180
+ {
181
+ $mo_wpns_config->whitelist_ip($ip);
182
+ //Structures issues
183
+ $mo_wpns_handler = new MoWpnsHandler();
184
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
+
186
+ ?>
187
+ <table id="whitelistedips_table1" class="display">
188
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
+ <tbody>
190
+ <?php
191
+ foreach($whitelisted_ips as $whitelisted_ip)
192
+ {
193
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
+ }
195
+
196
+
197
+ ?>
198
+ </tbody>
199
+ </table>
200
+ <script type="text/javascript">
201
+ jQuery("#whitelistedips_table1").DataTable({
202
+ "order": [[ 1, "desc" ]]
203
+ });
204
+ </script>
205
+
206
+ <?php
207
+ exit;
208
+ }
209
+ }
210
+ }
211
+
212
+
213
+ // Function to handle remove whitelisted IP form submit
214
+ function wpns_handle_remove_whitelist($entryID)
215
+ {
216
+ global $moWpnsUtility;
217
+ if( $moWpnsUtility->check_empty_or_null($entryID))
218
+ {
219
+ //change Message
220
+ echo("UNKNOWN_ERROR");
221
+ exit;
222
+ }
223
+ else
224
+ {
225
+ $entryid = sanitize_text_field($entryID);
226
+ $mo_wpns_config = new MoWpnsHandler();
227
+ $mo_wpns_config->remove_whitelist_entry($entryid);
228
+ //structures
229
+ $mo_wpns_handler = new MoWpnsHandler();
230
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
+
232
+ ?>
233
+ <table id="whitelistedips_table1" class="display">
234
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
+ <tbody>
236
+ <?php
237
+ foreach($whitelisted_ips as $whitelisted_ip)
238
+ {
239
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
+ }
241
+
242
+
243
+ ?>
244
+ </tbody>
245
+ </table>
246
+ <script type="text/javascript">
247
+ jQuery("#whitelistedips_table1").DataTable({
248
+ "order": [[ 1, "desc" ]]
249
+ });
250
+ </script>
251
+
252
+ <?php
253
+ exit;
254
+ }
255
+ }
256
+
257
 
controllers/login-spam.php CHANGED
@@ -1,10 +1,10 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
- if( isset( $_GET[ 'tab' ] ) ) {
4
- $active_tab = $_GET[ 'tab' ];
5
- } else {
6
- $active_tab = 'default';
7
- }
8
- update_site_option('mo2f_visit_login_and_spam',true);
9
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login_spam.php';
10
  ?>
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+ if( isset( $_GET[ 'tab' ] ) ) {
4
+ $active_tab = $_GET[ 'tab' ];
5
+ } else {
6
+ $active_tab = 'default';
7
+ }
8
+ update_site_option('mo2f_visit_login_and_spam',true);
9
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login_spam.php';
10
  ?>
controllers/main_controller.php CHANGED
@@ -1,111 +1,111 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
-
7
-
8
- if(current_user_can('administrator'))
9
- {
10
- include $controller . 'navbar.php';
11
- include $controller . 'newtork_security_features.php';
12
-
13
- $tour_started=get_option('mo2f_tour_started',0);
14
-
15
-
16
- if($tour_started<1)
17
- include $controller . 'two-fa-intro.php';
18
- else if($tour_started != 0)
19
- include $controller . 'tour-model.php';
20
-
21
- if( isset( $_GET[ 'page' ]))
22
- {
23
- switch($_GET['page'])
24
- {
25
- case 'mo_2fa_dashboard':
26
- include $controller . 'dashboard.php'; break;
27
- case 'mo_2fa_login_and_spam':
28
- include $controller . 'login-spam.php'; break;
29
- case 'default':
30
- include $controller . 'login-security.php'; break;
31
- case 'mo_2fa_account':
32
- include $controller . 'account.php'; break;
33
- case 'mo_2fa_backup':
34
- include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
35
- case 'mo_2fa_upgrade':
36
- include $controller . 'upgrade.php'; break;
37
- case 'mo_2fa_waf':
38
- include $controller . 'waf.php'; break;
39
- case 'mo_2fa_blockedips':
40
- include $controller . 'ip-blocking.php'; break;
41
- case 'mo_2fa_advancedblocking':
42
- include $controller . 'advanced-blocking.php'; break;
43
- case 'mo_2fa_notifications':
44
- include $controller . 'notification-settings.php'; break;
45
- case 'mo_2fa_reports':
46
- include $controller . 'reports.php'; break;
47
- case 'mo_2fa_licensing':
48
- include $controller . 'licensing.php'; break;
49
- case 'mo_2fa_troubleshooting':
50
- include $controller . 'troubleshooting.php'; break;
51
- case 'mo_2fa_addons':
52
- include $controller . 'addons.php'; break;
53
- case 'mo_2fa_malwarescan':
54
- include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
55
- case 'mo_2fa_two_fa':
56
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
57
- case 'mo_2fa_request_demo':
58
- include $controller . 'request_demo.php';
59
- }
60
- }
61
-
62
- }
63
- else
64
- {
65
- if( isset( $_GET[ 'page' ]))
66
- {
67
- switch($_GET['page'])
68
- {
69
- case 'mo_2fa_two_fa':
70
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
71
-
72
- }
73
-
74
- }
75
-
76
- }
77
- if (isset( $_GET[ 'page' ])) {
78
-
79
- if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
80
- {
81
- include $controller . 'feedback_footer.php';
82
- }
83
- else
84
- {
85
- include $controller . 'support.php';
86
- }
87
- }
88
- ?>
89
-
90
- <!-- <script>
91
- jQuery(document).ready(function(){
92
- var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
93
- var data={
94
- 'action':'mo_wpns_malware_redirect',
95
- 'call_type':'malware_scan_initiate',
96
- 'scan':'scan_start',
97
- 'scantype':'quick_scan',
98
- 'nonce': nonce
99
- };
100
- jQuery.post(ajaxurl, data, function(response){
101
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
102
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
103
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
104
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
105
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
106
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
107
- document.getElementById("quick_scan_button").value = "Quick Scan";
108
- });
109
- });
110
- </script> -->
111
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
+
7
+
8
+ if(current_user_can('administrator'))
9
+ {
10
+ include $controller . 'navbar.php';
11
+ include $controller . 'newtork_security_features.php';
12
+
13
+ $tour_started=get_option('mo2f_tour_started',0);
14
+
15
+
16
+ if($tour_started<1)
17
+ include $controller . 'two-fa-intro.php';
18
+ else if($tour_started != 0)
19
+ include $controller . 'tour-model.php';
20
+
21
+ if( isset( $_GET[ 'page' ]))
22
+ {
23
+ switch($_GET['page'])
24
+ {
25
+ case 'mo_2fa_dashboard':
26
+ include $controller . 'dashboard.php'; break;
27
+ case 'mo_2fa_login_and_spam':
28
+ include $controller . 'login-spam.php'; break;
29
+ case 'default':
30
+ include $controller . 'login-security.php'; break;
31
+ case 'mo_2fa_account':
32
+ include $controller . 'account.php'; break;
33
+ case 'mo_2fa_backup':
34
+ include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
35
+ case 'mo_2fa_upgrade':
36
+ include $controller . 'upgrade.php'; break;
37
+ case 'mo_2fa_waf':
38
+ include $controller . 'waf.php'; break;
39
+ case 'mo_2fa_blockedips':
40
+ include $controller . 'ip-blocking.php'; break;
41
+ case 'mo_2fa_advancedblocking':
42
+ include $controller . 'advanced-blocking.php'; break;
43
+ case 'mo_2fa_notifications':
44
+ include $controller . 'notification-settings.php'; break;
45
+ case 'mo_2fa_reports':
46
+ include $controller . 'reports.php'; break;
47
+ case 'mo_2fa_licensing':
48
+ include $controller . 'licensing.php'; break;
49
+ case 'mo_2fa_troubleshooting':
50
+ include $controller . 'troubleshooting.php'; break;
51
+ case 'mo_2fa_addons':
52
+ include $controller . 'addons.php'; break;
53
+ case 'mo_2fa_malwarescan':
54
+ include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
55
+ case 'mo_2fa_two_fa':
56
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
57
+ case 'mo_2fa_request_demo':
58
+ include $controller . 'request_demo.php';
59
+ }
60
+ }
61
+
62
+ }
63
+ else
64
+ {
65
+ if( isset( $_GET[ 'page' ]))
66
+ {
67
+ switch($_GET['page'])
68
+ {
69
+ case 'mo_2fa_two_fa':
70
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
71
+
72
+ }
73
+
74
+ }
75
+
76
+ }
77
+ if (isset( $_GET[ 'page' ])) {
78
+
79
+ if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
80
+ {
81
+ include $controller . 'feedback_footer.php';
82
+ }
83
+ else
84
+ {
85
+ include $controller . 'support.php';
86
+ }
87
+ }
88
+ ?>
89
+
90
+ <!-- <script>
91
+ jQuery(document).ready(function(){
92
+ var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
93
+ var data={
94
+ 'action':'mo_wpns_malware_redirect',
95
+ 'call_type':'malware_scan_initiate',
96
+ 'scan':'scan_start',
97
+ 'scantype':'quick_scan',
98
+ 'nonce': nonce
99
+ };
100
+ jQuery.post(ajaxurl, data, function(response){
101
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
102
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
103
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
104
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
105
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
106
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
107
+ document.getElementById("quick_scan_button").value = "Quick Scan";
108
+ });
109
+ });
110
+ </script> -->
111
+
controllers/malware_scanner/scan_malware_summary.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_summary_view.php';
4
-
5
  ?>
1
+ <?php
2
+
3
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_summary_view.php';
4
+
5
  ?>
controllers/pointers.php CHANGED
@@ -1,581 +1,581 @@
1
- <?php
2
-
3
- $pointers = array();
4
- $tab= 'default';
5
- if(array_key_exists('tab',$_GET))
6
- $tab = $_GET['tab'];
7
-
8
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
-
10
- {
11
- $pointers['default-miniorange-2fa-select-authentication'] = array(
12
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
- 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
- 'isdefault' => 'yes',
16
- 'edge' => 'bottom',
17
- 'align' => 'middle',
18
- 'index' => 'default-miniorange-2fa-select-authentication',
19
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
- );
21
- $pointers['default-miniorange-2fa-configure'] = array(
22
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
- 'anchor_id' => '#GoogleAuthenticator_configuration',
25
- 'isdefault' => 'yes',
26
- 'edge' => 'top',
27
- 'align' => 'left',
28
- 'index' => 'default-miniorange-2fa-configure',
29
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
- );
31
-
32
- $pointers['default-miniorange-2fa-choose_app'] = array(
33
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
- 'anchor_id' => '#mo2f_choose_app_tour',
36
- 'isdefault' => 'yes',
37
- 'edge' => 'left',
38
- 'align' => 'left',
39
- 'index' => 'default-miniorange-2fa-choose_app1',
40
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
- );
42
-
43
- $pointers['default-miniorange-2fa-download_app'] = array(
44
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
- 'anchor_id' => '#links_to_apps_tour',
47
- 'isdefault' => 'yes',
48
- 'edge' => 'left',
49
- 'align' => 'left',
50
- 'index' => 'default-miniorange-2fa-download_app1',
51
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
- );
53
-
54
-
55
- $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
- 'anchor_id' => '#displayGAQrCodeTour',
59
- 'isdefault' => 'yes',
60
- 'edge' => 'left',
61
- 'align' => 'left',
62
- 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
- );
65
- $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
- 'anchor_id' => '#mo2f_change_app_name',
69
- 'isdefault' => 'yes',
70
- 'edge' => 'left',
71
- 'align' => 'left',
72
- 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
- );
75
-
76
- $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
- 'anchor_id' => '#mo2f_scanbarcode_a',
80
- 'isdefault' => 'yes',
81
- 'edge' => 'left',
82
- 'align' => 'left',
83
- 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
- );
86
-
87
- $pointers['default-miniorange-2fa-enter-otp'] = array(
88
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
- 'anchor_id' => '#EnterOTPGATour',
91
- 'isdefault' => 'yes',
92
- 'edge' => 'right',
93
- 'align' => 'left',
94
- 'index' => 'default-miniorange-2fa-enter-otp1',
95
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
- );
97
- $pointers['default-miniorange-2fa-save-otp'] = array(
98
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
- 'anchor_id' => '#SaveOTPGATour',
101
- 'isdefault' => 'yes',
102
- 'edge' => 'right',
103
- 'align' => 'left',
104
- 'index' => 'default-miniorange-2fa-save-otp1',
105
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
- );
107
- $pointers['default-miniorange-2fa-test'] = array(
108
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
- 'anchor_id' => '#test',
111
- 'isdefault' => 'yes',
112
- 'edge' => 'right',
113
- 'align' => 'left',
114
- 'index' => 'default-miniorange-2fa-test',
115
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
- );
117
-
118
- $pointers['default-miniorange-2fa-customizations'] = array(
119
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
- 'anchor_id' => '#disable_two_factor_tour',
122
- 'isdefault' => 'yes',
123
- 'edge' => 'top',
124
- 'align' => 'left',
125
- 'index' => 'default-miniorange-2fa-customizations',
126
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
- );
128
- $pointers['default-miniorange-2fa-inline-registration'] = array(
129
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
- 'anchor_id' => '#mo2f_inline_registration_tour',
132
- 'isdefault' => 'yes',
133
- 'edge' => 'top',
134
- 'align' => 'left',
135
- 'index' => 'default-miniorange-2fa-inline-registration',
136
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
- );
138
- $pointers['default-minorange-2fa-integration'] = array(
139
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
- 'anchor_id' => '#custom_form_2fa_div',
142
- 'isdefault' => 'yes',
143
- 'edge' => 'bottom',
144
- 'align' => 'middle',
145
- 'index' => 'default-minorange-2fa-integration',
146
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
- );
148
- $pointers['default-minorange-2fa-premium-features'] = array(
149
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
- 'anchor_id' => '#custom_login_2fa',
152
- 'isdefault' => 'yes',
153
- 'edge' => 'left',
154
- 'align' => 'left',
155
- 'index' => 'default-minorange-2fa-premium-features',
156
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
- );
158
-
159
- $pointers['default-miniorange-2fa-upgrade'] = array(
160
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
- 'anchor_id' => '#mo_2fa_upgrade_tour',
163
- 'isdefault' => 'yes',
164
- 'edge' => 'top',
165
- 'align' => 'left',
166
- 'index' => 'default-miniorange-2fa-upgrade',
167
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
- );
169
- $pointers['default-miniorange-2fa-support_open'] = array(
170
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
- 'anchor_id' => '#mo_wpns_support_layout_tour',
173
- 'isdefault' => 'yes',
174
- 'edge' => 'bottom',
175
- 'align' => 'right',
176
- 'index' => 'default-miniorange-2fa-support_open',
177
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
- );
179
-
180
-
181
- }
182
- if(get_option('mo2f_tour_firewall') == 1 ){
183
- $pointers['default-miniorange-firewall-level'] = array(
184
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
- 'anchor_id' => '#mo_waf_options_tour',
187
- 'isfirewall'=> 'yes',
188
- 'edge' => 'top',
189
- 'align' => 'left',
190
- 'index' => 'default-miniorange-firewall-level',
191
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
- );
193
- $pointers['default-miniorange-firewall-attacks'] = array(
194
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
- 'anchor_id' => '#mo2f_AttackTypes',
197
- 'isfirewall'=> 'yes',
198
- 'edge' => 'bottom',
199
- 'align' => 'left',
200
- 'index' => 'default-miniorange-firewall-attacks',
201
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
- );
203
- $pointers['default-miniorange-firewall-attack-limit'] = array(
204
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
- 'anchor_id' => '#mo2f_waf_block_after',
207
- 'isfirewall'=> 'yes',
208
- 'edge' => 'bottom',
209
- 'align' => 'left',
210
- 'index' => 'default-miniorange-firewall-attack-limit',
211
- 'align' => 'left',
212
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
- );
214
-
215
- $pointers['default-miniorange-firewall-rate-limit'] = array(
216
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
- 'anchor_id' => '#mo2f_ratelimiting',
219
- 'isfirewall'=> 'yes',
220
- 'edge' => 'top',
221
- 'align' => 'left',
222
- 'index' => 'default-miniorange-firewall-rate-limit',
223
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
- );
225
- $pointers['default-miniorange-firewall-check-attacks'] = array(
226
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
- 'anchor_id' => '#mo2f_firewall_attack_dash',
229
- 'isfirewall'=> 'yes',
230
- 'edge' => 'top',
231
- 'align' => 'left',
232
- 'index' => 'default-miniorange-firewall-check-attacks',
233
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
- );
235
- $pointers['default-miniorange-2fa-upgrade'] = array(
236
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
- 'anchor_id' => '#mo_2fa_upgrade_tour',
239
- 'isfirewall' => 'yes',
240
- 'edge' => 'top',
241
- 'align' => 'left',
242
- 'index' => 'default-miniorange-2fa-upgrade',
243
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
- );
245
-
246
- $pointers['default-miniorange-firewall-support'] = array(
247
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
- 'anchor_id' => '#mo_wpns_support_layout_tour',
250
- 'isfirewall' => 'yes',
251
- 'edge' => 'bottom',
252
- 'align' => 'left',
253
- 'index' => 'default-miniorange-firewall-support',
254
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
- );
256
-
257
- }
258
-
259
- if(get_option('mo2f_tour_malware_scan') ==1){
260
- $pointers['default-miniorange-malware-scan-modes'] = array(
261
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
- 'anchor_id' => '#scan_status_table',
264
- 'ismalware' => 'yes',
265
- 'edge' => 'bottom',
266
- 'align' => 'left',
267
- 'index' => 'default-miniorange-malware-scan-modes',
268
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
- );
270
- $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
- 'anchor_id' => '#mo2f_select_scanning_files',
274
- 'ismalware' => 'yes',
275
- 'edge' => 'bottom',
276
- 'align' => 'left',
277
- 'index' => 'default-miniorange-malware-custom-scan-files',
278
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
- );
280
- $pointers['default-miniorange-malware-scan-reports'] = array(
281
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
- 'anchor_id' => '#scan_report_table',
284
- 'ismalware' => 'yes',
285
- 'edge' => 'top',
286
- 'align' => 'left',
287
- 'index' => 'default-miniorange-malware-scan-reports',
288
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
- );
290
-
291
- $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
- 'anchor_id' => '#mo2f_scan_dash',
295
- 'ismalware' => 'yes',
296
- 'edge' => 'top',
297
- 'align' => 'left',
298
- 'index' => 'default-miniorange-malware-scan-dashboard',
299
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
- );
301
- $pointers['default-miniorange-2fa-upgrade'] = array(
302
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
- 'anchor_id' => '#mo_2fa_upgrade_tour',
305
- 'ismalware' => 'yes',
306
- 'edge' => 'top',
307
- 'align' => 'left',
308
- 'index' => 'default-miniorange-2fa-upgrade',
309
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
- );
311
-
312
- $pointers['default-miniorange-malware-support'] = array(
313
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
- 'anchor_id' => '#mo_wpns_support_layout_tour',
316
- 'ismalware' => 'yes',
317
- 'edge' => 'bottom',
318
- 'align' => 'left',
319
- 'index' => 'default-miniorange-malware-support',
320
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
- );
322
-
323
- }
324
-
325
- if(get_option('mo2f_tour_advance_blocking') ==1){
326
- $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
- 'anchor_id' => '#mo2f_manual_ip_blocking',
330
- 'advcblock' => 'yes',
331
- 'edge' => 'top',
332
- 'align' => 'left',
333
- 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
- );
336
- $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
- 'anchor_id' => '#mo2f_ip_whitelisting',
340
- 'advcblock' => 'yes',
341
- 'edge' => 'top',
342
- 'align' => 'left',
343
- 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
- );
346
-
347
- $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
- 'anchor_id' => '#mo2f_ip_lookup',
351
- 'advcblock' => 'yes',
352
- 'edge' => 'bottom',
353
- 'align' => 'left',
354
- 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
- );
357
-
358
-
359
- $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
- 'anchor_id' => '#mo2f_ip_range_blocking',
363
- 'advcblock' => 'yes',
364
- 'edge' => 'top',
365
- 'align' => 'left',
366
- 'index' => 'default-miniorange-advance-blocking-IP-range',
367
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
- );
369
- $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
- 'anchor_id' => '#mo2f_htaccess_blocking',
373
- 'advcblock' => 'yes',
374
- 'edge' => 'top',
375
- 'align' => 'left',
376
- 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
- );
379
- $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
- 'anchor_id' => '#mo2f_browser_blocking',
383
- 'advcblock' => 'yes',
384
- 'edge' => 'top',
385
- 'align' => 'left',
386
- 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
- );
389
- $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
- 'anchor_id' => '#mo2f_country_blocking',
393
- 'advcblock' => 'yes',
394
- 'edge' => 'bottom',
395
- 'align' => 'left',
396
- 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
- );
399
-
400
- $pointers['default-miniorange-2fa-upgrade'] = array(
401
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
- 'anchor_id' => '#mo_2fa_upgrade_tour',
404
- 'advcblock' => 'yes',
405
- 'edge' => 'top',
406
- 'align' => 'left',
407
- 'index' => 'default-miniorange-2fa-upgrade',
408
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
- );
410
- $pointers['default-miniorange-advance-blocking-support'] = array(
411
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
- 'anchor_id' => '#mo_wpns_support_layout_tour',
414
- 'advcblock' => 'yes',
415
- 'edge' => 'bottom',
416
- 'align' => 'left',
417
- 'index' => 'default-miniorange-advance-blocking-support',
418
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
- );
420
-
421
- }
422
-
423
-
424
- if(get_option('mo2f_tour_backup') == 1 ){
425
- $pointers['default-miniorange-backup-manual-db'] = array(
426
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
- 'anchor_id' => '#mo2f_select_files_backup',
429
- 'isBackup'=> 'yes',
430
- 'edge' => 'top',
431
- 'align' => 'left',
432
- 'index' => 'default-miniorange-backup-manual-db',
433
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
- );
435
- $pointers['default-miniorange-backup-auto-db'] = array(
436
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
- 'anchor_id' => '#mo2f_auto_dbbackup',
439
- 'isBackup'=> 'yes',
440
- 'edge' => 'bottom',
441
- 'align' => 'left',
442
- 'index' => 'default-miniorange-backup-auto-db',
443
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
- );
445
- $pointers['default-miniorange-backup-file'] = array(
446
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
- 'anchor_id' => '#mo2f_schedule_backup_status',
449
- 'isBackup'=> 'yes',
450
- 'edge' => 'top',
451
- 'align' => 'left',
452
- 'index' => 'default-miniorange-backup-file',
453
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
- );
455
- $pointers['default-miniorange-backup-report'] = array(
456
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
- 'anchor_id' => '#backup_report_table',
459
- 'isBackup'=> 'yes',
460
- 'edge' => 'bottom',
461
- 'align' => 'left',
462
- 'index' => 'default-miniorange-backup-report',
463
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
- );
465
-
466
- $pointers['default-miniorange-2fa-upgrade'] = array(
467
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
- 'anchor_id' => '#mo_2fa_upgrade_tour',
470
- 'isBackup' => 'yes',
471
- 'edge' => 'top',
472
- 'align' => 'left',
473
- 'index' => 'default-miniorange-2fa-upgrade',
474
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
- );
476
- $pointers['default-miniorange-backup-support'] = array(
477
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
- 'anchor_id' => '#mo_wpns_support_layout_tour',
480
- 'isBackup' => 'yes',
481
- 'edge' => 'bottom',
482
- 'align' => 'left',
483
- 'index' => 'default-miniorange-backup-support',
484
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
- );
486
-
487
- }
488
-
489
- if(get_option('mo2f_tour_loginSpam') == 1){
490
- $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
- 'anchor_id' => '#mo2f_bruteforce',
494
- 'loginSpam' => 'yes',
495
- 'edge' => 'top',
496
- 'align' => 'left',
497
- 'index' => 'default-miniorange-login-spam-bruteforce',
498
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
- );
500
- $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
- 'anchor_id' => '#mo2f_google_recaptcha',
504
- 'loginSpam' => 'yes',
505
- 'edge' => 'top',
506
- 'align' => 'left',
507
- 'index' => 'default-miniorange-login-spam-recaptcha',
508
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
- );
510
- $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
- 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
- 'loginSpam' => 'yes',
515
- 'edge' => 'bottom',
516
- 'align' => 'left',
517
- 'index' => 'default-miniorange-login-spam-strong-pass',
518
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
- );
520
-
521
- $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
- 'anchor_id' => '#mo2f_block_registration',
525
- 'loginSpam' => 'yes',
526
- 'edge' => 'top',
527
- 'align' => 'left',
528
- 'index' => 'default-miniorange-login-spam-fake-registration',
529
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
- );
531
- $pointers['default-miniorange-login-spam-content'] = array(
532
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
- 'anchor_id' => '#mo2f_content_protection',
535
- 'loginSpam' => 'yes',
536
- 'edge' => 'bottom',
537
- 'align' => 'left',
538
- 'index' => 'default-miniorange-login-spam-content',
539
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
- );
541
- $pointers['default-miniorange-login-spam-block-spam'] = array(
542
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
- 'anchor_id' => '#mo2f_comment_protection',
545
- 'loginSpam' => 'yes',
546
- 'edge' => 'bottom',
547
- 'align' => 'left',
548
- 'index' => 'default-miniorange-login-spam-block-spam',
549
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
- );
551
- $pointers['default-miniorange-2fa-upgrade'] = array(
552
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
- 'anchor_id' => '#mo_2fa_upgrade_tour',
555
- 'loginSpam' => 'yes',
556
- 'edge' => 'top',
557
- 'align' => 'left',
558
- 'index' => 'default-miniorange-2fa-upgrade',
559
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
- );
561
-
562
- $pointers['default-miniorange-login-spam-support'] = array(
563
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
- 'anchor_id' => '#mo_wpns_support_layout_tour',
566
- 'loginSpam' => 'yes',
567
- 'edge' => 'bottom',
568
- 'align' => 'left',
569
- 'index' => 'default-miniorange-login-spam-support',
570
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
- );
572
-
573
-
574
- }
575
-
576
-
577
-
578
-
579
-
580
-
581
- return $pointers;
1
+ <?php
2
+
3
+ $pointers = array();
4
+ $tab= 'default';
5
+ if(array_key_exists('tab',$_GET))
6
+ $tab = $_GET['tab'];
7
+
8
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
+
10
+ {
11
+ $pointers['default-miniorange-2fa-select-authentication'] = array(
12
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
+ 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
+ 'isdefault' => 'yes',
16
+ 'edge' => 'bottom',
17
+ 'align' => 'middle',
18
+ 'index' => 'default-miniorange-2fa-select-authentication',
19
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
+ );
21
+ $pointers['default-miniorange-2fa-configure'] = array(
22
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
+ 'anchor_id' => '#GoogleAuthenticator_configuration',
25
+ 'isdefault' => 'yes',
26
+ 'edge' => 'top',
27
+ 'align' => 'left',
28
+ 'index' => 'default-miniorange-2fa-configure',
29
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
+ );
31
+
32
+ $pointers['default-miniorange-2fa-choose_app'] = array(
33
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
+ 'anchor_id' => '#mo2f_choose_app_tour',
36
+ 'isdefault' => 'yes',
37
+ 'edge' => 'left',
38
+ 'align' => 'left',
39
+ 'index' => 'default-miniorange-2fa-choose_app1',
40
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
+ );
42
+
43
+ $pointers['default-miniorange-2fa-download_app'] = array(
44
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
+ 'anchor_id' => '#links_to_apps_tour',
47
+ 'isdefault' => 'yes',
48
+ 'edge' => 'left',
49
+ 'align' => 'left',
50
+ 'index' => 'default-miniorange-2fa-download_app1',
51
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
+ );
53
+
54
+
55
+ $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
+ 'anchor_id' => '#displayGAQrCodeTour',
59
+ 'isdefault' => 'yes',
60
+ 'edge' => 'left',
61
+ 'align' => 'left',
62
+ 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
+ );
65
+ $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
+ 'anchor_id' => '#mo2f_change_app_name',
69
+ 'isdefault' => 'yes',
70
+ 'edge' => 'left',
71
+ 'align' => 'left',
72
+ 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
+ );
75
+
76
+ $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
+ 'anchor_id' => '#mo2f_scanbarcode_a',
80
+ 'isdefault' => 'yes',
81
+ 'edge' => 'left',
82
+ 'align' => 'left',
83
+ 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
+ );
86
+
87
+ $pointers['default-miniorange-2fa-enter-otp'] = array(
88
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
+ 'anchor_id' => '#EnterOTPGATour',
91
+ 'isdefault' => 'yes',
92
+ 'edge' => 'right',
93
+ 'align' => 'left',
94
+ 'index' => 'default-miniorange-2fa-enter-otp1',
95
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
+ );
97
+ $pointers['default-miniorange-2fa-save-otp'] = array(
98
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
+ 'anchor_id' => '#SaveOTPGATour',
101
+ 'isdefault' => 'yes',
102
+ 'edge' => 'right',
103
+ 'align' => 'left',
104
+ 'index' => 'default-miniorange-2fa-save-otp1',
105
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
+ );
107
+ $pointers['default-miniorange-2fa-test'] = array(
108
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
+ 'anchor_id' => '#test',
111
+ 'isdefault' => 'yes',
112
+ 'edge' => 'right',
113
+ 'align' => 'left',
114
+ 'index' => 'default-miniorange-2fa-test',
115
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
+ );
117
+
118
+ $pointers['default-miniorange-2fa-customizations'] = array(
119
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
+ 'anchor_id' => '#disable_two_factor_tour',
122
+ 'isdefault' => 'yes',
123
+ 'edge' => 'top',
124
+ 'align' => 'left',
125
+ 'index' => 'default-miniorange-2fa-customizations',
126
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
+ );
128
+ $pointers['default-miniorange-2fa-inline-registration'] = array(
129
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
+ 'anchor_id' => '#mo2f_inline_registration_tour',
132
+ 'isdefault' => 'yes',
133
+ 'edge' => 'top',
134
+ 'align' => 'left',
135
+ 'index' => 'default-miniorange-2fa-inline-registration',
136
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
+ );
138
+ $pointers['default-minorange-2fa-integration'] = array(
139
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
+ 'anchor_id' => '#custom_form_2fa_div',
142
+ 'isdefault' => 'yes',
143
+ 'edge' => 'bottom',
144
+ 'align' => 'middle',
145
+ 'index' => 'default-minorange-2fa-integration',
146
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
+ );
148
+ $pointers['default-minorange-2fa-premium-features'] = array(
149
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
+ 'anchor_id' => '#custom_login_2fa',
152
+ 'isdefault' => 'yes',
153
+ 'edge' => 'left',
154
+ 'align' => 'left',
155
+ 'index' => 'default-minorange-2fa-premium-features',
156
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
+ );
158
+
159
+ $pointers['default-miniorange-2fa-upgrade'] = array(
160
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
163
+ 'isdefault' => 'yes',
164
+ 'edge' => 'top',
165
+ 'align' => 'left',
166
+ 'index' => 'default-miniorange-2fa-upgrade',
167
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
+ );
169
+ $pointers['default-miniorange-2fa-support_open'] = array(
170
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
173
+ 'isdefault' => 'yes',
174
+ 'edge' => 'bottom',
175
+ 'align' => 'right',
176
+ 'index' => 'default-miniorange-2fa-support_open',
177
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
+ );
179
+
180
+
181
+ }
182
+ if(get_option('mo2f_tour_firewall') == 1 ){
183
+ $pointers['default-miniorange-firewall-level'] = array(
184
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
+ 'anchor_id' => '#mo_waf_options_tour',
187
+ 'isfirewall'=> 'yes',
188
+ 'edge' => 'top',
189
+ 'align' => 'left',
190
+ 'index' => 'default-miniorange-firewall-level',
191
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
+ );
193
+ $pointers['default-miniorange-firewall-attacks'] = array(
194
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
+ 'anchor_id' => '#mo2f_AttackTypes',
197
+ 'isfirewall'=> 'yes',
198
+ 'edge' => 'bottom',
199
+ 'align' => 'left',
200
+ 'index' => 'default-miniorange-firewall-attacks',
201
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
+ );
203
+ $pointers['default-miniorange-firewall-attack-limit'] = array(
204
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
+ 'anchor_id' => '#mo2f_waf_block_after',
207
+ 'isfirewall'=> 'yes',
208
+ 'edge' => 'bottom',
209
+ 'align' => 'left',
210
+ 'index' => 'default-miniorange-firewall-attack-limit',
211
+ 'align' => 'left',
212
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
+ );
214
+
215
+ $pointers['default-miniorange-firewall-rate-limit'] = array(
216
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
+ 'anchor_id' => '#mo2f_ratelimiting',
219
+ 'isfirewall'=> 'yes',
220
+ 'edge' => 'top',
221
+ 'align' => 'left',
222
+ 'index' => 'default-miniorange-firewall-rate-limit',
223
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
+ );
225
+ $pointers['default-miniorange-firewall-check-attacks'] = array(
226
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
+ 'anchor_id' => '#mo2f_firewall_attack_dash',
229
+ 'isfirewall'=> 'yes',
230
+ 'edge' => 'top',
231
+ 'align' => 'left',
232
+ 'index' => 'default-miniorange-firewall-check-attacks',
233
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
+ );
235
+ $pointers['default-miniorange-2fa-upgrade'] = array(
236
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
239
+ 'isfirewall' => 'yes',
240
+ 'edge' => 'top',
241
+ 'align' => 'left',
242
+ 'index' => 'default-miniorange-2fa-upgrade',
243
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
+ );
245
+
246
+ $pointers['default-miniorange-firewall-support'] = array(
247
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
250
+ 'isfirewall' => 'yes',
251
+ 'edge' => 'bottom',
252
+ 'align' => 'left',
253
+ 'index' => 'default-miniorange-firewall-support',
254
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
+ );
256
+
257
+ }
258
+
259
+ if(get_option('mo2f_tour_malware_scan') ==1){
260
+ $pointers['default-miniorange-malware-scan-modes'] = array(
261
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
+ 'anchor_id' => '#scan_status_table',
264
+ 'ismalware' => 'yes',
265
+ 'edge' => 'bottom',
266
+ 'align' => 'left',
267
+ 'index' => 'default-miniorange-malware-scan-modes',
268
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
+ );
270
+ $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
+ 'anchor_id' => '#mo2f_select_scanning_files',
274
+ 'ismalware' => 'yes',
275
+ 'edge' => 'bottom',
276
+ 'align' => 'left',
277
+ 'index' => 'default-miniorange-malware-custom-scan-files',
278
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
+ );
280
+ $pointers['default-miniorange-malware-scan-reports'] = array(
281
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
+ 'anchor_id' => '#scan_report_table',
284
+ 'ismalware' => 'yes',
285
+ 'edge' => 'top',
286
+ 'align' => 'left',
287
+ 'index' => 'default-miniorange-malware-scan-reports',
288
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
+ );
290
+
291
+ $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
+ 'anchor_id' => '#mo2f_scan_dash',
295
+ 'ismalware' => 'yes',
296
+ 'edge' => 'top',
297
+ 'align' => 'left',
298
+ 'index' => 'default-miniorange-malware-scan-dashboard',
299
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
+ );
301
+ $pointers['default-miniorange-2fa-upgrade'] = array(
302
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
305
+ 'ismalware' => 'yes',
306
+ 'edge' => 'top',
307
+ 'align' => 'left',
308
+ 'index' => 'default-miniorange-2fa-upgrade',
309
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
+ );
311
+
312
+ $pointers['default-miniorange-malware-support'] = array(
313
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
316
+ 'ismalware' => 'yes',
317
+ 'edge' => 'bottom',
318
+ 'align' => 'left',
319
+ 'index' => 'default-miniorange-malware-support',
320
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
+ );
322
+
323
+ }
324
+
325
+ if(get_option('mo2f_tour_advance_blocking') ==1){
326
+ $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
+ 'anchor_id' => '#mo2f_manual_ip_blocking',
330
+ 'advcblock' => 'yes',
331
+ 'edge' => 'top',
332
+ 'align' => 'left',
333
+ 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
+ );
336
+ $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
+ 'anchor_id' => '#mo2f_ip_whitelisting',
340
+ 'advcblock' => 'yes',
341
+ 'edge' => 'top',
342
+ 'align' => 'left',
343
+ 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
+ );
346
+
347
+ $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
+ 'anchor_id' => '#mo2f_ip_lookup',
351
+ 'advcblock' => 'yes',
352
+ 'edge' => 'bottom',
353
+ 'align' => 'left',
354
+ 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
+ );
357
+
358
+
359
+ $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
+ 'anchor_id' => '#mo2f_ip_range_blocking',
363
+ 'advcblock' => 'yes',
364
+ 'edge' => 'top',
365
+ 'align' => 'left',
366
+ 'index' => 'default-miniorange-advance-blocking-IP-range',
367
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
+ );
369
+ $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
+ 'anchor_id' => '#mo2f_htaccess_blocking',
373
+ 'advcblock' => 'yes',
374
+ 'edge' => 'top',
375
+ 'align' => 'left',
376
+ 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
+ );
379
+ $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
+ 'anchor_id' => '#mo2f_browser_blocking',
383
+ 'advcblock' => 'yes',
384
+ 'edge' => 'top',
385
+ 'align' => 'left',
386
+ 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
+ );
389
+ $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
+ 'anchor_id' => '#mo2f_country_blocking',
393
+ 'advcblock' => 'yes',
394
+ 'edge' => 'bottom',
395
+ 'align' => 'left',
396
+ 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
+ );
399
+
400
+ $pointers['default-miniorange-2fa-upgrade'] = array(
401
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
404
+ 'advcblock' => 'yes',
405
+ 'edge' => 'top',
406
+ 'align' => 'left',
407
+ 'index' => 'default-miniorange-2fa-upgrade',
408
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
+ );
410
+ $pointers['default-miniorange-advance-blocking-support'] = array(
411
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
414
+ 'advcblock' => 'yes',
415
+ 'edge' => 'bottom',
416
+ 'align' => 'left',
417
+ 'index' => 'default-miniorange-advance-blocking-support',
418
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
+ );
420
+
421
+ }
422
+
423
+
424
+ if(get_option('mo2f_tour_backup') == 1 ){
425
+ $pointers['default-miniorange-backup-manual-db'] = array(
426
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
+ 'anchor_id' => '#mo2f_select_files_backup',
429
+ 'isBackup'=> 'yes',
430
+ 'edge' => 'top',
431
+ 'align' => 'left',
432
+ 'index' => 'default-miniorange-backup-manual-db',
433
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
+ );
435
+ $pointers['default-miniorange-backup-auto-db'] = array(
436
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
+ 'anchor_id' => '#mo2f_auto_dbbackup',
439
+ 'isBackup'=> 'yes',
440
+ 'edge' => 'bottom',
441
+ 'align' => 'left',
442
+ 'index' => 'default-miniorange-backup-auto-db',
443
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
+ );
445
+ $pointers['default-miniorange-backup-file'] = array(
446
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
+ 'anchor_id' => '#mo2f_schedule_backup_status',
449
+ 'isBackup'=> 'yes',
450
+ 'edge' => 'top',
451
+ 'align' => 'left',
452
+ 'index' => 'default-miniorange-backup-file',
453
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
+ );
455
+ $pointers['default-miniorange-backup-report'] = array(
456
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
+ 'anchor_id' => '#backup_report_table',
459
+ 'isBackup'=> 'yes',
460
+ 'edge' => 'bottom',
461
+ 'align' => 'left',
462
+ 'index' => 'default-miniorange-backup-report',
463
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
+ );
465
+
466
+ $pointers['default-miniorange-2fa-upgrade'] = array(
467
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
470
+ 'isBackup' => 'yes',
471
+ 'edge' => 'top',
472
+ 'align' => 'left',
473
+ 'index' => 'default-miniorange-2fa-upgrade',
474
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
+ );
476
+ $pointers['default-miniorange-backup-support'] = array(
477
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
480
+ 'isBackup' => 'yes',
481
+ 'edge' => 'bottom',
482
+ 'align' => 'left',
483
+ 'index' => 'default-miniorange-backup-support',
484
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
+ );
486
+
487
+ }
488
+
489
+ if(get_option('mo2f_tour_loginSpam') == 1){
490
+ $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
+ 'anchor_id' => '#mo2f_bruteforce',
494
+ 'loginSpam' => 'yes',
495
+ 'edge' => 'top',
496
+ 'align' => 'left',
497
+ 'index' => 'default-miniorange-login-spam-bruteforce',
498
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
+ );
500
+ $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
+ 'anchor_id' => '#mo2f_google_recaptcha',
504
+ 'loginSpam' => 'yes',
505
+ 'edge' => 'top',
506
+ 'align' => 'left',
507
+ 'index' => 'default-miniorange-login-spam-recaptcha',
508
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
+ );
510
+ $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
+ 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
+ 'loginSpam' => 'yes',
515
+ 'edge' => 'bottom',
516
+ 'align' => 'left',
517
+ 'index' => 'default-miniorange-login-spam-strong-pass',
518
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
+ );
520
+
521
+ $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
+ 'anchor_id' => '#mo2f_block_registration',
525
+ 'loginSpam' => 'yes',
526
+ 'edge' => 'top',
527
+ 'align' => 'left',
528
+ 'index' => 'default-miniorange-login-spam-fake-registration',
529
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
+ );
531
+ $pointers['default-miniorange-login-spam-content'] = array(
532
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
+ 'anchor_id' => '#mo2f_content_protection',
535
+ 'loginSpam' => 'yes',
536
+ 'edge' => 'bottom',
537
+ 'align' => 'left',
538
+ 'index' => 'default-miniorange-login-spam-content',
539
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
+ );
541
+ $pointers['default-miniorange-login-spam-block-spam'] = array(
542
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
+ 'anchor_id' => '#mo2f_comment_protection',
545
+ 'loginSpam' => 'yes',
546
+ 'edge' => 'bottom',
547
+ 'align' => 'left',
548
+ 'index' => 'default-miniorange-login-spam-block-spam',
549
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
+ );
551
+ $pointers['default-miniorange-2fa-upgrade'] = array(
552
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
555
+ 'loginSpam' => 'yes',
556
+ 'edge' => 'top',
557
+ 'align' => 'left',
558
+ 'index' => 'default-miniorange-2fa-upgrade',
559
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
+ );
561
+
562
+ $pointers['default-miniorange-login-spam-support'] = array(
563
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
566
+ 'loginSpam' => 'yes',
567
+ 'edge' => 'bottom',
568
+ 'align' => 'left',
569
+ 'index' => 'default-miniorange-login-spam-support',
570
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
+ );
572
+
573
+
574
+ }
575
+
576
+
577
+
578
+
579
+
580
+
581
+ return $pointers;
controllers/support.php CHANGED
@@ -1,51 +1,51 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
11
- }
12
- }
13
-
14
- $current_user = wp_get_current_user();
15
- $email = get_option("mo2f_email");
16
- $phone = get_option("mo_wpns_admin_phone");
17
-
18
-
19
- if(empty($email))
20
- $email = $current_user->user_email;
21
-
22
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
23
-
24
-
25
- /* SUPPORT FORM RELATED FUNCTIONS */
26
-
27
- //Function to handle support form submit
28
- function wpns_handle_support_form($email,$query,$phone)
29
- {
30
-
31
- if( empty($email) || empty($query) )
32
- {
33
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'SUCCESS');
34
- return;
35
- }
36
-
37
-
38
- $query = sanitize_text_field( $query );
39
- $email = sanitize_text_field( $email );
40
- $phone = sanitize_text_field( $phone );
41
- $contact_us = new MocURL();
42
- $submited = json_decode($contact_us->submit_contact_us($email, $phone, $query),true);
43
-
44
- if(json_last_error() == JSON_ERROR_NONE && $submited)
45
- {
46
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
47
- return;
48
- }
49
-
50
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
51
  }
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
11
+ }
12
+ }
13
+
14
+ $current_user = wp_get_current_user();
15
+ $email = get_option("mo2f_email");
16
+ $phone = get_option("mo_wpns_admin_phone");
17
+
18
+
19
+ if(empty($email))
20
+ $email = $current_user->user_email;
21
+
22
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
23
+
24
+
25
+ /* SUPPORT FORM RELATED FUNCTIONS */
26
+
27
+ //Function to handle support form submit
28
+ function wpns_handle_support_form($email,$query,$phone)
29
+ {
30
+
31
+ if( empty($email) || empty($query) )
32
+ {
33
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'SUCCESS');
34
+ return;
35
+ }
36
+
37
+
38
+ $query = sanitize_text_field( $query );
39
+ $email = sanitize_text_field( $email );
40
+ $phone = sanitize_text_field( $phone );
41
+ $contact_us = new MocURL();
42
+ $submited = json_decode($contact_us->submit_contact_us($email, $phone, $query),true);
43
+
44
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
45
+ {
46
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
47
+ return;
48
+ }
49
+
50
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
51
  }
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -51,13 +51,21 @@ function redirect_user_to( $user, $redirect_to ) {
51
  $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
52
  if ( $current_role == 'administrator' ) {
53
  $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
54
- wp_redirect( $redirectUrl );
55
  } else {
56
  $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
57
- wp_redirect( $redirectUrl );
58
  }
 
 
 
 
 
 
 
 
 
59
  }
60
 
 
61
  // used in shortcode addon
62
 
63
  function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
@@ -249,7 +257,6 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
249
 
250
  function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
251
  $mo_wpns_config = new MoWpnsHandler();
252
-
253
  $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
254
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
255
  ?>
@@ -342,6 +349,48 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
342
  function mologinback() {
343
  jQuery('#mo2f_backto_mo_loginform').submit();
344
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
345
  </script>
346
  </body>
347
 
@@ -784,7 +833,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
784
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
785
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
786
  </form>
787
- <?php
788
  $Kbaset = get_user_meta( $user_id ,'Security Questions' );
789
  if ( ! $mo2f_is_new_customer ) { ?>
790
  <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
@@ -845,6 +894,41 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
845
  function mologinforgotphone() {
846
  jQuery('#mo2f_show_forgotphone_loginform').submit();
847
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
848
  </script>
849
  </body>
850
  </html>
@@ -929,14 +1013,14 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
929
  }
930
 
931
  function mo_check_device_confirm() {
932
- jQuery('#mo2f_device_content').hide();
933
- jQuery('#showLoadingBar').show();
934
  jQuery('#mo2f_trust_device_confirm_form').submit();
935
  }
936
 
937
  function mo_check_device_cancel() {
938
- jQuery('#mo2f_device_content').hide();
939
- jQuery('#showLoadingBar').show();
940
  jQuery('#mo2f_trust_device_cancel_form').submit();
941
  }
942
  </script>
51
  $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
52
  if ( $current_role == 'administrator' ) {
53
  $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
 
54
  } else {
55
  $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
 
56
  }
57
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
58
+ $redirect = array(
59
+ 'redirect' => $redirectUrl,
60
+ ) ;
61
+
62
+ wp_send_json_success($redirect);
63
+ }
64
+ else
65
+ wp_redirect( $redirectUrl );
66
  }
67
 
68
+
69
  // used in shortcode addon
70
 
71
  function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
257
 
258
  function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
259
  $mo_wpns_config = new MoWpnsHandler();
 
260
  $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
261
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
262
  ?>
349
  function mologinback() {
350
  jQuery('#mo2f_backto_mo_loginform').submit();
351
  }
352
+ var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
353
+ if(is_ajax){
354
+ jQuery('#mo2f_answer_1').keypress(function (e) {
355
+ if (e.which == 13) {//Enter key pressed
356
+ e.preventDefault();
357
+ mo2f_kba_ajax();
358
+ }
359
+ });
360
+ jQuery('#mo2f_answer_2').keypress(function (e) {
361
+ if (e.which == 13) {//Enter key pressed
362
+ e.preventDefault();
363
+ mo2f_kba_ajax();
364
+ }
365
+ });
366
+ jQuery("#miniorange_kba_validate").click(function(e){
367
+ e.preventDefault();
368
+ mo2f_kba_ajax();
369
+ });
370
+
371
+ function mo2f_kba_ajax(){
372
+ jQuery('#mo2f_answer_1').prop('disabled','true');
373
+ jQuery('#mo2f_answer_2').prop('disabled','true');
374
+ jQuery('#miniorange_kba_validate').prop('disabled','true');
375
+ var data = {
376
+ "action" : "mo2f_ajax",
377
+ "mo2f_ajax_option" : "mo2f_ajax_kba",
378
+ "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
379
+ "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
380
+ "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
381
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
382
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
383
+ "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
384
+ };
385
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
386
+ if ( typeof response.data === "undefined") {
387
+ jQuery("html").html(response);
388
+ }
389
+ else
390
+ location.href = response.data.redirect;
391
+ });
392
+ }
393
+ }
394
  </script>
395
  </body>
396
 
833
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
834
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
835
  </form>
836
+ <?php
837
  $Kbaset = get_user_meta( $user_id ,'Security Questions' );
838
  if ( ! $mo2f_is_new_customer ) { ?>
839
  <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
894
  function mologinforgotphone() {
895
  jQuery('#mo2f_show_forgotphone_loginform').submit();
896
  }
897
+ var is_ajax = '<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>';
898
+ if(is_ajax){
899
+ jQuery('#mo2fa_softtoken').keypress(function (e) {
900
+ if (e.which == 13) {//Enter key pressed
901
+ e.preventDefault();
902
+ mo2f_otp_ajax();
903
+ }
904
+ });
905
+ jQuery("#miniorange_otp_token_submit").click(function(e){
906
+ e.preventDefault();
907
+ mo2f_otp_ajax();
908
+ });
909
+
910
+ function mo2f_otp_ajax(){
911
+ jQuery('#mo2fa_softtoken').prop('disabled','true');
912
+ jQuery('#miniorange_otp_token_submit').prop('disabled','true');
913
+ var data = {
914
+ "action" : "mo2f_ajax",
915
+ "mo2f_ajax_option" : "mo2f_ajax_otp",
916
+ "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
917
+ "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
918
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
919
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
920
+ "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
921
+ };
922
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
923
+ if(typeof response.data === "undefined")
924
+ jQuery("html").html(response);
925
+ else if(response.data.reload)
926
+ location.reload( true );
927
+ else
928
+ location.href = response.data.redirect;
929
+ });
930
+ }
931
+ }
932
  </script>
933
  </body>
934
  </html>
1013
  }
1014
 
1015
  function mo_check_device_confirm() {
1016
+ jQuery('#mo2f_device_content').css("display", "none");
1017
+ jQuery('#showLoadingBar').css("display", "block");
1018
  jQuery('#mo2f_trust_device_confirm_form').submit();
1019
  }
1020
 
1021
  function mo_check_device_cancel() {
1022
+ jQuery('#mo2f_device_content').css("display", "none");
1023
+ jQuery('#showLoadingBar').css("display", "block");
1024
  jQuery('#mo2f_trust_device_cancel_form').submit();
1025
  }
1026
  </script>
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -1,1227 +1,1227 @@
1
- <?php
2
- function fetch_methods(){
3
- $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL");
4
- return $methods;
5
- }
6
-
7
- function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
8
-
9
- global $Mo2fdbQueries;
10
- $current_user = get_userdata($current_user_id);
11
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
12
-
13
- $redirect_to_save = get_user_meta($current_user_id,'redirect_to',true);
14
- if(is_null($redirect_to_save) or $redirect_to_save=='')
15
- update_user_meta($current_user_id,'redirect_to',$redirect_to);
16
- else
17
- {
18
- $redirect_to = $redirect_to_save;
19
- delete_user_meta($current_user_id,'redirect_to');
20
- }
21
- $session_id_save = get_user_meta($current_user_id,'session_id',true);
22
- if(is_null($session_id_save) or $session_id_save=='')
23
- update_user_meta($current_user_id,'session_id',$session_id);
24
- else
25
- {
26
- $session_id = $session_id_save;
27
- delete_user_meta($current_user_id,'session_id');
28
- }
29
- if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
30
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
31
- prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$session_id,$qrCode,$current_selected_method);
32
- else
33
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message);
34
- }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
35
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
36
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method);
37
- else
38
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message);
39
- }else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
40
- prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message);
41
- }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
42
- prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message);
43
- }else if($current_selected_method == 'KBA' ){
44
- prompt_user_for_kba_setup($current_user_id, $login_status, $login_message);
45
- }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
46
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
47
- if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
48
- if(!MO2F_IS_ONPREM)
49
- {
50
- $current_user = get_userdata($current_user_id);
51
- $email = $current_user->user_email;
52
- $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
53
- if(isset($tempEmail) and $tempEmail != '')
54
- $email = $tempEmail;
55
- create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
56
- }
57
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
58
- $pass2fa= new Miniorange_Password_2Factor_Login();
59
- $pass2fa->mo2fa_pass2login(site_url());
60
- }
61
- prompt_user_for_setup_success($current_user_id, $login_status, $login_message);
62
- }else{
63
- $current_user = get_userdata($current_user_id);
64
- if(isset($current_user->roles[0]))
65
- $current_user_role=$current_user->roles[0];
66
- $opt=fetch_methods($current_user);
67
- ?>
68
- <html>
69
- <head>
70
- <meta charset="utf-8"/>
71
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
72
- <meta name="viewport" content="width=device-width, initial-scale=1">
73
- <?php
74
- mo2f_inline_css_and_js();
75
- ?>
76
- </head>
77
- <body>
78
- <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
79
- <div class="mo2f-modal-backdrop"></div>
80
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
81
- <div class="login mo_customer_validation-modal-content">
82
- <div class="mo2f_modal-header">
83
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
84
-
85
- <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
86
- </div>
87
- <div class="mo2f_modal-body">
88
- <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
89
- if(isset($login_message) && !empty($login_message)) {
90
- echo '<br><br>';
91
-
92
- ?>
93
-
94
- <div id="otpMessage">
95
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
96
- </div>
97
- <?php }else
98
- echo '<br>';
99
- ?>
100
-
101
- <br>
102
- <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
103
- <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
104
- <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
105
- <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
106
- (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
107
- </label>
108
- <br>
109
- </span>
110
- <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
111
- <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
112
- <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
113
- <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
114
- </label>
115
- <br>
116
- </span>
117
- <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
118
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
119
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
120
- <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
121
- </label>
122
- <br>
123
- </span>
124
- <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
125
- <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
126
- <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
127
- <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
128
- </label>
129
- <br>
130
- </span>
131
- <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
132
- <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
133
- <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
134
- <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
135
- </label>
136
- <br>
137
- </span>
138
- <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
139
- <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
140
- <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
141
- <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
142
- </label>
143
- <br>
144
- </span>
145
- <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
146
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
147
- <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
148
- <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
149
- </label>
150
- <br>
151
- </span>
152
- <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
153
- <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
154
- <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
155
- <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
156
- </label>
157
- <br>
158
- </span>
159
- <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
160
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
161
- <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
162
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
163
- </label>
164
- <br>
165
- </span>
166
- <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
167
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
168
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
169
- <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
170
- </label>
171
- <br>
172
- </span>
173
- <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
174
- <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
175
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
176
- <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
177
- </label>
178
- </span>
179
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
180
- <br />
181
- <?php mo2f_customize_logo() ?>
182
- </div>
183
- </div>
184
- </div>
185
- </div>
186
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
187
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
188
- </form>
189
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
190
- <input type="hidden" name="mo2f_selected_2factor_method" />
191
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
192
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
193
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
194
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
195
- </form>
196
-
197
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
198
- <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
199
- <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
200
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
201
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
202
-
203
- </form>
204
-
205
- <script>
206
- function mologinback(){
207
- jQuery('#mo2f_backto_mo_loginform').submit();
208
- }
209
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
210
- var selectedMethod = jQuery(this).val();
211
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
212
- jQuery('#mo2f_select_2fa_methods_form').submit();
213
- });
214
- jQuery('a[href="#skiptwofactor"]').click(function(e) {
215
-
216
- jQuery('#mo2f_skip_loginform').submit();
217
- });
218
- </script>
219
- </body>
220
- </html>
221
- <?php
222
- }
223
- }
224
-
225
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
226
- {
227
-
228
- global $Mo2fdbQueries;
229
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
230
- if(isset($mo2f_user_email) and $mo2f_user_email != '')
231
- $email = $mo2f_user_email;
232
-
233
- $current_user = get_userdata($current_user_id);
234
- if($current_user_id == get_option('mo2f_miniorange_admin'))
235
- $email = get_option('mo2f_email');
236
-
237
- $enduser = new Two_Factor_Setup();
238
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
239
-
240
- if(json_last_error() == JSON_ERROR_NONE){
241
-
242
- if($check_user['status'] == 'ERROR'){
243
- return Mo2fConstants:: langTranslate( $check_user['message']);
244
-
245
- }
246
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
247
-
248
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
249
- 'user_registration_with_miniorange' =>'SUCCESS',
250
- 'mo2f_user_email' =>$email,
251
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
252
- ) );
253
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
254
-
255
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
256
- }
257
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
258
-
259
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
260
- if(json_last_error() == JSON_ERROR_NONE) {
261
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
262
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
263
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
264
- 'user_registration_with_miniorange' =>'SUCCESS',
265
- 'mo2f_user_email' =>$email,
266
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
267
- ) );
268
-
269
- $mo2fa_login_message = '';
270
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
271
- }
272
- }
273
-
274
-
275
- }
276
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
277
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
278
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
279
- mo2f_inline_email_form($email,$current_user_id);
280
- exit;
281
- }
282
-
283
- }
284
-
285
- }
286
-
287
- function mo2f_inline_email_form($email,$current_user_id)
288
- {
289
- ?>
290
- <html>
291
- <head>
292
- <meta charset="utf-8"/>
293
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
294
- <meta name="viewport" content="width=device-width, initial-scale=1">
295
- <?php
296
- mo2f_inline_css_and_js();
297
- ?>
298
- </head>
299
- <body>
300
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
301
- <div class="mo2f-modal-backdrop"></div>
302
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
303
- <div class="login mo_customer_validation-modal-content">
304
- <div class="mo2f_modal-header">
305
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
306
- <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
307
- </div>
308
- <div class="mo2f_modal-body">
309
- <form action="" method="post" name="f">
310
- <p>The Email assoicated with your account is already registered in miniOrnage. Please use a different email address or contact miniOrange.
311
- </p><br>
312
- <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
313
- <br>
314
- <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
315
- <br>
316
- <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
317
- <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
318
- <button type="submit" class="mo_wpns_button mo_wpns_button1" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
319
- </form>
320
- <br>
321
- <?php mo2f_customize_logo() ?>
322
- </div>
323
- </div>
324
- </div>
325
- </div>
326
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
327
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
328
- </form>
329
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
330
- <input type="hidden" name="mo2f_selected_2factor_method" />
331
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
332
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
333
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
334
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
335
- </form>
336
- <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
337
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
338
- <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
339
- </form>
340
- <?php } ?>
341
-
342
- <script type="text/javascript">
343
- jQuery('#save_entered_email_inlinecloud1').click(function(){
344
- var email = jQuery('#emailInlineCloud').val();
345
- var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
346
- var data = {
347
- 'action' : 'mo_two_factor_ajax',
348
- 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
349
- 'email' : email,
350
- 'nonce' : nonce
351
-
352
- };
353
-
354
- var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
355
-
356
-
357
- jQuery.post(ajaxurl, data, function(response) {
358
-
359
- if(response == 'alreadyExist')
360
- {
361
- jQuery('#emailalredyused').show();
362
- }
363
- else if(response =='USERCANBECREATED')
364
- {
365
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
366
- jQuery('#mo2f_select_2fa_methods_form').submit();
367
- }
368
- });
369
-
370
- });
371
-
372
-
373
- </script>
374
- </body>
375
-
376
- <?php
377
- }
378
- function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$session_id,$qrCode,$currentMethod){
379
-
380
- global $Mo2fdbQueries;
381
- if(isset($qrCode)){
382
- $qrCodedata = $qrCode['mo2f-login-qrCode'];
383
- $showqrCode = $qrCode['mo2f_show_qr_code'];
384
- }
385
- $current_user = get_userdata($current_user_id);
386
- $email = $current_user->user_email;
387
-
388
- $opt=fetch_methods($current_user);
389
-
390
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
391
- ?>
392
- <html>
393
- <head> <meta charset="utf-8"/>
394
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
395
- <meta name="viewport" content="width=device-width, initial-scale=1">
396
- <?php
397
- mo2f_inline_css_and_js();
398
- ?>
399
- </head>
400
- <body>
401
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
402
- <div class="mo2f-modal-backdrop"></div>
403
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
404
- <div class="login mo_customer_validation-modal-content">
405
- <div class="mo2f_modal-header">
406
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
407
- <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
408
- </div>
409
- <div class="mo2f_modal-body">
410
- <?php if(isset($login_message) && !empty($login_message)) { ?>
411
-
412
- <div id="otpMessage">
413
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
414
- </div>
415
- <?php } ?>
416
- <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
417
- <div class="mo_margin_left">
418
- <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
419
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
420
- <center>
421
- <?php if (sizeof($opt) > 1) { ?>
422
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
423
- <?php } ?>
424
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
425
- </center>
426
- </div>
427
- <?php
428
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
429
- initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
430
- <?php } ?>
431
-
432
- <?php mo2f_customize_logo() ?>
433
- </div>
434
- <br>
435
- <br>
436
- </div>
437
- </div>
438
- </div>
439
- </div>
440
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
441
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
442
- </form>
443
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
444
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
445
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
446
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
447
- </form>
448
- <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
449
- <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
450
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
451
- <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
452
- </form>
453
- <?php if (sizeof($opt) > 1) { ?>
454
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
455
- <input type="hidden" name="option" value="miniorange_back_inline"/>
456
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
457
- </form>
458
- <?php } ?>
459
- <script>
460
- function mologinback(){
461
- jQuery('#mo2f_backto_mo_loginform').submit();
462
- }
463
- function moconfigureapp(){
464
- jQuery('#mo2f_inline_configureapp_form').submit();
465
- }
466
- jQuery('#mo2f_inline_back_btn').click(function() {
467
- jQuery('#mo2f_goto_two_factor_form').submit();
468
- });
469
- <?php
470
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
471
- ?>
472
- <?php } ?>
473
- </script>
474
- </body>
475
- </html>
476
- <?php
477
- }
478
-
479
- function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message){
480
- $mo2f_google_auth=json_decode(get_user_meta($current_user_id,'mo2f_google_auth', true),true);
481
-
482
- $data = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_qrCode'] : null;
483
- $ga_secret = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_secret'] : null;
484
-
485
- ?>
486
- <html>
487
- <head> <meta charset="utf-8"/>
488
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
489
- <meta name="viewport" content="width=device-width, initial-scale=1">
490
- <?php
491
- mo2f_inline_css_and_js();
492
- ?>
493
- </head>
494
- <style>
495
- * {
496
- box-sizing: border-box;
497
- }
498
- [class*="mcol-"] {
499
- float: left;
500
- padding: 15px;
501
- }
502
- /* For desktop: */
503
- .mcol-1 {width: 50%;}
504
- .mcol-2 {width: 50%;}
505
- @media only screen and (max-width: 768px) {
506
- /* For mobile phones: */
507
- [class*="mcol-"] {
508
- width: 100%;
509
- }
510
- }
511
- </style>
512
- <body>
513
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
514
- <div class="mo2f-modal-backdrop"></div>
515
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
516
- <div class="login mo_customer_validation-modal-content">
517
- <div class="mo2f_modal-header">
518
- <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
519
- <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
520
- </div>
521
- <div class="mo2f_modal-body">
522
- <?php
523
-
524
- $current_user = get_userdata($current_user_id);
525
- $opt=fetch_methods($current_user);
526
- ?>
527
- <?php if(isset($login_message) && !empty($login_message)) { ?>
528
- <div id="otpMessage"
529
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
530
- >
531
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
532
- </div>
533
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
534
- <?php } ?>
535
- <div class="mcol-1">
536
- <div id="mo2f_choose_app_tour">
537
- <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
538
-
539
- <select id="authenticator_type">
540
- <option value="google_authenticator">Google Authenticator</option>
541
- <option value="msft_authenticator">Microsoft Authenticator</option>
542
- <option value="authy_authenticator">Authy Authenticator</option>
543
- <option value="last_pass_auth">LastPass Authenticator</option>
544
- <option value="free_otp_auth">FreeOTP Authenticator</option>
545
- <option value="duo_auth">Duo Mobile Authenticator</option>
546
- </select>
547
- <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
548
- <span id="links_to_apps">
549
- <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
550
- <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
551
-
552
- </span>
553
- </div>
554
- </div>
555
- <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
556
- <ol>
557
- <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
558
- <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
559
- <br>
560
- <?php if(MO2F_IS_ONPREM){ ?>
561
- <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
562
- <?php
563
-
564
- } else{ ?>
565
- <div style="margin-left: 14%;">
566
- <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
567
- <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
568
- </div>
569
- </div>
570
- <?php }
571
- ?>
572
- <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
573
-
574
- </ol>
575
- <div id="mo2f_scanbarcode_a" hidden>
576
- <ol >
577
- <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
578
- <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
579
- <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
580
- <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
581
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
582
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
583
- <?php echo $ga_secret; ?>
584
- </div>
585
- <div style="font-size: 80%;color: #666666;">
586
- <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
587
- </div>
588
- </div>
589
- <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
590
- <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
591
- </ol>
592
- </div>
593
- </div>
594
- <div class="mcol-2">
595
- <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
596
- <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
597
- <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
598
- <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
599
- <br />
600
- <input type="hidden" name="option" value="miniorange_inline_ga_validate">
601
- <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
602
- <div class="center">
603
- <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
604
- </div>
605
- <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
606
- </form>
607
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
608
- <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
609
- <input type="hidden" name="option" value="miniorange_back_inline"/>
610
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
611
- </form>
612
- </div>
613
- <br>
614
- <br>
615
- <?php mo2f_customize_logo() ?>
616
- </div>
617
- </div>
618
- </div>
619
- </div>
620
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
621
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
622
- </form>
623
- <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
624
- <input type="hidden" name="google_phone_type" />
625
- <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
626
- </form>
627
-
628
- <script>
629
- jQuery('#authenticator_type').change(function(){
630
- var auth_type = jQuery(this).val();
631
- if(auth_type == 'google_authenticator'){
632
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
633
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
634
- '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
635
- jQuery('#mo2f_change_app_name').show();
636
- jQuery('#links_to_apps').show();
637
- }else if(auth_type == 'msft_authenticator'){
638
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
639
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
640
- '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
641
- jQuery('#links_to_apps').show();
642
- }else if(auth_type == 'free_otp_auth'){
643
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
644
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
645
- '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
646
- jQuery('#links_to_apps').show();
647
- }else if(auth_type == 'duo_auth'){
648
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
649
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
650
- '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
651
- jQuery('#links_to_apps').show();
652
- }else if(auth_type == 'authy_authenticator'){
653
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
654
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
655
- '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
656
- jQuery('#links_to_apps').show();
657
- }else{
658
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
659
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
660
- '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
661
- jQuery('#mo2f_change_app_name').show();
662
- jQuery('#links_to_apps').show();
663
- }
664
- });
665
- function mologinback(){
666
- jQuery('#mo2f_backto_mo_loginform').submit();
667
- }
668
- jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
669
- var selectedPhone = jQuery(this).val();
670
- document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
671
- jQuery('#mo2f_inline_app_type_ga_form').submit();
672
- });
673
- jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
674
- jQuery("#mo2f_scanbarcode_a").toggle();
675
- });
676
- </script>
677
- </body>
678
- <?php
679
- echo '<head>';
680
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
681
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
682
- echo '</head>';
683
- }
684
-
685
- function mo2f_inline_css_and_js(){
686
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
687
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))). '" ></script>';
688
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
689
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))). '" />';
690
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
691
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))) . '" />';
692
- }
693
-
694
-
695
- function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
696
- $data = $qrCode;
697
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id );
698
- $url = MO_HOST_NAME;
699
- $opt=fetch_methods($current_user);
700
- ?>
701
- <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
702
- <div class="red" style="color:#E74C3C;">
703
- <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
704
- <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
705
- <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
706
- <ol>
707
- <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
708
- <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
709
- <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
710
- </ol>
711
- </div>
712
- <table class="mo2f_settings_table">
713
- <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
714
- <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
715
- </div>
716
- </table>
717
- <center>
718
- <?php
719
- if (sizeof($opt) > 1) { ?>
720
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
721
- <?php }
722
- ?>
723
- </center>
724
- <script>
725
- jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
726
- jQuery('#mo2f_inline_configureapp_form').submit();
727
- });
728
- jQuery("#mo2f_configurePhone").empty();
729
- jQuery("#mo2f_app_div").hide();
730
- var timeout;
731
- pollInlineMobileRegistration();
732
- function pollInlineMobileRegistration()
733
- {
734
- var transId = "<?php echo $mo2f_login_transaction_id; ?>";
735
- var jsonString = "{\"txId\":\""+ transId + "\"}";
736
- var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
737
- jQuery.ajax({
738
- url: postUrl,
739
- type : "POST",
740
- dataType : "json",
741
- data : jsonString,
742
- contentType : "application/json; charset=utf-8",
743
- success : function(result) {
744
- var status = JSON.parse(JSON.stringify(result)).status;
745
- if (status == 'SUCCESS') {
746
- var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
747
- jQuery("#displayInlineQrCode").empty();
748
- jQuery("#displayInlineQrCode").append(content);
749
- setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
750
- } else if (status == 'ERROR' || status == 'FAILED') {
751
- var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
752
- jQuery("#displayInlineQrCode").empty();
753
- jQuery("#displayInlineQrCode").append(content);
754
- jQuery("#messages").empty();
755
- jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
756
- } else {
757
- timeout = setTimeout(pollInlineMobileRegistration, 3000);
758
- }
759
- }
760
- });
761
- }
762
- </script>
763
- <?php
764
- }
765
- function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message){
766
- $current_user = get_userdata($current_user_id);
767
- $opt=fetch_methods($current_user);
768
-
769
- ?>
770
- <html>
771
- <head> <meta charset="utf-8"/>
772
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
773
- <meta name="viewport" content="width=device-width, initial-scale=1">
774
- <?php
775
- mo2f_inline_css_and_js();
776
- ?>
777
- <style>
778
- .mo2f_kba_ques, .mo2f_table_textbox{
779
- background: whitesmoke none repeat scroll 0% 0%;
780
- }
781
- </style>
782
- </head>
783
- <body>
784
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
785
- <div class="mo2f-modal-backdrop"></div>
786
- <div class="mo2f_modal-dialog mo2f_modal-lg">
787
- <div class="login mo_customer_validation-modal-content">
788
- <div class="mo2f_modal-header">
789
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
790
- <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
791
- </div>
792
- <div class="mo2f_modal-body">
793
- <?php if(isset($login_message) && !empty($login_message)) { ?>
794
- <div id="otpMessage">
795
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
796
- </div>
797
- <?php } ?>
798
- <form name="f" method="post" action="" >
799
- <?php mo2f_configure_kba_questions(); ?>
800
- <br />
801
- <div class ="row">
802
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
803
- <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
804
- <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
805
-
806
- </div>
807
- </div>
808
- <input type="hidden" name="option" value="mo2f_inline_kba_option" />
809
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
810
- </form>
811
- <?php if (sizeof($opt) > 1) { ?>
812
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
813
- <div class ="row">
814
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
815
- <input type="hidden" name="option" value="miniorange_back_inline"/>
816
- </div>
817
- </div>
818
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
819
- </form>
820
- <?php } ?>
821
-
822
- <?php mo2f_customize_logo() ?>
823
- </div>
824
- </div>
825
- </div>
826
- </div>
827
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
828
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
829
- </form>
830
-
831
- <script>
832
-
833
-
834
-
835
-
836
-
837
-
838
- function mologinback(){
839
- jQuery('#mo2f_backto_mo_loginform').submit();
840
- }
841
-
842
- function mobackinline(){
843
- jQuery('#mo2f_goto_two_factor_form').submit();
844
- }
845
- </script>
846
- </body>
847
- </html>
848
- <?php
849
- }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message){
850
- $current_user = get_userdata($current_user_id);
851
- $opt=fetch_methods($current_user);
852
- ?>
853
- <html>
854
- <head> <meta charset="utf-8"/>
855
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
856
- <meta name="viewport" content="width=device-width, initial-scale=1">
857
- <?php
858
- mo2f_inline_css_and_js();
859
- ?>
860
- <style>
861
- .mo2f_kba_ques, .mo2f_table_textbox{
862
- background: whitesmoke none repeat scroll 0% 0%;
863
- }
864
- </style>
865
- </head>
866
- <body>
867
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
868
- <div class="mo2f-modal-backdrop"></div>
869
- <div class="mo2f_modal-dialog mo2f_modal-lg">
870
- <div class="login mo_customer_validation-modal-content">
871
- <div class="mo2f_modal-header">
872
- <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
873
- <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
874
- </div>
875
- <div class="mo2f_modal-body">
876
- <?php if(isset($login_message) && !empty($login_message)){ ?>
877
- <div id="otpMessage">
878
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
879
- </div>
880
- <?php } ?>
881
- <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
882
- <input type="hidden" name="option" value="miniorange_inline_register" />
883
- <p>This method requires you to have an account with miniOrange.</p>
884
- <table class="mo_wpns_settings_table">
885
- <tr>
886
- <td><b><font color="#FF0000">*</font>Email:</b></td>
887
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
888
- required placeholder="person@example.com"/></td>
889
- </tr>
890
- <tr>
891
- <td><b><font color="#FF0000">*</font>Password:</b></td>
892
- <td><input class="mo_wpns_table_textbox" required type="password"
893
- name="password" placeholder="Choose your password (Min. length 6)" /></td>
894
- </tr>
895
- <tr>
896
- <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
897
- <td><input class="mo_wpns_table_textbox" required type="password"
898
- name="confirmPassword" placeholder="Confirm your password" /></td>
899
- </tr>
900
- <tr>
901
- <td>&nbsp;</td>
902
- <td><br><input type="submit" name="submit" value="Create Account"
903
- class="miniorange_button" />
904
- <a href="#mo2f_account_exist">Already have an account?</a>
905
- </tr>
906
- </table>
907
- </form>
908
- <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
909
- <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
910
- <input type="hidden" name="option" value="miniorange_inline_login"/>
911
- <table class="mo_wpns_settings_table">
912
- <tr>
913
- <td><b><font color="#FF0000">*</font>Email:</b></td>
914
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
915
- required placeholder="person@example.com"
916
- /></td>
917
- </tr>
918
- <tr>
919
- <td><b><font color="#FF0000">*</font>Password:</b></td>
920
- <td><input class="mo_wpns_table_textbox" required type="password"
921
- name="password" placeholder="Enter your miniOrange password" /></td>
922
- </tr>
923
- <tr>
924
- <td>&nbsp;</td>
925
- <td><input type="submit" class="miniorange_button" />
926
- <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
927
- </tr>
928
- </table>
929
- </form>
930
- <br>
931
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
932
- <?php mo2f_customize_logo() ?>
933
- </div>
934
- </div>
935
- </div>
936
- </div>
937
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
938
- <input type="hidden" name="option" value="miniorange_back_inline"/>
939
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
940
- </form>
941
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
942
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
943
- </form>
944
-
945
- <script>
946
- jQuery('#mo2f_inline_back_btn').click(function() {
947
- jQuery('#mo2f_goto_two_factor_form').submit();
948
- });
949
- jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
950
- jQuery('#mo2f_inline_login_form').show();
951
- jQuery('#mo2f_inline_register_form').hide();
952
- });
953
- jQuery('#cancel_link').click(function(){
954
- jQuery('#mo2f_inline_register_form').show();
955
- jQuery('#mo2f_inline_login_form').hide();
956
- });
957
- function mologinback(){
958
- jQuery('#mo2f_backto_mo_loginform').submit();
959
- }
960
- </script>
961
- </body>
962
- </html>
963
- <?php
964
- }
965
- function prompt_user_for_setup_success($id, $login_status, $login_message){
966
- global $Mo2fdbQueries;
967
- ?>
968
- <html>
969
- <head> <meta charset="utf-8"/>
970
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
971
- <meta name="viewport" content="width=device-width, initial-scale=1">
972
- <?php
973
- mo2f_inline_css_and_js();
974
- ?>
975
- <style>
976
- .mo2f_kba_ques, .mo2f_table_textbox{
977
- background: whitesmoke none repeat scroll 0% 0%;
978
- }
979
- </style>
980
- </head>
981
- <body>
982
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
983
- <div class="mo2f-modal-backdrop"></div>
984
- <div class="mo2f_modal-dialog mo2f_modal-lg">
985
- <div class="login mo_customer_validation-modal-content">
986
- <div class="mo2f_modal-header">
987
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
988
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
989
- </div>
990
- <div class="mo2f_modal-body center">
991
- <?php
992
- global $Mo2fdbQueries;
993
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
994
- if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
995
- $mo2f_second_factor = 'Email Verification';
996
- }else if($mo2f_second_factor == 'SMS'){
997
- $mo2f_second_factor = 'OTP over SMS';
998
- }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
999
- $mo2f_second_factor = 'OTP_OVER_EMAIL';
1000
- }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1001
- $mo2f_second_factor = 'Phone Call Verification';
1002
- }else if($mo2f_second_factor == 'SOFT TOKEN'){
1003
- $mo2f_second_factor = 'Soft Token';
1004
- }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1005
- $mo2f_second_factor = 'QR Code Authentication';
1006
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1007
- $mo2f_second_factor = 'Push Notification';
1008
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1009
- if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1010
- $mo2f_second_factor = 'Google Authenticator';
1011
- }else{
1012
- $mo2f_second_factor = 'Authy 2-Factor Authentication';
1013
- }
1014
- }else if($mo2f_second_factor == 'KBA'){
1015
- $mo2f_second_factor = 'Security Questions (KBA)';
1016
- }
1017
- $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1018
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1019
-
1020
- if(get_site_option( 'mo2f_disable_kba' )!=1){
1021
- if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1022
- ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1023
- <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1024
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1025
- <div id="otpMessage">
1026
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1027
- </div>
1028
- <?php } ?>
1029
- <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1030
- <form name="f" method="post" action="" >
1031
- <?php mo2f_configure_kba_questions(); ?>
1032
- <br>
1033
- <center>
1034
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1035
- </center>
1036
- <input type="hidden" name="mo2f_inline_kba_option" />
1037
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1038
- <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
1039
- </form>
1040
- </div>
1041
- <?php }
1042
- }else{
1043
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1044
- $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1045
- $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1046
- }
1047
- if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1048
- if(get_site_option('mo2f_remember_device')!=1)
1049
- {
1050
- $pass2fa= new Miniorange_Password_2Factor_Login();
1051
- $pass2fa->mo2fa_pass2login(site_url());
1052
- ?>
1053
- <center>
1054
- <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1055
- <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1056
- </p>
1057
- </center>
1058
- <br>
1059
- <center>
1060
- <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1061
- <br>
1062
- </center>
1063
- <?php
1064
- }else{
1065
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
1066
- $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1067
- mo2f_collect_device_attributes_handler($redirect_to);
1068
- }
1069
- }
1070
- mo2f_customize_logo() ?>
1071
- </div>
1072
- </div>
1073
- </div>
1074
- </div>
1075
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1076
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1077
- </form>
1078
-
1079
- <script>
1080
- function mologinback(){
1081
- jQuery('#mo2f_backto_mo_loginform').submit();
1082
- }
1083
- </script>
1084
- </body>
1085
- </html>
1086
- <?php
1087
- }
1088
-
1089
- function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod){
1090
- $current_user = get_userdata($current_user_id);
1091
- $opt=fetch_methods($current_user);
1092
- global $Mo2fdbQueries;
1093
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1094
- $current_user = get_userdata($current_user_id);
1095
- $email = $current_user->user_email;
1096
- ?>
1097
- <html>
1098
- <head> <meta charset="utf-8"/>
1099
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1100
- <meta name="viewport" content="width=device-width, initial-scale=1">
1101
- <?php
1102
- mo2f_inline_css_and_js();
1103
-
1104
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))) . '" ></script>';
1105
- echo '<script src="' . plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))). '" ></script>';
1106
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
1107
- ?>
1108
- </head>
1109
- <body>
1110
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1111
- <div class="mo2f-modal-backdrop"></div>
1112
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1113
- <div class="login mo_customer_validation-modal-content">
1114
- <div class="mo2f_modal-header">
1115
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1116
- <?php
1117
- if($current_selected_method == 'SMS AND EMAIL'){?>
1118
- <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1119
- <?php }
1120
- else if($current_selected_method == 'OTP OVER EMAIL'){
1121
- ?>
1122
- <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1123
- <?php }
1124
- else{
1125
- ?>
1126
- <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1127
- <?php } ?>
1128
- </div>
1129
- <div class="mo2f_modal-body">
1130
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1131
- <div id="otpMessage"
1132
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1133
- >
1134
- <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
1135
- </div>
1136
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
1137
- <?php } ?>
1138
- <div class="mo2f_row">
1139
- <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1140
- <p>
1141
- <?php
1142
- if($current_selected_method == 'SMS AND EMAIL'){?>
1143
- <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1144
- <?php
1145
- }else if($current_selected_method == 'OTP OVER EMAIL'){
1146
- //no message
1147
- }else{
1148
- ?>
1149
- <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1150
- <?php }
1151
- if(!($current_selected_method == 'OTP OVER EMAIL')){
1152
- ?>
1153
- <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1154
- value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1155
- <?php } ?>
1156
- <?php
1157
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1158
- if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1159
- <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1160
- value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1161
- <?php } ?>
1162
- <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1163
- <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1164
- <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1165
- </form>
1166
- </div>
1167
- <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1168
- <p>
1169
- <?php
1170
- if($current_selected_method == 'SMS AND EMAIL'){?>
1171
- <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1172
- <?php }
1173
- else{
1174
- ?>
1175
- <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1176
- <?php } ?>
1177
- <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1178
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1179
- <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1180
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1181
- <?php } else {?>
1182
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1183
- <?php } ?>
1184
- <br /><br />
1185
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1186
- <?php if (sizeof($opt) > 1) { ?>
1187
-
1188
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1189
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1190
- <?php } ?>
1191
- <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1192
- <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1193
- </form>
1194
- <?php mo2f_customize_logo() ?>
1195
- </div>
1196
- </div>
1197
- </div>
1198
- </div>
1199
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1200
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1201
- </form>
1202
- <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1203
- <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1204
- </form>
1205
- <?php if (sizeof($opt) > 1) { ?>
1206
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1207
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1208
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1209
- </form>
1210
- <?php } ?>
1211
- <script>
1212
- jQuery("#phone").intlTelInput();
1213
- function mologinback(){
1214
- jQuery('#mo2f_backto_mo_loginform').submit();
1215
- }
1216
- jQuery('#mo2f_inline_back_btn').click(function() {
1217
- jQuery('#mo2f_goto_two_factor_form').submit();
1218
- });
1219
- jQuery('a[href="#resendsmslink"]').click(function(e) {
1220
- jQuery('#mo2fa_inline_resend_otp_form').submit();
1221
- });
1222
- </script>
1223
- </body>
1224
-
1225
- </html>
1226
- <?php
1227
- }
1
+ <?php
2
+ function fetch_methods(){
3
+ $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL");
4
+ return $methods;
5
+ }
6
+
7
+ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
8
+
9
+ global $Mo2fdbQueries;
10
+ $current_user = get_userdata($current_user_id);
11
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
12
+
13
+ $redirect_to_save = get_user_meta($current_user_id,'redirect_to',true);
14
+ if(is_null($redirect_to_save) or $redirect_to_save=='')
15
+ update_user_meta($current_user_id,'redirect_to',$redirect_to);
16
+ else
17
+ {
18
+ $redirect_to = $redirect_to_save;
19
+ delete_user_meta($current_user_id,'redirect_to');
20
+ }
21
+ $session_id_save = get_user_meta($current_user_id,'session_id',true);
22
+ if(is_null($session_id_save) or $session_id_save=='')
23
+ update_user_meta($current_user_id,'session_id',$session_id);
24
+ else
25
+ {
26
+ $session_id = $session_id_save;
27
+ delete_user_meta($current_user_id,'session_id');
28
+ }
29
+ if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
30
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
31
+ prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$session_id,$qrCode,$current_selected_method);
32
+ else
33
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message);
34
+ }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
35
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
36
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method);
37
+ else
38
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message);
39
+ }else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
40
+ prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message);
41
+ }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
42
+ prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message);
43
+ }else if($current_selected_method == 'KBA' ){
44
+ prompt_user_for_kba_setup($current_user_id, $login_status, $login_message);
45
+ }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
46
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
47
+ if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
48
+ if(!MO2F_IS_ONPREM)
49
+ {
50
+ $current_user = get_userdata($current_user_id);
51
+ $email = $current_user->user_email;
52
+ $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
53
+ if(isset($tempEmail) and $tempEmail != '')
54
+ $email = $tempEmail;
55
+ create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
56
+ }
57
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
58
+ $pass2fa= new Miniorange_Password_2Factor_Login();
59
+ $pass2fa->mo2fa_pass2login(site_url());
60
+ }
61
+ prompt_user_for_setup_success($current_user_id, $login_status, $login_message);
62
+ }else{
63
+ $current_user = get_userdata($current_user_id);
64
+ if(isset($current_user->roles[0]))
65
+ $current_user_role=$current_user->roles[0];
66
+ $opt=fetch_methods($current_user);
67
+ ?>
68
+ <html>
69
+ <head>
70
+ <meta charset="utf-8"/>
71
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
72
+ <meta name="viewport" content="width=device-width, initial-scale=1">
73
+ <?php
74
+ mo2f_inline_css_and_js();
75
+ ?>
76
+ </head>
77
+ <body>
78
+ <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
79
+ <div class="mo2f-modal-backdrop"></div>
80
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
81
+ <div class="login mo_customer_validation-modal-content">
82
+ <div class="mo2f_modal-header">
83
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
84
+
85
+ <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
86
+ </div>
87
+ <div class="mo2f_modal-body">
88
+ <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
89
+ if(isset($login_message) && !empty($login_message)) {
90
+ echo '<br><br>';
91
+
92
+ ?>
93
+
94
+ <div id="otpMessage">
95
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
96
+ </div>
97
+ <?php }else
98
+ echo '<br>';
99
+ ?>
100
+
101
+ <br>
102
+ <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
103
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
104
+ <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
105
+ <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
106
+ (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
107
+ </label>
108
+ <br>
109
+ </span>
110
+ <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
111
+ <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
112
+ <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
113
+ <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
114
+ </label>
115
+ <br>
116
+ </span>
117
+ <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
118
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
119
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
120
+ <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
121
+ </label>
122
+ <br>
123
+ </span>
124
+ <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
125
+ <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
126
+ <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
127
+ <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
128
+ </label>
129
+ <br>
130
+ </span>
131
+ <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
132
+ <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
133
+ <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
134
+ <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
135
+ </label>
136
+ <br>
137
+ </span>
138
+ <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
139
+ <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
140
+ <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
141
+ <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
142
+ </label>
143
+ <br>
144
+ </span>
145
+ <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
146
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
147
+ <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
148
+ <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
149
+ </label>
150
+ <br>
151
+ </span>
152
+ <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
153
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
154
+ <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
155
+ <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
156
+ </label>
157
+ <br>
158
+ </span>
159
+ <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
160
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
161
+ <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
162
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
163
+ </label>
164
+ <br>
165
+ </span>
166
+ <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
167
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
168
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
169
+ <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
170
+ </label>
171
+ <br>
172
+ </span>
173
+ <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
174
+ <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
175
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
176
+ <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
177
+ </label>
178
+ </span>
179
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
180
+ <br />
181
+ <?php mo2f_customize_logo() ?>
182
+ </div>
183
+ </div>
184
+ </div>
185
+ </div>
186
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
187
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
188
+ </form>
189
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
190
+ <input type="hidden" name="mo2f_selected_2factor_method" />
191
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
192
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
193
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
194
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
195
+ </form>
196
+
197
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
198
+ <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
199
+ <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
200
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
201
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
202
+
203
+ </form>
204
+
205
+ <script>
206
+ function mologinback(){
207
+ jQuery('#mo2f_backto_mo_loginform').submit();
208
+ }
209
+ jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
210
+ var selectedMethod = jQuery(this).val();
211
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
212
+ jQuery('#mo2f_select_2fa_methods_form').submit();
213
+ });
214
+ jQuery('a[href="#skiptwofactor"]').click(function(e) {
215
+
216
+ jQuery('#mo2f_skip_loginform').submit();
217
+ });
218
+ </script>
219
+ </body>
220
+ </html>
221
+ <?php
222
+ }
223
+ }
224
+
225
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
226
+ {
227
+
228
+ global $Mo2fdbQueries;
229
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
230
+ if(isset($mo2f_user_email) and $mo2f_user_email != '')
231
+ $email = $mo2f_user_email;
232
+
233
+ $current_user = get_userdata($current_user_id);
234
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
235
+ $email = get_option('mo2f_email');
236
+
237
+ $enduser = new Two_Factor_Setup();
238
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
239
+
240
+ if(json_last_error() == JSON_ERROR_NONE){
241
+
242
+ if($check_user['status'] == 'ERROR'){
243
+ return Mo2fConstants:: langTranslate( $check_user['message']);
244
+
245
+ }
246
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
247
+
248
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
249
+ 'user_registration_with_miniorange' =>'SUCCESS',
250
+ 'mo2f_user_email' =>$email,
251
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
252
+ ) );
253
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
254
+
255
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
256
+ }
257
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
258
+
259
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
260
+ if(json_last_error() == JSON_ERROR_NONE) {
261
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
262
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
263
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
264
+ 'user_registration_with_miniorange' =>'SUCCESS',
265
+ 'mo2f_user_email' =>$email,
266
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
267
+ ) );
268
+
269
+ $mo2fa_login_message = '';
270
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
271
+ }
272
+ }
273
+
274
+
275
+ }
276
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
277
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
278
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
279
+ mo2f_inline_email_form($email,$current_user_id);
280
+ exit;
281
+ }
282
+
283
+ }
284
+
285
+ }
286
+
287
+ function mo2f_inline_email_form($email,$current_user_id)
288
+ {
289
+ ?>
290
+ <html>
291
+ <head>
292
+ <meta charset="utf-8"/>
293
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
294
+ <meta name="viewport" content="width=device-width, initial-scale=1">
295
+ <?php
296
+ mo2f_inline_css_and_js();
297
+ ?>
298
+ </head>
299
+ <body>
300
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
301
+ <div class="mo2f-modal-backdrop"></div>
302
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
303
+ <div class="login mo_customer_validation-modal-content">
304
+ <div class="mo2f_modal-header">
305
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
306
+ <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
307
+ </div>
308
+ <div class="mo2f_modal-body">
309
+ <form action="" method="post" name="f">
310
+ <p>The Email assoicated with your account is already registered in miniOrnage. Please use a different email address or contact miniOrange.
311
+ </p><br>
312
+ <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
313
+ <br>
314
+ <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
315
+ <br>
316
+ <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
317
+ <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
318
+ <button type="submit" class="mo_wpns_button mo_wpns_button1" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
319
+ </form>
320
+ <br>
321
+ <?php mo2f_customize_logo() ?>
322
+ </div>
323
+ </div>
324
+ </div>
325
+ </div>
326
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
327
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
328
+ </form>
329
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
330
+ <input type="hidden" name="mo2f_selected_2factor_method" />
331
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
332
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
333
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
334
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
335
+ </form>
336
+ <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
337
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
338
+ <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
339
+ </form>
340
+ <?php } ?>
341
+
342
+ <script type="text/javascript">
343
+ jQuery('#save_entered_email_inlinecloud1').click(function(){
344
+ var email = jQuery('#emailInlineCloud').val();
345
+ var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
346
+ var data = {
347
+ 'action' : 'mo_two_factor_ajax',
348
+ 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
349
+ 'email' : email,
350
+ 'nonce' : nonce
351
+
352
+ };
353
+
354
+ var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
355
+
356
+
357
+ jQuery.post(ajaxurl, data, function(response) {
358
+
359
+ if(response == 'alreadyExist')
360
+ {
361
+ jQuery('#emailalredyused').show();
362
+ }
363
+ else if(response =='USERCANBECREATED')
364
+ {
365
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
366
+ jQuery('#mo2f_select_2fa_methods_form').submit();
367
+ }
368
+ });
369
+
370
+ });
371
+
372
+
373
+ </script>
374
+ </body>
375
+
376
+ <?php
377
+ }
378
+ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$session_id,$qrCode,$currentMethod){
379
+
380
+ global $Mo2fdbQueries;
381
+ if(isset($qrCode)){
382
+ $qrCodedata = $qrCode['mo2f-login-qrCode'];
383
+ $showqrCode = $qrCode['mo2f_show_qr_code'];
384
+ }
385
+ $current_user = get_userdata($current_user_id);
386
+ $email = $current_user->user_email;
387
+
388
+ $opt=fetch_methods($current_user);
389
+
390
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
391
+ ?>
392
+ <html>
393
+ <head> <meta charset="utf-8"/>
394
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
395
+ <meta name="viewport" content="width=device-width, initial-scale=1">
396
+ <?php
397
+ mo2f_inline_css_and_js();
398
+ ?>
399
+ </head>
400
+ <body>
401
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
402
+ <div class="mo2f-modal-backdrop"></div>
403
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
404
+ <div class="login mo_customer_validation-modal-content">
405
+ <div class="mo2f_modal-header">
406
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
407
+ <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
408
+ </div>
409
+ <div class="mo2f_modal-body">
410
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
411
+
412
+ <div id="otpMessage">
413
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
414
+ </div>
415
+ <?php } ?>
416
+ <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
417
+ <div class="mo_margin_left">
418
+ <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
419
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
420
+ <center>
421
+ <?php if (sizeof($opt) > 1) { ?>
422
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
423
+ <?php } ?>
424
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
425
+ </center>
426
+ </div>
427
+ <?php
428
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
429
+ initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
430
+ <?php } ?>
431
+
432
+ <?php mo2f_customize_logo() ?>
433
+ </div>
434
+ <br>
435
+ <br>
436
+ </div>
437
+ </div>
438
+ </div>
439
+ </div>
440
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
441
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
442
+ </form>
443
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
444
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
445
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
446
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
447
+ </form>
448
+ <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
449
+ <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
450
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
451
+ <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
452
+ </form>
453
+ <?php if (sizeof($opt) > 1) { ?>
454
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
455
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
456
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
457
+ </form>
458
+ <?php } ?>
459
+ <script>
460
+ function mologinback(){
461
+ jQuery('#mo2f_backto_mo_loginform').submit();
462
+ }
463
+ function moconfigureapp(){
464
+ jQuery('#mo2f_inline_configureapp_form').submit();
465
+ }
466
+ jQuery('#mo2f_inline_back_btn').click(function() {
467
+ jQuery('#mo2f_goto_two_factor_form').submit();
468
+ });
469
+ <?php
470
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
471
+ ?>
472
+ <?php } ?>
473
+ </script>
474
+ </body>
475
+ </html>
476
+ <?php
477
+ }
478
+
479
+ function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message){
480
+ $mo2f_google_auth=json_decode(get_user_meta($current_user_id,'mo2f_google_auth', true),true);
481
+
482
+ $data = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_qrCode'] : null;
483
+ $ga_secret = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_secret'] : null;
484
+
485
+ ?>
486
+ <html>
487
+ <head> <meta charset="utf-8"/>
488
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
489
+ <meta name="viewport" content="width=device-width, initial-scale=1">
490
+ <?php
491
+ mo2f_inline_css_and_js();
492
+ ?>
493
+ </head>
494
+ <style>
495
+ * {
496
+ box-sizing: border-box;
497
+ }
498
+ [class*="mcol-"] {
499
+ float: left;
500
+ padding: 15px;
501
+ }
502
+ /* For desktop: */
503
+ .mcol-1 {width: 50%;}
504
+ .mcol-2 {width: 50%;}
505
+ @media only screen and (max-width: 768px) {
506
+ /* For mobile phones: */
507
+ [class*="mcol-"] {
508
+ width: 100%;
509
+ }
510
+ }
511
+ </style>
512
+ <body>
513
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
514
+ <div class="mo2f-modal-backdrop"></div>
515
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
516
+ <div class="login mo_customer_validation-modal-content">
517
+ <div class="mo2f_modal-header">
518
+ <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
519
+ <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
520
+ </div>
521
+ <div class="mo2f_modal-body">
522
+ <?php
523
+
524
+ $current_user = get_userdata($current_user_id);
525
+ $opt=fetch_methods($current_user);
526
+ ?>
527
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
528
+ <div id="otpMessage"
529
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
530
+ >
531
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
532
+ </div>
533
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
534
+ <?php } ?>
535
+ <div class="mcol-1">
536
+ <div id="mo2f_choose_app_tour">
537
+ <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
538
+
539
+ <select id="authenticator_type">
540
+ <option value="google_authenticator">Google Authenticator</option>
541
+ <option value="msft_authenticator">Microsoft Authenticator</option>
542
+ <option value="authy_authenticator">Authy Authenticator</option>
543
+ <option value="last_pass_auth">LastPass Authenticator</option>
544
+ <option value="free_otp_auth">FreeOTP Authenticator</option>
545
+ <option value="duo_auth">Duo Mobile Authenticator</option>
546
+ </select>
547
+ <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
548
+ <span id="links_to_apps">
549
+ <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
550
+ <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
551
+
552
+ </span>
553
+ </div>
554
+ </div>
555
+ <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
556
+ <ol>
557
+ <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
558
+ <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
559
+ <br>
560
+ <?php if(MO2F_IS_ONPREM){ ?>
561
+ <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
562
+ <?php
563
+
564
+ } else{ ?>
565
+ <div style="margin-left: 14%;">
566
+ <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
567
+ <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
568
+ </div>
569
+ </div>
570
+ <?php }
571
+ ?>
572
+ <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
573
+
574
+ </ol>
575
+ <div id="mo2f_scanbarcode_a" hidden>
576
+ <ol >
577
+ <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
578
+ <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
579
+ <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
580
+ <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
581
+ <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
582
+ <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
583
+ <?php echo $ga_secret; ?>
584
+ </div>
585
+ <div style="font-size: 80%;color: #666666;">
586
+ <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
587
+ </div>
588
+ </div>
589
+ <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
590
+ <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
591
+ </ol>
592
+ </div>
593
+ </div>
594
+ <div class="mcol-2">
595
+ <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
596
+ <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
597
+ <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
598
+ <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
599
+ <br />
600
+ <input type="hidden" name="option" value="miniorange_inline_ga_validate">
601
+ <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
602
+ <div class="center">
603
+ <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
604
+ </div>
605
+ <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
606
+ </form>
607
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
608
+ <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
609
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
610
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
611
+ </form>
612
+ </div>
613
+ <br>
614
+ <br>
615
+ <?php mo2f_customize_logo() ?>
616
+ </div>
617
+ </div>
618
+ </div>
619
+ </div>
620
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
621
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
622
+ </form>
623
+ <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
624
+ <input type="hidden" name="google_phone_type" />
625
+ <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
626
+ </form>
627
+
628
+ <script>
629
+ jQuery('#authenticator_type').change(function(){
630
+ var auth_type = jQuery(this).val();
631
+ if(auth_type == 'google_authenticator'){
632
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
633
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
634
+ '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
635
+ jQuery('#mo2f_change_app_name').show();
636
+ jQuery('#links_to_apps').show();
637
+ }else if(auth_type == 'msft_authenticator'){
638
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
639
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
640
+ '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
641
+ jQuery('#links_to_apps').show();
642
+ }else if(auth_type == 'free_otp_auth'){
643
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
644
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
645
+ '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
646
+ jQuery('#links_to_apps').show();
647
+ }else if(auth_type == 'duo_auth'){
648
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
649
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
650
+ '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
651
+ jQuery('#links_to_apps').show();
652
+ }else if(auth_type == 'authy_authenticator'){
653
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
654
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
655
+ '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
656
+ jQuery('#links_to_apps').show();
657
+ }else{
658
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
659
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
660
+ '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
661
+ jQuery('#mo2f_change_app_name').show();
662
+ jQuery('#links_to_apps').show();
663
+ }
664
+ });
665
+ function mologinback(){
666
+ jQuery('#mo2f_backto_mo_loginform').submit();
667
+ }
668
+ jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
669
+ var selectedPhone = jQuery(this).val();
670
+ document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
671
+ jQuery('#mo2f_inline_app_type_ga_form').submit();
672
+ });
673
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
674
+ jQuery("#mo2f_scanbarcode_a").toggle();
675
+ });
676
+ </script>
677
+ </body>
678
+ <?php
679
+ echo '<head>';
680
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
681
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
682
+ echo '</head>';
683
+ }
684
+
685
+ function mo2f_inline_css_and_js(){
686
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
687
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))). '" ></script>';
688
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
689
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))). '" />';
690
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
691
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))) . '" />';
692
+ }
693
+
694
+
695
+ function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
696
+ $data = $qrCode;
697
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id );
698
+ $url = MO_HOST_NAME;
699
+ $opt=fetch_methods($current_user);
700
+ ?>
701
+ <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
702
+ <div class="red" style="color:#E74C3C;">
703
+ <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
704
+ <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
705
+ <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
706
+ <ol>
707
+ <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
708
+ <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
709
+ <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
710
+ </ol>
711
+ </div>
712
+ <table class="mo2f_settings_table">
713
+ <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
714
+ <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
715
+ </div>
716
+ </table>
717
+ <center>
718
+ <?php
719
+ if (sizeof($opt) > 1) { ?>
720
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
721
+ <?php }
722
+ ?>
723
+ </center>
724
+ <script>
725
+ jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
726
+ jQuery('#mo2f_inline_configureapp_form').submit();
727
+ });
728
+ jQuery("#mo2f_configurePhone").empty();
729
+ jQuery("#mo2f_app_div").hide();
730
+ var timeout;
731
+ pollInlineMobileRegistration();
732
+ function pollInlineMobileRegistration()
733
+ {
734
+ var transId = "<?php echo $mo2f_login_transaction_id; ?>";
735
+ var jsonString = "{\"txId\":\""+ transId + "\"}";
736
+ var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
737
+ jQuery.ajax({
738
+ url: postUrl,
739
+ type : "POST",
740
+ dataType : "json",
741
+ data : jsonString,
742
+ contentType : "application/json; charset=utf-8",
743
+ success : function(result) {
744
+ var status = JSON.parse(JSON.stringify(result)).status;
745
+ if (status == 'SUCCESS') {
746
+ var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
747
+ jQuery("#displayInlineQrCode").empty();
748
+ jQuery("#displayInlineQrCode").append(content);
749
+ setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
750
+ } else if (status == 'ERROR' || status == 'FAILED') {
751
+ var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
752
+ jQuery("#displayInlineQrCode").empty();
753
+ jQuery("#displayInlineQrCode").append(content);
754
+ jQuery("#messages").empty();
755
+ jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
756
+ } else {
757
+ timeout = setTimeout(pollInlineMobileRegistration, 3000);
758
+ }
759
+ }
760
+ });
761
+ }
762
+ </script>
763
+ <?php
764
+ }
765
+ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message){
766
+ $current_user = get_userdata($current_user_id);
767
+ $opt=fetch_methods($current_user);
768
+
769
+ ?>
770
+ <html>
771
+ <head> <meta charset="utf-8"/>
772
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
773
+ <meta name="viewport" content="width=device-width, initial-scale=1">
774
+ <?php
775
+ mo2f_inline_css_and_js();
776
+ ?>
777
+ <style>
778
+ .mo2f_kba_ques, .mo2f_table_textbox{
779
+ background: whitesmoke none repeat scroll 0% 0%;
780
+ }
781
+ </style>
782
+ </head>
783
+ <body>
784
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
785
+ <div class="mo2f-modal-backdrop"></div>
786
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
787
+ <div class="login mo_customer_validation-modal-content">
788
+ <div class="mo2f_modal-header">
789
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
790
+ <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
791
+ </div>
792
+ <div class="mo2f_modal-body">
793
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
794
+ <div id="otpMessage">
795
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
796
+ </div>
797
+ <?php } ?>
798
+ <form name="f" method="post" action="" >
799
+ <?php mo2f_configure_kba_questions(); ?>
800
+ <br />
801
+ <div class ="row">
802
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
803
+ <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
804
+ <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
805
+
806
+ </div>
807
+ </div>
808
+ <input type="hidden" name="option" value="mo2f_inline_kba_option" />
809
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
810
+ </form>
811
+ <?php if (sizeof($opt) > 1) { ?>
812
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
813
+ <div class ="row">
814
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
815
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
816
+ </div>
817
+ </div>
818
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
819
+ </form>
820
+ <?php } ?>
821
+
822
+ <?php mo2f_customize_logo() ?>
823
+ </div>
824
+ </div>
825
+ </div>
826
+ </div>
827
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
828
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
829
+ </form>
830
+
831
+ <script>
832
+
833
+
834
+
835
+
836
+
837
+
838
+ function mologinback(){
839
+ jQuery('#mo2f_backto_mo_loginform').submit();
840
+ }
841
+
842
+ function mobackinline(){
843
+ jQuery('#mo2f_goto_two_factor_form').submit();
844
+ }
845
+ </script>
846
+ </body>
847
+ </html>
848
+ <?php
849
+ }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message){
850
+ $current_user = get_userdata($current_user_id);
851
+ $opt=fetch_methods($current_user);
852
+ ?>
853
+ <html>
854
+ <head> <meta charset="utf-8"/>
855
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
856
+ <meta name="viewport" content="width=device-width, initial-scale=1">
857
+ <?php
858
+ mo2f_inline_css_and_js();
859
+ ?>
860
+ <style>
861
+ .mo2f_kba_ques, .mo2f_table_textbox{
862
+ background: whitesmoke none repeat scroll 0% 0%;
863
+ }
864
+ </style>
865
+ </head>
866
+ <body>
867
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
868
+ <div class="mo2f-modal-backdrop"></div>
869
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
870
+ <div class="login mo_customer_validation-modal-content">
871
+ <div class="mo2f_modal-header">
872
+ <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
873
+ <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
874
+ </div>
875
+ <div class="mo2f_modal-body">
876
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
877
+ <div id="otpMessage">
878
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
879
+ </div>
880
+ <?php } ?>
881
+ <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
882
+ <input type="hidden" name="option" value="miniorange_inline_register" />
883
+ <p>This method requires you to have an account with miniOrange.</p>
884
+ <table class="mo_wpns_settings_table">
885
+ <tr>
886
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
887
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
888
+ required placeholder="person@example.com"/></td>
889
+ </tr>
890
+ <tr>
891
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
892
+ <td><input class="mo_wpns_table_textbox" required type="password"
893
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
894
+ </tr>
895
+ <tr>
896
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
897
+ <td><input class="mo_wpns_table_textbox" required type="password"
898
+ name="confirmPassword" placeholder="Confirm your password" /></td>
899
+ </tr>
900
+ <tr>
901
+ <td>&nbsp;</td>
902
+ <td><br><input type="submit" name="submit" value="Create Account"
903
+ class="miniorange_button" />
904
+ <a href="#mo2f_account_exist">Already have an account?</a>
905
+ </tr>
906
+ </table>
907
+ </form>
908
+ <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
909
+ <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
910
+ <input type="hidden" name="option" value="miniorange_inline_login"/>
911
+ <table class="mo_wpns_settings_table">
912
+ <tr>
913
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
914
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
915
+ required placeholder="person@example.com"
916
+ /></td>
917
+ </tr>
918
+ <tr>
919
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
920
+ <td><input class="mo_wpns_table_textbox" required type="password"
921
+ name="password" placeholder="Enter your miniOrange password" /></td>
922
+ </tr>
923
+ <tr>
924
+ <td>&nbsp;</td>
925
+ <td><input type="submit" class="miniorange_button" />
926
+ <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
927
+ </tr>
928
+ </table>
929
+ </form>
930
+ <br>
931
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
932
+ <?php mo2f_customize_logo() ?>
933
+ </div>
934
+ </div>
935
+ </div>
936
+ </div>
937
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
938
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
939
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
940
+ </form>
941
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
942
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
943
+ </form>
944
+
945
+ <script>
946
+ jQuery('#mo2f_inline_back_btn').click(function() {
947
+ jQuery('#mo2f_goto_two_factor_form').submit();
948
+ });
949
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
950
+ jQuery('#mo2f_inline_login_form').show();
951
+ jQuery('#mo2f_inline_register_form').hide();
952
+ });
953
+ jQuery('#cancel_link').click(function(){
954
+ jQuery('#mo2f_inline_register_form').show();
955
+ jQuery('#mo2f_inline_login_form').hide();
956
+ });
957
+ function mologinback(){
958
+ jQuery('#mo2f_backto_mo_loginform').submit();
959
+ }
960
+ </script>
961
+ </body>
962
+ </html>
963
+ <?php
964
+ }
965
+ function prompt_user_for_setup_success($id, $login_status, $login_message){
966
+ global $Mo2fdbQueries;
967
+ ?>
968
+ <html>
969
+ <head> <meta charset="utf-8"/>
970
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
971
+ <meta name="viewport" content="width=device-width, initial-scale=1">
972
+ <?php
973
+ mo2f_inline_css_and_js();
974
+ ?>
975
+ <style>
976
+ .mo2f_kba_ques, .mo2f_table_textbox{
977
+ background: whitesmoke none repeat scroll 0% 0%;
978
+ }
979
+ </style>
980
+ </head>
981
+ <body>
982
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
983
+ <div class="mo2f-modal-backdrop"></div>
984
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
985
+ <div class="login mo_customer_validation-modal-content">
986
+ <div class="mo2f_modal-header">
987
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
988
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
989
+ </div>
990
+ <div class="mo2f_modal-body center">
991
+ <?php
992
+ global $Mo2fdbQueries;
993
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
994
+ if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
995
+ $mo2f_second_factor = 'Email Verification';
996
+ }else if($mo2f_second_factor == 'SMS'){
997
+ $mo2f_second_factor = 'OTP over SMS';
998
+ }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
999
+ $mo2f_second_factor = 'OTP_OVER_EMAIL';
1000
+ }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1001
+ $mo2f_second_factor = 'Phone Call Verification';
1002
+ }else if($mo2f_second_factor == 'SOFT TOKEN'){
1003
+ $mo2f_second_factor = 'Soft Token';
1004
+ }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1005
+ $mo2f_second_factor = 'QR Code Authentication';
1006
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1007
+ $mo2f_second_factor = 'Push Notification';
1008
+ }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1009
+ if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1010
+ $mo2f_second_factor = 'Google Authenticator';
1011
+ }else{
1012
+ $mo2f_second_factor = 'Authy 2-Factor Authentication';
1013
+ }
1014
+ }else if($mo2f_second_factor == 'KBA'){
1015
+ $mo2f_second_factor = 'Security Questions (KBA)';
1016
+ }
1017
+ $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1018
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1019
+
1020
+ if(get_site_option( 'mo2f_disable_kba' )!=1){
1021
+ if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1022
+ ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1023
+ <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1024
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1025
+ <div id="otpMessage">
1026
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1027
+ </div>
1028
+ <?php } ?>
1029
+ <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1030
+ <form name="f" method="post" action="" >
1031
+ <?php mo2f_configure_kba_questions(); ?>
1032
+ <br>
1033
+ <center>
1034
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1035
+ </center>
1036
+ <input type="hidden" name="mo2f_inline_kba_option" />
1037
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1038
+ <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
1039
+ </form>
1040
+ </div>
1041
+ <?php }
1042
+ }else{
1043
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1044
+ $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1045
+ $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1046
+ }
1047
+ if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1048
+ if(get_site_option('mo2f_remember_device')!=1)
1049
+ {
1050
+ $pass2fa= new Miniorange_Password_2Factor_Login();
1051
+ $pass2fa->mo2fa_pass2login(site_url());
1052
+ ?>
1053
+ <center>
1054
+ <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1055
+ <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1056
+ </p>
1057
+ </center>
1058
+ <br>
1059
+ <center>
1060
+ <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1061
+ <br>
1062
+ </center>
1063
+ <?php
1064
+ }else{
1065
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
1066
+ $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1067
+ mo2f_collect_device_attributes_handler($redirect_to);
1068
+ }
1069
+ }
1070
+ mo2f_customize_logo() ?>
1071
+ </div>
1072
+ </div>
1073
+ </div>
1074
+ </div>
1075
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1076
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1077
+ </form>
1078
+
1079
+ <script>
1080
+ function mologinback(){
1081
+ jQuery('#mo2f_backto_mo_loginform').submit();
1082
+ }
1083
+ </script>
1084
+ </body>
1085
+ </html>
1086
+ <?php
1087
+ }
1088
+
1089
+ function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod){
1090
+ $current_user = get_userdata($current_user_id);
1091
+ $opt=fetch_methods($current_user);
1092
+ global $Mo2fdbQueries;
1093
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1094
+ $current_user = get_userdata($current_user_id);
1095
+ $email = $current_user->user_email;
1096
+ ?>
1097
+ <html>
1098
+ <head> <meta charset="utf-8"/>
1099
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1100
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1101
+ <?php
1102
+ mo2f_inline_css_and_js();
1103
+
1104
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))) . '" ></script>';
1105
+ echo '<script src="' . plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))). '" ></script>';
1106
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
1107
+ ?>
1108
+ </head>
1109
+ <body>
1110
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1111
+ <div class="mo2f-modal-backdrop"></div>
1112
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1113
+ <div class="login mo_customer_validation-modal-content">
1114
+ <div class="mo2f_modal-header">
1115
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1116
+ <?php
1117
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1118
+ <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1119
+ <?php }
1120
+ else if($current_selected_method == 'OTP OVER EMAIL'){
1121
+ ?>
1122
+ <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1123
+ <?php }
1124
+ else{
1125
+ ?>
1126
+ <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1127
+ <?php } ?>
1128
+ </div>
1129
+ <div class="mo2f_modal-body">
1130
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1131
+ <div id="otpMessage"
1132
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1133
+ >
1134
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
1135
+ </div>
1136
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
1137
+ <?php } ?>
1138
+ <div class="mo2f_row">
1139
+ <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1140
+ <p>
1141
+ <?php
1142
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1143
+ <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1144
+ <?php
1145
+ }else if($current_selected_method == 'OTP OVER EMAIL'){
1146
+ //no message
1147
+ }else{
1148
+ ?>
1149
+ <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1150
+ <?php }
1151
+ if(!($current_selected_method == 'OTP OVER EMAIL')){
1152
+ ?>
1153
+ <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1154
+ value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1155
+ <?php } ?>
1156
+ <?php
1157
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1158
+ if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1159
+ <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1160
+ value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1161
+ <?php } ?>
1162
+ <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1163
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1164
+ <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1165
+ </form>
1166
+ </div>
1167
+ <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1168
+ <p>
1169
+ <?php
1170
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1171
+ <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1172
+ <?php }
1173
+ else{
1174
+ ?>
1175
+ <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1176
+ <?php } ?>
1177
+ <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1178
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1179
+ <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1180
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1181
+ <?php } else {?>
1182
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1183
+ <?php } ?>
1184
+ <br /><br />
1185
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1186
+ <?php if (sizeof($opt) > 1) { ?>
1187
+
1188
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1189
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1190
+ <?php } ?>
1191
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1192
+ <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1193
+ </form>
1194
+ <?php mo2f_customize_logo() ?>
1195
+ </div>
1196
+ </div>
1197
+ </div>
1198
+ </div>
1199
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1200
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1201
+ </form>
1202
+ <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1203
+ <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1204
+ </form>
1205
+ <?php if (sizeof($opt) > 1) { ?>
1206
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1207
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1208
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1209
+ </form>
1210
+ <?php } ?>
1211
+ <script>
1212
+ jQuery("#phone").intlTelInput();
1213
+ function mologinback(){
1214
+ jQuery('#mo2f_backto_mo_loginform').submit();
1215
+ }
1216
+ jQuery('#mo2f_inline_back_btn').click(function() {
1217
+ jQuery('#mo2f_goto_two_factor_form').submit();
1218
+ });
1219
+ jQuery('a[href="#resendsmslink"]').click(function(e) {
1220
+ jQuery('#mo2fa_inline_resend_otp_form').submit();
1221
+ });
1222
+ </script>
1223
+ </body>
1224
+
1225
+ </html>
1226
+ <?php
1227
+ }
controllers/twofa/two_fa_custom_form.php CHANGED
@@ -1,2 +1,9 @@
1
  <?php
2
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
 
 
 
 
 
 
 
1
  <?php
2
+
3
+ $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
+ $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
+ $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
+ $is_custom = get_site_option('mo2f_custom_reg_custom');
7
+ $is_registered = get_site_option('mo2f_customerkey');
8
+
9
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
controllers/twofa/two_fa_rba.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_rba.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_rba.php';
controllers/twofa/two_fa_unlimittedUser.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
- global $moWpnsUtility, $mo2f_dirName;
3
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
1
+ <?php
2
+ global $moWpnsUtility, $mo2f_dirName;
3
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
controllers/twofa/two_fa_unlimittedUser_ajax.php CHANGED
@@ -1,47 +1,47 @@
1
- <?php
2
-
3
- class WPNS_unlimittedUser
4
- {
5
- function __construct(){
6
-
7
- add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
- }
9
-
10
- function mo_two_fa_unlimittedUser_ajax(){
11
- add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
- }
13
-
14
- function wpns_two_fa_unlimittedUser(){
15
- switch($_POST['wpns_unlimittedUser_ajax'])
16
- {
17
- case 'save':
18
- $this->wpns_handle_save(); break;
19
- }
20
- }
21
- function wpns_handle_save()
22
- {
23
-
24
- if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
- wp_send_json('ERROR');
26
- return;
27
- }
28
- global $wp_roles;
29
- if (!isset($wp_roles))
30
- $wp_roles = new WP_Roles();
31
- foreach($wp_roles->role_names as $id => $name) {
32
- update_option('mo2fa_'.$id, 0);
33
- }
34
- $enabledrole = $_POST['enabledrole'];
35
- foreach($enabledrole as $role){
36
- update_option($role, 1);
37
- }
38
- update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
39
- update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
40
- update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
41
- update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
42
- update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
43
- wp_send_json('true');
44
- return;
45
- }
46
- }new WPNS_unlimittedUser();
47
  ?>
1
+ <?php
2
+
3
+ class WPNS_unlimittedUser
4
+ {
5
+ function __construct(){
6
+
7
+ add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
+ }
9
+
10
+ function mo_two_fa_unlimittedUser_ajax(){
11
+ add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
+ }
13
+
14
+ function wpns_two_fa_unlimittedUser(){
15
+ switch($_POST['wpns_unlimittedUser_ajax'])
16
+ {
17
+ case 'save':
18
+ $this->wpns_handle_save(); break;
19
+ }
20
+ }
21
+ function wpns_handle_save()
22
+ {
23
+
24
+ if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
+ wp_send_json('ERROR');
26
+ return;
27
+ }
28
+ global $wp_roles;
29
+ if (!isset($wp_roles))
30
+ $wp_roles = new WP_Roles();
31
+ foreach($wp_roles->role_names as $id => $name) {
32
+ update_option('mo2fa_'.$id, 0);
33
+ }
34
+ $enabledrole = $_POST['enabledrole'];
35
+ foreach($enabledrole as $role){
36
+ update_option($role, 1);
37
+ }
38
+ update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
39
+ update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
40
+ update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
41
+ update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
42
+ update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
43
+ wp_send_json('true');
44
+ return;
45
+ }
46
+ }new WPNS_unlimittedUser();
47
  ?>
controllers/twofa/two_fa_video_guide.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
-
4
 
1
+ <?php
2
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
+
4
 
controllers/twofa/two_factor_ajax.php CHANGED
@@ -6,7 +6,7 @@ class mo_2f_ajax
6
  add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
  }
8
 
9
- function mo_2f_two_factor(){
10
  add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
  }
12
 
@@ -25,13 +25,95 @@ class mo_2f_ajax
25
  case 'mo2f_role_based_2_factor':
26
  $this->mo2f_role_based_2_factor();break;
27
  case 'mo2f_enable_disable_twofactor':
28
- $this->mo2f_enable_disable_twofactor(); break;
29
  case 'mo2f_enable_disable_inline':
30
  $this->mo2f_enable_disable_inline(); break;
31
  case 'mo2f_shift_to_onprem':
32
  $this->mo2f_shift_to_onprem();break;
 
 
 
33
  }
34
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
35
  function mo2f_check_user_exist_miniOrange()
36
  {
37
  $nonce = sanitize_text_field($_POST['nonce']);
@@ -54,16 +136,16 @@ class mo_2f_ajax
54
  $email = $user->user_email;
55
 
56
 
57
-
58
  if(isset($_POST['email']))
59
  {
60
  $email = sanitize_text_field($_POST['email']);
61
  }
62
-
63
  $enduser = new Two_Factor_Setup();
64
  $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
65
-
66
-
67
  if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
68
  echo "alreadyExist";
69
  exit;
@@ -83,7 +165,7 @@ function mo2f_shift_to_onprem(){
83
  $current_userID = $current_user->ID;
84
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
85
  if(is_null($miniorangeID) or $miniorangeID =='')
86
- $is_customer_admin = true;
87
  else
88
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
89
  if($is_customer_admin)
@@ -96,9 +178,9 @@ function mo2f_shift_to_onprem(){
96
  {
97
  $adminUser = get_user_by('id',$miniorangeID);
98
  $email = $adminUser->user_email;
99
- wp_send_json($email);
100
  }
101
-
102
  }
103
 
104
 
@@ -118,7 +200,7 @@ function mo2f_shift_to_onprem(){
118
  }
119
  else{
120
  update_site_option('mo2f_activate_plugin' , false);
121
- wp_send_json('false');
122
  }
123
  }
124
 
@@ -135,7 +217,7 @@ function mo2f_shift_to_onprem(){
135
  }
136
  else{
137
  update_site_option('mo2f_inline_registration' , 0);
138
- wp_send_json('false');
139
  }
140
  }
141
 
@@ -158,7 +240,7 @@ function mo2f_shift_to_onprem(){
158
  $enabledrole = array();
159
  }
160
  foreach($enabledrole as $role){
161
- update_option($role, 1);
162
  }
163
  wp_send_json('true');
164
  return;
@@ -176,10 +258,10 @@ function mo2f_shift_to_onprem(){
176
  $current_userID = $current_user->ID;
177
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
178
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
179
-
180
  if(is_null($miniorangeID) or $miniorangeID =='')
181
  $is_customer_admin = true;
182
-
183
  if($is_customer_admin)
184
  {
185
  update_option('is_onprem', 0);
@@ -189,14 +271,14 @@ function mo2f_shift_to_onprem(){
189
  {
190
  $adminUser = get_user_by('id',$miniorangeID);
191
  $email = $adminUser->user_email;
192
- wp_send_json($email);
193
  }
194
-
195
  }
196
  }
197
 
198
  function mo2f_unlimitted_user()
199
- {
200
  if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
201
  {
202
  echo "NonceDidNotMatch";
@@ -223,13 +305,13 @@ function mo2f_shift_to_onprem(){
223
  else
224
  {
225
  echo "OnPremiseDeactive";
226
- exit;
227
  }
228
  }
229
  }
230
  function mo2f_save_email_verification()
231
- {
232
-
233
  if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
234
  {
235
  echo "NonceDidNotMatch";
@@ -246,13 +328,13 @@ function mo2f_shift_to_onprem(){
246
  {
247
  $twofactor_transactions = new Mo2fDB;
248
  $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
249
-
250
  if($exceeded){
251
  echo "USER_LIMIT_EXCEEDED";
252
  exit;
253
  }
254
  }
255
- if (!filter_var($email, FILTER_VALIDATE_EMAIL))
256
  {
257
  $error = true;
258
  }
@@ -274,7 +356,7 @@ function mo2f_shift_to_onprem(){
274
  'mo2f_EmailVerification_config_status'=>true,
275
  'mo2f_user_email' => $email
276
  ));
277
-
278
  }
279
  update_user_meta($user_id,'tempEmail',$email);
280
  echo "settingsSaved";
@@ -287,14 +369,14 @@ function mo2f_shift_to_onprem(){
287
  }
288
 
289
  }
290
-
291
  }
292
  function CheckEVStatus()
293
  {
294
  if(isset($_POST['txid']))
295
  {
296
  $txid = sanitize_text_field($_POST['txid']);
297
- $status = get_site_option($_POST['txid']);
298
  if($status ==1 || $status ==0)
299
  delete_site_option($_POST['txid']);
300
  echo $status;
@@ -306,6 +388,6 @@ function mo2f_shift_to_onprem(){
306
 
307
 
308
  }
309
-
310
  new mo_2f_ajax;
311
  ?>
6
  add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
  }
8
 
9
+ function mo_2f_two_factor(){
10
  add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
  }
12
 
25
  case 'mo2f_role_based_2_factor':
26
  $this->mo2f_role_based_2_factor();break;
27
  case 'mo2f_enable_disable_twofactor':
28
+ $this->mo2f_enable_disable_twofactor(); break;
29
  case 'mo2f_enable_disable_inline':
30
  $this->mo2f_enable_disable_inline(); break;
31
  case 'mo2f_shift_to_onprem':
32
  $this->mo2f_shift_to_onprem();break;
33
+ case 'mo2f_save_custom_form_settings':
34
+ $this ->mo2f_save_custom_form_settings();
35
+ break;
36
  }
37
  }
38
+ function mo2f_save_custom_form_settings()
39
+ {
40
+
41
+ $customForm = false;
42
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_save_form_settings']);
43
+
44
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-save-form-settings' ) ) {
45
+ $error = new WP_Error();
46
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
47
+ //return $error;
48
+ }
49
+ if(isset($_POST['submit_selector']) and
50
+ isset($_POST['email_selector']) and
51
+ isset($_POST['authType']) and
52
+ isset($_POST['customForm']) and
53
+ isset($_POST['form_selector']) and
54
+
55
+ $_POST['submit_selector']!="" and
56
+ $_POST['email_selector']!="" and
57
+ $_POST['customForm']!="" and
58
+ $_POST['form_selector']!="")
59
+ {
60
+ $submit_selector = sanitize_text_field($_POST['submit_selector']);
61
+ $form_selector = sanitize_text_field($_POST['form_selector']);
62
+ $email_selector = sanitize_text_field($_POST['email_selector']);
63
+ $phone_selector = sanitize_text_field($_POST['phone_selector']);
64
+ $authType = sanitize_text_field($_POST['authType']);
65
+ $customForm = sanitize_text_field( $_POST['customForm']);
66
+ $enableShortcode = sanitize_text_field($_POST['enableShortcode']);
67
+
68
+ switch ($form_selector)
69
+ {
70
+ case '.bbp-login-form':
71
+ update_site_option('mo2f_custom_reg_bbpress',true);
72
+ update_site_option('mo2f_custom_reg_wocommerce',false);
73
+ update_site_option('mo2f_custom_reg_custom',false);
74
+ break;
75
+ case '.woocommerce-form woocommerce-form-register':
76
+ update_site_option('mo2f_custom_reg_bbpress',false);
77
+ update_site_option('mo2f_custom_reg_wocommerce',true);
78
+ update_site_option('mo2f_custom_reg_custom',false);
79
+ break;
80
+ default:
81
+ update_site_option('mo2f_custom_reg_bbpress',false);
82
+ update_site_option('mo2f_custom_reg_wocommerce',false);
83
+ update_site_option('mo2f_custom_reg_custom',true);
84
+ }
85
+
86
+ update_site_option('mo2f_custom_form_name', $form_selector);
87
+ update_site_option('mo2f_custom_email_selector', $email_selector);
88
+ update_site_option('mo2f_custom_phone_selector', $phone_selector);
89
+ update_site_option('mo2f_custom_submit_selector', $submit_selector);
90
+ update_site_option('mo2f_custom_auth_type', $authType);
91
+
92
+ update_site_option('enable_form_shortcode',$enableShortcode);
93
+ $saved = true;
94
+ }
95
+ else
96
+ {
97
+ $submit_selector = 'NA';
98
+ $form_selector = 'NA';
99
+ $email_selector = 'NA';
100
+ $authType ='NA';
101
+ $saved = false;
102
+ }
103
+ $return = array(
104
+ 'authType' => $authType,
105
+ 'submit' => $submit_selector,
106
+ 'emailSelector' => $email_selector,
107
+ 'phone_selector' => $phone_selector,
108
+ 'form' => $form_selector,
109
+ 'saved' => $saved,
110
+ 'customForm' => $customForm,
111
+ 'enableShortcode' => $enableShortcode
112
+ );
113
+
114
+ return wp_send_json($return);
115
+ }
116
+
117
  function mo2f_check_user_exist_miniOrange()
118
  {
119
  $nonce = sanitize_text_field($_POST['nonce']);
136
  $email = $user->user_email;
137
 
138
 
139
+
140
  if(isset($_POST['email']))
141
  {
142
  $email = sanitize_text_field($_POST['email']);
143
  }
144
+
145
  $enduser = new Two_Factor_Setup();
146
  $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
147
+
148
+
149
  if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
150
  echo "alreadyExist";
151
  exit;
165
  $current_userID = $current_user->ID;
166
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
167
  if(is_null($miniorangeID) or $miniorangeID =='')
168
+ $is_customer_admin = true;
169
  else
170
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
171
  if($is_customer_admin)
178
  {
179
  $adminUser = get_user_by('id',$miniorangeID);
180
  $email = $adminUser->user_email;
181
+ wp_send_json($email);
182
  }
183
+
184
  }
185
 
186
 
200
  }
201
  else{
202
  update_site_option('mo2f_activate_plugin' , false);
203
+ wp_send_json('false');
204
  }
205
  }
206
 
217
  }
218
  else{
219
  update_site_option('mo2f_inline_registration' , 0);
220
+ wp_send_json('false');
221
  }
222
  }
223
 
240
  $enabledrole = array();
241
  }
242
  foreach($enabledrole as $role){
243
+ update_option($role, 1);
244
  }
245
  wp_send_json('true');
246
  return;
258
  $current_userID = $current_user->ID;
259
  $miniorangeID = get_option( 'mo2f_miniorange_admin' );
260
  $is_customer_admin = $miniorangeID == $current_userID ? true : false;
261
+
262
  if(is_null($miniorangeID) or $miniorangeID =='')
263
  $is_customer_admin = true;
264
+
265
  if($is_customer_admin)
266
  {
267
  update_option('is_onprem', 0);
271
  {
272
  $adminUser = get_user_by('id',$miniorangeID);
273
  $email = $adminUser->user_email;
274
+ wp_send_json($email);
275
  }
276
+
277
  }
278
  }
279
 
280
  function mo2f_unlimitted_user()
281
+ {
282
  if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
283
  {
284
  echo "NonceDidNotMatch";
305
  else
306
  {
307
  echo "OnPremiseDeactive";
308
+ exit;
309
  }
310
  }
311
  }
312
  function mo2f_save_email_verification()
313
+ {
314
+
315
  if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
316
  {
317
  echo "NonceDidNotMatch";
328
  {
329
  $twofactor_transactions = new Mo2fDB;
330
  $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
331
+
332
  if($exceeded){
333
  echo "USER_LIMIT_EXCEEDED";
334
  exit;
335
  }
336
  }
337
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL))
338
  {
339
  $error = true;
340
  }
356
  'mo2f_EmailVerification_config_status'=>true,
357
  'mo2f_user_email' => $email
358
  ));
359
+
360
  }
361
  update_user_meta($user_id,'tempEmail',$email);
362
  echo "settingsSaved";
369
  }
370
 
371
  }
372
+
373
  }
374
  function CheckEVStatus()
375
  {
376
  if(isset($_POST['txid']))
377
  {
378
  $txid = sanitize_text_field($_POST['txid']);
379
+ $status = get_site_option($txid);
380
  if($status ==1 || $status ==0)
381
  delete_site_option($_POST['txid']);
382
  echo $status;
388
 
389
 
390
  }
391
+
392
  new mo_2f_ajax;
393
  ?>
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -9,6 +9,20 @@ class wpns_ajax
9
  function mo_login_security_ajax(){
10
 
11
  add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  }
13
 
14
  function wpns_login_security(){
@@ -37,6 +51,30 @@ class wpns_ajax
37
 
38
  }
39
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
  function wpns_logout_form()
41
  {
42
  global $moWpnsUtility;
9
  function mo_login_security_ajax(){
10
 
11
  add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
12
+ add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
13
+ add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
14
+ }
15
+
16
+ function mo2f_ajax(){
17
+ $GLOBALS['mo2f_is_ajax_request'] = true;
18
+ switch ($_POST['mo2f_ajax_option']) {
19
+ case "mo2f_ajax_kba":
20
+ $this->mo2f_ajax_kba();break;
21
+ case "mo2f_ajax_login":
22
+ $this->mo2f_ajax_login(); break;
23
+ case "mo2f_ajax_otp":
24
+ $this->mo2f_ajax_otp(); break;
25
+ }
26
  }
27
 
28
  function wpns_login_security(){
51
 
52
  }
53
  }
54
+
55
+
56
+ function mo2f_ajax_otp(){
57
+ $obj = new Miniorange_Password_2Factor_Login();
58
+ $obj->check_miniorange_soft_token($_POST);
59
+ }
60
+ function mo2f_ajax_kba(){
61
+ $obj = new Miniorange_Password_2Factor_Login();
62
+ $obj->check_kba_validation($_POST);
63
+ }
64
+ function mo2f_ajax_login()
65
+ {
66
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
67
+ {
68
+ wp_send_json("ERROR");
69
+ exit;
70
+ }
71
+ else
72
+ {
73
+ $username = sanitize_text_field($_POST['username']);
74
+ $password = sanitize_text_field($_POST['password'] );
75
+ apply_filters( 'authenticate', null, $username, $password );
76
+ }
77
+ }
78
  function wpns_logout_form()
79
  {
80
  global $moWpnsUtility;
database/database_functions.php CHANGED
@@ -273,6 +273,12 @@
273
  return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
274
  }
275
 
 
 
 
 
 
 
276
 
277
  function get_blocked_sqli_list()
278
  {
273
  return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
274
  }
275
 
276
+ function get_blocked_attack_list($tableName)
277
+ {
278
+ global $wpdb;
279
+ $tableName = $wpdb->base_prefix.$tableName;
280
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
281
+ }
282
 
283
  function get_blocked_sqli_list()
284
  {
handler/WAF/database/mo-waf-db-common.php ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function retrivefullname($name)
3
+ {
4
+
5
+ switch ($name) {
6
+ case 'XSS':
7
+ return 'Cross-site Scripting';
8
+ case 'SQL':
9
+ return 'SQL injection';
10
+ case 'RCE':
11
+ return 'Remote Code Execution';
12
+ case 'LFI':
13
+ return 'Local File Inclusion';
14
+ case 'RFI':
15
+ return 'Remote File Inclusion';
16
+ case 'RLE':
17
+ return 'Rate limiting Exceeded';
18
+ case 'RLECrawler':
19
+ return 'Rate limit Exceeded for crawler';
20
+ default:
21
+ return $name;
22
+
23
+ }
24
+
25
+ }
handler/WAF/database/mo-waf-db.php CHANGED
@@ -1,5 +1,6 @@
1
  <?php
2
  global $dbcon,$prefix;
 
3
  function log_attack($ipaddress,$value1,$value)
4
  {
5
  global $prefix,$dbcon;
@@ -11,7 +12,6 @@
11
  $rows = mysqli_fetch_array($results);
12
  return $rows['count(*)'];
13
  }
14
-
15
  function setting_file()
16
  {
17
  global $prefix,$dbcon;
1
  <?php
2
  global $dbcon,$prefix;
3
+ include_once('mo-waf-db-common.php');
4
  function log_attack($ipaddress,$value1,$value)
5
  {
6
  global $prefix,$dbcon;
12
  $rows = mysqli_fetch_array($results);
13
  return $rows['count(*)'];
14
  }
 
15
  function setting_file()
16
  {
17
  global $prefix,$dbcon;
handler/WAF/database/mo-waf-plugin-db.php CHANGED
@@ -1,88 +1,91 @@
1
- <?php
2
- function setting_file()
3
- {
4
- global $prefix,$dbcon;
5
- $dir_name = dirname(__FILE__);
6
- $dir_name1 = explode('wp-content', $dir_name);
7
- $dir_name = $dir_name1[0];
8
- $filepath = str_replace('\\', '/', $dir_name1[0]);
9
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
10
- $missingFile = 0;
11
- if(!file_exists($fileName))
12
- {
13
- $missingFile = 1;
14
- }
15
- if($missingFile==1)
16
- {
17
- $file = fopen($fileName, "a+");
18
- $string = "<?php".PHP_EOL;
19
- $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
20
- $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
21
- $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
22
- $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
23
- $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
24
- $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
25
- $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
26
-
27
- if(get_option('actionRateL') == 0)
28
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
29
- else
30
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
31
-
32
- $string .= '?>'.PHP_EOL;
33
- fwrite($file, $string);
34
- fclose($file);
35
- return $fileName;
36
- }
37
- return "notMissing";
38
-
39
- }
40
-
41
- function getRLEAttack($ipaddress)
42
- {
43
- global $wpdb;
44
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
45
- $results = $wpdb->get_results($query);
46
- return $results[0]->time;
47
- }
48
- function log_attack($ipaddress,$value1,$value)
49
- {
50
- global $wpdb;
51
- $value = htmlspecialchars($value);
52
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
53
- $results = $wpdb->get_results($query);
54
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
55
- $results = $wpdb->get_results($query);
56
- return $results[0]->count;
57
- }
58
-
59
- function CheckRate($ipaddress)
60
- {
61
- global $wpdb;
62
- $time = 60;
63
- clearRate($time);
64
- insertRate($ipaddress);
65
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
66
- $results = $wpdb->get_results($query);
67
-
68
- if(isset($results[0]->count))
69
- {
70
- return $results[0]->count;
71
- }
72
- return 0;
73
-
74
- }
75
- function clearRate($time)
76
- {
77
- global $wpdb;
78
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
79
- $results = $wpdb->get_results($query);
80
- }
81
- function insertRate($ipaddress)
82
- {
83
- global $wpdb;
84
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
85
- $results = $wpdb->get_results($query);
86
- }
87
-
 
 
 
88
  ?>
1
+ <?php
2
+
3
+ include_once('mo-waf-db-common.php');
4
+ function setting_file()
5
+ {
6
+ global $prefix,$dbcon;
7
+ $dir_name = dirname(__FILE__);
8
+ $dir_name1 = explode('wp-content', $dir_name);
9
+ $dir_name = $dir_name1[0];
10
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
11
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
+ $missingFile = 0;
13
+ if(!file_exists($fileName))
14
+ {
15
+ $missingFile = 1;
16
+ }
17
+ if($missingFile==1)
18
+ {
19
+ $file = fopen($fileName, "a+");
20
+ $string = "<?php".PHP_EOL;
21
+ $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
+ $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
+ $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
+ $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
+ $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
+ $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
+ $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
+
29
+ if(get_option('actionRateL') == 0)
30
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
+ else
32
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
+
34
+ $string .= '?>'.PHP_EOL;
35
+ fwrite($file, $string);
36
+ fclose($file);
37
+ return $fileName;
38
+ }
39
+ return "notMissing";
40
+
41
+ }
42
+
43
+ function getRLEAttack($ipaddress)
44
+ {
45
+ global $wpdb;
46
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
+ $results = $wpdb->get_results($query);
48
+ return $results[0]->time;
49
+ }
50
+ function log_attack($ipaddress,$value1,$value)
51
+ {
52
+ global $wpdb;
53
+ $value = htmlspecialchars($value);
54
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
+ $results = $wpdb->get_results($query);
56
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
+ $results = $wpdb->get_results($query);
58
+ return $results[0]->count;
59
+ }
60
+
61
+
62
+ function CheckRate($ipaddress)
63
+ {
64
+ global $wpdb;
65
+ $time = 60;
66
+ clearRate($time);
67
+ insertRate($ipaddress);
68
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
+ $results = $wpdb->get_results($query);
70
+
71
+ if(isset($results[0]->count))
72
+ {
73
+ return $results[0]->count;
74
+ }
75
+ return 0;
76
+
77
+ }
78
+ function clearRate($time)
79
+ {
80
+ global $wpdb;
81
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
+ $results = $wpdb->get_results($query);
83
+ }
84
+ function insertRate($ipaddress)
85
+ {
86
+ global $wpdb;
87
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
+ $results = $wpdb->get_results($query);
89
+ }
90
+
91
  ?>
handler/WAF/mo-waf-plugin.php CHANGED
@@ -1,211 +1,212 @@
1
- <?php
2
-
3
- $dir = dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $dir = explode('handler', $dir);
6
- $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
- $pluginU = $dir[0].'helper/pluginUtility.php';
8
- $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
- $errorPage = $dir[0].'handler/mo-error.html';
10
- $blockPage = $dir[0].'handler/mo-block.html';
11
-
12
- include_once($wafInclude);
13
- include_once($pluginU);
14
- include_once($wafDB);
15
-
16
-
17
- global $wpdb,$mowpnshandle;
18
- $mowpnshandle = new MoWpnsHandler();
19
- $ipaddress = get_ipaddress();
20
- if($mowpnshandle->is_ip_blocked($ipaddress))
21
- {
22
- if(!$mowpnshandle->is_whitelisted($ipaddress))
23
- {
24
- header('HTTP/1.1 403 Forbidden');
25
- include_once($blockPage);
26
- exit;
27
- }
28
- }
29
- $fileName = setting_file();
30
- if($fileName != "notMissing")
31
- {
32
- include_once($fileName);
33
- }
34
- if(isset($RateLimiting) and $RateLimiting == 1)
35
- {
36
- if(!is_crawler())
37
- {
38
- applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
39
- }
40
- }
41
- if(isset($RateLimitingCrawler))
42
- {
43
- if($RateLimitingCrawler == 1)
44
- {
45
- if(is_crawler())
46
- {
47
- if(is_fake_googlebot($ipaddress))
48
- {
49
- header('HTTP/1.1 403 Forbidden');
50
- include_once($errorPage);
51
- exit;
52
- }
53
- if($RateLimitingCrawler == '1')
54
- {
55
- applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
56
- }
57
-
58
- }
59
- }
60
- }
61
- $attack = array();
62
- if(isset($SQL) )
63
- {
64
- if($SQL==1)
65
- array_push($attack,"SQL");
66
- }
67
- if(isset($XSS) )
68
- {
69
- if( $XSS==1)
70
- array_push($attack,"XSS");
71
- }
72
- if(isset($LFI))
73
- {
74
- if($LFI==1)
75
- array_push($attack,"LFI");
76
- }
77
-
78
- $attackC = $attack;
79
- $ParanoiaLevel = 1;
80
- $annomalyS = 0;
81
- $SQLScore = 0;
82
- $XSSScore = 0;
83
- $limitAttack = get_option('limitAttack');
84
-
85
-
86
- foreach ($attackC as $key1 => $value1)
87
- {
88
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
89
- {
90
- if(isset($regex[$value1][$lev]))
91
- { $ooo = 0;
92
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
93
- {
94
- foreach ($_REQUEST as $key => $value) {
95
-
96
- if($regex[$value1][$lev][$i] != "")
97
- {
98
- if(is_string($value))
99
- {
100
- if(preg_match($regex[$value1][$lev][$i], $value))
101
- {
102
-
103
- if($value1 == "SQL")
104
- {
105
- $SQLScore += $score[$value1][$lev][$i];
106
- }
107
- elseif ($value1 == "XSS")
108
- {
109
- $XSSScore += $score[$value1][$lev][$i];
110
- }
111
- else
112
- {
113
- $annomalyS += $score[$value1][$lev][$i];
114
- }
115
-
116
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
117
- {
118
- $attackCount = log_attack($ipaddress,$value1,$value);
119
- if($attackCount>$limitAttack)
120
- {
121
- if(!$mowpnshandle->is_whitelisted($ipaddress))
122
- {
123
- if(!$mowpnshandle->is_ip_blocked($ipaddress))
124
- $mowpnshandle->block_ip($ipaddress,'ALE',true); //Attack Limit Exceed
125
- }
126
- }
127
-
128
- header('HTTP/1.1 403 Forbidden');
129
- include_once($errorPage);
130
- exit;
131
- }
132
- }
133
- }
134
- }
135
- }
136
- }
137
- }
138
- }
139
- }
140
-
141
- function applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
142
- {
143
- global $wpdb,$mowpnshandle;
144
- $rate = CheckRate($ipaddress);
145
- if($rate>=$reqLimit)
146
- {
147
- $lastAttack = getRLEAttack($ipaddress)+60;
148
- $current_time = time();
149
- if($lastAttack < $current_time-60)
150
- {
151
- log_attack($ipaddress,'RLE','RLE');
152
- }
153
- if($action != 'ThrottleIP')
154
- {
155
- if(!$mowpnshandle->is_whitelisted($ipaddress))
156
- {
157
- $mowpnshandle->block_ip($ipaddress,'RLE',true);
158
- }
159
- }
160
- header('HTTP/1.1 403 Forbidden');
161
- include_once($errorPage);
162
- exit;
163
- }
164
- }
165
- function applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
166
- {
167
- if(file_exists($filename))
168
- {
169
- include($filename);
170
- }
171
- global $wpdb,$mowpnshandle;
172
- $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
173
- if(isset($RateLimitingCrawler))
174
- {
175
- if($RateLimitingCrawler=='1')
176
- {
177
- if(isset($RequestsPMinCrawler))
178
- {
179
- $reqLimit = $RequestsPMinCrawler;
180
- $rate = CheckRate($ipaddress);
181
- if($rate>=$reqLimit)
182
- {
183
- $action = $actionRateLCrawler;
184
- $lastAttack = getRLEattack($ipaddress)+60;
185
- $current_time = time();
186
- if($current_time>$lastAttack)
187
- {
188
- log_attack($ipaddress,'RLECrawler',$USER_AGENT);
189
- }
190
- if($action != 'ThrottleIP')
191
- {
192
- if(!$mowpnshandle->is_whitelisted($ipaddress))
193
- {
194
- if(!$mowpnshandle->is_ip_blocked($ipaddress))
195
- {
196
- $mowpnshandle->block_ip($ipaddress,'RLECrawler',true);
197
- }
198
- }
199
- }
200
- header('HTTP/1.1 403 Forbidden');
201
- include_once($errorPage);
202
- exit;
203
- }
204
- }
205
- }
206
- }
207
- }
208
-
209
-
210
-
 
211
  ?>
1
+ <?php
2
+
3
+ $dir = dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $dir = explode('handler', $dir);
6
+ $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
+ $pluginU = $dir[0].'helper/pluginUtility.php';
8
+ $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
+ $errorPage = $dir[0].'handler/mo-error.html';
10
+ $blockPage = $dir[0].'handler/mo-block.html';
11
+
12
+ include_once($wafInclude);
13
+ include_once($pluginU);
14
+ include_once($wafDB);
15
+
16
+
17
+ global $wpdb,$mowpnshandle;
18
+ $mowpnshandle = new MoWpnsHandler();
19
+ $ipaddress = get_ipaddress();
20
+ $ipaddress = sanitize_text_field($ipaddress);
21
+ if($mowpnshandle->is_ip_blocked($ipaddress))
22
+ {
23
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
24
+ {
25
+ header('HTTP/1.1 403 Forbidden');
26
+ include_once($blockPage);
27
+ exit;
28
+ }
29
+ }
30
+ $fileName = setting_file();
31
+ if($fileName != "notMissing")
32
+ {
33
+ include_once($fileName);
34
+ }
35
+ if(isset($RateLimiting) and $RateLimiting == 1)
36
+ {
37
+ if(!is_crawler())
38
+ {
39
+ applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
+ }
41
+ }
42
+ if(isset($RateLimitingCrawler))
43
+ {
44
+ if($RateLimitingCrawler == 1)
45
+ {
46
+ if(is_crawler())
47
+ {
48
+ if(is_fake_googlebot($ipaddress))
49
+ {
50
+ header('HTTP/1.1 403 Forbidden');
51
+ include_once($errorPage);
52
+ exit;
53
+ }
54
+ if($RateLimitingCrawler == '1')
55
+ {
56
+ applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
+ }
58
+
59
+ }
60
+ }
61
+ }
62
+ $attack = array();
63
+ if(isset($SQL) )
64
+ {
65
+ if($SQL==1)
66
+ array_push($attack,"SQL");
67
+ }
68
+ if(isset($XSS) )
69
+ {
70
+ if( $XSS==1)
71
+ array_push($attack,"XSS");
72
+ }
73
+ if(isset($LFI))
74
+ {
75
+ if($LFI==1)
76
+ array_push($attack,"LFI");
77
+ }
78
+
79
+ $attackC = $attack;
80
+ $ParanoiaLevel = 1;
81
+ $annomalyS = 0;
82
+ $SQLScore = 0;
83
+ $XSSScore = 0;
84
+ $limitAttack = get_option('limitAttack');
85
+
86
+
87
+ foreach ($attackC as $key1 => $value1)
88
+ {
89
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
90
+ {
91
+ if(isset($regex[$value1][$lev]))
92
+ { $ooo = 0;
93
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
94
+ {
95
+ foreach ($_REQUEST as $key => $value) {
96
+
97
+ if($regex[$value1][$lev][$i] != "")
98
+ {
99
+ if(is_string($value))
100
+ {
101
+ if(preg_match($regex[$value1][$lev][$i], $value))
102
+ {
103
+
104
+ if($value1 == "SQL")
105
+ {
106
+ $SQLScore += $score[$value1][$lev][$i];
107
+ }
108
+ elseif ($value1 == "XSS")
109
+ {
110
+ $XSSScore += $score[$value1][$lev][$i];
111
+ }
112
+ else
113
+ {
114
+ $annomalyS += $score[$value1][$lev][$i];
115
+ }
116
+
117
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
118
+ {
119
+ $attackCount = log_attack($ipaddress,$value1,$value);
120
+ if($attackCount>$limitAttack)
121
+ {
122
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
123
+ {
124
+ if(!$mowpnshandle->is_ip_blocked($ipaddress))
125
+ $mowpnshandle->block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
+ }
127
+ }
128
+
129
+ header('HTTP/1.1 403 Forbidden');
130
+ include_once($errorPage);
131
+ exit;
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }
137
+ }
138
+ }
139
+ }
140
+ }
141
+
142
+ function applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
+ {
144
+ global $wpdb,$mowpnshandle;
145
+ $rate = CheckRate($ipaddress);
146
+ if($rate>=$reqLimit)
147
+ {
148
+ $lastAttack = getRLEAttack($ipaddress)+60;
149
+ $current_time = time();
150
+ if($lastAttack < $current_time-60)
151
+ {
152
+ log_attack($ipaddress,'RLE','RLE');
153
+ }
154
+ if($action != 'ThrottleIP')
155
+ {
156
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
157
+ {
158
+ $mowpnshandle->block_ip($ipaddress,'RLE',true);
159
+ }
160
+ }
161
+ header('HTTP/1.1 403 Forbidden');
162
+ include_once($errorPage);
163
+ exit;
164
+ }
165
+ }
166
+ function applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
167
+ {
168
+ if(file_exists($filename))
169
+ {
170
+ include($filename);
171
+ }
172
+ global $wpdb,$mowpnshandle;
173
+ $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
174
+ if(isset($RateLimitingCrawler))
175
+ {
176
+ if($RateLimitingCrawler=='1')
177
+ {
178
+ if(isset($RequestsPMinCrawler))
179
+ {
180
+ $reqLimit = $RequestsPMinCrawler;
181
+ $rate = CheckRate($ipaddress);
182
+ if($rate>=$reqLimit)
183
+ {
184
+ $action = $actionRateLCrawler;
185
+ $lastAttack = getRLEattack($ipaddress)+60;
186
+ $current_time = time();
187
+ if($current_time>$lastAttack)
188
+ {
189
+ log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
+ }
191
+ if($action != 'ThrottleIP')
192
+ {
193
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
194
+ {
195
+ if(!$mowpnshandle->is_ip_blocked($ipaddress))
196
+ {
197
+ $mowpnshandle->block_ip($ipaddress,'RLECrawler',true);
198
+ }
199
+ }
200
+ }
201
+ header('HTTP/1.1 403 Forbidden');
202
+ include_once($errorPage);
203
+ exit;
204
+ }
205
+ }
206
+ }
207
+ }
208
+ }
209
+
210
+
211
+
212
  ?>
handler/WAF/mo-waf.php CHANGED
@@ -116,7 +116,7 @@
116
  {
117
  if(!is_ip_whitelisted($ipaddress))
118
  {
119
- block_ip($ipaddress,'ALE'); //Attack Limit Exceed
120
  }
121
  }
122
 
116
  {
117
  if(!is_ip_whitelisted($ipaddress))
118
  {
119
+ block_ip($ipaddress,'Attack limit Exceeded'); //Attack Limit Exceed
120
  }
121
  }
122
 
handler/malware_scanner.php CHANGED
@@ -1,669 +1,669 @@
1
- <?php
2
-
3
- class Mo_wpns_Scan_Handler{
4
- private $total_files_to_scan;
5
- public $scanned_files = array();
6
- function __construct(){
7
-
8
- }
9
- function mo2f_scan_all_files($scan_config){
10
- update_option('mo_wpns_scan_initialize', 0);
11
- update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
12
- update_option('mo_wpns_files_scanned',0);
13
- update_option('mo_wpns_infected_files',0);
14
- ini_set('memory_limit', '-1');
15
- ini_set('max_execution_time', 0);
16
- $result = array();
17
- $folderpaths = array();
18
- $wp_repo_file = array();
19
- $folderNames = "";
20
- $repo_check_status = $scan_config['check_repo'];
21
- $repo_check_status_code = 0;
22
- $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
- $hostname = 'wordpress.org';
24
- $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
25
- if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
26
- $scan_config['check_repo'] = 0;
27
- $repo_check_status_code = -97;
28
- }
29
- if (!$wordpress_server_status) {
30
- $scan_config['check_repo'] = 0;
31
- $repo_check_status_code = -98;
32
- }
33
- $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
34
- if($scan_config['core_scan'] == 1){
35
- $folderpaths['base'] = $base;
36
- $folderNames .= "WP Files;";
37
- }
38
- if($scan_config['plugin_scan'] == 1){
39
- $folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
40
- $folderNames .= "Plugins;";
41
- }
42
- if($scan_config['theme_scan'] == 1){
43
- $folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
44
- $folderNames .= "Themes;";
45
- }
46
- if($scan_config['check_repo'] == 1){
47
- $folderNames .= "WP Repo Files;";
48
- }
49
- $this->count_total_files($folderpaths, $base, $scan_config);
50
-
51
- if ( ! function_exists( 'get_plugins' ) ) {
52
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
53
- }
54
- if ( ! function_exists( 'plugins_api' ) ) {
55
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
56
- }
57
- if($scan_config['check_repo'] == 1){
58
- if(!is_dir($repo_file_path)){
59
- mkdir($repo_file_path);
60
- }
61
- if($scan_config['core_scan'] == 1){
62
- require(ABSPATH . 'wp-includes/version.php');
63
- //wordpress name to be changed to be changed based on version
64
- $zip_name="wp-".$wp_version;
65
- $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
66
- update_option('downloaded_wordpress_repo_name', $zip_name);
67
- if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
68
- $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
69
- if($result === -99){
70
- $scan_config['check_repo'] = 0;
71
- $repo_check_status_code = -99;
72
- }else if(!$result){
73
- $scan_config['check_repo'] = 0;
74
- $repo_check_status_code = -100;
75
- }
76
- }
77
- }
78
- if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
79
- $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
80
- if(!is_dir($wp_plugin_repo_file)){
81
- mkdir($wp_plugin_repo_file);
82
- }
83
- $wp_repo_file['plugins']=$wp_plugin_repo_file;
84
- $plugin_list=get_site_transient( 'update_plugins' );
85
- $all_plugins=array();
86
- foreach ($plugin_list as $key => $value) {
87
- if($key=='response'||$key=='no_update'){
88
- foreach ($value as $ke => $val) {
89
- $all_plugins[$ke] = $val;
90
- }
91
- }
92
- }
93
- $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
94
- if($result === -99){
95
- $scan_config['check_repo'] = 0;
96
- $repo_check_status_code = -99;
97
- }else if(!$result){
98
- $scan_config['check_repo'] = 0;
99
- $repo_check_status_code = -100;
100
- }
101
- }
102
- if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
103
- $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
104
- if(!is_dir($wp_theme_repo_file)){
105
- mkdir($wp_theme_repo_file);
106
- }
107
- $wp_repo_file['themes']=$wp_theme_repo_file;
108
- $all_themes=get_site_transient( 'update_themes' )->checked;
109
- $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
110
- if($result === -99){
111
- $scan_config['check_repo'] = 0;
112
- $repo_check_status_code = -99;
113
- }else if(!$result){
114
- $scan_config['check_repo'] = 0;
115
- $repo_check_status_code = -100;
116
- }
117
- }
118
- }
119
- $mo2f_malware_db_handler = new MoWpnsDB();
120
- $time = current_time('timestamp');
121
- $result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
122
- $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
123
- if($result['scan']){
124
- foreach ($result['scan'] as $key => $value) {
125
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
126
- }
127
- }
128
- $result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
129
- $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
130
- if(is_dir($repo_file_path)){
131
- $this->remove_dir($repo_file_path);
132
- }
133
- update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
134
- $total_scan=$mo2f_malware_db_handler->count_files();
135
- $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
136
- $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
137
- $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
138
- if($total_scan > 999){
139
- $total_scan=($total_scan/1000);
140
- $total_scan= round($total_scan,1)."k";
141
- }
142
- if($total_malicious > 999){
143
- $total_malicious=($total_malicious/1000);
144
- $total_malicious= round($total_malicious,1)."k";
145
- }
146
- $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
147
- wp_send_json($response);
148
- }
149
-
150
- function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
151
- foreach($themes_or_plugins as $key => $data){
152
- if($type=='plugins'){
153
- $plugin_slug=$data->slug;
154
- $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
155
- $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
156
- $plugin_version=$plugin_data['Version'];
157
- if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
158
- $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
- if($result === -99){
160
- return -99;
161
- }else if(!$result){
162
- return false;
163
- }
164
- }
165
- } else if($type=='themes'){
166
- if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
- $result= $this->download_repo($key, $data, $path, $type);
168
- if($result === -99){
169
- return -99;
170
- }else if(!$result){
171
- return false;
172
- }
173
- }
174
- }
175
- }
176
- return true;
177
- }
178
-
179
- function download_repo($zip_name, $version, $path, $type=''){
180
- if ($type=='plugins') {
181
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
182
- $plugin_name=$zip_name.'.'.$version;
183
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
184
- if( $download_result){
185
- $result = $this->unzip_downloaded_repo($zip_name, $path);
186
- return $result;
187
- }else {
188
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
189
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
190
- if( $download_result){
191
- $result = $this->unzip_downloaded_repo($zip_name, $path);
192
- return $result;
193
- }else {
194
- error_log("Unable to download Plugin: ".$plugin_name);
195
- return -99;
196
- }
197
- return -99;
198
- }
199
- } else if($type=='themes'){
200
- $theme_name=$zip_name.'.'.$version;
201
- $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
202
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
203
- if( $download_result){
204
- $result = $this->unzip_downloaded_repo($zip_name, $path);
205
- return $result;
206
- }else {
207
- $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
208
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
209
- if( $download_result){
210
- $result = $this->unzip_downloaded_repo($zip_name, $path);
211
- return $result;
212
- }else {
213
- error_log("Unable to download Theme: ".$theme_name);
214
- return -99;
215
- }
216
- return -99;
217
- }
218
- } else {
219
- $download_link="https://wordpress.org/wordpress-".$version.".zip";
220
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
221
- if($download_result){
222
- $result=$this->unzip_downloaded_repo($zip_name, $path);
223
- return $result;
224
- } else {
225
- error_log("Unable to download wordpress-".$version);
226
- return -99;
227
- }
228
- }
229
- return false;
230
- }
231
-
232
- function unzip_downloaded_repo($name, $path){
233
- $zip = new ZipArchive;
234
- $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
235
- $res = $zip->open($folder_path);
236
- if ($res === TRUE) {
237
- // extract it to the path we determined above
238
- $result = $zip->extractTo($path);
239
- $zip->close();
240
- if ($name == get_option('downloaded_wordpress_repo_name')) {
241
- rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
242
- }
243
- unlink($folder_path);
244
- return true;
245
- } else {
246
- return false;
247
- }
248
- }
249
-
250
- function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
251
- if(!empty($folderpaths)){
252
- if ( in_array( 'curl', get_loaded_extensions() ) ) {
253
- $scanresults=array();
254
- $nooffiles=0;
255
- $scan_malware_count = 0;
256
- $repo_issue_count = 0;
257
- $malicious_link_count = 0;
258
- $file_ext = $scan_config['file_extension'];
259
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
260
- $extensions = array();
261
- $hostname = 'scanner.api.xecurify.com';
262
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
263
- if(empty($file_ext)){
264
- }else{
265
- if(strpos($file_ext,';') !=false){
266
- $extensions = explode(";", $file_ext);
267
- }else{
268
- array_push($extensions, $file_ext);
269
- }
270
- }
271
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
272
- $skip_path_array= array();
273
- for($i=0; $i<count($folder_skip_array); $i++){
274
- $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
275
- $n= sizeof($pathParts)-1;
276
- $folder= $pathParts[$n];
277
- array_push($skip_path_array, $folder);
278
- }
279
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
280
- foreach ($folderpaths as $value) {
281
- $onearr = array();
282
- if (is_dir($value)) {
283
- foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
284
- if ($item->isFile()) {
285
- $scanresult=array();
286
- $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
287
- if ($value == $base && ($scan_config['core_scan'] == 1)){
288
- $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
289
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
290
-
291
- }else{
292
- continue;
293
- }
294
- }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
295
- continue;
296
- } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
297
- continue;
298
- }
299
- $flag_skip=0;
300
- if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
301
- for($q=0; $q<count($skip_path_array); $q++){
302
- if(strpos($source_file_path, $skip_path_array[$q])){
303
- $flag_skip=1;
304
- break;
305
- }
306
- }
307
- }
308
- if($flag_skip == 1){
309
- continue;
310
- }
311
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
- $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
- if($extns){
314
- $nooffiles++;
315
- if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
316
- update_option('mo_wpns_files_scanned', $nooffiles);
317
- }
318
- }
319
-
320
- $hash_of_file= md5_file($source_file_path);
321
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
-
323
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
- $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
- $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
326
- $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
327
- $malware_status = $scanmalware? 0 : 1;
328
- $repo_status = $repocheck? 0 : 1;
329
- $link_status = $extlink? 0 : 1;
330
- if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
331
-
332
- else{
333
- $flag_update=0;
334
- $file_content=file_get_contents($source_file_path);
335
- $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
- if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
- $malware_status = 1;
338
- $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
- $postdata = array('file' => $cfile);
340
- $content_type = 'multipart/form-data';
341
- $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
342
- if ($issues) {
343
- $scan_malware_count++;
344
- $scanresult['scan'] = $issues;
345
- $flag_update=1;
346
- }
347
- }else{
348
-
349
- }
350
-
351
- if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
- if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
- $repo_status = 1;
355
- if($value==$base){
356
- $repo_file_path=$repo_folder_path['base'];
357
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
358
- $repo_file_path=$repo_folder_path['plugins'];
359
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
360
- $repo_file_path=$repo_folder_path['themes'];
361
- }
362
- $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
363
- if(!empty($issues)){
364
- $repo_issue_count++;
365
- $scanresult['repo']=$issues;
366
- $flag_update=1;
367
- }
368
- }
369
- }
370
- }
371
- if($extns && $extlink){
372
- if($scan_config['ext_link_check'] == 1){
373
- $link_status = 1;
374
- $elresult= $this->check_external_link($file_content);
375
- if(!empty($elresult)){
376
- $malicious_link_count++;
377
- $flag_update=1;
378
- $scanresult['extl']=$elresult;
379
- }
380
- }
381
- }
382
- if($flag_update == 0){
383
- $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
384
- $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
385
- $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
386
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
387
- if(empty($res)){
388
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
389
- }else{
390
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
391
- }
392
- }else{
393
- $infected_files=get_option('mo_wpns_infected_files');
394
- $infected_files++;
395
- if(!empty($res)){
396
- $mo2f_malware_db_handler->delete_hash($source_file_path);
397
- }
398
- update_option('mo_wpns_infected_files', $infected_files);
399
- }
400
- }
401
- if(!empty($scanresult))
402
- $scanresults[$source_file_path]=$scanresult;
403
- }
404
- }
405
- }
406
- }
407
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
408
- if($malware_server_status){
409
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
410
- $postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
411
- $content_type = 'application/x-www-form-urlencoded';
412
- $lastRequest = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
413
- }
414
- update_option('mo_wpns_files_scanned', $nooffiles);
415
- return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
416
- }else{
417
- return array('message'=>'CURL not installed on the server.');
418
- }
419
- } else {
420
- return array('message'=>'No folder selected for scanning.');
421
- }
422
- }
423
-
424
- function mo_wpns_check_malware_server_status($host){
425
- $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
426
- if ( ! $fsock ){
427
- return FALSE;
428
- }else{
429
- fclose($fsock);
430
- return TRUE;
431
- }
432
- }
433
-
434
- function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
435
- $response = null;
436
- $ch=curl_init($host);
437
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
438
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
439
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
440
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
441
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
442
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
443
- curl_setopt( $ch, CURLOPT_POST, true );
444
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
445
- $results=curl_exec($ch);
446
- curl_close($ch);
447
- if($results==false){
448
- error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
449
- }else{
450
- $result = json_decode($results, true);
451
- if(isset($result['status'])){
452
- if ($result['status'] == 'success') {
453
- if($result['result']!='OK')
454
- $response = $result['result'];
455
- }else if($result['status']=='error'){
456
- error_log("Exception on server");
457
- }
458
- }else if(strpos($results, 'Summary')){
459
-
460
- }else{
461
- error_log("Any other issues on server");
462
- }
463
- }
464
- return $response;
465
- }
466
-
467
- function check_with_repo_files($file_content, $repo_file_path){
468
- $issues = array();
469
- if(file_exists($repo_file_path)){
470
- $content=@file_get_contents($repo_file_path);
471
- $hash_repo = md5($content);
472
- $hash_file = md5($file_content);
473
- if ($hash_file != $hash_repo) {
474
- $flag=1;
475
- $issues=array("exist" => "Mismatch in Files");
476
- }
477
- } else {
478
- $issues=array('exist'=>'Unwanted File Found');
479
- }
480
- return $issues;
481
- }
482
-
483
- function getlines($contents, $href){
484
- $newissues = 0;
485
- $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
486
- for($i=0; $i<count($lines); $i++){
487
- $line = $lines[$i];
488
- if (strpos($line, $href) !== false) {
489
- $newissues = $i+1;
490
- }
491
- }
492
- return $newissues;
493
- }
494
-
495
- function check_external_link($contents){
496
- $issues = array();
497
- $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
498
- if(isset($hrefs[1])){
499
- foreach($hrefs[1] as $href){
500
- if($this->isexternal($href)){
501
- $line=$this->getlines($contents, $href);
502
- $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
503
- }
504
- }
505
- }
506
- return $issues;
507
- }
508
-
509
- function isexternal($url) {
510
- $url = trim($url);
511
- $url = trim($url,';');
512
- $url = trim($url,'(');
513
- $url = trim($url,')');
514
- $url = trim($url,"'");
515
- $url = trim($url,'"');
516
- $components = parse_url($url);
517
- if(isset($components['host'])){
518
- if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
519
- else{
520
- if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
521
- return true;
522
- }
523
- }
524
- }
525
- return false;
526
- }
527
- function check_vulnerable_code($contents){
528
- $issues = array();
529
- $tokens = token_get_all($contents);
530
-
531
- for($i=0; $i< sizeof($tokens); $i++) {
532
- $token = $tokens[$i];
533
- if (is_array($token)) {
534
- if(in_array(token_name($token[0]), array("T_EVAL"))){
535
- $issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
536
- if(!empty($issue))
537
- $issues[] = $issue;
538
- } else if(in_array(token_name($token[0]), array("T_STRING"))){
539
- if(in_array($token[1],array("popen","fsockopen"))){
540
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
541
- if(!empty($issue))
542
- $issues[] = $issue;
543
- } else if(in_array($token[1],array("assert"))){
544
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
545
- if(!empty($issue))
546
- $issues[] = $issue;
547
- } else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
548
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
549
- if(!empty($issue))
550
- $issues[] = $issue;
551
- } else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
552
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
553
- if(!empty($issue))
554
- $issues[] = $issue;
555
- }
556
- }
557
- }
558
- }
559
- return $issues;
560
- }
561
-
562
- function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
563
-
564
- $flag = 1;
565
- $argument = "";
566
- $line = "";
567
- $issue = array();
568
- for($j=$start; $j< sizeof($tokens); $j++) {
569
- $innertoken = $tokens[$j];
570
- if ($flag==1 && is_array($innertoken)) {
571
- $argument .= $innertoken[1];
572
- if(empty($line))
573
- $line = $innertoken[2];
574
- } else if($innertoken==";"){
575
- $argument .= ";";
576
- if($checkForExternalLink){
577
- if($this->isexternal($argument)){
578
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
579
- }
580
- } else {
581
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
582
- }
583
- break;
584
- } else if($flag==1){
585
- $argument .= $innertoken;
586
- }
587
- }
588
- return $issue;
589
- }
590
-
591
- function remove_dir($repo_path){
592
- $dir=$repo_path;
593
- $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
594
- $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
595
- foreach($files as $file) {
596
- if ($file->isDir()){
597
- rmdir($file->getRealPath());
598
- } else {
599
- unlink($file->getRealPath());
600
- }
601
- }
602
- rmdir($dir);
603
- }
604
-
605
- function count_total_files($folder_paths, $base, $scan_config){
606
-
607
- $file_count=0;
608
- $file_ext = $scan_config['file_extension'];
609
- $extensions = array();
610
- if(empty($file_ext)){
611
-
612
- }else{
613
- if(strpos($file_ext,';') !=false){
614
- $extensions = explode(";", $file_ext);
615
- }else{
616
- array_push($extensions, $file_ext);
617
- }
618
- }
619
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
620
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
621
- $skip_path_array= array();
622
- for($i=0; $i<count($folder_skip_array); $i++){
623
- $pathParts = explode('/', $folder_skip_array[$i]);
624
- $n= sizeof($pathParts)-1;
625
- $folder= $pathParts[$n];
626
- array_push($skip_path_array, $folder);
627
- }
628
- foreach ($folder_paths as $value) {
629
- if (is_dir($value)) {
630
- foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
631
- if ($item->isFile()) {
632
- $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
633
- if ($value == $base && ($scan_config['core_scan'] == 1)){
634
- $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
635
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
636
-
637
- }else{
638
- continue;
639
- }
640
- }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
641
- continue;
642
- } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
643
- continue;
644
- }
645
- $flag_skip=0;
646
- if (!empty($folder_skip_array)) {
647
- for($q=0; $q<count($skip_path_array); $q++){
648
- if(strpos($source_file_path, $skip_path_array[$q])){
649
- $flag_skip=1;
650
- break;
651
- }
652
- }
653
- }
654
- if($flag_skip == 1){
655
- continue;
656
- }
657
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
658
- $extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
659
- if($extns)
660
- $file_count++;
661
- }
662
- }
663
- }
664
- }
665
- update_option('mo_wpns_total_files', $file_count);
666
- }
667
- }
668
- new Mo_wpns_Scan_Handler;
669
  ?>
1
+ <?php
2
+
3
+ class Mo_wpns_Scan_Handler{
4
+ private $total_files_to_scan;
5
+ public $scanned_files = array();
6
+ function __construct(){
7
+
8
+ }
9
+ function mo2f_scan_all_files($scan_config){
10
+ update_option('mo_wpns_scan_initialize', 0);
11
+ update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
12
+ update_option('mo_wpns_files_scanned',0);
13
+ update_option('mo_wpns_infected_files',0);
14
+ ini_set('memory_limit', '-1');
15
+ ini_set('max_execution_time', 0);
16
+ $result = array();
17
+ $folderpaths = array();
18
+ $wp_repo_file = array();
19
+ $folderNames = "";
20
+ $repo_check_status = $scan_config['check_repo'];
21
+ $repo_check_status_code = 0;
22
+ $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
+ $hostname = 'wordpress.org';
24
+ $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
25
+ if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
26
+ $scan_config['check_repo'] = 0;
27
+ $repo_check_status_code = -97;
28
+ }
29
+ if (!$wordpress_server_status) {
30
+ $scan_config['check_repo'] = 0;
31
+ $repo_check_status_code = -98;
32
+ }
33
+ $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
34
+ if($scan_config['core_scan'] == 1){
35
+ $folderpaths['base'] = $base;
36
+ $folderNames .= "WP Files;";
37
+ }
38
+ if($scan_config['plugin_scan'] == 1){
39
+ $folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
40
+ $folderNames .= "Plugins;";
41
+ }
42
+ if($scan_config['theme_scan'] == 1){
43
+ $folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
44
+ $folderNames .= "Themes;";
45
+ }
46
+ if($scan_config['check_repo'] == 1){
47
+ $folderNames .= "WP Repo Files;";
48
+ }
49
+ $this->count_total_files($folderpaths, $base, $scan_config);
50
+
51
+ if ( ! function_exists( 'get_plugins' ) ) {
52
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
53
+ }
54
+ if ( ! function_exists( 'plugins_api' ) ) {
55
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
56
+ }
57
+ if($scan_config['check_repo'] == 1){
58
+ if(!is_dir($repo_file_path)){
59
+ mkdir($repo_file_path);
60
+ }
61
+ if($scan_config['core_scan'] == 1){
62
+ require(ABSPATH . 'wp-includes/version.php');
63
+ //wordpress name to be changed to be changed based on version
64
+ $zip_name="wp-".$wp_version;
65
+ $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
66
+ update_option('downloaded_wordpress_repo_name', $zip_name);
67
+ if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
68
+ $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
69
+ if($result === -99){
70
+ $scan_config['check_repo'] = 0;
71
+ $repo_check_status_code = -99;
72
+ }else if(!$result){
73
+ $scan_config['check_repo'] = 0;
74
+ $repo_check_status_code = -100;
75
+ }
76
+ }
77
+ }
78
+ if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
79
+ $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
80
+ if(!is_dir($wp_plugin_repo_file)){
81
+ mkdir($wp_plugin_repo_file);
82
+ }
83
+ $wp_repo_file['plugins']=$wp_plugin_repo_file;
84
+ $plugin_list=get_site_transient( 'update_plugins' );
85
+ $all_plugins=array();
86
+ foreach ($plugin_list as $key => $value) {
87
+ if($key=='response'||$key=='no_update'){
88
+ foreach ($value as $ke => $val) {
89
+ $all_plugins[$ke] = $val;
90
+ }
91
+ }
92
+ }
93
+ $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
94
+ if($result === -99){
95
+ $scan_config['check_repo'] = 0;
96
+ $repo_check_status_code = -99;
97
+ }else if(!$result){
98
+ $scan_config['check_repo'] = 0;
99
+ $repo_check_status_code = -100;
100
+ }
101
+ }
102
+ if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
103
+ $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
104
+ if(!is_dir($wp_theme_repo_file)){
105
+ mkdir($wp_theme_repo_file);
106
+ }
107
+ $wp_repo_file['themes']=$wp_theme_repo_file;
108
+ $all_themes=get_site_transient( 'update_themes' )->checked;
109
+ $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
110
+ if($result === -99){
111
+ $scan_config['check_repo'] = 0;
112
+ $repo_check_status_code = -99;
113
+ }else if(!$result){
114
+ $scan_config['check_repo'] = 0;
115
+ $repo_check_status_code = -100;
116
+ }
117
+ }
118
+ }
119
+ $mo2f_malware_db_handler = new MoWpnsDB();
120
+ $time = current_time('timestamp');
121
+ $result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
122
+ $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
123
+ if($result['scan']){
124
+ foreach ($result['scan'] as $key => $value) {
125
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
126
+ }
127
+ }
128
+ $result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
129
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
130
+ if(is_dir($repo_file_path)){
131
+ $this->remove_dir($repo_file_path);
132
+ }
133
+ update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
134
+ $total_scan=$mo2f_malware_db_handler->count_files();
135
+ $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
136
+ $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
137
+ $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
138
+ if($total_scan > 999){
139
+ $total_scan=($total_scan/1000);
140
+ $total_scan= round($total_scan,1)."k";
141
+ }
142
+ if($total_malicious > 999){
143
+ $total_malicious=($total_malicious/1000);
144
+ $total_malicious= round($total_malicious,1)."k";
145
+ }
146
+ $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
147
+ wp_send_json($response);
148
+ }
149
+
150
+ function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
151
+ foreach($themes_or_plugins as $key => $data){
152
+ if($type=='plugins'){
153
+ $plugin_slug=$data->slug;
154
+ $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
155
+ $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
156
+ $plugin_version=$plugin_data['Version'];
157
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
158
+ $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
+ if($result === -99){
160
+ return -99;
161
+ }else if(!$result){
162
+ return false;
163
+ }
164
+ }
165
+ } else if($type=='themes'){
166
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
+ $result= $this->download_repo($key, $data, $path, $type);
168
+ if($result === -99){
169
+ return -99;
170
+ }else if(!$result){
171
+ return false;
172
+ }
173
+ }
174
+ }
175
+ }
176
+ return true;
177
+ }
178
+
179
+ function download_repo($zip_name, $version, $path, $type=''){
180
+ if ($type=='plugins') {
181
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
182
+ $plugin_name=$zip_name.'.'.$version;
183
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
184
+ if( $download_result){
185
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
186
+ return $result;
187
+ }else {
188
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
189
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
190
+ if( $download_result){
191
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
192
+ return $result;
193
+ }else {
194
+ error_log("Unable to download Plugin: ".$plugin_name);
195
+ return -99;
196
+ }
197
+ return -99;
198
+ }
199
+ } else if($type=='themes'){
200
+ $theme_name=$zip_name.'.'.$version;
201
+ $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
202
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
203
+ if( $download_result){
204
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
205
+ return $result;
206
+ }else {
207
+ $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
208
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
209
+ if( $download_result){
210
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
211
+ return $result;
212
+ }else {
213
+ error_log("Unable to download Theme: ".$theme_name);
214
+ return -99;
215
+ }
216
+ return -99;
217
+ }
218
+ } else {
219
+ $download_link="https://wordpress.org/wordpress-".$version.".zip";
220
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
221
+ if($download_result){
222
+ $result=$this->unzip_downloaded_repo($zip_name, $path);
223
+ return $result;
224
+ } else {
225
+ error_log("Unable to download wordpress-".$version);
226
+ return -99;
227
+ }
228
+ }
229
+ return false;
230
+ }
231
+
232
+ function unzip_downloaded_repo($name, $path){
233
+ $zip = new ZipArchive;
234
+ $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
235
+ $res = $zip->open($folder_path);
236
+ if ($res === TRUE) {
237
+ // extract it to the path we determined above
238
+ $result = $zip->extractTo($path);
239
+ $zip->close();
240
+ if ($name == get_option('downloaded_wordpress_repo_name')) {
241
+ rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
242
+ }
243
+ unlink($folder_path);
244
+ return true;
245
+ } else {
246
+ return false;
247
+ }
248
+ }
249
+
250
+ function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
251
+ if(!empty($folderpaths)){
252
+ if ( in_array( 'curl', get_loaded_extensions() ) ) {
253
+ $scanresults=array();
254
+ $nooffiles=0;
255
+ $scan_malware_count = 0;
256
+ $repo_issue_count = 0;
257
+ $malicious_link_count = 0;
258
+ $file_ext = $scan_config['file_extension'];
259
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
260
+ $extensions = array();
261
+ $hostname = 'scanner.api.xecurify.com';
262
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
263
+ if(empty($file_ext)){
264
+ }else{
265
+ if(strpos($file_ext,';') !=false){
266
+ $extensions = explode(";", $file_ext);
267
+ }else{
268
+ array_push($extensions, $file_ext);
269
+ }
270
+ }
271
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
272
+ $skip_path_array= array();
273
+ for($i=0; $i<count($folder_skip_array); $i++){
274
+ $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
275
+ $n= sizeof($pathParts)-1;
276
+ $folder= $pathParts[$n];
277
+ array_push($skip_path_array, $folder);
278
+ }
279
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
280
+ foreach ($folderpaths as $value) {
281
+ $onearr = array();
282
+ if (is_dir($value)) {
283
+ foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
284
+ if ($item->isFile()) {
285
+ $scanresult=array();
286
+ $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
287
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
288
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
289
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
290
+
291
+ }else{
292
+ continue;
293
+ }
294
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
295
+ continue;
296
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
297
+ continue;
298
+ }
299
+ $flag_skip=0;
300
+ if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
301
+ for($q=0; $q<count($skip_path_array); $q++){
302
+ if(strpos($source_file_path, $skip_path_array[$q])){
303
+ $flag_skip=1;
304
+ break;
305
+ }
306
+ }
307
+ }
308
+ if($flag_skip == 1){
309
+ continue;
310
+ }
311
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
+ $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
+ if($extns){
314
+ $nooffiles++;
315
+ if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
316
+ update_option('mo_wpns_files_scanned', $nooffiles);
317
+ }
318
+ }
319
+
320
+ $hash_of_file= md5_file($source_file_path);
321
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
+
323
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
+ $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
+ $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
326
+ $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
327
+ $malware_status = $scanmalware? 0 : 1;
328
+ $repo_status = $repocheck? 0 : 1;
329
+ $link_status = $extlink? 0 : 1;
330
+ if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
331
+
332
+ else{
333
+ $flag_update=0;
334
+ $file_content=file_get_contents($source_file_path);
335
+ $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
+ if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
+ $malware_status = 1;
338
+ $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
+ $postdata = array('file' => $cfile);
340
+ $content_type = 'multipart/form-data';
341
+ $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
342
+ if ($issues) {
343
+ $scan_malware_count++;
344
+ $scanresult['scan'] = $issues;
345
+ $flag_update=1;
346
+ }
347
+ }else{
348
+
349
+ }
350
+
351
+ if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
+ if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
+ $repo_status = 1;
355
+ if($value==$base){
356
+ $repo_file_path=$repo_folder_path['base'];
357
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
358
+ $repo_file_path=$repo_folder_path['plugins'];
359
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
360
+ $repo_file_path=$repo_folder_path['themes'];
361
+ }
362
+ $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
363
+ if(!empty($issues)){
364
+ $repo_issue_count++;
365
+ $scanresult['repo']=$issues;
366
+ $flag_update=1;
367
+ }
368
+ }
369
+ }
370
+ }
371
+ if($extns && $extlink){
372
+ if($scan_config['ext_link_check'] == 1){
373
+ $link_status = 1;
374
+ $elresult= $this->check_external_link($file_content);
375
+ if(!empty($elresult)){
376
+ $malicious_link_count++;
377
+ $flag_update=1;
378
+ $scanresult['extl']=$elresult;
379
+ }
380
+ }
381
+ }
382
+ if($flag_update == 0){
383
+ $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
384
+ $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
385
+ $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
386
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
387
+ if(empty($res)){
388
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
389
+ }else{
390
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
391
+ }
392
+ }else{
393
+ $infected_files=get_option('mo_wpns_infected_files');
394
+ $infected_files++;
395
+ if(!empty($res)){
396
+ $mo2f_malware_db_handler->delete_hash($source_file_path);
397
+ }
398
+ update_option('mo_wpns_infected_files', $infected_files);
399
+ }
400
+ }
401
+ if(!empty($scanresult))
402
+ $scanresults[$source_file_path]=$scanresult;
403
+ }
404
+ }
405
+ }
406
+ }
407
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
408
+ if($malware_server_status){
409
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
410
+ $postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
411
+ $content_type = 'application/x-www-form-urlencoded';
412
+ $lastRequest = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
413
+ }
414
+ update_option('mo_wpns_files_scanned', $nooffiles);
415
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
416
+ }else{
417
+ return array('message'=>'CURL not installed on the server.');
418
+ }
419
+ } else {
420
+ return array('message'=>'No folder selected for scanning.');
421
+ }
422
+ }
423
+
424
+ function mo_wpns_check_malware_server_status($host){
425
+ $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
426
+ if ( ! $fsock ){
427
+ return FALSE;
428
+ }else{
429
+ fclose($fsock);
430
+ return TRUE;
431
+ }
432
+ }
433
+
434
+ function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
435
+ $response = null;
436
+ $ch=curl_init($host);
437
+ curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
438
+ curl_setopt( $ch, CURLOPT_ENCODING, "" );
439
+ curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
440
+ curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
441
+ curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
442
+ curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
443
+ curl_setopt( $ch, CURLOPT_POST, true );
444
+ curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
445
+ $results=curl_exec($ch);
446
+ curl_close($ch);
447
+ if($results==false){
448
+ error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
449
+ }else{
450
+ $result = json_decode($results, true);
451
+ if(isset($result['status'])){
452
+ if ($result['status'] == 'success') {
453
+ if($result['result']!='OK')
454
+ $response = $result['result'];
455
+ }else if($result['status']=='error'){
456
+ error_log("Exception on server");
457
+ }
458
+ }else if(strpos($results, 'Summary')){
459
+
460
+ }else{
461
+ error_log("Any other issues on server");
462
+ }
463
+ }
464
+ return $response;
465
+ }
466
+
467
+ function check_with_repo_files($file_content, $repo_file_path){
468
+ $issues = array();
469
+ if(file_exists($repo_file_path)){
470
+ $content=@file_get_contents($repo_file_path);
471
+ $hash_repo = md5($content);
472
+ $hash_file = md5($file_content);
473
+ if ($hash_file != $hash_repo) {
474
+ $flag=1;
475
+ $issues=array("exist" => "Mismatch in Files");
476
+ }
477
+ } else {
478
+ $issues=array('exist'=>'Unwanted File Found');
479
+ }
480
+ return $issues;
481
+ }
482
+
483
+ function getlines($contents, $href){
484
+ $newissues = 0;
485
+ $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
486
+ for($i=0; $i<count($lines); $i++){
487
+ $line = $lines[$i];
488
+ if (strpos($line, $href) !== false) {
489
+ $newissues = $i+1;
490
+ }
491
+ }
492
+ return $newissues;
493
+ }
494
+
495
+ function check_external_link($contents){
496
+ $issues = array();
497
+ $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
498
+ if(isset($hrefs[1])){
499
+ foreach($hrefs[1] as $href){
500
+ if($this->isexternal($href)){
501
+ $line=$this->getlines($contents, $href);
502
+ $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
503
+ }
504
+ }
505
+ }
506
+ return $issues;
507
+ }
508
+
509
+ function isexternal($url) {
510
+ $url = trim($url);
511
+ $url = trim($url,';');
512
+ $url = trim($url,'(');
513
+ $url = trim($url,')');
514
+ $url = trim($url,"'");
515
+ $url = trim($url,'"');
516
+ $components = parse_url($url);
517
+ if(isset($components['host'])){
518
+ if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
519
+ else{
520
+ if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
521
+ return true;
522
+ }
523
+ }
524
+ }
525
+ return false;
526
+ }
527
+ function check_vulnerable_code($contents){
528
+ $issues = array();
529
+ $tokens = token_get_all($contents);
530
+
531
+ for($i=0; $i< sizeof($tokens); $i++) {
532
+ $token = $tokens[$i];
533
+ if (is_array($token)) {
534
+ if(in_array(token_name($token[0]), array("T_EVAL"))){
535
+ $issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
536
+ if(!empty($issue))
537
+ $issues[] = $issue;
538
+ } else if(in_array(token_name($token[0]), array("T_STRING"))){
539
+ if(in_array($token[1],array("popen","fsockopen"))){
540
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
541
+ if(!empty($issue))
542
+ $issues[] = $issue;
543
+ } else if(in_array($token[1],array("assert"))){
544
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
545
+ if(!empty($issue))
546
+ $issues[] = $issue;
547
+ } else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
548
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
549
+ if(!empty($issue))
550
+ $issues[] = $issue;
551
+ } else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
552
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
553
+ if(!empty($issue))
554
+ $issues[] = $issue;
555
+ }
556
+ }
557
+ }
558
+ }
559
+ return $issues;
560
+ }
561
+
562
+ function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
563
+
564
+ $flag = 1;
565
+ $argument = "";
566
+ $line = "";
567
+ $issue = array();
568
+ for($j=$start; $j< sizeof($tokens); $j++) {
569
+ $innertoken = $tokens[$j];
570
+ if ($flag==1 && is_array($innertoken)) {
571
+ $argument .= $innertoken[1];
572
+ if(empty($line))
573
+ $line = $innertoken[2];
574
+ } else if($innertoken==";"){
575
+ $argument .= ";";
576
+ if($checkForExternalLink){
577
+ if($this->isexternal($argument)){
578
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
579
+ }
580
+ } else {
581
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
582
+ }
583
+ break;
584
+ } else if($flag==1){
585
+ $argument .= $innertoken;
586
+ }
587
+ }
588
+ return $issue;
589
+ }
590
+
591
+ function remove_dir($repo_path){
592
+ $dir=$repo_path;
593
+ $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
594
+ $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
595
+ foreach($files as $file) {
596
+ if ($file->isDir()){
597
+ rmdir($file->getRealPath());
598
+ } else {
599
+ unlink($file->getRealPath());
600
+ }
601
+ }
602
+ rmdir($dir);
603
+ }
604
+
605
+ function count_total_files($folder_paths, $base, $scan_config){
606
+
607
+ $file_count=0;
608
+ $file_ext = $scan_config['file_extension'];
609
+ $extensions = array();
610
+ if(empty($file_ext)){
611
+
612
+ }else{
613
+ if(strpos($file_ext,';') !=false){
614
+ $extensions = explode(";", $file_ext);
615
+ }else{
616
+ array_push($extensions, $file_ext);
617
+ }
618
+ }
619
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
620
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
621
+ $skip_path_array= array();
622
+ for($i=0; $i<count($folder_skip_array); $i++){
623
+ $pathParts = explode('/', $folder_skip_array[$i]);
624
+ $n= sizeof($pathParts)-1;
625
+ $folder= $pathParts[$n];
626
+ array_push($skip_path_array, $folder);
627
+ }
628
+ foreach ($folder_paths as $value) {
629
+ if (is_dir($value)) {
630
+ foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
631
+ if ($item->isFile()) {
632
+ $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
633
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
634
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
635
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
636
+
637
+ }else{
638
+ continue;
639
+ }
640
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
641
+ continue;
642
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
643
+ continue;
644
+ }
645
+ $flag_skip=0;
646
+ if (!empty($folder_skip_array)) {
647
+ for($q=0; $q<count($skip_path_array); $q++){
648
+ if(strpos($source_file_path, $skip_path_array[$q])){
649
+ $flag_skip=1;
650
+ break;
651
+ }
652
+ }
653
+ }
654
+ if($flag_skip == 1){
655
+ continue;
656
+ }
657
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
658
+ $extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
659
+ if($extns)
660
+ $file_count++;
661
+ }
662
+ }
663
+ }
664
+ }
665
+ update_option('mo_wpns_total_files', $file_count);
666
+ }
667
+ }
668
+ new Mo_wpns_Scan_Handler;
669
  ?>
handler/malware_scanner/malware_scanner_cron.php CHANGED
@@ -1,1050 +1,1050 @@
1
- <?php
2
-
3
- class Mo_wpns_Scan_Handler_Cron{
4
- private $total_files_to_scan;
5
- public $scanned_files = array();
6
- function __construct(){
7
-
8
- }
9
-
10
- function mo2f_scan_all_files($scan_config, $start_time){
11
- ini_set('memory_limit', '-1');
12
- ini_set('max_execution_time', 0);
13
- $time_limit= ini_get('max_execution_time');
14
-
15
- $result = array();
16
- $folderpaths = array();
17
- $wp_repo_file = array();
18
- $folderNames = "";
19
- $repo_check_status_code=0;
20
- update_option('mo_stop_scan','0');
21
- $base = get_home_path();
22
- $hostname = 'wordpress.org';
23
- $uploads_dir = wp_upload_dir();
24
- $uploads_path= $uploads_dir['basedir'];
25
- if (!is_writable($uploads_path)) {
26
- $scan_config['check_repo'] = 0;
27
- $repo_check_status_code = -97;
28
- }else{
29
- $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
30
- if (!$wordpress_server_status) {
31
- $scan_config['check_repo'] = 0;
32
- $repo_check_status_code = -98;
33
- }
34
- }
35
-
36
- if($scan_config['core_scan'] == 1){
37
- $folderpaths['base'] = $base;
38
- $folderNames .= "WP Files;";
39
- }
40
- if($scan_config['plugin_scan'] == 1){
41
- $folderpaths['plugins'] = WP_PLUGIN_DIR;
42
- $folderNames .= "Plugins;";
43
- }
44
- if($scan_config['theme_scan'] == 1){
45
- $folderpaths['themes'] = get_theme_root();
46
- $folderNames .= "Themes;";
47
- }
48
- if($scan_config['check_repo'] == 1){
49
- $folderNames .= "WP Repo Files;";
50
- }
51
-
52
- $this->count_total_files($folderpaths, $base, $scan_config);
53
- update_option('mo2f_repo_status', $repo_check_status_code);
54
-
55
- $mo2f_malware_db_handler = new MoWpnsDB();
56
- $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $start_time, $repo_check_status_code);
57
- update_option('mo2f_report_id', $reportid);
58
-
59
- $scanverification=$this->createKeyCurrentScan($scan_config['type_scan'],$reportid);
60
-
61
- $response=$this->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
62
-
63
- wp_send_json('success');
64
- }
65
-
66
- function createKeyCurrentScan($scan_mode,$reportid){
67
-
68
- $scanverification=md5($scan_mode. MO2f_Utility::random_str(24).$reportid);
69
- update_option("mo2f_scanverification",$scanverification);
70
- return $scanverification;
71
- }
72
-
73
- function mo2f_wp_remote_get($scan_mode, $reportid, $scanverification,$scan_stage_complete=1){
74
- //set time out based on time left or 10 secs
75
-
76
- $scan_nonce=rand(10,100000);
77
- $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
78
- $url = get_site_url()."?scan_request=1"."&scanverification=".$scanverification."&reportid=".$reportid."&scan_stage_complete=".$scan_stage_complete."&scan_mode=".$scan_mode."&scan_nonce=".$scan_nonce;//scanverification,report_id, scan_stage_complete and scan_mode
79
-
80
- $args = array(
81
- 'method' => 'GET',
82
- 'body' => '',
83
- 'timeout' => '5',
84
- 'redirection' => '5',
85
- 'httpversion' => '1.0',
86
- 'blocking' => true,
87
- 'headers' => $http_header_array
88
- );
89
- $response= wp_remote_get($url,$args);
90
-
91
- }
92
-
93
- function mo2f_download_core_wp($repo_file_path, $scan_config, $reportid, $scanverification){
94
- $repo_check_status = $scan_config['check_repo'];
95
- $repo_check_status_code=get_option('mo2f_repo_status');
96
- $wp_repo_file=get_option('mo2f_repo_path');
97
- if ( ! function_exists( 'get_plugins' ) ) {
98
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
99
- }
100
- if ( ! function_exists( 'plugins_api' ) ) {
101
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
102
- }
103
-
104
- if($scan_config['core_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
105
- if(!is_dir($repo_file_path)){
106
- mkdir($repo_file_path);
107
- }
108
- $download_status=time();
109
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
110
- $decoded_scan_configuration->status_download_time=$download_status;
111
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
112
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
113
- require(ABSPATH . 'wp-includes/version.php');
114
- //wordpress name to be changed to be changed based on version
115
- $zip_name="wp-".$wp_version;
116
- $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
117
- update_option('downloaded_wordpress_repo_name', $zip_name);
118
- if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
119
- $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
120
- if($result === -99){
121
- $scan_config['check_repo'] = 0;
122
- $repo_check_status_code = -99;
123
- }else if(!$result){
124
- $scan_config['check_repo'] = 0;
125
- $repo_check_status_code = -100;
126
- }
127
- }
128
- }
129
-
130
- if($repo_check_status != $scan_config['check_repo']){
131
- update_option('mo2f_repo_status', $repo_check_status_code);
132
- $scan_stage_complete=6;
133
- }else{
134
- update_option('mo2f_repo_path', $wp_repo_file);
135
- $scan_stage_complete=6;
136
- }
137
-
138
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
139
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
140
-
141
- }
142
-
143
- function mo2f_download_plugins_wp($repo_file_path, $scan_config, $start_time, $time_limit, $reportid, $scanverification){
144
- $repo_check_status = $scan_config['check_repo'];
145
- $repo_check_status_code=get_option('mo2f_repo_status');
146
- $flag=0;
147
- $wp_repo_file=array();
148
- if ( ! function_exists( 'get_plugins' ) ) {
149
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
150
- }
151
- if ( ! function_exists( 'plugins_api' ) ) {
152
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
153
- }
154
-
155
- if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
156
- if(!is_dir($repo_file_path)){
157
- mkdir($repo_file_path);
158
- }
159
- $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
160
- if(!is_dir($wp_plugin_repo_file)){
161
- mkdir($wp_plugin_repo_file);
162
- }
163
- $download_status=time();
164
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
165
- $decoded_scan_configuration->status_download_time=$download_status;
166
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
167
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
168
- $wp_repo_file['plugins']=$wp_plugin_repo_file;
169
- $plugin_list=get_site_transient( 'update_plugins' );
170
- $all_plugins=array();
171
- foreach ($plugin_list as $key => $value) {
172
- if($key=='response'||$key=='no_update'){
173
- foreach ($value as $ke => $val) {
174
- $all_plugins[$ke] = $val;
175
- }
176
- }
177
- }
178
- $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins', $start_time, $time_limit,$scan_config,$reportid, $scanverification);
179
- if($result === -99){
180
- $scan_config['check_repo'] = 0;
181
- $repo_check_status_code = -99;
182
- }else if(!$result){
183
- $scan_config['check_repo'] = 0;
184
- $repo_check_status_code = -100;
185
- }else if($result === 'incomplete'){
186
- $flag=1;
187
- }
188
- }
189
- if($repo_check_status != $scan_config['check_repo']){
190
- update_option('mo2f_repo_status', $repo_check_status_code);
191
- $scan_stage_complete=6;
192
- }else{
193
- if($flag == 1){
194
- $scan_stage_complete=3;
195
- }else{
196
- update_option('mo2f_repo_path', $wp_repo_file);
197
- update_option('mo2f_download_done',0);
198
- $scan_stage_complete=4;
199
- }
200
- }
201
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
202
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
203
-
204
- }
205
-
206
- function mo2f_download_themes_wp($repo_file_path, $scan_config, $start_time, $time_limit,$reportid, $scanverification){
207
- $repo_check_status = $scan_config['check_repo'];
208
- $repo_check_status_code=get_option('mo2f_repo_status');
209
- $flag=0;
210
- $wp_repo_file=get_option('mo2f_repo_path');
211
- if ( ! function_exists( 'get_plugins' ) ) {
212
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
213
- }
214
- if ( ! function_exists( 'plugins_api' ) ) {
215
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
216
- }
217
-
218
- if($scan_config['theme_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
219
- if(!is_dir($repo_file_path)){
220
- mkdir($repo_file_path);
221
- }
222
- $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
223
- if(!is_dir($wp_theme_repo_file)){
224
- mkdir($wp_theme_repo_file);
225
- }
226
- $download_status=time();
227
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
228
- $decoded_scan_configuration->status_download_time=$download_status;
229
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
230
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
231
- $wp_repo_file['themes']=$wp_theme_repo_file;
232
- $all_themes=get_site_transient( 'update_themes' )->checked;
233
- $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes', $start_time, $time_limit,$scan_config,$reportid,$scanverification);
234
- if($result === -99){
235
- $scan_config['check_repo'] = 0;
236
- $repo_check_status_code = -99;
237
- }else if(!$result){
238
- $scan_config['check_repo'] = 0;
239
- $repo_check_status_code = -100;
240
- }else if($result === 'incomplete'){
241
- $flag=1;
242
- }
243
- }
244
- if($repo_check_status != $scan_config['check_repo']){
245
- update_option('mo2f_repo_status', $repo_check_status_code);
246
- $scan_stage_complete=6;
247
- }else{
248
- if($flag == 1){
249
- $scan_stage_complete=4;
250
-
251
- }else{
252
- update_option('mo2f_repo_path', $wp_repo_file);
253
- update_option('mo2f_download_done',0);
254
- $scan_stage_complete=5;
255
- }
256
- }
257
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
258
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
259
- }
260
-
261
- function iterator_plugins_themes($themes_or_plugins, $path, $type='', $start_time, $time_limit, $scan_config,$reportid, $scanverification){
262
- $downloaded_already= get_option('mo2f_download_done');
263
- if($downloaded_already == false){
264
- $downloaded_already=0;
265
- }
266
- $i=0;
267
- foreach($themes_or_plugins as $key => $data){
268
- $i++;
269
- $exec_status= $this->check_exec_limit($start_time, $time_limit);
270
- if(! $exec_status){//wp_remote_get
271
- update_option('mo2f_download_done', $i-1);
272
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
273
- if($type=='plugins'){
274
- $scan_stage_complete=3;
275
- }else if($type=='themes'){
276
- $scan_stage_complete=4;
277
- }
278
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
279
- return 'incomplete';
280
- }
281
- if($i <= $downloaded_already){
282
- continue;
283
- }
284
- if($type=='plugins'){
285
- if(! file_exists(WP_PLUGIN_DIR.DIRECTORY_SEPARATOR.$data->plugin)){
286
- continue;
287
- }
288
- $plugin_slug=$data->slug;
289
- $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
290
- $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
291
- $plugin_version=$plugin_data['Version'];
292
- if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
293
- $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
294
- if($result === -99){
295
- return -99;
296
- }else if(!$result){
297
- return false;
298
- }
299
- }
300
- } else if($type=='themes'){
301
- $installed_themes = wp_get_themes();
302
- $flag_theme=0;
303
- foreach ($installed_themes as $theme_name => $attributes) {
304
- if($key == $theme_name){
305
- $flag_theme=1;
306
- break;
307
- }
308
- }
309
- if(!is_dir($path.DIRECTORY_SEPARATOR.$key) && $flag_theme == 1){
310
- $result= $this->download_repo($key, $data, $path, $type);
311
- if($result === -99){
312
- return -99;
313
- }else if(!$result){
314
- return false;
315
- }
316
- }
317
- }
318
- }
319
- return true;
320
- }
321
-
322
- function download_repo($zip_name, $version, $path, $type=''){
323
- if ($type=='plugins') {
324
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
325
- $plugin_name=$zip_name.'.'.$version;
326
-
327
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
328
- if( $download_result){
329
- $result = $this->unzip_downloaded_repo($zip_name, $path);
330
- return $result;
331
- }else {
332
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
333
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
334
- if( $download_result){
335
- $result = $this->unzip_downloaded_repo($zip_name, $path);
336
- return $result;
337
- }else {
338
- error_log("Unable to download Plugin: ".$plugin_name);
339
- return -99;
340
- }
341
- return -99;
342
- }
343
- } else if($type=='themes'){
344
- $theme_name=$zip_name.'.'.$version;
345
- $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
346
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
347
- if( $download_result){
348
- $result = $this->unzip_downloaded_repo($zip_name, $path);
349
- return $result;
350
- }else {
351
- $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
352
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
353
- if( $download_result){
354
- $result = $this->unzip_downloaded_repo($zip_name, $path);
355
- return $result;
356
- }else {
357
- error_log("Unable to download Theme: ".$theme_name);
358
- return -99;
359
- }
360
- return -99;
361
- }
362
- } else {
363
- $download_link="https://wordpress.org/wordpress-".$version.".zip";
364
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
365
- if($download_result){
366
- $result=$this->unzip_downloaded_repo($zip_name, $path);
367
- return $result;
368
- } else {
369
- error_log("Unable to download wordpress-".$version);
370
- return -99;
371
- }
372
- }
373
- return false;
374
- }
375
-
376
- function unzip_downloaded_repo($name, $path){
377
- $zip = new ZipArchive;
378
- $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
379
- $res = $zip->open($folder_path);
380
- if ($res === TRUE) {
381
- // extract it to the path we determined above
382
- $result = $zip->extractTo($path);
383
- $zip->close();
384
- if ($name == get_option('downloaded_wordpress_repo_name')) {
385
- rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
386
- }
387
- unlink($folder_path);
388
- return true;
389
- } else {
390
- return false;
391
- }
392
- }
393
-
394
- function mo_wpns_check_malware_server_status($host){
395
- $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
396
- if ( ! $fsock ){
397
- return FALSE;
398
- }else{
399
- fclose($fsock);
400
- return TRUE;
401
- }
402
- }
403
-
404
- function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
405
- $response = null;
406
- $ch=curl_init($host);
407
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
408
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
409
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
410
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
411
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
412
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
413
- curl_setopt( $ch, CURLOPT_POST, true );
414
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
415
- curl_setopt($ch, CURLOPT_TIMEOUT, 5);
416
- $results=curl_exec($ch);
417
- curl_close($ch);
418
- if($results==false){
419
-
420
- }else{
421
- $result = json_decode($results, true);
422
- if(isset($result['status'])){
423
- if ($result['status'] == 'success') {
424
- if($result['result']!='OK')
425
- $response = $result['result'];
426
- }else if($result['status']=='error'){
427
- error_log("Exception on server");
428
- }
429
- }else if(strpos($results, 'Summary')){
430
-
431
- }else{
432
- error_log("Any other issues on server");
433
- }
434
- }
435
- return $response;
436
- }
437
-
438
- function check_with_repo_files($file_content, $repo_file_path){
439
- $issues = array();
440
- if(file_exists($repo_file_path)){
441
- $content=@file_get_contents($repo_file_path);
442
- $hash_repo = md5($content);
443
- $hash_file = md5($file_content);
444
- if ($hash_file != $hash_repo) {
445
- $flag=1;
446
- $issues=array("exist" => "Mismatch in Files");
447
- }
448
- } else {
449
- $issues=array('exist'=>'Unwanted File Found');
450
- }
451
- return $issues;
452
- }
453
-
454
- function getlines($contents, $href){
455
- $newissues = 0;
456
- $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
457
- for($i=0; $i<count($lines); $i++){
458
- $line = $lines[$i];
459
- if (strpos($line, $href) !== false) {
460
- $newissues = $i+1;
461
- }
462
- }
463
- return $newissues;
464
- }
465
-
466
- function check_external_link($contents){
467
- $issues = array();
468
- $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
469
- if(isset($hrefs[1])){
470
- foreach($hrefs[1] as $href){
471
- if($this->isexternal($href)){
472
- $line=$this->getlines($contents, $href);
473
- $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
474
- }
475
- }
476
- }
477
- return $issues;
478
- }
479
-
480
- function isexternal($url) {
481
- $url = trim($url);
482
- $url = trim($url,';');
483
- $url = trim($url,'(');
484
- $url = trim($url,')');
485
- $url = trim($url,"'");
486
- $url = trim($url,'"');
487
- $components = parse_url($url);
488
- if(isset($components['host'])){
489
- if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot|php.net)/i', $components['host']) === 1) {}
490
- else{
491
- if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
492
- return true;
493
- }
494
- }
495
- }
496
- return false;
497
- }
498
-
499
- function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
500
-
501
- $flag = 1;
502
- $argument = "";
503
- $line = "";
504
- $issue = array();
505
- for($j=$start; $j< sizeof($tokens); $j++) {
506
- $innertoken = $tokens[$j];
507
- if ($flag==1 && is_array($innertoken)) {
508
- $argument .= $innertoken[1];
509
- if(empty($line))
510
- $line = $innertoken[2];
511
- } else if($innertoken==";"){
512
- $argument .= ";";
513
- if($checkForExternalLink){
514
- if($this->isexternal($argument)){
515
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
516
- }
517
- } else {
518
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
519
- }
520
- break;
521
- } else if($flag==1){
522
- $argument .= $innertoken;
523
- }
524
- }
525
- return $issue;
526
- }
527
-
528
- function remove_dir($repo_path){
529
- $dir=$repo_path;
530
- $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
531
- $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
532
- foreach($files as $file) {
533
- if ($file->isDir()){
534
- rmdir($file->getPathname());
535
- } else {
536
- unlink($file->getPathname());
537
- }
538
- }
539
- rmdir($dir);
540
- }
541
-
542
- function count_total_files($folder_paths, $base, $scan_config){
543
- if(isset($folder_paths['base'])){
544
- $temp= $folder_paths['base'];
545
- $folder_paths = array('base' => $temp);
546
- }
547
- $mo2f_malware_db_handler = new MoWpnsDB();
548
- $file_count=0;
549
- $nooffiles=0;
550
- $file_path_array=array();
551
- $skip_path_array= array();
552
- $folder_skip_array=array();
553
- $extensions = array();
554
- if($scan_config['type_scan'] == "Custom Scan"){
555
- $file_ext = $scan_config['file_extension'];
556
- if(empty($file_ext)){
557
-
558
- }else{
559
- if(strpos($file_ext,';') !=false){
560
- $extensions = explode(";", $file_ext);
561
- }else{
562
- array_push($extensions, $file_ext);
563
- }
564
- }
565
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
566
-
567
- for($i=0; $i<count($folder_skip_array); $i++){
568
- $pathParts = explode('/', $folder_skip_array[$i]);
569
- $n= sizeof($pathParts)-1;
570
- $folder= $pathParts[$n];
571
- array_push($skip_path_array, $folder);
572
- }
573
- }
574
- foreach ($folder_paths as $value) {
575
- $file_list= list_files($value,100);
576
- foreach ($file_list as $key => $value1) {
577
-
578
- $source_file_path= $value1;
579
-
580
- if(is_dir($source_file_path)){
581
- continue;
582
- }
583
- $source_file_path_for_explode = str_replace('/', '\\', $source_file_path);
584
- $arr= explode('\\', $source_file_path_for_explode);
585
- $theme_path=get_theme_root();
586
- if ($value == $base && ($scan_config['core_scan'] == 1)){
587
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
588
-
589
- }else{
590
- continue;
591
- }
592
- }elseif ($value == WP_PLUGIN_DIR && $arr[count($arr)-1]=='index.php'){
593
- continue;
594
- }elseif ($value == $theme_path && $arr[count($arr)-1]=='index.php'){
595
- continue;
596
- }
597
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
598
- if($scan_config['type_scan'] == "Custom Scan"){
599
- $flag_skip=0;
600
- if (!empty($folder_skip_array)) {
601
- for($q=0; $q<count($skip_path_array); $q++){
602
- if(strpos($source_file_path, $skip_path_array[$q])){
603
- $flag_skip=1;
604
- break;
605
- }
606
- }
607
- }
608
- if($flag_skip == 1){
609
- continue;
610
- }
611
-
612
- if(!empty($extensions)){
613
- if(!in_array($ext, $extensions)){
614
- continue;
615
- }
616
- }
617
- }
618
- if(in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw'))){
619
- continue;
620
- }
621
- $file_count++;
622
- $nooffiles=$nooffiles+1;
623
- $file_path_array[$nooffiles]= $source_file_path;
624
- if($nooffiles>0 && $nooffiles%100==0){
625
- $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
626
- $nooffiles=0;
627
- $file_path_array=array();
628
- }
629
- }
630
- $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
631
- $nooffiles=0;
632
- $file_path_array=array();
633
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
634
- $decoded_scan_status->total_files=$file_count;
635
- $encoded_scan_status=json_encode($decoded_scan_status);
636
- update_option("mo_wpns_scan_status",$encoded_scan_status);
637
- }
638
- }
639
-
640
- function averageFileScanTime($currentFileScanTime,$currentScanFileCount,$averageFileScanTime,$previous_scanned){
641
-
642
- if($previous_scanned!=0 || $currentScanFileCount!=0) {
643
- try {
644
- $totalTime = (float)($averageFileScanTime * $previous_scanned);
645
- $timeDifference = time() - $currentFileScanTime;
646
- $avergaeTimeEachFile = (float)(( $totalTime + $timeDifference )) / (float)(( $previous_scanned + $currentScanFileCount ));
647
-
648
- } catch ( Exception $e ) {
649
- $avergaeTimeEachFile = 0;
650
- }
651
- }else{
652
- $avergaeTimeEachFile = 0;
653
- }
654
- return $avergaeTimeEachFile;
655
- }
656
-
657
- function get_scan_result_parts($mo2f_malware_db_handler=null, $folderpaths=array(), $scan_config, $start_time, $time_limit){
658
- if(!empty($folderpaths)){
659
- if ( in_array( 'curl', get_loaded_extensions() ) ) {
660
- $scanresults=array();
661
- $nooffiles=0;
662
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
663
- $previous_scanned = $decoded_scan_status->files_scanned;
664
- $previous_processed_files=$decoded_scan_status->total_files_processed;
665
- $scan_malware_count = 0;
666
- $repo_issue_count = 0;
667
- $malicious_link_count = 0;
668
- $file_ext = $scan_config['file_extension'];
669
- $host = MoWpnsConstants::$host;
670
- $extensions = array();
671
- $hostname = MoWpnsConstants::$hostname;
672
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
673
- if(empty($file_ext)){
674
- }else{
675
- if(strpos($file_ext,';') !=false){
676
- $extensions = explode(";", $file_ext);
677
- }else{
678
- array_push($extensions, $file_ext);
679
- }
680
- }
681
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
682
- $skip_path_array= array();
683
- for($i=0; $i<count($folder_skip_array); $i++){
684
- $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
685
- $n= sizeof($pathParts)-1;
686
- $folder= $pathParts[$n];
687
- array_push($skip_path_array, $folder);
688
- }
689
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
690
- $currentFileScanTime=time();
691
- $currentScanFileCount=$nooffiles;
692
- $avergaeTimeEachFile=0;//in miliseconds
693
- foreach ($folderpaths as $value) {
694
- $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
695
-
696
- if(!$status){//wp_remote_get
697
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
698
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
699
- $mo_wpns_files_scanned=(0.7*$nooffiles)+$previous_scanned;
700
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
701
- $encoded_scan_status=json_encode($decoded_scan_status);
702
- update_option('mo_wpns_scan_status', $encoded_scan_status);
703
- return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
704
- //time limit close by. Returned status of current scan. Update DB and make next request.
705
- }
706
-
707
- $scanresult=array();
708
- $source_file_path=$value->path;
709
- if(!file_exists($source_file_path)){
710
- $nooffiles++;
711
- continue;
712
- }
713
-
714
- $source_file_path_size = str_replace("\\", "/", $source_file_path);
715
-
716
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
717
- $ext= strtolower($ext);
718
- if(!((filesize($source_file_path_size) < 1048576)) ){
719
- $nooffiles++;
720
- continue;
721
- }
722
- $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
723
- if($extns){
724
- $nooffiles++;
725
- if((0.7*$nooffiles) > 50){
726
- $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
727
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
728
- $encoded_scan_status=json_encode($decoded_scan_status);
729
- update_option('mo_wpns_scan_status', $encoded_scan_status);
730
-
731
- }
732
- }
733
-
734
- $hash_of_file= md5_file($source_file_path);
735
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
736
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
737
- $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
738
- $malware_status = $scanmalware? 0 : 1;
739
-
740
- if(!empty($res) && !$scanmalware ){
741
- }
742
- else{
743
- $flag_update=0;
744
- if((filesize($source_file_path_size) < 1048576) ){
745
- $file_content=file_get_contents($source_file_path);
746
-
747
- if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
748
- $malware_status = 1;
749
- $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
750
- $postdata = array('file' => $cfile);
751
-
752
- $content_type = 'multipart/form-data';
753
- $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
754
- if ($issues) {
755
- $scan_malware_count++;
756
- $scanresult['scan'] = $issues;
757
- $flag_update=1;
758
- }
759
- }else{
760
-
761
- }
762
- }
763
-
764
- if($flag_update == 0){
765
- $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
766
- $repo_status=0;
767
- $link_status=0;
768
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
769
- if(empty($res)){
770
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
771
- }else{
772
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
773
- }
774
- }else{
775
- $infected_files=get_option('mo_wpns_infected_files');
776
- $infected_files++;
777
- update_option('mo_wpns_infected_files', $infected_files);
778
- }
779
- }
780
- if(!empty($scanresult))
781
- $scanresults[$source_file_path]=$scanresult;
782
-
783
- }
784
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
785
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
786
- $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
787
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
788
- $encoded_scan_status=json_encode($decoded_scan_status);
789
- update_option('mo_wpns_scan_status', $encoded_scan_status);
790
-
791
- return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
792
- }else{
793
- return array('message'=>'CURL not installed on the server.');
794
- }
795
- } else {
796
- return array('message'=>'No folder selected for scanning.');
797
- }
798
- }
799
-
800
- function scan_for_ext_link($files_to_scan, $scan_config, $start_time, $time_limit, $reportid){
801
- $mo2f_malware_db_handler = new MoWpnsDB();
802
- $scanresults=array();
803
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
804
- $previous_scanned = $decoded_scan_status->files_scanned;
805
- $currentFileScanTime=time();
806
- $nooffiles=0;
807
- $malicious_link_count=0;
808
- $previous_processed_files=$decoded_scan_status->total_files_processed;
809
- foreach ($files_to_scan as $value) {
810
- $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
811
- if(!$status){//wp_remote_get
812
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
813
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
814
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
815
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
816
- $encoded_scan_status=json_encode($decoded_scan_status);
817
- update_option('mo_wpns_scan_status', $encoded_scan_status);
818
- return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
819
- }
820
- $flag_update=0;
821
- $nooffiles++;
822
- if((0.15*$nooffiles)> 50){// remove get_option
823
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
824
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
825
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
826
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
827
- $encoded_scan_status=json_encode($decoded_scan_status);
828
- update_option('mo_wpns_scan_status', $encoded_scan_status);
829
- }
830
- $source_file_path=$value->path;
831
- if(!file_exists($source_file_path) || filesize($source_file_path) > 5242880){
832
- continue;
833
- }
834
- $hash_of_file= md5_file($source_file_path);
835
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
836
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
837
- $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
838
- $link_status = $extlink? 0 : 1;
839
- if(is_array($datascan)){
840
- $malware_status= $datascan['malware'];
841
- }else{
842
- $malware_status=0;
843
- }
844
-
845
- $scanresult=array();
846
-
847
- $file_content=file_get_contents($source_file_path);
848
- if($scan_config['ext_link_check'] == 1 && $extlink){
849
- $link_status=1;
850
- $elresult= $this->check_external_link($file_content);
851
- if(!empty($elresult)){
852
- $malicious_link_count++;
853
- $flag_update=1;
854
- $scanresult['extl']=$elresult;
855
- }
856
- }
857
-
858
- if($flag_update == 0){
859
- $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
860
- $repo_status=0;
861
-
862
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
863
- $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
864
- $file_already_infected=false;
865
- foreach ($infected_array as $key => $value) {
866
- if($value->filename == $source_file_path){
867
- $file_already_infected=true;
868
- break;
869
- }
870
- }
871
-
872
- if($file_already_infected){
873
-
874
- }elseif(empty($res)){
875
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
876
- }else{
877
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
878
- }
879
- }else{
880
- $infected_files=get_option('mo_wpns_warning_files');
881
- $infected_files++;
882
- update_option('mo_wpns_warning_files', $infected_files);
883
- }
884
- if(!empty($scanresult))
885
- $scanresults[$source_file_path]=$scanresult;
886
- }
887
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
888
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
889
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
890
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
891
- $encoded_scan_status=json_encode($decoded_scan_status);
892
- update_option('mo_wpns_scan_status', $encoded_scan_status);
893
- return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
894
- }
895
-
896
- function scan_with_repo($files_to_scan, $scan_config, $start_time, $time_limit, $reportid, $repo_file_path){
897
- $mo2f_malware_db_handler = new MoWpnsDB();
898
- $scanresults=array();
899
- $default_themes = array('twentynineteen', 'twentyseventeen', 'twentysixteen', 'twentytwenty');
900
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
901
- $previous_scanned = $decoded_scan_status->files_scanned;
902
- $previous_processed_files=$decoded_scan_status->total_files_processed;
903
- $nooffiles=0;
904
- $repo_issue_count=0;
905
- $currentFileScanTime=time();
906
- foreach ($files_to_scan as $value) {
907
- $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
908
- if(!$status){//wp_remote_get
909
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
910
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
911
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
912
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
913
- $encoded_scan_status=json_encode($decoded_scan_status);
914
- update_option('mo_wpns_scan_status', $encoded_scan_status);
915
- return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
916
- //time limit close by. Returned status of current scan. Update DB and make next request.
917
- }
918
- $flag_update=0;
919
- $nooffiles++;
920
- if((0.15*$nooffiles) > 50){
921
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
922
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
923
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
924
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
925
- $encoded_scan_status=json_encode($decoded_scan_status);
926
- update_option('mo_wpns_scan_status', $encoded_scan_status);
927
- }
928
- $source_file_path=$value->path;
929
- if(!file_exists($source_file_path) || filesize($source_file_path) > 5242880){//5MB size limit
930
- continue;
931
- }
932
- $hash_of_file= md5_file($source_file_path);
933
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
934
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
935
- $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
936
- $repo_status = $repocheck? 0 : 1;
937
- if(is_array($datascan)){
938
- $malware_status = $datascan['malware'];
939
- $link_status = $datascan['ext_link'];
940
- }else{
941
- $malware_status=0;
942
- $link_status=0;
943
- }
944
- $scanresult=array();
945
-
946
- if($repocheck){
947
- $file_content=file_get_contents($source_file_path);
948
- $file_path_slash_correction = str_replace('/', '\\', $source_file_path);
949
- $source_file_path_array=explode("\\", $file_path_slash_correction);
950
- $theme_flag=0;
951
- foreach ($default_themes as $theme_key) {
952
- if(in_array($theme_key, $source_file_path_array)){
953
- $theme_flag=1;
954
- break;
955
- }
956
- }
957
- if($theme_flag){
958
- continue;
959
- }
960
- if(in_array('wp-content', $source_file_path_array) && !in_array('plugins', $source_file_path_array) && !in_array('themes', $source_file_path_array)){
961
- continue;
962
- }
963
- $repo_file_to_check=$repo_file_path;
964
- $path_flag=0;
965
- $path_key= array('wp-admin', 'wp-includes', 'plugins', 'themes');
966
- foreach ($path_key as $paths_key) {
967
- if(in_array($paths_key, $source_file_path_array)){
968
- $index= array_search($paths_key, $source_file_path_array);
969
- if($paths_key == 'wp-admin' || $paths_key == 'wp-includes'){
970
- $wordpress_name = get_option('downloaded_wordpress_repo_name');
971
- $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name;
972
- }
973
- for($i=$index; $i<sizeof($source_file_path_array); $i++){
974
- $repo_file_to_check.=DIRECTORY_SEPARATOR.$source_file_path_array[$i];
975
- }
976
- $path_flag=1;
977
-
978
- break;
979
- }
980
- }
981
- if($path_flag == 0){
982
- $last_index=sizeof($source_file_path_array)-1;
983
- $wordpress_name = get_option('downloaded_wordpress_repo_name');
984
- $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name.DIRECTORY_SEPARATOR.$source_file_path_array[$last_index];
985
- }
986
- $repo_status=1;
987
- $issues = $this->check_with_repo_files($file_content, $repo_file_to_check);
988
- if(!empty($issues)){
989
- $repo_issue_count++;
990
- $scanresult['repo']=$issues;
991
- $flag_update=1;
992
- }
993
- }
994
-
995
- if($flag_update == 0){
996
- $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
997
-
998
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
999
- $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
1000
- $file_already_infected=false;
1001
- foreach ($infected_array as $key => $value) {
1002
- if($value->filename == $source_file_path){
1003
- $file_already_infected=true;
1004
- break;
1005
- }
1006
- }
1007
-
1008
- if($file_already_infected){
1009
-
1010
- }elseif(empty($res)){
1011
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
1012
- }else{
1013
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
1014
- }
1015
- }else{
1016
- $infected_files=get_option('mo_wpns_warning_files');
1017
- $infected_files++;
1018
- if(!empty($res)){
1019
- $mo2f_malware_db_handler->delete_hash($source_file_path);
1020
- }
1021
- update_option('mo_wpns_warning_files', $infected_files);
1022
- }
1023
- if(!empty($scanresult))
1024
- $scanresults[$source_file_path]=$scanresult;
1025
- }
1026
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
1027
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
1028
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
1029
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
1030
- $encoded_scan_status=json_encode($decoded_scan_status);
1031
- update_option('mo_wpns_scan_status', $encoded_scan_status);
1032
- return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
1033
- }
1034
-
1035
- function check_exec_limit($start_time, $time_limit){
1036
- if($time_limit == 0){
1037
- return true;
1038
- }else{
1039
- $time_remaining= $time_limit - (time()-$start_time);
1040
- if($time_remaining > 10){
1041
- return true;
1042
- }else{
1043
- return false;
1044
- }
1045
- }
1046
- }
1047
-
1048
- }
1049
- new Mo_wpns_Scan_Handler_Cron;
1050
  ?>
1
+ <?php
2
+
3
+ class Mo_wpns_Scan_Handler_Cron{
4
+ private $total_files_to_scan;
5
+ public $scanned_files = array();
6
+ function __construct(){
7
+
8
+ }
9
+
10
+ function mo2f_scan_all_files($scan_config, $start_time){
11
+ ini_set('memory_limit', '-1');
12
+ ini_set('max_execution_time', 0);
13
+ $time_limit= ini_get('max_execution_time');
14
+
15
+ $result = array();
16
+ $folderpaths = array();
17
+ $wp_repo_file = array();
18
+ $folderNames = "";
19
+ $repo_check_status_code=0;
20
+ update_option('mo_stop_scan','0');
21
+ $base = get_home_path();
22
+ $hostname = 'wordpress.org';
23
+ $uploads_dir = wp_upload_dir();
24
+ $uploads_path= $uploads_dir['basedir'];
25
+ if (!is_writable($uploads_path)) {
26
+ $scan_config['check_repo'] = 0;
27
+ $repo_check_status_code = -97;
28
+ }else{
29
+ $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
30
+ if (!$wordpress_server_status) {
31
+ $scan_config['check_repo'] = 0;
32
+ $repo_check_status_code = -98;
33
+ }
34
+ }
35
+
36
+ if($scan_config['core_scan'] == 1){
37
+ $folderpaths['base'] = $base;
38
+ $folderNames .= "WP Files;";
39
+ }
40
+ if($scan_config['plugin_scan'] == 1){
41
+ $folderpaths['plugins'] = WP_PLUGIN_DIR;
42
+ $folderNames .= "Plugins;";
43
+ }
44
+ if($scan_config['theme_scan'] == 1){
45
+ $folderpaths['themes'] = get_theme_root();
46
+ $folderNames .= "Themes;";
47
+ }
48
+ if($scan_config['check_repo'] == 1){
49
+ $folderNames .= "WP Repo Files;";
50
+ }
51
+
52
+ $this->count_total_files($folderpaths, $base, $scan_config);
53
+ update_option('mo2f_repo_status', $repo_check_status_code);
54
+
55
+ $mo2f_malware_db_handler = new MoWpnsDB();
56
+ $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $start_time, $repo_check_status_code);
57
+ update_option('mo2f_report_id', $reportid);
58
+
59
+ $scanverification=$this->createKeyCurrentScan($scan_config['type_scan'],$reportid);
60
+
61
+ $response=$this->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
62
+
63
+ wp_send_json('success');
64
+ }
65
+
66
+ function createKeyCurrentScan($scan_mode,$reportid){
67
+
68
+ $scanverification=md5($scan_mode. MO2f_Utility::random_str(24).$reportid);
69
+ update_option("mo2f_scanverification",$scanverification);
70
+ return $scanverification;
71
+ }
72
+
73
+ function mo2f_wp_remote_get($scan_mode, $reportid, $scanverification,$scan_stage_complete=1){
74
+ //set time out based on time left or 10 secs
75
+
76
+ $scan_nonce=rand(10,100000);
77
+ $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
78
+ $url = get_site_url()."?scan_request=1"."&scanverification=".$scanverification."&reportid=".$reportid."&scan_stage_complete=".$scan_stage_complete."&scan_mode=".$scan_mode."&scan_nonce=".$scan_nonce;//scanverification,report_id, scan_stage_complete and scan_mode
79
+
80
+ $args = array(
81
+ 'method' => 'GET',
82
+ 'body' => '',
83
+ 'timeout' => '5',
84
+ 'redirection' => '5',
85
+ 'httpversion' => '1.0',
86
+ 'blocking' => true,
87
+ 'headers' => $http_header_array
88
+ );
89
+ $response= wp_remote_get($url,$args);
90
+
91
+ }
92
+
93
+ function mo2f_download_core_wp($repo_file_path, $scan_config, $reportid, $scanverification){
94
+ $repo_check_status = $scan_config['check_repo'];
95
+ $repo_check_status_code=get_option('mo2f_repo_status');
96
+ $wp_repo_file=get_option('mo2f_repo_path');
97
+ if ( ! function_exists( 'get_plugins' ) ) {
98
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
99
+ }
100
+ if ( ! function_exists( 'plugins_api' ) ) {
101
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
102
+ }
103
+
104
+ if($scan_config['core_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
105
+ if(!is_dir($repo_file_path)){
106
+ mkdir($repo_file_path);
107
+ }
108
+ $download_status=time();
109
+ $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
110
+ $decoded_scan_configuration->status_download_time=$download_status;
111
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
112
+ update_option("mo_wpns_scan_status",$encoded_scan_configuration);
113
+ require(ABSPATH . 'wp-includes/version.php');
114
+ //wordpress name to be changed to be changed based on version
115
+ $zip_name="wp-".$wp_version;
116
+ $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
117
+ update_option('downloaded_wordpress_repo_name', $zip_name);
118
+ if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
119
+ $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
120
+ if($result === -99){
121
+ $scan_config['check_repo'] = 0;
122
+ $repo_check_status_code = -99;
123
+ }else if(!$result){
124
+ $scan_config['check_repo'] = 0;
125
+ $repo_check_status_code = -100;
126
+ }
127
+ }
128
+ }
129
+
130
+ if($repo_check_status != $scan_config['check_repo']){
131
+ update_option('mo2f_repo_status', $repo_check_status_code);
132
+ $scan_stage_complete=6;
133
+ }else{
134
+ update_option('mo2f_repo_path', $wp_repo_file);
135
+ $scan_stage_complete=6;
136
+ }
137
+
138
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
139
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
140
+
141
+ }
142
+
143
+ function mo2f_download_plugins_wp($repo_file_path, $scan_config, $start_time, $time_limit, $reportid, $scanverification){
144
+ $repo_check_status = $scan_config['check_repo'];
145
+ $repo_check_status_code=get_option('mo2f_repo_status');
146
+ $flag=0;
147
+ $wp_repo_file=array();
148
+ if ( ! function_exists( 'get_plugins' ) ) {
149
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
150
+ }
151
+ if ( ! function_exists( 'plugins_api' ) ) {
152
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
153
+ }
154
+
155
+ if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
156
+ if(!is_dir($repo_file_path)){
157
+ mkdir($repo_file_path);
158
+ }
159
+ $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
160
+ if(!is_dir($wp_plugin_repo_file)){
161
+ mkdir($wp_plugin_repo_file);
162
+ }
163
+ $download_status=time();
164
+ $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
165
+ $decoded_scan_configuration->status_download_time=$download_status;
166
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
167
+ update_option("mo_wpns_scan_status",$encoded_scan_configuration);
168
+ $wp_repo_file['plugins']=$wp_plugin_repo_file;
169
+ $plugin_list=get_site_transient( 'update_plugins' );
170
+ $all_plugins=array();
171
+ foreach ($plugin_list as $key => $value) {
172
+ if($key=='response'||$key=='no_update'){
173
+ foreach ($value as $ke => $val) {
174
+ $all_plugins[$ke] = $val;
175
+ }
176
+ }
177
+ }
178
+ $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins', $start_time, $time_limit,$scan_config,$reportid, $scanverification);
179
+ if($result === -99){
180
+ $scan_config['check_repo'] = 0;
181
+ $repo_check_status_code = -99;
182
+ }else if(!$result){
183
+ $scan_config['check_repo'] = 0;
184
+ $repo_check_status_code = -100;
185
+ }else if($result === 'incomplete'){
186
+ $flag=1;
187
+ }
188
+ }
189
+ if($repo_check_status != $scan_config['check_repo']){
190
+ update_option('mo2f_repo_status', $repo_check_status_code);
191
+ $scan_stage_complete=6;
192
+ }else{
193
+ if($flag == 1){
194
+ $scan_stage_complete=3;
195
+ }else{
196
+ update_option('mo2f_repo_path', $wp_repo_file);
197
+ update_option('mo2f_download_done',0);
198
+ $scan_stage_complete=4;
199
+ }
200
+ }
201
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
202
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
203
+
204
+ }
205
+
206
+ function mo2f_download_themes_wp($repo_file_path, $scan_config, $start_time, $time_limit,$reportid, $scanverification){
207
+ $repo_check_status = $scan_config['check_repo'];
208
+ $repo_check_status_code=get_option('mo2f_repo_status');
209
+ $flag=0;
210
+ $wp_repo_file=get_option('mo2f_repo_path');
211
+ if ( ! function_exists( 'get_plugins' ) ) {
212
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
213
+ }
214
+ if ( ! function_exists( 'plugins_api' ) ) {
215
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
216
+ }
217
+
218
+ if($scan_config['theme_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
219
+ if(!is_dir($repo_file_path)){
220
+ mkdir($repo_file_path);
221
+ }
222
+ $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
223
+ if(!is_dir($wp_theme_repo_file)){
224
+ mkdir($wp_theme_repo_file);
225
+ }
226
+ $download_status=time();
227
+ $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
228
+ $decoded_scan_configuration->status_download_time=$download_status;
229
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
230
+ update_option("mo_wpns_scan_status",$encoded_scan_configuration);
231
+ $wp_repo_file['themes']=$wp_theme_repo_file;
232
+ $all_themes=get_site_transient( 'update_themes' )->checked;
233
+ $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes', $start_time, $time_limit,$scan_config,$reportid,$scanverification);
234
+ if($result === -99){
235
+ $scan_config['check_repo'] = 0;
236
+ $repo_check_status_code = -99;
237
+ }else if(!$result){
238
+ $scan_config['check_repo'] = 0;
239
+ $repo_check_status_code = -100;
240
+ }else if($result === 'incomplete'){
241
+ $flag=1;
242
+ }
243
+ }
244
+ if($repo_check_status != $scan_config['check_repo']){
245
+ update_option('mo2f_repo_status', $repo_check_status_code);
246
+ $scan_stage_complete=6;
247
+ }else{
248
+ if($flag == 1){
249
+ $scan_stage_complete=4;
250
+
251
+ }else{
252
+ update_option('mo2f_repo_path', $wp_repo_file);
253
+ update_option('mo2f_download_done',0);
254
+ $scan_stage_complete=5;
255
+ }
256
+ }
257
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
258
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
259
+ }
260
+
261
+ function iterator_plugins_themes($themes_or_plugins, $path, $type='', $start_time, $time_limit, $scan_config,$reportid, $scanverification){
262
+ $downloaded_already= get_option('mo2f_download_done');
263
+ if($downloaded_already == false){
264
+ $downloaded_already=0;
265
+ }
266
+ $i=0;
267
+ foreach($themes_or_plugins as $key => $data){
268
+ $i++;
269
+ $exec_status= $this->check_exec_limit($start_time, $time_limit);
270
+ if(! $exec_status){//wp_remote_get
271
+ update_option('mo2f_download_done', $i-1);
272
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
273
+ if($type=='plugins'){
274
+ $scan_stage_complete=3;
275
+ }else if($type=='themes'){
276
+ $scan_stage_complete=4;
277
+ }
278
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
279
+ return 'incomplete';
280
+ }
281
+ if($i <= $downloaded_already){
282
+ continue;
283
+ }
284
+ if($type=='plugins'){
285
+ if(! file_exists(WP_PLUGIN_DIR.DIRECTORY_SEPARATOR.$data->plugin)){
286
+ continue;
287
+ }
288
+ $plugin_slug=$data->slug;
289
+ $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
290
+ $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
291
+ $plugin_version=$plugin_data['Version'];
292
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
293
+ $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
294
+ if($result === -99){
295
+ return -99;
296
+ }else if(!$result){
297
+ return false;
298
+ }
299
+ }
300
+ } else if($type=='themes'){
301
+ $installed_themes = wp_get_themes();
302
+ $flag_theme=0;
303
+ foreach ($installed_themes as $theme_name => $attributes) {
304
+ if($key == $theme_name){
305
+ $flag_theme=1;
306
+ break;
307
+ }
308
+ }
309
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$key) && $flag_theme == 1){
310
+ $result= $this->download_repo($key, $data, $path, $type);
311
+ if($result === -99){
312
+ return -99;
313
+ }else if(!$result){
314
+ return false;
315
+ }
316
+ }
317
+ }
318
+ }
319
+ return true;
320
+ }
321
+
322
+ function download_repo($zip_name, $version, $path, $type=''){
323
+ if ($type=='plugins') {
324
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
325
+ $plugin_name=$zip_name.'.'.$version;
326
+
327
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
328
+ if( $download_result){
329
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
330
+ return $result;
331
+ }else {
332
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
333
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
334
+ if( $download_result){
335
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
336
+ return $result;
337
+ }else {
338
+ error_log("Unable to download Plugin: ".$plugin_name);
339
+ return -99;
340
+ }
341
+ return -99;
342
+ }
343
+ } else if($type=='themes'){
344
+ $theme_name=$zip_name.'.'.$version;
345
+ $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
346
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
347
+ if( $download_result){
348
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
349
+ return $result;
350
+ }else {
351
+ $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
352
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
353
+ if( $download_result){
354
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
355
+ return $result;
356
+ }else {
357
+ error_log("Unable to download Theme: ".$theme_name);
358
+ return -99;
359
+ }
360
+ return -99;
361
+ }
362
+ } else {
363
+ $download_link="https://wordpress.org/wordpress-".$version.".zip";
364
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
365
+ if($download_result){
366
+ $result=$this->unzip_downloaded_repo($zip_name, $path);
367
+ return $result;
368
+ } else {
369
+ error_log("Unable to download wordpress-".$version);
370
+ return -99;
371
+ }
372
+ }
373
+ return false;
374
+ }
375
+
376
+ function unzip_downloaded_repo($name, $path){
377
+ $zip = new ZipArchive;
378
+ $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
379
+ $res = $zip->open($folder_path);
380
+ if ($res === TRUE) {
381
+ // extract it to the path we determined above
382
+ $result = $zip->extractTo($path);
383
+ $zip->close();
384
+ if ($name == get_option('downloaded_wordpress_repo_name')) {
385
+ rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
386
+ }
387
+ unlink($folder_path);
388
+ return true;
389
+ } else {
390
+ return false;
391
+ }
392
+ }
393
+
394
+ function mo_wpns_check_malware_server_status($host){
395
+ $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
396
+ if ( ! $fsock ){
397
+ return FALSE;
398
+ }else{
399
+ fclose($fsock);
400
+ return TRUE;
401
+ }
402
+ }
403
+
404
+ function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
405
+ $response = null;
406
+ $ch=curl_init($host);
407
+ curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
408
+ curl_setopt( $ch, CURLOPT_ENCODING, "" );
409
+ curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
410
+ curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
411
+ curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
412
+ curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
413
+ curl_setopt( $ch, CURLOPT_POST, true );
414
+ curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
415
+ curl_setopt($ch, CURLOPT_TIMEOUT, 5);
416
+ $results=curl_exec($ch);
417
+ curl_close($ch);
418
+ if($results==false){
419
+
420
+ }else{
421
+ $result = json_decode($results, true);
422
+ if(isset($result['status'])){
423
+ if ($result['status'] == 'success') {
424
+ if($result['result']!='OK')
425
+ $response = $result['result'];
426
+ }else if($result['status']=='error'){
427
+ error_log("Exception on server");
428
+ }
429
+ }else if(strpos($results, 'Summary')){
430
+
431
+ }else{
432
+ error_log("Any other issues on server");
433
+ }
434
+ }
435
+ return $response;
436
+ }
437
+
438
+ function check_with_repo_files($file_content, $repo_file_path){
439
+ $issues = array();
440
+ if(file_exists($repo_file_path)){
441
+ $content=@file_get_contents($repo_file_path);
442
+ $hash_repo = md5($content);
443
+ $hash_file = md5($file_content);
444
+ if ($hash_file != $hash_repo) {
445
+ $flag=1;
446
+ $issues=array("exist" => "Mismatch in Files");
447
+ }
448
+ } else {
449
+ $issues=array('exist'=>'Unwanted File Found');
450
+ }
451
+ return $issues;
452
+ }
453
+
454
+ function getlines($contents, $href){
455
+ $newissues = 0;
456
+ $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
457
+ for($i=0; $i<count($lines); $i++){
458
+ $line = $lines[$i];
459
+ if (strpos($line, $href) !== false) {
460
+ $newissues = $i+1;
461
+ }
462
+ }
463
+ return $newissues;
464
+ }
465
+
466
+ function check_external_link($contents){
467
+ $issues = array();
468
+ $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
469
+ if(isset($hrefs[1])){
470
+ foreach($hrefs[1] as $href){
471
+ if($this->isexternal($href)){
472
+ $line=$this->getlines($contents, $href);
473
+ $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
474
+ }
475
+ }
476
+ }
477
+ return $issues;
478
+ }
479
+
480
+ function isexternal($url) {
481
+ $url = trim($url);
482
+ $url = trim($url,';');
483
+ $url = trim($url,'(');
484
+ $url = trim($url,')');
485
+ $url = trim($url,"'");
486
+ $url = trim($url,'"');
487
+ $components = parse_url($url);
488
+ if(isset($components['host'])){
489
+ if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot|php.net)/i', $components['host']) === 1) {}
490
+ else{
491
+ if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
492
+ return true;
493
+ }
494
+ }
495
+ }
496
+ return false;
497
+ }
498
+
499
+ function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
500
+
501
+ $flag = 1;
502
+ $argument = "";
503
+ $line = "";
504
+ $issue = array();
505
+ for($j=$start; $j< sizeof($tokens); $j++) {
506
+ $innertoken = $tokens[$j];
507
+ if ($flag==1 && is_array($innertoken)) {
508
+ $argument .= $innertoken[1];
509
+ if(empty($line))
510
+ $line = $innertoken[2];
511
+ } else if($innertoken==";"){
512
+ $argument .= ";";
513
+ if($checkForExternalLink){
514
+ if($this->isexternal($argument)){
515
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
516
+ }
517
+ } else {
518
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
519
+ }
520
+ break;
521
+ } else if($flag==1){
522
+ $argument .= $innertoken;
523
+ }
524
+ }
525
+ return $issue;
526
+ }
527
+
528
+ function remove_dir($repo_path){
529
+ $dir=$repo_path;
530
+ $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
531
+ $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
532
+ foreach($files as $file) {
533
+ if ($file->isDir()){
534
+ rmdir($file->getPathname());
535
+ } else {
536
+ unlink($file->getPathname());
537
+ }
538
+ }
539
+ rmdir($dir);
540
+ }
541
+
542
+ function count_total_files($folder_paths, $base, $scan_config){
543
+ if(isset($folder_paths['base'])){
544
+ $temp= $folder_paths['base'];
545
+ $folder_paths = array('base' => $temp);
546
+ }
547
+ $mo2f_malware_db_handler = new MoWpnsDB();
548
+ $file_count=0;
549
+ $nooffiles=0;
550
+ $file_path_array=array();
551
+ $skip_path_array= array();
552
+ $folder_skip_array=array();
553
+ $extensions = array();
554
+ if($scan_config['type_scan'] == "Custom Scan"){
555
+ $file_ext = $scan_config['file_extension'];
556
+ if(empty($file_ext)){
557
+
558
+ }else{
559
+ if(strpos($file_ext,';') !=false){
560
+ $extensions = explode(";", $file_ext);
561
+ }else{
562
+ array_push($extensions, $file_ext);
563
+ }
564
+ }
565
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
566
+
567
+ for($i=0; $i<count($folder_skip_array); $i++){
568
+ $pathParts = explode('/', $folder_skip_array[$i]);
569
+ $n= sizeof($pathParts)-1;
570
+ $folder= $pathParts[$n];
571
+ array_push($skip_path_array, $folder);
572
+ }
573
+ }
574
+ foreach ($folder_paths as $value) {
575
+ $file_list= list_files($value,100);
576
+ foreach ($file_list as $key => $value1) {
577
+
578
+ $source_file_path= $value1;
579
+
580
+ if(is_dir($source_file_path)){
581
+ continue;
582
+ }
583
+ $source_file_path_for_explode = str_replace('/', '\\', $source_file_path);
584
+ $arr= explode('\\', $source_file_path_for_explode);
585
+ $theme_path=get_theme_root();
586
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
587
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
588
+
589
+ }else{
590
+ continue;
591
+ }
592
+ }elseif ($value == WP_PLUGIN_DIR && $arr[count($arr)-1]=='index.php'){
593
+ continue;
594
+ }elseif ($value == $theme_path && $arr[count($arr)-1]=='index.php'){
595
+ continue;
596
+ }
597
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
598
+ if($scan_config['type_scan'] == "Custom Scan"){
599
+ $flag_skip=0;
600
+ if (!empty($folder_skip_array)) {
601
+ for($q=0; $q<count($skip_path_array); $q++){
602
+ if(strpos($source_file_path, $skip_path_array[$q])){
603
+ $flag_skip=1;
604
+ break;
605
+ }
606
+ }
607
+ }
608
+ if($flag_skip == 1){
609
+ continue;
610
+ }
611
+
612
+ if(!empty($extensions)){
613
+ if(!in_array($ext, $extensions)){
614
+ continue;
615
+ }
616
+ }
617
+ }
618
+ if(in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw'))){
619
+ continue;
620
+ }
621
+ $file_count++;
622
+ $nooffiles=$nooffiles+1;
623
+ $file_path_array[$nooffiles]= $source_file_path;
624
+ if($nooffiles>0 && $nooffiles%100==0){
625
+ $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
626
+ $nooffiles=0;
627
+ $file_path_array=array();
628
+ }
629
+ }
630
+ $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
631
+ $nooffiles=0;
632
+ $file_path_array=array();
633
+ $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
634
+ $decoded_scan_status->total_files=$file_count;
635
+ $encoded_scan_status=json_encode($decoded_scan_status);
636
+ update_option("mo_wpns_scan_status",$encoded_scan_status);
637
+ }
638
+ }
639
+
640
+ function averageFileScanTime($currentFileScanTime,$currentScanFileCount,$averageFileScanTime,$previous_scanned){
641
+
642
+ if($previous_scanned!=0 || $currentScanFileCount!=0) {
643
+ try {
644
+ $totalTime = (float)($averageFileScanTime * $previous_scanned);
645
+ $timeDifference = time() - $currentFileScanTime;
646
+ $avergaeTimeEachFile = (float)(( $totalTime + $timeDifference )) / (float)(( $previous_scanned + $currentScanFileCount ));
647
+
648
+ } catch ( Exception $e ) {
649
+ $avergaeTimeEachFile = 0;
650
+ }
651
+ }else{
652
+ $avergaeTimeEachFile = 0;
653
+ }
654
+ return $avergaeTimeEachFile;
655
+ }
656
+
657
+ function get_scan_result_parts($mo2f_malware_db_handler=null, $folderpaths=array(), $scan_config, $start_time, $time_limit){
658
+ if(!empty($folderpaths)){
659
+ if ( in_array( 'curl', get_loaded_extensions() ) ) {
660
+ $scanresults=array();
661
+ $nooffiles=0;
662
+ $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
663
+ $previous_scanned = $decoded_scan_status->files_scanned;
664
+ $previous_processed_files=$decoded_scan_status->total_files_processed;
665
+ $scan_malware_count = 0;
666
+ $repo_issue_count = 0;
667
+ $malicious_link_count = 0;
668
+ $file_ext = $scan_config['file_extension'];
669
+ $host = MoWpnsConstants::$host;
670
+ $extensions = array();
671
+ $hostname = MoWpnsConstants::$hostname;
672
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
673
+ if(empty($file_ext)){
674
+ }else{
675
+ if(strpos($file_ext,';') !=false){
676
+ $extensions = explode(";", $file_ext);
677
+ }else{
678
+ array_push($extensions, $file_ext);
679
+ }
680
+ }
681
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
682
+ $skip_path_array= array();
683
+ for($i=0; $i<count($folder_skip_array); $i++){
684
+ $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
685
+ $n= sizeof($pathParts)-1;
686
+ $folder= $pathParts[$n];
687
+ array_push($skip_path_array, $folder);
688
+ }
689
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
690
+ $currentFileScanTime=time();
691
+ $currentScanFileCount=$nooffiles;
692
+ $avergaeTimeEachFile=0;//in miliseconds
693
+ foreach ($folderpaths as $value) {
694
+ $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
695
+
696
+ if(!$status){//wp_remote_get
697
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
698
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
699
+ $mo_wpns_files_scanned=(0.7*$nooffiles)+$previous_scanned;
700
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
701
+ $encoded_scan_status=json_encode($decoded_scan_status);
702
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
703
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
704
+ //time limit close by. Returned status of current scan. Update DB and make next request.
705
+ }
706
+
707
+ $scanresult=array();
708
+ $source_file_path=$value->path;
709
+ if(!file_exists($source_file_path)){
710
+ $nooffiles++;
711
+ continue;
712
+ }
713
+
714
+ $source_file_path_size = str_replace("\\", "/", $source_file_path);
715
+
716
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
717
+ $ext= strtolower($ext);
718
+ if(!((filesize($source_file_path_size) < 1048576)) ){
719
+ $nooffiles++;
720
+ continue;
721
+ }
722
+ $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
723
+ if($extns){
724
+ $nooffiles++;
725
+ if((0.7*$nooffiles) > 50){
726
+ $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
727
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
728
+ $encoded_scan_status=json_encode($decoded_scan_status);
729
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
730
+
731
+ }
732
+ }
733
+
734
+ $hash_of_file= md5_file($source_file_path);
735
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
736
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
737
+ $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
738
+ $malware_status = $scanmalware? 0 : 1;
739
+
740
+ if(!empty($res) && !$scanmalware ){
741
+ }
742
+ else{
743
+ $flag_update=0;
744
+ if((filesize($source_file_path_size) < 1048576) ){
745
+ $file_content=file_get_contents($source_file_path);
746
+
747
+ if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
748
+ $malware_status = 1;
749
+ $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
750
+ $postdata = array('file' => $cfile);
751
+
752
+ $content_type = 'multipart/form-data';
753
+ $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
754
+ if ($issues) {
755
+ $scan_malware_count++;
756
+ $scanresult['scan'] = $issues;
757
+ $flag_update=1;
758
+ }
759
+ }else{
760
+
761
+ }
762
+ }
763
+
764
+ if($flag_update == 0){
765
+ $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
766
+ $repo_status=0;
767
+ $link_status=0;
768
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
769
+ if(empty($res)){
770
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
771
+ }else{
772
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
773
+ }
774
+ }else{
775
+ $infected_files=get_option('mo_wpns_infected_files');
776
+ $infected_files++;
777
+ update_option('mo_wpns_infected_files', $infected_files);
778
+ }
779
+ }
780
+ if(!empty($scanresult))
781
+ $scanresults[$source_file_path]=$scanresult;
782
+
783
+ }
784
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
785
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
786
+ $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
787
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
788
+ $encoded_scan_status=json_encode($decoded_scan_status);
789
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
790
+
791
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
792
+ }else{
793
+ return array('message'=>'CURL not installed on the server.');
794
+ }
795
+ } else {
796
+ return array('message'=>'No folder selected for scanning.');
797
+ }
798
+ }
799
+
800
+ function scan_for_ext_link($files_to_scan, $scan_config, $start_time, $time_limit, $reportid){
801
+ $mo2f_malware_db_handler = new MoWpnsDB();
802
+ $scanresults=array();
803
+ $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
804
+ $previous_scanned = $decoded_scan_status->files_scanned;
805
+ $currentFileScanTime=time();
806
+ $nooffiles=0;
807
+ $malicious_link_count=0;
808
+ $previous_processed_files=$decoded_scan_status->total_files_processed;
809
+ foreach ($files_to_scan as $value) {
810
+ $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
811
+ if(!$status){//wp_remote_get
812
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
813
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
814
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
815
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
816
+ $encoded_scan_status=json_encode($decoded_scan_status);
817
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
818
+ return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
819
+ }
820
+ $flag_update=0;
821
+ $nooffiles++;
822
+ if((0.15*$nooffiles)> 50){// remove get_option
823
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
824
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
825
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
826
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
827
+ $encoded_scan_status=json_encode($decoded_scan_status);
828
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
829
+ }
830
+ $source_file_path=$value->path;
831
+ if(!file_exists($source_file_path) || filesize($source_file_path) > 5242880){
832
+ continue;
833
+ }
834
+ $hash_of_file= md5_file($source_file_path);
835
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
836
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
837
+ $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
838
+ $link_status = $extlink? 0 : 1;
839
+ if(is_array($datascan)){
840
+ $malware_status= $datascan['malware'];
841
+ }else{
842
+ $malware_status=0;
843
+ }
844
+
845
+ $scanresult=array();
846
+
847
+ $file_content=file_get_contents($source_file_path);
848
+ if($scan_config['ext_link_check'] == 1 && $extlink){
849
+ $link_status=1;
850
+ $elresult= $this->check_external_link($file_content);
851
+ if(!empty($elresult)){
852
+ $malicious_link_count++;
853
+ $flag_update=1;
854
+ $scanresult['extl']=$elresult;
855
+ }
856
+ }
857
+
858
+ if($flag_update == 0){
859
+ $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
860
+ $repo_status=0;
861
+
862
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
863
+ $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
864
+ $file_already_infected=false;
865
+ foreach ($infected_array as $key => $value) {
866
+ if($value->filename == $source_file_path){
867
+ $file_already_infected=true;
868
+ break;
869
+ }
870
+ }
871
+
872
+ if($file_already_infected){
873
+
874
+ }elseif(empty($res)){
875
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
876
+ }else{
877
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
878
+ }
879
+ }else{
880
+ $infected_files=get_option('mo_wpns_warning_files');
881
+ $infected_files++;
882
+ update_option('mo_wpns_warning_files', $infected_files);
883
+ }
884
+ if(!empty($scanresult))
885
+ $scanresults[$source_file_path]=$scanresult;
886
+ }
887
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
888
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
889
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
890
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
891
+ $encoded_scan_status=json_encode($decoded_scan_status);
892
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
893
+ return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
894
+ }
895
+
896
+ function scan_with_repo($files_to_scan, $scan_config, $start_time, $time_limit, $reportid, $repo_file_path){
897
+ $mo2f_malware_db_handler = new MoWpnsDB();
898
+ $scanresults=array();
899
+ $default_themes = array('twentynineteen', 'twentyseventeen', 'twentysixteen', 'twentytwenty');
900
+ $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
901
+ $previous_scanned = $decoded_scan_status->files_scanned;
902
+ $previous_processed_files=$decoded_scan_status->total_files_processed;
903
+ $nooffiles=0;
904
+ $repo_issue_count=0;
905
+ $currentFileScanTime=time();
906
+ foreach ($files_to_scan as $value) {
907
+ $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
908
+ if(!$status){//wp_remote_get
909
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
910
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
911
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
912
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
913
+ $encoded_scan_status=json_encode($decoded_scan_status);
914
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
915
+ return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
916
+ //time limit close by. Returned status of current scan. Update DB and make next request.
917
+ }
918
+ $flag_update=0;
919
+ $nooffiles++;
920
+ if((0.15*$nooffiles) > 50){
921
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
922
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
923
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
924
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
925
+ $encoded_scan_status=json_encode($decoded_scan_status);
926
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
927
+ }
928
+ $source_file_path=$value->path;
929
+ if(!file_exists($source_file_path) || filesize($source_file_path) > 5242880){//5MB size limit
930
+ continue;
931
+ }
932
+ $hash_of_file= md5_file($source_file_path);
933
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
934
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
935
+ $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
936
+ $repo_status = $repocheck? 0 : 1;
937
+ if(is_array($datascan)){
938
+ $malware_status = $datascan['malware'];
939
+ $link_status = $datascan['ext_link'];
940
+ }else{
941
+ $malware_status=0;
942
+ $link_status=0;
943
+ }
944
+ $scanresult=array();
945
+
946
+ if($repocheck){
947
+ $file_content=file_get_contents($source_file_path);
948
+ $file_path_slash_correction = str_replace('/', '\\', $source_file_path);
949
+ $source_file_path_array=explode("\\", $file_path_slash_correction);
950
+ $theme_flag=0;
951
+ foreach ($default_themes as $theme_key) {
952
+ if(in_array($theme_key, $source_file_path_array)){
953
+ $theme_flag=1;
954
+ break;
955
+ }
956
+ }
957
+ if($theme_flag){
958
+ continue;
959
+ }
960
+ if(in_array('wp-content', $source_file_path_array) && !in_array('plugins', $source_file_path_array) && !in_array('themes', $source_file_path_array)){
961
+ continue;
962
+ }
963
+ $repo_file_to_check=$repo_file_path;
964
+ $path_flag=0;
965
+ $path_key= array('wp-admin', 'wp-includes', 'plugins', 'themes');
966
+ foreach ($path_key as $paths_key) {
967
+ if(in_array($paths_key, $source_file_path_array)){
968
+ $index= array_search($paths_key, $source_file_path_array);
969
+ if($paths_key == 'wp-admin' || $paths_key == 'wp-includes'){
970
+ $wordpress_name = get_option('downloaded_wordpress_repo_name');
971
+ $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name;
972
+ }
973
+ for($i=$index; $i<sizeof($source_file_path_array); $i++){
974
+ $repo_file_to_check.=DIRECTORY_SEPARATOR.$source_file_path_array[$i];
975
+ }
976
+ $path_flag=1;
977
+
978
+ break;
979
+ }
980
+ }
981
+ if($path_flag == 0){
982
+ $last_index=sizeof($source_file_path_array)-1;
983
+ $wordpress_name = get_option('downloaded_wordpress_repo_name');
984
+ $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name.DIRECTORY_SEPARATOR.$source_file_path_array[$last_index];
985
+ }
986
+ $repo_status=1;
987
+ $issues = $this->check_with_repo_files($file_content, $repo_file_to_check);
988
+ if(!empty($issues)){
989
+ $repo_issue_count++;
990
+ $scanresult['repo']=$issues;
991
+ $flag_update=1;
992
+ }
993
+ }
994
+
995
+ if($flag_update == 0){
996
+ $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
997
+
998
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
999
+ $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
1000
+ $file_already_infected=false;
1001
+ foreach ($infected_array as $key => $value) {
1002
+ if($value->filename == $source_file_path){
1003
+ $file_already_infected=true;
1004
+ break;
1005
+ }
1006
+ }
1007
+
1008
+ if($file_already_infected){
1009
+
1010
+ }elseif(empty($res)){
1011
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
1012
+ }else{
1013
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
1014
+ }
1015
+ }else{
1016
+ $infected_files=get_option('mo_wpns_warning_files');
1017
+ $infected_files++;
1018
+ if(!empty($res)){
1019
+ $mo2f_malware_db_handler->delete_hash($source_file_path);
1020
+ }
1021
+ update_option('mo_wpns_warning_files', $infected_files);
1022
+ }
1023
+ if(!empty($scanresult))
1024
+ $scanresults[$source_file_path]=$scanresult;
1025
+ }
1026
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
1027
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
1028
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
1029
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
1030
+ $encoded_scan_status=json_encode($decoded_scan_status);
1031
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
1032
+ return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
1033
+ }
1034
+
1035
+ function check_exec_limit($start_time, $time_limit){
1036
+ if($time_limit == 0){
1037
+ return true;
1038
+ }else{
1039
+ $time_remaining= $time_limit - (time()-$start_time);
1040
+ if($time_remaining > 10){
1041
+ return true;
1042
+ }else{
1043
+ return false;
1044
+ }
1045
+ }
1046
+ }
1047
+
1048
+ }
1049
+ new Mo_wpns_Scan_Handler_Cron;
1050
  ?>
handler/malware_scanner/scanner_set_cron.php CHANGED
@@ -1,260 +1,260 @@
1
- <?php
2
-
3
- class mo2f_scanner_parts
4
- {
5
- function __construct(){
6
- }
7
-
8
-
9
- function check_scan_status(){
10
-
11
- global $wpdb;
12
- $query="SELECT `option_value` from `".$wpdb->base_prefix."options` WHERE `option_name` = 'mo_stop_scan'";
13
- $stop_scan= $wpdb->get_results($query);
14
- $stop_scan_process=$stop_scan[0]->option_value;
15
- if($stop_scan_process=="1") {
16
- $this->mo2f_end_scan();
17
- return "1";
18
- }
19
- else{
20
- return "0";
21
- }
22
- }
23
- function file_cron_scan(){//main cron function
24
-
25
- $scan_request = isset($_GET['scan_request'])? $_GET['scan_request']:false;
26
- if($scan_request) {
27
- $status=$this->check_scan_status();
28
-
29
- if($status){
30
- exit;
31
- //abort
32
- }
33
- ini_set('memory_limit', '-1');
34
- ini_set('max_execution_time', 0);
35
- $scan_mode = isset( $_GET['scan_mode'] ) ? $_GET['scan_mode'] : false;
36
- $scan_stage_complete = isset( $_GET['scan_stage_complete'] ) ? $_GET['scan_stage_complete'] : false;
37
- $reportid = isset( $_GET['reportid'] ) ? $_GET['reportid'] : false;
38
-
39
- $scanverification = isset( $_GET['scanverification'] ) ? $_GET['scanverification'] : false;
40
- $scanverification_code = get_option( "mo2f_scanverification" );
41
- if ( $scanverification != $scanverification_code ) {
42
- error_log( "Request Does not exists" );
43
- exit;
44
- }
45
-
46
- $mo2f_malware_db_handler = new MoWpnsDB();
47
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
48
-
49
- //switch case stage wise
50
- if ( $scan_mode == 'Quick Scan' ) {
51
- $scan_config = MoWpnsConstants::$quick_scan_configuration;
52
- } elseif ( $scan_mode == 'Standard Scan' ) {
53
- $scan_config = MoWpnsConstants::$standard_scan_configuration;
54
- } else {
55
- $scan_config = get_option( 'mo2f_custom_scan_config' );
56
- }
57
-
58
- $repo_status_code = get_option('mo2f_repo_status');
59
- if ( ($scan_config['check_repo'] == 0 || $repo_status_code < 0) && $scan_stage_complete == 3 ) {//repo check not required so scan ended
60
-
61
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
62
- $mo_wpns_files_scanned=$decoded_scan_status->total_files;
63
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
64
- $encoded_scan_status=json_encode($decoded_scan_status);
65
- update_option('mo_wpns_scan_status', $encoded_scan_status);
66
- $this->mo2f_end_scan();
67
- exit;
68
- }
69
-
70
- $uploads_dir = wp_upload_dir();
71
- $uploads_path= $uploads_dir['basedir'];
72
- $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
73
- $current_time = time();
74
- $time_limit = ini_get( 'max_execution_time' );
75
- usleep(10000);//10miliseconds
76
- switch ( $scan_stage_complete ) {
77
- case 1:
78
- $this->mo2f_scan_with_service( $scan_config, $reportid, $scanverification);
79
- break;
80
- case 2:
81
- $this->mo2f_check_ext_link( $scan_config,$reportid,$scanverification);
82
- break;
83
- case 3:
84
- $mo_wpns_scan_handler->mo2f_download_plugins_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
85
- break;
86
- case 4:
87
- $mo_wpns_scan_handler->mo2f_download_themes_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
88
- break;
89
- case 5:
90
- $mo_wpns_scan_handler->mo2f_download_core_wp( $repo_file_path, $scan_config,$reportid, $scanverification);
91
- break;
92
- case 6:
93
- $this->mo2f_check_with_repo( $scan_config, $repo_file_path,$reportid,$scanverification);
94
- break;
95
- case 7:
96
- $this->mo2f_end_scan();
97
- break;
98
- }
99
- }
100
- }
101
-
102
- function mo2f_scan_with_service($scan_config, $reportid, $scanverification){
103
- $current_time= time();
104
- $mo2f_malware_db_handler = new MoWpnsDB();
105
- $files_to_scan=$mo2f_malware_db_handler->get_files_in_parts();
106
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
107
-
108
- if(empty($files_to_scan)){
109
-
110
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
111
- $scan_malware_count=$last_report[0]->malware_count;
112
- $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
113
-
114
- $hostname = 'scanner.api.xecurify.com';
115
- $malware_server_status = $mo_wpns_scan_handler->mo_wpns_check_malware_server_status($hostname);
116
- if($malware_server_status){
117
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
118
- $postdata = http_build_query(array('fileCount' => $last_scan, 'maliciousCount' => $scan_malware_count));
119
- $content_type = 'application/x-www-form-urlencoded';
120
- $lastRequest = $mo_wpns_scan_handler->mo_wpns_malware_scan_request($postdata, $host, $content_type);
121
- }
122
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
123
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
124
-
125
- }else{//sending next 100 files
126
- $current_time= time();
127
- $time_limit= ini_get('max_execution_time');
128
- $result=$mo_wpns_scan_handler->get_scan_result_parts($mo2f_malware_db_handler, $files_to_scan, $scan_config, $current_time, $time_limit);
129
-
130
- if($result['scan']){
131
- foreach ($result['scan'] as $key => $value) {
132
- $value=array('scan'=>'Premium');
133
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
134
- }
135
- }
136
- $mo2f_malware_db_handler->update_files_scan($files_to_scan, $result['file_count']);
137
-
138
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
139
- $result['file_count']= $last_report[0]->scanned_files + $result['file_count'];
140
- $result['malware_count'] = $last_report[0]->malware_count + $result['malware_count'];
141
- $result['malicious_link'] = 0;
142
- $result['repo_issues'] = $last_report[0]->repo_issues;
143
-
144
- $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
145
-
146
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
147
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
148
-
149
- }
150
- }
151
-
152
- function mo2f_check_ext_link($scan_config, $reportid, $scanverification){
153
- $mo2f_malware_db_handler = new MoWpnsDB();
154
- $files_to_scan=$mo2f_malware_db_handler->get_files_for_link();
155
- $currentFileScanTime=time();
156
-
157
- if(!empty($files_to_scan) && $scan_config['ext_link_check']){
158
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
159
- $current_time= time();
160
- $time_limit= ini_get('max_execution_time');
161
- $response=$mo_wpns_scan_handler->scan_for_ext_link($files_to_scan, $scan_config, $current_time, $time_limit, $reportid);
162
-
163
- if($response['scan']){
164
- foreach ($response['scan'] as $key => $value) {
165
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
166
- }
167
- }
168
- $mo2f_malware_db_handler->update_files_scan_ext_link($files_to_scan, $response['file_count']);
169
-
170
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
171
- $response['file_count']= $last_report[0]->scanned_files;
172
- $response['malware_count'] = $last_report[0]->malware_count;
173
- $response['repo_issues'] = $last_report[0]->repo_issues;
174
- $response['malicious_link'] = $last_report[0]->malicious_links + $response['malicious_link'];
175
-
176
- $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
177
-
178
- $response=$mo_wpns_scan_handler->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
179
- }else{
180
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
181
- $mo_wpns_files_scanned=$decoded_scan_status->total_files;
182
- $decoded_scan_status->files_scanned=0.85*$mo_wpns_files_scanned;
183
- $encoded_scan_status=json_encode($decoded_scan_status);
184
- update_option('mo_wpns_scan_status', $encoded_scan_status);
185
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
186
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 3);
187
-
188
- }
189
- }
190
-
191
- function mo2f_check_with_repo($scan_config, $repo_file_path,$reportid, $scanverification){
192
- $download_status=false;
193
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
194
- $decoded_scan_configuration->status_download_time=$download_status;
195
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
196
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
197
- $mo2f_malware_db_handler = new MoWpnsDB();
198
- $response=array();
199
- $repo_status = get_option('mo2f_repo_status');
200
- if($repo_status != 0){
201
- if($repo_status == -99 || $repo_status == -100){
202
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
203
- if(!empty($last_report)){
204
- $response['file_count']= $last_report[0]->scanned_files;
205
- $response['malware_count'] = $last_report[0]->malware_count;
206
- $response['malicious_link'] = $last_report[0]->malicious_links;
207
- $response['repo_issues']=$repo_status;
208
- $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
209
- }
210
- }
211
- $this->mo2f_end_scan();
212
- exit;
213
- }else{
214
- $files_to_scan=$mo2f_malware_db_handler->get_files_for_repo();
215
- if(empty($files_to_scan)){
216
- $this->mo2f_end_scan();
217
- }else{
218
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
219
- $current_time= time();
220
- $time_limit= ini_get('max_execution_time');
221
- $response=$mo_wpns_scan_handler->scan_with_repo($files_to_scan, $scan_config, $current_time, $time_limit, $reportid, $repo_file_path);
222
-
223
- if($response['scan']){
224
- foreach ($response['scan'] as $key => $value) {
225
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
226
- }
227
- }
228
- $mo2f_malware_db_handler->update_files_scan_repo($files_to_scan, $response['file_count']);
229
-
230
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
231
- $response['file_count']= $last_report[0]->scanned_files;
232
- $response['malware_count'] = $last_report[0]->malware_count;
233
- $response['repo_issues'] = $last_report[0]->repo_issues + $response['repo_issues'];
234
- $response['malicious_link'] = $last_report[0]->malicious_links;
235
-
236
- $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
237
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
238
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 6);
239
- }
240
- }
241
- }
242
-
243
- function mo2f_end_scan(){
244
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
245
- $mo2f_malware_db_handler = new MoWpnsDB();
246
- $uploads_dir = wp_upload_dir();
247
- $uploads_path= $uploads_dir['basedir'];
248
- $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
249
- if(is_dir($repo_file_path)){
250
- $mo_wpns_scan_handler->remove_dir($repo_file_path);
251
- }
252
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
253
- $decoded_scan_configuration->scan_progress="COMPLETE";
254
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
255
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
256
- $mo2f_malware_db_handler->delete_files_parts();
257
-
258
- }
259
-
260
- }new mo2f_scanner_parts;
1
+ <?php
2
+
3
+ class mo2f_scanner_parts
4
+ {
5
+ function __construct(){
6
+ }
7
+
8
+
9
+ function check_scan_status(){
10
+
11
+ global $wpdb;
12
+ $query="SELECT `option_value` from `".$wpdb->base_prefix."options` WHERE `option_name` = 'mo_stop_scan'";
13
+ $stop_scan= $wpdb->get_results($query);
14
+ $stop_scan_process=$stop_scan[0]->option_value;
15
+ if($stop_scan_process=="1") {
16
+ $this->mo2f_end_scan();
17
+ return "1";
18
+ }
19
+ else{
20
+ return "0";
21
+ }
22
+ }
23
+ function file_cron_scan(){//main cron function
24
+
25
+ $scan_request = isset($_GET['scan_request'])? $_GET['scan_request']:false;
26
+ if($scan_request) {
27
+ $status=$this->check_scan_status();
28
+
29
+ if($status){
30
+ exit;
31
+ //abort
32
+ }
33
+ ini_set('memory_limit', '-1');
34
+ ini_set('max_execution_time', 0);
35
+ $scan_mode = isset( $_GET['scan_mode'] ) ? $_GET['scan_mode'] : false;
36
+ $scan_stage_complete = isset( $_GET['scan_stage_complete'] ) ? $_GET['scan_stage_complete'] : false;
37
+ $reportid = isset( $_GET['reportid'] ) ? $_GET['reportid'] : false;
38
+
39
+ $scanverification = isset( $_GET['scanverification'] ) ? $_GET['scanverification'] : false;
40
+ $scanverification_code = get_option( "mo2f_scanverification" );
41
+ if ( $scanverification != $scanverification_code ) {
42
+ error_log( "Request Does not exists" );
43
+ exit;
44
+ }
45
+
46
+ $mo2f_malware_db_handler = new MoWpnsDB();
47
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
48
+
49
+ //switch case stage wise
50
+ if ( $scan_mode == 'Quick Scan' ) {
51
+ $scan_config = MoWpnsConstants::$quick_scan_configuration;
52
+ } elseif ( $scan_mode == 'Standard Scan' ) {
53
+ $scan_config = MoWpnsConstants::$standard_scan_configuration;
54
+ } else {
55
+ $scan_config = get_option( 'mo2f_custom_scan_config' );
56
+ }
57
+
58
+ $repo_status_code = get_option('mo2f_repo_status');
59
+ if ( ($scan_config['check_repo'] == 0 || $repo_status_code < 0) && $scan_stage_complete == 3 ) {//repo check not required so scan ended
60
+
61
+ $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
62
+ $mo_wpns_files_scanned=$decoded_scan_status->total_files;
63
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
64
+ $encoded_scan_status=json_encode($decoded_scan_status);
65
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
66
+ $this->mo2f_end_scan();
67
+ exit;
68
+ }
69
+
70
+ $uploads_dir = wp_upload_dir();
71
+ $uploads_path= $uploads_dir['basedir'];
72
+ $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
73
+ $current_time = time();
74
+ $time_limit = ini_get( 'max_execution_time' );
75
+ usleep(10000);//10miliseconds
76
+ switch ( $scan_stage_complete ) {
77
+ case 1:
78
+ $this->mo2f_scan_with_service( $scan_config, $reportid, $scanverification);
79
+ break;
80
+ case 2:
81
+ $this->mo2f_check_ext_link( $scan_config,$reportid,$scanverification);
82
+ break;
83
+ case 3:
84
+ $mo_wpns_scan_handler->mo2f_download_plugins_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
85
+ break;
86
+ case 4:
87
+ $mo_wpns_scan_handler->mo2f_download_themes_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
88
+ break;
89
+ case 5:
90
+ $mo_wpns_scan_handler->mo2f_download_core_wp( $repo_file_path, $scan_config,$reportid, $scanverification);
91
+ break;
92
+ case 6:
93
+ $this->mo2f_check_with_repo( $scan_config, $repo_file_path,$reportid,$scanverification);
94
+ break;
95
+ case 7:
96
+ $this->mo2f_end_scan();
97
+ break;
98
+ }
99
+ }
100
+ }
101
+
102
+ function mo2f_scan_with_service($scan_config, $reportid, $scanverification){
103
+ $current_time= time();
104
+ $mo2f_malware_db_handler = new MoWpnsDB();
105
+ $files_to_scan=$mo2f_malware_db_handler->get_files_in_parts();
106
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
107
+
108
+ if(empty($files_to_scan)){
109
+
110
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
111
+ $scan_malware_count=$last_report[0]->malware_count;
112
+ $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
113
+
114
+ $hostname = 'scanner.api.xecurify.com';
115
+ $malware_server_status = $mo_wpns_scan_handler->mo_wpns_check_malware_server_status($hostname);
116
+ if($malware_server_status){
117
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
118
+ $postdata = http_build_query(array('fileCount' => $last_scan, 'maliciousCount' => $scan_malware_count));
119
+ $content_type = 'application/x-www-form-urlencoded';
120
+ $lastRequest = $mo_wpns_scan_handler->mo_wpns_malware_scan_request($postdata, $host, $content_type);
121
+ }
122
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
123
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
124
+
125
+ }else{//sending next 100 files
126
+ $current_time= time();
127
+ $time_limit= ini_get('max_execution_time');
128
+ $result=$mo_wpns_scan_handler->get_scan_result_parts($mo2f_malware_db_handler, $files_to_scan, $scan_config, $current_time, $time_limit);
129
+
130
+ if($result['scan']){
131
+ foreach ($result['scan'] as $key => $value) {
132
+ $value=array('scan'=>'Premium');
133
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
134
+ }
135
+ }
136
+ $mo2f_malware_db_handler->update_files_scan($files_to_scan, $result['file_count']);
137
+
138
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
139
+ $result['file_count']= $last_report[0]->scanned_files + $result['file_count'];
140
+ $result['malware_count'] = $last_report[0]->malware_count + $result['malware_count'];
141
+ $result['malicious_link'] = 0;
142
+ $result['repo_issues'] = $last_report[0]->repo_issues;
143
+
144
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
145
+
146
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
147
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
148
+
149
+ }
150
+ }
151
+
152
+ function mo2f_check_ext_link($scan_config, $reportid, $scanverification){
153
+ $mo2f_malware_db_handler = new MoWpnsDB();
154
+ $files_to_scan=$mo2f_malware_db_handler->get_files_for_link();
155
+ $currentFileScanTime=time();
156
+
157
+ if(!empty($files_to_scan) && $scan_config['ext_link_check']){
158
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
159
+ $current_time= time();
160
+ $time_limit= ini_get('max_execution_time');
161
+ $response=$mo_wpns_scan_handler->scan_for_ext_link($files_to_scan, $scan_config, $current_time, $time_limit, $reportid);
162
+
163
+ if($response['scan']){
164
+ foreach ($response['scan'] as $key => $value) {
165
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
166
+ }
167
+ }
168
+ $mo2f_malware_db_handler->update_files_scan_ext_link($files_to_scan, $response['file_count']);
169
+
170
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
171
+ $response['file_count']= $last_report[0]->scanned_files;
172
+ $response['malware_count'] = $last_report[0]->malware_count;
173
+ $response['repo_issues'] = $last_report[0]->repo_issues;
174
+ $response['malicious_link'] = $last_report[0]->malicious_links + $response['malicious_link'];
175
+
176
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
177
+
178
+ $response=$mo_wpns_scan_handler->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
179
+ }else{
180
+ $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
181
+ $mo_wpns_files_scanned=$decoded_scan_status->total_files;
182
+ $decoded_scan_status->files_scanned=0.85*$mo_wpns_files_scanned;
183
+ $encoded_scan_status=json_encode($decoded_scan_status);
184
+ update_option('mo_wpns_scan_status', $encoded_scan_status);
185
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
186
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 3);
187
+
188
+ }
189
+ }
190
+
191
+ function mo2f_check_with_repo($scan_config, $repo_file_path,$reportid, $scanverification){
192
+ $download_status=false;
193
+ $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
194
+ $decoded_scan_configuration->status_download_time=$download_status;
195
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
196
+ update_option("mo_wpns_scan_status",$encoded_scan_configuration);
197
+ $mo2f_malware_db_handler = new MoWpnsDB();
198
+ $response=array();
199
+ $repo_status = get_option('mo2f_repo_status');
200
+ if($repo_status != 0){
201
+ if($repo_status == -99 || $repo_status == -100){
202
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
203
+ if(!empty($last_report)){
204
+ $response['file_count']= $last_report[0]->scanned_files;
205
+ $response['malware_count'] = $last_report[0]->malware_count;
206
+ $response['malicious_link'] = $last_report[0]->malicious_links;
207
+ $response['repo_issues']=$repo_status;
208
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
209
+ }
210
+ }
211
+ $this->mo2f_end_scan();
212
+ exit;
213
+ }else{
214
+ $files_to_scan=$mo2f_malware_db_handler->get_files_for_repo();
215
+ if(empty($files_to_scan)){
216
+ $this->mo2f_end_scan();
217
+ }else{
218
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
219
+ $current_time= time();
220
+ $time_limit= ini_get('max_execution_time');
221
+ $response=$mo_wpns_scan_handler->scan_with_repo($files_to_scan, $scan_config, $current_time, $time_limit, $reportid, $repo_file_path);
222
+
223
+ if($response['scan']){
224
+ foreach ($response['scan'] as $key => $value) {
225
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
226
+ }
227
+ }
228
+ $mo2f_malware_db_handler->update_files_scan_repo($files_to_scan, $response['file_count']);
229
+
230
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
231
+ $response['file_count']= $last_report[0]->scanned_files;
232
+ $response['malware_count'] = $last_report[0]->malware_count;
233
+ $response['repo_issues'] = $last_report[0]->repo_issues + $response['repo_issues'];
234
+ $response['malicious_link'] = $last_report[0]->malicious_links;
235
+
236
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
237
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
238
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 6);
239
+ }
240
+ }
241
+ }
242
+
243
+ function mo2f_end_scan(){
244
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
245
+ $mo2f_malware_db_handler = new MoWpnsDB();
246
+ $uploads_dir = wp_upload_dir();
247
+ $uploads_path= $uploads_dir['basedir'];
248
+ $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
249
+ if(is_dir($repo_file_path)){
250
+ $mo_wpns_scan_handler->remove_dir($repo_file_path);
251
+ }
252
+ $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
253
+ $decoded_scan_configuration->scan_progress="COMPLETE";
254
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
255
+ update_option("mo_wpns_scan_status",$encoded_scan_configuration);
256
+ $mo2f_malware_db_handler->delete_files_parts();
257
+
258
+ }
259
+
260
+ }new mo2f_scanner_parts;
handler/mo-error.html CHANGED
@@ -1,11 +1,11 @@
1
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
- <div>
3
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
- <div>
5
- <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
- <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
- <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
- <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
- <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
- </div>
11
  </div>
1
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
+ <div>
3
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
+ <div>
5
+ <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
+ <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
+ <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
+ <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
+ <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
+ </div>
11
  </div>
handler/mo-waf.php CHANGED
@@ -1,586 +1,586 @@
1
- <?php
2
-
3
- $dir =dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
- $xssFile = $dir.'/signature/APXSS.php';
7
- $lfiFile = $dir.'/signature/APLFI.php';
8
- $configfilepath = explode('wp-content', $dir);
9
- $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
-
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include_once($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
- $dir_name = explode('wp-content', $dir);
26
- $file = file_get_contents($dir_name[0].'wp-config.php');
27
- $content = explode("\n", $file);
28
- $len = sizeof($content);
29
- $Ismultisite = 0;
30
- $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
31
-
32
- $prefix = 'wp_';
33
-
34
- for($i=0;$i<$len;$i++)
35
- {
36
-
37
- if(preg_match("/define/", $content[$i]))
38
- {
39
- $cont = explode(",", $content[$i]);
40
- $string = str_replace(array('define(',' ','\''), '', $cont[0]);
41
- switch ($string) {
42
- case "DB_NAME":
43
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
44
- $res = preg_replace('/\s/', '', $res);
45
- $dbD['DB_NAME'] = $res;
46
- break;
47
- case 'DB_USER':
48
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
49
- $res = preg_replace('/\s/', '', $res);
50
- $dbD['DB_USER'] = $res;
51
- break;
52
- case "DB_PASSWORD":
53
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
54
- $res = preg_replace('/\s/', '', $res);
55
- $dbD['DB_PASSWORD'] = $res;
56
- break;
57
- case 'DB_HOST':
58
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
59
- $res = preg_replace('/\s/', '', $res);
60
- $dbD['DB_HOST'] = $res;
61
- break;
62
- case "DB_CHARSET":
63
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
64
- $res = preg_replace('/\s/', '', $res);
65
- $dbD['DB_CHARSET'] = $res;
66
- break;
67
- case 'DB_COLLATE':
68
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
69
- $res = preg_replace('/\s/', '', $res);
70
- $dbD['DB_COLLATE'] = $res;
71
- break;
72
- default:
73
-
74
- break;
75
- }
76
- }
77
- if(preg_match('/\$table_prefix/', $content[$i]))
78
- {
79
- $cont = explode("'", $content[$i]);
80
-
81
- $prefix = $cont['1'];
82
- }
83
- }
84
-
85
-
86
- global $dbcon;
87
- $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
88
- if(!$dbcon)
89
- {
90
- echo "database connection error";
91
- exit;
92
-
93
- }
94
-
95
- if(mysqli_select_db($dbcon,$dbD['DB_NAME']))
96
- {
97
- $query = 'SELECT * FROM '.$prefix.'options WHERE `option_name`="WAF";';
98
- $results1 = mysqli_query($dbcon,$query);
99
- $row = mysqli_fetch_array($results1);
100
- if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
101
- $ipaddress = '';
102
- if (isset($_SERVER['HTTP_CLIENT_IP']))
103
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
104
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
105
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
106
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
107
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
108
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
109
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
110
- else if(isset($_SERVER['HTTP_FORWARDED']))
111
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
112
- else if(isset($_SERVER['REMOTE_ADDR']))
113
- $ipaddress = $_SERVER['REMOTE_ADDR'];
114
- else
115
- $ipaddress = 'UNKNOWN';
116
-
117
- $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
118
- $results = mysqli_query($dbcon,$query);
119
- if($results)
120
- {
121
- $row = mysqli_fetch_array($results);
122
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
123
- $results = mysqli_query($dbcon,$query);
124
- if($results)
125
- {
126
- $row1 = mysqli_fetch_array($results);
127
- if(!is_null($row1['ip_address']))
128
- {
129
-
130
- }
131
- else if(!is_null($row['ip_address']))
132
- {
133
- header('HTTP/1.1 403 Forbidden');
134
- include_once("mo-block.html");
135
- exit;
136
- }
137
- }
138
- else if(!is_null($row['ip_address']))
139
- {
140
- header('HTTP/1.1 403 Forbidden');
141
- include_once("mo-block.html");
142
- exit;
143
-
144
- }
145
-
146
- }
147
-
148
-
149
- $dir_name = dirname(__FILE__);
150
- $dir_name1 = explode('wp-content', $dir_name);
151
- $dir_name = $dir_name1[0];
152
- $filepath = str_replace('\\', '/', $dir_name1[0]);
153
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
154
- if($missingFile==1)
155
- {
156
- if(!file_exists($fileName))
157
- {
158
- $file = fopen($fileName, "a+");
159
- $string = "<?php".PHP_EOL;
160
- $query = 'select option_value from '.$prefix.'options where option_name = "SQLInjection";' ;
161
- $results = mysqli_query($dbcon,$query);
162
- if($results)
163
- {
164
- $row = mysqli_fetch_array($results);
165
- $string .= '$SQL='.$row["option_value"].';'.PHP_EOL;
166
- }
167
- $query = 'select option_value from '.$prefix.'options where option_name = "XSSAttack";' ;
168
- $results = mysqli_query($dbcon,$query);
169
- if($results)
170
- {
171
- $row = mysqli_fetch_array($results);
172
- $string .= '$XSS='.$row["option_value"].';'.PHP_EOL;
173
- }
174
- $query = 'select option_value from '.$prefix.'options where option_name = "RFIAttack";' ;
175
- $results = mysqli_query($dbcon,$query);
176
- if($results)
177
- {
178
- $row = mysqli_fetch_array($results);
179
- $string .= '$RFI='.$row["option_value"].';'.PHP_EOL;
180
- }
181
- $query = 'select option_value from '.$prefix.'options where option_name = "LFIAttack";' ;
182
- $results = mysqli_query($dbcon,$query);
183
- if($results)
184
- {
185
- $row = mysqli_fetch_array($results);
186
- $string .= '$LFI='.$row["option_value"].';'.PHP_EOL;
187
- }
188
- $query = 'select option_value from '.$prefix.'options where option_name = "RCEAttack";' ;
189
- $results = mysqli_query($dbcon,$query);
190
- if($results)
191
- {
192
- $row = mysqli_fetch_array($results);
193
- $string .= '$RCE='.$row["option_value"].';'.PHP_EOL;
194
- }
195
- $query = 'select option_value from '.$prefix.'options where option_name = "Rate_limiting";' ;
196
- $results = mysqli_query($dbcon,$query);
197
- if($results)
198
- {
199
- $row = mysqli_fetch_array($results);
200
- if($row["option_value"]!='')
201
- $string .= '$RateLimiting='.$row["option_value"].';'.PHP_EOL;
202
- else
203
- $string .= '$RateLimiting=0;'.PHP_EOL;
204
- }
205
- $query = 'select option_value from '.$prefix.'options where option_name = "Rate_request";' ;
206
- $results = mysqli_query($dbcon,$query);
207
- if($results)
208
- {
209
- $row = mysqli_fetch_array($results);
210
- if($row["option_value"]!='')
211
- $string .= '$RequestsPMin='.$row["option_value"].';'.PHP_EOL;
212
- else
213
- $string .= '$RequestsPMin=120;'.PHP_EOL;
214
- }
215
-
216
- $query = 'select option_value from '.$prefix.'options where option_name = "actionRateL";' ;
217
- $results = mysqli_query($dbcon,$query);
218
- if($results)
219
- {
220
-
221
- $row = mysqli_fetch_array($results);
222
- if($row["option_value"] == 1)
223
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
224
- else
225
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
226
- }
227
- $string .= '?>'.PHP_EOL;
228
- fwrite($file, $string);
229
- fclose($file);
230
-
231
- }
232
-
233
- }
234
-
235
- include_once($fileName);
236
- if($RateLimiting == 1)
237
- {
238
-
239
-
240
- $time = 60;
241
- $reqLimit = $RequestsPMin;
242
- $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
243
- $results = mysqli_query($dbcon,$query);
244
-
245
- $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
- $results = mysqli_query($dbcon,$query);
247
-
248
- $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
249
- $results = mysqli_query($dbcon,$query);
250
-
251
- if($results)
252
- {
253
- $row = mysqli_fetch_array($results);
254
- if($row['count(*)']>=$reqLimit)
255
- {
256
- $action = $actionRateL;
257
- if($action == 'ThrottleIP')
258
- {
259
- $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
260
- $results = mysqli_query($dbcon,$query);
261
- $results = mysqli_fetch_array($results);
262
- $current_time = time();
263
- if($current_time>$results['time']+60)
264
- {
265
- $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
266
- $results = mysqli_query($dbcon,$query);
267
- }
268
- header('HTTP/1.1 403 Forbidden');
269
- include_once("mo-error.html");
270
- exit;
271
- }
272
- else
273
- {
274
- $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
275
- $results = mysqli_query($dbcon,$query);
276
- $results = mysqli_fetch_array($results);
277
- $current_time = time();
278
- if($current_time>$results['time']+60)
279
- {
280
- $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
281
- $results = mysqli_query($dbcon,$query);
282
- }
283
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
284
- $results = mysqli_query($dbcon,$query);
285
- if($results)
286
- {
287
- $row1 = mysqli_fetch_array($results);
288
- if(!is_null($row1['ip_address']))
289
- {
290
-
291
- }
292
- else
293
- {
294
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".time().");";
295
- $results = mysqli_query($dbcon,$query);
296
- }
297
- header('HTTP/1.1 403 Forbidden');
298
- include_once("mo-error.html");
299
- exit;
300
- }
301
- }
302
- }
303
- }
304
-
305
- }
306
-
307
- $attack = array();
308
- if($SQL==1)
309
- {
310
- array_push($attack,"SQL");
311
- }
312
- if($XSS==1)
313
- {
314
- array_push($attack,"XSS");
315
- }
316
-
317
- if($LFI==1)
318
- {
319
- array_push($attack,"LFI");
320
- }
321
-
322
-
323
-
324
- $attackC = $attack;
325
- $ParanoiaLevel = 1;
326
- $annomalyS = 0;
327
- $SQLScore = 0;
328
- $XSSScore = 0;
329
- $query = 'select option_value from '.$prefix.'options where option_name ="limitAttack";';
330
- $results = mysqli_query($dbcon,$query);
331
- $rows = mysqli_fetch_array($results);
332
-
333
- $limitAttack = intval($rows['option_value']);
334
-
335
-
336
- foreach ($attackC as $key1 => $value1) {
337
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
338
- {
339
- if(isset($regex[$value1][$lev]))
340
- { $ooo = 0;
341
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
342
- {
343
- foreach ($_REQUEST as $key => $value) {
344
-
345
- if($regex[$value1][$lev][$i] != "")
346
- {
347
- if(strpos($regex[$value1][$lev][$i], '/') == false)
348
- {
349
- if(is_string($value))
350
- {
351
- if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
352
- {
353
-
354
- $scoreValue = 0;
355
-
356
- $annomalyMS = $score[$value1][$lev][$i];
357
- if(strcmp($annomalyMS,"CRITICAL")==0)
358
- {
359
- $scoreValue = 5;
360
- }
361
-
362
- elseif(strcmp($annomalyMS,"WARNING")==0)
363
- {
364
- $scoreValue = 3;
365
- }
366
- elseif(strcmp($annomalyMS,"ERROR")==0)
367
- {
368
- $scoreValue = 4;
369
- }
370
- elseif(strcmp($annomalyMS,"NOTICE")==0)
371
- {
372
- $scoreValue =2;
373
- }
374
-
375
-
376
- if($value1 == "SQL")
377
- {
378
- $SQLScore += $scoreValue;
379
- }
380
- elseif ($value1 == "XSS")
381
- {
382
- $XSSScore += $scoreValue;
383
- }
384
- else
385
- {
386
- $annomalyS += $scoreValue;
387
- }
388
-
389
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
390
- {
391
- $value = htmlspecialchars($value);
392
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
393
- $results = mysqli_query($dbcon,$query);
394
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
395
- $results = mysqli_query($dbcon,$query);
396
- $rows = mysqli_fetch_array($results);
397
- if($rows['count(*)']>$limitAttack)
398
- {
399
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
400
- $results = mysqli_query($dbcon,$query);
401
- if($results)
402
- {
403
- $row1 = mysqli_fetch_array($results);
404
- if(!is_null($row1['ip_address']))
405
- {
406
- //IP WHiTELISTED
407
- }
408
- else
409
- {
410
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
411
- $results = mysqli_query($dbcon,$query);
412
- }
413
- }
414
- }
415
-
416
-
417
- header('HTTP/1.1 403 Forbidden');
418
- include_once("mo-error.html");
419
- exit;
420
- }
421
-
422
- }}
423
- }
424
- else if (strpos($regex[$value1][$lev][$i], '#') == false) {
425
- if(is_string($value))
426
- {
427
- if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
428
- {
429
- $scoreValue = 0;
430
- $annomalyMS = $score[$value1][$lev][$i];
431
- if(strcmp($annomalyMS,"CRITICAL")==0)
432
- {
433
- $scoreValue = 5;
434
- }
435
-
436
- elseif(strcmp($annomalyMS,"WARNING")==0)
437
- {
438
- $scoreValue = 3;
439
- }
440
- elseif(strcmp($annomalyMS,"ERROR")==0)
441
- {
442
- $scoreValue = 4;
443
- }
444
- elseif(strcmp($annomalyMS,"NOTICE")==0)
445
- {
446
- $scoreValue =2;
447
- }
448
-
449
-
450
- if($value1 == "SQL")
451
- {
452
- $SQLScore += $scoreValue;
453
- }
454
- elseif ($value1 == "XSS")
455
- {
456
- $XSSScore += $scoreValue;
457
- }
458
- else
459
- {
460
- $annomalyS += $scoreValue;
461
- }
462
-
463
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
464
- {
465
- $value = htmlspecialchars($value);
466
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
467
- $results = mysqli_query($dbcon,$query);
468
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
469
- $results = mysqli_query($dbcon,$query);
470
- $rows = mysqli_fetch_array($results);
471
- if($rows['count(*)']>$limitAttack)
472
- {
473
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
474
- $results = mysqli_query($dbcon,$query);
475
- if($results)
476
- {
477
- $row1 = mysqli_fetch_array($results);
478
- if(!is_null($row1['ip_address']))
479
- {
480
- //IP WHiTELISTED
481
- }
482
- else
483
- {
484
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
485
- $results = mysqli_query($dbcon,$query);
486
- }
487
- }
488
- }
489
-
490
-
491
- header('HTTP/1.1 403 Forbidden');
492
- include_once("mo-error.html");
493
- exit;
494
- }
495
- }}
496
- }
497
-
498
- elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
499
- if(is_string($value))
500
- {
501
- if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
502
- {
503
- $scoreValue = 0;
504
- $annomalyMS = $score[$value1][$lev][$i];
505
- if(strcmp($annomalyMS,"CRITICAL")==0)
506
- {
507
- $scoreValue = 5;
508
- }
509
-
510
- elseif(strcmp($annomalyMS,"WARNING")==0)
511
- {
512
- $scoreValue = 3;
513
- }
514
- elseif(strcmp($annomalyMS,"ERROR")==0)
515
- {
516
- $scoreValue = 4;
517
- }
518
- elseif(strcmp($annomalyMS,"NOTICE")==0)
519
- {
520
- $scoreValue =2;
521
- }
522
-
523
-
524
- if($value1 == "SQL")
525
- {
526
- $SQLScore += $scoreValue;
527
- }
528
- elseif ($value1 == "XSS")
529
- {
530
- $XSSScore += $scoreValue;
531
- }
532
- else
533
- {
534
- $annomalyS += $scoreValue;
535
- }
536
-
537
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
538
- {
539
- $value = htmlspecialchars($value);
540
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
541
- $results = mysqli_query($dbcon,$query);
542
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
543
- $results = mysqli_query($dbcon,$query);
544
- $rows = mysqli_fetch_array($results);
545
- if($rows['count(*)']>$limitAttack)
546
- {
547
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
548
- $results = mysqli_query($dbcon,$query);
549
- if($results)
550
- {
551
- $row1 = mysqli_fetch_array($results);
552
- if(!is_null($row1['ip_address']))
553
- {
554
- //IP WHiTELISTED
555
- }
556
- else
557
- {
558
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
559
- $results = mysqli_query($dbcon,$query);
560
- }
561
- }
562
- }
563
-
564
-
565
- header('HTTP/1.1 403 Forbidden');
566
- include_once("mo-error.html");
567
- exit;
568
- }
569
- }
570
- }
571
-
572
- }
573
-
574
- }
575
- }
576
-
577
- }
578
- }
579
-
580
- }
581
- }
582
- }
583
- }
584
-
585
- $dbcon->close();
586
- ?>
1
+ <?php
2
+
3
+ $dir =dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
+ $xssFile = $dir.'/signature/APXSS.php';
7
+ $lfiFile = $dir.'/signature/APLFI.php';
8
+ $configfilepath = explode('wp-content', $dir);
9
+ $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
+
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include_once($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+ $dir_name = explode('wp-content', $dir);
26
+ $file = file_get_contents($dir_name[0].'wp-config.php');
27
+ $content = explode("\n", $file);
28
+ $len = sizeof($content);
29
+ $Ismultisite = 0;
30
+ $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
31
+
32
+ $prefix = 'wp_';
33
+
34
+ for($i=0;$i<$len;$i++)
35
+ {
36
+
37
+ if(preg_match("/define/", $content[$i]))
38
+ {
39
+ $cont = explode(",", $content[$i]);
40
+ $string = str_replace(array('define(',' ','\''), '', $cont[0]);
41
+ switch ($string) {
42
+ case "DB_NAME":
43
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
44
+ $res = preg_replace('/\s/', '', $res);
45
+ $dbD['DB_NAME'] = $res;
46
+ break;
47
+ case 'DB_USER':
48
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
49
+ $res = preg_replace('/\s/', '', $res);
50
+ $dbD['DB_USER'] = $res;
51
+ break;
52
+ case "DB_PASSWORD":
53
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
54
+ $res = preg_replace('/\s/', '', $res);
55
+ $dbD['DB_PASSWORD'] = $res;
56
+ break;
57
+ case 'DB_HOST':
58
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
59
+ $res = preg_replace('/\s/', '', $res);
60
+ $dbD['DB_HOST'] = $res;
61
+ break;
62
+ case "DB_CHARSET":
63
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
64
+ $res = preg_replace('/\s/', '', $res);
65
+ $dbD['DB_CHARSET'] = $res;
66
+ break;
67
+ case 'DB_COLLATE':
68
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
69
+ $res = preg_replace('/\s/', '', $res);
70
+ $dbD['DB_COLLATE'] = $res;
71
+ break;
72
+ default:
73
+
74
+ break;
75
+ }
76
+ }
77
+ if(preg_match('/\$table_prefix/', $content[$i]))
78
+ {
79
+ $cont = explode("'", $content[$i]);
80
+
81
+ $prefix = $cont['1'];
82
+ }
83
+ }
84
+
85
+
86
+ global $dbcon;
87
+ $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
88
+ if(!$dbcon)
89
+ {
90
+ echo "database connection error";
91
+ exit;
92
+
93
+ }
94
+
95
+ if(mysqli_select_db($dbcon,$dbD['DB_NAME']))
96
+ {
97
+ $query = 'SELECT * FROM '.$prefix.'options WHERE `option_name`="WAF";';
98
+ $results1 = mysqli_query($dbcon,$query);
99
+ $row = mysqli_fetch_array($results1);
100
+ if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
101
+ $ipaddress = '';
102
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
103
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
104
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
105
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
106
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
107
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
108
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
109
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
110
+ else if(isset($_SERVER['HTTP_FORWARDED']))
111
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
112
+ else if(isset($_SERVER['REMOTE_ADDR']))
113
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
114
+ else
115
+ $ipaddress = 'UNKNOWN';
116
+
117
+ $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
118
+ $results = mysqli_query($dbcon,$query);
119
+ if($results)
120
+ {
121
+ $row = mysqli_fetch_array($results);
122
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
123
+ $results = mysqli_query($dbcon,$query);
124
+ if($results)
125
+ {
126
+ $row1 = mysqli_fetch_array($results);
127
+ if(!is_null($row1['ip_address']))
128
+ {
129
+
130
+ }
131
+ else if(!is_null($row['ip_address']))
132
+ {
133
+ header('HTTP/1.1 403 Forbidden');
134
+ include_once("mo-block.html");
135
+ exit;
136
+ }
137
+ }
138
+ else if(!is_null($row['ip_address']))
139
+ {
140
+ header('HTTP/1.1 403 Forbidden');
141
+ include_once("mo-block.html");
142
+ exit;
143
+
144
+ }
145
+
146
+ }
147
+
148
+
149
+ $dir_name = dirname(__FILE__);
150
+ $dir_name1 = explode('wp-content', $dir_name);
151
+ $dir_name = $dir_name1[0];
152
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
153
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
154
+ if($missingFile==1)
155
+ {
156
+ if(!file_exists($fileName))
157
+ {
158
+ $file = fopen($fileName, "a+");
159
+ $string = "<?php".PHP_EOL;
160
+ $query = 'select option_value from '.$prefix.'options where option_name = "SQLInjection";' ;
161
+ $results = mysqli_query($dbcon,$query);
162
+ if($results)
163
+ {
164
+ $row = mysqli_fetch_array($results);
165
+ $string .= '$SQL='.$row["option_value"].';'.PHP_EOL;
166
+ }
167
+ $query = 'select option_value from '.$prefix.'options where option_name = "XSSAttack";' ;
168
+ $results = mysqli_query($dbcon,$query);
169
+ if($results)
170
+ {
171
+ $row = mysqli_fetch_array($results);
172
+ $string .= '$XSS='.$row["option_value"].';'.PHP_EOL;
173
+ }
174
+ $query = 'select option_value from '.$prefix.'options where option_name = "RFIAttack";' ;
175
+ $results = mysqli_query($dbcon,$query);
176
+ if($results)
177
+ {
178
+ $row = mysqli_fetch_array($results);
179
+ $string .= '$RFI='.$row["option_value"].';'.PHP_EOL;
180
+ }
181
+ $query = 'select option_value from '.$prefix.'options where option_name = "LFIAttack";' ;
182
+ $results = mysqli_query($dbcon,$query);
183
+ if($results)
184
+ {
185
+ $row = mysqli_fetch_array($results);
186
+ $string .= '$LFI='.$row["option_value"].';'.PHP_EOL;
187
+ }
188
+ $query = 'select option_value from '.$prefix.'options where option_name = "RCEAttack";' ;
189
+ $results = mysqli_query($dbcon,$query);
190
+ if($results)
191
+ {
192
+ $row = mysqli_fetch_array($results);
193
+ $string .= '$RCE='.$row["option_value"].';'.PHP_EOL;
194
+ }
195
+ $query = 'select option_value from '.$prefix.'options where option_name = "Rate_limiting";' ;
196
+ $results = mysqli_query($dbcon,$query);
197
+ if($results)
198
+ {
199
+ $row = mysqli_fetch_array($results);
200
+ if($row["option_value"]!='')
201
+ $string .= '$RateLimiting='.$row["option_value"].';'.PHP_EOL;
202
+ else
203
+ $string .= '$RateLimiting=0;'.PHP_EOL;
204
+ }
205
+ $query = 'select option_value from '.$prefix.'options where option_name = "Rate_request";' ;
206
+ $results = mysqli_query($dbcon,$query);
207
+ if($results)
208
+ {
209
+ $row = mysqli_fetch_array($results);
210
+ if($row["option_value"]!='')
211
+ $string .= '$RequestsPMin='.$row["option_value"].';'.PHP_EOL;
212
+ else
213
+ $string .= '$RequestsPMin=120;'.PHP_EOL;
214
+ }
215
+
216
+ $query = 'select option_value from '.$prefix.'options where option_name = "actionRateL";' ;
217
+ $results = mysqli_query($dbcon,$query);
218
+ if($results)
219
+ {
220
+
221
+ $row = mysqli_fetch_array($results);
222
+ if($row["option_value"] == 1)
223
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
224
+ else
225
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
226
+ }
227
+ $string .= '?>'.PHP_EOL;
228
+ fwrite($file, $string);
229
+ fclose($file);
230
+
231
+ }
232
+
233
+ }
234
+
235
+ include_once($fileName);
236
+ if($RateLimiting == 1)
237
+ {
238
+
239
+
240
+ $time = 60;
241
+ $reqLimit = $RequestsPMin;
242
+ $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
243
+ $results = mysqli_query($dbcon,$query);
244
+
245
+ $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
+ $results = mysqli_query($dbcon,$query);
247
+
248
+ $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
249
+ $results = mysqli_query($dbcon,$query);
250
+
251
+ if($results)
252
+ {
253
+ $row = mysqli_fetch_array($results);
254
+ if($row['count(*)']>=$reqLimit)
255
+ {
256
+ $action = $actionRateL;
257
+ if($action == 'ThrottleIP')
258
+ {
259
+ $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
260
+ $results = mysqli_query($dbcon,$query);
261
+ $results = mysqli_fetch_array($results);
262
+ $current_time = time();
263
+ if($current_time>$results['time']+60)
264
+ {
265
+ $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
266
+ $results = mysqli_query($dbcon,$query);
267
+ }
268
+ header('HTTP/1.1 403 Forbidden');
269
+ include_once("mo-error.html");
270
+ exit;
271
+ }
272
+ else
273
+ {
274
+ $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
275
+ $results = mysqli_query($dbcon,$query);
276
+ $results = mysqli_fetch_array($results);
277
+ $current_time = time();
278
+ if($current_time>$results['time']+60)
279
+ {
280
+ $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
281
+ $results = mysqli_query($dbcon,$query);
282
+ }
283
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
284
+ $results = mysqli_query($dbcon,$query);
285
+ if($results)
286
+ {
287
+ $row1 = mysqli_fetch_array($results);
288
+ if(!is_null($row1['ip_address']))
289
+ {
290
+
291
+ }
292
+ else
293
+ {
294
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".time().");";
295
+ $results = mysqli_query($dbcon,$query);
296
+ }
297
+ header('HTTP/1.1 403 Forbidden');
298
+ include_once("mo-error.html");
299
+ exit;
300
+ }
301
+ }
302
+ }
303
+ }
304
+
305
+ }
306
+
307
+ $attack = array();
308
+ if($SQL==1)
309
+ {
310
+ array_push($attack,"SQL");
311
+ }
312
+ if($XSS==1)
313
+ {
314
+ array_push($attack,"XSS");
315
+ }
316
+
317
+ if($LFI==1)
318
+ {
319
+ array_push($attack,"LFI");
320
+ }
321
+
322
+
323
+
324
+ $attackC = $attack;
325
+ $ParanoiaLevel = 1;
326
+ $annomalyS = 0;
327
+ $SQLScore = 0;
328
+ $XSSScore = 0;
329
+ $query = 'select option_value from '.$prefix.'options where option_name ="limitAttack";';
330
+ $results = mysqli_query($dbcon,$query);
331
+ $rows = mysqli_fetch_array($results);
332
+
333
+ $limitAttack = intval($rows['option_value']);
334
+
335
+
336
+ foreach ($attackC as $key1 => $value1) {
337
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
338
+ {
339
+ if(isset($regex[$value1][$lev]))
340
+ { $ooo = 0;
341
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
342
+ {
343
+ foreach ($_REQUEST as $key => $value) {
344
+
345
+ if($regex[$value1][$lev][$i] != "")
346
+ {
347
+ if(strpos($regex[$value1][$lev][$i], '/') == false)
348
+ {
349
+ if(is_string($value))
350
+ {
351
+ if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
352
+ {
353
+
354
+ $scoreValue = 0;
355
+
356
+ $annomalyMS = $score[$value1][$lev][$i];
357
+ if(strcmp($annomalyMS,"CRITICAL")==0)
358
+ {
359
+ $scoreValue = 5;
360
+ }
361
+
362
+ elseif(strcmp($annomalyMS,"WARNING")==0)
363
+ {
364
+ $scoreValue = 3;
365
+ }
366
+ elseif(strcmp($annomalyMS,"ERROR")==0)
367
+ {
368
+ $scoreValue = 4;
369
+ }
370
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
371
+ {
372
+ $scoreValue =2;
373
+ }
374
+
375
+
376
+ if($value1 == "SQL")
377
+ {
378
+ $SQLScore += $scoreValue;
379
+ }
380
+ elseif ($value1 == "XSS")
381
+ {
382
+ $XSSScore += $scoreValue;
383
+ }
384
+ else
385
+ {
386
+ $annomalyS += $scoreValue;
387
+ }
388
+
389
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
390
+ {
391
+ $value = htmlspecialchars($value);
392
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
393
+ $results = mysqli_query($dbcon,$query);
394
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
395
+ $results = mysqli_query($dbcon,$query);
396
+ $rows = mysqli_fetch_array($results);
397
+ if($rows['count(*)']>$limitAttack)
398
+ {
399
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
400
+ $results = mysqli_query($dbcon,$query);
401
+ if($results)
402
+ {
403
+ $row1 = mysqli_fetch_array($results);
404
+ if(!is_null($row1['ip_address']))
405
+ {
406
+ //IP WHiTELISTED
407
+ }
408
+ else
409
+ {
410
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
411
+ $results = mysqli_query($dbcon,$query);
412
+ }
413
+ }
414
+ }
415
+
416
+
417
+ header('HTTP/1.1 403 Forbidden');
418
+ include_once("mo-error.html");
419
+ exit;
420
+ }
421
+
422
+ }}
423
+ }
424
+ else if (strpos($regex[$value1][$lev][$i], '#') == false) {
425
+ if(is_string($value))
426
+ {
427
+ if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
428
+ {
429
+ $scoreValue = 0;
430
+ $annomalyMS = $score[$value1][$lev][$i];
431
+ if(strcmp($annomalyMS,"CRITICAL")==0)
432
+ {
433
+ $scoreValue = 5;
434
+ }
435
+
436
+ elseif(strcmp($annomalyMS,"WARNING")==0)
437
+ {
438
+ $scoreValue = 3;
439
+ }
440
+ elseif(strcmp($annomalyMS,"ERROR")==0)
441
+ {
442
+ $scoreValue = 4;
443
+ }
444
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
445
+ {
446
+ $scoreValue =2;
447
+ }
448
+
449
+
450
+ if($value1 == "SQL")
451
+ {
452
+ $SQLScore += $scoreValue;
453
+ }
454
+ elseif ($value1 == "XSS")
455
+ {
456
+ $XSSScore += $scoreValue;
457
+ }
458
+ else
459
+ {
460
+ $annomalyS += $scoreValue;
461
+ }
462
+
463
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
464
+ {
465
+ $value = htmlspecialchars($value);
466
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
467
+ $results = mysqli_query($dbcon,$query);
468
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
469
+ $results = mysqli_query($dbcon,$query);
470
+ $rows = mysqli_fetch_array($results);
471
+ if($rows['count(*)']>$limitAttack)
472
+ {
473
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
474
+ $results = mysqli_query($dbcon,$query);
475
+ if($results)
476
+ {
477
+ $row1 = mysqli_fetch_array($results);
478
+ if(!is_null($row1['ip_address']))
479
+ {
480
+ //IP WHiTELISTED
481
+ }
482
+ else
483
+ {
484
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
485
+ $results = mysqli_query($dbcon,$query);
486
+ }
487
+ }
488
+ }
489
+
490
+
491
+ header('HTTP/1.1 403 Forbidden');
492
+ include_once("mo-error.html");
493
+ exit;
494
+ }
495
+ }}
496
+ }
497
+
498
+ elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
499
+ if(is_string($value))
500
+ {
501
+ if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
502
+ {
503
+ $scoreValue = 0;
504
+ $annomalyMS = $score[$value1][$lev][$i];
505
+ if(strcmp($annomalyMS,"CRITICAL")==0)
506
+ {
507
+ $scoreValue = 5;
508
+ }
509
+
510
+ elseif(strcmp($annomalyMS,"WARNING")==0)
511
+ {
512
+ $scoreValue = 3;
513
+ }
514
+ elseif(strcmp($annomalyMS,"ERROR")==0)
515
+ {
516
+ $scoreValue = 4;
517
+ }
518
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
519
+ {
520
+ $scoreValue =2;
521
+ }
522
+
523
+
524
+ if($value1 == "SQL")
525
+ {
526
+ $SQLScore += $scoreValue;
527
+ }
528
+ elseif ($value1 == "XSS")
529
+ {
530
+ $XSSScore += $scoreValue;
531
+ }
532
+ else
533
+ {
534
+ $annomalyS += $scoreValue;
535
+ }
536
+
537
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
538
+ {
539
+ $value = htmlspecialchars($value);
540
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
541
+ $results = mysqli_query($dbcon,$query);
542
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
543
+ $results = mysqli_query($dbcon,$query);
544
+ $rows = mysqli_fetch_array($results);
545
+ if($rows['count(*)']>$limitAttack)
546
+ {
547
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
548
+ $results = mysqli_query($dbcon,$query);
549
+ if($results)
550
+ {
551
+ $row1 = mysqli_fetch_array($results);
552
+ if(!is_null($row1['ip_address']))
553
+ {
554
+ //IP WHiTELISTED
555
+ }
556
+ else
557
+ {
558
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
559
+ $results = mysqli_query($dbcon,$query);
560
+ }
561
+ }
562
+ }
563
+
564
+
565
+ header('HTTP/1.1 403 Forbidden');
566
+ include_once("mo-error.html");
567
+ exit;
568
+ }
569
+ }
570
+ }
571
+
572
+ }
573
+
574
+ }
575
+ }
576
+
577
+ }
578
+ }
579
+
580
+ }
581
+ }
582
+ }
583
+ }
584
+
585
+ $dbcon->close();
586
+ ?>
handler/signature/APLFI.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
- $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
1
+ <?php
2
+
3
+ $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
+ $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
handler/spam.php CHANGED
@@ -1,42 +1,42 @@
1
- <?php
2
-
3
- class Spam
4
- {
5
- function __construct()
6
- {
7
- if(get_option('mo_wpns_enable_comment_spam_blocking') || get_option('mo_wpns_enable_comment_recaptcha'))
8
- {
9
- add_filter( 'preprocess_comment' , array($this, 'comment_spam_check' ) );
10
- add_action( 'comment_form_after_fields' , array($this, 'comment_spam_custom_field' ) );
11
- }
12
- }
13
-
14
- function comment_spam_check( $comment_data )
15
- {
16
- if(!is_user_logged_in()){
17
- global $moWpnsUtility;
18
- if( isset($_POST['mocomment']) && !empty($_POST['mocomment']))
19
- wp_die( __( 'You are not authorised to perform this action.'));
20
- else if(get_option('mo_wpns_enable_comment_recaptcha'))
21
- {
22
- if(is_wp_error($moWpnsUtility->verify_recaptcha($_POST['g-recaptcha-response'])))
23
- wp_die( __( 'Invalid captcha. Please verify captcha again.'));
24
- }
25
- return $comment_data;
26
- }
27
- else{
28
- return $comment_data;
29
- }
30
- }
31
-
32
- function comment_spam_custom_field()
33
- {
34
- echo '<input type="hidden" name="mocomment" />';
35
- if(get_option('mo_wpns_enable_comment_recaptcha'))
36
- {
37
- echo '<script src="'.MoWpnsConstants::RECAPTCHA_URL.'"></script>';
38
- echo '<div class="g-recaptcha" data-sitekey="'.get_option('mo_wpns_recaptcha_site_key').'"></div>';
39
- }
40
- }
41
- }
42
  new Spam;
1
+ <?php
2
+
3
+ class Spam
4
+ {
5
+ function __construct()
6
+ {
7
+ if(get_option('mo_wpns_enable_comment_spam_blocking') || get_option('mo_wpns_enable_comment_recaptcha'))
8
+ {
9
+ add_filter( 'preprocess_comment' , array($this, 'comment_spam_check' ) );
10
+ add_action( 'comment_form_after_fields' , array($this, 'comment_spam_custom_field' ) );
11
+ }
12
+ }
13
+
14
+ function comment_spam_check( $comment_data )
15
+ {
16
+ if(!is_user_logged_in()){
17
+ global $moWpnsUtility;
18
+ if( isset($_POST['mocomment']) && !empty($_POST['mocomment']))
19
+ wp_die( __( 'You are not authorised to perform this action.'));
20
+ else if(get_option('mo_wpns_enable_comment_recaptcha'))
21
+ {
22
+ if(is_wp_error($moWpnsUtility->verify_recaptcha($_POST['g-recaptcha-response'])))
23
+ wp_die( __( 'Invalid captcha. Please verify captcha again.'));
24
+ }
25
+ return $comment_data;
26
+ }
27
+ else{
28
+ return $comment_data;
29
+ }
30
+ }
31
+
32
+ function comment_spam_custom_field()
33
+ {
34
+ echo '<input type="hidden" name="mocomment" />';
35
+ if(get_option('mo_wpns_enable_comment_recaptcha'))
36
+ {
37
+ echo '<script src="'.MoWpnsConstants::RECAPTCHA_URL.'"></script>';
38
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option('mo_wpns_recaptcha_site_key').'"></div>';
39
+ }
40
+ }
41
+ }
42
  new Spam;
handler/twofa/setup_twofa.php CHANGED
@@ -533,7 +533,6 @@ function mo2f_get_activated_second_factor( $user ) {
533
  function mo2f_update_and_sync_user_two_factor( $user_id, $userinfo ) {
534
  global $Mo2fdbQueries;
535
  $mo2f_second_factor = isset( $userinfo['authType'] ) && ! empty( $userinfo['authType'] ) ? $userinfo['authType'] : 'NONE';
536
-
537
  if(MO2F_IS_ONPREM)
538
  {
539
  $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
533
  function mo2f_update_and_sync_user_two_factor( $user_id, $userinfo ) {
534
  global $Mo2fdbQueries;
535
  $mo2f_second_factor = isset( $userinfo['authType'] ) && ! empty( $userinfo['authType'] ) ? $userinfo['authType'] : 'NONE';
 
536
  if(MO2F_IS_ONPREM)
537
  {
538
  $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
handler/twofa/two_fa_login.php CHANGED
@@ -1,403 +1,409 @@
1
- <?Php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
- class Miniorange_Mobile_Login {
27
-
28
- function mo2fa_default_login( $user, $username, $password ) {
29
-
30
- global $Mo2fdbQueries;
31
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
- if ( is_wp_error( $currentuser ) ) {
33
- return $currentuser;
34
- } else {
35
- if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
36
- {
37
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
38
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
39
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
40
- $handleSecondFactor = new Miniorange_Password_2Factor_Login();
41
- if(is_null($session_id)) {
42
- $session_id = $handleSecondFactor->create_session();
43
- }
44
-
45
- $key = get_option('mo2f_customer_token');
46
- $otp_token = '';
47
- $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
48
-
49
- }
50
- $this->miniorange_login_start_session();
51
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
52
- $session_id=$pass2fa_login_session->create_session();
53
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
54
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
55
- if ( $mo2f_configured_2FA_method ) {
56
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
57
- $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
58
- if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
59
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
60
- $this->mo_auth_show_error_message();
61
- $this->mo2f_redirectto_wp_login();
62
- $error = new WP_Error();
63
- return $error;
64
- } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
65
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
66
- }
67
- } else { //plugin is not activated for non-admin then logged him in
68
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
69
- }
70
- }
71
- }
72
-
73
- public function miniorange_login_start_session() {
74
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
75
- session_start();
76
- }
77
- }
78
-
79
- function mo_auth_show_error_message($value = null) {
80
- remove_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
81
- add_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
82
- }
83
-
84
- function mo2f_redirectto_wp_login() {
85
- global $Mo2fdbQueries;
86
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
87
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
88
- if(is_null($session_id)) {
89
- $session_id=$pass2fa_login_session->create_session();
90
- }
91
- remove_action( 'login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login' ) );
92
- add_action( 'login_dequeue_scripts', array( $this, 'mo_2_factor_show_login' ) );
93
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
94
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' );
95
- } else {
96
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM' );
97
- }
98
- }
99
-
100
- function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
101
- $user_id = $user->ID;
102
- wp_set_current_user( $user_id, $user->user_login );
103
- $this->remove_current_activity($session_id);
104
- wp_set_auth_cookie( $user_id, true );
105
- do_action( 'wp_login', $user->user_login, $user );
106
- redirect_user_to( $user, $redirect_to );
107
- exit;
108
- }
109
-
110
- function remove_current_activity($session_id) {
111
- global $Mo2fdbQueries;
112
- $session_variables = array(
113
- 'mo2f_current_user_id',
114
- 'mo2f_1stfactor_status',
115
- 'mo_2factor_login_status',
116
- 'mo2f-login-qrCode',
117
- 'mo2f_transactionId',
118
- 'mo2f_login_message',
119
- 'mo2f_rba_status',
120
- 'mo_2_factor_kba_questions',
121
- 'mo2f_show_qr_code',
122
- 'mo2f_google_auth',
123
- 'mo2f_authy_keys'
124
- );
125
-
126
- $cookie_variables = array(
127
- 'mo2f_current_user_id',
128
- 'mo2f_1stfactor_status',
129
- 'mo_2factor_login_status',
130
- 'mo2f-login-qrCode',
131
- 'mo2f_transactionId',
132
- 'mo2f_login_message',
133
- 'mo2f_rba_status_status',
134
- 'mo2f_rba_status_sessionUuid',
135
- 'mo2f_rba_status_decision_flag',
136
- 'kba_question1',
137
- 'kba_question2',
138
- 'mo2f_show_qr_code',
139
- 'mo2f_google_auth',
140
- 'mo2f_authy_keys'
141
- );
142
-
143
- $temp_table_variables = array(
144
- 'session_id',
145
- 'mo2f_current_user_id',
146
- 'mo2f_login_message',
147
- 'mo2f_1stfactor_status',
148
- 'mo2f_transactionId',
149
- 'mo_2_factor_kba_questions',
150
- 'mo2f_rba_status',
151
- 'ts_created'
152
- );
153
-
154
- MO2f_Utility::unset_session_variables( $session_variables );
155
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
156
- MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
157
- }
158
-
159
- function custom_login_enqueue_scripts() {
160
- wp_enqueue_script( 'jquery' );
161
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
162
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
163
- wp_enqueue_style( 'bootstrap_script', $bootstrappath );
164
- wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', dirname(__FILE__ )) );
165
- }
166
-
167
- function mo_2_factor_hide_login() {
168
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
169
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
170
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
171
- $hidepath = str_replace('/handler/includes/css', '/includes/css', $hidepath);
172
-
173
- wp_register_style( 'hide-login', $hidepath );
174
- wp_register_style( 'bootstrap', $bootstrappath );
175
- wp_enqueue_style( 'hide-login' );
176
- wp_enqueue_style( 'bootstrap' );
177
-
178
- }
179
-
180
- function mo_auth_success_message() {
181
- $message = isset($_SESSION['mo2f_login_message']) ? $_SESSION['mo2f_login_message'] : '';
182
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
183
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
184
- //if the php session folder has insufficient permissions, cookies to be used
185
-
186
-
187
- if($message == '')
188
- {
189
- $message = 'Please login into your account using password.';
190
- }
191
-
192
- return "<div> <p class='message'>" . $message . "</p></div>";
193
- }
194
-
195
- function mo_auth_error_message() {
196
- $id = "login_error1";
197
- //if the php session folder has insufficient permissions, cookies to be used
198
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
199
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
200
- //if the php session folder has insufficient permissions, cookies to be used
201
- if($message=='')
202
- {
203
- $message = 'Invalid Username';
204
- }
205
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
206
- { //test
207
- $message = 'Invalid Username or recaptcha';
208
- }
209
- return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
210
- }
211
-
212
- function mo_auth_show_success_message() {
213
- remove_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
214
- add_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
215
- }
216
-
217
- function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
218
- global $Mo2fdbQueries;
219
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
220
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
221
-
222
- if(is_null($session_id_encrypt)) {
223
- $session_id_encrypt=$pass2fa_login_session->create_session();
224
- }
225
-
226
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
227
- //if the php session folder has insufficient permissions, cookies to be used
228
- $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' ,$session_id_encrypt);
229
-
230
- if(MO2F_IS_ONPREM)
231
- {
232
- $userName = isset($_POST['mo2fa_username']) ? $_POST['mo2fa_username'] : '';
233
-
234
- if(!empty($userName))
235
- {
236
- $user = get_user_by('login',$userName);
237
- if($user)
238
- {
239
- //$currentMethod = get_user_meta($user->ID, 'currentMethod', true);
240
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
241
- if($currentMethod == 'None' or $currentMethod == '')
242
- $login_status_phone_enable = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
243
- }
244
- }
245
- }
246
- if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' ) ) {
247
- $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
248
- $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
249
- $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
250
- $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
251
- ?>
252
- <script>
253
- jQuery('#user_login').val(<?php echo "'" . $mo2f_user_login . "'"; ?>);
254
- </script><?php
255
- } else {
256
- $this->mo_2_factor_show_login();
257
- $this->mo_2_factor_show_wp_login_form();
258
- }
259
- } else { //Login with phone is alogin with default login form
260
- $this->mo_2_factor_show_login();
261
- $this->mo_2_factor_show_wp_login_form();
262
- }
263
-
264
- }
265
-
266
- function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
267
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ ))) );
268
- wp_enqueue_style( 'show-login' );
269
- }
270
-
271
-
272
- // login form fields
273
-
274
- function mo_2_factor_show_wp_login_form_when_phonelogin_enabled() {
275
- ?>
276
- <script>
277
- var content = ' <a href="javascript:void(0)" id="backto_mo" onClick="mo2fa_backtomologin()" style="float:right">← Back</a>';
278
- jQuery('#login').append(content);
279
-
280
- function mo2fa_backtomologin() {
281
- jQuery('#mo2f_backto_mo_loginform').submit();
282
- }
283
- </script>
284
- <?php
285
- }
286
-
287
- function mo_2_factor_show_login() {
288
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
289
-
290
- $showpath = plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ )));
291
-
292
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
293
- wp_register_style( 'show-login', $hidepath );
294
- } else {
295
- wp_register_style( 'show-login', $showpath );
296
- }
297
- wp_enqueue_style( 'show-login' );
298
- }
299
-
300
- function mo_2_factor_show_wp_login_form() {
301
- $mo2f_enable_login_with_2nd_factor = get_option( 'mo2f_enable_login_with_2nd_factor' );
302
-
303
-
304
- ?>
305
- <div class="mo2f-login-container">
306
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?>
307
- <div style="position: relative" class="or-container">
308
- <div class="login_with_2factor_inner_div"></div>
309
- <h2 class="login_with_2factor_h2"><?php echo mo2f_lt( 'or' ); ?></h2>
310
- </div>
311
- <?php } ?>
312
-
313
- <br>
314
- <div class="mo2f-button-container" id="mo2f_button_container">
315
- <input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true"
316
- placeholder="<?php echo mo2f_lt( 'Username' ); ?>"/>
317
- <p>
318
- <?php
319
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
320
- {
321
-
322
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
323
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
324
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
325
- }
326
-
327
- ?>
328
- <input type="button" name="miniorange_login_submit" style="width:100% !important;"
329
- onclick="mouserloginsubmit();" id="miniorange_login_submit"
330
- class="button button-primary button-large"
331
- value="<?php echo mo2f_lt( 'Login with 2nd factor' ); ?>"/>
332
- </p>
333
- <br><br><br>
334
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?><br><br><?php } ?>
335
- </div>
336
- </div>
337
-
338
- <script>
339
- jQuery(window).scrollTop(jQuery('#mo2f_button_container').offset().top);
340
-
341
- function mouserloginsubmit() {
342
- var username = jQuery('#mo2fa_usernamekey').val();
343
- var recap = jQuery('#g-recaptcha-response').val();
344
-
345
- document.getElementById("mo2f_show_qrcode_loginform").elements[0].value = username;
346
- document.getElementById("mo2f_show_qrcode_loginform").elements[1].value = recap;
347
-
348
- jQuery('#mo2f_show_qrcode_loginform').submit();
349
-
350
- }
351
-
352
- jQuery('#mo2fa_usernamekey').keypress(function (e) {
353
- if (e.which == 13) {//Enter key pressed
354
- e.preventDefault();
355
- var username = jQuery('#mo2fa_usernamekey').val();
356
- document.getElementById("mo2f_show_qrcode_loginform").elements[0].value = username;
357
- jQuery('#mo2f_show_qrcode_loginform').submit();
358
- }
359
-
360
- });
361
- </script>
362
- <?php
363
- }
364
-
365
- function miniorange_login_footer_form() {
366
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
367
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
368
- if(is_null($session_id_encrypt)) {
369
- $session_id_encrypt=$pass2fa_login_session->create_session();
370
- }
371
-
372
- ?>
373
- <input type="hidden" name="miniorange_login_nonce"
374
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
375
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
376
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
377
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
378
- <input type="hidden" id="sessids" name="session_id"
379
- value="<?php echo $session_id_encrypt; ?>"/>
380
- </form>
381
- <form name="f" id="mo2f_show_qrcode_loginform" method="post" action="" hidden>
382
- <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
383
- <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
384
- <input type="hidden" name="miniorange_login_nonce"
385
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
386
- <input type="hidden" id="sessid" name="session_id"
387
- value="<?php echo $session_id_encrypt; ?>"/>
388
- </form>
389
- <script>
390
- jQuery(document).ready(function () {
391
- var session_ids="<?php echo $session_id_encrypt; ?>";
392
- if (document.getElementById('loginform') != null) {
393
- jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
394
-
395
- }
396
- });
397
- </script>
398
- <?php
399
-
400
- }
401
- }
402
-
 
 
 
 
 
 
403
  ?>
1
+ <?Php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
+ class Miniorange_Mobile_Login {
27
+
28
+ function mo2fa_default_login( $user, $username, $password ) {
29
+
30
+ global $Mo2fdbQueries;
31
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
+ if ( is_wp_error( $currentuser ) ) {
33
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
+ wp_send_json_success($data);
36
+ }
37
+ else{
38
+ return $currentuser;
39
+ }
40
+ } else {
41
+ if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
+ {
43
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
45
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
46
+ $handleSecondFactor = new Miniorange_Password_2Factor_Login();
47
+ if(is_null($session_id)) {
48
+ $session_id = $handleSecondFactor->create_session();
49
+ }
50
+
51
+ $key = get_option('mo2f_customer_token');
52
+ $otp_token = '';
53
+ $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
54
+
55
+ }
56
+ $this->miniorange_login_start_session();
57
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
58
+ $session_id=$pass2fa_login_session->create_session();
59
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
60
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
61
+ if ( $mo2f_configured_2FA_method ) {
62
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
63
+ $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
64
+ if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
65
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
66
+ $this->mo_auth_show_error_message();
67
+ $this->mo2f_redirectto_wp_login();
68
+ $error = new WP_Error();
69
+ return $error;
70
+ } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
71
+ $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
72
+ }
73
+ } else { //plugin is not activated for non-admin then logged him in
74
+ $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
75
+ }
76
+ }
77
+ }
78
+
79
+ public function miniorange_login_start_session() {
80
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
81
+ session_start();
82
+ }
83
+ }
84
+
85
+ function mo_auth_show_error_message($value = null) {
86
+ remove_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
87
+ add_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
88
+ }
89
+
90
+ function mo2f_redirectto_wp_login() {
91
+ global $Mo2fdbQueries;
92
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
93
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
94
+ if(is_null($session_id)) {
95
+ $session_id=$pass2fa_login_session->create_session();
96
+ }
97
+ remove_action( 'login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login' ) );
98
+ add_action( 'login_dequeue_scripts', array( $this, 'mo_2_factor_show_login' ) );
99
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
100
+ MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' );
101
+ } else {
102
+ MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM' );
103
+ }
104
+ }
105
+
106
+ function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
107
+ $user_id = $user->ID;
108
+ wp_set_current_user( $user_id, $user->user_login );
109
+ $this->remove_current_activity($session_id);
110
+ wp_set_auth_cookie( $user_id, true );
111
+ do_action( 'wp_login', $user->user_login, $user );
112
+ redirect_user_to( $user, $redirect_to );
113
+ exit;
114
+ }
115
+
116
+ function remove_current_activity($session_id) {
117
+ global $Mo2fdbQueries;
118
+ $session_variables = array(
119
+ 'mo2f_current_user_id',
120
+ 'mo2f_1stfactor_status',
121
+ 'mo_2factor_login_status',
122
+ 'mo2f-login-qrCode',
123
+ 'mo2f_transactionId',
124
+ 'mo2f_login_message',
125
+ 'mo2f_rba_status',
126
+ 'mo_2_factor_kba_questions',
127
+ 'mo2f_show_qr_code',
128
+ 'mo2f_google_auth',
129
+ 'mo2f_authy_keys'
130
+ );
131
+
132
+ $cookie_variables = array(
133
+ 'mo2f_current_user_id',
134
+ 'mo2f_1stfactor_status',
135
+ 'mo_2factor_login_status',
136
+ 'mo2f-login-qrCode',
137
+ 'mo2f_transactionId',
138
+ 'mo2f_login_message',
139
+ 'mo2f_rba_status_status',
140
+ 'mo2f_rba_status_sessionUuid',
141
+ 'mo2f_rba_status_decision_flag',
142
+ 'kba_question1',
143
+ 'kba_question2',
144
+ 'mo2f_show_qr_code',
145
+ 'mo2f_google_auth',
146
+ 'mo2f_authy_keys'
147
+ );
148
+
149
+ $temp_table_variables = array(
150
+ 'session_id',
151
+ 'mo2f_current_user_id',
152
+ 'mo2f_login_message',
153
+ 'mo2f_1stfactor_status',
154
+ 'mo2f_transactionId',
155
+ 'mo_2_factor_kba_questions',
156
+ 'mo2f_rba_status',
157
+ 'ts_created'
158
+ );
159
+
160
+ MO2f_Utility::unset_session_variables( $session_variables );
161
+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
162
+ MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
163
+ }
164
+
165
+ function custom_login_enqueue_scripts() {
166
+ wp_enqueue_script( 'jquery' );
167
+ $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
168
+ $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
169
+ wp_enqueue_style( 'bootstrap_script', $bootstrappath );
170
+ wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__ ))) );
171
+ }
172
+
173
+ function mo_2_factor_hide_login() {
174
+ $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
175
+ $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
176
+ $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
177
+ $hidepath = str_replace('/handler/includes/css', '/includes/css', $hidepath);
178
+
179
+ wp_register_style( 'hide-login', $hidepath );
180
+ wp_register_style( 'bootstrap', $bootstrappath );
181
+ wp_enqueue_style( 'hide-login' );
182
+ wp_enqueue_style( 'bootstrap' );
183
+
184
+ }
185
+
186
+ function mo_auth_success_message() {
187
+ $message = isset($_SESSION['mo2f_login_message']) ? $_SESSION['mo2f_login_message'] : '';
188
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
189
+ $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
190
+ //if the php session folder has insufficient permissions, cookies to be used
191
+
192
+
193
+ if($message == '')
194
+ {
195
+ $message = 'Please login into your account using password.';
196
+ }
197
+
198
+ return "<div> <p class='message'>" . $message . "</p></div>";
199
+ }
200
+
201
+ function mo_auth_error_message() {
202
+ $id = "login_error1";
203
+ //if the php session folder has insufficient permissions, cookies to be used
204
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
205
+ $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
206
+ //if the php session folder has insufficient permissions, cookies to be used
207
+ if($message=='')
208
+ {
209
+ $message = 'Invalid Username';
210
+ }
211
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
212
+ { //test
213
+ $message = 'Invalid Username or recaptcha';
214
+ }
215
+ return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
216
+ }
217
+
218
+ function mo_auth_show_success_message() {
219
+ remove_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
220
+ add_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
221
+ }
222
+
223
+ function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
224
+ global $Mo2fdbQueries;
225
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
226
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
227
+
228
+ if(is_null($session_id_encrypt)) {
229
+ $session_id_encrypt=$pass2fa_login_session->create_session();
230
+ }
231
+
232
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
233
+ //if the php session folder has insufficient permissions, cookies to be used
234
+ $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' ,$session_id_encrypt);
235
+
236
+ if(MO2F_IS_ONPREM)
237
+ {
238
+ $userName = isset($_POST['mo2fa_username']) ? $_POST['mo2fa_username'] : '';
239
+
240
+ if(!empty($userName))
241
+ {
242
+ $user = get_user_by('login',$userName);
243
+ if($user)
244
+ {
245
+ //$currentMethod = get_user_meta($user->ID, 'currentMethod', true);
246
+ $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
247
+ if($currentMethod == 'None' or $currentMethod == '')
248
+ $login_status_phone_enable = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
249
+ }
250
+ }
251
+ }
252
+ if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( $_POST['miniorange_login_nonce'], 'miniorange-2-factor-login-nonce' ) ) {
253
+ $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
+ $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
+ $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
256
+ $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
+ ?>
258
+ <script>
259
+ jQuery('#user_login').val(<?php echo "'" . $mo2f_user_login . "'"; ?>);
260
+ </script><?php
261
+ } else {
262
+ $this->mo_2_factor_show_login();
263
+ $this->mo_2_factor_show_wp_login_form();
264
+ }
265
+ } else { //Login with phone is alogin with default login form
266
+ $this->mo_2_factor_show_login();
267
+ $this->mo_2_factor_show_wp_login_form();
268
+ }
269
+
270
+ }
271
+
272
+ function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
273
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ ))) );
274
+ wp_enqueue_style( 'show-login' );
275
+ }
276
+
277
+
278
+ // login form fields
279
+
280
+ function mo_2_factor_show_wp_login_form_when_phonelogin_enabled() {
281
+ ?>
282
+ <script>
283
+ var content = ' <a href="javascript:void(0)" id="backto_mo" onClick="mo2fa_backtomologin()" style="float:right">← Back</a>';
284
+ jQuery('#login').append(content);
285
+
286
+ function mo2fa_backtomologin() {
287
+ jQuery('#mo2f_backto_mo_loginform').submit();
288
+ }
289
+ </script>
290
+ <?php
291
+ }
292
+
293
+ function mo_2_factor_show_login() {
294
+ $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
295
+
296
+ $showpath = plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ )));
297
+
298
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
299
+ wp_register_style( 'show-login', $hidepath );
300
+ } else {
301
+ wp_register_style( 'show-login', $showpath );
302
+ }
303
+ wp_enqueue_style( 'show-login' );
304
+ }
305
+
306
+ function mo_2_factor_show_wp_login_form() {
307
+ $mo2f_enable_login_with_2nd_factor = get_option( 'mo2f_enable_login_with_2nd_factor' );
308
+
309
+
310
+ ?>
311
+ <div class="mo2f-login-container">
312
+ <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?>
313
+ <div style="position: relative" class="or-container">
314
+ <div class="login_with_2factor_inner_div"></div>
315
+ <h2 class="login_with_2factor_h2"><?php echo mo2f_lt( 'or' ); ?></h2>
316
+ </div>
317
+ <?php } ?>
318
+
319
+ <br>
320
+ <div class="mo2f-button-container" id="mo2f_button_container">
321
+ <input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true"
322
+ placeholder="<?php echo mo2f_lt( 'Username' ); ?>"/>
323
+ <p>
324
+ <?php
325
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
326
+ {
327
+
328
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
329
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
330
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
331
+ }
332
+
333
+ ?>
334
+ <input type="button" name="miniorange_login_submit" style="width:100% !important;"
335
+ onclick="mouserloginsubmit();" id="miniorange_login_submit"
336
+ class="miniorange-button button-add"
337
+ value="<?php echo mo2f_lt( 'Login with 2nd factor' ); ?>"/>
338
+ </p>
339
+ <br>
340
+ <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?><br><br><?php } ?>
341
+ </div>
342
+ </div>
343
+
344
+ <script>
345
+ jQuery(window).scrollTop(jQuery('#mo2f_button_container').offset().top);
346
+
347
+ function mouserloginsubmit() {
348
+ var username = jQuery('#mo2fa_usernamekey').val();
349
+ var recap = jQuery('#g-recaptcha-response').val();
350
+
351
+ document.getElementById("mo2f_show_qrcode_loginform").elements[0].value = username;
352
+ document.getElementById("mo2f_show_qrcode_loginform").elements[1].value = recap;
353
+
354
+ jQuery('#mo2f_show_qrcode_loginform').submit();
355
+
356
+ }
357
+
358
+ jQuery('#mo2fa_usernamekey').keypress(function (e) {
359
+ if (e.which == 13) {//Enter key pressed
360
+ e.preventDefault();
361
+ var username = jQuery('#mo2fa_usernamekey').val();
362
+ document.getElementById("mo2f_show_qrcode_loginform").elements[0].value = username;
363
+ jQuery('#mo2f_show_qrcode_loginform').submit();
364
+ }
365
+
366
+ });
367
+ </script>
368
+ <?php
369
+ }
370
+
371
+ function miniorange_login_footer_form() {
372
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
373
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
374
+ if(is_null($session_id_encrypt)) {
375
+ $session_id_encrypt=$pass2fa_login_session->create_session();
376
+ }
377
+
378
+ ?>
379
+ <input type="hidden" name="miniorange_login_nonce"
380
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
381
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
382
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
383
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
384
+ <input type="hidden" id="sessids" name="session_id"
385
+ value="<?php echo $session_id_encrypt; ?>"/>
386
+ </form>
387
+ <form name="f" id="mo2f_show_qrcode_loginform" method="post" action="" hidden>
388
+ <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
389
+ <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
390
+ <input type="hidden" name="miniorange_login_nonce"
391
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
392
+ <input type="hidden" id="sessid" name="session_id"
393
+ value="<?php echo $session_id_encrypt; ?>"/>
394
+ </form>
395
+ <script>
396
+ jQuery(document).ready(function () {
397
+ var session_ids="<?php echo $session_id_encrypt; ?>";
398
+ if (document.getElementById('loginform') != null) {
399
+ jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
400
+
401
+ }
402
+ });
403
+ </script>
404
+ <?php
405
+
406
+ }
407
+ }
408
+
409
  ?>
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1,2557 +1,2654 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
-
25
- include 'two_fa_login.php';
26
- class Miniorange_Password_2Factor_Login {
27
-
28
- private $mo2f_kbaquestions;
29
- private $mo2f_userID;
30
- private $mo2f_rbastatus;
31
- private $mo2f_transactionid;
32
-
33
- function mo2f_inline_login(){
34
- global $moWpnsUtility;
35
- $email = sanitize_email( $_POST['email'] );
36
- $password = sanitize_text_field( $_POST['password'] );
37
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
38
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
39
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
40
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
- {
42
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
- return;
46
- }
47
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
- }
49
- function mo2f_inline_register(){
50
- global $moWpnsUtility, $Mo2fdbQueries;
51
- $email = sanitize_email($_POST['email']);
52
- $company = $_SERVER["SERVER_NAME"];
53
- $password = sanitize_text_field($_POST['password']);
54
- $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
56
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
57
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
58
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
59
- {
60
- $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
61
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
62
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
63
- }
64
- if( $password != $confirmPassword )
65
- {
66
- $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
67
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
68
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
69
- }
70
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
71
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
72
- {
73
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
74
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
75
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
76
- }
77
-
78
- update_option( 'mo2f_email', $email );
79
-
80
- update_option( 'mo_wpns_company' , $company );
81
-
82
- update_option( 'mo_wpns_password' , $password );
83
-
84
- $customer = new MocURL();
85
- $content = json_decode($customer->check_customer($email), true);
86
- $Mo2fdbQueries->insert_user( $user_id );
87
- switch ($content['status'])
88
- {
89
- case 'CUSTOMER_NOT_FOUND':
90
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
91
-
92
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
93
- {
94
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
95
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
96
- }
97
-
98
- break;
99
- default:
100
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
101
- break;
102
- }
103
-
104
- }
105
-
106
- function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
107
- {
108
- global $Mo2fdbQueries;
109
- $customer = new MocURL();
110
-
111
- $content = $customer->get_customer_key($email, $password);
112
- $customerKey = json_decode($content, true);
113
- if(json_last_error() == JSON_ERROR_NONE)
114
- {
115
- if(isset($customerKey['phone'])){
116
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
117
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
118
- }
119
- update_option('mo2f_email',$email);
120
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
121
- $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
122
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
123
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
124
- }
125
- else
126
- {
127
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
128
- $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
129
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
130
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
131
- }
132
- }
133
-
134
- function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
135
- {
136
- global $Mo2fdbQueries;
137
- update_option( 'mo2f_customerKey' , $id );
138
- update_option( 'mo2f_api_key' , $apiKey );
139
- update_option( 'mo2f_customer_token' , $token );
140
- update_option( 'mo2f_app_secret' , $appSecret );
141
- update_option( 'mo_wpns_enable_log_requests' , true );
142
- update_option( 'mo2f_miniorange_admin', $id );
143
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
144
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
145
- $Mo2fdbQueries->update_user_details( $user_id, array(
146
- 'mo2f_user_email' =>$email
147
- ) );
148
- }
149
- function mo2f_inline_validate_otp(){
150
- if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
151
- $nonce = $_POST['miniorange_inline_validate_otp_nonce'];
152
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
153
- $error = new WP_Error();
154
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
155
- return $error;
156
- } else {
157
- global $Mo2fdbQueries;
158
- $this->miniorange_pass2login_start_session();
159
- $otp_token = '';
160
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
161
- $mo2fa_login_message = '';
162
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
163
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
164
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
165
- } else{
166
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
167
- }
168
-
169
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
170
- $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
171
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
172
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
173
- $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
174
- $customer = new Customer_Setup();
175
- $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
176
- if($content['status'] == 'ERROR'){
177
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
178
- }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
179
- $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
180
- if($user_phone && strlen($user_phone) >= 4){
181
- if($phone != $user_phone ){
182
-
183
- $Mo2fdbQueries->update_user_details( $current_user, array(
184
- 'mobile_registration_status' =>false
185
- ) );
186
- }
187
- }
188
-
189
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
190
- if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
191
- $Mo2fdbQueries->update_user_details( $current_user, array(
192
- 'mo2f_OTPOverSMS_config_status' =>true,
193
- 'mo2f_user_phone' =>$phone
194
- ) );
195
- }else{
196
- $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
197
-
198
- }
199
- // unset($_SESSION[ 'mo2f_phone']);
200
- // if(MO2F_IS_ONPREM)
201
- // update_user_meta($current_user,'currentMethod','OTP Over SMS'); ///current_user = current_user_id
202
- // else
203
- // {
204
- $Mo2fdbQueries->update_user_details($current_user, array(
205
- "mo2f_configured_2FA_method" => 'OTP Over SMS',
206
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
207
- ) );
208
- $TwoF_setup = new Two_Factor_Setup();
209
- $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
210
-
211
- // }
212
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
213
-
214
- }else{ // OTP Validation failed.
215
- $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
216
- }
217
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
218
- }
219
- }
220
-
221
- }
222
- function mo2f_inline_send_otp(){
223
- if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
224
- $nonce = $_POST['miniorange_inline_verify_phone_nonce'];
225
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
226
- $error = new WP_Error();
227
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
228
- return $error;
229
- } else {
230
- global $Mo2fdbQueries;
231
- $this->miniorange_pass2login_start_session();
232
- $phone = sanitize_text_field( $_POST['verify_phone'] );
233
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
234
- $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
235
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
236
- $customer = new Customer_Setup();
237
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
238
- $parameters = array();
239
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
240
-
241
- $mo2fa_login_message = '';
242
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
243
- if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
244
- $phone = sanitize_text_field( $_POST['verify_phone'] );
245
- $phone = sanitize_text_field( $_POST['verify_phone'] );
246
- if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
247
- $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
248
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
249
- }
250
- $phone = str_replace(' ', '', $phone);
251
- // $_SESSION['mo2f_phone'] = $phone;
252
- update_user_meta($current_user,'mo2f_user_phone',$phone);
253
- }
254
- if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
255
- $currentMethod = "SMS";
256
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
257
- $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
258
- $parameters = array("phone" => $phone, "email" => $email);
259
- }else if($selected_2factor_method == 'PHONE VERIFICATION'){
260
- $currentMethod = "PHONE_VERIFICATION";
261
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
262
- $currentMethod = "OTP_OVER_EMAIL";
263
- $parameters = $email;
264
- }
265
- if($selected_2factor_method == 'SMS AND EMAIL'){
266
- $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
267
- }
268
- else if($selected_2factor_method == 'OTP OVER EMAIL'){
269
- $content = json_decode($customer->send_otp_token($email,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
270
- }
271
- else{
272
- $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
273
-
274
- }
275
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
276
- if($content['status'] == 'ERROR'){
277
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
278
- }else if($content['status'] == 'SUCCESS'){
279
- // $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
280
- update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
281
- if($selected_2factor_method == 'SMS'){
282
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
283
- $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
284
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
285
- $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
286
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
287
- $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
288
- }else if($selected_2factor_method== 'PHONE VERIFICATION'){
289
- $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
290
- }
291
- }else if($content['status'] == 'FAILED'){
292
- $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
293
- }else{
294
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
295
- }
296
- }else{
297
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
298
- }
299
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
300
- }
301
- }
302
-
303
- }
304
- function mo2f_inline_validate_kba(){
305
- if(isset($_POST['mo2f_inline_save_kba_nonce'])){
306
- $nonce = $_POST['mo2f_inline_save_kba_nonce'];
307
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
308
- $error = new WP_Error();
309
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
310
- return $error;
311
- } else {
312
- global $Mo2fdbQueries;
313
- $this->miniorange_pass2login_start_session();
314
- $mo2fa_login_message = '';
315
- $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
316
- $temp_array = array($_POST['mo2f_kbaquestion_1'],$_POST['mo2f_kbaquestion_2'],$_POST['mo2f_kbaquestion_3']);
317
- $kba_questions = array();
318
- foreach($temp_array as $question){
319
- if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
320
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
321
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
322
- }else{
323
- $ques = sanitize_text_field($question);
324
- $ques = addcslashes(stripslashes($ques), '"\\');
325
- array_push($kba_questions, $ques);
326
- }
327
- }
328
- if(!(array_unique($kba_questions) == $kba_questions)){
329
- $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
330
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
331
- }
332
- $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
333
- $kba_answers = array();
334
- foreach($temp_array_ans as $answer){
335
- if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
336
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
337
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
338
- }else{
339
- $ques = sanitize_text_field($answer);
340
- $answer = strtolower($answer);
341
- array_push($kba_answers, $answer);
342
- }
343
- }
344
- $size = sizeof($kba_questions);
345
- $kba_q_a_list = array();
346
- for($c = 0; $c < $size; $c++){
347
- array_push($kba_q_a_list, $kba_questions[$c]);
348
- array_push($kba_q_a_list, $kba_answers[$c]);
349
- }
350
-
351
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
352
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
353
- $current_user = get_user_by('id',$user_id);
354
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
355
-
356
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
357
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
358
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
359
- 'mo2f_SecurityQuestions_config_status' =>true,
360
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
361
- ) );
362
- if(!MO2F_IS_ONPREM)
363
- {
364
- $kba_q1 = $_POST['mo2f_kbaquestion_1'];
365
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
366
- $kba_q2 = $_POST['mo2f_kbaquestion_2'];
367
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
368
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
369
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
370
-
371
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
372
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
373
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
374
-
375
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
376
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
377
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
378
-
379
- $kba_registration = new Two_Factor_Setup();
380
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
381
-
382
- if ( json_last_error() == JSON_ERROR_NONE ) {
383
-
384
- if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
385
- $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
386
- }
387
-
388
- }
389
- }
390
-
391
- $kba_q1 = $kba_q_a_list[0];
392
- $kba_a1 = md5($kba_q_a_list[1]);
393
- $kba_q2 = $kba_q_a_list[2];
394
- $kba_a2 = md5($kba_q_a_list[3]);
395
- $kba_q3 = $kba_q_a_list[4];
396
- $kba_a3 = md5($kba_q_a_list[5]);
397
- $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
398
- update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
399
- if(!isset($_POST['mo2f_inline_kba_status'])){
400
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
401
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
402
- // update_user_meta($current_user->ID, 'currentMethod','Security Questions');
403
- }
404
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
405
- }
406
- }
407
- }
408
-
409
- function mo2f_inline_validate_mobile_authentication(){
410
- if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
411
- $nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce'];
412
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
413
- $error = new WP_Error();
414
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
415
- return $error;
416
- } else {
417
- global $Mo2fdbQueries;
418
- $this->miniorange_pass2login_start_session();
419
- // unset($_SESSION[ 'mo2f-login-qrCode' ]);
420
- // unset($_SESSION[ 'mo2f-login-transactionId' ]);
421
- // unset($_SESSION[ 'mo2f_show_qr_code'] );
422
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
423
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
424
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
425
- // $current_user = get_user_by('id',$user_id);
426
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
427
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
428
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
429
- $mo2fa_login_message = '';
430
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
431
- $enduser = new Two_Factor_Setup();
432
- if($selected_2factor_method == 'SOFT TOKEN')
433
- $selected_2factor_method_onprem = 'miniOrange Soft Token';
434
- else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
435
- $selected_2factor_method_onprem = 'miniOrange Push Notification';
436
- else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
437
- $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
438
-
439
- $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
440
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
441
- if($response['status'] == 'ERROR'){
442
- $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
443
- }else if($response['status'] == 'SUCCESS'){
444
- $Mo2fdbQueries->update_user_details( $user_id, array(
445
- 'mobile_registration_status' =>true,
446
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
447
- 'mo2f_miniOrangeSoftToken_config_status' => true,
448
- 'mo2f_miniOrangePushNotification_config_status' => true,
449
- 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
450
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
451
- ) );
452
- // $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
453
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
454
- }else{
455
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
456
- }
457
- }else{
458
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
459
- }
460
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
461
- }
462
- }
463
-
464
- }
465
-
466
- function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
467
- global $Mo2fdbQueries;
468
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
469
- $pass2fa= new Miniorange_Password_2Factor_Login();
470
- $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
471
- exit;
472
- }
473
-
474
- function mo2f_inline_get_qr_code_for_mobile($email,$id){
475
- $registerMobile = new Two_Factor_Setup();
476
- $content = $registerMobile->register_mobile($email);
477
- $response = json_decode($content, true);
478
- $message = '';
479
- $miniorageqr=array();
480
- if(json_last_error() == JSON_ERROR_NONE) {
481
- if($response['status'] == 'ERROR'){
482
- $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
483
- delete_user_meta( $id, 'miniorageqr' );
484
- }else{
485
- if($response['status'] == 'IN_PROGRESS'){
486
-
487
- $miniorageqr['message']='';
488
- $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
489
- $miniorageqr['mo2f-login-transactionId']=$response['txId'];
490
- $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
491
- update_user_meta($id,'miniorageqr',$miniorageqr);
492
- }else{
493
- $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
494
- delete_user_meta( $id, 'miniorageqr' );
495
- }
496
- }
497
- }
498
- return $miniorageqr;
499
- }
500
-
501
- function inline_mobile_configure(){
502
- if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
503
- $nonce = $_POST['miniorange_inline_show_qrcode_nonce'];
504
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
505
- $error = new WP_Error();
506
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
507
- return $error;
508
- } else {
509
- global $Mo2fdbQueries;
510
- $this->miniorange_pass2login_start_session();
511
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
512
-
513
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
514
-
515
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
516
- $current_user = get_user_by('id',$user_id);
517
- $mo2fa_login_message = '';
518
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
519
- $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
520
- if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
521
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
522
- $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
523
- $mo2fa_login_message=$miniorageqr['message'];
524
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
525
- $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
526
- }else{
527
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
528
- }
529
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
530
- }
531
- }
532
- }
533
-
534
- function inline_validate_and_set_ga(){
535
- if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
536
- $nonce = $_POST['mo2f_inline_validate_ga_nonce'];
537
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
538
- $error = new WP_Error();
539
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
540
- return $error;
541
- } else {
542
- global $Mo2fdbQueries;
543
- $this->miniorange_pass2login_start_session();
544
- $otpToken = $_POST['google_auth_code'];
545
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
546
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
547
- $current_user = get_user_by('id',$user_id);
548
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
549
- $mo2f_google_auth=json_decode(get_user_meta($user_id,'mo2f_google_auth', true),true);
550
- $mo2f_google_auth = isset($mo2f_google_auth) ?$mo2f_google_auth : null;
551
- // $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
552
- $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
553
- $mo2fa_login_message = '';
554
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
555
- if(MO2f_Utility::mo2f_check_number_length($otpToken)){
556
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
557
- //$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user->ID);
558
- $google_auth = new Miniorange_Rba_Attributes();
559
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
560
- if(json_last_error() == JSON_ERROR_NONE) {
561
- if($google_response['status'] == 'SUCCESS'){
562
- $response = $google_response;
563
- if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
564
- if($response['status'] == 'SUCCESS'){
565
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
566
- 'mo2f_GoogleAuthenticator_config_status' => true,
567
- 'mo2f_configured_2FA_method' => 'Google Authenticator',
568
- 'mo2f_AuthyAuthenticator_config_status' => false,
569
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
570
- ) );
571
-
572
- if(MO2F_IS_ONPREM){
573
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
574
- //update_user_meta($current_user->ID, 'currentMethod','Google Authenticator');
575
- //update_user_meta($current_user->ID,'Google Authenticator',true);
576
- $gauth_obj= new Google_auth_onpremise();
577
- $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
578
- }
579
- update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
580
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
581
- unset($_SESSION['mo2f_google_auth']);
582
- }else{
583
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
584
- }
585
- }else{
586
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
587
- }
588
- }else{
589
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
590
- }
591
- }else{
592
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
593
- }
594
- }else{
595
- $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
596
- }
597
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
598
- }
599
- }
600
- }
601
-
602
- function back_to_select_2fa(){
603
- if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
604
- $nonce = $_POST['miniorange_inline_two_factor_setup'];
605
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
606
- $error = new WP_Error();
607
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
608
- return $error;
609
- } else {
610
- global $Mo2fdbQueries;
611
- $this->miniorange_pass2login_start_session();
612
- unset($_SESSION['mo2f_google_auth']);
613
- unset($_SESSION['mo2f_authy_keys']);
614
- unset($_SESSION['secret_ga']);
615
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
616
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
617
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
618
- $current_user = get_user_by('id',$user_id);
619
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
620
- $mo2fa_login_message = '';
621
- $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
622
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
623
- }
624
- }
625
- }
626
-
627
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
628
- {
629
- $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
630
- if(isset($tempEmail) and $tempEmail != '')
631
- $email = $tempEmail;
632
- global $Mo2fdbQueries;
633
-
634
- $enduser = new Two_Factor_Setup();
635
- if($current_user_id == get_option('mo2f_miniorange_admin'))
636
- $email = get_option('mo2f_email');
637
-
638
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
639
-
640
- if(json_last_error() == JSON_ERROR_NONE){
641
-
642
-
643
-
644
- if($check_user['status'] == 'ERROR'){
645
- return $check_user;
646
-
647
- }
648
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
649
-
650
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
651
- 'user_registration_with_miniorange' =>'SUCCESS',
652
- 'mo2f_user_email' =>$email,
653
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
654
- ) );
655
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
656
-
657
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
658
- return $check_user;
659
- }
660
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
661
- $current_user = get_user_by('id',$current_user_id);
662
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
663
-
664
- if(json_last_error() == JSON_ERROR_NONE) {
665
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
666
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
667
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
668
- 'user_registration_with_miniorange' =>'SUCCESS',
669
- 'mo2f_user_email' =>$email,
670
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
671
- ) );
672
-
673
- $mo2fa_login_message = '';
674
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
675
- return $check_user;
676
- }else{
677
- $check_user['status']='ERROR';
678
- $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
679
- return $check_user;
680
- }
681
- }
682
-
683
-
684
- }
685
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
686
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
687
- $check_user['status']='ERROR';
688
- $check_user['message']=$mo2fa_login_message;
689
- return $check_user;
690
- // $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
691
- }
692
-
693
- }
694
- // }
695
-
696
- }
697
- function mo2f_skip_2fa_setup()
698
- {
699
- if(isset($_POST['miniorange_skip_2fa_nonce'])){
700
- $nonce = $_POST['miniorange_skip_2fa_nonce'];
701
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
702
- $error = new WP_Error();
703
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
704
- return $error;
705
- }
706
- else{
707
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
708
- global $Mo2fdbQueries;
709
- $redirect_to = sanitize_text_field($_POST['redirect_to']);
710
- $session_id_encrypt = sanitize_text_field($session_id_encrypt);
711
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
712
-
713
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
714
-
715
- $this->mo2fa_pass2login($redirect_to);
716
- }
717
- }
718
- }
719
-
720
- function save_inline_2fa_method(){
721
- if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
722
- $nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
723
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
724
- $error = new WP_Error();
725
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
726
- return $error;
727
- } else {
728
-
729
-
730
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
731
- global $Mo2fdbQueries;
732
- $this->miniorange_pass2login_start_session();
733
- $mo2fa_login_message = '';
734
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
735
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
736
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
737
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
738
- $current_user = get_user_by('id',$user_id);
739
- $currentUserId = $current_user->ID;
740
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
741
- $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
742
- if($user_registration_with_miniorange == 'SUCCESS'){
743
- $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? $_POST['mo2f_selected_2factor_method'] : 'NONE';
744
-
745
- if($selected_method == 'OUT OF BAND EMAIL'){
746
- if(!MO2F_IS_ONPREM)
747
- {
748
- $current_user = get_userdata($currentUserId);
749
- $email = $current_user->user_email;
750
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
751
-
752
- if($response['status']=='ERROR') {
753
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
754
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
755
- }
756
- else
757
- {
758
- $enduser = new Two_Factor_Setup();
759
-
760
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
761
- 'mo2f_email_verification_status' =>true,
762
- 'mo2f_configured_2FA_method' =>'Email Verification',
763
- 'mo2f_user_email' => $email
764
- ) );
765
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
766
- }
767
- }
768
- else
769
- {
770
- $enduser = new Two_Factor_Setup();
771
-
772
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
773
- 'mo2f_email_verification_status' =>true,
774
- 'mo2f_configured_2FA_method' =>'Email Verification',
775
- 'mo2f_user_email' => $email
776
- ) );
777
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
778
- }
779
- }else if($selected_method == 'OTP OVER EMAIL'){
780
- $email = $current_user->user_email;
781
- if(!MO2F_IS_ONPREM)
782
- {
783
- $current_user = get_userdata($currentUserId);
784
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
785
- if($response['status']=='ERROR') {
786
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
787
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
788
- }
789
- else
790
- {
791
- $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
792
-
793
- }
794
- }
795
- else
796
- {
797
- $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
798
- }
799
- }else if($selected_method == "GOOGLE AUTHENTICATOR"){
800
- $this->miniorange_pass2login_start_session();
801
- $mo2fa_login_message = '';
802
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
803
- $google_auth = new Miniorange_Rba_Attributes();
804
-
805
- $gauth_name= get_site_option('mo2f_google_appname');
806
- $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
807
-
808
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
809
-
810
- if ( MO2F_IS_ONPREM ) { //this should not be here
811
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
812
- 'mo2f_configured_2FA_method' =>$selected_method,
813
- ) );
814
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
815
- $gauth_obj = new Google_auth_onpremise();
816
-
817
- $onpremise_secret = $gauth_obj->createSecret();
818
- $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
819
- $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
820
- $mo2f_google_auth = array();
821
- $mo2f_google_auth['ga_qrCode'] = $url;
822
- $mo2f_google_auth['ga_secret'] = $onpremise_secret;
823
- $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
824
- update_user_meta($current_user->ID,'mo2f_google_auth', json_encode($mo2f_google_auth));
825
-
826
- }else{
827
- $current_user = get_userdata($currentUserId);
828
- $email = $current_user->user_email;
829
- $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
830
-
831
- if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
832
- {
833
- $email = $tempemail;
834
- }
835
-
836
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
837
- if($response['status']=='ERROR') {
838
- $mo2fa_login_message=$response['message'];
839
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
840
-
841
- }else{
842
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
843
- 'mo2f_configured_2FA_method' =>$selected_method,
844
- ) );
845
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
846
- if ( json_last_error() == JSON_ERROR_NONE ) {
847
- if ( $google_response['status'] == 'SUCCESS' ) {
848
-
849
- $mo2f_google_auth = array();
850
- $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
851
- $mo2f_google_auth['ga_secret'] = $google_response['secret'];
852
- $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
853
- update_user_meta( $current_user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
854
-
855
- } else {
856
- $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
857
- }
858
- }
859
- }
860
- }
861
-
862
-
863
- }else{
864
- //inline for others
865
- if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
866
- {
867
- $current_user = get_userdata($currentUserId);
868
- $email = $current_user->user_email;
869
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
870
- if($response['status']=='ERROR') {
871
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
872
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
873
- }else {
874
- $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
875
- }
876
- }else{
877
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
878
- 'mo2f_configured_2FA_method' =>$selected_method,
879
- ) );
880
- }
881
- }
882
- }else{
883
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
884
- }
885
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
886
- }
887
- }
888
- }
889
-
890
- function check_kba_validation($POSTED){
891
- if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
892
- $nonce = $POSTED['miniorange_kba_nonce'];
893
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
894
- $error = new WP_Error();
895
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
896
- return $error;
897
- }else{
898
- $this->miniorange_pass2login_start_session();
899
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
900
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
901
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
902
- if ( isset( $user_id ) ) {
903
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
904
- $mo2fa_login_message = 'Please provide both the answers.';
905
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
906
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
907
- }
908
- $otpToken = array();
909
- $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
910
- $otpToken[0] = $kba_questions[0]['question'];
911
- $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
912
- $otpToken[2] = $kba_questions[1]['question'];
913
- $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
914
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? $_POST['mo2f_trust_device'] : 'false';
915
- //if the php session folder has insufficient permissions, cookies to be used
916
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
917
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
918
- $kba_validate = new Customer_Setup();
919
- $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
920
- global $Mo2fdbQueries;
921
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
922
- if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
923
- if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
924
- try {
925
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
926
- } catch ( Exception $e ) {
927
- echo $e->getMessage();
928
- }
929
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
930
- } else {
931
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
932
- }
933
- } else {
934
- $mo2fa_login_message = 'The answers you have provided are incorrect.';
935
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
936
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
937
- }
938
- } else {
939
- $this->remove_current_activity($session_id_encrypt);
940
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
941
- }
942
- }
943
- }
944
- }
945
- function check_rba_cancalation($POSTED){
946
- $nonce = $POSTED['mo2f_trust_device_cancel_nonce'];
947
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
948
- $error = new WP_Error();
949
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
950
- return $error;
951
- } else {
952
- $this->miniorange_pass2login_start_session();
953
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
954
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
955
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
956
- }
957
- }
958
- function check_rba_validation($POSTED){
959
- $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
960
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
961
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
962
- $this->remove_current_activity($session_id_encrypt);
963
- $error = new WP_Error();
964
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
965
- return $error;
966
- } else {
967
- $this->miniorange_pass2login_start_session();
968
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
969
- try {
970
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
971
- Global $Mo2fdbQueries;
972
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
973
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
974
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
975
- } catch ( Exception $e ) {
976
- echo $e->getMessage();
977
- }
978
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
979
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
980
- }
981
- }
982
-
983
- function miniorange2f_back_to_inline_registration($POSTED)
984
- {
985
- $nonce = $_POST['miniorange_back_inline_reg_nonce'];
986
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
987
- $error = new WP_Error();
988
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
989
- return $error;
990
- } else {
991
-
992
- $session_id_encrypt = sanitize_text_field($POSTED['session_id']);
993
- $redirect_to = sanitize_text_field($POSTED['redirect_to']);
994
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
995
- $mo2fa_login_message = '';
996
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
997
- }
998
-
999
- }
1000
-
1001
- function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
1002
- $nonce = $_POST['miniorange_forgotphone'];
1003
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1004
- $error = new WP_Error();
1005
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1006
- return $error;
1007
- } else {
1008
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1009
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1010
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1011
- $mo2fa_login_message = '';
1012
- $this->miniorange_pass2login_start_session();
1013
- $customer = new Customer_Setup();
1014
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1015
- Global $Mo2fdbQueries;
1016
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1017
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1018
- if ( $kba_configuration_status ) {
1019
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1020
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1021
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1022
- } else {
1023
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1024
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1025
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1026
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1027
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1028
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1029
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1030
- //if the php session folder has insufficient permissions, cookies to be used
1031
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1032
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1033
- $this->mo2f_transactionid=$content['txId'];
1034
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1035
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1036
- } else {
1037
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1038
- }
1039
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1040
- }
1041
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1042
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1043
- }
1044
- }
1045
- function check_miniorange_alternate_login_kba($POSTED){
1046
- $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1047
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1048
- $error = new WP_Error();
1049
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1050
- return $error;
1051
- } else {
1052
- $this->miniorange_pass2login_start_session();
1053
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1054
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1055
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1056
- $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1057
- }
1058
- }
1059
- function check_miniorange_mobile_validation($POSTED){
1060
- /*check mobile validation */
1061
-
1062
- $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1063
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1064
- $error = new WP_Error();
1065
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1066
- return $error;
1067
- } else {
1068
- if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1069
- {
1070
- $txid = $POSTED['TxidEmail'];
1071
- $status = get_option($txid);
1072
- if($status != '')
1073
- {
1074
- if($status != 1)
1075
- {
1076
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1077
- }
1078
- }
1079
- }
1080
- $this->miniorange_pass2login_start_session();
1081
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1082
- //if the php session folder has insufficient permissions, cookies to be used
1083
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1084
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1085
- $checkMobileStatus = new Two_Factor_Setup();
1086
- $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1087
- $response = json_decode( $content, true );
1088
- if(MO2F_IS_ONPREM)
1089
- {
1090
- $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1091
- }
1092
- if ( json_last_error() == JSON_ERROR_NONE ) {
1093
- if ( $response['status'] == 'SUCCESS' ) {
1094
- if ( get_option( 'mo2f_remember_device' ) ) {
1095
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1096
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1097
- } else {
1098
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1099
- }
1100
- } else {
1101
- $this->remove_current_activity($session_id_encrypt);
1102
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1103
- }
1104
- } else {
1105
- $this->remove_current_activity($session_id_encrypt);
1106
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1107
- }
1108
- }
1109
- }
1110
- function check_miniorange_mobile_validation_failed($POSTED){
1111
- /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1112
- $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1113
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1114
- $error = new WP_Error();
1115
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1116
- return $error;
1117
- } else {
1118
- $this->miniorange_pass2login_start_session();
1119
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1120
- $this->remove_current_activity($session_id_encrypt);
1121
-
1122
- }
1123
- }
1124
- function check_miniorange_forgotphone($POSTED){
1125
- $nonce = $POSTED['miniorange_forgotphone'];
1126
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1127
- $error = new WP_Error();
1128
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1129
- return $error;
1130
- } else {
1131
- global $Mo2fdbQueries;
1132
- $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1133
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1134
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1135
- $mo2fa_login_message = '';
1136
- $this->miniorange_pass2login_start_session();
1137
- $customer = new Customer_Setup();
1138
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1139
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1140
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1141
- if ( $kba_configuration_status ) {
1142
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1143
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1144
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1145
- } else {
1146
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1147
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1148
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1149
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1150
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1151
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1152
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1153
- //if the php session folder has insufficient permissions, cookies to be used
1154
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1155
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1156
- $this->mo2f_transactionid=$content['txId'];
1157
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1158
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1159
- } else {
1160
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1161
- }
1162
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1163
- }
1164
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1165
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1166
- }
1167
- }
1168
- function check_miniorange_softtoken($POSTED){
1169
- /*Click on the link of phone is offline */
1170
- $nonce = $POSTED['miniorange_softtoken'];
1171
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1172
- $error = new WP_Error();
1173
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1174
- return $error;
1175
- } else {
1176
- $this->miniorange_pass2login_start_session();
1177
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1178
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1179
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1180
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1181
- MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1182
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1183
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1184
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1185
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1186
- }
1187
- }
1188
- function check_miniorange_soft_token($POSTED){
1189
- /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1190
- $nonce = $_POST['miniorange_soft_token_nonce'];
1191
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1192
- $error = new WP_Error();
1193
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1194
- return $error;
1195
- }else {
1196
- $this->miniorange_pass2login_start_session();
1197
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1198
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1199
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1200
- $softtoken = '';
1201
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1202
- $attempts = get_option('mo2f_attempts_before_redirect', 3);
1203
- if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1204
- if($attempts>1 || $attempts=='disabled')
1205
- {
1206
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1207
- $mo2fa_login_message = 'Please enter OTP to proceed.';
1208
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1209
- }else{
1210
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1211
- $this->remove_current_activity($session_id_encrypt);
1212
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1213
- }
1214
- } else {
1215
- $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1216
- if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1217
- if($attempts>1|| $attempts=='disabled')
1218
- {
1219
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1220
- $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1221
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1222
- }else{
1223
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1224
- $this->remove_current_activity($session_id_encrypt);
1225
- update_option('mo2f_attempts_before_redirect', 3);
1226
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1227
- }
1228
- }
1229
- }
1230
- global $Mo2fdbQueries;
1231
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1232
- if ( isset( $user_id ) ) {
1233
- $customer = new Customer_Setup();
1234
- $content = '';
1235
- $current_user = get_userdata($user_id);
1236
- //if the php session folder has insufficient permissions, cookies to be used
1237
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1238
- if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1239
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1240
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1241
- $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1242
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1243
- $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1244
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1245
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1246
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1247
- $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1248
- } else {
1249
- $this->remove_current_activity($session_id_encrypt);
1250
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1251
- }
1252
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1253
- update_option('mo2f_attempts_before_redirect', 3);
1254
- if ( get_option( 'mo2f_remember_device' ) ) {
1255
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1256
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1257
- } else {
1258
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1259
- }
1260
- } else {
1261
- if($attempts>1 || $attempts=='disabled')
1262
- {
1263
- update_option('mo2f_attempts_before_redirect', $attempts-1);
1264
- $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1265
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1266
- }else{
1267
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1268
- $this->remove_current_activity($session_id_encrypt);
1269
- update_option('mo2f_attempts_before_redirect', 3);
1270
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1271
- }
1272
- }
1273
- } else {
1274
- $this->remove_current_activity($session_id_encrypt);
1275
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1276
- }
1277
- }
1278
- }
1279
- function check_miniorange_attribute_collection($POSTED){
1280
- $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1281
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1282
- $error = new WP_Error();
1283
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1284
- return $error;
1285
- } else {
1286
- $this->miniorange_pass2login_start_session();
1287
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1288
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1289
- $currentuser = get_user_by( 'id', $user_id );
1290
- $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1291
- $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1292
- $session_id = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1293
- $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1294
- }
1295
- }
1296
- function check_miniorange_inline_skip_registration($POSTED){
1297
- $error = new WP_Error();
1298
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1299
- }
1300
- function miniorange_pass2login_redirect() {
1301
- do_action('mo2f_network_init');
1302
- global $Mo2fdbQueries;
1303
-
1304
- if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
1305
- if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1306
- $nonce = $_POST['miniorange_login_nonce'];
1307
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1308
-
1309
- if(is_null($session_id)) {
1310
- $session_id=$this->create_session();
1311
- }
1312
-
1313
-
1314
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1315
- $this->remove_current_activity($session_id);
1316
- $error = new WP_Error();
1317
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1318
- return $error;
1319
- } else {
1320
- $this->miniorange_pass2login_start_session();
1321
- $mobile_login = new Miniorange_Mobile_Login();
1322
- //validation and sanitization
1323
- $username = '';
1324
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
1325
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1326
- $mobile_login->mo_auth_show_error_message();
1327
- return;
1328
- } else {
1329
- $username = sanitize_text_field( $_POST['mo2fa_username'] );
1330
- }
1331
- if ( username_exists( $username ) ) { /*if username exists in wp site */
1332
- $user = new WP_User( $username );
1333
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
1334
- MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
1335
- MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
1336
- $this->mo2f_userId=$user->ID;
1337
- $this->fstfactor='VALIDATE_SUCCESS';
1338
- $current_roles = miniorange_get_user_role( $user );
1339
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1340
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1341
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1342
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1343
-
1344
- if(MO2F_IS_ONPREM )
1345
- {
1346
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1347
-
1348
- }
1349
- if ( $mo2f_configured_2FA_method ) {
1350
- if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
1351
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
1352
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1353
- } else {
1354
- $mo2f_second_factor = '';
1355
-
1356
- if(MO2F_IS_ONPREM)
1357
- {
1358
- global $Mo2fdbQueries;
1359
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1360
- if($mo2f_second_factor == 'Security Questions')
1361
- {
1362
- $mo2f_second_factor = 'KBA';
1363
- }
1364
- else if($mo2f_second_factor == 'Google Authenticator')
1365
- {
1366
- $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
1367
- }
1368
- else if($mo2f_second_factor != 'Email Verification')
1369
- $mo2f_second_factor = 'NONE';
1370
- }else{
1371
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
1372
- }
1373
-
1374
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
1375
- $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
1376
- } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
1377
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1378
- }
1379
- else if($mo2f_second_factor == 'Email Verification'){
1380
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1381
- }
1382
- else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
1383
- $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1384
- } else if ( $mo2f_second_factor == 'KBA' ) {
1385
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1386
- } else {
1387
- $this->remove_current_activity($session_id);
1388
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
1389
- $mobile_login->mo_auth_show_success_message();
1390
- }
1391
- }
1392
- } else {
1393
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
1394
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1395
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1396
- $mobile_login->mo2f_redirectto_wp_login();
1397
- }
1398
- } else {
1399
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
1400
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1401
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1402
- $mobile_login->mo2f_redirectto_wp_login();
1403
- }
1404
- } else {
1405
- $mobile_login->remove_current_activity($session_id);
1406
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
1407
- $mobile_login->mo_auth_show_error_message('Invalid Username.');
1408
- }
1409
- }
1410
- }
1411
-
1412
- }
1413
- if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
1414
- {
1415
- $userIDGet = sanitize_text_field($_GET['userID']);
1416
- $txIdGet = sanitize_text_field($_GET['Txid']);
1417
- $otpToken = get_site_option($userIDGet);
1418
- $txidstatus = get_site_option($txIdGet);
1419
- $userIDd = $userIDGet.'D';
1420
- $otpTokenD = get_site_option($userIDd);
1421
- $mo2f_dirName = dirname(__FILE__);
1422
- $mo2f_dirName = explode('wp-content', $mo2f_dirName);
1423
- $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
1424
-
1425
- $head = "You are not authorized to perform this action";
1426
- $body = "Please contact to your admin";
1427
- $color = "red";
1428
- if(3 == $txidstatus)
1429
- {
1430
- $time = "time".$txIdGet;
1431
- $currentTimeInMillis = round(microtime(true) * 1000);
1432
- $generatedTimeINMillis = get_site_option($time);
1433
- $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
1434
- if($difference <= 300)
1435
- {
1436
- $accessTokenGet = sanitize_text_field($_GET['accessToken']);
1437
- if( $accessTokenGet == $otpToken)
1438
- {
1439
- update_site_option($txIdGet,1);
1440
- $body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
1441
- $head = "TRANSACTION SUCCESSFUL";
1442
- $color = "green";
1443
- }
1444
- else if($accessTokenGet==$otpTokenD)
1445
- {
1446
- update_site_option($txIdGet,0);
1447
- $body = "Transaction has been Canceled.<br><br>Please Try Again.";
1448
- $head = "TRANSACTION DENIED";
1449
- }
1450
- }
1451
- delete_site_option($userIDGet);
1452
- delete_site_option($userIDd);
1453
- delete_site_option($time);
1454
-
1455
- }
1456
-
1457
- $this->display_email_verification($head,$body,$color);
1458
- exit;
1459
-
1460
- }
1461
- elseif (isset($_POST['emailInlineCloud'])) {
1462
- $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
1463
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
1464
- $error = new WP_Error();
1465
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1466
- return $error;
1467
- } else {
1468
- $email = sanitize_text_field($_POST['emailInlineCloud']);
1469
- $current_user_id = sanitize_text_field($_POST['current_user_id']);
1470
- //$session_id = sanitize_text_field($_POST['session_id']);
1471
- if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
1472
- global $Mo2fdbQueries;
1473
- $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
1474
- prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','','','',null);
1475
- }
1476
- }
1477
- }
1478
- else if(isset($_POST['txid']))
1479
- {
1480
- $txidpost = sanitize_text_field($_POST['txid']);
1481
- $status = get_site_option($txidpost);
1482
- update_option('optionVal1',$status); //??
1483
- if($status ==1 || $status ==0)
1484
- delete_site_option($txidpost);
1485
- echo $status;
1486
- exit();
1487
- }
1488
-
1489
-
1490
-
1491
- else{
1492
-
1493
- $value=isset($_POST['option'])?$_POST['option']:false;
1494
-
1495
- switch ($value) {
1496
- case 'miniorange_rba_validate':
1497
- $this->check_rba_validation($_POST);
1498
- break;
1499
-
1500
- case 'miniorange_rba_cancle':
1501
-
1502
- $this->check_rba_cancalation($_POST);
1503
- break;
1504
-
1505
- case 'miniorange_forgotphone':
1506
- $this->check_miniorange_challenge_forgotphone($_POST);
1507
- break;
1508
-
1509
- case 'miniorange2f_back_to_inline_registration':
1510
- $this->miniorange2f_back_to_inline_registration($_POST);
1511
- exit;
1512
-
1513
- case 'miniorange_alternate_login_kba':
1514
-
1515
- $this->check_miniorange_alternate_login_kba($_POST);
1516
- break;
1517
-
1518
- case 'miniorange_kba_validate':
1519
- $this->check_kba_validation($_POST);
1520
-
1521
- break;
1522
-
1523
- case 'miniorange_mobile_validation':
1524
- $this->check_miniorange_mobile_validation($_POST);
1525
- break;
1526
-
1527
- case 'miniorange_mobile_validation_failed':
1528
- $this->check_miniorange_mobile_validation_failed($_POST);
1529
- break;
1530
-
1531
- case 'miniorange_softtoken':
1532
- $this->check_miniorange_softtoken($_POST);
1533
-
1534
- break;
1535
-
1536
-
1537
- case 'miniorange_soft_token':
1538
-
1539
- $this->check_miniorange_soft_token($_POST);
1540
- break;
1541
-
1542
- case 'miniorange_inline_skip_registration':
1543
- $this->check_miniorange_inline_skip_registration($_POST);
1544
- break;
1545
-
1546
- case 'miniorange_attribute_collection':
1547
- $this->check_miniorange_attribute_collection($_POST);
1548
- break;
1549
-
1550
- case 'miniorange_inline_save_2factor_method':
1551
- $this->save_inline_2fa_method();
1552
- break;
1553
-
1554
- case 'mo2f_skip_2fa_setup':
1555
- $this->mo2f_skip_2fa_setup();
1556
- break;
1557
-
1558
- case 'miniorange_back_inline':
1559
- $this->back_to_select_2fa();
1560
- break;
1561
-
1562
- case 'miniorange_inline_ga_validate':
1563
- $this->inline_validate_and_set_ga();
1564
- break;
1565
-
1566
- case 'miniorange_inline_show_mobile_config':
1567
- $this->inline_mobile_configure();
1568
- break;
1569
-
1570
- case 'miniorange_inline_complete_mobile':
1571
- $this->mo2f_inline_validate_mobile_authentication();
1572
- break;
1573
-
1574
- case 'mo2f_inline_kba_option':
1575
- $this->mo2f_inline_validate_kba();
1576
- break;
1577
-
1578
- case 'miniorange_inline_complete_otp_over_sms':
1579
- $this->mo2f_inline_send_otp();
1580
- break;
1581
-
1582
- case 'miniorange_inline_complete_otp':
1583
- $this->mo2f_inline_validate_otp();
1584
- break;
1585
-
1586
- case 'miniorange_inline_login':
1587
- $this->mo2f_inline_login();
1588
- break;
1589
- case 'miniorange_inline_register':
1590
- $this->mo2f_inline_register();
1591
- break;
1592
- default:
1593
- $error = new WP_Error();
1594
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1595
-
1596
- return $error;
1597
- break;
1598
-
1599
-
1600
- }
1601
- }
1602
- }
1603
-
1604
- function deniedMessage($message)
1605
- {
1606
- if(empty($message) && get_option("deniedMessage") )
1607
- {
1608
- delete_option('deniedMessage');
1609
- }
1610
- else
1611
- return $message;
1612
- }
1613
- function remove_current_activity($session_id) {
1614
- global $Mo2fdbQueries;
1615
- $session_variables = array(
1616
- 'mo2f_current_user_id',
1617
- 'mo2f_1stfactor_status',
1618
- 'mo_2factor_login_status',
1619
- 'mo2f-login-qrCode',
1620
- 'mo2f_transactionId',
1621
- 'mo2f_login_message',
1622
- 'mo2f_rba_status',
1623
- 'mo_2_factor_kba_questions',
1624
- 'mo2f_show_qr_code',
1625
- 'mo2f_google_auth',
1626
- 'mo2f_authy_keys'
1627
- );
1628
-
1629
- $cookie_variables = array(
1630
- 'mo2f_current_user_id',
1631
- 'mo2f_1stfactor_status',
1632
- 'mo_2factor_login_status',
1633
- 'mo2f-login-qrCode',
1634
- 'mo2f_transactionId',
1635
- 'mo2f_login_message',
1636
- 'mo2f_rba_status_status',
1637
- 'mo2f_rba_status_sessionUuid',
1638
- 'mo2f_rba_status_decision_flag',
1639
- 'kba_question1',
1640
- 'kba_question2',
1641
- 'mo2f_show_qr_code',
1642
- 'mo2f_google_auth',
1643
- 'mo2f_authy_keys'
1644
- );
1645
-
1646
- $temp_table_variables = array(
1647
- 'session_id',
1648
- 'mo2f_current_user_id',
1649
- 'mo2f_login_message',
1650
- 'mo2f_1stfactor_status',
1651
- 'mo2f_transactionId',
1652
- 'mo_2_factor_kba_questions',
1653
- 'mo2f_rba_status',
1654
- 'ts_created'
1655
- );
1656
-
1657
- MO2f_Utility::unset_session_variables( $session_variables );
1658
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
1659
- $key = get_option( 'mo2f_encryption_key' );
1660
- $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
1661
- $Mo2fdbQueries->save_user_login_details( $session_id, array(
1662
-
1663
- 'mo2f_current_user_id' => '',
1664
- 'mo2f_login_message' => '',
1665
- 'mo2f_1stfactor_status' => '',
1666
- 'mo2f_transactionId' => '',
1667
- 'mo_2_factor_kba_questions' => '',
1668
- 'mo2f_rba_status' => '',
1669
- 'ts_created' => ''
1670
- ) );
1671
-
1672
-
1673
- }
1674
-
1675
- public function miniorange_pass2login_start_session() {
1676
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1677
- $session_path = ini_get('session.save_path');
1678
- if( is_writable($session_path) && is_readable($session_path) ) {
1679
- session_start();
1680
- }
1681
- }
1682
- }
1683
-
1684
- function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
1685
- global $Mo2fdbQueries,$LoginuserID;
1686
- $LoginuserID = $user_id;
1687
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1688
- if(is_null($session_id)) {
1689
- $session_id=$this->create_session();
1690
- }
1691
- if(MO2F_IS_ONPREM){
1692
- $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
1693
- $challenge_questions = array_keys($question_answers);
1694
- $random_keys = array_rand($challenge_questions,2);
1695
- $challenge_ques1 = $challenge_questions[$random_keys[0]];
1696
- $challenge_ques2 = $challenge_questions[$random_keys[1]];
1697
- $questions[0] = array('question'=>$challenge_ques1);
1698
- $questions[1] = array('question'=>$challenge_ques2);
1699
- update_user_meta( $user_id, 'kba_questions_user', $questions );
1700
- $mo2fa_login_message = 'Please answer the following questions:';
1701
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1702
- $mo2f_kbaquestions = $questions;
1703
- MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1704
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1705
- }
1706
-
1707
- else{
1708
- $challengeKba = new Customer_Setup();
1709
- $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1710
- $response = json_decode( $content, true );
1711
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1712
- if ( $response['status'] == 'SUCCESS' ) {
1713
- MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
1714
- $this->mo2f_transactionid = $response['txId'];
1715
- $questions = array();
1716
- $questions[0] = $response['questions'][0];
1717
- $questions[1] = $response['questions'][1];
1718
- MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1719
- $this->mo2f_kbaquestions=$questions;
1720
- $mo2fa_login_message = 'Please answer the following questions:';
1721
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1722
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1723
- } else if ( $response['status'] == 'ERROR' ) {
1724
- $this->remove_current_activity($session_id);
1725
- $error = new WP_Error();
1726
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1727
-
1728
- return $error;
1729
- }
1730
- } else {
1731
- $this->remove_current_activity($session_id);
1732
- $error = new WP_Error();
1733
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1734
-
1735
- return $error;
1736
- }
1737
- }
1738
- }
1739
-
1740
- function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt,$show_back_button =null ) {
1741
-
1742
- $login_status = $mo2fa_login_status;
1743
- $login_message = $mo2fa_login_message;
1744
- switch ($login_status) {
1745
- case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
1746
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1747
- mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
1748
- exit;
1749
- break;
1750
- case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
1751
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1752
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1753
- exit;
1754
- break;
1755
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
1756
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1757
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button );
1758
- exit;
1759
- break;
1760
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
1761
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1762
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1763
- exit;
1764
- break;
1765
- case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
1766
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1767
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1768
- exit;
1769
- break;
1770
- case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
1771
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1772
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1773
- exit;
1774
- break;
1775
- case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
1776
- mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
1777
- exit;
1778
- break;
1779
-
1780
- case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
1781
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1782
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1783
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1784
- exit;
1785
- break;
1786
-
1787
- case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
1788
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1789
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1790
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1791
- exit;
1792
- break;
1793
-
1794
- case 'MO_2_FACTOR_RECONFIG_GOOGLE':
1795
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1796
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
1797
- exit;
1798
- break;
1799
-
1800
- case 'MO_2_FACTOR_RECONFIG_KBA':
1801
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1802
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
1803
- exit;
1804
- break;
1805
-
1806
- case 'MO_2_FACTOR_SETUP_SUCCESS':
1807
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1808
- $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
1809
- break;
1810
-
1811
- case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
1812
- $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
1813
- if(MO2F_IS_ONPREM){
1814
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1815
- $ques = get_user_meta( $user_id, 'kba_questions_user');
1816
- mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
1817
- }
1818
- else{
1819
- mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
1820
- }
1821
- exit;
1822
- break;
1823
-
1824
- case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
1825
- mo2f_get_device_form( $redirect_to, $session_id_encrypt );
1826
- exit;
1827
- break;
1828
-
1829
- case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
1830
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1831
- prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
1832
- exit;
1833
- break;
1834
-
1835
- default:
1836
- $this->mo_2_factor_pass2login_show_wp_login_form();
1837
- if(MO2F_IS_ONPREM){
1838
- $this->mo_2_factor_pass2login_show_wp_login_form();
1839
- }
1840
- break;
1841
- }
1842
- }
1843
-
1844
- function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
1845
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
1846
- return true;
1847
- }
1848
-
1849
- return false;
1850
- }
1851
-
1852
- function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
1853
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1854
- return true;
1855
- }
1856
-
1857
- return false;
1858
- }
1859
-
1860
- function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
1861
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
1862
- return true;
1863
- }
1864
-
1865
- return false;
1866
- }
1867
-
1868
- function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
1869
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
1870
- return true;
1871
- }
1872
-
1873
- return false;
1874
- }
1875
-
1876
- function miniorange_pass2login_reconfig_google( $login_status ) {
1877
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
1878
- return true;
1879
- }
1880
-
1881
- return false;
1882
- }
1883
-
1884
- function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
1885
-
1886
- do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
1887
-
1888
-
1889
- }
1890
-
1891
- function miniorange_pass2login_reconfig_kba( $login_status ) {
1892
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
1893
- return true;
1894
- }
1895
-
1896
- return false;
1897
- }
1898
-
1899
- function miniorange_pass2login_check_kba_status( $login_status ) {
1900
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
1901
- return true;
1902
- }
1903
-
1904
- return false;
1905
- }
1906
-
1907
- function miniorange_pass2login_check_trusted_device_status( $login_status ) {
1908
-
1909
- if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
1910
- return true;
1911
- }
1912
-
1913
- return false;
1914
- }
1915
-
1916
- function mo_2_factor_pass2login_woocommerce(){
1917
- ?>
1918
- <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
1919
- <?php
1920
- }
1921
- function mo_2_factor_pass2login_show_wp_login_form() {
1922
-
1923
- $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
1924
- if(is_null($session_id_encrypt)) {
1925
- $session_id_encrypt=$this->create_session();
1926
- }
1927
- ?>
1928
- <p><input type="hidden" name="miniorange_login_nonce"
1929
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
1930
-
1931
- <input type="hidden" id="sessid" name="session_id"
1932
- value="<?php echo $session_id_encrypt; ?>"/>
1933
-
1934
- </p>
1935
-
1936
- <?php
1937
- if ( get_option( 'mo2f_remember_device' ) ) {
1938
- ?>
1939
- <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
1940
- <?php
1941
- wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
1942
- wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
1943
- wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
1944
- wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
1945
- wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
1946
- wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
1947
- wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
1948
- wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
1949
- wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
1950
- }else{
1951
-
1952
-
1953
- if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option'))
1954
- {
1955
- echo "\t<p>\n";
1956
- echo "\t\t<label class=\"mo2f_instuction1\" title=\"".__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('2 Factor Authentication code*','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
1957
- echo "\t\t<input type=\"text\" placeholder=\"No soft Token ? Skip\" name=\"mo_softtoken\" id=\"mo2f_2fa_code\" class=\"mo2f_2fa_code\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
1958
- echo "\t<p class=\"mo2f_instuction2\" style='color:red; font-size:12px;padding:5px'>* Skip the authentication code if it doesn't apply.</p>\n";
1959
- echo "\t</p>\n";
1960
- echo " \r\n";
1961
- echo " \r\n";
1962
- echo "\n";
1963
- }
1964
- }
1965
-
1966
- }
1967
-
1968
- function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
1969
- global $Mo2fdbQueries;
1970
- if (is_null($session_id_encrypt)){
1971
- $session_id_encrypt=$this->create_session();
1972
- }
1973
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1974
- $useragent = $_SERVER['HTTP_USER_AGENT'];
1975
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
1976
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1977
-
1978
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1979
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
1980
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
1981
-
1982
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1983
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1984
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1985
- } else {
1986
- $challengeMobile = new Customer_Setup();
1987
- $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1988
- $response = json_decode( $content, true );
1989
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1990
- if ( $response['status'] == 'SUCCESS' ) {
1991
- $qrCode = $response['qrCode'];
1992
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
1993
- $this->mo2f_transactionid=$response['txId'];
1994
- $mo2fa_login_message = '';
1995
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
1996
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
1997
- } else if ( $response['status'] == 'ERROR' ) {
1998
- $this->remove_current_activity($session_id_encrypt);
1999
- $error = new WP_Error();
2000
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2001
-
2002
- return $error;
2003
- }
2004
- } else {
2005
- $this->remove_current_activity($session_id_encrypt);
2006
- $error = new WP_Error();
2007
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2008
-
2009
- return $error;
2010
- }
2011
- }
2012
-
2013
- }
2014
-
2015
- function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2016
-
2017
- global $Mo2fdbQueries;
2018
- if(is_null($session_id)){
2019
- $session_id=$this->create_session();
2020
- }
2021
- $challengeMobile = new Customer_Setup();
2022
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2023
- if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2024
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2025
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2026
- $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2027
-
2028
- }else {
2029
- $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2030
- }
2031
- $response = json_decode( $content, true );
2032
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2033
- if ( $response['status'] == 'SUCCESS' ) {
2034
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2035
- $this->mo2f_transactionid=$response['txId'];
2036
-
2037
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2038
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2039
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2040
- } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2041
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2042
- $this->mo2f_transactionid=$response['txId'];
2043
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2044
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2045
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2046
- }
2047
- } else {
2048
- $this->remove_current_activity($session_id);
2049
- $error = new WP_Error();
2050
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2051
-
2052
- return $error;
2053
- }
2054
- }
2055
-
2056
- function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2057
- global $Mo2fdbQueries;
2058
- if(is_null($session_id)){
2059
- $session_id=$this->create_session();
2060
- }
2061
- $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2062
- if($mo2f_second_factor == 'EMAIL')
2063
- {
2064
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2065
- $wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
2066
- if($wdewdeqdqq >30 or get_site_option(base64_encode("limitReached")))
2067
- {
2068
- update_site_option(base64_encode("remainingOTP"),0);
2069
- }
2070
- }
2071
- else
2072
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2073
- if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2074
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2075
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2076
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2077
- } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2078
- $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2079
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2080
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2081
- } else {
2082
- $challengeMobile = new Customer_Setup();
2083
- $content = '';
2084
- $response = [];
2085
- $otpLIMiTE = 0;
2086
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
2087
- {
2088
- if($mo2f_second_factor == 'OTP Over SMS')
2089
- $mo2f_second_factor = 'SMS';
2090
- $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2091
- $response = json_decode( $content, true );
2092
-
2093
- }
2094
- else
2095
- {
2096
- $response['status'] = 'FAILED';
2097
- $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2098
- $otpLIMiTE = 1;
2099
- }
2100
- if ( json_last_error() == JSON_ERROR_NONE ) {
2101
- if ( $response['status'] == 'SUCCESS' ) {
2102
- if($mo2f_second_factor == 'EMAIL')
2103
- {
2104
- $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2105
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2106
- }
2107
- elseif($mo2f_second_factor == 'SMS')
2108
- {
2109
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2110
- }
2111
- if(!isset($response['phoneDelivery']['contact']))
2112
- $response['phoneDelivery']['contact'] = '';
2113
- $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2114
- update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2115
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2116
- $this->mo2f_transactionid=$response['txId'];
2117
- $mo2fa_login_message = $message;
2118
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2119
-
2120
- if($currentMethod == 'OTP Over Email')
2121
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2122
- else
2123
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2124
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2125
- } else {
2126
-
2127
-
2128
- if($response['message'] == 'TEST FAILED.')
2129
- $response['message'] = 'There is an error in sending the OTP.';
2130
-
2131
- $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
2132
-
2133
- if($otpLIMiTE ==1)
2134
- $last_message = 'or contact miniOrange';
2135
-
2136
- else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
2137
- $last_message = 'Or check your SMTP Server and remaining transacions.';
2138
- else
2139
- $last_message = 'Or check your remaining transacions';
2140
-
2141
- $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
2142
- if(!isset($response['txId']))
2143
- $response['txId'] = '';
2144
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2145
- $this->mo2f_transactionid=$response['txId'];
2146
- $mo2fa_login_message = $message;
2147
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2148
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2149
- }
2150
- } else {
2151
- $this->remove_current_activity($session_id);
2152
- $error = new WP_Error();
2153
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2154
- return $error;
2155
- }
2156
- }
2157
- }
2158
-
2159
- function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
2160
- if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
2161
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
2162
- $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
2163
- } else {
2164
- $user_id=$this->mo2f_userID;
2165
- $mo2f_1stfactor_status=$this->fstfactor;
2166
- }
2167
- if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
2168
- $currentuser = get_user_by( 'id', $user_id );
2169
- wp_set_current_user( $user_id, $currentuser->user_login );
2170
- $mobile_login = new Miniorange_Mobile_Login();
2171
- $mobile_login->remove_current_activity($session_id_encrypted);
2172
- wp_set_auth_cookie( $user_id, true );
2173
- do_action( 'wp_login', $currentuser->user_login, $currentuser );
2174
- redirect_user_to( $currentuser, $redirect_to );
2175
- exit;
2176
- } else {
2177
- $this->remove_current_activity($session_id_encrypted);
2178
- }
2179
- }
2180
-
2181
- function create_session(){
2182
- global $Mo2fdbQueries;
2183
- $session_id = MO2f_Utility::random_str(20);
2184
- $Mo2fdbQueries->insert_user_login_session($session_id);
2185
- $key = get_option( 'mo2f_encryption_key' );
2186
- $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
2187
- return $session_id_encrypt;
2188
- }
2189
-
2190
- function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
2191
-
2192
- global $Mo2fdbQueries;
2193
- $this->miniorange_pass2login_start_session();
2194
- if(is_null($session_id_encrypt)) {
2195
- $session_id_encrypt=$this->create_session();
2196
- }
2197
-
2198
- MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
2199
- MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
2200
-
2201
- $this->mo2f_userID=$currentuser->ID;
2202
- $this->fstfactor='VALIDATE_SUCCESS';
2203
-
2204
- $is_customer_admin = true;
2205
-
2206
- $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
2207
- if($dG90YWxVc2Vyc0Nsb3Vk<3)
2208
- $is_customer_admin = true;
2209
-
2210
- $roles = ( array ) $currentuser->roles;
2211
- $twofactor_enabled = 0;
2212
- foreach ( $roles as $role ) {
2213
- if(get_option('mo2fa_'.$role)=='1')
2214
- $twofactor_enabled=1;
2215
- }
2216
-
2217
- if ( $is_customer_admin && $twofactor_enabled ) {
2218
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
2219
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
2220
-
2221
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
2222
- $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
2223
- }else{
2224
- $mo2f_allwed_login_attempts= 'disabled';
2225
- }
2226
- update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
2227
-
2228
- $twofactor_transactions = new Mo2fDB;
2229
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
2230
-
2231
- if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
2232
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2233
- try {
2234
- $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
2235
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
2236
- $this->mo2f_rbastatus=$mo2f_rba_status;
2237
- } catch ( Exception $e ) {
2238
- echo $e->getMessage();
2239
- }
2240
-
2241
- if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
2242
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2243
- } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
2244
-
2245
- $this->mo2f_restrict_access( 'Access_denied' );
2246
- exit;
2247
- } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
2248
- $this->mo2f_restrict_access( 'Access_denied' );
2249
- exit;
2250
- } else {
2251
-
2252
- $mo2f_second_factor = '';
2253
-
2254
- if(MO2F_IS_ONPREM)
2255
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2256
- else
2257
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
2258
-
2259
- if($mo2f_second_factor == 'miniOrange Soft Token')
2260
- $mo2f_second_factor = "SOFT TOKEN";
2261
- else if($mo2f_second_factor == "miniOrange Push Notification")
2262
- $mo2f_second_factor = "PUSH NOTIFICATIONS";
2263
- else if($mo2f_second_factor == "miniOrange QR Code Authentication")
2264
- $mo2f_second_factor = "MOBILE AUTHENTICATION";
2265
- else if($mo2f_second_factor == 'Security Questions')
2266
- $mo2f_second_factor = 'KBA';
2267
- else if($mo2f_second_factor == 'Google Authenticator')
2268
- $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2269
- else if($mo2f_second_factor == 'OTP Over SMS')
2270
- $mo2f_second_factor = 'SMS';
2271
- else if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
2272
- $mo2f_second_factor = "EMAIL";
2273
-
2274
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
2275
- {
2276
- update_site_option("bGltaXRSZWFjaGVk",1);
2277
-
2278
- }
2279
- }
2280
-
2281
-
2282
- if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
2283
- {
2284
- $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
2285
- if(is_wp_error( $error))
2286
- {
2287
- return $error;
2288
- }
2289
- }
2290
- else{
2291
-
2292
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2293
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
2294
- } else {
2295
-
2296
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2297
- $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
2298
- } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification') {
2299
- $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2300
- } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL') {
2301
- $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2302
- } else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
2303
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
2304
- } else if ( $mo2f_second_factor == 'NONE' ) {
2305
- return $currentuser;
2306
- } else {
2307
- $this->remove_current_activity($session_id_encrypt);
2308
- $error = new WP_Error();
2309
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
2310
- return $error;
2311
- }
2312
- }
2313
- }
2314
-
2315
- }
2316
- }else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
2317
- $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
2318
-
2319
- } else {
2320
- return $currentuser;
2321
- }
2322
-
2323
- } else { //plugin is not activated for current role then logged him in without asking 2 factor
2324
- return $currentuser;
2325
- }
2326
-
2327
- }
2328
-
2329
- function mo2fa_inline($currentuser,$redirect_to,$session_id){
2330
-
2331
- global $Mo2fdbQueries;
2332
- $currentUserId = $currentuser->ID;
2333
- $email = $currentuser->user_email;
2334
- $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
2335
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
2336
- 'user_registration_with_miniorange' =>'SUCCESS',
2337
- 'mo2f_user_email' =>$email,
2338
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
2339
- ) );
2340
-
2341
- $mo2fa_login_message = '';
2342
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2343
-
2344
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
2345
- //}
2346
- }
2347
-
2348
- function mo2f_validate_soft_token($currentuser, $redirect_to = null, $mo2f_second_factor, $softtoken,$session_id_encrypt){
2349
- global $Mo2fdbQueries;
2350
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2351
- $customer = new Customer_Setup();
2352
- $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2353
-
2354
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2355
- if ( get_option( 'mo2f_remember_device' ) ) {
2356
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
2357
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
2358
- } else {
2359
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2360
- }
2361
- } else {
2362
- return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
2363
- }
2364
- }
2365
-
2366
- function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
2367
- {
2368
-
2369
- $challengeMobile = new Customer_Setup();
2370
- $content = '';
2371
- $response = [];
2372
- $otpLIMiTE = 0;
2373
- if(get_site_option("cmVtYWluaW5nT1RQ")>0)
2374
- {
2375
- $content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
2376
- $response = json_decode( $content, true );
2377
- }
2378
- else
2379
- {
2380
- $response['status'] = 'FAILED';
2381
- $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2382
- $otpLIMiTE = 1;
2383
- }
2384
- if ( json_last_error() == JSON_ERROR_NONE ) {
2385
- if ( $response['status'] == 'SUCCESS' ) {
2386
- $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
2387
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2388
- $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
2389
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2390
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 );
2391
- }
2392
- else
2393
- {
2394
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2395
- $mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
2396
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
2397
- }
2398
- }
2399
- }
2400
- function mo2f_restrict_access( $identity ) {
2401
- apply_filters( 'mo2f_rba_addon', $identity );
2402
- exit;
2403
- }
2404
-
2405
- function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
2406
- global $Mo2fdbQueries;
2407
- if ( get_option( 'mo2f_remember_device' ) ) {
2408
- $this->miniorange_pass2login_start_session();
2409
-
2410
- $session_id=$this->create_session();
2411
- MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
2412
- $this->mo2f_userID=$currentuser->ID;
2413
-
2414
- mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
2415
- exit;
2416
- } else {
2417
- $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to );
2418
- }
2419
- }
2420
-
2421
- function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
2422
- if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
2423
- return $user;
2424
- }
2425
- if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
2426
- return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
2427
- }
2428
-
2429
- // if an app password is enabled, this is an XMLRPC / APP login ?
2430
- if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
2431
-
2432
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
2433
- if ( is_wp_error( $currentuser ) ) {
2434
- $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
2435
-
2436
- return false;
2437
- } else {
2438
- return $currentuser;
2439
- }
2440
-
2441
- } else {
2442
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
2443
- if ( is_wp_error( $currentuser ) ) {
2444
- $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
2445
- return $currentuser;
2446
- } else {
2447
- global $Mo2fdbQueries;
2448
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2449
-
2450
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2451
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2452
- $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
2453
- if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
2454
- {
2455
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
2456
- }
2457
- else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
2458
- {
2459
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
2460
- }
2461
- else
2462
- {
2463
- if ( empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')))
2464
- {
2465
-
2466
-
2467
- if(isset($_POST['mo_woocommerce_login_prompt'])){
2468
-
2469
- $this->miniorange_initiate_2nd_factor( $currentuser, "", "","");
2470
- }
2471
- return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
2472
- // Prevent PHP notices when using app password login
2473
-
2474
- }
2475
- else
2476
- {
2477
- $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
2478
- }
2479
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
2480
- $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2481
-
2482
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2483
-
2484
- if(is_null($session_id)) {
2485
- $session_id=$this->create_session();
2486
- }
2487
-
2488
-
2489
- $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
2490
-
2491
-
2492
- if(is_wp_error( $error)){
2493
- return $error;
2494
- }
2495
- return $error;
2496
- }
2497
- }
2498
- }
2499
-
2500
- }
2501
-
2502
- function display_email_verification($head,$body,$color)
2503
- {
2504
- echo "<div style='background-color: #d5e3d9; height:850px;' >
2505
- <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
2506
- <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
2507
- <img alt='logo' style='margin-left:240px ;
2508
- margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
2509
- <div><hr></div>
2510
-
2511
- <tbody>
2512
- <tr>
2513
- <td>
2514
-
2515
- <p style='margin-top:0;margin-bottom:10px'>
2516
- <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".$head ."</h1></p>
2517
- <p style='margin-top:0;margin-bottom:10px'>
2518
- <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".$body."</h2></p>
2519
- <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
2520
-
2521
- </td>
2522
- </tr>
2523
-
2524
- </div>
2525
- </div>
2526
- </div>";
2527
- }
2528
-
2529
- function mo_2_factor_enable_jquery_default_login() {
2530
- wp_enqueue_script( 'jquery' );
2531
- }
2532
-
2533
- function miniorange_pass2login_footer_form() {
2534
- ?>
2535
- <script>
2536
- jQuery(document).ready(function () {
2537
- if (document.getElementById('loginform') != null) {
2538
- jQuery('#loginform').on('submit', function (e) {
2539
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2540
- });
2541
- } else {
2542
- if (document.getElementsByClassName('login') != null) {
2543
- jQuery('.login').on('submit', function (e) {
2544
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2545
- });
2546
- }
2547
- }
2548
- });
2549
- </script>
2550
- <?php
2551
-
2552
- }
2553
-
2554
-
2555
- }
2556
-
2557
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+
25
+ include 'two_fa_login.php';
26
+ class Miniorange_Password_2Factor_Login {
27
+
28
+ private $mo2f_kbaquestions;
29
+ private $mo2f_userID;
30
+ private $mo2f_rbastatus;
31
+ private $mo2f_transactionid;
32
+
33
+ function mo2f_inline_login(){
34
+ global $moWpnsUtility;
35
+ $email = sanitize_email( $_POST['email'] );
36
+ $password = sanitize_text_field( $_POST['password'] );
37
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
38
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
39
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
40
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
+ {
42
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
+ return;
46
+ }
47
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
+ }
49
+ function mo2f_inline_register(){
50
+ global $moWpnsUtility, $Mo2fdbQueries;
51
+ $email = sanitize_email($_POST['email']);
52
+ $company = $_SERVER["SERVER_NAME"];
53
+ $password = sanitize_text_field($_POST['password']);
54
+ $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
56
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
57
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
58
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
59
+ {
60
+ $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
61
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
62
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
63
+ }
64
+ if( $password != $confirmPassword )
65
+ {
66
+ $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
67
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
68
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
69
+ }
70
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
71
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
72
+ {
73
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
74
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
75
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
76
+ }
77
+
78
+ update_option( 'mo2f_email', $email );
79
+
80
+ update_option( 'mo_wpns_company' , $company );
81
+
82
+ update_option( 'mo_wpns_password' , $password );
83
+
84
+ $customer = new MocURL();
85
+ $content = json_decode($customer->check_customer($email), true);
86
+ $Mo2fdbQueries->insert_user( $user_id );
87
+ switch ($content['status'])
88
+ {
89
+ case 'CUSTOMER_NOT_FOUND':
90
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
91
+
92
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
93
+ {
94
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
95
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
96
+ }
97
+
98
+ break;
99
+ default:
100
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
101
+ break;
102
+ }
103
+
104
+ }
105
+
106
+ function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
107
+ {
108
+ global $Mo2fdbQueries;
109
+ $customer = new MocURL();
110
+
111
+ $content = $customer->get_customer_key($email, $password);
112
+ $customerKey = json_decode($content, true);
113
+ if(json_last_error() == JSON_ERROR_NONE)
114
+ {
115
+ if(isset($customerKey['phone'])){
116
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
117
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
118
+ }
119
+ update_option('mo2f_email',$email);
120
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
121
+ $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
122
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
123
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
124
+ }
125
+ else
126
+ {
127
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
128
+ $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
129
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
130
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
131
+ }
132
+ }
133
+
134
+ function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
135
+ {
136
+ global $Mo2fdbQueries;
137
+ update_option( 'mo2f_customerKey' , $id );
138
+ update_option( 'mo2f_api_key' , $apiKey );
139
+ update_option( 'mo2f_customer_token' , $token );
140
+ update_option( 'mo2f_app_secret' , $appSecret );
141
+ update_option( 'mo_wpns_enable_log_requests' , true );
142
+ update_option( 'mo2f_miniorange_admin', $id );
143
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
144
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
145
+ $Mo2fdbQueries->update_user_details( $user_id, array(
146
+ 'mo2f_user_email' =>$email
147
+ ) );
148
+ }
149
+ function mo2f_inline_validate_otp(){
150
+ if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
151
+ $nonce = $_POST['miniorange_inline_validate_otp_nonce'];
152
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
153
+ $error = new WP_Error();
154
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
155
+ return $error;
156
+ } else {
157
+ global $Mo2fdbQueries;
158
+ $this->miniorange_pass2login_start_session();
159
+ $otp_token = '';
160
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
161
+ $mo2fa_login_message = '';
162
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
163
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
164
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
165
+ } else{
166
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
167
+ }
168
+
169
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
170
+ $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
171
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
172
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
173
+ $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
174
+ $customer = new Customer_Setup();
175
+ $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
176
+ if($content['status'] == 'ERROR'){
177
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
178
+ }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
179
+ $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
180
+ if($user_phone && strlen($user_phone) >= 4){
181
+ if($phone != $user_phone ){
182
+
183
+ $Mo2fdbQueries->update_user_details( $current_user, array(
184
+ 'mobile_registration_status' =>false
185
+ ) );
186
+ }
187
+ }
188
+
189
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
190
+ if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
191
+ $Mo2fdbQueries->update_user_details( $current_user, array(
192
+ 'mo2f_OTPOverSMS_config_status' =>true,
193
+ 'mo2f_user_phone' =>$phone
194
+ ) );
195
+ }else{
196
+ $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
197
+
198
+ }
199
+ // unset($_SESSION[ 'mo2f_phone']);
200
+ // if(MO2F_IS_ONPREM)
201
+ // update_user_meta($current_user,'currentMethod','OTP Over SMS'); ///current_user = current_user_id
202
+ // else
203
+ // {
204
+ $Mo2fdbQueries->update_user_details($current_user, array(
205
+ "mo2f_configured_2FA_method" => 'OTP Over SMS',
206
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
207
+ ) );
208
+ $TwoF_setup = new Two_Factor_Setup();
209
+ $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
210
+
211
+ // }
212
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
213
+
214
+ }else{ // OTP Validation failed.
215
+ $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
216
+ }
217
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
218
+ }
219
+ }
220
+
221
+ }
222
+ function mo2f_inline_send_otp(){
223
+ if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
224
+ $nonce = $_POST['miniorange_inline_verify_phone_nonce'];
225
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
226
+ $error = new WP_Error();
227
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
228
+ return $error;
229
+ } else {
230
+ global $Mo2fdbQueries;
231
+ $this->miniorange_pass2login_start_session();
232
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
233
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
234
+ $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
235
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
236
+ $customer = new Customer_Setup();
237
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
238
+ $parameters = array();
239
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
240
+
241
+ $mo2fa_login_message = '';
242
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
243
+ if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
244
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
245
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
246
+ if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
247
+ $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
248
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
249
+ }
250
+ $phone = str_replace(' ', '', $phone);
251
+ // $_SESSION['mo2f_phone'] = $phone;
252
+ update_user_meta($current_user,'mo2f_user_phone',$phone);
253
+ }
254
+ if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
255
+ $currentMethod = "SMS";
256
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
257
+ $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
258
+ $parameters = array("phone" => $phone, "email" => $email);
259
+ }else if($selected_2factor_method == 'PHONE VERIFICATION'){
260
+ $currentMethod = "PHONE_VERIFICATION";
261
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
262
+ $currentMethod = "OTP_OVER_EMAIL";
263
+ $parameters = $email;
264
+ }
265
+ if($selected_2factor_method == 'SMS AND EMAIL'){
266
+ $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
267
+ }
268
+ else if($selected_2factor_method == 'OTP OVER EMAIL'){
269
+ $content = json_decode($customer->send_otp_token($email,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
270
+ }
271
+ else{
272
+ $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
273
+
274
+ }
275
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
276
+ if($content['status'] == 'ERROR'){
277
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
278
+ }else if($content['status'] == 'SUCCESS'){
279
+ // $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
280
+ update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
281
+ if($selected_2factor_method == 'SMS'){
282
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
283
+ $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
284
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
285
+ $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
286
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
287
+ $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
288
+ }else if($selected_2factor_method== 'PHONE VERIFICATION'){
289
+ $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
290
+ }
291
+ }else if($content['status'] == 'FAILED'){
292
+ $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
293
+ }else{
294
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
295
+ }
296
+ }else{
297
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
298
+ }
299
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
300
+ }
301
+ }
302
+
303
+ }
304
+ function mo2f_inline_validate_kba(){
305
+ if(isset($_POST['mo2f_inline_save_kba_nonce'])){
306
+ $nonce = $_POST['mo2f_inline_save_kba_nonce'];
307
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
308
+ $error = new WP_Error();
309
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
310
+ return $error;
311
+ } else {
312
+ global $Mo2fdbQueries;
313
+ $this->miniorange_pass2login_start_session();
314
+ $mo2fa_login_message = '';
315
+ $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
316
+ $temp_array = array($_POST['mo2f_kbaquestion_1'],$_POST['mo2f_kbaquestion_2'],$_POST['mo2f_kbaquestion_3']);
317
+ $kba_questions = array();
318
+ foreach($temp_array as $question){
319
+ if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
320
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
321
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
322
+ }else{
323
+ $ques = sanitize_text_field($question);
324
+ $ques = addcslashes(stripslashes($ques), '"\\');
325
+ array_push($kba_questions, $ques);
326
+ }
327
+ }
328
+ if(!(array_unique($kba_questions) == $kba_questions)){
329
+ $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
330
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
331
+ }
332
+ $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
333
+ $kba_answers = array();
334
+ foreach($temp_array_ans as $answer){
335
+ if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
336
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
337
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
338
+ }else{
339
+ $ques = sanitize_text_field($answer);
340
+ $answer = strtolower($answer);
341
+ array_push($kba_answers, $answer);
342
+ }
343
+ }
344
+ $size = sizeof($kba_questions);
345
+ $kba_q_a_list = array();
346
+ for($c = 0; $c < $size; $c++){
347
+ array_push($kba_q_a_list, $kba_questions[$c]);
348
+ array_push($kba_q_a_list, $kba_answers[$c]);
349
+ }
350
+
351
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
352
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
353
+ $current_user = get_user_by('id',$user_id);
354
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
355
+
356
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
357
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
358
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
359
+ 'mo2f_SecurityQuestions_config_status' =>true,
360
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
361
+ ) );
362
+ if(!MO2F_IS_ONPREM)
363
+ {
364
+ $kba_q1 = $_POST['mo2f_kbaquestion_1'];
365
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
366
+ $kba_q2 = $_POST['mo2f_kbaquestion_2'];
367
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
368
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
369
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
370
+
371
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
372
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
373
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
374
+
375
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
376
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
377
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
378
+
379
+ $kba_registration = new Two_Factor_Setup();
380
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
381
+
382
+ if ( json_last_error() == JSON_ERROR_NONE ) {
383
+
384
+ if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
385
+ $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
386
+ }
387
+
388
+ }
389
+ }
390
+
391
+ $kba_q1 = $kba_q_a_list[0];
392
+ $kba_a1 = md5($kba_q_a_list[1]);
393
+ $kba_q2 = $kba_q_a_list[2];
394
+ $kba_a2 = md5($kba_q_a_list[3]);
395
+ $kba_q3 = $kba_q_a_list[4];
396
+ $kba_a3 = md5($kba_q_a_list[5]);
397
+ $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
398
+ update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
399
+ if(!isset($_POST['mo2f_inline_kba_status'])){
400
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
401
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
402
+ // update_user_meta($current_user->ID, 'currentMethod','Security Questions');
403
+ }
404
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
405
+ }
406
+ }
407
+ }
408
+
409
+ function mo2f_inline_validate_mobile_authentication(){
410
+ if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
411
+ $nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce'];
412
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
413
+ $error = new WP_Error();
414
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
415
+ return $error;
416
+ } else {
417
+ global $Mo2fdbQueries;
418
+ $this->miniorange_pass2login_start_session();
419
+ // unset($_SESSION[ 'mo2f-login-qrCode' ]);
420
+ // unset($_SESSION[ 'mo2f-login-transactionId' ]);
421
+ // unset($_SESSION[ 'mo2f_show_qr_code'] );
422
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
423
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
424
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
425
+ // $current_user = get_user_by('id',$user_id);
426
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
427
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
428
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
429
+ $mo2fa_login_message = '';
430
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
431
+ $enduser = new Two_Factor_Setup();
432
+ if($selected_2factor_method == 'SOFT TOKEN')
433
+ $selected_2factor_method_onprem = 'miniOrange Soft Token';
434
+ else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
435
+ $selected_2factor_method_onprem = 'miniOrange Push Notification';
436
+ else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
437
+ $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
438
+
439
+ $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
440
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
441
+ if($response['status'] == 'ERROR'){
442
+ $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
443
+ }else if($response['status'] == 'SUCCESS'){
444
+ $Mo2fdbQueries->update_user_details( $user_id, array(
445
+ 'mobile_registration_status' =>true,
446
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
447
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
448
+ 'mo2f_miniOrangePushNotification_config_status' => true,
449
+ 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
450
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
451
+ ) );
452
+ // $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
453
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
454
+ }else{
455
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
456
+ }
457
+ }else{
458
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
459
+ }
460
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
461
+ }
462
+ }
463
+
464
+ }
465
+
466
+ function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
467
+ global $Mo2fdbQueries;
468
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
469
+ $pass2fa= new Miniorange_Password_2Factor_Login();
470
+ $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
471
+ exit;
472
+ }
473
+
474
+ function mo2f_inline_get_qr_code_for_mobile($email,$id){
475
+ $registerMobile = new Two_Factor_Setup();
476
+ $content = $registerMobile->register_mobile($email);
477
+ $response = json_decode($content, true);
478
+ $message = '';
479
+ $miniorageqr=array();
480
+ if(json_last_error() == JSON_ERROR_NONE) {
481
+ if($response['status'] == 'ERROR'){
482
+ $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
483
+ delete_user_meta( $id, 'miniorageqr' );
484
+ }else{
485
+ if($response['status'] == 'IN_PROGRESS'){
486
+
487
+ $miniorageqr['message']='';
488
+ $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
489
+ $miniorageqr['mo2f-login-transactionId']=$response['txId'];
490
+ $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
491
+ update_user_meta($id,'miniorageqr',$miniorageqr);
492
+ }else{
493
+ $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
494
+ delete_user_meta( $id, 'miniorageqr' );
495
+ }
496
+ }
497
+ }
498
+ return $miniorageqr;
499
+ }
500
+
501
+ function inline_mobile_configure(){
502
+ if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
503
+ $nonce = $_POST['miniorange_inline_show_qrcode_nonce'];
504
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
505
+ $error = new WP_Error();
506
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
507
+ return $error;
508
+ } else {
509
+ global $Mo2fdbQueries;
510
+ $this->miniorange_pass2login_start_session();
511
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
512
+
513
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
514
+
515
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
516
+ $current_user = get_user_by('id',$user_id);
517
+ $mo2fa_login_message = '';
518
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
519
+ $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
520
+ if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
521
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
522
+ $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
523
+ $mo2fa_login_message=$miniorageqr['message'];
524
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
525
+ $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
526
+ }else{
527
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
528
+ }
529
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
530
+ }
531
+ }
532
+ }
533
+
534
+ function inline_validate_and_set_ga(){
535
+ if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
536
+ $nonce = $_POST['mo2f_inline_validate_ga_nonce'];
537
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
538
+ $error = new WP_Error();
539
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
540
+ return $error;
541
+ } else {
542
+ global $Mo2fdbQueries;
543
+ $this->miniorange_pass2login_start_session();
544
+ $otpToken = $_POST['google_auth_code'];
545
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
546
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
547
+ $current_user = get_user_by('id',$user_id);
548
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
549
+ $mo2f_google_auth=json_decode(get_user_meta($user_id,'mo2f_google_auth', true),true);
550
+ $mo2f_google_auth = isset($mo2f_google_auth) ?$mo2f_google_auth : null;
551
+ // $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
552
+ $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
553
+ $mo2fa_login_message = '';
554
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
555
+ if(MO2f_Utility::mo2f_check_number_length($otpToken)){
556
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
557
+ //$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user->ID);
558
+ $google_auth = new Miniorange_Rba_Attributes();
559
+ $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
560
+ if(json_last_error() == JSON_ERROR_NONE) {
561
+ if($google_response['status'] == 'SUCCESS'){
562
+ $response = $google_response;
563
+ if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
564
+ if($response['status'] == 'SUCCESS'){
565
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
566
+ 'mo2f_GoogleAuthenticator_config_status' => true,
567
+ 'mo2f_configured_2FA_method' => 'Google Authenticator',
568
+ 'mo2f_AuthyAuthenticator_config_status' => false,
569
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
570
+ ) );
571
+
572
+ if(MO2F_IS_ONPREM){
573
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
574
+ //update_user_meta($current_user->ID, 'currentMethod','Google Authenticator');
575
+ //update_user_meta($current_user->ID,'Google Authenticator',true);
576
+ $gauth_obj= new Google_auth_onpremise();
577
+ $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
578
+ }
579
+ update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
580
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
581
+ unset($_SESSION['mo2f_google_auth']);
582
+ }else{
583
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
584
+ }
585
+ }else{
586
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
587
+ }
588
+ }else{
589
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
590
+ }
591
+ }else{
592
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
593
+ }
594
+ }else{
595
+ $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
596
+ }
597
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
598
+ }
599
+ }
600
+ }
601
+
602
+ function back_to_select_2fa(){
603
+ if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
604
+ $nonce = $_POST['miniorange_inline_two_factor_setup'];
605
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
606
+ $error = new WP_Error();
607
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
608
+ return $error;
609
+ } else {
610
+ global $Mo2fdbQueries;
611
+ $this->miniorange_pass2login_start_session();
612
+ unset($_SESSION['mo2f_google_auth']);
613
+ unset($_SESSION['mo2f_authy_keys']);
614
+ unset($_SESSION['secret_ga']);
615
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
616
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
617
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
618
+ $current_user = get_user_by('id',$user_id);
619
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
620
+ $mo2fa_login_message = '';
621
+ $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
622
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
623
+ }
624
+ }
625
+ }
626
+
627
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
628
+ {
629
+ $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
630
+ if(isset($tempEmail) and $tempEmail != '')
631
+ $email = $tempEmail;
632
+ global $Mo2fdbQueries;
633
+
634
+ $enduser = new Two_Factor_Setup();
635
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
636
+ $email = get_option('mo2f_email');
637
+
638
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
639
+
640
+ if(json_last_error() == JSON_ERROR_NONE){
641
+
642
+
643
+
644
+ if($check_user['status'] == 'ERROR'){
645
+ return $check_user;
646
+
647
+ }
648
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
649
+
650
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
651
+ 'user_registration_with_miniorange' =>'SUCCESS',
652
+ 'mo2f_user_email' =>$email,
653
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
654
+ ) );
655
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
656
+
657
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
658
+ return $check_user;
659
+ }
660
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
661
+ $current_user = get_user_by('id',$current_user_id);
662
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
663
+
664
+ if(json_last_error() == JSON_ERROR_NONE) {
665
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
666
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
667
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
668
+ 'user_registration_with_miniorange' =>'SUCCESS',
669
+ 'mo2f_user_email' =>$email,
670
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
671
+ ) );
672
+
673
+ $mo2fa_login_message = '';
674
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
675
+ return $check_user;
676
+ }else{
677
+ $check_user['status']='ERROR';
678
+ $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
679
+ return $check_user;
680
+ }
681
+ }
682
+
683
+
684
+ }
685
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
686
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
687
+ $check_user['status']='ERROR';
688
+ $check_user['message']=$mo2fa_login_message;
689
+ return $check_user;
690
+ // $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
691
+ }
692
+
693
+ }
694
+ // }
695
+
696
+ }
697
+ function mo2f_skip_2fa_setup()
698
+ {
699
+ if(isset($_POST['miniorange_skip_2fa_nonce'])){
700
+ $nonce = $_POST['miniorange_skip_2fa_nonce'];
701
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
702
+ $error = new WP_Error();
703
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
704
+ return $error;
705
+ }
706
+ else{
707
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
708
+ global $Mo2fdbQueries;
709
+ $redirect_to = sanitize_text_field($_POST['redirect_to']);
710
+ $session_id_encrypt = sanitize_text_field($session_id_encrypt);
711
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
712
+
713
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
714
+
715
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
716
+ }
717
+ }
718
+ }
719
+
720
+ function save_inline_2fa_method(){
721
+ if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
722
+ $nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
723
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
724
+ $error = new WP_Error();
725
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
726
+ return $error;
727
+ } else {
728
+
729
+
730
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
731
+ global $Mo2fdbQueries;
732
+ $this->miniorange_pass2login_start_session();
733
+ $mo2fa_login_message = '';
734
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
735
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
736
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
737
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
738
+ $current_user = get_user_by('id',$user_id);
739
+ $currentUserId = $current_user->ID;
740
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
741
+ $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
742
+ if($user_registration_with_miniorange == 'SUCCESS'){
743
+ $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? $_POST['mo2f_selected_2factor_method'] : 'NONE';
744
+
745
+ if($selected_method == 'OUT OF BAND EMAIL'){
746
+ if(!MO2F_IS_ONPREM)
747
+ {
748
+ $current_user = get_userdata($currentUserId);
749
+ $email = $current_user->user_email;
750
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
751
+
752
+ if($response['status']=='ERROR') {
753
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
754
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
755
+ }
756
+ else
757
+ {
758
+ $enduser = new Two_Factor_Setup();
759
+
760
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
761
+ 'mo2f_email_verification_status' =>true,
762
+ 'mo2f_configured_2FA_method' =>'Email Verification',
763
+ 'mo2f_user_email' => $email
764
+ ) );
765
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
766
+ }
767
+ }
768
+ else
769
+ {
770
+ $enduser = new Two_Factor_Setup();
771
+
772
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
773
+ 'mo2f_email_verification_status' =>true,
774
+ 'mo2f_configured_2FA_method' =>'Email Verification',
775
+ 'mo2f_user_email' => $email
776
+ ) );
777
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
778
+ }
779
+ }else if($selected_method == 'OTP OVER EMAIL'){
780
+ $email = $current_user->user_email;
781
+ if(!MO2F_IS_ONPREM)
782
+ {
783
+ $current_user = get_userdata($currentUserId);
784
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
785
+ if($response['status']=='ERROR') {
786
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
787
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
788
+ }
789
+ else
790
+ {
791
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
792
+ if($user_email != '' and !is_null($user_email))
793
+ $email = $user_email;
794
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
795
+
796
+ }
797
+ }
798
+ else
799
+ {
800
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
801
+ }
802
+ }else if($selected_method == "GOOGLE AUTHENTICATOR"){
803
+ $this->miniorange_pass2login_start_session();
804
+ $mo2fa_login_message = '';
805
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
806
+ $google_auth = new Miniorange_Rba_Attributes();
807
+
808
+ $gauth_name= get_site_option('mo2f_google_appname');
809
+ $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
810
+
811
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
812
+
813
+ if ( MO2F_IS_ONPREM ) { //this should not be here
814
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
815
+ 'mo2f_configured_2FA_method' =>$selected_method,
816
+ ) );
817
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
818
+ $gauth_obj = new Google_auth_onpremise();
819
+
820
+ $onpremise_secret = $gauth_obj->createSecret();
821
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
822
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
823
+ $mo2f_google_auth = array();
824
+ $mo2f_google_auth['ga_qrCode'] = $url;
825
+ $mo2f_google_auth['ga_secret'] = $onpremise_secret;
826
+ $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
827
+ update_user_meta($current_user->ID,'mo2f_google_auth', json_encode($mo2f_google_auth));
828
+
829
+ }else{
830
+ $current_user = get_userdata($currentUserId);
831
+ $email = $current_user->user_email;
832
+ $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
833
+
834
+ if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
835
+ {
836
+ $email = $tempemail;
837
+ }
838
+
839
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
840
+ if($response['status']=='ERROR') {
841
+ $mo2fa_login_message=$response['message'];
842
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
843
+
844
+ }else{
845
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
846
+ 'mo2f_configured_2FA_method' =>$selected_method,
847
+ ) );
848
+ $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
849
+ if ( json_last_error() == JSON_ERROR_NONE ) {
850
+ if ( $google_response['status'] == 'SUCCESS' ) {
851
+
852
+ $mo2f_google_auth = array();
853
+ $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
854
+ $mo2f_google_auth['ga_secret'] = $google_response['secret'];
855
+ $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
856
+ update_user_meta( $current_user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
857
+
858
+ } else {
859
+ $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
860
+ }
861
+ }
862
+ }
863
+ }
864
+
865
+
866
+ }else{
867
+ //inline for others
868
+ if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
869
+ {
870
+ $current_user = get_userdata($currentUserId);
871
+ $email = $current_user->user_email;
872
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
873
+ if($response['status']=='ERROR') {
874
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
875
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
876
+ }else {
877
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
878
+ }
879
+ }else{
880
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
881
+ 'mo2f_configured_2FA_method' =>$selected_method,
882
+ ) );
883
+ }
884
+ }
885
+ }else{
886
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
887
+ }
888
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
889
+ }
890
+ }
891
+ }
892
+
893
+ function check_kba_validation($POSTED){
894
+ if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
895
+ $nonce = $POSTED['miniorange_kba_nonce'];
896
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
897
+ $error = new WP_Error();
898
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
899
+ return $error;
900
+ }else{
901
+ $this->miniorange_pass2login_start_session();
902
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
903
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
904
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
905
+ if ( isset( $user_id ) ) {
906
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
907
+ $mo2fa_login_message = 'Please provide both the answers.';
908
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
909
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
910
+ }
911
+ $otpToken = array();
912
+ $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
913
+ $otpToken[0] = $kba_questions[0]['question'];
914
+ $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
915
+ $otpToken[2] = $kba_questions[1]['question'];
916
+ $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
917
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? $_POST['mo2f_trust_device'] : 'false';
918
+ //if the php session folder has insufficient permissions, cookies to be used
919
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
920
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
921
+ $kba_validate = new Customer_Setup();
922
+ $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
923
+ global $Mo2fdbQueries;
924
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
925
+ if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
926
+ if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
927
+ try {
928
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
929
+ } catch ( Exception $e ) {
930
+ echo $e->getMessage();
931
+ }
932
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
933
+ } else {
934
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
935
+ }
936
+ } else {
937
+ $mo2fa_login_message = 'The answers you have provided are incorrect.';
938
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
939
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
940
+ }
941
+ } else {
942
+ $this->remove_current_activity($session_id_encrypt);
943
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
944
+ }
945
+ }
946
+ }
947
+ }
948
+ function check_rba_cancalation($POSTED){
949
+ $nonce = $POSTED['mo2f_trust_device_cancel_nonce'];
950
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
951
+ $error = new WP_Error();
952
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
953
+ return $error;
954
+ } else {
955
+ $this->miniorange_pass2login_start_session();
956
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
957
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
958
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
959
+ }
960
+ }
961
+ function check_rba_validation($POSTED){
962
+ $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
963
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
964
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
965
+ $this->remove_current_activity($session_id_encrypt);
966
+ $error = new WP_Error();
967
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
968
+ return $error;
969
+ } else {
970
+ $this->miniorange_pass2login_start_session();
971
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
972
+ try {
973
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
974
+ Global $Mo2fdbQueries;
975
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
976
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
977
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
978
+ } catch ( Exception $e ) {
979
+ echo $e->getMessage();
980
+ }
981
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
982
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
983
+ }
984
+ }
985
+
986
+ function miniorange2f_back_to_inline_registration($POSTED)
987
+ {
988
+ $nonce = $_POST['miniorange_back_inline_reg_nonce'];
989
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
990
+ $error = new WP_Error();
991
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
992
+ return $error;
993
+ } else {
994
+
995
+ $session_id_encrypt = sanitize_text_field($POSTED['session_id']);
996
+ $redirect_to = sanitize_text_field($POSTED['redirect_to']);
997
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
998
+ $mo2fa_login_message = '';
999
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
1000
+ }
1001
+
1002
+ }
1003
+
1004
+ function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
1005
+ $nonce = $_POST['miniorange_forgotphone'];
1006
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1007
+ $error = new WP_Error();
1008
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1009
+ return $error;
1010
+ } else {
1011
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1012
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1013
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1014
+ $mo2fa_login_message = '';
1015
+ $this->miniorange_pass2login_start_session();
1016
+ $customer = new Customer_Setup();
1017
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1018
+ Global $Mo2fdbQueries;
1019
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1020
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1021
+ if ( $kba_configuration_status ) {
1022
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1023
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1024
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1025
+ } else {
1026
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1027
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1028
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1029
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1030
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1031
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1032
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1033
+ //if the php session folder has insufficient permissions, cookies to be used
1034
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1035
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1036
+ $this->mo2f_transactionid=$content['txId'];
1037
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1038
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1039
+ } else {
1040
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1041
+ }
1042
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1043
+ }
1044
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1045
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1046
+ }
1047
+ }
1048
+ function check_miniorange_alternate_login_kba($POSTED){
1049
+ $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1050
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1051
+ $error = new WP_Error();
1052
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1053
+ return $error;
1054
+ } else {
1055
+ $this->miniorange_pass2login_start_session();
1056
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1057
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1058
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1059
+ $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1060
+ }
1061
+ }
1062
+ function check_miniorange_mobile_validation($POSTED){
1063
+ /*check mobile validation */
1064
+
1065
+ $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1066
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1067
+ $error = new WP_Error();
1068
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1069
+ return $error;
1070
+ } else {
1071
+ if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1072
+ {
1073
+ $txid = $POSTED['TxidEmail'];
1074
+ $status = get_option($txid);
1075
+ if($status != '')
1076
+ {
1077
+ if($status != 1)
1078
+ {
1079
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1080
+ }
1081
+ }
1082
+ }
1083
+ $this->miniorange_pass2login_start_session();
1084
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1085
+ //if the php session folder has insufficient permissions, cookies to be used
1086
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1087
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1088
+ $checkMobileStatus = new Two_Factor_Setup();
1089
+ $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1090
+ $response = json_decode( $content, true );
1091
+ if(MO2F_IS_ONPREM)
1092
+ {
1093
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1094
+ }
1095
+ if ( json_last_error() == JSON_ERROR_NONE ) {
1096
+ if ( $response['status'] == 'SUCCESS' ) {
1097
+ if ( get_option( 'mo2f_remember_device' ) ) {
1098
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1099
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1100
+ } else {
1101
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1102
+ }
1103
+ } else {
1104
+ $this->remove_current_activity($session_id_encrypt);
1105
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1106
+ }
1107
+ } else {
1108
+ $this->remove_current_activity($session_id_encrypt);
1109
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1110
+ }
1111
+ }
1112
+ }
1113
+ function check_miniorange_mobile_validation_failed($POSTED){
1114
+ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1115
+ $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1116
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1117
+ $error = new WP_Error();
1118
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1119
+ return $error;
1120
+ } else {
1121
+ $this->miniorange_pass2login_start_session();
1122
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1123
+ $this->remove_current_activity($session_id_encrypt);
1124
+
1125
+ }
1126
+ }
1127
+ function check_miniorange_forgotphone($POSTED){
1128
+ $nonce = $POSTED['miniorange_forgotphone'];
1129
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1130
+ $error = new WP_Error();
1131
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1132
+ return $error;
1133
+ } else {
1134
+ global $Mo2fdbQueries;
1135
+ $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1136
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1137
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1138
+ $mo2fa_login_message = '';
1139
+ $this->miniorange_pass2login_start_session();
1140
+ $customer = new Customer_Setup();
1141
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1142
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1143
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1144
+ if ( $kba_configuration_status ) {
1145
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1146
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1147
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1148
+ } else {
1149
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1150
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1151
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1152
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1153
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1154
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1155
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1156
+ //if the php session folder has insufficient permissions, cookies to be used
1157
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1158
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1159
+ $this->mo2f_transactionid=$content['txId'];
1160
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1161
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1162
+ } else {
1163
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1164
+ }
1165
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1166
+ }
1167
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1168
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1169
+ }
1170
+ }
1171
+ function check_miniorange_softtoken($POSTED){
1172
+ /*Click on the link of phone is offline */
1173
+ $nonce = $POSTED['miniorange_softtoken'];
1174
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1175
+ $error = new WP_Error();
1176
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1177
+ return $error;
1178
+ } else {
1179
+ $this->miniorange_pass2login_start_session();
1180
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1181
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1182
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1183
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1184
+ MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1185
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1186
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1187
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1188
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1189
+ }
1190
+ }
1191
+ function check_miniorange_soft_token($POSTED){
1192
+ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1193
+ $nonce = $_POST['miniorange_soft_token_nonce'];
1194
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1195
+ $error = new WP_Error();
1196
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1197
+ return $error;
1198
+ }else {
1199
+ $this->miniorange_pass2login_start_session();
1200
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1201
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? $_POST['request_origin_method'] : null;
1202
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
1203
+ $softtoken = '';
1204
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1205
+ $attempts = get_option('mo2f_attempts_before_redirect', 3);
1206
+ if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1207
+ if($attempts>1 || $attempts=='disabled')
1208
+ {
1209
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1210
+ $mo2fa_login_message = 'Please enter OTP to proceed.';
1211
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1212
+ }else{
1213
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1214
+ $this->remove_current_activity($session_id_encrypt);
1215
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1216
+ }
1217
+ } else {
1218
+ $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1219
+ if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1220
+ if($attempts>1|| $attempts=='disabled')
1221
+ {
1222
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1223
+ $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1224
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1225
+ }else{
1226
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1227
+ $this->remove_current_activity($session_id_encrypt);
1228
+ update_option('mo2f_attempts_before_redirect', 3);
1229
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1230
+ $data = array('reload' => "reload", );
1231
+ wp_send_json_success($data);
1232
+ }
1233
+ else
1234
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1235
+ }
1236
+ }
1237
+ }
1238
+
1239
+ global $Mo2fdbQueries;
1240
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1241
+ if ( isset( $user_id ) ) {
1242
+ $customer = new Customer_Setup();
1243
+ $content = '';
1244
+ $current_user = get_userdata($user_id);
1245
+ //if the php session folder has insufficient permissions, cookies to be used
1246
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1247
+
1248
+ if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1249
+ $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1250
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1251
+ $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1252
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1253
+ $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1254
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1255
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1256
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1257
+ $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1258
+ } else {
1259
+ $this->remove_current_activity($session_id_encrypt);
1260
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1261
+ }
1262
+
1263
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1264
+ update_option('mo2f_attempts_before_redirect', 3);
1265
+ if ( get_option( 'mo2f_remember_device' ) ) {
1266
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1267
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1268
+ } else {
1269
+ if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1270
+ {
1271
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1272
+ $enduser = new Two_Factor_Setup();
1273
+
1274
+ $enduser->mo2f_update_userinfo( $user_email, 'OTP Over Email', null, null, null );
1275
+
1276
+ }
1277
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1278
+ }
1279
+ } else {
1280
+ if($attempts>1 || $attempts=='disabled')
1281
+ {
1282
+ update_option('mo2f_attempts_before_redirect', $attempts-1);
1283
+ $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1284
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1285
+ }else{
1286
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1287
+ $this->remove_current_activity($session_id_encrypt);
1288
+ update_option('mo2f_attempts_before_redirect', 3);
1289
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1290
+ $data = array('reload' => "reload", );
1291
+ wp_send_json_success($data);
1292
+ }
1293
+ else
1294
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1295
+ }
1296
+ }
1297
+ } else {
1298
+ $this->remove_current_activity($session_id_encrypt);
1299
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1300
+ }
1301
+ }
1302
+ }
1303
+ function check_miniorange_attribute_collection($POSTED){
1304
+ $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1305
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1306
+ $error = new WP_Error();
1307
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1308
+ return $error;
1309
+ } else {
1310
+ $this->miniorange_pass2login_start_session();
1311
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1312
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1313
+ $currentuser = get_user_by( 'id', $user_id );
1314
+ $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1315
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? $POSTED['redirect_to'] : null;
1316
+ $session_id = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1317
+ $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1318
+ }
1319
+ }
1320
+ function check_miniorange_inline_skip_registration($POSTED){
1321
+ $error = new WP_Error();
1322
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1323
+ }
1324
+ function miniorange_pass2login_redirect() {
1325
+ do_action('mo2f_network_init');
1326
+ global $Mo2fdbQueries;
1327
+
1328
+ if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
1329
+ if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1330
+ $nonce = $_POST['miniorange_login_nonce'];
1331
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
1332
+
1333
+ if(is_null($session_id)) {
1334
+ $session_id=$this->create_session();
1335
+ }
1336
+
1337
+
1338
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1339
+ $this->remove_current_activity($session_id);
1340
+ $error = new WP_Error();
1341
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1342
+ return $error;
1343
+ } else {
1344
+ $this->miniorange_pass2login_start_session();
1345
+ $mobile_login = new Miniorange_Mobile_Login();
1346
+ //validation and sanitization
1347
+ $username = '';
1348
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
1349
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1350
+ $mobile_login->mo_auth_show_error_message();
1351
+ return;
1352
+ } else {
1353
+ $username = sanitize_text_field( $_POST['mo2fa_username'] );
1354
+ }
1355
+ if ( username_exists( $username ) ) { /*if username exists in wp site */
1356
+ $user = new WP_User( $username );
1357
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
1358
+ MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
1359
+ MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
1360
+ $this->mo2f_userId=$user->ID;
1361
+ $this->fstfactor='VALIDATE_SUCCESS';
1362
+ $current_roles = miniorange_get_user_role( $user );
1363
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1364
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1365
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1366
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1367
+
1368
+ if(MO2F_IS_ONPREM )
1369
+ {
1370
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1371
+
1372
+ }
1373
+ if ( $mo2f_configured_2FA_method ) {
1374
+ if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
1375
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
1376
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1377
+ } else {
1378
+ $mo2f_second_factor = '';
1379
+
1380
+ if(MO2F_IS_ONPREM)
1381
+ {
1382
+ global $Mo2fdbQueries;
1383
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1384
+ if($mo2f_second_factor == 'Security Questions')
1385
+ {
1386
+ $mo2f_second_factor = 'KBA';
1387
+ }
1388
+ else if($mo2f_second_factor == 'Google Authenticator')
1389
+ {
1390
+ $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
1391
+ }
1392
+ else if($mo2f_second_factor != 'Email Verification')
1393
+ $mo2f_second_factor = 'NONE';
1394
+ }else{
1395
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
1396
+ }
1397
+
1398
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
1399
+ $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
1400
+ } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
1401
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1402
+ }
1403
+ else if($mo2f_second_factor == 'Email Verification'){
1404
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1405
+ }
1406
+ else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
1407
+ $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1408
+ } else if ( $mo2f_second_factor == 'KBA' ) {
1409
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1410
+ } else {
1411
+ $this->remove_current_activity($session_id);
1412
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
1413
+ $mobile_login->mo_auth_show_success_message();
1414
+ }
1415
+ }
1416
+ } else {
1417
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
1418
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1419
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1420
+ $mobile_login->mo2f_redirectto_wp_login();
1421
+ }
1422
+ } else {
1423
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
1424
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1425
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1426
+ $mobile_login->mo2f_redirectto_wp_login();
1427
+ }
1428
+ } else {
1429
+ $mobile_login->remove_current_activity($session_id);
1430
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
1431
+ $mobile_login->mo_auth_show_error_message('Invalid Username.');
1432
+ }
1433
+ }
1434
+ }
1435
+
1436
+ }
1437
+ if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
1438
+ {
1439
+ $userIDGet = sanitize_text_field($_GET['userID']);
1440
+ $txIdGet = sanitize_text_field($_GET['Txid']);
1441
+ $otpToken = get_site_option($userIDGet);
1442
+ $txidstatus = get_site_option($txIdGet);
1443
+ $userIDd = $userIDGet.'D';
1444
+ $otpTokenD = get_site_option($userIDd);
1445
+ $mo2f_dirName = dirname(__FILE__);
1446
+ $mo2f_dirName = explode('wp-content', $mo2f_dirName);
1447
+ $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
1448
+
1449
+ $head = "You are not authorized to perform this action";
1450
+ $body = "Please contact to your admin";
1451
+ $color = "red";
1452
+ if(3 == $txidstatus)
1453
+ {
1454
+ $time = "time".$txIdGet;
1455
+ $currentTimeInMillis = round(microtime(true) * 1000);
1456
+ $generatedTimeINMillis = get_site_option($time);
1457
+ $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
1458
+ if($difference <= 300)
1459
+ {
1460
+ $accessTokenGet = sanitize_text_field($_GET['accessToken']);
1461
+ if( $accessTokenGet == $otpToken)
1462
+ {
1463
+ update_site_option($txIdGet,1);
1464
+ $body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
1465
+ $head = "TRANSACTION SUCCESSFUL";
1466
+ $color = "green";
1467
+ }
1468
+ else if($accessTokenGet==$otpTokenD)
1469
+ {
1470
+ update_site_option($txIdGet,0);
1471
+ $body = "Transaction has been Canceled.<br><br>Please Try Again.";
1472
+ $head = "TRANSACTION DENIED";
1473
+ }
1474
+ }
1475
+ delete_site_option($userIDGet);
1476
+ delete_site_option($userIDd);
1477
+ delete_site_option($time);
1478
+
1479
+ }
1480
+
1481
+ $this->display_email_verification($head,$body,$color);
1482
+ exit;
1483
+
1484
+ }
1485
+ elseif (isset($_POST['emailInlineCloud'])) {
1486
+ $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
1487
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
1488
+ $error = new WP_Error();
1489
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1490
+ return $error;
1491
+ } else {
1492
+ $email = sanitize_text_field($_POST['emailInlineCloud']);
1493
+ $current_user_id = sanitize_text_field($_POST['current_user_id']);
1494
+ //$session_id = sanitize_text_field($_POST['session_id']);
1495
+ if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
1496
+ global $Mo2fdbQueries;
1497
+ $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
1498
+ prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','','','',null);
1499
+ }
1500
+ }
1501
+ }
1502
+ else if(isset($_POST['txid']))
1503
+ {
1504
+ $txidpost = sanitize_text_field($_POST['txid']);
1505
+ $status = get_site_option($txidpost);
1506
+ update_option('optionVal1',$status); //??
1507
+ if($status ==1 || $status ==0)
1508
+ delete_site_option($txidpost);
1509
+ echo $status;
1510
+ exit();
1511
+ }
1512
+
1513
+
1514
+
1515
+ else{
1516
+
1517
+ $value=isset($_POST['option'])?$_POST['option']:false;
1518
+
1519
+ switch ($value) {
1520
+ case 'miniorange_rba_validate':
1521
+ $this->check_rba_validation($_POST);
1522
+ break;
1523
+
1524
+ case 'miniorange_rba_cancle':
1525
+
1526
+ $this->check_rba_cancalation($_POST);
1527
+ break;
1528
+
1529
+ case 'miniorange_forgotphone':
1530
+ $this->check_miniorange_challenge_forgotphone($_POST);
1531
+ break;
1532
+
1533
+ case 'miniorange2f_back_to_inline_registration':
1534
+ $this->miniorange2f_back_to_inline_registration($_POST);
1535
+ exit;
1536
+
1537
+ case 'miniorange_alternate_login_kba':
1538
+
1539
+ $this->check_miniorange_alternate_login_kba($_POST);
1540
+ break;
1541
+
1542
+ case 'miniorange_kba_validate':
1543
+ $this->check_kba_validation($_POST);
1544
+
1545
+ break;
1546
+
1547
+ case 'miniorange_mobile_validation':
1548
+ $this->check_miniorange_mobile_validation($_POST);
1549
+ break;
1550
+
1551
+ case 'miniorange_mobile_validation_failed':
1552
+ $this->check_miniorange_mobile_validation_failed($_POST);
1553
+ break;
1554
+
1555
+ case 'miniorange_softtoken':
1556
+ $this->check_miniorange_softtoken($_POST);
1557
+
1558
+ break;
1559
+
1560
+
1561
+ case 'miniorange_soft_token':
1562
+
1563
+ $this->check_miniorange_soft_token($_POST);
1564
+ break;
1565
+
1566
+ case 'miniorange_inline_skip_registration':
1567
+ $this->check_miniorange_inline_skip_registration($_POST);
1568
+ break;
1569
+
1570
+ case 'miniorange_attribute_collection':
1571
+ $this->check_miniorange_attribute_collection($_POST);
1572
+ break;
1573
+
1574
+ case 'miniorange_inline_save_2factor_method':
1575
+ $this->save_inline_2fa_method();
1576
+ break;
1577
+
1578
+ case 'mo2f_skip_2fa_setup':
1579
+ $this->mo2f_skip_2fa_setup();
1580
+ break;
1581
+
1582
+ case 'miniorange_back_inline':
1583
+ $this->back_to_select_2fa();
1584
+ break;
1585
+
1586
+ case 'miniorange_inline_ga_validate':
1587
+ $this->inline_validate_and_set_ga();
1588
+ break;
1589
+
1590
+ case 'miniorange_inline_show_mobile_config':
1591
+ $this->inline_mobile_configure();
1592
+ break;
1593
+
1594
+ case 'miniorange_inline_complete_mobile':
1595
+ $this->mo2f_inline_validate_mobile_authentication();
1596
+ break;
1597
+
1598
+ case 'mo2f_inline_kba_option':
1599
+ $this->mo2f_inline_validate_kba();
1600
+ break;
1601
+
1602
+ case 'miniorange_inline_complete_otp_over_sms':
1603
+ $this->mo2f_inline_send_otp();
1604
+ break;
1605
+
1606
+ case 'miniorange_inline_complete_otp':
1607
+ $this->mo2f_inline_validate_otp();
1608
+ break;
1609
+
1610
+ case 'miniorange_inline_login':
1611
+ $this->mo2f_inline_login();
1612
+ break;
1613
+ case 'miniorange_inline_register':
1614
+ $this->mo2f_inline_register();
1615
+ break;
1616
+ default:
1617
+ $error = new WP_Error();
1618
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1619
+
1620
+ return $error;
1621
+ break;
1622
+
1623
+
1624
+ }
1625
+ }
1626
+ }
1627
+
1628
+ function deniedMessage($message)
1629
+ {
1630
+ if(empty($message) && get_option("deniedMessage") )
1631
+ {
1632
+ delete_option('deniedMessage');
1633
+ }
1634
+ else
1635
+ return $message;
1636
+ }
1637
+ function remove_current_activity($session_id) {
1638
+ global $Mo2fdbQueries;
1639
+ $session_variables = array(
1640
+ 'mo2f_current_user_id',
1641
+ 'mo2f_1stfactor_status',
1642
+ 'mo_2factor_login_status',
1643
+ 'mo2f-login-qrCode',
1644
+ 'mo2f_transactionId',
1645
+ 'mo2f_login_message',
1646
+ 'mo2f_rba_status',
1647
+ 'mo_2_factor_kba_questions',
1648
+ 'mo2f_show_qr_code',
1649
+ 'mo2f_google_auth',
1650
+ 'mo2f_authy_keys'
1651
+ );
1652
+
1653
+ $cookie_variables = array(
1654
+ 'mo2f_current_user_id',
1655
+ 'mo2f_1stfactor_status',
1656
+ 'mo_2factor_login_status',
1657
+ 'mo2f-login-qrCode',
1658
+ 'mo2f_transactionId',
1659
+ 'mo2f_login_message',
1660
+ 'mo2f_rba_status_status',
1661
+ 'mo2f_rba_status_sessionUuid',
1662
+ 'mo2f_rba_status_decision_flag',
1663
+ 'kba_question1',
1664
+ 'kba_question2',
1665
+ 'mo2f_show_qr_code',
1666
+ 'mo2f_google_auth',
1667
+ 'mo2f_authy_keys'
1668
+ );
1669
+
1670
+ $temp_table_variables = array(
1671
+ 'session_id',
1672
+ 'mo2f_current_user_id',
1673
+ 'mo2f_login_message',
1674
+ 'mo2f_1stfactor_status',
1675
+ 'mo2f_transactionId',
1676
+ 'mo_2_factor_kba_questions',
1677
+ 'mo2f_rba_status',
1678
+ 'ts_created'
1679
+ );
1680
+
1681
+ MO2f_Utility::unset_session_variables( $session_variables );
1682
+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
1683
+ $key = get_option( 'mo2f_encryption_key' );
1684
+ $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
1685
+ $Mo2fdbQueries->save_user_login_details( $session_id, array(
1686
+
1687
+ 'mo2f_current_user_id' => '',
1688
+ 'mo2f_login_message' => '',
1689
+ 'mo2f_1stfactor_status' => '',
1690
+ 'mo2f_transactionId' => '',
1691
+ 'mo_2_factor_kba_questions' => '',
1692
+ 'mo2f_rba_status' => '',
1693
+ 'ts_created' => ''
1694
+ ) );
1695
+
1696
+
1697
+ }
1698
+
1699
+ public function miniorange_pass2login_start_session() {
1700
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1701
+ $session_path = ini_get('session.save_path');
1702
+ if( is_writable($session_path) && is_readable($session_path) ) {
1703
+ session_start();
1704
+ }
1705
+ }
1706
+ }
1707
+
1708
+ function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
1709
+ global $Mo2fdbQueries,$LoginuserID;
1710
+ $LoginuserID = $user_id;
1711
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1712
+ if(is_null($session_id)) {
1713
+ $session_id=$this->create_session();
1714
+ }
1715
+ if(MO2F_IS_ONPREM){
1716
+ $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
1717
+ $challenge_questions = array_keys($question_answers);
1718
+ $random_keys = array_rand($challenge_questions,2);
1719
+ $challenge_ques1 = $challenge_questions[$random_keys[0]];
1720
+ $challenge_ques2 = $challenge_questions[$random_keys[1]];
1721
+ $questions[0] = array('question'=>$challenge_ques1);
1722
+ $questions[1] = array('question'=>$challenge_ques2);
1723
+ update_user_meta( $user_id, 'kba_questions_user', $questions );
1724
+ $mo2fa_login_message = 'Please answer the following questions:';
1725
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1726
+ $mo2f_kbaquestions = $questions;
1727
+ MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1728
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1729
+ }
1730
+
1731
+ else{
1732
+ $challengeKba = new Customer_Setup();
1733
+ $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1734
+ $response = json_decode( $content, true );
1735
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1736
+ if ( $response['status'] == 'SUCCESS' ) {
1737
+ MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
1738
+ $this->mo2f_transactionid = $response['txId'];
1739
+ $questions = array();
1740
+ $questions[0] = $response['questions'][0];
1741
+ $questions[1] = $response['questions'][1];
1742
+ MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1743
+ $this->mo2f_kbaquestions=$questions;
1744
+ $mo2fa_login_message = 'Please answer the following questions:';
1745
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1746
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1747
+ } else if ( $response['status'] == 'ERROR' ) {
1748
+ $this->remove_current_activity($session_id);
1749
+ $error = new WP_Error();
1750
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1751
+
1752
+ return $error;
1753
+ }
1754
+ } else {
1755
+ $this->remove_current_activity($session_id);
1756
+ $error = new WP_Error();
1757
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1758
+
1759
+ return $error;
1760
+ }
1761
+ }
1762
+ }
1763
+
1764
+ function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt,$show_back_button =null ) {
1765
+
1766
+ $login_status = $mo2fa_login_status;
1767
+ $login_message = $mo2fa_login_message;
1768
+ switch ($login_status) {
1769
+ case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
1770
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1771
+ mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
1772
+ exit;
1773
+ break;
1774
+ case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
1775
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1776
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1777
+ exit;
1778
+ break;
1779
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
1780
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1781
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button );
1782
+ exit;
1783
+ break;
1784
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
1785
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1786
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1787
+ exit;
1788
+ break;
1789
+ case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
1790
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1791
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1792
+ exit;
1793
+ break;
1794
+ case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
1795
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1796
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1797
+ exit;
1798
+ break;
1799
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
1800
+ mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
1801
+ exit;
1802
+ break;
1803
+
1804
+ case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
1805
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1806
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1807
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1808
+ exit;
1809
+ break;
1810
+
1811
+ case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
1812
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1813
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1814
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1815
+ exit;
1816
+ break;
1817
+
1818
+ case 'MO_2_FACTOR_RECONFIG_GOOGLE':
1819
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1820
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
1821
+ exit;
1822
+ break;
1823
+
1824
+ case 'MO_2_FACTOR_RECONFIG_KBA':
1825
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1826
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
1827
+ exit;
1828
+ break;
1829
+
1830
+ case 'MO_2_FACTOR_SETUP_SUCCESS':
1831
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1832
+ $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
1833
+ break;
1834
+
1835
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
1836
+ $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
1837
+ if(MO2F_IS_ONPREM){
1838
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1839
+ $ques = get_user_meta( $user_id, 'kba_questions_user');
1840
+ mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
1841
+ }
1842
+ else{
1843
+ mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
1844
+ }
1845
+ exit;
1846
+ break;
1847
+
1848
+ case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
1849
+ mo2f_get_device_form( $redirect_to, $session_id_encrypt );
1850
+ exit;
1851
+ break;
1852
+
1853
+ case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
1854
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1855
+ prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
1856
+ exit;
1857
+ break;
1858
+
1859
+ default:
1860
+ $this->mo_2_factor_pass2login_show_wp_login_form();
1861
+ if(MO2F_IS_ONPREM){
1862
+ $this->mo_2_factor_pass2login_show_wp_login_form();
1863
+ }
1864
+ break;
1865
+ }
1866
+ }
1867
+
1868
+ function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
1869
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
1870
+ return true;
1871
+ }
1872
+
1873
+ return false;
1874
+ }
1875
+
1876
+ function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
1877
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1878
+ return true;
1879
+ }
1880
+
1881
+ return false;
1882
+ }
1883
+
1884
+ function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
1885
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
1886
+ return true;
1887
+ }
1888
+
1889
+ return false;
1890
+ }
1891
+
1892
+ function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
1893
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
1894
+ return true;
1895
+ }
1896
+
1897
+ return false;
1898
+ }
1899
+
1900
+ function miniorange_pass2login_reconfig_google( $login_status ) {
1901
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
1902
+ return true;
1903
+ }
1904
+
1905
+ return false;
1906
+ }
1907
+
1908
+ function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
1909
+
1910
+ do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
1911
+
1912
+
1913
+ }
1914
+
1915
+ function miniorange_pass2login_reconfig_kba( $login_status ) {
1916
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
1917
+ return true;
1918
+ }
1919
+
1920
+ return false;
1921
+ }
1922
+
1923
+ function miniorange_pass2login_check_kba_status( $login_status ) {
1924
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
1925
+ return true;
1926
+ }
1927
+
1928
+ return false;
1929
+ }
1930
+
1931
+ function miniorange_pass2login_check_trusted_device_status( $login_status ) {
1932
+
1933
+ if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
1934
+ return true;
1935
+ }
1936
+
1937
+ return false;
1938
+ }
1939
+
1940
+ function mo_2_factor_pass2login_woocommerce(){
1941
+ ?>
1942
+ <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
1943
+ <?php
1944
+ }
1945
+ function mo_2_factor_pass2login_show_wp_login_form() {
1946
+
1947
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? $_POST['session_id'] : (isset( $_POST['session_id'] ) ? $_POST['session_id'] : null);
1948
+ if(is_null($session_id_encrypt)) {
1949
+ $session_id_encrypt=$this->create_session();
1950
+ }
1951
+ wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
1952
+ wp_localize_script( 'tmlajax_script', 'my_ajax_object',
1953
+ array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
1954
+ ?>
1955
+ <p><input type="hidden" name="miniorange_login_nonce"
1956
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
1957
+
1958
+ <input type="hidden" id="sessid" name="session_id"
1959
+ value="<?php echo $session_id_encrypt; ?>"/>
1960
+
1961
+ </p>
1962
+
1963
+ <?php
1964
+ if ( get_option( 'mo2f_remember_device' ) ) {
1965
+ ?>
1966
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
1967
+ <?php
1968
+ wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
1969
+ wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
1970
+ wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
1971
+ wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
1972
+ wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
1973
+ wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
1974
+ wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
1975
+ wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
1976
+ wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
1977
+ }else{
1978
+
1979
+
1980
+ if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option'))
1981
+ {
1982
+ echo "\t<p>\n";
1983
+ echo "\t\t<label class=\"mo2f_instuction1\" title=\"".__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('2 Factor Authentication code*','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
1984
+ echo "\t\t<input type=\"text\" placeholder=\"No soft Token ? Skip\" name=\"mo_softtoken\" id=\"mo2f_2fa_code\" class=\"mo2f_2fa_code\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
1985
+ echo "\t<p class=\"mo2f_instuction2\" style='color:red; font-size:12px;padding:5px'>* Skip the authentication code if it doesn't apply.</p>\n";
1986
+ echo "\t</p>\n";
1987
+ echo " \r\n";
1988
+ echo " \r\n";
1989
+ echo "\n";
1990
+ }
1991
+ }
1992
+
1993
+ }
1994
+
1995
+ function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
1996
+ global $Mo2fdbQueries;
1997
+ if (is_null($session_id_encrypt)){
1998
+ $session_id_encrypt=$this->create_session();
1999
+ }
2000
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2001
+ $useragent = $_SERVER['HTTP_USER_AGENT'];
2002
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
2003
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
2004
+
2005
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
2006
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
2007
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
2008
+
2009
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2010
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2011
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
2012
+ } else {
2013
+ $challengeMobile = new Customer_Setup();
2014
+ $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2015
+ $response = json_decode( $content, true );
2016
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2017
+ if ( $response['status'] == 'SUCCESS' ) {
2018
+ $qrCode = $response['qrCode'];
2019
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
2020
+ $this->mo2f_transactionid=$response['txId'];
2021
+ $mo2fa_login_message = '';
2022
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
2023
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
2024
+ } else if ( $response['status'] == 'ERROR' ) {
2025
+ $this->remove_current_activity($session_id_encrypt);
2026
+ $error = new WP_Error();
2027
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2028
+
2029
+ return $error;
2030
+ }
2031
+ } else {
2032
+ $this->remove_current_activity($session_id_encrypt);
2033
+ $error = new WP_Error();
2034
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2035
+
2036
+ return $error;
2037
+ }
2038
+ }
2039
+
2040
+ }
2041
+
2042
+ function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2043
+
2044
+ global $Mo2fdbQueries;
2045
+ if(is_null($session_id)){
2046
+ $session_id=$this->create_session();
2047
+ }
2048
+ $challengeMobile = new Customer_Setup();
2049
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2050
+ if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2051
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2052
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2053
+ $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2054
+
2055
+ }else {
2056
+ $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2057
+ }
2058
+ $response = json_decode( $content, true );
2059
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2060
+ if ( $response['status'] == 'SUCCESS' ) {
2061
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2062
+ $this->mo2f_transactionid=$response['txId'];
2063
+
2064
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2065
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2066
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2067
+ } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2068
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2069
+ $this->mo2f_transactionid=$response['txId'];
2070
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2071
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2072
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2073
+ }
2074
+ } else {
2075
+ $this->remove_current_activity($session_id);
2076
+ $error = new WP_Error();
2077
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2078
+
2079
+ return $error;
2080
+ }
2081
+ }
2082
+
2083
+ function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2084
+ global $Mo2fdbQueries;
2085
+ if(is_null($session_id)){
2086
+ $session_id=$this->create_session();
2087
+ }
2088
+ $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2089
+ if($mo2f_second_factor == 'EMAIL')
2090
+ {
2091
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2092
+ $wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
2093
+ if($wdewdeqdqq >30 or get_site_option(base64_encode("limitReached")))
2094
+ {
2095
+ update_site_option(base64_encode("remainingOTP"),0);
2096
+ }
2097
+ }
2098
+ else
2099
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2100
+ if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2101
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2102
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2103
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2104
+ } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2105
+ $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2106
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2107
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2108
+ } else {
2109
+ $challengeMobile = new Customer_Setup();
2110
+ $content = '';
2111
+ $response = [];
2112
+ $otpLIMiTE = 0;
2113
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
2114
+ {
2115
+ if($mo2f_second_factor == 'OTP Over SMS')
2116
+ $mo2f_second_factor = 'SMS';
2117
+ $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2118
+ $response = json_decode( $content, true );
2119
+
2120
+ }
2121
+ else
2122
+ {
2123
+ $response['status'] = 'FAILED';
2124
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2125
+ $otpLIMiTE = 1;
2126
+ }
2127
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2128
+ if ( $response['status'] == 'SUCCESS' ) {
2129
+ if($mo2f_second_factor == 'EMAIL')
2130
+ {
2131
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2132
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2133
+ }
2134
+ elseif($mo2f_second_factor == 'SMS')
2135
+ {
2136
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2137
+ }
2138
+ if(!isset($response['phoneDelivery']['contact']))
2139
+ $response['phoneDelivery']['contact'] = '';
2140
+ $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2141
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2142
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2143
+ $this->mo2f_transactionid=$response['txId'];
2144
+ $mo2fa_login_message = $message;
2145
+ $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2146
+
2147
+ if($currentMethod == 'OTP Over Email')
2148
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2149
+ else
2150
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2151
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2152
+ } else {
2153
+
2154
+
2155
+ if($response['message'] == 'TEST FAILED.')
2156
+ $response['message'] = 'There is an error in sending the OTP.';
2157
+
2158
+ $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
2159
+
2160
+ if($otpLIMiTE ==1)
2161
+ $last_message = 'or contact miniOrange';
2162
+
2163
+ else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
2164
+ $last_message = 'Or check your SMTP Server and remaining transacions.';
2165
+ else
2166
+ $last_message = 'Or check your remaining transacions';
2167
+
2168
+ $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
2169
+ if(!isset($response['txId']))
2170
+ $response['txId'] = '';
2171
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2172
+ $this->mo2f_transactionid=$response['txId'];
2173
+ $mo2fa_login_message = $message;
2174
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2175
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2176
+ }
2177
+ } else {
2178
+ $this->remove_current_activity($session_id);
2179
+ $error = new WP_Error();
2180
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2181
+ return $error;
2182
+ }
2183
+ }
2184
+ }
2185
+
2186
+ function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
2187
+ if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
2188
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
2189
+ $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
2190
+ } else {
2191
+ $user_id=$this->mo2f_userID;
2192
+ $mo2f_1stfactor_status=$this->fstfactor;
2193
+ }
2194
+ if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
2195
+ $currentuser = get_user_by( 'id', $user_id );
2196
+ wp_set_current_user( $user_id, $currentuser->user_login );
2197
+ $mobile_login = new Miniorange_Mobile_Login();
2198
+ $mobile_login->remove_current_activity($session_id_encrypted);
2199
+ wp_set_auth_cookie( $user_id, true );
2200
+ do_action( 'wp_login', $currentuser->user_login, $currentuser );
2201
+ redirect_user_to( $currentuser, $redirect_to );
2202
+ exit;
2203
+ } else {
2204
+ $this->remove_current_activity($session_id_encrypted);
2205
+ }
2206
+ }
2207
+
2208
+ function create_session(){
2209
+ global $Mo2fdbQueries;
2210
+ $session_id = MO2f_Utility::random_str(20);
2211
+ $Mo2fdbQueries->insert_user_login_session($session_id);
2212
+ $key = get_option( 'mo2f_encryption_key' );
2213
+ $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
2214
+ return $session_id_encrypt;
2215
+ }
2216
+
2217
+ function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
2218
+
2219
+ global $Mo2fdbQueries;
2220
+ $this->miniorange_pass2login_start_session();
2221
+ if(is_null($session_id_encrypt)) {
2222
+ $session_id_encrypt=$this->create_session();
2223
+ }
2224
+
2225
+ if(class_exists('UM_Functions'))
2226
+ {
2227
+ if(!isset($_POST['wp-submit']) and isset($_POST['um_request']))
2228
+ {
2229
+ $meta = get_option('um_role_'.$currentuser->roles[0].'_meta');
2230
+ if(isset($meta) and $meta != '')
2231
+ {
2232
+ if(isset($meta['_um_login_redirect_url']))
2233
+ $redirect_to = $meta['_um_login_redirect_url'];
2234
+ if($redirect_to == '')
2235
+ {
2236
+ $redirect_to = get_site_url();
2237
+ }
2238
+ }
2239
+ $login_form_url = '';
2240
+ if(isset($_POST['redirect_to']))
2241
+ $login_form_url = sanitize_text_field($_POST['redirect_to']);
2242
+
2243
+ if($login_form_url != '' and !is_null($login_form_url))
2244
+ {
2245
+ $redirect_to = $login_form_url;
2246
+ }
2247
+
2248
+ }
2249
+
2250
+ }
2251
+ MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
2252
+ MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
2253
+
2254
+ $this->mo2f_userID=$currentuser->ID;
2255
+ $this->fstfactor='VALIDATE_SUCCESS';
2256
+
2257
+ $is_customer_admin = true;
2258
+
2259
+ $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
2260
+ if($dG90YWxVc2Vyc0Nsb3Vk<3)
2261
+ $is_customer_admin = true;
2262
+
2263
+ $roles = ( array ) $currentuser->roles;
2264
+ $twofactor_enabled = 0;
2265
+ foreach ( $roles as $role ) {
2266
+ if(get_option('mo2fa_'.$role)=='1')
2267
+ $twofactor_enabled=1;
2268
+ }
2269
+
2270
+ if ( $is_customer_admin && $twofactor_enabled ) {
2271
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
2272
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
2273
+
2274
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
2275
+ $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
2276
+ }else{
2277
+ $mo2f_allwed_login_attempts= 'disabled';
2278
+ }
2279
+ update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
2280
+
2281
+ $twofactor_transactions = new Mo2fDB;
2282
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
2283
+ $tfa_enabled = $Mo2fdbQueries->get_user_detail( 'mo2f_2factor_enable_2fa_byusers', $currentuser->ID );
2284
+ if($tfa_enabled == 0 && ($mo_2factor_user_registration_status != 'MO_2_FACTOR_PLUGIN_SETTINGS') && $tfa_enabled != '')
2285
+ $exceeded =1;
2286
+
2287
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
2288
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2289
+ try {
2290
+ $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
2291
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
2292
+ $this->mo2f_rbastatus=$mo2f_rba_status;
2293
+ } catch ( Exception $e ) {
2294
+ echo $e->getMessage();
2295
+ }
2296
+
2297
+ if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
2298
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2299
+ } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
2300
+
2301
+ $this->mo2f_restrict_access( 'Access_denied' );
2302
+ exit;
2303
+ } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
2304
+ $this->mo2f_restrict_access( 'Access_denied' );
2305
+ exit;
2306
+ } else {
2307
+
2308
+ $mo2f_second_factor = '';
2309
+
2310
+ if(MO2F_IS_ONPREM)
2311
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2312
+ else
2313
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
2314
+
2315
+ if($mo2f_second_factor == 'miniOrange Soft Token')
2316
+ $mo2f_second_factor = "SOFT TOKEN";
2317
+ else if($mo2f_second_factor == "miniOrange Push Notification")
2318
+ $mo2f_second_factor = "PUSH NOTIFICATIONS";
2319
+ else if($mo2f_second_factor == "miniOrange QR Code Authentication")
2320
+ $mo2f_second_factor = "MOBILE AUTHENTICATION";
2321
+ else if($mo2f_second_factor == 'Security Questions')
2322
+ $mo2f_second_factor = 'KBA';
2323
+ else if($mo2f_second_factor == 'Google Authenticator')
2324
+ $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2325
+ else if($mo2f_second_factor == 'OTP Over SMS')
2326
+ $mo2f_second_factor = 'SMS';
2327
+ else if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
2328
+ $mo2f_second_factor = "EMAIL";
2329
+
2330
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
2331
+ {
2332
+ update_site_option("bGltaXRSZWFjaGVk",1);
2333
+
2334
+ }
2335
+ }
2336
+
2337
+
2338
+ if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
2339
+ {
2340
+ $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
2341
+ if(is_wp_error( $error))
2342
+ {
2343
+ return $error;
2344
+ }
2345
+ }
2346
+ else{
2347
+
2348
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2349
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
2350
+ } else {
2351
+
2352
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2353
+ $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
2354
+ } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification') {
2355
+ $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2356
+ } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL') {
2357
+ $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2358
+ } else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
2359
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
2360
+ } else if ( $mo2f_second_factor == 'NONE' ) {
2361
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2362
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2363
+ else
2364
+ return $currentuser;
2365
+ } else {
2366
+ $this->remove_current_activity($session_id_encrypt);
2367
+ $error = new WP_Error();
2368
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2369
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Two Factor method has not been configured.', );
2370
+ wp_send_json_success($data);
2371
+ }
2372
+ else{
2373
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
2374
+ return $error;
2375
+ }
2376
+ }
2377
+ }
2378
+ }
2379
+
2380
+ }
2381
+ }else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
2382
+ $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
2383
+
2384
+ } else {
2385
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2386
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2387
+ else
2388
+ return $currentuser;
2389
+ }
2390
+
2391
+ } else { //plugin is not activated for current role then logged him in without asking 2 factor
2392
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2393
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2394
+ else
2395
+ return $currentuser;
2396
+ }
2397
+
2398
+ }
2399
+
2400
+ function mo2fa_inline($currentuser,$redirect_to,$session_id){
2401
+
2402
+ global $Mo2fdbQueries;
2403
+ $currentUserId = $currentuser->ID;
2404
+ $email = $currentuser->user_email;
2405
+ $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
2406
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
2407
+ 'user_registration_with_miniorange' =>'SUCCESS',
2408
+ 'mo2f_user_email' =>$email,
2409
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
2410
+ ) );
2411
+
2412
+ $mo2fa_login_message = '';
2413
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2414
+
2415
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
2416
+ //}
2417
+ }
2418
+
2419
+ function mo2f_validate_soft_token($currentuser, $redirect_to = null, $mo2f_second_factor, $softtoken,$session_id_encrypt){
2420
+ global $Mo2fdbQueries;
2421
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2422
+ $customer = new Customer_Setup();
2423
+ $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2424
+
2425
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2426
+ if ( get_option( 'mo2f_remember_device' ) ) {
2427
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
2428
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
2429
+ } else {
2430
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2431
+ }
2432
+ } else {
2433
+ if( MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2434
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid One Time Passcode.', );
2435
+ wp_send_json_success($data);
2436
+ }
2437
+ else
2438
+ return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
2439
+ }
2440
+ }
2441
+
2442
+ function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
2443
+ {
2444
+
2445
+ $challengeMobile = new Customer_Setup();
2446
+ $content = '';
2447
+ $response = [];
2448
+ $otpLIMiTE = 0;
2449
+ if(get_site_option("cmVtYWluaW5nT1RQ")>0)
2450
+ {
2451
+ $content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
2452
+ $response = json_decode( $content, true );
2453
+ if(!MO2F_IS_ONPREM)
2454
+ {
2455
+ if(isset($response['txId']))
2456
+ MO2f_Utility::set_user_values( $session_id_encrypt, "mo2f_transactionId", $response['txId'] );
2457
+ }
2458
+
2459
+ }
2460
+ else
2461
+ {
2462
+ $response['status'] = 'FAILED';
2463
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2464
+ $otpLIMiTE = 1;
2465
+ }
2466
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2467
+ if ( $response['status'] == 'SUCCESS' ) {
2468
+ $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
2469
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2470
+ $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
2471
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2472
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 );
2473
+ }
2474
+ else
2475
+ {
2476
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2477
+ $mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
2478
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
2479
+ }
2480
+ }
2481
+ }
2482
+ function mo2f_restrict_access( $identity ) {
2483
+ apply_filters( 'mo2f_rba_addon', $identity );
2484
+ exit;
2485
+ }
2486
+
2487
+ function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
2488
+ global $Mo2fdbQueries;
2489
+ if ( get_option( 'mo2f_remember_device' ) ) {
2490
+ $this->miniorange_pass2login_start_session();
2491
+
2492
+ $session_id=$this->create_session();
2493
+ MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
2494
+ $this->mo2f_userID=$currentuser->ID;
2495
+
2496
+ mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
2497
+ exit;
2498
+ } else {
2499
+ $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to );
2500
+ }
2501
+ }
2502
+
2503
+ function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
2504
+ if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
2505
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2506
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp;Invalid User Credentials', );
2507
+ wp_send_json_success($data);
2508
+ }
2509
+ else
2510
+ return $user;
2511
+ }
2512
+ if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
2513
+ return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
2514
+ }
2515
+ // if an app password is enabled, this is an XMLRPC / APP login ?
2516
+ if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
2517
+
2518
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
2519
+ if ( is_wp_error( $currentuser ) ) {
2520
+ $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
2521
+
2522
+ return false;
2523
+ } else {
2524
+ return $currentuser;
2525
+ }
2526
+
2527
+ } else {
2528
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
2529
+ if ( is_wp_error( $currentuser ) ) {
2530
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2531
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
2532
+ wp_send_json_success($data);
2533
+ }
2534
+ else{
2535
+ $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
2536
+ return $currentuser;
2537
+ }
2538
+ } else {
2539
+ global $Mo2fdbQueries;
2540
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2541
+
2542
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2543
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2544
+ $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
2545
+ if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
2546
+ {
2547
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
2548
+ }
2549
+ else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
2550
+ {
2551
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
2552
+ }
2553
+ else
2554
+ {
2555
+ if ( empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')))
2556
+ {
2557
+
2558
+
2559
+ if(isset($_POST['mo_woocommerce_login_prompt'])){
2560
+
2561
+ $this->miniorange_initiate_2nd_factor( $currentuser, "", "","");
2562
+ }
2563
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2564
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Please enter the One Time Passcode', );
2565
+ wp_send_json_success($data);
2566
+ }
2567
+ else
2568
+ return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
2569
+ // Prevent PHP notices when using app password login
2570
+
2571
+ }
2572
+ else
2573
+ {
2574
+ $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
2575
+ }
2576
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
2577
+ $session_id = isset( $_POST['session_id'] ) ? $_POST['session_id'] : null;
2578
+
2579
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : null;
2580
+
2581
+ if(is_null($session_id)) {
2582
+ $session_id=$this->create_session();
2583
+ }
2584
+
2585
+
2586
+ $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
2587
+
2588
+
2589
+ if(is_wp_error( $error)){
2590
+ return $error;
2591
+ }
2592
+ return $error;
2593
+ }
2594
+ }
2595
+ }
2596
+
2597
+ }
2598
+
2599
+ function display_email_verification($head,$body,$color)
2600
+ {
2601
+ echo "<div style='background-color: #d5e3d9; height:850px;' >
2602
+ <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
2603
+ <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
2604
+ <img alt='logo' style='margin-left:240px ;
2605
+ margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
2606
+ <div><hr></div>
2607
+
2608
+ <tbody>
2609
+ <tr>
2610
+ <td>
2611
+
2612
+ <p style='margin-top:0;margin-bottom:10px'>
2613
+ <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".$head ."</h1></p>
2614
+ <p style='margin-top:0;margin-bottom:10px'>
2615
+ <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".$body."</h2></p>
2616
+ <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
2617
+
2618
+ </td>
2619
+ </tr>
2620
+
2621
+ </div>
2622
+ </div>
2623
+ </div>";
2624
+ }
2625
+
2626
+ function mo_2_factor_enable_jquery_default_login() {
2627
+ wp_enqueue_script( 'jquery' );
2628
+ }
2629
+
2630
+ function miniorange_pass2login_footer_form() {
2631
+ ?>
2632
+ <script>
2633
+ jQuery(document).ready(function () {
2634
+ if (document.getElementById('loginform') != null) {
2635
+ jQuery('#loginform').on('submit', function (e) {
2636
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2637
+ });
2638
+ } else {
2639
+ if (document.getElementsByClassName('login') != null) {
2640
+ jQuery('.login').on('submit', function (e) {
2641
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2642
+ });
2643
+ }
2644
+ }
2645
+ });
2646
+ </script>
2647
+ <?php
2648
+
2649
+ }
2650
+
2651
+
2652
+ }
2653
+
2654
+ ?>
handler/twofa/two_fa_settings.php CHANGED
@@ -2265,6 +2265,7 @@ class Miniorange_Authentication {
2265
  if($selected_2FA_method == 'OTPOverSMS')
2266
  $selected_2FA_method = 'OTP Over SMS';
2267
  }
 
2268
  if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification'))
2269
  $is_customer_registered = 1;
2270
 
@@ -2969,14 +2970,16 @@ class Miniorange_Authentication {
2969
  $current_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_configured_2FA_method, "server" );
2970
 
2971
  $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $phone, null, null ), true );
2972
-
2973
  if ( json_last_error() == JSON_ERROR_NONE ) {
2974
  if ( $response['status'] == 'ERROR' ) {
2975
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
2976
  $this->mo_auth_show_error_message();
2977
  } else if ( $response['status'] == 'SUCCESS' ) {
2978
- $configured_2fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2979
-
 
 
 
2980
  if ( in_array( $configured_2fa_method, array( "Google Authenticator", "Authy Authenticator" ) ) ) {
2981
  update_user_meta( $user->ID, 'mo2f_external_app_type', $configured_2fa_method );
2982
  }
@@ -2987,8 +2990,9 @@ class Miniorange_Authentication {
2987
  delete_user_meta( $user->ID, 'configure_2FA' );
2988
 
2989
  if($configured_2fa_method == 'OTP Over Email' or $configured_2fa_method=='OTP Over SMS')
2990
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA_otp" ) );
2991
-
 
2992
  else
2993
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA" ) );
2994
 
2265
  if($selected_2FA_method == 'OTPOverSMS')
2266
  $selected_2FA_method = 'OTP Over SMS';
2267
  }
2268
+
2269
  if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification'))
2270
  $is_customer_registered = 1;
2271
 
2970
  $current_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_configured_2FA_method, "server" );
2971
 
2972
  $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $phone, null, null ), true );
 
2973
  if ( json_last_error() == JSON_ERROR_NONE ) {
2974
  if ( $response['status'] == 'ERROR' ) {
2975
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
2976
  $this->mo_auth_show_error_message();
2977
  } else if ( $response['status'] == 'SUCCESS' ) {
2978
+ $configured_2fa_method = '';
2979
+ if($mo2f_configured_2FA_method =='')
2980
+ $configured_2fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2981
+ else
2982
+ $configured_2fa_method = $mo2f_configured_2FA_method;
2983
  if ( in_array( $configured_2fa_method, array( "Google Authenticator", "Authy Authenticator" ) ) ) {
2984
  update_user_meta( $user->ID, 'mo2f_external_app_type', $configured_2fa_method );
2985
  }
2990
  delete_user_meta( $user->ID, 'configure_2FA' );
2991
 
2992
  if($configured_2fa_method == 'OTP Over Email' or $configured_2fa_method=='OTP Over SMS')
2993
+ {
2994
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA_otp" ) );
2995
+ }
2996
  else
2997
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA" ) );
2998
 
handler/twofa/two_fa_short_call.php ADDED
@@ -0,0 +1,43 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ include_once('two_fa_short_gateway.php');
4
+
5
+ class TwoFACustomRegFormAPI
6
+ {
7
+ public function __construct()
8
+ {
9
+
10
+ }
11
+
12
+ public static function challenge($phone_number,$email,$authTypeSend)
13
+ {
14
+
15
+
16
+ if($authTypeSend == 'email')
17
+ {
18
+ $auierpyasdcRy = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
19
+ $cmVtYWluaW5nT1RQ = $auierpyasdcRy? $auierpyasdcRy : 0;
20
+ if($cmVtYWluaW5nT1RQ > 0)
21
+ {
22
+ $response = TwoFAMOGateway:: mo_send_otp_token('EMAIL', '', $email);
23
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
24
+ }
25
+ else
26
+ {
27
+ $response = ['status'=>'ERROR','message'=>'Email Transaction Limit Exceeded'];
28
+ wp_send_json($response);
29
+ }
30
+ }
31
+ else
32
+ {
33
+ $response = TwoFAMOGateway:: mo_send_otp_token('SMS', $phone_number, $email);
34
+ }
35
+ wp_send_json($response);
36
+
37
+ }
38
+
39
+ public static function validate($txId, $otp)
40
+ {
41
+ wp_send_json(TwoFAMOGateway :: mo_validate_otp_token('OTP',$txId, $otp));
42
+ }
43
+ }
handler/twofa/two_fa_short_custom.php ADDED
@@ -0,0 +1,80 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ include_once('two_fa_short_call.php');
4
+
5
+ class TwoFACustomRegFormShortcode
6
+
7
+ {
8
+ public function __construct()
9
+ {
10
+ add_action('woocommerce_created_customer',array($this,'wc_post_registration'), 1, 3);
11
+ }
12
+
13
+ public function mo_enqueue_shortcode()
14
+ {
15
+ add_action("wp_ajax_mo_shortcode",array( $this, 'mo_shortcode' ));
16
+ add_action("wp_ajax_nopriv_mo_shortcode",array($this,'mo_shortcode'));
17
+ add_action("wp_ajax_mo_ajax_register",array( $this, 'mo_ajax_register' ));
18
+ add_action("wp_ajax_nopriv_mo_ajax_register",array($this,'mo_ajax_register'));
19
+ }
20
+
21
+ public function mo_shortcode()
22
+ {
23
+ switch($_POST['mo_action'])
24
+ {
25
+ case "challenge":
26
+ $email = sanitize_text_field($_POST['email']);
27
+ $phone = sanitize_text_field($_POST['phone']);
28
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
29
+
30
+ TwoFACustomRegFormAPI::challenge($phone,$email,$authTypeSend);
31
+ break;
32
+
33
+ case "validate":
34
+ $otp = sanitize_text_field($_POST['otp']);
35
+ $txId = sanitize_text_field($_POST['txId']);
36
+ TwoFACustomRegFormAPI::validate($txId,$otp);
37
+ break;
38
+ }
39
+ }
40
+
41
+ public function mo_ajax_register(){
42
+ switch ($_POST['mo_action']) {
43
+ case 'send_otp_over_email':
44
+ $email = isset($_POST['email'])? $_POST['email']: "";
45
+ $phone = isset($_POST['phone'])? $_POST['phone']: "";
46
+ $email = sanitize_text_field($email);
47
+ $phone = sanitize_text_field($phone);
48
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
49
+ TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
50
+ # code...
51
+ break;
52
+ case 'send_otp_over_sms' :
53
+ $email = isset($_POST['email'])? $_POST['email']: "";
54
+ $phone = isset($_POST['phone'])? $_POST['phone']: "";
55
+ $email = sanitize_text_field($email);
56
+ $phone = sanitize_text_field($phone);
57
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
58
+ TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
59
+ break;
60
+
61
+ default:
62
+ $otp = sanitize_text_field($_POST['otp']);
63
+ $txId = sanitize_text_field($_POST['txId']);
64
+ TwoFACustomRegFormAPI :: validate($txId,$otp);
65
+ # code...
66
+ break;
67
+ }
68
+ }
69
+
70
+ function wc_post_registration( $user_id, $new_customer_data, $password_generated) {
71
+ if ( isset( $_POST['phone'] ))
72
+ update_user_meta($user_id, 'billing_phone', $_POST['phone']);
73
+ }
74
+
75
+
76
+
77
+
78
+ }
79
+
80
+
handler/twofa/two_fa_short_gateway.php ADDED
@@ -0,0 +1,67 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+
5
+ require_once $mo2f_dirName.'helper'.DIRECTORY_SEPARATOR.'mo_twofa_sessions.php';
6
+
7
+ if(! defined( 'ABSPATH' )) exit;
8
+ define('MO2F_DEFAULT_APIKEY',"fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq");
9
+ define('MO2F_FAIL_MODE', false);
10
+ define('MO2F_SESSION_TYPE', "TRANSIENT");
11
+
12
+ class TwoFAMOGateway
13
+ {
14
+ public static function mo_send_otp_token($authType, $phone, $email)
15
+ {
16
+ if(MO2F_TEST_MODE)
17
+ {
18
+ return ['message'=>'OTP Sent Successfully','status'=>'SUCCESS','txId'=> rand(1000,9999)];
19
+ }
20
+ else
21
+ {
22
+ $customerKey = get_site_option('mo2f_customerKey');
23
+ $apiKey = get_site_option('mo2f_api_key');
24
+ TwoFAMoSessions::addSessionVar('mo2f_transactionId',true);
25
+ TwoFAMoSessions::addSessionVar('sent_on',time());
26
+
27
+ if($authType == 'EMAIL')
28
+ {
29
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
30
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
31
+ $content = (new Customer_Cloud_Setup)->send_otp_token($email,$authType,$customerKey,$apiKey);
32
+ }
33
+
34
+ else
35
+ {
36
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
37
+ $content = (new Customer_Cloud_Setup)->send_otp_token($phone,$authType,$customerKey,$apiKey);
38
+ }
39
+ return json_decode($content,TRUE);
40
+ }
41
+ }
42
+
43
+ public static function mo_validate_otp_token($authType,$txId, $otp_token)
44
+ {
45
+ if(MO2F_TEST_MODE)
46
+ {
47
+ TwoFAMoSessions::unsetSession('mo2f_transactionId');
48
+ return MO2F_FAIL_MODE ? ['status'=>"FAILED","message"=>"OTP is Invalid"]:['status'=>"SUCCESS","message"=>"Successfully Validated"];
49
+ }
50
+ else
51
+ {
52
+ $content = "";
53
+ if(TwoFAMoSessions :: getSessionVar('mo2f_transactionId'))
54
+ {
55
+ $customerKey = get_site_option('mo2f_customerKey');
56
+ $apiKey = get_site_option('mo2f_api_key');
57
+ $content = (new Customer_Cloud_Setup)->validate_otp_token($authType,null,$txId,$otp_token,$customerKey,$apiKey);
58
+ $content = json_decode($content, TRUE);
59
+ if($content["status"] == "SUCCESS")
60
+ {
61
+ TwoFAMoSessions :: unsetSession('mo2f_transactionId');
62
+ }
63
+ }
64
+ return $content;
65
+ }
66
+ }
67
+ }
handler/twofa/two_fa_utility.php CHANGED
@@ -549,6 +549,18 @@ class MO2f_Utility {
549
  return FALSE;
550
  }
551
 
 
 
 
 
 
 
 
 
 
 
 
 
552
  }
553
 
554
  ?>
549
  return FALSE;
550
  }
551
 
552
+ public static function get_index_value($var,$index){
553
+ switch ($var) {
554
+ case 'GLOBALS':
555
+ return isset($GLOBALS[$index])?$GLOBALS[$index]:false;
556
+ break;
557
+
558
+ default:
559
+ return false;
560
+ break;
561
+ }
562
+ }
563
+
564
  }
565
 
566
  ?>
helper/curl.php CHANGED
@@ -255,9 +255,9 @@ class MocURL
255
 
256
  private static function callAPI($url, $json_string, $headers = array("Content-Type: application/json")) {
257
  //For testing (0, false)
258
- //For Production (1, true)
259
 
260
- $sslhost=0;
261
  $sslpeer=false;
262
 
263
  $ch = curl_init($url);
255
 
256
  private static function callAPI($url, $json_string, $headers = array("Content-Type: application/json")) {
257
  //For testing (0, false)
258
+ //For Production (2, true)
259
 
260
+ $sslhost=2;
261
  $sslpeer=false;
262
 
263
  $ch = curl_init($url);
helper/mo_twofa_sessions.php ADDED
@@ -0,0 +1,53 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if(! defined( 'ABSPATH' )) exit;
4
+
5
+ class TwoFAMoSessions
6
+ {
7
+ static function addSessionVar($key, $val)
8
+ {
9
+ switch (MO2F_SESSION_TYPE) {
10
+ case 'TRANSIENT':
11
+ if (!isset($_COOKIE["transient_key"])) {
12
+ if (!wp_cache_get("transient_key")) {
13
+ $transient_key = MoWpnsUtility::rand();
14
+ if (ob_get_contents()) ob_clean();
15
+ setcookie('transient_key', $transient_key, time() + 12 * HOUR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
16
+ wp_cache_add('transient_key', $transient_key);
17
+ } else {
18
+ $transient_key = wp_cache_get("transient_key");
19
+ }
20
+ } else {
21
+ $transient_key = $_COOKIE["transient_key"];
22
+ }
23
+ set_site_transient($transient_key . $key, $val, 12 * HOUR_IN_SECONDS);
24
+ break;
25
+ }
26
+ }
27
+
28
+ static function getSessionVar($key)
29
+ {
30
+ switch(MO2F_SESSION_TYPE)
31
+ {
32
+ case 'TRANSIENT':
33
+ $transient_key = isset($_COOKIE["transient_key"])
34
+ ? $_COOKIE["transient_key"] : wp_cache_get("transient_key");
35
+ return get_site_transient( $transient_key.$key );
36
+ }
37
+ }
38
+
39
+ static function unsetSession($key)
40
+ {
41
+ switch(MO2F_SESSION_TYPE)
42
+ {
43
+ case 'TRANSIENT':
44
+ $transient_key = isset($_COOKIE["transient_key"])
45
+ ? $_COOKIE["transient_key"] : wp_cache_get("transient_key");
46
+ if(!MoWpnsUtility::check_empty_or_null($transient_key)) {
47
+ delete_site_transient($transient_key . $key);
48
+ }
49
+ break;
50
+ }
51
+ }
52
+
53
+ }
helper/pluginUtility.php CHANGED
@@ -70,6 +70,11 @@ class MoWpnsHandler
70
 
71
  return $ip_count;
72
  }
 
 
 
 
 
73
  function get_blocked_ips()
74
  {
75
  global $wpnsDbQueries;
70
 
71
  return $ip_count;
72
  }
73
+ function get_blocked_attacks()
74
+ {
75
+ global $wpnsDbQueries;
76
+ return $wpnsDbQueries->get_blocked_attack_list('wpns_attack_logs');
77
+ }
78
  function get_blocked_ips()
79
  {
80
  global $wpnsDbQueries;
helper/plugins.php CHANGED
@@ -1,103 +1,103 @@
1
- <?php
2
-
3
- class FeaturePluginInterface
4
- {
5
- function __construct()
6
- {
7
- if ( ! function_exists( 'get_plugins' ) )
8
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
9
- }
10
- }
11
-
12
-
13
- class TwoFAPlugin extends FeaturePluginInterface
14
- {
15
-
16
- function getstatus()
17
- {
18
- $all_plugins = get_plugins();
19
- $status = 'NOT_INSTALLED';
20
- if(isset($all_plugins[MoWpnsConstants::TWO_FACTOR_SETTINGS]))
21
- $status = is_plugin_active(MoWpnsConstants::TWO_FACTOR_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
22
- return $status;
23
- }
24
-
25
-
26
- function updatePluginConfiguration()
27
- {
28
- if(!get_option('mo_wpns_enable_2fa'))
29
- return;
30
-
31
- if(!get_option( 'mo2f_customerKey') || !get_option( 'mo2f_api_