Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.20

Version Description

  • Google Authenticator-Two Factor Authentication (2FA, SMS) :
  • Google Authenticator Qr code fix.
  • My theme login Login fix.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.20
Comparing to
See all releases

Code changes from version 5.4.19 to 5.4.20

Files changed (7) hide show
  1. api/class-customer-common-setup.php +400 -400
  2. api/class-rba-attributes.php +1 -3
  3. controllers/login-spam.php +9 -9
  4. controllers/twofa/mo2fa_inline_registration.php +7 -0
  5. handler/twofa/two_fa_pass2login.php +3 -0
  6. miniorange_2_factor_settings.php +2 -2
  7. readme.txt +11 -1
api/class-customer-common-setup.php CHANGED
@@ -1,400 +1,400 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Cloud_Setup {
29
-
30
- public $email;
31
- public $phone;
32
- public $customerKey;
33
- public $transactionId;
34
-
35
- private $auth_mode = 2; // miniorange test or not
36
- private $https_mode = false; // website http or https
37
-
38
-
39
- function check_customer() {
40
- $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
- $email = get_option( "mo2f_email" );
42
- $mo2fApi= new Mo2f_Api();
43
- $fields = array (
44
- 'email' => $email
45
- );
46
- $field_string = json_encode ( $fields );
47
-
48
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
-
50
- $response = $mo2fApi->make_curl_call( $url, $field_string );
51
- return $response;
52
-
53
- }
54
-
55
- function guest_audit() {
56
- $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
- $email = get_option( "mo2f_email" );
58
-
59
- $user = wp_get_current_user();
60
-
61
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
- if (empty($email))
63
- $email = $user->user_email;
64
- }
65
-
66
- $mo2fApi= new Mo2f_Api();
67
- $MoWpnsUtility = new MoWpnsUtility();
68
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
- $applicationName='Wordpress Two Factor;'.$MoWpnsUtility->checkPlugins();
70
- $fields = array (
71
- 'emailAddress' => $email,
72
- 'companyName'=>$company,
73
- 'cmsName'=>"WP",
74
- 'applicationType'=>'Two Factor',
75
- 'applicationName'=>$applicationName,
76
- 'pluginVersion'=>MO2F_VERSION,
77
- 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
- );
79
-
80
-
81
-
82
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
-
84
- $field_string = json_encode ( $fields );
85
-
86
- $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
- return $response;
88
-
89
- }
90
-
91
- function send_email_alert( $email, $phone, $message ) {
92
-
93
- $url = MO_HOST_NAME . '/moas/api/notify/send';
94
-
95
- $mo2fApi= new Mo2f_Api();
96
- $customerKey = "16555";
97
- $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
-
99
- $currentTimeInMillis = $mo2fApi->get_timestamp();
100
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
- $hashValue = hash( "sha512", $stringToHash );
102
- $fromEmail = $email;
103
- $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
-
105
- global $user;
106
- $user = wp_get_current_user();
107
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
-
110
-
111
- $customer_feature = "";
112
-
113
- if ( $is_ec_with_1_user ) {
114
- $customer_feature = "V1";
115
- }else if ( $is_nc_with_1_user ) {
116
- $customer_feature = "V3";
117
- }
118
-
119
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
-
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
-
123
- $fields = array(
124
- 'customerKey' => $customerKey,
125
- 'sendEmail' => true,
126
- 'email' => array(
127
- 'customerKey' => $customerKey,
128
- 'fromEmail' => $fromEmail,
129
- 'fromName' => 'Xecurify',
130
- 'toEmail' => '2fasupport@xecurify.com',
131
- 'toName' => '2fasupport@xecurify.com',
132
- 'subject' => $subject,
133
- 'content' => $content
134
- ),
135
- );
136
- $field_string = json_encode( $fields );
137
-
138
- $headers = $mo2fApi->get_http_header_array();
139
-
140
- $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
- return $response;
142
-
143
-
144
- }
145
-
146
- function create_customer() {
147
- global $Mo2fdbQueries;
148
- if ( ! MO2f_Utility::is_curl_installed() ) {
149
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
-
151
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
- }
153
-
154
- $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
- $mo2fApi= new Mo2f_Api();
156
- global $user;
157
- $user = wp_get_current_user();
158
- $this->email = get_option( 'mo2f_email' );
159
- $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
- $password = get_option( 'mo2f_password' );
161
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
-
163
- $fields = array(
164
- 'companyName' => $company,
165
- 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
- 'productInterest' => 'API_2FA',
167
- 'email' => $this->email,
168
- 'phone' => $this->phone,
169
- 'password' => $password
170
- );
171
- $field_string = json_encode( $fields );
172
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
-
174
- $content = $mo2fApi->make_curl_call( $url, $field_string );
175
-
176
- return $content;
177
- }
178
-
179
-
180
- function get_customer_key() {
181
- if ( ! MO2f_Utility::is_curl_installed() ) {
182
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
-
184
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
- }
186
-
187
- $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
-
189
- $email = get_option( "mo2f_email" );
190
- $password = get_option( "mo2f_password" );
191
- $mo2fApi= new Mo2f_Api();
192
- $fields = array(
193
- 'email' => $email,
194
- 'password' => $password
195
- );
196
- $field_string = json_encode( $fields );
197
-
198
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
-
200
- $content = $mo2fApi->make_curl_call( $url, $field_string );
201
-
202
- return $content;
203
- }
204
-
205
-
206
- function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
207
-
208
- if ( ! MO2f_Utility::is_curl_installed()) {
209
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
-
211
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
- }
213
-
214
- $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
- $mo2fApi = new Mo2f_Api();
216
- /* The customer Key provided to you */
217
- $customerKey = $cKey;
218
-
219
- /* The customer API Key provided to you */
220
- $apiKey = $apiKey;
221
-
222
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
- $currentTimeInMillis = $mo2fApi->get_timestamp();
224
-
225
- /* Creating the Hash using SHA-512 algorithm */
226
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
- $hashValue = hash( "sha512", $stringToHash );
228
-
229
- $headers = $mo2fApi->get_http_header_array();
230
-
231
- $fields = '';
232
- if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
- $fields = array(
234
- 'customerKey' => $customerKey,
235
- 'email' => $uKey,
236
- 'authType' => $authType,
237
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
- );
239
- } else if ( $authType == 'SMS' ) {
240
- $authType = "SMS";
241
- $fields = array(
242
- 'customerKey' => $customerKey,
243
- 'phone' => $uKey,
244
- 'authType' => $authType
245
- );
246
- } else {
247
- $fields = array(
248
- 'customerKey' => $customerKey,
249
- 'username' => $uKey,
250
- 'authType' => $authType,
251
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
- );
253
- }
254
-
255
- $field_string = json_encode( $fields );
256
-
257
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
-
259
- return $content;
260
- }
261
-
262
-
263
- function get_customer_transactions( $cKey, $apiKey ) {
264
-
265
- $url = MO_HOST_NAME . '/moas/rest/customer/license';
266
-
267
- $customerKey = $cKey;
268
- $apiKey = $apiKey;
269
- $mo2fApi= new Mo2f_Api();
270
- $currentTimeInMillis = $mo2fApi->get_timestamp();
271
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
272
- $hashValue = hash( "sha512", $stringToHash );
273
-
274
- $fields = '';
275
- $fields = array(
276
- 'customerId' => $customerKey,
277
- 'applicationName' => 'wp_2fa',
278
- 'licenseType' => 'DEMO'
279
- );
280
-
281
- $field_string = json_encode( $fields );
282
-
283
- $headers = $mo2fApi->get_http_header_array();
284
-
285
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
286
-
287
-
288
- return $content;
289
- }
290
-
291
-
292
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
293
- $content='';
294
- if ( ! MO2f_Utility::is_curl_installed() ) {
295
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
296
-
297
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
298
- }
299
-
300
- $url = MO_HOST_NAME . '/moas/api/auth/validate';
301
- $mo2fApi= new Mo2f_Api();
302
- /* The customer Key provided to you */
303
- $customerKey = $cKey;
304
-
305
- /* The customer API Key provided to you */
306
- $apiKey = $customerApiKey;
307
-
308
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
309
- $currentTimeInMillis = $mo2fApi->get_timestamp();
310
-
311
- /* Creating the Hash using SHA-512 algorithm */
312
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
313
- $hashValue = hash( "sha512", $stringToHash );
314
-
315
- $headers = $mo2fApi->get_http_header_array();
316
- $fields = '';
317
- if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
318
- /*check for soft token*/
319
- $fields = array(
320
- 'customerKey' => $customerKey,
321
- 'username' => $username,
322
- 'token' => $otpToken,
323
- 'authType' => $authType
324
- );
325
- } else if ( $authType == 'KBA' ) {
326
- $fields = array(
327
- 'txId' => $transactionId,
328
- 'answers' => array(
329
- array(
330
- 'question' => $otpToken[0],
331
- 'answer' => $otpToken[1]
332
- ),
333
- array(
334
- 'question' => $otpToken[2],
335
- 'answer' => $otpToken[3]
336
- )
337
- )
338
- );
339
-
340
- } else {
341
- //*check for otp over sms/email
342
- $fields = array(
343
- 'txId' => $transactionId,
344
- 'token' => $otpToken
345
- );
346
- }
347
- $field_string = json_encode( $fields );
348
-
349
-
350
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
351
-
352
- return $content;
353
- }
354
-
355
- function submit_contact_us( $q_email, $q_phone, $query ) {
356
- if ( ! MO2f_Utility::is_curl_installed() ) {
357
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
358
-
359
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
360
- }
361
-
362
- $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
363
- global $user;
364
- $user = wp_get_current_user();
365
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
366
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
367
-
368
- $mo2fApi= new Mo2f_Api();
369
- $customer_feature = "";
370
-
371
- if ( $is_ec_with_1_user ) {
372
- $customer_feature = "V1";
373
- } else if ( $is_nc_with_1_user ) {
374
- $customer_feature = "V3";
375
- }
376
- global $moWpnsUtility;
377
-
378
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
379
- $fields = array(
380
- 'firstName' => $user->user_firstname,
381
- 'lastName' => $user->user_lastname,
382
- 'company' => $_SERVER['SERVER_NAME'],
383
- 'email' => $q_email,
384
- 'ccEmail' => '2fasupport@xecurify.com',
385
- 'phone' => $q_phone,
386
- 'query' => $query
387
- );
388
- $field_string = json_encode( $fields );
389
-
390
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
391
-
392
- $content = $mo2fApi->make_curl_call( $url, $field_string );
393
-
394
- return true;
395
- }
396
-
397
- }
398
-
399
-
400
- ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Cloud_Setup {
29
+
30
+ public $email;
31
+ public $phone;
32
+ public $customerKey;
33
+ public $transactionId;
34
+
35
+ private $auth_mode = 2; // miniorange test or not
36
+ private $https_mode = false; // website http or https
37
+
38
+
39
+ function check_customer() {
40
+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
+ $email = get_option( "mo2f_email" );
42
+ $mo2fApi= new Mo2f_Api();
43
+ $fields = array (
44
+ 'email' => $email
45
+ );
46
+ $field_string = json_encode ( $fields );
47
+
48
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
+
50
+ $response = $mo2fApi->make_curl_call( $url, $field_string );
51
+ return $response;
52
+
53
+ }
54
+
55
+ function guest_audit() {
56
+ $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
+ $email = get_option( "mo2f_email" );
58
+
59
+ $user = wp_get_current_user();
60
+
61
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
+ if (empty($email))
63
+ $email = $user->user_email;
64
+ }
65
+
66
+ $mo2fApi= new Mo2f_Api();
67
+ $MoWpnsUtility = new MoWpnsUtility();
68
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
+ $applicationName='Wordpress Two Factor;'.$MoWpnsUtility->checkPlugins();
70
+ $fields = array (
71
+ 'emailAddress' => $email,
72
+ 'companyName'=>$company,
73
+ 'cmsName'=>"WP",
74
+ 'applicationType'=>'Two Factor',
75
+ 'applicationName'=>$applicationName,
76
+ 'pluginVersion'=>MO2F_VERSION,
77
+ 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
+ );
79
+
80
+
81
+
82
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
+
84
+ $field_string = json_encode ( $fields );
85
+
86
+ $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
+ return $response;
88
+
89
+ }
90
+
91
+ function send_email_alert( $email, $phone, $message ) {
92
+
93
+ $url = MO_HOST_NAME . '/moas/api/notify/send';
94
+
95
+ $mo2fApi= new Mo2f_Api();
96
+ $customerKey = "16555";
97
+ $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
+
99
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
100
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
+ $hashValue = hash( "sha512", $stringToHash );
102
+ $fromEmail = $email;
103
+ $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
+
105
+ global $user;
106
+ $user = wp_get_current_user();
107
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
+
110
+
111
+ $customer_feature = "";
112
+
113
+ if ( $is_ec_with_1_user ) {
114
+ $customer_feature = "V1";
115
+ }else if ( $is_nc_with_1_user ) {
116
+ $customer_feature = "V3";
117
+ }
118
+
119
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
+
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
+
123
+ $fields = array(
124
+ 'customerKey' => $customerKey,
125
+ 'sendEmail' => true,
126
+ 'email' => array(
127
+ 'customerKey' => $customerKey,
128
+ 'fromEmail' => $fromEmail,
129
+ 'fromName' => 'Xecurify',
130
+ 'toEmail' => '2fasupport@xecurify.com',
131
+ 'toName' => '2fasupport@xecurify.com',
132
+ 'subject' => $subject,
133
+ 'content' => $content
134
+ ),
135
+ );
136
+ $field_string = json_encode( $fields );
137
+
138
+ $headers = $mo2fApi->get_http_header_array();
139
+
140
+ $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
+ return $response;
142
+
143
+
144
+ }
145
+
146
+ function create_customer() {
147
+ global $Mo2fdbQueries;
148
+ if ( ! MO2f_Utility::is_curl_installed() ) {
149
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
+
151
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
+ }
153
+
154
+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
+ $mo2fApi= new Mo2f_Api();
156
+ global $user;
157
+ $user = wp_get_current_user();
158
+ $this->email = get_option( 'mo2f_email' );
159
+ $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
+ $password = get_option( 'mo2f_password' );
161
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
+
163
+ $fields = array(
164
+ 'companyName' => $company,
165
+ 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
+ 'productInterest' => 'API_2FA',
167
+ 'email' => $this->email,
168
+ 'phone' => $this->phone,
169
+ 'password' => $password
170
+ );
171
+ $field_string = json_encode( $fields );
172
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
+
174
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
175
+
176
+ return $content;
177
+ }
178
+
179
+
180
+ function get_customer_key() {
181
+ if ( ! MO2f_Utility::is_curl_installed() ) {
182
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
+
184
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
+ }
186
+
187
+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
+
189
+ $email = get_option( "mo2f_email" );
190
+ $password = get_option( "mo2f_password" );
191
+ $mo2fApi= new Mo2f_Api();
192
+ $fields = array(
193
+ 'email' => $email,
194
+ 'password' => $password
195
+ );
196
+ $field_string = json_encode( $fields );
197
+
198
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
+
200
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
201
+
202
+ return $content;
203
+ }
204
+
205
+
206
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
207
+
208
+ if ( ! MO2f_Utility::is_curl_installed()) {
209
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
+
211
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
+ }
213
+
214
+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
+ $mo2fApi = new Mo2f_Api();
216
+ /* The customer Key provided to you */
217
+ $customerKey = $cKey;
218
+
219
+ /* The customer API Key provided to you */
220
+ $apiKey = $apiKey;
221
+
222
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
224
+
225
+ /* Creating the Hash using SHA-512 algorithm */
226
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
+ $hashValue = hash( "sha512", $stringToHash );
228
+
229
+ $headers = $mo2fApi->get_http_header_array();
230
+
231
+ $fields = '';
232
+ if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
+ $fields = array(
234
+ 'customerKey' => $customerKey,
235
+ 'email' => $uKey,
236
+ 'authType' => $authType,
237
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
+ );
239
+ } else if ( $authType == 'SMS' ) {
240
+ $authType = "SMS";
241
+ $fields = array(
242
+ 'customerKey' => $customerKey,
243
+ 'phone' => $uKey,
244
+ 'authType' => $authType
245
+ );
246
+ } else {
247
+ $fields = array(
248
+ 'customerKey' => $customerKey,
249
+ 'username' => $uKey,
250
+ 'authType' => $authType,
251
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
+ );
253
+ }
254
+
255
+ $field_string = json_encode( $fields );
256
+
257
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
+
259
+ return $content;
260
+ }
261
+
262
+
263
+ function get_customer_transactions( $cKey, $apiKey ) {
264
+
265
+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
266
+
267
+ $customerKey = $cKey;
268
+ $apiKey = $apiKey;
269
+ $mo2fApi= new Mo2f_Api();
270
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
271
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
272
+ $hashValue = hash( "sha512", $stringToHash );
273
+
274
+ $fields = '';
275
+ $fields = array(
276
+ 'customerId' => $customerKey,
277
+ 'applicationName' => 'wp_2fa',
278
+ 'licenseType' => 'DEMO'
279
+ );
280
+
281
+ $field_string = json_encode( $fields );
282
+
283
+ $headers = $mo2fApi->get_http_header_array();
284
+
285
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
286
+
287
+
288
+ return $content;
289
+ }
290
+
291
+
292
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
293
+ $content='';
294
+ if ( ! MO2f_Utility::is_curl_installed() ) {
295
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
296
+
297
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
298
+ }
299
+
300
+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
301
+ $mo2fApi= new Mo2f_Api();
302
+ /* The customer Key provided to you */
303
+ $customerKey = $cKey;
304
+
305
+ /* The customer API Key provided to you */
306
+ $apiKey = $customerApiKey;
307
+
308
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
309
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
310
+
311
+ /* Creating the Hash using SHA-512 algorithm */
312
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
313
+ $hashValue = hash( "sha512", $stringToHash );
314
+
315
+ $headers = $mo2fApi->get_http_header_array();
316
+ $fields = '';
317
+ if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
318
+ /*check for soft token*/
319
+ $fields = array(
320
+ 'customerKey' => $customerKey,
321
+ 'username' => $username,
322
+ 'token' => $otpToken,
323
+ 'authType' => $authType
324
+ );
325
+ } else if ( $authType == 'KBA' ) {
326
+ $fields = array(
327
+ 'txId' => $transactionId,
328
+ 'answers' => array(
329
+ array(
330
+ 'question' => $otpToken[0],
331
+ 'answer' => $otpToken[1]
332
+ ),
333
+ array(
334
+ 'question' => $otpToken[2],
335
+ 'answer' => $otpToken[3]
336
+ )
337
+ )
338
+ );
339
+
340
+ } else {
341
+ //*check for otp over sms/email
342
+ $fields = array(
343
+ 'txId' => $transactionId,
344
+ 'token' => $otpToken
345
+ );
346
+ }
347
+ $field_string = json_encode( $fields );
348
+
349
+
350
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
351
+
352
+ return $content;
353
+ }
354
+
355
+ function submit_contact_us( $q_email, $q_phone, $query ) {
356
+ if ( ! MO2f_Utility::is_curl_installed() ) {
357
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
358
+
359
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
360
+ }
361
+
362
+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
363
+ global $user;
364
+ $user = wp_get_current_user();
365
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
366
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
367
+
368
+ $mo2fApi= new Mo2f_Api();
369
+ $customer_feature = "";
370
+
371
+ if ( $is_ec_with_1_user ) {
372
+ $customer_feature = "V1";
373
+ } else if ( $is_nc_with_1_user ) {
374
+ $customer_feature = "V3";
375
+ }
376
+ global $moWpnsUtility;
377
+
378
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
379
+ $fields = array(
380
+ 'firstName' => $user->user_firstname,
381
+ 'lastName' => $user->user_lastname,
382
+ 'company' => $_SERVER['SERVER_NAME'],
383
+ 'email' => $q_email,
384
+ 'ccEmail' => '2fasupport@xecurify.com',
385
+ 'phone' => $q_phone,
386
+ 'query' => $query
387
+ );
388
+ $field_string = json_encode( $fields );
389
+
390
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
391
+
392
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
393
+
394
+ return true;
395
+ }
396
+
397
+ }
398
+
399
+
400
+ ?>
api/class-rba-attributes.php CHANGED
@@ -153,8 +153,6 @@ class Miniorange_Rba_Attributes {
153
  if ( ! MO2f_Utility::is_curl_installed() ) {
154
  return $this->get_curl_error_message();
155
  }
156
-
157
-
158
  $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
159
  $mo2fApi= new Mo2f_Api();
160
 
@@ -176,4 +174,4 @@ class Miniorange_Rba_Attributes {
176
 
177
  }
178
 
179
- ?>
153
  if ( ! MO2f_Utility::is_curl_installed() ) {
154
  return $this->get_curl_error_message();
155
  }
 
 
156
  $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
157
  $mo2fApi= new Mo2f_Api();
158
 
174
 
175
  }
176
 
177
+ ?>
controllers/login-spam.php CHANGED
@@ -1,10 +1,10 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
- if( isset( $_GET[ 'tab' ] ) ) {
4
- $active_tab = $_GET[ 'tab' ];
5
- } else {
6
- $active_tab = 'default';
7
- }
8
- update_site_option('mo2f_visit_login_and_spam',true);
9
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login_spam.php';
10
  ?>
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+ if( isset( $_GET[ 'tab' ] ) ) {
4
+ $active_tab = $_GET[ 'tab' ];
5
+ } else {
6
+ $active_tab = 'default';
7
+ }
8
+ update_site_option('mo2f_visit_login_and_spam',true);
9
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login_spam.php';
10
  ?>
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -673,6 +673,13 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
673
  jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
674
  jQuery("#mo2f_scanbarcode_a").toggle();
675
  });
 
 
 
 
 
 
 
676
  </script>
677
  </body>
678
  <?php
673
  jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
674
  jQuery("#mo2f_scanbarcode_a").toggle();
675
  });
676
+ jQuery(document).ready(function() {
677
+ jQuery('.mo2f_gauth').qrcode({
678
+ 'render': 'image',
679
+ size: 175,
680
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
681
+ });
682
+ });
683
  </script>
684
  </body>
685
  <?php
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1948,9 +1948,12 @@ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
1948
  if(is_null($session_id_encrypt)) {
1949
  $session_id_encrypt=$this->create_session();
1950
  }
 
 
1951
  wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
1952
  wp_localize_script( 'tmlajax_script', 'my_ajax_object',
1953
  array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
 
1954
  ?>
1955
  <p><input type="hidden" name="miniorange_login_nonce"
1956
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
1948
  if(is_null($session_id_encrypt)) {
1949
  $session_id_encrypt=$this->create_session();
1950
  }
1951
+ if(class_exists('Theme_My_Login'))
1952
+ {
1953
  wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
1954
  wp_localize_script( 'tmlajax_script', 'my_ajax_object',
1955
  array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
1956
+ }
1957
  ?>
1958
  <p><input type="hidden" name="miniorange_login_nonce"
1959
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
miniorange_2_factor_settings.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
- * Version: 5.4.19
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
@@ -11,7 +11,7 @@
11
  */
12
  include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'database'.DIRECTORY_SEPARATOR.'mo2f_db_options.php';
13
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
14
- define( 'MO2F_VERSION', '5.4.19' );
15
  define( 'MO2F_TEST_MODE', false );
16
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
17
  class Miniorange_twoFactor{
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
+ * Version: 5.4.20
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
11
  */
12
  include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'database'.DIRECTORY_SEPARATOR.'mo2f_db_options.php';
13
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
14
+ define( 'MO2F_VERSION', '5.4.20' );
15
  define( 'MO2F_TEST_MODE', false );
16
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
17
  class Miniorange_twoFactor{
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://miniorange.com/
6
  Requires at least: 3.0.1
7
  Tested up to: 5.5
8
  Requires PHP: 5.3.0
9
- Stable tag: 5.4.18
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -331,6 +331,11 @@ miniOrange authentication service has 15+ authentication methods.One time passco
331
 
332
  == Changelog ==
333
 
 
 
 
 
 
334
  = 5.4.19 =
335
  * Google Authenticator-Two Factor Authentication (2FA, OTP) : Google Authenticator cloud fix.
336
 
@@ -866,6 +871,11 @@ More descriptive setup messages and UI changes.
866
 
867
  == Upgrade Notice ==
868
 
 
 
 
 
 
869
  = 5.4.19 =
870
  * Google Authenticator-Two Factor Authentication (2FA, OTP) : Google Authenticator cloud fix.
871
 
6
  Requires at least: 3.0.1
7
  Tested up to: 5.5
8
  Requires PHP: 5.3.0
9
+ Stable tag: 5.4.20
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
331
 
332
  == Changelog ==
333
 
334
+ = 5.4.20 =
335
+ * Google Authenticator-Two Factor Authentication (2FA, SMS) :
336
+ * Google Authenticator Qr code fix.
337
+ * My theme login Login fix.
338
+
339
  = 5.4.19 =
340
  * Google Authenticator-Two Factor Authentication (2FA, OTP) : Google Authenticator cloud fix.
341
 
871
 
872
  == Upgrade Notice ==
873
 
874
+ = 5.4.20 =
875
+ * Google Authenticator-Two Factor Authentication (2FA, SMS) :
876
+ * Google Authenticator Qr code fix.
877
+ * My theme login Login fix.
878
+
879
  = 5.4.19 =
880
  * Google Authenticator-Two Factor Authentication (2FA, OTP) : Google Authenticator cloud fix.
881