Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.22

Version Description

  • Google Authenticator-Two Factor Authentication (2FA, OTP) :
  • Backup Codes
  • Sanitization and JS improvements
  • SMS and Email Sync
  • Whatsapp based Two factor in Premium plugin
  • Telegram based Two factor in Premium plugin
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.22
Comparing to
See all releases

Code changes from version 5.4.21 to 5.4.22

Files changed (41) hide show
  1. api/class-customer-common-setup.php +3 -3
  2. api/class-customer-onprem-setup.php +72 -72
  3. controllers/account.php +24 -2
  4. controllers/content-protection.php +93 -93
  5. controllers/ip-blocking.php +256 -256
  6. controllers/main_controller.php +111 -111
  7. controllers/malware_scanner/malware_scan_ajax.php +52 -35
  8. controllers/malware_scanner/scan_malware_settings.php +1 -1
  9. controllers/navbar.php +9 -0
  10. controllers/support.php +50 -50
  11. controllers/twofa/mo2fa_common_login.php +322 -11
  12. controllers/twofa/mo2fa_inline_registration.php +1264 -1233
  13. controllers/twofa/two_fa_unlimittedUser.php +3 -3
  14. controllers/twofa/two_fa_unlimittedUser_ajax.php +46 -46
  15. controllers/upgrade.php +1 -2
  16. controllers/wpns-loginsecurity-ajax.php +37 -1
  17. database/database_functions.php +55 -8
  18. handler/WAF/database/mo-waf-db-common.php +24 -24
  19. handler/WAF/database/mo-waf-plugin-db.php +90 -90
  20. handler/ajax.php +41 -42
  21. handler/backup.php +2 -2
  22. handler/malware_scanner.php +668 -668
  23. handler/malware_scanner/malware_scanner_cron.php +1191 -1049
  24. handler/malware_scanner/scanner_set_cron.php +305 -260
  25. handler/mo-error.html +10 -10
  26. handler/mo-waf.php +586 -586
  27. handler/signature/APLFI.php +4 -4
  28. handler/spam.php +41 -41
  29. handler/twofa/setup_twofa.php +17 -5
  30. handler/twofa/two_fa_constants.php +3 -2
  31. handler/twofa/two_fa_pass2login.php +2849 -2656
  32. handler/twofa/two_fa_settings.php +29 -11
  33. handler/twofa/two_fa_short_call.php +43 -43
  34. handler/twofa/two_fa_short_gateway.php +4 -1
  35. handler/twofa/two_fa_utility.php +124 -0
  36. helper/constants.php +1 -1
  37. helper/messages.php +21 -4
  38. helper/plugins.php +102 -102
  39. includes/css/jquery.dataTables.min.css +1 -1
  40. includes/css/phone.css +25 -1
  41. includes/css/twofa_style_settings.css +518 -974
api/class-customer-common-setup.php CHANGED
@@ -259,7 +259,7 @@ class Customer_Cloud_Setup {
259
  }
260
 
261
 
262
- function get_customer_transactions( $cKey, $apiKey ) {
263
 
264
  $url = MO_HOST_NAME . '/moas/rest/customer/license';
265
 
@@ -273,8 +273,8 @@ class Customer_Cloud_Setup {
273
  $fields = '';
274
  $fields = array(
275
  'customerId' => $customerKey,
276
- 'applicationName' => 'wp_2fa',
277
- 'licenseType' => 'DEMO'
278
  );
279
 
280
  $field_string = json_encode( $fields );
259
  }
260
 
261
 
262
+ function get_customer_transactions( $cKey, $apiKey ,$license_type) {
263
 
264
  $url = MO_HOST_NAME . '/moas/rest/customer/license';
265
 
273
  $fields = '';
274
  $fields = array(
275
  'customerId' => $customerKey,
276
+ 'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
277
+ 'licenseType' => $license_type
278
  );
279
 
280
  $field_string = json_encode( $fields );
api/class-customer-onprem-setup.php CHANGED
@@ -1,73 +1,73 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
-
31
-
32
- function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
33
-
34
- $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
- if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
- if(is_null($currentuser) or !isset($currentuser))
39
- $currentuser = wp_get_current_user();
40
- $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
-
42
- }else {
43
-
44
- $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
45
-
46
- }
47
-
48
- return $content;
49
- }
50
-
51
-
52
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
- $content='';
54
- if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
- if(!isset($current_user) or is_null($current_user) )
58
- $current_user = wp_get_current_user();
59
- $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
- //change parameters as per your requirement but make sure other methods are not affected.
61
-
62
- }else{
63
-
64
- $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
-
66
- }
67
- return $content;
68
- }
69
-
70
-
71
- }
72
-
73
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+
31
+
32
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
33
+
34
+ $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
+ if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
+ if(is_null($currentuser) or !isset($currentuser))
39
+ $currentuser = wp_get_current_user();
40
+ $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
+
42
+ }else {
43
+
44
+ $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
45
+
46
+ }
47
+
48
+ return $content;
49
+ }
50
+
51
+
52
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
+ $content='';
54
+ if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
+ if(!isset($current_user) or is_null($current_user) )
58
+ $current_user = wp_get_current_user();
59
+ $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
+ //change parameters as per your requirement but make sure other methods are not affected.
61
+
62
+ }else{
63
+
64
+ $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
+
66
+ }
67
+ return $content;
68
+ }
69
+
70
+
71
+ }
72
+
73
  ?>
controllers/account.php CHANGED
@@ -181,11 +181,33 @@
181
  do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
182
  update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
183
  $customerT = new Customer_Cloud_Setup();
184
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
 
 
 
 
 
 
 
 
 
185
  if(isset($content['smsRemaining']))
186
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
187
- else
188
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
 
 
 
 
 
 
 
 
 
 
 
 
 
189
 
190
  }
191
  else
181
  do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
182
  update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
183
  $customerT = new Customer_Cloud_Setup();
184
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
185
+ if($content['status'] == 'SUCCESS')
186
+ {
187
+ update_site_option('mo2f_license_type','PREMIUM');
188
+ }
189
+ else
190
+ {
191
+ update_site_option('mo2f_license_type','DEMO');
192
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
193
+ }
194
  if(isset($content['smsRemaining']))
195
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
196
+ else if($content['status'] =='SUCCESS')
197
  update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
198
+ if(isset($content['emailRemaining']))
199
+ {
200
+ if($content['emailRemaining']>30)
201
+ {
202
+ $currentTransaction = $content['emailRemaining'];
203
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
204
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
205
+ }
206
+ else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
207
+ {
208
+ update_site_option('cmVtYWluaW5nT1RQ',30);
209
+ }
210
+ }
211
 
212
  }
213
  else
controllers/content-protection.php CHANGED
@@ -1,94 +1,94 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_wpns_content_protection":
9
- wpns_handle_content_protection($_POST); break;
10
- case "mo_wpns_enable_comment_spam_blocking":
11
- wpns_handle_comment_spam_blocking($_POST); break;
12
- case "mo_wpns_enable_comment_recaptcha":
13
- wpns_handle_comment_recaptcha($_POST); break;
14
- case "mo_wpns_comment_recaptcha_settings":
15
- wpns_save_comment_recaptcha($_POST); break;
16
- }
17
- }
18
-
19
-
20
- $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
- $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
- $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
- $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
- $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
- $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
- $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
- $test_recaptcha_url = "";
28
- $wp_config = site_url().'/wp-config.php';
29
- $wp_uploads = get_site_url().'/wp-content/uploads';
30
- $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
31
- $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
32
- $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
33
- if($enable_recaptcha)
34
- {
35
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
36
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
37
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
38
- }
39
-
40
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
41
-
42
- /* CONTENT PROTECTION FUNCTIONS */
43
-
44
- //Function to save content protection settings
45
- function wpns_handle_content_protection()
46
- {
47
- isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
48
- isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
49
- isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
50
- isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
51
- if(isset($_POST['restrictAPI'])){
52
- update_site_option('mo2f_restrict_restAPI', 1);
53
- }
54
- else{
55
- update_site_option('mo2f_restrict_restAPI',0);
56
- }
57
-
58
-
59
-
60
-
61
- $mo_wpns_htaccess_handler = new MoWpnsHandler();
62
- $mo_wpns_htaccess_handler->update_htaccess_configuration();
63
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
64
- }
65
-
66
-
67
- //Function to handle comment spam blocking
68
- function wpns_handle_comment_spam_blocking($postvalue)
69
- {
70
- $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
71
- update_option('mo_wpns_enable_comment_spam_blocking', $enable);
72
- if($enable)
73
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
74
- else
75
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
76
- }
77
-
78
-
79
- //Function to handle reCAPTCHA for comments
80
- function wpns_handle_comment_recaptcha($postvalue)
81
- {
82
- $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
83
- update_option('mo_wpns_enable_comment_recaptcha', $enable);
84
- if($enable)
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
86
- else
87
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
88
- }
89
-
90
- function wpns_save_comment_recaptcha($postvalue){
91
- update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
92
- update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
93
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
94
  }
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_wpns_content_protection":
9
+ wpns_handle_content_protection($_POST); break;
10
+ case "mo_wpns_enable_comment_spam_blocking":
11
+ wpns_handle_comment_spam_blocking($_POST); break;
12
+ case "mo_wpns_enable_comment_recaptcha":
13
+ wpns_handle_comment_recaptcha($_POST); break;
14
+ case "mo_wpns_comment_recaptcha_settings":
15
+ wpns_save_comment_recaptcha($_POST); break;
16
+ }
17
+ }
18
+
19
+
20
+ $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
+ $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
+ $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
+ $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
+ $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
+ $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
+ $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
+ $test_recaptcha_url = "";
28
+ $wp_config = site_url().'/wp-config.php';
29
+ $wp_uploads = get_site_url().'/wp-content/uploads';
30
+ $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
31
+ $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
32
+ $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
33
+ if($enable_recaptcha)
34
+ {
35
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
36
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
37
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
38
+ }
39
+
40
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
41
+
42
+ /* CONTENT PROTECTION FUNCTIONS */
43
+
44
+ //Function to save content protection settings
45
+ function wpns_handle_content_protection()
46
+ {
47
+ isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
48
+ isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
49
+ isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
50
+ isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
51
+ if(isset($_POST['restrictAPI'])){
52
+ update_site_option('mo2f_restrict_restAPI', 1);
53
+ }
54
+ else{
55
+ update_site_option('mo2f_restrict_restAPI',0);
56
+ }
57
+
58
+
59
+
60
+
61
+ $mo_wpns_htaccess_handler = new MoWpnsHandler();
62
+ $mo_wpns_htaccess_handler->update_htaccess_configuration();
63
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
64
+ }
65
+
66
+
67
+ //Function to handle comment spam blocking
68
+ function wpns_handle_comment_spam_blocking($postvalue)
69
+ {
70
+ $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
71
+ update_option('mo_wpns_enable_comment_spam_blocking', $enable);
72
+ if($enable)
73
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
74
+ else
75
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
76
+ }
77
+
78
+
79
+ //Function to handle reCAPTCHA for comments
80
+ function wpns_handle_comment_recaptcha($postvalue)
81
+ {
82
+ $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
83
+ update_option('mo_wpns_enable_comment_recaptcha', $enable);
84
+ if($enable)
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
86
+ else
87
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
88
+ }
89
+
90
+ function wpns_save_comment_recaptcha($postvalue){
91
+ update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
92
+ update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
93
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
94
  }
controllers/ip-blocking.php CHANGED
@@ -1,257 +1,257 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- $mo_wpns_handler = new MoWpnsHandler();
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch($_POST['option'])
9
- {
10
- case "mo_wpns_manual_block_ip":
11
- wpns_handle_manual_block_ip($_POST['IP']); break;
12
- case "mo_wpns_unblock_ip":
13
- wpns_handle_unblock_ip($_POST['id']); break;
14
- case "mo_wpns_whitelist_ip":
15
- wpns_handle_whitelist_ip($_POST['IP']); break;
16
- case "mo_wpns_remove_whitelist":
17
- wpns_handle_remove_whitelist($_POST['id'] ); break;
18
- }
19
- }
20
-
21
- $blockedips = $mo_wpns_handler->get_blocked_ips();
22
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
- $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
- $path = explode('plugins', $path);
25
- $img_loader_url = plugins_url().$path[1];
26
-
27
- $page_url = "";
28
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
-
30
-
31
- /** IP BLOCKING RELATED FUNCTIONS **/
32
-
33
- // Function to handle Manual Block IP form submit
34
- function wpns_handle_manual_block_ip($ip)
35
- {
36
-
37
- global $moWpnsUtility;
38
-
39
- if( $moWpnsUtility->check_empty_or_null( $ip) )
40
- {
41
- //Improper message
42
- echo("empty IP");
43
- exit;
44
- }
45
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
- {
47
- echo("INVALID_IP_FORMAT");
48
- exit;
49
- }
50
- else
51
- {
52
- $ipAddress = sanitize_text_field( $ip );
53
- $mo_wpns_config = new MoWpnsHandler();
54
- $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
- if(!$isWhitelisted)
56
- {
57
- if($mo_wpns_config->is_ip_blocked($ipAddress)){
58
- //Change message
59
- echo("already blocked");
60
- exit;
61
- } else{
62
- $mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
- //not in structures
64
- ?>
65
- <table id="blockedips_table1" class="display">
66
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
- <tbody>
68
- <?php
69
- $mo_wpns_handler = new MoWpnsHandler();
70
- $blockedips = $mo_wpns_handler->get_blocked_ips();
71
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
- global $mo2f_dirName;
73
- foreach($blockedips as $blockedip)
74
- {
75
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
- if(empty($blockedip->blocked_for_time))
77
- echo "<span class=redtext>Permanently</span>";
78
- else
79
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
- }
82
- ?>
83
- </tbody>
84
- </table>
85
- <script type="text/javascript">
86
- jQuery("#blockedips_table1").DataTable({
87
- "order": [[ 3, "desc" ]]
88
- });
89
- </script>
90
- <?php
91
- exit;
92
- }
93
- }
94
- else
95
- {
96
- // Change message
97
- echo("IP_IN_WHITELISTED");
98
- exit;
99
- }
100
- }
101
- }
102
-
103
-
104
- // Function to handle Manual Block IP form submit
105
- function wpns_handle_unblock_ip($entryID)
106
- {
107
- global $moWpnsUtility;
108
-
109
- if( $moWpnsUtility->check_empty_or_null($entryID))
110
- {
111
- // Change message
112
- echo("UNKNOWN_ERROR");
113
- exit;
114
- }
115
- else
116
- {
117
- $entryid = sanitize_text_field($entryID);
118
- $mo_wpns_config = new MoWpnsHandler();
119
- $mo_wpns_config->unblock_ip_entry($entryid);
120
- //not is structure
121
- ?>
122
- <table id="blockedips_table1" class="display">
123
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
- <tbody>
125
- <?php
126
- $mo_wpns_handler = new MoWpnsHandler();
127
- $blockedips = $mo_wpns_handler->get_blocked_ips();
128
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
- global $mo2f_dirName;
130
- foreach($blockedips as $blockedip)
131
- {
132
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
- if(empty($blockedip->blocked_for_time))
134
- echo "<span class=redtext>Permanently</span>";
135
- else
136
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
- }
139
- ?>
140
- </tbody>
141
- </table>
142
- <script type="text/javascript">
143
- jQuery("#blockedips_table1").DataTable({
144
- "order": [[ 3, "desc" ]]
145
- });
146
- </script>
147
- <?php
148
-
149
- exit;
150
- }
151
- }
152
-
153
-
154
- // Function to handle Whitelist IP form submit
155
- function wpns_handle_whitelist_ip($ip)
156
- {
157
- global $moWpnsUtility;
158
- if( $moWpnsUtility->check_empty_or_null($ip))
159
- {
160
- //change message
161
- echo("EMPTY IP");
162
- exit;
163
- }
164
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
- { //change message
166
- echo("INVALID_IP");
167
- exit;
168
- }
169
- else
170
- {
171
- $ipAddress = sanitize_text_field($ip);
172
- $mo_wpns_config = new MoWpnsHandler();
173
- if($mo_wpns_config->is_whitelisted($ipAddress))
174
- {
175
- //change message
176
- echo("IP_ALREADY_WHITELISTED");
177
- exit;
178
- }
179
- else
180
- {
181
- $mo_wpns_config->whitelist_ip($ip);
182
- //Structures issues
183
- $mo_wpns_handler = new MoWpnsHandler();
184
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
-
186
- ?>
187
- <table id="whitelistedips_table1" class="display">
188
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
- <tbody>
190
- <?php
191
- foreach($whitelisted_ips as $whitelisted_ip)
192
- {
193
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
- }
195
-
196
-
197
- ?>
198
- </tbody>
199
- </table>
200
- <script type="text/javascript">
201
- jQuery("#whitelistedips_table1").DataTable({
202
- "order": [[ 1, "desc" ]]
203
- });
204
- </script>
205
-
206
- <?php
207
- exit;
208
- }
209
- }
210
- }
211
-
212
-
213
- // Function to handle remove whitelisted IP form submit
214
- function wpns_handle_remove_whitelist($entryID)
215
- {
216
- global $moWpnsUtility;
217
- if( $moWpnsUtility->check_empty_or_null($entryID))
218
- {
219
- //change Message
220
- echo("UNKNOWN_ERROR");
221
- exit;
222
- }
223
- else
224
- {
225
- $entryid = sanitize_text_field($entryID);
226
- $mo_wpns_config = new MoWpnsHandler();
227
- $mo_wpns_config->remove_whitelist_entry($entryid);
228
- //structures
229
- $mo_wpns_handler = new MoWpnsHandler();
230
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
-
232
- ?>
233
- <table id="whitelistedips_table1" class="display">
234
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
- <tbody>
236
- <?php
237
- foreach($whitelisted_ips as $whitelisted_ip)
238
- {
239
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
- }
241
-
242
-
243
- ?>
244
- </tbody>
245
- </table>
246
- <script type="text/javascript">
247
- jQuery("#whitelistedips_table1").DataTable({
248
- "order": [[ 1, "desc" ]]
249
- });
250
- </script>
251
-
252
- <?php
253
- exit;
254
- }
255
- }
256
-
257
 
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ $mo_wpns_handler = new MoWpnsHandler();
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch($_POST['option'])
9
+ {
10
+ case "mo_wpns_manual_block_ip":
11
+ wpns_handle_manual_block_ip($_POST['IP']); break;
12
+ case "mo_wpns_unblock_ip":
13
+ wpns_handle_unblock_ip($_POST['id']); break;
14
+ case "mo_wpns_whitelist_ip":
15
+ wpns_handle_whitelist_ip($_POST['IP']); break;
16
+ case "mo_wpns_remove_whitelist":
17
+ wpns_handle_remove_whitelist($_POST['id'] ); break;
18
+ }
19
+ }
20
+
21
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
22
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
+ $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
+ $path = explode('plugins', $path);
25
+ $img_loader_url = plugins_url().$path[1];
26
+
27
+ $page_url = "";
28
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
+
30
+
31
+ /** IP BLOCKING RELATED FUNCTIONS **/
32
+
33
+ // Function to handle Manual Block IP form submit
34
+ function wpns_handle_manual_block_ip($ip)
35
+ {
36
+
37
+ global $moWpnsUtility;
38
+
39
+ if( $moWpnsUtility->check_empty_or_null( $ip) )
40
+ {
41
+ //Improper message
42
+ echo("empty IP");
43
+ exit;
44
+ }
45
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
+ {
47
+ echo("INVALID_IP_FORMAT");
48
+ exit;
49
+ }
50
+ else
51
+ {
52
+ $ipAddress = sanitize_text_field( $ip );
53
+ $mo_wpns_config = new MoWpnsHandler();
54
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
+ if(!$isWhitelisted)
56
+ {
57
+ if($mo_wpns_config->is_ip_blocked($ipAddress)){
58
+ //Change message
59
+ echo("already blocked");
60
+ exit;
61
+ } else{
62
+ $mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
+ //not in structures
64
+ ?>
65
+ <table id="blockedips_table1" class="display">
66
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
+ <tbody>
68
+ <?php
69
+ $mo_wpns_handler = new MoWpnsHandler();
70
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
71
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
+ global $mo2f_dirName;
73
+ foreach($blockedips as $blockedip)
74
+ {
75
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
+ if(empty($blockedip->blocked_for_time))
77
+ echo "<span class=redtext>Permanently</span>";
78
+ else
79
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
+ }
82
+ ?>
83
+ </tbody>
84
+ </table>
85
+ <script type="text/javascript">
86
+ jQuery("#blockedips_table1").DataTable({
87
+ "order": [[ 3, "desc" ]]
88
+ });
89
+ </script>
90
+ <?php
91
+ exit;
92
+ }
93
+ }
94
+ else
95
+ {
96
+ // Change message
97
+ echo("IP_IN_WHITELISTED");
98
+ exit;
99
+ }
100
+ }
101
+ }
102
+
103
+
104
+ // Function to handle Manual Block IP form submit
105
+ function wpns_handle_unblock_ip($entryID)
106
+ {
107
+ global $moWpnsUtility;
108
+
109
+ if( $moWpnsUtility->check_empty_or_null($entryID))
110
+ {
111
+ // Change message
112
+ echo("UNKNOWN_ERROR");
113
+ exit;
114
+ }
115
+ else
116
+ {
117
+ $entryid = sanitize_text_field($entryID);
118
+ $mo_wpns_config = new MoWpnsHandler();
119
+ $mo_wpns_config->unblock_ip_entry($entryid);
120
+ //not is structure
121
+ ?>
122
+ <table id="blockedips_table1" class="display">
123
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
+ <tbody>
125
+ <?php
126
+ $mo_wpns_handler = new MoWpnsHandler();
127
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
128
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
+ global $mo2f_dirName;
130
+ foreach($blockedips as $blockedip)
131
+ {
132
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
+ if(empty($blockedip->blocked_for_time))
134
+ echo "<span class=redtext>Permanently</span>";
135
+ else
136
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
+ }
139
+ ?>
140
+ </tbody>
141
+ </table>
142
+ <script type="text/javascript">
143
+ jQuery("#blockedips_table1").DataTable({
144
+ "order": [[ 3, "desc" ]]
145
+ });
146
+ </script>
147
+ <?php
148
+
149
+ exit;
150
+ }
151
+ }
152
+
153
+
154
+ // Function to handle Whitelist IP form submit
155
+ function wpns_handle_whitelist_ip($ip)
156
+ {
157
+ global $moWpnsUtility;
158
+ if( $moWpnsUtility->check_empty_or_null($ip))
159
+ {
160
+ //change message
161
+ echo("EMPTY IP");
162
+ exit;
163
+ }
164
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
+ { //change message
166
+ echo("INVALID_IP");
167
+ exit;
168
+ }
169
+ else
170
+ {
171
+ $ipAddress = sanitize_text_field($ip);
172
+ $mo_wpns_config = new MoWpnsHandler();
173
+ if($mo_wpns_config->is_whitelisted($ipAddress))
174
+ {
175
+ //change message
176
+ echo("IP_ALREADY_WHITELISTED");
177
+ exit;
178
+ }
179
+ else
180
+ {
181
+ $mo_wpns_config->whitelist_ip($ip);
182
+ //Structures issues
183
+ $mo_wpns_handler = new MoWpnsHandler();
184
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
+
186
+ ?>
187
+ <table id="whitelistedips_table1" class="display">
188
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
+ <tbody>
190
+ <?php
191
+ foreach($whitelisted_ips as $whitelisted_ip)
192
+ {
193
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
+ }
195
+
196
+
197
+ ?>
198
+ </tbody>
199
+ </table>
200
+ <script type="text/javascript">
201
+ jQuery("#whitelistedips_table1").DataTable({
202
+ "order": [[ 1, "desc" ]]
203
+ });
204
+ </script>
205
+
206
+ <?php
207
+ exit;
208
+ }
209
+ }
210
+ }
211
+
212
+
213
+ // Function to handle remove whitelisted IP form submit
214
+ function wpns_handle_remove_whitelist($entryID)
215
+ {
216
+ global $moWpnsUtility;
217
+ if( $moWpnsUtility->check_empty_or_null($entryID))
218
+ {
219
+ //change Message
220
+ echo("UNKNOWN_ERROR");
221
+ exit;
222
+ }
223
+ else
224
+ {
225
+ $entryid = sanitize_text_field($entryID);
226
+ $mo_wpns_config = new MoWpnsHandler();
227
+ $mo_wpns_config->remove_whitelist_entry($entryid);
228
+ //structures
229
+ $mo_wpns_handler = new MoWpnsHandler();
230
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
+
232
+ ?>
233
+ <table id="whitelistedips_table1" class="display">
234
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
+ <tbody>
236
+ <?php
237
+ foreach($whitelisted_ips as $whitelisted_ip)
238
+ {
239
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
+ }
241
+
242
+
243
+ ?>
244
+ </tbody>
245
+ </table>
246
+ <script type="text/javascript">
247
+ jQuery("#whitelistedips_table1").DataTable({
248
+ "order": [[ 1, "desc" ]]
249
+ });
250
+ </script>
251
+
252
+ <?php
253
+ exit;
254
+ }
255
+ }
256
+
257
 
controllers/main_controller.php CHANGED
@@ -1,111 +1,111 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
-
7
-
8
- if(current_user_can('administrator'))
9
- {
10
- include $controller . 'navbar.php';
11
- include $controller . 'newtork_security_features.php';
12
-
13
- $tour_started=get_option('mo2f_tour_started',0);
14
-
15
-
16
- if($tour_started<1)
17
- include $controller . 'two-fa-intro.php';
18
- else if($tour_started != 0)
19
- include $controller . 'tour-model.php';
20
-
21
- if( isset( $_GET[ 'page' ]))
22
- {
23
- switch($_GET['page'])
24
- {
25
- case 'mo_2fa_dashboard':
26
- include $controller . 'dashboard.php'; break;
27
- case 'mo_2fa_login_and_spam':
28
- include $controller . 'login-spam.php'; break;
29
- case 'default':
30
- include $controller . 'login-security.php'; break;
31
- case 'mo_2fa_account':
32
- include $controller . 'account.php'; break;
33
- case 'mo_2fa_backup':
34
- include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
35
- case 'mo_2fa_upgrade':
36
- include $controller . 'upgrade.php'; break;
37
- case 'mo_2fa_waf':
38
- include $controller . 'waf.php'; break;
39
- case 'mo_2fa_blockedips':
40
- include $controller . 'ip-blocking.php'; break;
41
- case 'mo_2fa_advancedblocking':
42
- include $controller . 'advanced-blocking.php'; break;
43
- case 'mo_2fa_notifications':
44
- include $controller . 'notification-settings.php'; break;
45
- case 'mo_2fa_reports':
46
- include $controller . 'reports.php'; break;
47
- case 'mo_2fa_licensing':
48
- include $controller . 'licensing.php'; break;
49
- case 'mo_2fa_troubleshooting':
50
- include $controller . 'troubleshooting.php'; break;
51
- case 'mo_2fa_addons':
52
- include $controller . 'addons.php'; break;
53
- case 'mo_2fa_malwarescan':
54
- include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
55
- case 'mo_2fa_two_fa':
56
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
57
- case 'mo_2fa_request_demo':
58
- include $controller . 'request_demo.php';
59
- }
60
- }
61
-
62
- }
63
- else
64
- {
65
- if( isset( $_GET[ 'page' ]))
66
- {
67
- switch($_GET['page'])
68
- {
69
- case 'mo_2fa_two_fa':
70
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
71
-
72
- }
73
-
74
- }
75
-
76
- }
77
- if (isset( $_GET[ 'page' ])) {
78
-
79
- if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
80
- {
81
- include $controller . 'feedback_footer.php';
82
- }
83
- else
84
- {
85
- include $controller . 'support.php';
86
- }
87
- }
88
- ?>
89
-
90
- <!-- <script>
91
- jQuery(document).ready(function(){
92
- var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
93
- var data={
94
- 'action':'mo_wpns_malware_redirect',
95
- 'call_type':'malware_scan_initiate',
96
- 'scan':'scan_start',
97
- 'scantype':'quick_scan',
98
- 'nonce': nonce
99
- };
100
- jQuery.post(ajaxurl, data, function(response){
101
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
102
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
103
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
104
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
105
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
106
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
107
- document.getElementById("quick_scan_button").value = "Quick Scan";
108
- });
109
- });
110
- </script> -->
111
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
+
7
+
8
+ if(current_user_can('administrator'))
9
+ {
10
+ include $controller . 'navbar.php';
11
+ include $controller . 'newtork_security_features.php';
12
+
13
+ $tour_started=get_option('mo2f_tour_started',0);
14
+
15
+
16
+ if($tour_started<1)
17
+ include $controller . 'two-fa-intro.php';
18
+ else if($tour_started != 0)
19
+ include $controller . 'tour-model.php';
20
+
21
+ if( isset( $_GET[ 'page' ]))
22
+ {
23
+ switch($_GET['page'])
24
+ {
25
+ case 'mo_2fa_dashboard':
26
+ include $controller . 'dashboard.php'; break;
27
+ case 'mo_2fa_login_and_spam':
28
+ include $controller . 'login-spam.php'; break;
29
+ case 'default':
30
+ include $controller . 'login-security.php'; break;
31
+ case 'mo_2fa_account':
32
+ include $controller . 'account.php'; break;
33
+ case 'mo_2fa_backup':
34
+ include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
35
+ case 'mo_2fa_upgrade':
36
+ include $controller . 'upgrade.php'; break;
37
+ case 'mo_2fa_waf':
38
+ include $controller . 'waf.php'; break;
39
+ case 'mo_2fa_blockedips':
40
+ include $controller . 'ip-blocking.php'; break;
41
+ case 'mo_2fa_advancedblocking':
42
+ include $controller . 'advanced-blocking.php'; break;
43
+ case 'mo_2fa_notifications':
44
+ include $controller . 'notification-settings.php'; break;
45
+ case 'mo_2fa_reports':
46
+ include $controller . 'reports.php'; break;
47
+ case 'mo_2fa_licensing':
48
+ include $controller . 'licensing.php'; break;
49
+ case 'mo_2fa_troubleshooting':
50
+ include $controller . 'troubleshooting.php'; break;
51
+ case 'mo_2fa_addons':
52
+ include $controller . 'addons.php'; break;
53
+ case 'mo_2fa_malwarescan':
54
+ include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
55
+ case 'mo_2fa_two_fa':
56
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
57
+ case 'mo_2fa_request_demo':
58
+ include $controller . 'request_demo.php';
59
+ }
60
+ }
61
+
62
+ }
63
+ else
64
+ {
65
+ if( isset( $_GET[ 'page' ]))
66
+ {
67
+ switch($_GET['page'])
68
+ {
69
+ case 'mo_2fa_two_fa':
70
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
71
+
72
+ }
73
+
74
+ }
75
+
76
+ }
77
+ if (isset( $_GET[ 'page' ])) {
78
+
79
+ if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
80
+ {
81
+ include $controller . 'feedback_footer.php';
82
+ }
83
+ else
84
+ {
85
+ include $controller . 'support.php';
86
+ }
87
+ }
88
+ ?>
89
+
90
+ <!-- <script>
91
+ jQuery(document).ready(function(){
92
+ var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
93
+ var data={
94
+ 'action':'mo_wpns_malware_redirect',
95
+ 'call_type':'malware_scan_initiate',
96
+ 'scan':'scan_start',
97
+ 'scantype':'quick_scan',
98
+ 'nonce': nonce
99
+ };
100
+ jQuery.post(ajaxurl, data, function(response){
101
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
102
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
103
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
104
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
105
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
106
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
107
+ document.getElementById("quick_scan_button").value = "Quick Scan";
108
+ });
109
+ });
110
+ </script> -->
111
+
controllers/malware_scanner/malware_scan_ajax.php CHANGED
@@ -96,13 +96,13 @@ class Mo_wpns_scan_malware
96
  );
97
 
98
  $encoded_scan_configuration=json_encode($scan_configuration);
99
- update_option("mo_wpns_scan_configuration",$encoded_scan_configuration);
100
  wp_send_json('save_success');
101
  }
102
  }
103
 
104
  public function mo_wpns_start_malware_scan($POSTED){
105
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
106
  if(isset($decoded_scan_configuration)){
107
  $status = $decoded_scan_configuration->scan_progress;
108
  }else{
@@ -118,15 +118,16 @@ class Mo_wpns_scan_malware
118
  $mo2f_malware_db_handler = new MoWpnsDB();
119
 
120
  $current_time= time();
121
- update_option('mo_wpns_last_scan_time', $current_time);
122
  $plugin_current= get_plugins();
123
- update_option('mo_wpns_last_plugins', $plugin_current);
124
  $args=array();
125
  $theme_current= wp_get_themes($args);
126
- update_option('mo_wpns_last_themes', $theme_current);
 
127
 
128
- update_option('mo2f_scan_initialize', 0);
129
- update_option('mo_wpns_hide_malware_popup', 1);
130
 
131
  $mo_wpns_malware_scan_in_progress="IN PROGRESS";
132
  $mo_wpns_files_scanned=0;
@@ -134,8 +135,11 @@ class Mo_wpns_scan_malware
134
  $mo_wpns_warning_files=0;
135
  $wordpress_download_status=false;
136
 
137
- update_option('mo_wpns_infected_files',0);
138
- update_option('mo_wpns_warning_files',0);
 
 
 
139
 
140
 
141
  $scan_status = array(
@@ -153,7 +157,7 @@ class Mo_wpns_scan_malware
153
  );
154
 
155
  $encoded_scan_status=json_encode($scan_status);
156
- update_option("mo_wpns_scan_status",$encoded_scan_status);
157
 
158
 
159
  $mo2f_malware_db_handler->delete_files_parts();
@@ -169,7 +173,7 @@ class Mo_wpns_scan_malware
169
  return;
170
  }
171
  $scan_configuration = MoWpnsConstants::$quick_scan_configuration;
172
- update_option('mo_wpns_scan_mode','quick_scan');
173
  $scan_status = array(
174
  'scan_progress' => $mo_wpns_malware_scan_in_progress,
175
  'files_scanned' => $mo_wpns_files_scanned,
@@ -185,7 +189,7 @@ class Mo_wpns_scan_malware
185
  );
186
 
187
  $encoded_scan_status=json_encode($scan_status);
188
- update_option("mo_wpns_scan_status",$encoded_scan_status);
189
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
190
  break;
191
  case "standard_scan":
@@ -195,7 +199,7 @@ class Mo_wpns_scan_malware
195
  return;
196
  }
197
  $scan_configuration = MoWpnsConstants::$standard_scan_configuration;
198
- update_option('mo_wpns_scan_mode','standard_scan');
199
  $scan_status = array(
200
  'scan_progress' => $mo_wpns_malware_scan_in_progress,
201
  'files_scanned' => $mo_wpns_files_scanned,
@@ -211,7 +215,7 @@ class Mo_wpns_scan_malware
211
  );
212
 
213
  $encoded_scan_status=json_encode($scan_status);
214
- update_option("mo_wpns_scan_status",$encoded_scan_status);
215
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
216
  break;
217
  case "custom_scan":
@@ -220,7 +224,7 @@ class Mo_wpns_scan_malware
220
  wp_send_json('ERROR');
221
  return;
222
  }
223
- $decode_scan_configuration=json_decode(get_option("mo_wpns_scan_configuration"));
224
  if(is_null($decode_scan_configuration))
225
  {
226
  delete_option("mo_wpns_scan_status",$encoded_scan_status);
@@ -255,9 +259,9 @@ class Mo_wpns_scan_malware
255
  );
256
 
257
  $encoded_scan_status=json_encode($scan_status);
258
- update_option("mo_wpns_scan_status",$encoded_scan_status);
259
- update_option('mo_wpns_scan_mode','custom_scan');
260
- update_option('mo2f_custom_scan_config', $scan_configuration);
261
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
262
  break;
263
  }
@@ -267,8 +271,8 @@ class Mo_wpns_scan_malware
267
 
268
  public function mo_wpns_get_progress(){
269
 
270
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
271
- $status= $decoded_scan_status->scan_progress;;
272
  $files_scanned= $decoded_scan_status->files_scanned;
273
  $total_files = $decoded_scan_status->total_files;
274
  $check_repo = $decoded_scan_status->check_with_repo;
@@ -282,19 +286,32 @@ class Mo_wpns_scan_malware
282
 
283
  if($time_spent_in_downloading > 600){
284
  $mo2f_malware_db_handler = new MoWpnsDB();
285
- $reportid= get_option('mo2f_report_id');
286
  $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
287
  if(!empty($last_report)){
288
- $response['file_count']= $last_report[0]->scanned_files;
289
- $response['malware_count'] = $last_report[0]->malware_count;
290
- $response['repo_issues'] = -96;
291
- $response['malicious_link'] = $last_report[0]->malicious_links;
292
-
293
- $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
 
 
294
  }
295
-
296
- $scan_handler_obj = new mo2f_scanner_parts;
297
- $scan_handler_obj->mo2f_end_scan();
 
 
 
 
 
 
 
 
 
 
 
298
  }
299
  }
300
  $repo_scan=0;
@@ -307,7 +324,7 @@ class Mo_wpns_scan_malware
307
  }
308
  else{
309
  //stop scan check
310
- $stop_scan=get_option('mo_stop_scan');
311
 
312
  $mo_wpns_db_handler = new MoWpnsDB();
313
  $total_scan=$mo_wpns_db_handler->count_files();
@@ -315,8 +332,8 @@ class Mo_wpns_scan_malware
315
  $last_id=$mo_wpns_db_handler->get_last_id();
316
  $send_id=$last_id[0]->max;
317
  $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
318
- $malicious_last_scan= get_option('mo_wpns_infected_files');
319
- $warning_last_scan = get_option('mo_wpns_warning_files');
320
  if($total_scan > 999){
321
  $total_scan=($total_scan/1000);
322
  $total_scan= round($total_scan,1)."k";
@@ -340,14 +357,14 @@ class Mo_wpns_scan_malware
340
  }
341
 
342
  function mo_wpns_stop_scan(){
343
- update_option('mo_stop_scan','1');
344
  $mo2f_malware_db_handler = new MoWpnsDB();
345
  $mo2f_malware_db_handler->delete_files_parts();
346
  wp_send_json('success');
347
  }
348
 
349
  function mo_wpns_get_scan_result(){
350
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
351
  $status=$decoded_scan_configuration->scan_progress;
352
  $mo_wpns_db_handler = new MoWpnsDB();
353
  $result = $mo_wpns_db_handler->get_report();
96
  );
97
 
98
  $encoded_scan_configuration=json_encode($scan_configuration);
99
+ update_site_option("mo_wpns_scan_configuration",$encoded_scan_configuration);
100
  wp_send_json('save_success');
101
  }
102
  }
103
 
104
  public function mo_wpns_start_malware_scan($POSTED){
105
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
106
  if(isset($decoded_scan_configuration)){
107
  $status = $decoded_scan_configuration->scan_progress;
108
  }else{
118
  $mo2f_malware_db_handler = new MoWpnsDB();
119
 
120
  $current_time= time();
121
+ update_site_option('mo_wpns_last_scan_time', $current_time);
122
  $plugin_current= get_plugins();
123
+ update_site_option('mo_wpns_last_plugins', $plugin_current);
124
  $args=array();
125
  $theme_current= wp_get_themes($args);
126
+ update_site_option('mo_wpns_last_themes', $theme_current);
127
+ update_site_option('malware_notification_option',1);
128
 
129
+ update_site_option('mo2f_scan_initialize', 0);
130
+ update_site_option('mo_wpns_hide_malware_popup', 1);
131
 
132
  $mo_wpns_malware_scan_in_progress="IN PROGRESS";
133
  $mo_wpns_files_scanned=0;
135
  $mo_wpns_warning_files=0;
136
  $wordpress_download_status=false;
137
 
138
+ update_site_option('mo_wpns_infected_files',0);
139
+ update_site_option('mo_wpns_warning_files',0);
140
+ update_site_option('mo2f_files_skipped', 0);
141
+ update_site_option('mo2f_file_size_excess', 0);
142
+ update_site_option('mo2f_download_done', 0);
143
 
144
 
145
  $scan_status = array(
157
  );
158
 
159
  $encoded_scan_status=json_encode($scan_status);
160
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
161
 
162
 
163
  $mo2f_malware_db_handler->delete_files_parts();
173
  return;
174
  }
175
  $scan_configuration = MoWpnsConstants::$quick_scan_configuration;
176
+ update_site_option('mo_wpns_scan_mode','quick_scan');
177
  $scan_status = array(
178
  'scan_progress' => $mo_wpns_malware_scan_in_progress,
179
  'files_scanned' => $mo_wpns_files_scanned,
189
  );
190
 
191
  $encoded_scan_status=json_encode($scan_status);
192
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
193
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
194
  break;
195
  case "standard_scan":
199
  return;
200
  }
201
  $scan_configuration = MoWpnsConstants::$standard_scan_configuration;
202
+ update_site_option('mo_wpns_scan_mode','standard_scan');
203
  $scan_status = array(
204
  'scan_progress' => $mo_wpns_malware_scan_in_progress,
205
  'files_scanned' => $mo_wpns_files_scanned,
215
  );
216
 
217
  $encoded_scan_status=json_encode($scan_status);
218
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
219
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
220
  break;
221
  case "custom_scan":
224
  wp_send_json('ERROR');
225
  return;
226
  }
227
+ $decode_scan_configuration=json_decode(get_site_option("mo_wpns_scan_configuration"));
228
  if(is_null($decode_scan_configuration))
229
  {
230
  delete_option("mo_wpns_scan_status",$encoded_scan_status);
259
  );
260
 
261
  $encoded_scan_status=json_encode($scan_status);
262
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
263
+ update_site_option('mo_wpns_scan_mode','custom_scan');
264
+ update_site_option('mo2f_custom_scan_config', $scan_configuration);
265
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
266
  break;
267
  }
271
 
272
  public function mo_wpns_get_progress(){
273
 
274
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
275
+ $status= $decoded_scan_status->scan_progress;
276
  $files_scanned= $decoded_scan_status->files_scanned;
277
  $total_files = $decoded_scan_status->total_files;
278
  $check_repo = $decoded_scan_status->check_with_repo;
286
 
287
  if($time_spent_in_downloading > 600){
288
  $mo2f_malware_db_handler = new MoWpnsDB();
289
+ $reportid= get_site_option('mo2f_report_id');
290
  $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
291
  if(!empty($last_report)){
292
+ $issue = $last_report[0]->repo_key;
293
+ $repo_key = get_site_option('mo2f_current_repo_key');
294
+ if($repo_key == 'core'){
295
+ $issue.= "WordPress Core Files;";
296
+ }else{
297
+ $issue.= $repo_key.";";
298
+ }
299
+ $mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
300
  }
301
+ $scan_mode = get_site_option('mo_wpns_scan_mode');
302
+ if ( $scan_mode == 'Quick Scan' ) {
303
+ $scan_config = MoWpnsConstants::$quick_scan_configuration;
304
+ } elseif ( $scan_mode == 'Standard Scan' ) {
305
+ $scan_config = MoWpnsConstants::$standard_scan_configuration;
306
+ } else {
307
+ $scan_config = get_site_option( 'mo2f_custom_scan_config' );
308
+ }
309
+ $uploads_dir = wp_upload_dir();
310
+ $uploads_path= $uploads_dir['basedir'];
311
+ $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
312
+ $scanverification = get_site_option( "mo2f_scanverification" );
313
+ $req_obj = new mo2f_scanner_parts();
314
+ $req_obj->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
315
  }
316
  }
317
  $repo_scan=0;
324
  }
325
  else{
326
  //stop scan check
327
+ $stop_scan=get_site_option('mo_stop_scan');
328
 
329
  $mo_wpns_db_handler = new MoWpnsDB();
330
  $total_scan=$mo_wpns_db_handler->count_files();
332
  $last_id=$mo_wpns_db_handler->get_last_id();
333
  $send_id=$last_id[0]->max;
334
  $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
335
+ $malicious_last_scan= get_site_option('mo_wpns_infected_files');
336
+ $warning_last_scan = get_site_option('mo_wpns_warning_files');
337
  if($total_scan > 999){
338
  $total_scan=($total_scan/1000);
339
  $total_scan= round($total_scan,1)."k";
357
  }
358
 
359
  function mo_wpns_stop_scan(){
360
+ update_site_option('mo_stop_scan','1');
361
  $mo2f_malware_db_handler = new MoWpnsDB();
362
  $mo2f_malware_db_handler->delete_files_parts();
363
  wp_send_json('success');
364
  }
365
 
366
  function mo_wpns_get_scan_result(){
367
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
368
  $status=$decoded_scan_configuration->scan_progress;
369
  $mo_wpns_db_handler = new MoWpnsDB();
370
  $result = $mo_wpns_db_handler->get_report();
controllers/malware_scanner/scan_malware_settings.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
 
4
 
5
- $scan_configuration = json_decode(get_option('mo_wpns_scan_configuration'));
6
  if(is_null($scan_configuration)){
7
  $mo_wpns_scan_files_extensions = "";
8
  $mo_wpns_skip_folders = "";
2
 
3
 
4
 
5
+ $scan_configuration = json_decode(get_site_option('mo_wpns_scan_configuration'));
6
  if(is_null($scan_configuration)){
7
  $mo_wpns_scan_files_extensions = "";
8
  $mo_wpns_skip_folders = "";
controllers/navbar.php CHANGED
@@ -80,4 +80,13 @@
80
 
81
  $active_tab = $_GET['page'];
82
 
 
 
 
 
 
 
 
 
 
83
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
80
 
81
  $active_tab = $_GET['page'];
82
 
83
+ $user_id = get_current_user_id();
84
+ $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
85
+ $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
86
+ if(is_array($backup_codes_remaining)){
87
+ $backup_codes_remaining = sizeof($backup_codes_remaining);
88
+ }else{
89
+ $backup_codes_remaining = 0;
90
+ }
91
+
92
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
controllers/support.php CHANGED
@@ -1,51 +1,51 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
11
- }
12
- }
13
-
14
- $current_user = wp_get_current_user();
15
- $email = get_option("mo2f_email");
16
- $phone = get_option("mo_wpns_admin_phone");
17
-
18
-
19
- if(empty($email))
20
- $email = $current_user->user_email;
21
-
22
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
23
-
24
-
25
- /* SUPPORT FORM RELATED FUNCTIONS */
26
-
27
- //Function to handle support form submit
28
- function wpns_handle_support_form($email,$query,$phone)
29
- {
30
-
31
- if( empty($email) || empty($query) )
32
- {
33
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'SUCCESS');
34
- return;
35
- }
36
-
37
-
38
- $query = sanitize_text_field( $query );
39
- $email = sanitize_text_field( $email );
40
- $phone = sanitize_text_field( $phone );
41
- $contact_us = new MocURL();
42
- $submited = json_decode($contact_us->submit_contact_us($email, $phone, $query),true);
43
-
44
- if(json_last_error() == JSON_ERROR_NONE && $submited)
45
- {
46
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
47
- return;
48
- }
49
-
50
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
51
  }
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
11
+ }
12
+ }
13
+
14
+ $current_user = wp_get_current_user();
15
+ $email = get_option("mo2f_email");
16
+ $phone = get_option("mo_wpns_admin_phone");
17
+
18
+
19
+ if(empty($email))
20
+ $email = $current_user->user_email;
21
+
22
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
23
+
24
+
25
+ /* SUPPORT FORM RELATED FUNCTIONS */
26
+
27
+ //Function to handle support form submit
28
+ function wpns_handle_support_form($email,$query,$phone)
29
+ {
30
+
31
+ if( empty($email) || empty($query) )
32
+ {
33
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'SUCCESS');
34
+ return;
35
+ }
36
+
37
+
38
+ $query = sanitize_text_field( $query );
39
+ $email = sanitize_text_field( $email );
40
+ $phone = sanitize_text_field( $phone );
41
+ $contact_us = new MocURL();
42
+ $submited = json_decode($contact_us->submit_contact_us($email, $phone, $query),true);
43
+
44
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
45
+ {
46
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
47
+ return;
48
+ }
49
+
50
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
51
  }
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -229,6 +229,7 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
229
  class="mo2f_display_none_forms">
230
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
231
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
 
232
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
233
  </form>
234
  <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
@@ -255,10 +256,11 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
255
  </html>
256
  <?php }
257
 
258
- function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
259
  $mo_wpns_config = new MoWpnsHandler();
260
  $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
261
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
 
262
  ?>
263
  <html>
264
  <head>
@@ -290,7 +292,7 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
290
  <form name="f" id="mo2f_submitkba_loginform" method="post">
291
  <div id="mo2f_kba_content">
292
  <p style="font-size:15px;">
293
- <?php $kba_questions = $cookievalue;//MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
294
  echo $kba_questions[0]['question']; ?><br>
295
  <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
296
  required="true" autofocus="true"
@@ -327,12 +329,30 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
327
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
328
  </form>
329
  <br>
330
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
331
  <div style="padding:10px;">
332
  <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
333
  </div>
334
 
335
- <?php mo2f_customize_logo() ?>
 
 
 
336
 
337
  </div>
338
  </div>
@@ -391,6 +411,12 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
391
  });
392
  }
393
  }
 
 
 
 
 
 
394
  </script>
395
  </body>
396
 
@@ -398,6 +424,64 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
398
  <?php
399
  }
400
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
401
  function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
402
  $mo_wpns_config = new MoWpnsHandler();
403
 
@@ -406,6 +490,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
406
  $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
407
  $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
408
  $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
 
409
  if(!MO2F_IS_ONPREM)
410
  $mo2f_EV_txid = $_SESSION['mo2f_transactionId'];
411
  ?>
@@ -471,13 +556,31 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
471
  <?php } ?>
472
  </span>
473
  <center>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
474
  <div style="padding:10px;">
475
  <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
476
  </div>
477
  </center>
478
  </div>
479
 
480
- <?php mo2f_customize_logo() ?>
 
 
 
481
  </div>
482
  </div>
483
  </div>
@@ -487,6 +590,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
487
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
488
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
489
  <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
 
490
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
491
  <input type="hidden" name="currentMethod" value="emailVer"/>
492
 
@@ -523,6 +627,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
523
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
524
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
525
  </form>
 
526
  <script>
527
  var timeout;
528
  var login_status = '<?php echo $login_status;?>';
@@ -607,6 +712,12 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
607
  jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
608
  jQuery('#mo2f_alternate_login_kbaform').submit();
609
  });
 
 
 
 
 
 
610
 
611
  </script>
612
  </body>
@@ -618,6 +729,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
618
  $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
619
  $mo_wpns_config = new MoWpnsHandler();
620
  $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
 
621
  ?>
622
  <html>
623
  <head>
@@ -670,11 +782,29 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
670
  value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
671
  </center>
672
  </span>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
673
  <div style="padding:10px;">
674
  <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
675
  </div>
676
  </div>
677
- <?php mo2f_customize_logo() ?>
 
 
 
678
  </div>
679
  </div>
680
  </div>
@@ -683,6 +813,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
683
  class="mo2f_display_none_forms">
684
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
685
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
 
686
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
687
  </form>
688
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
@@ -707,6 +838,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
707
  <input type="hidden" name="option" value="miniorange_forgotphone">
708
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
709
  </form>
 
710
  <script>
711
  var timeout;
712
  pollMobileValidation();
@@ -755,6 +887,12 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
755
  function mologinback() {
756
  jQuery('#mo2f_backto_mo_loginform').submit();
757
  }
 
 
 
 
 
 
758
 
759
  </script>
760
  </body>
@@ -763,10 +901,13 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
763
  }
764
 
765
  function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ) {
 
766
  $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
767
  $mo_wpns_config = new MoWpnsHandler();
768
  $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
769
  $attempts = get_option('mo2f_attempts_before_redirect', 3);
 
 
770
  ?>
771
  <html>
772
  <head>
@@ -841,14 +982,36 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
841
  id="miniorange_login_forgotphone"
842
  class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
843
  <?php } ?>
844
- <?php } ?>
845
- <div style="padding:10px;">
846
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
847
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
848
  </div>
849
  </div>
850
  </center>
851
- <?php mo2f_customize_logo() ?>
 
 
 
 
 
852
  </div>
853
  </div>
854
  </div>
@@ -870,6 +1033,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
870
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
871
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
872
  </form>
 
873
  <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
874
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
875
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
@@ -886,6 +1050,12 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
886
  jQuery('#miniorange_otp_token_back').click(function(){
887
  jQuery('#mo2f_backto_inline_registration').submit();
888
  });
 
 
 
 
 
 
889
 
890
  function mologinback() {
891
  jQuery('#mo2f_backto_mo_loginform').submit();
@@ -991,6 +1161,7 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
991
  class="mo2f_display_none_forms">
992
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
993
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
 
994
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
995
  </form>
996
  <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
@@ -1041,5 +1212,145 @@ function echo_js_css_files() {
1041
  echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
1042
  }
1043
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1044
 
1045
  ?>
229
  class="mo2f_display_none_forms">
230
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
231
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
232
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
233
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
234
  </form>
235
  <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
256
  </html>
257
  <?php }
258
 
259
+ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
260
  $mo_wpns_config = new MoWpnsHandler();
261
  $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
262
  $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
263
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
264
  ?>
265
  <html>
266
  <head>
292
  <form name="f" id="mo2f_submitkba_loginform" method="post">
293
  <div id="mo2f_kba_content">
294
  <p style="font-size:15px;">
295
+ <?php $kba_questions = $cookievalue;
296
  echo $kba_questions[0]['question']; ?><br>
297
  <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
298
  required="true" autofocus="true"
329
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
330
  </form>
331
  <br>
332
+ </div><br>
333
+ <?php
334
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
335
+ <div>
336
+ <a href="#mo2f_backup_generate">
337
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
338
+ </a>
339
+ </div>
340
+ <?php }else{ ?>
341
+ <div>
342
+ <a href="#mo2f_backup_option">
343
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
344
+ </a>
345
+ </div>
346
+ <?php }
347
+ ?>
348
  <div style="padding:10px;">
349
  <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
350
  </div>
351
 
352
+ <?php
353
+ mo2f_customize_logo();
354
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
355
+ ?>
356
 
357
  </div>
358
  </div>
411
  });
412
  }
413
  }
414
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
415
+ jQuery('#mo2f_backup').submit();
416
+ });
417
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
418
+ jQuery('#mo2f_create_backup_codes').submit();
419
+ });
420
  </script>
421
  </body>
422
 
424
  <?php
425
  }
426
 
427
+ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
428
+ ?>
429
+ <html>
430
+ <head> <meta charset="utf-8"/>
431
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
432
+ <meta name="viewport" content="width=device-width, initial-scale=1">
433
+ <?php
434
+ echo_js_css_files(); ?>
435
+ </head>
436
+ <body>
437
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
438
+ <div class="mo2f-modal-backdrop"></div>
439
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
440
+ <div class="login mo_customer_validation-modal-content">
441
+ <div class="mo2f_modal-header">
442
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
443
+ <?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
444
+ </h4>
445
+ </div>
446
+ <div class="mo2f_modal-body">
447
+ <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
448
+ <div id="otpMessage" >
449
+
450
+ <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
451
+ </div>
452
+ <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
453
+ <div id="mo2f_kba_content">
454
+ <p style="font-size:15px;">
455
+ <input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
456
+ </p>
457
+ </div>
458
+ <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
459
+ <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
460
+ <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
461
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
462
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
463
+ </form>
464
+ </br>
465
+ </div>
466
+ <br /><br /><br />
467
+ <?php mo2f_customize_logo() ?>
468
+ </div>
469
+ </div>
470
+ </div>
471
+ </div>
472
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
473
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
474
+ </form>
475
+ </body>
476
+ <script>
477
+ function mologinback(){
478
+ jQuery('#mo2f_backto_mo_loginform').submit();
479
+ }
480
+ </script>
481
+ </html>
482
+ <?php
483
+ }
484
+
485
  function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
486
  $mo_wpns_config = new MoWpnsHandler();
487
 
490
  $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
491
  $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
492
  $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
493
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
494
  if(!MO2F_IS_ONPREM)
495
  $mo2f_EV_txid = $_SESSION['mo2f_transactionId'];
496
  ?>
556
  <?php } ?>
557
  </span>
558
  <center>
559
+ <?php
560
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
561
+ <div>
562
+ <a href="#mo2f_backup_generate">
563
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
564
+ </a>
565
+ </div>
566
+ <?php }else{ ?>
567
+ <div>
568
+ <a href="#mo2f_backup_option">
569
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
570
+ </a>
571
+ </div>
572
+ <?php }
573
+ ?>
574
  <div style="padding:10px;">
575
  <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
576
  </div>
577
  </center>
578
  </div>
579
 
580
+ <?php
581
+ mo2f_customize_logo();
582
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
583
+ ?>
584
  </div>
585
  </div>
586
  </div>
590
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
591
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
592
  <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
593
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
594
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
595
  <input type="hidden" name="currentMethod" value="emailVer"/>
596
 
627
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
628
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
629
  </form>
630
+
631
  <script>
632
  var timeout;
633
  var login_status = '<?php echo $login_status;?>';
712
  jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
713
  jQuery('#mo2f_alternate_login_kbaform').submit();
714
  });
715
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
716
+ jQuery('#mo2f_backup').submit();
717
+ });
718
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
719
+ jQuery('#mo2f_create_backup_codes').submit();
720
+ });
721
 
722
  </script>
723
  </body>
729
  $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
730
  $mo_wpns_config = new MoWpnsHandler();
731
  $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
732
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
733
  ?>
734
  <html>
735
  <head>
782
  value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
783
  </center>
784
  </span>
785
+ <?php
786
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
787
+ <div>
788
+ <a href="#mo2f_backup_generate">
789
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
790
+ </a>
791
+ </div>
792
+ <?php }else{ ?>
793
+ <div>
794
+ <a href="#mo2f_backup_option">
795
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
796
+ </a>
797
+ </div>
798
+ <?php }
799
+ ?>
800
  <div style="padding:10px;">
801
  <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
802
  </div>
803
  </div>
804
+ <?php
805
+ mo2f_customize_logo();
806
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
807
+ ?>
808
  </div>
809
  </div>
810
  </div>
813
  class="mo2f_display_none_forms">
814
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
815
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
816
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
817
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
818
  </form>
819
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
838
  <input type="hidden" name="option" value="miniorange_forgotphone">
839
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
840
  </form>
841
+
842
  <script>
843
  var timeout;
844
  pollMobileValidation();
887
  function mologinback() {
888
  jQuery('#mo2f_backto_mo_loginform').submit();
889
  }
890
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
891
+ jQuery('#mo2f_backup').submit();
892
+ });
893
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
894
+ jQuery('#mo2f_create_backup_codes').submit();
895
+ });
896
 
897
  </script>
898
  </body>
901
  }
902
 
903
  function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ) {
904
+ global $Mo2fdbQueries;
905
  $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
906
  $mo_wpns_config = new MoWpnsHandler();
907
  $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
908
  $attempts = get_option('mo2f_attempts_before_redirect', 3);
909
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
910
+ $mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
911
  ?>
912
  <html>
913
  <head>
982
  id="miniorange_login_forgotphone"
983
  class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
984
  <?php } ?>
985
+ <?php }
986
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
987
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
988
+ <div>
989
+ <a href="#mo2f_backup_generate">
990
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
991
+ </a>
992
+ </div>
993
+ <?php }else{ ?>
994
+ <div>
995
+ <a href="#mo2f_backup_option">
996
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
997
+ </a>
998
+ </div>
999
+ <?php }
1000
+ ?>
1001
+
1002
+ <div style="padding:10px;">
1003
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1004
+ </div>
1005
+ <?php } ?>
1006
  </div>
1007
  </div>
1008
  </center>
1009
+ <?php
1010
+ mo2f_customize_logo();
1011
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1012
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1013
+ }
1014
+ ?>
1015
  </div>
1016
  </div>
1017
  </div>
1033
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1034
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1035
  </form>
1036
+
1037
  <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1038
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1039
  <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1050
  jQuery('#miniorange_otp_token_back').click(function(){
1051
  jQuery('#mo2f_backto_inline_registration').submit();
1052
  });
1053
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1054
+ jQuery('#mo2f_backup').submit();
1055
+ });
1056
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1057
+ jQuery('#mo2f_create_backup_codes').submit();
1058
+ });
1059
 
1060
  function mologinback() {
1061
  jQuery('#mo2f_backto_mo_loginform').submit();
1161
  class="mo2f_display_none_forms">
1162
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1163
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1164
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1165
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1166
  </form>
1167
  <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1212
  echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
1213
  }
1214
 
1215
+ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1216
+ global $Mo2fdbQueries;
1217
+ if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
1218
+ $encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
1219
+ $key = get_option( 'mo2f_encryption_key' );
1220
+ $codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
1221
+ $codes = explode(",", $codes_string);
1222
+ delete_user_meta($id, 'chqwetcsdvnvd');
1223
+ $result = true;
1224
+ }else{
1225
+ $codes = MO2f_Utility::mo_2f_generate_backup_codes();
1226
+ $codes_hash = MO2f_Utility::mo2f_get_codes_hash($codes);
1227
+ update_user_meta($id,'mo2f_backup_codes', $codes_hash);
1228
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1229
+ if(empty($mo2f_user_email)){
1230
+ $currentuser = get_user_by( 'id', $id );
1231
+ $mo2f_user_email = $currentuser->user_email;
1232
+ }
1233
+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1234
+ update_user_meta($id, 'mo_backup_code_generated', 1);
1235
+ }
1236
+ update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1237
+ ?>
1238
+ <html>
1239
+ <head> <meta charset="utf-8"/>
1240
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1241
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1242
+ <?php
1243
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1244
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) . '" ></script>';
1245
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
1246
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))) . '" />';
1247
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))) . '" />';
1248
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))) . '" />';
1249
+ ?>
1250
+ <style>
1251
+ .mo2f_kba_ques, .mo2f_table_textbox{
1252
+ background: whitesmoke none repeat scroll 0% 0%;
1253
+ }
1254
+ </style>
1255
+ </head>
1256
+ <body>
1257
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1258
+ <div class="mo2f-modal-backdrop"></div>
1259
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1260
+ <div class="login mo_customer_validation-modal-content">
1261
+ <div class="mo2f_modal-header">
1262
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1263
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1264
+ </div>
1265
+ <div class="mo2f_modal-body center">
1266
+
1267
+
1268
+ <h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
1269
+
1270
+ <h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
1271
+ <br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
1272
+
1273
+ <h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
1274
+ <br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
1275
+ <?php ?>
1276
+ <div>
1277
+ <div style="display: inline-flex;width: 350px; ">
1278
+ <div id="clipboard" style="border: solid;width: 55%;float: left;">
1279
+ <?php
1280
+ for ($x = 0; $x < 5; $x++) {
1281
+ $str = $codes[$x];
1282
+ echo("<br>".$str." <br>");
1283
+ }
1284
+
1285
+ $str1="";
1286
+ for ($x = 0; $x < 5; $x++) {
1287
+ $str = $codes[$x];
1288
+ $str1.=$str;
1289
+ if($x != 4){
1290
+ $str1.=',';
1291
+ }
1292
+ }
1293
+ ?>
1294
+ </div>
1295
+ <div style="width: 50%;float: right;">
1296
+ <form name="f" method="post" id="mo2f_users_backup1" action="">
1297
+ <input type="hidden" name="option" value="mo2f_users_backup1" />
1298
+ <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1299
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1300
+ <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1301
+
1302
+ <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1303
+ </form>
1304
+ </div>
1305
+
1306
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1307
+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1308
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1309
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1310
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1311
+ <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1312
+ </form>
1313
+ </div>
1314
+ </div>
1315
+
1316
+ <?php
1317
+ mo2f_customize_logo() ?>
1318
+ </div>
1319
+ </div>
1320
+ </div>
1321
+ </div>
1322
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1323
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1324
+ </form>
1325
+ </body>
1326
+ <script>
1327
+ function mologinback(){
1328
+ jQuery('#mo2f_backto_mo_loginform').submit();
1329
+ }
1330
+ </script>
1331
+ </html>
1332
+ <?php
1333
+
1334
+
1335
+ }
1336
+
1337
+ function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1338
+ ?>
1339
+ <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1340
+ <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1341
+ <input type="hidden" name="option" value="miniorange_backup_nonce">
1342
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1343
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1344
+ </form>
1345
+ <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1346
+ <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1347
+ <input type="hidden" name="option" value="miniorange_create_backup_codes">
1348
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1349
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1350
+ <input type="hidden" name="login_status" value="<?php echo $login_status; ?>" />
1351
+ <input type="hidden" name="login_message" value="<?php echo $login_message; ?>" />
1352
+ </form>
1353
+ <?php
1354
+ }
1355
 
1356
  ?>
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -1,1233 +1,1264 @@
1
- <?php
2
- function fetch_methods(){
3
- $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL");
4
- return $methods;
5
- }
6
-
7
- function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
8
-
9
- global $Mo2fdbQueries;
10
- $current_user = get_userdata($current_user_id);
11
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
12
-
13
- $redirect_to_save = get_user_meta($current_user_id,'redirect_to',true);
14
- if(is_null($redirect_to_save) or $redirect_to_save=='')
15
- update_user_meta($current_user_id,'redirect_to',$redirect_to);
16
- else
17
- {
18
- $redirect_to = $redirect_to_save;
19
- delete_user_meta($current_user_id,'redirect_to');
20
- }
21
- $session_id_save = get_user_meta($current_user_id,'session_id',true);
22
- if(is_null($session_id_save) or $session_id_save=='')
23
- update_user_meta($current_user_id,'session_id',$session_id);
24
- else
25
- {
26
- $session_id = $session_id_save;
27
- delete_user_meta($current_user_id,'session_id');
28
- }
29
- if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
30
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
31
- prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$session_id,$qrCode,$current_selected_method);
32
- else
33
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message);
34
- }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
35
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
36
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method);
37
- else
38
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message);
39
- }else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
40
- prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message);
41
- }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
42
- prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message);
43
- }else if($current_selected_method == 'KBA' ){
44
- prompt_user_for_kba_setup($current_user_id, $login_status, $login_message);
45
- }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
46
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
47
- if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
48
- if(!MO2F_IS_ONPREM)
49
- {
50
- $current_user = get_userdata($current_user_id);
51
- $email = $current_user->user_email;
52
- $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
53
- if(isset($tempEmail) and $tempEmail != '')
54
- $email = $tempEmail;
55
- create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
56
- }
57
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
58
- $pass2fa= new Miniorange_Password_2Factor_Login();
59
- $pass2fa->mo2fa_pass2login(site_url());
60
- }
61
- prompt_user_for_setup_success($current_user_id, $login_status, $login_message);
62
- }else{
63
- $current_user = get_userdata($current_user_id);
64
- if(isset($current_user->roles[0]))
65
- $current_user_role=$current_user->roles[0];
66
- $opt=fetch_methods($current_user);
67
- ?>
68
- <html>
69
- <head>
70
- <meta charset="utf-8"/>
71
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
72
- <meta name="viewport" content="width=device-width, initial-scale=1">
73
- <?php
74
- mo2f_inline_css_and_js();
75
- ?>
76
- </head>
77
- <body>
78
- <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
79
- <div class="mo2f-modal-backdrop"></div>
80
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
81
- <div class="login mo_customer_validation-modal-content">
82
- <div class="mo2f_modal-header">
83
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
84
-
85
- <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
86
- </div>
87
- <div class="mo2f_modal-body">
88
- <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
89
- if(isset($login_message) && !empty($login_message)) {
90
- echo '<br><br>';
91
-
92
- ?>
93
-
94
- <div id="otpMessage">
95
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
96
- </div>
97
- <?php }else
98
- echo '<br>';
99
- ?>
100
-
101
- <br>
102
- <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
103
- <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
104
- <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
105
- <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
106
- (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
107
- </label>
108
- <br>
109
- </span>
110
- <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
111
- <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
112
- <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
113
- <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
114
- </label>
115
- <br>
116
- </span>
117
- <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
118
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
119
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
120
- <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
121
- </label>
122
- <br>
123
- </span>
124
- <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
125
- <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
126
- <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
127
- <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
128
- </label>
129
- <br>
130
- </span>
131
- <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
132
- <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
133
- <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
134
- <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
135
- </label>
136
- <br>
137
- </span>
138
- <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
139
- <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
140
- <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
141
- <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
142
- </label>
143
- <br>
144
- </span>
145
- <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
146
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
147
- <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
148
- <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
149
- </label>
150
- <br>
151
- </span>
152
- <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
153
- <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
154
- <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
155
- <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
156
- </label>
157
- <br>
158
- </span>
159
- <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
160
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
161
- <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
162
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
163
- </label>
164
- <br>
165
- </span>
166
- <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
167
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
168
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
169
- <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
170
- </label>
171
- <br>
172
- </span>
173
- <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
174
- <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
175
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
176
- <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
177
- </label>
178
- </span>
179
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
180
- <br />
181
- <?php mo2f_customize_logo() ?>
182
- </div>
183
- </div>
184
- </div>
185
- </div>
186
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
187
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
188
- </form>
189
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
190
- <input type="hidden" name="mo2f_selected_2factor_method" />
191
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
192
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
193
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
194
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
195
- </form>
196
-
197
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
198
- <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
199
- <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
200
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
201
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
202
-
203
- </form>
204
-
205
- <script>
206
- function mologinback(){
207
- jQuery('#mo2f_backto_mo_loginform').submit();
208
- }
209
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
210
- var selectedMethod = jQuery(this).val();
211
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
212
- jQuery('#mo2f_select_2fa_methods_form').submit();
213
- });
214
- jQuery('a[href="#skiptwofactor"]').click(function(e) {
215
-
216
- jQuery('#mo2f_skip_loginform').submit();
217
- });
218
- </script>
219
- </body>
220
- </html>
221
- <?php
222
- }
223
- }
224
-
225
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
226
- {
227
-
228
- global $Mo2fdbQueries;
229
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
230
- if(isset($mo2f_user_email) and $mo2f_user_email != '')
231
- $email = $mo2f_user_email;
232
-
233
- $current_user = get_userdata($current_user_id);
234
- if($current_user_id == get_option('mo2f_miniorange_admin'))
235
- $email = get_option('mo2f_email');
236
-
237
- $enduser = new Two_Factor_Setup();
238
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
239
-
240
- if(json_last_error() == JSON_ERROR_NONE){
241
-
242
- if($check_user['status'] == 'ERROR'){
243
- return Mo2fConstants:: langTranslate( $check_user['message']);
244
-
245
- }
246
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
247
-
248
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
249
- 'user_registration_with_miniorange' =>'SUCCESS',
250
- 'mo2f_user_email' =>$email,
251
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
252
- ) );
253
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
254
-
255
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
256
- }
257
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
258
-
259
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
260
- if(json_last_error() == JSON_ERROR_NONE) {
261
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
262
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
263
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
264
- 'user_registration_with_miniorange' =>'SUCCESS',
265
- 'mo2f_user_email' =>$email,
266
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
267
- ) );
268
-
269
- $mo2fa_login_message = '';
270
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
271
- }
272
- }
273
-
274
-
275
- }
276
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
277
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
278
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
279
- mo2f_inline_email_form($email,$current_user_id);
280
- exit;
281
- }
282
-
283
- }
284
-
285
- }
286
-
287
- function mo2f_inline_email_form($email,$current_user_id)
288
- {
289
- ?>
290
- <html>
291
- <head>
292
- <meta charset="utf-8"/>
293
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
294
- <meta name="viewport" content="width=device-width, initial-scale=1">
295
- <?php
296
- mo2f_inline_css_and_js();
297
- ?>
298
- </head>
299
- <body>
300
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
301
- <div class="mo2f-modal-backdrop"></div>
302
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
303
- <div class="login mo_customer_validation-modal-content">
304
- <div class="mo2f_modal-header">
305
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
306
- <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
307
- </div>
308
- <div class="mo2f_modal-body">
309
- <form action="" method="post" name="f">
310
- <p>The Email assoicated with your account is already registered in miniOrnage. Please use a different email address or contact miniOrange.
311
- </p><br>
312
- <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
313
- <br>
314
- <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
315
- <br>
316
- <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
317
- <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
318
- <button type="submit" class="mo_wpns_button mo_wpns_button1" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
319
- </form>
320
- <br>
321
- <?php mo2f_customize_logo() ?>
322
- </div>
323
- </div>
324
- </div>
325
- </div>
326
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
327
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
328
- </form>
329
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
330
- <input type="hidden" name="mo2f_selected_2factor_method" />
331
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
332
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
333
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
334
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
335
- </form>
336
- <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
337
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
338
- <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
339
- </form>
340
- <?php } ?>
341
-
342
- <script type="text/javascript">
343
- jQuery('#save_entered_email_inlinecloud1').click(function(){
344
- var email = jQuery('#emailInlineCloud').val();
345
- var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
346
- var data = {
347
- 'action' : 'mo_two_factor_ajax',
348
- 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
349
- 'email' : email,
350
- 'nonce' : nonce
351
-
352
- };
353
-
354
- var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
355
-
356
-
357
- jQuery.post(ajaxurl, data, function(response) {
358
-
359
- if(response == 'alreadyExist')
360
- {
361
- jQuery('#emailalredyused').show();
362
- }
363
- else if(response =='USERCANBECREATED')
364
- {
365
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
366
- jQuery('#mo2f_select_2fa_methods_form').submit();
367
- }
368
- });
369
-
370
- });
371
-
372
-
373
- </script>
374
- </body>
375
-
376
- <?php
377
- }
378
- function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$session_id,$qrCode,$currentMethod){
379
-
380
- global $Mo2fdbQueries;
381
- if(isset($qrCode)){
382
- $qrCodedata = $qrCode['mo2f-login-qrCode'];
383
- $showqrCode = $qrCode['mo2f_show_qr_code'];
384
- }
385
- $current_user = get_userdata($current_user_id);
386
- $email = $current_user->user_email;
387
-
388
- $opt=fetch_methods($current_user);
389
-
390
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
391
- ?>
392
- <html>
393
- <head> <meta charset="utf-8"/>
394
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
395
- <meta name="viewport" content="width=device-width, initial-scale=1">
396
- <?php
397
- mo2f_inline_css_and_js();
398
- ?>
399
- </head>
400
- <body>
401
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
402
- <div class="mo2f-modal-backdrop"></div>
403
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
404
- <div class="login mo_customer_validation-modal-content">
405
- <div class="mo2f_modal-header">
406
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
407
- <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
408
- </div>
409
- <div class="mo2f_modal-body">
410
- <?php if(isset($login_message) && !empty($login_message)) { ?>
411
-
412
- <div id="otpMessage">
413
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
414
- </div>
415
- <?php } ?>
416
- <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
417
- <div class="mo_margin_left">
418
- <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
419
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
420
- <center>
421
- <?php if (sizeof($opt) > 1) { ?>
422
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
423
- <?php } ?>
424
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
425
- </center>
426
- </div>
427
- <?php
428
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
429
- initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
430
- <?php } ?>
431
-
432
- <?php mo2f_customize_logo() ?>
433
- </div>
434
- <br>
435
- <br>
436
- </div>
437
- </div>
438
- </div>
439
- </div>
440
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
441
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
442
- </form>
443
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
444
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
445
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
446
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
447
- </form>
448
- <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
449
- <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
450
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
451
- <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
452
- </form>
453
- <?php if (sizeof($opt) > 1) { ?>
454
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
455
- <input type="hidden" name="option" value="miniorange_back_inline"/>
456
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
457
- </form>
458
- <?php } ?>
459
- <script>
460
- function mologinback(){
461
- jQuery('#mo2f_backto_mo_loginform').submit();
462
- }
463
- function moconfigureapp(){
464
- jQuery('#mo2f_inline_configureapp_form').submit();
465
- }
466
- jQuery('#mo2f_inline_back_btn').click(function() {
467
- jQuery('#mo2f_goto_two_factor_form').submit();
468
- });
469
- <?php
470
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
471
- ?>
472
- <?php } ?>
473
- </script>
474
- </body>
475
- </html>
476
- <?php
477
- }
478
-
479
- function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message){
480
- $mo2f_google_auth=json_decode(get_user_meta($current_user_id,'mo2f_google_auth', true),true);
481
- $data = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_qrCode'] : null;
482
- $ga_secret = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_secret'] : null;
483
-
484
- ?>
485
- <html>
486
- <head> <meta charset="utf-8"/>
487
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
488
- <meta name="viewport" content="width=device-width, initial-scale=1">
489
- <?php
490
- mo2f_inline_css_and_js();
491
- ?>
492
- </head>
493
- <style>
494
- * {
495
- box-sizing: border-box;
496
- }
497
- [class*="mcol-"] {
498
- float: left;
499
- padding: 15px;
500
- }
501
- /* For desktop: */
502
- .mcol-1 {width: 50%;}
503
- .mcol-2 {width: 50%;}
504
- @media only screen and (max-width: 768px) {
505
- /* For mobile phones: */
506
- [class*="mcol-"] {
507
- width: 100%;
508
- }
509
- }
510
- </style>
511
- <body>
512
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
513
- <div class="mo2f-modal-backdrop"></div>
514
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
515
- <div class="login mo_customer_validation-modal-content">
516
- <div class="mo2f_modal-header">
517
- <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
518
- <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
519
- </div>
520
- <div class="mo2f_modal-body">
521
- <?php
522
-
523
- $current_user = get_userdata($current_user_id);
524
- $opt=fetch_methods($current_user);
525
- ?>
526
- <?php if(isset($login_message) && !empty($login_message)) { ?>
527
- <div id="otpMessage"
528
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
529
- >
530
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
531
- </div>
532
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
533
- <?php } ?>
534
- <div class="mcol-1">
535
- <div id="mo2f_choose_app_tour">
536
- <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
537
-
538
- <select id="authenticator_type">
539
- <option value="google_authenticator">Google Authenticator</option>
540
- <option value="msft_authenticator">Microsoft Authenticator</option>
541
- <option value="authy_authenticator">Authy Authenticator</option>
542
- <option value="last_pass_auth">LastPass Authenticator</option>
543
- <option value="free_otp_auth">FreeOTP Authenticator</option>
544
- <option value="duo_auth">Duo Mobile Authenticator</option>
545
- </select>
546
- <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
547
- <span id="links_to_apps">
548
- <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
549
- <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
550
-
551
- </span>
552
- </div>
553
- </div>
554
- <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
555
- <ol>
556
- <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
557
- <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
558
- <br>
559
- <?php if(MO2F_IS_ONPREM){ ?>
560
- <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
561
- <?php
562
-
563
- } else{ ?>
564
- <div style="margin-left: 14%;">
565
- <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
566
- <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
567
- </div>
568
- </div>
569
- <?php }
570
- ?>
571
- <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
572
-
573
- </ol>
574
- <div id="mo2f_scanbarcode_a" hidden>
575
- <ol >
576
- <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
577
- <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
578
- <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
579
- <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
580
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
581
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
582
- <?php echo $ga_secret; ?>
583
- </div>
584
- <div style="font-size: 80%;color: #666666;">
585
- <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
586
- </div>
587
- </div>
588
- <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
589
- <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
590
- </ol>
591
- </div>
592
- </div>
593
- <div class="mcol-2">
594
- <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
595
- <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
596
- <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
597
- <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
598
- <br />
599
- <input type="hidden" name="option" value="miniorange_inline_ga_validate">
600
- <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
601
- <div class="center">
602
- <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
603
- </div>
604
- <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
605
- </form>
606
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
607
- <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
608
- <input type="hidden" name="option" value="miniorange_back_inline"/>
609
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
610
- </form>
611
- </div>
612
- <br>
613
- <br>
614
- <?php mo2f_customize_logo() ?>
615
- </div>
616
- </div>
617
- </div>
618
- </div>
619
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
620
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
621
- </form>
622
- <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
623
- <input type="hidden" name="google_phone_type" />
624
- <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
625
- </form>
626
-
627
- <script>
628
- jQuery('#authenticator_type').change(function(){
629
- var auth_type = jQuery(this).val();
630
- if(auth_type == 'google_authenticator'){
631
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
632
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
633
- '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
634
- jQuery('#mo2f_change_app_name').show();
635
- jQuery('#links_to_apps').show();
636
- }else if(auth_type == 'msft_authenticator'){
637
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
638
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
639
- '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
640
- jQuery('#links_to_apps').show();
641
- }else if(auth_type == 'free_otp_auth'){
642
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
643
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
644
- '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
645
- jQuery('#links_to_apps').show();
646
- }else if(auth_type == 'duo_auth'){
647
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
648
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
649
- '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
650
- jQuery('#links_to_apps').show();
651
- }else if(auth_type == 'authy_authenticator'){
652
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
653
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
654
- '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
655
- jQuery('#links_to_apps').show();
656
- }else{
657
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
658
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
659
- '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
660
- jQuery('#mo2f_change_app_name').show();
661
- jQuery('#links_to_apps').show();
662
- }
663
- });
664
- function mologinback(){
665
- jQuery('#mo2f_backto_mo_loginform').submit();
666
- }
667
- jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
668
- var selectedPhone = jQuery(this).val();
669
- document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
670
- jQuery('#mo2f_inline_app_type_ga_form').submit();
671
- });
672
- jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
673
- jQuery("#mo2f_scanbarcode_a").toggle();
674
- });
675
- jQuery(document).ready(function() {
676
- jQuery('.mo2f_gauth').qrcode({
677
- 'render': 'image',
678
- size: 175,
679
- 'text': jQuery('.mo2f_gauth').data('qrcode')
680
- });
681
- });
682
- </script>
683
- </body>
684
- <?php
685
- echo '<head>';
686
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
687
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
688
- echo '</head>';
689
- }
690
-
691
- function mo2f_inline_css_and_js(){
692
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
693
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))). '" ></script>';
694
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
695
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))). '" />';
696
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
697
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))) . '" />';
698
- }
699
-
700
-
701
- function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
702
- $data = $qrCode;
703
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id );
704
- $url = MO_HOST_NAME;
705
- $opt=fetch_methods($current_user);
706
- ?>
707
- <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
708
- <div class="red" style="color:#E74C3C;">
709
- <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
710
- <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
711
- <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
712
- <ol>
713
- <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
714
- <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
715
- <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
716
- </ol>
717
- </div>
718
- <table class="mo2f_settings_table">
719
- <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
720
- <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
721
- </div>
722
- </table>
723
- <center>
724
- <?php
725
- if (sizeof($opt) > 1) { ?>
726
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
727
- <?php }
728
- ?>
729
- </center>
730
- <script>
731
- jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
732
- jQuery('#mo2f_inline_configureapp_form').submit();
733
- });
734
- jQuery("#mo2f_configurePhone").empty();
735
- jQuery("#mo2f_app_div").hide();
736
- var timeout;
737
- pollInlineMobileRegistration();
738
- function pollInlineMobileRegistration()
739
- {
740
- var transId = "<?php echo $mo2f_login_transaction_id; ?>";
741
- var jsonString = "{\"txId\":\""+ transId + "\"}";
742
- var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
743
- jQuery.ajax({
744
- url: postUrl,
745
- type : "POST",
746
- dataType : "json",
747
- data : jsonString,
748
- contentType : "application/json; charset=utf-8",
749
- success : function(result) {
750
- var status = JSON.parse(JSON.stringify(result)).status;
751
- if (status == 'SUCCESS') {
752
- var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
753
- jQuery("#displayInlineQrCode").empty();
754
- jQuery("#displayInlineQrCode").append(content);
755
- setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
756
- } else if (status == 'ERROR' || status == 'FAILED') {
757
- var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
758
- jQuery("#displayInlineQrCode").empty();
759
- jQuery("#displayInlineQrCode").append(content);
760
- jQuery("#messages").empty();
761
- jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
762
- } else {
763
- timeout = setTimeout(pollInlineMobileRegistration, 3000);
764
- }
765
- }
766
- });
767
- }
768
- </script>
769
- <?php
770
- }
771
- function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message){
772
- $current_user = get_userdata($current_user_id);
773
- $opt=fetch_methods($current_user);
774
-
775
- ?>
776
- <html>
777
- <head> <meta charset="utf-8"/>
778
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
779
- <meta name="viewport" content="width=device-width, initial-scale=1">
780
- <?php
781
- mo2f_inline_css_and_js();
782
- ?>
783
- <style>
784
- .mo2f_kba_ques, .mo2f_table_textbox{
785
- background: whitesmoke none repeat scroll 0% 0%;
786
- }
787
- </style>
788
- </head>
789
- <body>
790
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
791
- <div class="mo2f-modal-backdrop"></div>
792
- <div class="mo2f_modal-dialog mo2f_modal-lg">
793
- <div class="login mo_customer_validation-modal-content">
794
- <div class="mo2f_modal-header">
795
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
796
- <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
797
- </div>
798
- <div class="mo2f_modal-body">
799
- <?php if(isset($login_message) && !empty($login_message)) { ?>
800
- <div id="otpMessage">
801
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
802
- </div>
803
- <?php } ?>
804
- <form name="f" method="post" action="" >
805
- <?php mo2f_configure_kba_questions(); ?>
806
- <br />
807
- <div class ="row">
808
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
809
- <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
810
- <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
811
-
812
- </div>
813
- </div>
814
- <input type="hidden" name="option" value="mo2f_inline_kba_option" />
815
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
816
- </form>
817
- <?php if (sizeof($opt) > 1) { ?>
818
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
819
- <div class ="row">
820
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
821
- <input type="hidden" name="option" value="miniorange_back_inline"/>
822
- </div>
823
- </div>
824
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
825
- </form>
826
- <?php } ?>
827
-
828
- <?php mo2f_customize_logo() ?>
829
- </div>
830
- </div>
831
- </div>
832
- </div>
833
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
834
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
835
- </form>
836
-
837
- <script>
838
-
839
-
840
-
841
-
842
-
843
-
844
- function mologinback(){
845
- jQuery('#mo2f_backto_mo_loginform').submit();
846
- }
847
-
848
- function mobackinline(){
849
- jQuery('#mo2f_goto_two_factor_form').submit();
850
- }
851
- </script>
852
- </body>
853
- </html>
854
- <?php
855
- }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message){
856
- $current_user = get_userdata($current_user_id);
857
- $opt=fetch_methods($current_user);
858
- ?>
859
- <html>
860
- <head> <meta charset="utf-8"/>
861
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
862
- <meta name="viewport" content="width=device-width, initial-scale=1">
863
- <?php
864
- mo2f_inline_css_and_js();
865
- ?>
866
- <style>
867
- .mo2f_kba_ques, .mo2f_table_textbox{
868
- background: whitesmoke none repeat scroll 0% 0%;
869
- }
870
- </style>
871
- </head>
872
- <body>
873
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
874
- <div class="mo2f-modal-backdrop"></div>
875
- <div class="mo2f_modal-dialog mo2f_modal-lg">
876
- <div class="login mo_customer_validation-modal-content">
877
- <div class="mo2f_modal-header">
878
- <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
879
- <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
880
- </div>
881
- <div class="mo2f_modal-body">
882
- <?php if(isset($login_message) && !empty($login_message)){ ?>
883
- <div id="otpMessage">
884
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
885
- </div>
886
- <?php } ?>
887
- <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
888
- <input type="hidden" name="option" value="miniorange_inline_register" />
889
- <p>This method requires you to have an account with miniOrange.</p>
890
- <table class="mo_wpns_settings_table">
891
- <tr>
892
- <td><b><font color="#FF0000">*</font>Email:</b></td>
893
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
894
- required placeholder="person@example.com"/></td>
895
- </tr>
896
- <tr>
897
- <td><b><font color="#FF0000">*</font>Password:</b></td>
898
- <td><input class="mo_wpns_table_textbox" required type="password"
899
- name="password" placeholder="Choose your password (Min. length 6)" /></td>
900
- </tr>
901
- <tr>
902
- <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
903
- <td><input class="mo_wpns_table_textbox" required type="password"
904
- name="confirmPassword" placeholder="Confirm your password" /></td>
905
- </tr>
906
- <tr>
907
- <td>&nbsp;</td>
908
- <td><br><input type="submit" name="submit" value="Create Account"
909
- class="miniorange_button" />
910
- <a href="#mo2f_account_exist">Already have an account?</a>
911
- </tr>
912
- </table>
913
- </form>
914
- <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
915
- <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
916
- <input type="hidden" name="option" value="miniorange_inline_login"/>
917
- <table class="mo_wpns_settings_table">
918
- <tr>
919
- <td><b><font color="#FF0000">*</font>Email:</b></td>
920
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
921
- required placeholder="person@example.com"
922
- /></td>
923
- </tr>
924
- <tr>
925
- <td><b><font color="#FF0000">*</font>Password:</b></td>
926
- <td><input class="mo_wpns_table_textbox" required type="password"
927
- name="password" placeholder="Enter your miniOrange password" /></td>
928
- </tr>
929
- <tr>
930
- <td>&nbsp;</td>
931
- <td><input type="submit" class="miniorange_button" />
932
- <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
933
- </tr>
934
- </table>
935
- </form>
936
- <br>
937
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
938
- <?php mo2f_customize_logo() ?>
939
- </div>
940
- </div>
941
- </div>
942
- </div>
943
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
944
- <input type="hidden" name="option" value="miniorange_back_inline"/>
945
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
946
- </form>
947
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
948
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
949
- </form>
950
-
951
- <script>
952
- jQuery('#mo2f_inline_back_btn').click(function() {
953
- jQuery('#mo2f_goto_two_factor_form').submit();
954
- });
955
- jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
956
- jQuery('#mo2f_inline_login_form').show();
957
- jQuery('#mo2f_inline_register_form').hide();
958
- });
959
- jQuery('#cancel_link').click(function(){
960
- jQuery('#mo2f_inline_register_form').show();
961
- jQuery('#mo2f_inline_login_form').hide();
962
- });
963
- function mologinback(){
964
- jQuery('#mo2f_backto_mo_loginform').submit();
965
- }
966
- </script>
967
- </body>
968
- </html>
969
- <?php
970
- }
971
- function prompt_user_for_setup_success($id, $login_status, $login_message){
972
- global $Mo2fdbQueries;
973
- ?>
974
- <html>
975
- <head> <meta charset="utf-8"/>
976
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
977
- <meta name="viewport" content="width=device-width, initial-scale=1">
978
- <?php
979
- mo2f_inline_css_and_js();
980
- ?>
981
- <style>
982
- .mo2f_kba_ques, .mo2f_table_textbox{
983
- background: whitesmoke none repeat scroll 0% 0%;
984
- }
985
- </style>
986
- </head>
987
- <body>
988
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
989
- <div class="mo2f-modal-backdrop"></div>
990
- <div class="mo2f_modal-dialog mo2f_modal-lg">
991
- <div class="login mo_customer_validation-modal-content">
992
- <div class="mo2f_modal-header">
993
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
994
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
995
- </div>
996
- <div class="mo2f_modal-body center">
997
- <?php
998
- global $Mo2fdbQueries;
999
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1000
- if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1001
- $mo2f_second_factor = 'Email Verification';
1002
- }else if($mo2f_second_factor == 'SMS'){
1003
- $mo2f_second_factor = 'OTP over SMS';
1004
- }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1005
- $mo2f_second_factor = 'OTP_OVER_EMAIL';
1006
- }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1007
- $mo2f_second_factor = 'Phone Call Verification';
1008
- }else if($mo2f_second_factor == 'SOFT TOKEN'){
1009
- $mo2f_second_factor = 'Soft Token';
1010
- }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1011
- $mo2f_second_factor = 'QR Code Authentication';
1012
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1013
- $mo2f_second_factor = 'Push Notification';
1014
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1015
- if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1016
- $mo2f_second_factor = 'Google Authenticator';
1017
- }else{
1018
- $mo2f_second_factor = 'Authy 2-Factor Authentication';
1019
- }
1020
- }else if($mo2f_second_factor == 'KBA'){
1021
- $mo2f_second_factor = 'Security Questions (KBA)';
1022
- }
1023
- $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1024
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1025
-
1026
- if(get_site_option( 'mo2f_disable_kba' )!=1){
1027
- if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1028
- ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1029
- <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1030
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1031
- <div id="otpMessage">
1032
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1033
- </div>
1034
- <?php } ?>
1035
- <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1036
- <form name="f" method="post" action="" >
1037
- <?php mo2f_configure_kba_questions(); ?>
1038
- <br>
1039
- <center>
1040
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1041
- </center>
1042
- <input type="hidden" name="mo2f_inline_kba_option" />
1043
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1044
- <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
1045
- </form>
1046
- </div>
1047
- <?php }
1048
- }else{
1049
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1050
- $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1051
- $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1052
- }
1053
- if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1054
- if(get_site_option('mo2f_remember_device')!=1)
1055
- {
1056
- $pass2fa= new Miniorange_Password_2Factor_Login();
1057
- $pass2fa->mo2fa_pass2login(site_url());
1058
- ?>
1059
- <center>
1060
- <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1061
- <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1062
- </p>
1063
- </center>
1064
- <br>
1065
- <center>
1066
- <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1067
- <br>
1068
- </center>
1069
- <?php
1070
- }else{
1071
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
1072
- $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1073
- mo2f_collect_device_attributes_handler($redirect_to);
1074
- }
1075
- }
1076
- mo2f_customize_logo() ?>
1077
- </div>
1078
- </div>
1079
- </div>
1080
- </div>
1081
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1082
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1083
- </form>
1084
-
1085
- <script>
1086
- function mologinback(){
1087
- jQuery('#mo2f_backto_mo_loginform').submit();
1088
- }
1089
- </script>
1090
- </body>
1091
- </html>
1092
- <?php
1093
- }
1094
-
1095
- function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod){
1096
- $current_user = get_userdata($current_user_id);
1097
- $opt=fetch_methods($current_user);
1098
- global $Mo2fdbQueries;
1099
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1100
- $current_user = get_userdata($current_user_id);
1101
- $email = $current_user->user_email;
1102
- ?>
1103
- <html>
1104
- <head> <meta charset="utf-8"/>
1105
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1106
- <meta name="viewport" content="width=device-width, initial-scale=1">
1107
- <?php
1108
- mo2f_inline_css_and_js();
1109
-
1110
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))) . '" ></script>';
1111
- echo '<script src="' . plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))). '" ></script>';
1112
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
1113
- ?>
1114
- </head>
1115
- <body>
1116
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1117
- <div class="mo2f-modal-backdrop"></div>
1118
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1119
- <div class="login mo_customer_validation-modal-content">
1120
- <div class="mo2f_modal-header">
1121
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1122
- <?php
1123
- if($current_selected_method == 'SMS AND EMAIL'){?>
1124
- <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1125
- <?php }
1126
- else if($current_selected_method == 'OTP OVER EMAIL'){
1127
- ?>
1128
- <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1129
- <?php }
1130
- else{
1131
- ?>
1132
- <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1133
- <?php } ?>
1134
- </div>
1135
- <div class="mo2f_modal-body">
1136
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1137
- <div id="otpMessage"
1138
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1139
- >
1140
- <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
1141
- </div>
1142
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
1143
- <?php } ?>
1144
- <div class="mo2f_row">
1145
- <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1146
- <p>
1147
- <?php
1148
- if($current_selected_method == 'SMS AND EMAIL'){?>
1149
- <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1150
- <?php
1151
- }else if($current_selected_method == 'OTP OVER EMAIL'){
1152
- //no message
1153
- }else{
1154
- ?>
1155
- <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1156
- <?php }
1157
- if(!($current_selected_method == 'OTP OVER EMAIL')){
1158
- ?>
1159
- <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1160
- value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1161
- <?php } ?>
1162
- <?php
1163
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1164
- if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1165
- <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1166
- value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1167
- <?php } ?>
1168
- <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1169
- <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1170
- <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1171
- </form>
1172
- </div>
1173
- <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1174
- <p>
1175
- <?php
1176
- if($current_selected_method == 'SMS AND EMAIL'){?>
1177
- <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1178
- <?php }
1179
- else{
1180
- ?>
1181
- <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1182
- <?php } ?>
1183
- <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1184
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1185
- <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1186
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1187
- <?php } else {?>
1188
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1189
- <?php } ?>
1190
- <br /><br />
1191
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1192
- <?php if (sizeof($opt) > 1) { ?>
1193
-
1194
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1195
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1196
- <?php } ?>
1197
- <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1198
- <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1199
- </form>
1200
- <?php mo2f_customize_logo() ?>
1201
- </div>
1202
- </div>
1203
- </div>
1204
- </div>
1205
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1206
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1207
- </form>
1208
- <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1209
- <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1210
- </form>
1211
- <?php if (sizeof($opt) > 1) { ?>
1212
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1213
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1214
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1215
- </form>
1216
- <?php } ?>
1217
- <script>
1218
- jQuery("#phone").intlTelInput();
1219
- function mologinback(){
1220
- jQuery('#mo2f_backto_mo_loginform').submit();
1221
- }
1222
- jQuery('#mo2f_inline_back_btn').click(function() {
1223
- jQuery('#mo2f_goto_two_factor_form').submit();
1224
- });
1225
- jQuery('a[href="#resendsmslink"]').click(function(e) {
1226
- jQuery('#mo2fa_inline_resend_otp_form').submit();
1227
- });
1228
- </script>
1229
- </body>
1230
-
1231
- </html>
1232
- <?php
1233
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function fetch_methods(){
3
+ $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL");
4
+ return $methods;
5
+ }
6
+
7
+ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
8
+
9
+ global $Mo2fdbQueries;
10
+ $current_user = get_userdata($current_user_id);
11
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
12
+
13
+ if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
14
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
15
+ prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
16
+ else
17
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
18
+ }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
19
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
20
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
21
+ else
22
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
23
+ }else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
24
+ prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
25
+ }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
26
+ prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
27
+ }else if($current_selected_method == 'KBA' ){
28
+ prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
29
+ }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
30
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
31
+ if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
32
+ if(!MO2F_IS_ONPREM)
33
+ {
34
+ $current_user = get_userdata($current_user_id);
35
+ $email = $current_user->user_email;
36
+ $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
37
+ if(isset($tempEmail) and $tempEmail != '')
38
+ $email = $tempEmail;
39
+ create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
40
+ }
41
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
42
+ $pass2fa= new Miniorange_Password_2Factor_Login();
43
+ $pass2fa->mo2fa_pass2login($redirect_to);
44
+ }
45
+ prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
46
+ }else{
47
+ $current_user = get_userdata($current_user_id);
48
+ if(isset($current_user->roles[0]))
49
+ $current_user_role=$current_user->roles[0];
50
+ $opt=fetch_methods($current_user);
51
+ ?>
52
+ <html>
53
+ <head>
54
+ <meta charset="utf-8"/>
55
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
56
+ <meta name="viewport" content="width=device-width, initial-scale=1">
57
+ <?php
58
+ mo2f_inline_css_and_js();
59
+ ?>
60
+ </head>
61
+ <body>
62
+ <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
63
+ <div class="mo2f-modal-backdrop"></div>
64
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
65
+ <div class="login mo_customer_validation-modal-content">
66
+ <div class="mo2f_modal-header">
67
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
68
+
69
+ <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
70
+ </div>
71
+ <div class="mo2f_modal-body">
72
+ <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
73
+ if(isset($login_message) && !empty($login_message)) {
74
+ echo '<br><br>';
75
+
76
+ ?>
77
+
78
+ <div id="otpMessage">
79
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
80
+ </div>
81
+ <?php }else
82
+ echo '<br>';
83
+ ?>
84
+
85
+ <br>
86
+ <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
87
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
88
+ <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
89
+ <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
90
+ (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
91
+ </label>
92
+ <br>
93
+ </span>
94
+ <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
95
+ <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
96
+ <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
97
+ <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
98
+ </label>
99
+ <br>
100
+ </span>
101
+ <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
102
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
103
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
104
+ <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
105
+ </label>
106
+ <br>
107
+ </span>
108
+ <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
109
+ <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
110
+ <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
111
+ <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
112
+ </label>
113
+ <br>
114
+ </span>
115
+ <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
116
+ <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
117
+ <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
118
+ <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
119
+ </label>
120
+ <br>
121
+ </span>
122
+ <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
123
+ <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
124
+ <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
125
+ <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
126
+ </label>
127
+ <br>
128
+ </span>
129
+ <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
130
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
131
+ <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
132
+ <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
133
+ </label>
134
+ <br>
135
+ </span>
136
+ <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
137
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
138
+ <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
139
+ <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
140
+ </label>
141
+ <br>
142
+ </span>
143
+ <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
144
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
145
+ <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
146
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
147
+ </label>
148
+ <br>
149
+ </span>
150
+ <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
151
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
152
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
153
+ <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
154
+ </label>
155
+ <br>
156
+ </span>
157
+ <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
158
+ <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
159
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
160
+ <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
161
+ </label>
162
+ </span>
163
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
164
+ <br />
165
+ <?php mo2f_customize_logo() ?>
166
+ </div>
167
+ </div>
168
+ </div>
169
+ </div>
170
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
171
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
172
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
173
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
174
+ </form>
175
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
176
+ <input type="hidden" name="mo2f_selected_2factor_method" />
177
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
178
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
179
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
180
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
181
+ </form>
182
+
183
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
184
+ <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
185
+ <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
186
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
187
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
188
+ </form>
189
+
190
+ <script>
191
+ function mologinback(){
192
+ jQuery('#mo2f_backto_mo_loginform').submit();
193
+ }
194
+ jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
195
+ var selectedMethod = jQuery(this).val();
196
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
197
+ jQuery('#mo2f_select_2fa_methods_form').submit();
198
+ });
199
+ jQuery('a[href="#skiptwofactor"]').click(function(e) {
200
+
201
+ jQuery('#mo2f_skip_loginform').submit();
202
+ });
203
+ </script>
204
+ </body>
205
+ </html>
206
+ <?php
207
+ }
208
+ }
209
+
210
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
211
+ {
212
+
213
+ global $Mo2fdbQueries;
214
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
215
+ if(isset($mo2f_user_email) and $mo2f_user_email != '')
216
+ $email = $mo2f_user_email;
217
+
218
+ $current_user = get_userdata($current_user_id);
219
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
220
+ $email = get_option('mo2f_email');
221
+
222
+ $enduser = new Two_Factor_Setup();
223
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
224
+
225
+ if(json_last_error() == JSON_ERROR_NONE){
226
+
227
+ if($check_user['status'] == 'ERROR'){
228
+ return Mo2fConstants:: langTranslate( $check_user['message']);
229
+
230
+ }
231
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
232
+
233
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
234
+ 'user_registration_with_miniorange' =>'SUCCESS',
235
+ 'mo2f_user_email' =>$email,
236
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
237
+ ) );
238
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
239
+
240
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
241
+ }
242
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
243
+
244
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
245
+ if(json_last_error() == JSON_ERROR_NONE) {
246
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
247
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
248
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
249
+ 'user_registration_with_miniorange' =>'SUCCESS',
250
+ 'mo2f_user_email' =>$email,
251
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
252
+ ) );
253
+
254
+ $mo2fa_login_message = '';
255
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
256
+ }
257
+ }
258
+
259
+
260
+ }
261
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
262
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
263
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
264
+ mo2f_inline_email_form($email,$current_user_id);
265
+ exit;
266
+ }
267
+
268
+ }
269
+
270
+ }
271
+
272
+ function mo2f_inline_email_form($email,$current_user_id)
273
+ {
274
+ ?>
275
+ <html>
276
+ <head>
277
+ <meta charset="utf-8"/>
278
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
279
+ <meta name="viewport" content="width=device-width, initial-scale=1">
280
+ <?php
281
+ mo2f_inline_css_and_js();
282
+ ?>
283
+ </head>
284
+ <body>
285
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
286
+ <div class="mo2f-modal-backdrop"></div>
287
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
288
+ <div class="login mo_customer_validation-modal-content">
289
+ <div class="mo2f_modal-header">
290
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
291
+ <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
292
+ </div>
293
+ <div class="mo2f_modal-body">
294
+ <form action="" method="post" name="f">
295
+ <p>The Email assoicated with your account is already registered in miniOrnage. Please use a different email address or contact miniOrange.
296
+ </p><br>
297
+ <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
298
+ <br>
299
+ <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
300
+ <br>
301
+ <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
302
+ <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
303
+ <button type="submit" class="mo_wpns_button mo_wpns_button1" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
304
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
305
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
306
+ </form>
307
+ <br>
308
+ <?php mo2f_customize_logo() ?>
309
+ </div>
310
+ </div>
311
+ </div>
312
+ </div>
313
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
314
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
315
+ </form>
316
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
317
+ <input type="hidden" name="mo2f_selected_2factor_method" />
318
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
319
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
320
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
321
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
322
+ </form>
323
+ <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
324
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
325
+ <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
326
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
327
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
328
+ </form>
329
+ <?php } ?>
330
+
331
+ <script type="text/javascript">
332
+ jQuery('#save_entered_email_inlinecloud1').click(function(){
333
+ var email = jQuery('#emailInlineCloud').val();
334
+ var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
335
+ var data = {
336
+ 'action' : 'mo_two_factor_ajax',
337
+ 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
338
+ 'email' : email,
339
+ 'nonce' : nonce
340
+
341
+ };
342
+
343
+ var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
344
+
345
+
346
+ jQuery.post(ajaxurl, data, function(response) {
347
+
348
+ if(response == 'alreadyExist')
349
+ {
350
+ jQuery('#emailalredyused').show();
351
+ }
352
+ else if(response =='USERCANBECREATED')
353
+ {
354
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
355
+ jQuery('#mo2f_select_2fa_methods_form').submit();
356
+ }
357
+ });
358
+
359
+ });
360
+
361
+
362
+ </script>
363
+ </body>
364
+
365
+ <?php
366
+ }
367
+ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
368
+
369
+ global $Mo2fdbQueries;
370
+ if(isset($qrCode)){
371
+ $qrCodedata = $qrCode['mo2f-login-qrCode'];
372
+ $showqrCode = $qrCode['mo2f_show_qr_code'];
373
+ }
374
+ $current_user = get_userdata($current_user_id);
375
+ $email = $current_user->user_email;
376
+
377
+ $opt=fetch_methods($current_user);
378
+
379
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
380
+ ?>
381
+ <html>
382
+ <head> <meta charset="utf-8"/>
383
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
384
+ <meta name="viewport" content="width=device-width, initial-scale=1">
385
+ <?php
386
+ mo2f_inline_css_and_js();
387
+ ?>
388
+ </head>
389
+ <body>
390
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
391
+ <div class="mo2f-modal-backdrop"></div>
392
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
393
+ <div class="login mo_customer_validation-modal-content">
394
+ <div class="mo2f_modal-header">
395
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
396
+ <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
397
+ </div>
398
+ <div class="mo2f_modal-body">
399
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
400
+
401
+ <div id="otpMessage">
402
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
403
+ </div>
404
+ <?php } ?>
405
+ <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
406
+ <div class="mo_margin_left">
407
+ <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
408
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
409
+ <center>
410
+ <?php if (sizeof($opt) > 1) { ?>
411
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
412
+ <?php } ?>
413
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
414
+ </center>
415
+ </div>
416
+ <?php
417
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
418
+ initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
419
+ <?php } ?>
420
+
421
+ <?php mo2f_customize_logo() ?>
422
+ </div>
423
+ <br>
424
+ <br>
425
+ </div>
426
+ </div>
427
+ </div>
428
+ </div>
429
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
430
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
431
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
432
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
433
+ </form>
434
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
435
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
436
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
437
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
438
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
439
+ </form>
440
+ <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
441
+ <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
442
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
443
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
444
+ <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
445
+ </form>
446
+ <?php if (sizeof($opt) > 1) { ?>
447
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
448
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
449
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
450
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
451
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
452
+ </form>
453
+ <?php } ?>
454
+ <script>
455
+ function mologinback(){
456
+ jQuery('#mo2f_backto_mo_loginform').submit();
457
+ }
458
+ function moconfigureapp(){
459
+ jQuery('#mo2f_inline_configureapp_form').submit();
460
+ }
461
+ jQuery('#mo2f_inline_back_btn').click(function() {
462
+ jQuery('#mo2f_goto_two_factor_form').submit();
463
+ });
464
+ <?php
465
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
466
+ ?>
467
+ <?php } ?>
468
+ </script>
469
+ </body>
470
+ </html>
471
+ <?php
472
+ }
473
+
474
+ function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
475
+ $mo2f_google_auth=json_decode(get_user_meta($current_user_id,'mo2f_google_auth', true),true);
476
+ $data = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_qrCode'] : null;
477
+ $ga_secret = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_secret'] : null;
478
+
479
+ ?>
480
+ <html>
481
+ <head> <meta charset="utf-8"/>
482
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
483
+ <meta name="viewport" content="width=device-width, initial-scale=1">
484
+ <?php
485
+ mo2f_inline_css_and_js();
486
+ ?>
487
+ </head>
488
+ <style>
489
+ * {
490
+ box-sizing: border-box;
491
+ }
492
+ [class*="mcol-"] {
493
+ float: left;
494
+ padding: 15px;
495
+ }
496
+ /* For desktop: */
497
+ .mcol-1 {width: 50%;}
498
+ .mcol-2 {width: 50%;}
499
+ @media only screen and (max-width: 768px) {
500
+ /* For mobile phones: */
501
+ [class*="mcol-"] {
502
+ width: 100%;
503
+ }
504
+ }
505
+ </style>
506
+ <body>
507
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
508
+ <div class="mo2f-modal-backdrop"></div>
509
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
510
+ <div class="login mo_customer_validation-modal-content">
511
+ <div class="mo2f_modal-header">
512
+ <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
513
+ <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
514
+ </div>
515
+ <div class="mo2f_modal-body">
516
+ <?php
517
+
518
+ $current_user = get_userdata($current_user_id);
519
+ $opt=fetch_methods($current_user);
520
+ ?>
521
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
522
+ <div id="otpMessage"
523
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
524
+ >
525
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
526
+ </div>
527
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
528
+ <?php } ?>
529
+ <div class="mcol-1">
530
+ <div id="mo2f_choose_app_tour">
531
+ <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
532
+
533
+ <select id="authenticator_type">
534
+ <option value="google_authenticator">Google Authenticator</option>
535
+ <option value="msft_authenticator">Microsoft Authenticator</option>
536
+ <option value="authy_authenticator">Authy Authenticator</option>
537
+ <option value="last_pass_auth">LastPass Authenticator</option>
538
+ <option value="free_otp_auth">FreeOTP Authenticator</option>
539
+ <option value="duo_auth">Duo Mobile Authenticator</option>
540
+ </select>
541
+ <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
542
+ <span id="links_to_apps">
543
+ <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
544
+ <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
545
+
546
+ </span>
547
+ </div>
548
+ </div>
549
+ <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
550
+ <ol>
551
+ <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
552
+ <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
553
+ <br>
554
+ <?php if(MO2F_IS_ONPREM){ ?>
555
+ <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
556
+ <?php
557
+
558
+ } else{ ?>
559
+ <div style="margin-left: 14%;">
560
+ <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
561
+ <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
562
+ </div>
563
+ </div>
564
+ <?php }
565
+ ?>
566
+ <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
567
+
568
+ </ol>
569
+ <div id="mo2f_scanbarcode_a" hidden>
570
+ <ol >
571
+ <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
572
+ <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
573
+ <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
574
+ <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
575
+ <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
576
+ <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
577
+ <?php echo $ga_secret; ?>
578
+ </div>
579
+ <div style="font-size: 80%;color: #666666;">
580
+ <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
581
+ </div>
582
+ </div>
583
+ <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
584
+ <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
585
+ </ol>
586
+ </div>
587
+ </div>
588
+ <div class="mcol-2">
589
+ <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
590
+ <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
591
+ <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
592
+ <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
593
+ <br />
594
+ <input type="hidden" name="option" value="miniorange_inline_ga_validate">
595
+ <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
596
+ <div class="center">
597
+ <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
598
+ </div>
599
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
600
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
601
+ <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
602
+ </form>
603
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
604
+ <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
605
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
606
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
607
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
608
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
609
+ </form>
610
+ </div>
611
+ <br>
612
+ <br>
613
+ <?php mo2f_customize_logo() ?>
614
+ </div>
615
+ </div>
616
+ </div>
617
+ </div>
618
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
619
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
620
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
621
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
622
+ </form>
623
+ <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
624
+ <input type="hidden" name="google_phone_type" />
625
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
626
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
627
+ <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
628
+ </form>
629
+
630
+ <script>
631
+ jQuery('#authenticator_type').change(function(){
632
+ var auth_type = jQuery(this).val();
633
+ if(auth_type == 'google_authenticator'){
634
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
635
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
636
+ '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
637
+ jQuery('#mo2f_change_app_name').show();
638
+ jQuery('#links_to_apps').show();
639
+ }else if(auth_type == 'msft_authenticator'){
640
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
641
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
642
+ '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
643
+ jQuery('#links_to_apps').show();
644
+ }else if(auth_type == 'free_otp_auth'){
645
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
646
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
647
+ '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
648
+ jQuery('#links_to_apps').show();
649
+ }else if(auth_type == 'duo_auth'){
650
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
651
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
652
+ '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
653
+ jQuery('#links_to_apps').show();
654
+ }else if(auth_type == 'authy_authenticator'){
655
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
656
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
657
+ '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
658
+ jQuery('#links_to_apps').show();
659
+ }else{
660
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
661
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
662
+ '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
663
+ jQuery('#mo2f_change_app_name').show();
664
+ jQuery('#links_to_apps').show();
665
+ }
666
+ });
667
+ function mologinback(){
668
+ jQuery('#mo2f_backto_mo_loginform').submit();
669
+ }
670
+ jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
671
+ var selectedPhone = jQuery(this).val();
672
+ document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
673
+ jQuery('#mo2f_inline_app_type_ga_form').submit();
674
+ });
675
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
676
+ jQuery("#mo2f_scanbarcode_a").toggle();
677
+ });
678
+ jQuery(document).ready(function() {
679
+ jQuery('.mo2f_gauth').qrcode({
680
+ 'render': 'image',
681
+ size: 175,
682
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
683
+ });
684
+ });
685
+ </script>
686
+ </body>
687
+ <?php
688
+ echo '<head>';
689
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
690
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
691
+ echo '</head>';
692
+ }
693
+
694
+ function mo2f_inline_css_and_js(){
695
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
696
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))). '" ></script>';
697
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
698
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))). '" />';
699
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
700
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))) . '" />';
701
+ }
702
+
703
+
704
+ function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
705
+ $data = $qrCode;
706
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id );
707
+ $url = MO_HOST_NAME;
708
+ $opt=fetch_methods($current_user);
709
+ ?>
710
+ <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
711
+ <div class="red" style="color:#E74C3C;">
712
+ <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
713
+ <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
714
+ <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
715
+ <ol>
716
+ <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
717
+ <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
718
+ <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
719
+ </ol>
720
+ </div>
721
+ <table class="mo2f_settings_table">
722
+ <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
723
+ <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
724
+ </div>
725
+ </table>
726
+ <center>
727
+ <?php
728
+ if (sizeof($opt) > 1) { ?>
729
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
730
+ <?php }
731
+ ?>
732
+ </center>
733
+ <script>
734
+ jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
735
+ jQuery('#mo2f_inline_configureapp_form').submit();
736
+ });
737
+ jQuery("#mo2f_configurePhone").empty();
738
+ jQuery("#mo2f_app_div").hide();
739
+ var timeout;
740
+ pollInlineMobileRegistration();
741
+ function pollInlineMobileRegistration()
742
+ {
743
+ var transId = "<?php echo $mo2f_login_transaction_id; ?>";
744
+ var jsonString = "{\"txId\":\""+ transId + "\"}";
745
+ var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
746
+ jQuery.ajax({
747
+ url: postUrl,
748
+ type : "POST",
749
+ dataType : "json",
750
+ data : jsonString,
751
+ contentType : "application/json; charset=utf-8",
752
+ success : function(result) {
753
+ var status = JSON.parse(JSON.stringify(result)).status;
754
+ if (status == 'SUCCESS') {
755
+ var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
756
+ jQuery("#displayInlineQrCode").empty();
757
+ jQuery("#displayInlineQrCode").append(content);
758
+ setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
759
+ } else if (status == 'ERROR' || status == 'FAILED') {
760
+ var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
761
+ jQuery("#displayInlineQrCode").empty();
762
+ jQuery("#displayInlineQrCode").append(content);
763
+ jQuery("#messages").empty();
764
+ jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
765
+ } else {
766
+ timeout = setTimeout(pollInlineMobileRegistration, 3000);
767
+ }
768
+ }
769
+ });
770
+ }
771
+ </script>
772
+ <?php
773
+ }
774
+ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
775
+ $current_user = get_userdata($current_user_id);
776
+ $opt=fetch_methods($current_user);
777
+
778
+ ?>
779
+ <html>
780
+ <head> <meta charset="utf-8"/>
781
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
782
+ <meta name="viewport" content="width=device-width, initial-scale=1">
783
+ <?php
784
+ mo2f_inline_css_and_js();
785
+ ?>
786
+ <style>
787
+ .mo2f_kba_ques, .mo2f_table_textbox{
788
+ background: whitesmoke none repeat scroll 0% 0%;
789
+ }
790
+ </style>
791
+ </head>
792
+ <body>
793
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
794
+ <div class="mo2f-modal-backdrop"></div>
795
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
796
+ <div class="login mo_customer_validation-modal-content">
797
+ <div class="mo2f_modal-header">
798
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
799
+ <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
800
+ </div>
801
+ <div class="mo2f_modal-body">
802
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
803
+ <div id="otpMessage">
804
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
805
+ </div>
806
+ <?php } ?>
807
+ <form name="f" method="post" action="" >
808
+ <?php mo2f_configure_kba_questions(); ?>
809
+ <br />
810
+ <div class ="row">
811
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
812
+ <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
813
+ <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
814
+
815
+ </div>
816
+ </div>
817
+ <input type="hidden" name="option" value="mo2f_inline_kba_option" />
818
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
819
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
820
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
821
+ </form>
822
+ <?php if (sizeof($opt) > 1) { ?>
823
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
824
+ <div class ="row">
825
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
826
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
827
+ </div>
828
+ </div>
829
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
830
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
831
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
832
+ </form>
833
+ <?php } ?>
834
+
835
+ <?php mo2f_customize_logo() ?>
836
+ </div>
837
+ </div>
838
+ </div>
839
+ </div>
840
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
841
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
842
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
843
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
844
+ </form>
845
+
846
+ <script>
847
+
848
+
849
+
850
+
851
+
852
+
853
+ function mologinback(){
854
+ jQuery('#mo2f_backto_mo_loginform').submit();
855
+ }
856
+
857
+ function mobackinline(){
858
+ jQuery('#mo2f_goto_two_factor_form').submit();
859
+ }
860
+ </script>
861
+ </body>
862
+ </html>
863
+ <?php
864
+ }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
865
+ $current_user = get_userdata($current_user_id);
866
+ $opt=fetch_methods($current_user);
867
+ ?>
868
+ <html>
869
+ <head> <meta charset="utf-8"/>
870
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
871
+ <meta name="viewport" content="width=device-width, initial-scale=1">
872
+ <?php
873
+ mo2f_inline_css_and_js();
874
+ ?>
875
+ <style>
876
+ .mo2f_kba_ques, .mo2f_table_textbox{
877
+ background: whitesmoke none repeat scroll 0% 0%;
878
+ }
879
+ </style>
880
+ </head>
881
+ <body>
882
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
883
+ <div class="mo2f-modal-backdrop"></div>
884
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
885
+ <div class="login mo_customer_validation-modal-content">
886
+ <div class="mo2f_modal-header">
887
+ <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
888
+ <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
889
+ </div>
890
+ <div class="mo2f_modal-body">
891
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
892
+ <div id="otpMessage">
893
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
894
+ </div>
895
+ <?php } ?>
896
+ <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
897
+ <input type="hidden" name="option" value="miniorange_inline_register" />
898
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
899
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
900
+ <p>This method requires you to have an account with miniOrange.</p>
901
+ <table class="mo_wpns_settings_table">
902
+ <tr>
903
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
904
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
905
+ required placeholder="person@example.com"/></td>
906
+ </tr>
907
+ <tr>
908
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
909
+ <td><input class="mo_wpns_table_textbox" required type="password"
910
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
911
+ </tr>
912
+ <tr>
913
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
914
+ <td><input class="mo_wpns_table_textbox" required type="password"
915
+ name="confirmPassword" placeholder="Confirm your password" /></td>
916
+ </tr>
917
+ <tr>
918
+ <td>&nbsp;</td>
919
+ <td><br><input type="submit" name="submit" value="Create Account"
920
+ class="miniorange_button" />
921
+ <a href="#mo2f_account_exist">Already have an account?</a>
922
+ </tr>
923
+ </table>
924
+ </form>
925
+ <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
926
+ <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
927
+ <input type="hidden" name="option" value="miniorange_inline_login"/>
928
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
929
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
930
+ <table class="mo_wpns_settings_table">
931
+ <tr>
932
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
933
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
934
+ required placeholder="person@example.com"
935
+ /></td>
936
+ </tr>
937
+ <tr>
938
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
939
+ <td><input class="mo_wpns_table_textbox" required type="password"
940
+ name="password" placeholder="Enter your miniOrange password" /></td>
941
+ </tr>
942
+ <tr>
943
+ <td>&nbsp;</td>
944
+ <td><input type="submit" class="miniorange_button" />
945
+ <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
946
+ </tr>
947
+ </table>
948
+ </form>
949
+ <br>
950
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
951
+ <?php mo2f_customize_logo() ?>
952
+ </div>
953
+ </div>
954
+ </div>
955
+ </div>
956
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
957
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
958
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
959
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
960
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
961
+ </form>
962
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
963
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
964
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
965
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
966
+ </form>
967
+
968
+ <script>
969
+ jQuery('#mo2f_inline_back_btn').click(function() {
970
+ jQuery('#mo2f_goto_two_factor_form').submit();
971
+ });
972
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
973
+ jQuery('#mo2f_inline_login_form').show();
974
+ jQuery('#mo2f_inline_register_form').hide();
975
+ });
976
+ jQuery('#cancel_link').click(function(){
977
+ jQuery('#mo2f_inline_register_form').show();
978
+ jQuery('#mo2f_inline_login_form').hide();
979
+ });
980
+ function mologinback(){
981
+ jQuery('#mo2f_backto_mo_loginform').submit();
982
+ }
983
+ </script>
984
+ </body>
985
+ </html>
986
+ <?php
987
+ }
988
+ function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
989
+ global $Mo2fdbQueries;
990
+ ?>
991
+ <html>
992
+ <head> <meta charset="utf-8"/>
993
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
994
+ <meta name="viewport" content="width=device-width, initial-scale=1">
995
+ <?php
996
+ mo2f_inline_css_and_js();
997
+ ?>
998
+ <style>
999
+ .mo2f_kba_ques, .mo2f_table_textbox{
1000
+ background: whitesmoke none repeat scroll 0% 0%;
1001
+ }
1002
+ </style>
1003
+ </head>
1004
+ <body>
1005
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1006
+ <div class="mo2f-modal-backdrop"></div>
1007
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1008
+ <div class="login mo_customer_validation-modal-content">
1009
+ <div class="mo2f_modal-header">
1010
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1011
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1012
+ </div>
1013
+ <div class="mo2f_modal-body center">
1014
+ <?php
1015
+ global $Mo2fdbQueries;
1016
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1017
+ if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1018
+ $mo2f_second_factor = 'Email Verification';
1019
+ }else if($mo2f_second_factor == 'SMS'){
1020
+ $mo2f_second_factor = 'OTP over SMS';
1021
+ }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1022
+ $mo2f_second_factor = 'OTP_OVER_EMAIL';
1023
+ }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1024
+ $mo2f_second_factor = 'Phone Call Verification';
1025
+ }else if($mo2f_second_factor == 'SOFT TOKEN'){
1026
+ $mo2f_second_factor = 'Soft Token';
1027
+ }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1028
+ $mo2f_second_factor = 'QR Code Authentication';
1029
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1030
+ $mo2f_second_factor = 'Push Notification';
1031
+ }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1032
+ if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1033
+ $mo2f_second_factor = 'Google Authenticator';
1034
+ }else{
1035
+ $mo2f_second_factor = 'Authy 2-Factor Authentication';
1036
+ }
1037
+ }else if($mo2f_second_factor == 'KBA'){
1038
+ $mo2f_second_factor = 'Security Questions (KBA)';
1039
+ }
1040
+ $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1041
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1042
+
1043
+ if(get_site_option( 'mo2f_disable_kba' )!=1){
1044
+ if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1045
+ ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1046
+ <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1047
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1048
+ <div id="otpMessage">
1049
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1050
+ </div>
1051
+ <?php } ?>
1052
+ <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1053
+ <form name="f" method="post" action="" >
1054
+ <?php mo2f_configure_kba_questions(); ?>
1055
+ <br>
1056
+ <center>
1057
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1058
+ </center>
1059
+ <input type="hidden" name="mo2f_inline_kba_option" />
1060
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1061
+ <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
1062
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1063
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1064
+ </form>
1065
+ </div>
1066
+ <?php }
1067
+ }else{
1068
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1069
+ $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1070
+ $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1071
+ }
1072
+ if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1073
+ if(get_site_option('mo2f_remember_device')!=1)
1074
+ {
1075
+ $pass2fa= new Miniorange_Password_2Factor_Login();
1076
+ $pass2fa->mo2fa_pass2login(site_url());
1077
+ ?>
1078
+ <center>
1079
+ <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1080
+ <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1081
+ </p>
1082
+ </center>
1083
+ <br>
1084
+ <center>
1085
+ <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1086
+ <br>
1087
+ </center>
1088
+ <?php
1089
+ }else{
1090
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
1091
+ $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1092
+ mo2f_collect_device_attributes_handler($redirect_to,$session_id);
1093
+ }
1094
+ }
1095
+ mo2f_customize_logo() ?>
1096
+ </div>
1097
+ </div>
1098
+ </div>
1099
+ </div>
1100
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1101
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1102
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1103
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1104
+ </form>
1105
+
1106
+ <script>
1107
+ function mologinback(){
1108
+ jQuery('#mo2f_backto_mo_loginform').submit();
1109
+ }
1110
+ </script>
1111
+ </body>
1112
+ </html>
1113
+ <?php
1114
+ }
1115
+
1116
+ function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
1117
+ $current_user = get_userdata($current_user_id);
1118
+ $opt=fetch_methods($current_user);
1119
+ global $Mo2fdbQueries;
1120
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1121
+ $current_user = get_userdata($current_user_id);
1122
+ $email = $current_user->user_email;
1123
+ ?>
1124
+ <html>
1125
+ <head> <meta charset="utf-8"/>
1126
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1127
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1128
+ <?php
1129
+ mo2f_inline_css_and_js();
1130
+
1131
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))) . '" ></script>';
1132
+ echo '<script src="' . plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))). '" ></script>';
1133
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
1134
+ ?>
1135
+ </head>
1136
+ <body>
1137
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1138
+ <div class="mo2f-modal-backdrop"></div>
1139
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1140
+ <div class="login mo_customer_validation-modal-content">
1141
+ <div class="mo2f_modal-header">
1142
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1143
+ <?php
1144
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1145
+ <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1146
+ <?php }
1147
+ else if($current_selected_method == 'OTP OVER EMAIL'){
1148
+ ?>
1149
+ <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1150
+ <?php }
1151
+ else{
1152
+ ?>
1153
+ <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1154
+ <?php } ?>
1155
+ </div>
1156
+ <div class="mo2f_modal-body">
1157
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1158
+ <div id="otpMessage"
1159
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1160
+ >
1161
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
1162
+ </div>
1163
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
1164
+ <?php } ?>
1165
+ <div class="mo2f_row">
1166
+ <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1167
+ <p>
1168
+ <?php
1169
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1170
+ <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1171
+ <?php
1172
+ }else if($current_selected_method == 'OTP OVER EMAIL'){
1173
+ //no message
1174
+ }else{
1175
+ ?>
1176
+ <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1177
+ <?php }
1178
+ if(!($current_selected_method == 'OTP OVER EMAIL')){
1179
+ ?>
1180
+ <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1181
+ value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1182
+ <?php } ?>
1183
+ <?php
1184
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1185
+ if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1186
+ <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1187
+ value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1188
+ <?php } ?>
1189
+ <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1190
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1191
+ <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1192
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1193
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1194
+ </form>
1195
+ </div>
1196
+ <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1197
+ <p>
1198
+ <?php
1199
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1200
+ <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1201
+ <?php }
1202
+ else{
1203
+ ?>
1204
+ <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1205
+ <?php } ?>
1206
+ <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1207
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1208
+ <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1209
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1210
+ <?php } else {?>
1211
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1212
+ <?php } ?>
1213
+ <br /><br />
1214
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1215
+ <?php if (sizeof($opt) > 1) { ?>
1216
+
1217
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1219
+ <?php } ?>
1220
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1221
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1222
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1223
+ <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1224
+ </form>
1225
+ <?php mo2f_customize_logo() ?>
1226
+ </div>
1227
+ </div>
1228
+ </div>
1229
+ </div>
1230
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1231
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1232
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1233
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1234
+ </form>
1235
+ <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1236
+ <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1237
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1238
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1239
+ </form>
1240
+ <?php if (sizeof($opt) > 1) { ?>
1241
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1242
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1243
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1244
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1245
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1246
+ </form>
1247
+ <?php } ?>
1248
+ <script>
1249
+ jQuery("#phone").intlTelInput();
1250
+ function mologinback(){
1251
+ jQuery('#mo2f_backto_mo_loginform').submit();
1252
+ }
1253
+ jQuery('#mo2f_inline_back_btn').click(function() {
1254
+ jQuery('#mo2f_goto_two_factor_form').submit();
1255
+ });
1256
+ jQuery('a[href="#resendsmslink"]').click(function(e) {
1257
+ jQuery('#mo2fa_inline_resend_otp_form').submit();
1258
+ });
1259
+ </script>
1260
+ </body>
1261
+
1262
+ </html>
1263
+ <?php
1264
+ }
controllers/twofa/two_fa_unlimittedUser.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
- global $moWpnsUtility, $mo2f_dirName;
3
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
1
+ <?php
2
+ global $moWpnsUtility, $mo2f_dirName;
3
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
controllers/twofa/two_fa_unlimittedUser_ajax.php CHANGED
@@ -1,47 +1,47 @@
1
- <?php
2
-
3
- class WPNS_unlimittedUser
4
- {
5
- function __construct(){
6
-
7
- add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
- }
9
-
10
- function mo_two_fa_unlimittedUser_ajax(){
11
- add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
- }
13
-
14
- function wpns_two_fa_unlimittedUser(){
15
- switch($_POST['wpns_unlimittedUser_ajax'])
16
- {
17
- case 'save':
18
- $this->wpns_handle_save(); break;
19
- }
20
- }
21
- function wpns_handle_save()
22
- {
23
-
24
- if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
- wp_send_json('ERROR');
26
- return;
27
- }
28
- global $wp_roles;
29
- if (!isset($wp_roles))
30
- $wp_roles = new WP_Roles();
31
- foreach($wp_roles->role_names as $id => $name) {
32
- update_option('mo2fa_'.$id, 0);
33
- }
34
- $enabledrole = $_POST['enabledrole'];
35
- foreach($enabledrole as $role){
36
- update_option($role, 1);
37
- }
38
- update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
39
- update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
40
- update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
41
- update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
42
- update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
43
- wp_send_json('true');
44
- return;
45
- }
46
- }new WPNS_unlimittedUser();
47
  ?>
1
+ <?php
2
+
3
+ class WPNS_unlimittedUser
4
+ {
5
+ function __construct(){
6
+
7
+ add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
+ }
9
+
10
+ function mo_two_fa_unlimittedUser_ajax(){
11
+ add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
+ }
13
+
14
+ function wpns_two_fa_unlimittedUser(){
15
+ switch($_POST['wpns_unlimittedUser_ajax'])
16
+ {
17
+ case 'save':
18
+ $this->wpns_handle_save(); break;
19
+ }
20
+ }
21
+ function wpns_handle_save()
22
+ {
23
+
24
+ if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
+ wp_send_json('ERROR');
26
+ return;
27
+ }
28
+ global $wp_roles;
29
+ if (!isset($wp_roles))
30
+ $wp_roles = new WP_Roles();
31
+ foreach($wp_roles->role_names as $id => $name) {
32
+ update_option('mo2fa_'.$id, 0);
33
+ }
34
+ $enabledrole = $_POST['enabledrole'];
35
+ foreach($enabledrole as $role){
36
+ update_option($role, 1);
37
+ }
38
+ update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
39
+ update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
40
+ update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
41
+ update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
42
+ update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
43
+ wp_send_json('true');
44
+ return;
45
+ }
46
+ }new WPNS_unlimittedUser();
47
  ?>
controllers/upgrade.php CHANGED
@@ -1,3 +1,2 @@
1
  <?php
2
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
3
- MoWpnsUtility::checkSecurity();
1
  <?php
2
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
 
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -48,7 +48,8 @@ class wpns_ajax
48
  $this->wpns_all_plans(); break;
49
  case 'wpns_logout_form':
50
  $this->wpns_logout_form(); break;
51
-
 
52
  }
53
  }
54
 
@@ -61,6 +62,36 @@ class wpns_ajax
61
  $obj = new Miniorange_Password_2Factor_Login();
62
  $obj->check_kba_validation($_POST);
63
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
64
  function mo2f_ajax_login()
65
  {
66
  if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
@@ -85,6 +116,7 @@ class wpns_ajax
85
  delete_option('mo2f_api_key');
86
  delete_option('mo2f_customer_token');
87
  delete_option('mo_wpns_transactionId');
 
88
  delete_option('mo_wpns_registration_status');
89
  delete_option( 'mo_2factor_admin_registration_status' );
90
 
@@ -129,6 +161,7 @@ class wpns_ajax
129
  update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
130
  update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
131
  if($brute_force == "on"){
 
132
  wp_send_json('true');
133
  }
134
  else if($brute_force == ""){
@@ -490,6 +523,7 @@ class wpns_ajax
490
  {
491
  update_option('WAF','PluginLevel');
492
  update_option('WAFEnabled','1');
 
493
  echo("PWAFenabled");exit;
494
  }
495
  }
@@ -513,6 +547,7 @@ class wpns_ajax
513
  {
514
  update_option('WAF','HtaccessLevel');
515
  update_option('WAFEnabled','1');
 
516
  $dir_name = dirname(__FILE__);
517
  $dirN = $dir_name;
518
  $dirN = str_replace('\\', '/', $dirN);
@@ -1171,6 +1206,7 @@ class wpns_ajax
1171
  update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1172
  update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1173
  update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
 
1174
  wp_send_json('true');
1175
  }
1176
  else if($enable_captcha == ""){
48
  $this->wpns_all_plans(); break;
49
  case 'wpns_logout_form':
50
  $this->wpns_logout_form(); break;
51
+ case 'wpns_check_transaction':
52
+ $this->wpns_check_transaction(); break;
53
  }
54
  }
55
 
62
  $obj = new Miniorange_Password_2Factor_Login();
63
  $obj->check_kba_validation($_POST);
64
  }
65
+ function wpns_check_transaction()
66
+ {
67
+ $customerT = new Customer_Cloud_Setup();
68
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
69
+ if($content['status'] == 'SUCCESS')
70
+ {
71
+ update_site_option('mo2f_license_type','PREMIUM');
72
+ }
73
+ else
74
+ {
75
+ update_site_option('mo2f_license_type','DEMO');
76
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
77
+ }
78
+ if(isset($content['smsRemaining']))
79
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
80
+ else if($content['status'] =='SUCCESS')
81
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
82
+ if(isset($content['emailRemaining']))
83
+ {
84
+ $available_transaction = get_site_option('EmailTransactionCurrent', 30);
85
+ if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
86
+ {
87
+ $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
88
+ if($available_transaction>30)
89
+ $currentTransaction = $currentTransaction-$available_transaction;
90
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
91
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
92
+ }
93
+ }
94
+ }
95
  function mo2f_ajax_login()
96
  {
97
  if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
116
  delete_option('mo2f_api_key');
117
  delete_option('mo2f_customer_token');
118
  delete_option('mo_wpns_transactionId');
119
+ delete_site_option('EmailTransactionCurrent');
120
  delete_option('mo_wpns_registration_status');
121
  delete_option( 'mo_2factor_admin_registration_status' );
122
 
161
  update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
162
  update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
163
  if($brute_force == "on"){
164
+ update_site_option('bruteforce_notification_option',1);
165
  wp_send_json('true');
166
  }
167
  else if($brute_force == ""){
523
  {
524
  update_option('WAF','PluginLevel');
525
  update_option('WAFEnabled','1');
526
+ update_site_option('waf_notification_option','1');
527
  echo("PWAFenabled");exit;
528
  }
529
  }
547
  {
548
  update_option('WAF','HtaccessLevel');
549
  update_option('WAFEnabled','1');
550
+ update_site_option('waf_notification_option','1');
551
  $dir_name = dirname(__FILE__);
552
  $dirN = $dir_name;
553
  $dirN = str_replace('\\', '/', $dirN);
1206
  update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1207
  update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1208
  update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1209
+ update_site_option('recaptcha_notification_option',1);
1210
  wp_send_json('true');
1211
  }
1212
  else if($enable_captcha == ""){
database/database_functions.php CHANGED
@@ -120,7 +120,7 @@
120
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
  {
122
  $sql = "CREATE TABLE " . $tableName . " (
123
- `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
  dbDelta($sql);
125
  }
126
  $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
@@ -130,6 +130,20 @@
130
  $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
  $resluts = $wpdb->query($sql1);
132
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
133
 
134
  $tableName = $this->scanreportdetails;
135
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
@@ -151,9 +165,14 @@
151
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
152
  {
153
  $sql = "CREATE TABLE " . $tableName . " (
154
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
155
  dbDelta($sql);
156
  }
 
 
 
 
 
157
 
158
  $tableName = $this->hashfile;
159
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
@@ -495,6 +514,32 @@
495
  }
496
  }
497
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
498
  function add_report_details($reportid, $filename, $report){
499
  global $wpdb;
500
  $wpdb->insert(
@@ -578,12 +623,14 @@
578
  if(!empty($file_path_array)){
579
  $size=sizeof($file_path_array);
580
  $default=0;
581
- $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`) VALUES";
582
  for ($i=1; $i <= $size ; $i++) {
583
  $value= $file_path_array[$i];
584
- $value = addslashes($value);
585
- $hash_value= md5($value);
586
- $query.= "('".$value."', '".$hash_value."', '".$default."', '".$default."', '".$default."')";
 
 
587
  if($i < $size){
588
  $query.= ",";
589
  }
@@ -655,9 +702,9 @@
655
  return $result;
656
  }
657
 
658
- function get_files_for_repo(){
659
  global $wpdb;
660
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 LIMIT 100';
661
  $result=$wpdb->get_results($sql);
662
  return $result;
663
  }
120
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
  {
122
  $sql = "CREATE TABLE " . $tableName . " (
123
+ `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
  dbDelta($sql);
125
  }
126
  $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
130
  $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
  $resluts = $wpdb->query($sql1);
132
  }
133
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
134
+ if(is_null($result)){
135
+ $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `malicious_links` ;";
136
+ $results1 = $wpdb->query($sql);
137
+ $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
138
+ $resluts = $wpdb->query($sql1);
139
+ }
140
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'net_connection'");
141
+ if(is_null($result)){
142
+ $sql = "ALTER TABLE `$tableName` ADD `net_connection` mediumtext AFTER `repo_key` ;";
143
+ $results1 = $wpdb->query($sql);
144
+ $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
145
+ $resluts = $wpdb->query($sql1);
146
+ }
147
 
148
  $tableName = $this->scanreportdetails;
149
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
165
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
  {
167
  $sql = "CREATE TABLE " . $tableName . " (
168
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
169
  dbDelta($sql);
170
  }
171
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
172
+ if(is_null($result)){
173
+ $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
174
+ $results1 = $wpdb->query($sql);
175
+ }
176
 
177
  $tableName = $this->hashfile;
178
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
514
  }
515
  }
516
 
517
+ function mo2f_update_net_issue($reportid){
518
+ global $wpdb;
519
+ $wpdb->update(
520
+ $this->malwarereportTable,
521
+ array(
522
+ 'net_connection' => 1
523
+ ),
524
+ array(
525
+ 'id' => $reportid
526
+ )
527
+ );
528
+ }
529
+
530
+ function mo2f_update_repo_issue($reportid, $issue){
531
+ global $wpdb;
532
+ $wpdb->update(
533
+ $this->malwarereportTable,
534
+ array(
535
+ 'repo_key' => $issue
536
+ ),
537
+ array(
538
+ 'id' => $reportid
539
+ )
540
+ );
541
+ }
542
+
543
  function add_report_details($reportid, $filename, $report){
544
  global $wpdb;
545
  $wpdb->insert(
623
  if(!empty($file_path_array)){
624
  $size=sizeof($file_path_array);
625
  $default=0;
626
+ $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
627
  for ($i=1; $i <= $size ; $i++) {
628
  $value= $file_path_array[$i];
629
+ $file_path = $value['file'];
630
+ $file_path = addslashes($file_path);
631
+ $hash_value= md5($file_path);
632
+ $repo_key = $value['key'];
633
+ $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
634
  if($i < $size){
635
  $query.= ",";
636
  }
702
  return $result;
703
  }
704
 
705
+ function get_files_for_repo($repo_key){
706
  global $wpdb;
707
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
708
  $result=$wpdb->get_results($sql);
709
  return $result;
710
  }
handler/WAF/database/mo-waf-db-common.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
- function retrivefullname($name)
3
- {
4
-
5
- switch ($name) {
6
- case 'XSS':
7
- return 'Cross-site Scripting';
8
- case 'SQL':
9
- return 'SQL injection';
10
- case 'RCE':
11
- return 'Remote Code Execution';
12
- case 'LFI':
13
- return 'Local File Inclusion';
14
- case 'RFI':
15
- return 'Remote File Inclusion';
16
- case 'RLE':
17
- return 'Rate limiting Exceeded';
18
- case 'RLECrawler':
19
- return 'Rate limit Exceeded for crawler';
20
- default:
21
- return $name;
22
-
23
- }
24
-
25
  }
1
+ <?php
2
+ function retrivefullname($name)
3
+ {
4
+
5
+ switch ($name) {
6
+ case 'XSS':
7
+ return 'Cross-site Scripting';
8
+ case 'SQL':
9
+ return 'SQL injection';
10
+ case 'RCE':
11
+ return 'Remote Code Execution';
12
+ case 'LFI':
13
+ return 'Local File Inclusion';
14
+ case 'RFI':
15
+ return 'Remote File Inclusion';
16
+ case 'RLE':
17
+ return 'Rate limiting Exceeded';
18
+ case 'RLECrawler':
19
+ return 'Rate limit Exceeded for crawler';
20
+ default:
21
+ return $name;
22
+
23
+ }
24
+
25
  }
handler/WAF/database/mo-waf-plugin-db.php CHANGED
@@ -1,91 +1,91 @@
1
- <?php
2
-
3
- include_once('mo-waf-db-common.php');
4
- function setting_file()
5
- {
6
- global $prefix,$dbcon;
7
- $dir_name = dirname(__FILE__);
8
- $dir_name1 = explode('wp-content', $dir_name);
9
- $dir_name = $dir_name1[0];
10
- $filepath = str_replace('\\', '/', $dir_name1[0]);
11
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
- $missingFile = 0;
13
- if(!file_exists($fileName))
14
- {
15
- $missingFile = 1;
16
- }
17
- if($missingFile==1)
18
- {
19
- $file = fopen($fileName, "a+");
20
- $string = "<?php".PHP_EOL;
21
- $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
- $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
- $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
- $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
- $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
- $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
- $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
-
29
- if(get_option('actionRateL') == 0)
30
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
- else
32
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
-
34
- $string .= '?>'.PHP_EOL;
35
- fwrite($file, $string);
36
- fclose($file);
37
- return $fileName;
38
- }
39
- return "notMissing";
40
-
41
- }
42
-
43
- function getRLEAttack($ipaddress)
44
- {
45
- global $wpdb;
46
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
- $results = $wpdb->get_results($query);
48
- return $results[0]->time;
49
- }
50
- function log_attack($ipaddress,$value1,$value)
51
- {
52
- global $wpdb;
53
- $value = htmlspecialchars($value);
54
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
- $results = $wpdb->get_results($query);
56
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
- $results = $wpdb->get_results($query);
58
- return $results[0]->count;
59
- }
60
-
61
-
62
- function CheckRate($ipaddress)
63
- {
64
- global $wpdb;
65
- $time = 60;
66
- clearRate($time);
67
- insertRate($ipaddress);
68
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
- $results = $wpdb->get_results($query);
70
-
71
- if(isset($results[0]->count))
72
- {
73
- return $results[0]->count;
74
- }
75
- return 0;
76
-
77
- }
78
- function clearRate($time)
79
- {
80
- global $wpdb;
81
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
- $results = $wpdb->get_results($query);
83
- }
84
- function insertRate($ipaddress)
85
- {
86
- global $wpdb;
87
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
- $results = $wpdb->get_results($query);
89
- }
90
-
91
  ?>
1
+ <?php
2
+
3
+ include_once('mo-waf-db-common.php');
4
+ function setting_file()
5
+ {
6
+ global $prefix,$dbcon;
7
+ $dir_name = dirname(__FILE__);
8
+ $dir_name1 = explode('wp-content', $dir_name);
9
+ $dir_name = $dir_name1[0];
10
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
11
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
+ $missingFile = 0;
13
+ if(!file_exists($fileName))
14
+ {
15
+ $missingFile = 1;
16
+ }
17
+ if($missingFile==1)
18
+ {
19
+ $file = fopen($fileName, "a+");
20
+ $string = "<?php".PHP_EOL;
21
+ $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
+ $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
+ $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
+ $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
+ $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
+ $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
+ $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
+
29
+ if(get_option('actionRateL') == 0)
30
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
+ else
32
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
+
34
+ $string .= '?>'.PHP_EOL;
35
+ fwrite($file, $string);
36
+ fclose($file);
37
+ return $fileName;
38
+ }
39
+ return "notMissing";
40
+
41
+ }
42
+
43
+ function getRLEAttack($ipaddress)
44
+ {
45
+ global $wpdb;
46
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
+ $results = $wpdb->get_results($query);
48
+ return $results[0]->time;
49
+ }
50
+ function log_attack($ipaddress,$value1,$value)
51
+ {
52
+ global $wpdb;
53
+ $value = htmlspecialchars($value);
54
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
+ $results = $wpdb->get_results($query);
56
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
+ $results = $wpdb->get_results($query);
58
+ return $results[0]->count;
59
+ }
60
+
61
+
62
+ function CheckRate($ipaddress)
63
+ {
64
+ global $wpdb;
65
+ $time = 60;
66
+ clearRate($time);
67
+ insertRate($ipaddress);
68
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
+ $results = $wpdb->get_results($query);
70
+
71
+ if(isset($results[0]->count))
72
+ {
73
+ return $results[0]->count;
74
+ }
75
+ return 0;
76
+
77
+ }
78
+ function clearRate($time)
79
+ {
80
+ global $wpdb;
81
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
+ $results = $wpdb->get_results($query);
83
+ }
84
+ function insertRate($ipaddress)
85
+ {
86
+ global $wpdb;
87
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
+ $results = $wpdb->get_results($query);
89
+ }
90
+
91
  ?>
handler/ajax.php CHANGED
@@ -18,24 +18,28 @@ class AjaxHandler
18
  case "iplookup":
19
  $this->lookupIP($_GET['ip']); break;
20
 
21
- case "dissmissfeedback":
22
- $this->handle_feedback(); break;
23
  case "dissmissSMTP":
24
  $this->handle_smtp(); break;
25
  case "whitelistself":
26
  $this->whitelist_self(); break;
27
- case "dismissinfected":
28
- $this->wpns_infected_notice(); break;
29
- case "dismissinfected_always":
30
- $this->wpns_infected_notice_always(); break;
31
  case "dismissplugin":
32
  $this->wpns_plugin_notice(); break;
33
- case "dismissplugin_always":
34
- $this->wpns_plugin_notice_always(); break;
35
- case "dismissweekly":
36
- $this->wpns_weekly_notice(); break;
37
- case "dismissweekly_always":
38
- $this->wpns_weekly_notice_always(); break;
 
 
 
 
 
 
 
 
 
39
  }
40
  }
41
  }
@@ -80,11 +84,7 @@ class AjaxHandler
80
 
81
  }
82
 
83
- private function handle_feedback()
84
- {
85
- update_option('donot_show_feedback_message',1);
86
- wp_send_json('success');
87
- }
88
 
89
  private function whitelist_self()
90
  {
@@ -94,43 +94,42 @@ class AjaxHandler
94
  wp_send_json('success');
95
  }
96
 
97
- private function wpns_infected_notice()
98
  {
99
- update_option('infected_dismiss', time());
100
- wp_send_json('success');
101
- }
102
 
103
- private function wpns_infected_notice_always()
104
- {
105
- update_option('donot_show_infected_file_notice', 1);
106
  wp_send_json('success');
107
  }
108
 
109
- private function wpns_plugin_notice()
110
- {
111
- $plugin_current= get_plugins();
112
- update_option('mo_wpns_last_plugins', $plugin_current);
113
- $args=array();
114
- $theme_current= wp_get_themes($args);
115
- update_option('mo_wpns_last_themes', $theme_current);
116
- wp_send_json('success');
117
  }
118
 
119
- private function wpns_plugin_notice_always()
120
- {
121
- update_option('donot_show_new_plugin_theme_notice', 1);
122
- wp_send_json('success');
123
  }
124
 
125
- private function wpns_weekly_notice()
126
- {
127
- update_option('weekly_dismiss', time());
128
- wp_send_json('success');
129
  }
130
 
131
- private function wpns_weekly_notice_always()
 
 
 
 
 
 
132
  {
133
- update_option('donot_show_weekly_scan_notice', 1);
 
134
  wp_send_json('success');
135
  }
136
 
18
  case "iplookup":
19
  $this->lookupIP($_GET['ip']); break;
20
 
21
+
 
22
  case "dissmissSMTP":
23
  $this->handle_smtp(); break;
24
  case "whitelistself":
25
  $this->whitelist_self(); break;
 
 
 
 
26
  case "dismissplugin":
27
  $this->wpns_plugin_notice(); break;
28
+
29
+ case "dismissbackup":
30
+ $this->wpns_dismiss_backup_notice(); break;
31
+
32
+ case "dismissbruteforce":
33
+ $this->wpns_dismiss_bruteforce_notice(); break;
34
+
35
+ case "dismissrecaptcha":
36
+ $this-> wpns_dismiss_recaptcha_notice(); break;
37
+
38
+ case "dismissfirewall":
39
+ $this->wpns_dismiss_firewall_notice(); break;
40
+
41
+ case "dismisscodeswarning":
42
+ $this->mo2f_backup_codes_dismiss(); break;
43
  }
44
  }
45
  }
84
 
85
  }
86
 
87
+
 
 
 
 
88
 
89
  private function whitelist_self()
90
  {
94
  wp_send_json('success');
95
  }
96
 
97
+ private function wpns_plugin_notice()
98
  {
 
 
 
99
 
100
+ update_site_option('malware_notification_option', 1);
101
+ update_site_option('notice_dismiss_time',time());
 
102
  wp_send_json('success');
103
  }
104
 
105
+ function wpns_dismiss_backup_notice(){
106
+ update_site_option('backup_notification_option', 1);
107
+ update_site_option('notice_dismiss_time',time());
108
+ wp_send_json('success');
 
 
 
 
109
  }
110
 
111
+ function wpns_dismiss_bruteforce_notice(){
112
+ update_site_option(' bruteforce_notification_option', 1);
113
+ update_site_option('notice_dismiss_time',time());
114
+ wp_send_json('success');
115
  }
116
 
117
+ function wpns_dismiss_recaptcha_notice(){
118
+ update_site_option('recaptcha_notification_option', 1);
119
+ update_site_option('notice_dismiss_time',time());
120
+ wp_send_json('success');
121
  }
122
 
123
+ function wpns_dismiss_firewall_notice(){
124
+ update_site_option('waf_notification_option', 1);
125
+ update_site_option('notice_dismiss_time',time());
126
+ wp_send_json('success');
127
+ }
128
+
129
+ private function mo2f_backup_codes_dismiss()
130
  {
131
+ $user_id = get_current_user_id();
132
+ update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
133
  wp_send_json('success');
134
  }
135
 
handler/backup.php CHANGED
@@ -47,7 +47,7 @@ function file_cron_backup(){
47
  if(get_site_option('mo_file_backup_wp_files') == '1'){
48
  $this->wpfiles_backup($backup_store_path, $time);
49
  }
50
-
51
  }
52
 
53
  function file_manual_backup(){
@@ -68,7 +68,7 @@ function file_manual_backup(){
68
  if(get_site_option('mo_file_manual_backup_wp_files') == '1'){
69
  $this->wpfiles_backup($backup_store_path, $time);
70
  }
71
-
72
  }
73
 
74
  function file_eb_backup_interval($schedules){
47
  if(get_site_option('mo_file_backup_wp_files') == '1'){
48
  $this->wpfiles_backup($backup_store_path, $time);
49
  }
50
+ update_site_option('backup_notification_option',1);
51
  }
52
 
53
  function file_manual_backup(){
68
  if(get_site_option('mo_file_manual_backup_wp_files') == '1'){
69
  $this->wpfiles_backup($backup_store_path, $time);
70
  }
71
+ update_site_option('backup_notification_option',1);
72
  }
73
 
74
  function file_eb_backup_interval($schedules){
handler/malware_scanner.php CHANGED
@@ -1,669 +1,669 @@
1
- <?php
2
-
3
- class Mo_wpns_Scan_Handler{
4
- private $total_files_to_scan;
5
- public $scanned_files = array();
6
- function __construct(){
7
-
8
- }
9
- function mo2f_scan_all_files($scan_config){
10
- update_option('mo_wpns_scan_initialize', 0);
11
- update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
12
- update_option('mo_wpns_files_scanned',0);
13
- update_option('mo_wpns_infected_files',0);
14
- ini_set('memory_limit', '-1');
15
- ini_set('max_execution_time', 0);
16
- $result = array();
17
- $folderpaths = array();
18
- $wp_repo_file = array();
19
- $folderNames = "";
20
- $repo_check_status = $scan_config['check_repo'];
21
- $repo_check_status_code = 0;
22
- $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
- $hostname = 'wordpress.org';
24
- $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
25
- if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
26
- $scan_config['check_repo'] = 0;
27
- $repo_check_status_code = -97;
28
- }
29
- if (!$wordpress_server_status) {
30
- $scan_config['check_repo'] = 0;
31
- $repo_check_status_code = -98;
32
- }
33
- $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
34
- if($scan_config['core_scan'] == 1){
35
- $folderpaths['base'] = $base;
36
- $folderNames .= "WP Files;";
37
- }
38
- if($scan_config['plugin_scan'] == 1){
39
- $folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
40
- $folderNames .= "Plugins;";
41
- }
42
- if($scan_config['theme_scan'] == 1){
43
- $folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
44
- $folderNames .= "Themes;";
45
- }
46
- if($scan_config['check_repo'] == 1){
47
- $folderNames .= "WP Repo Files;";
48
- }
49
- $this->count_total_files($folderpaths, $base, $scan_config);
50
-
51
- if ( ! function_exists( 'get_plugins' ) ) {
52
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
53
- }
54
- if ( ! function_exists( 'plugins_api' ) ) {
55
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
56
- }
57
- if($scan_config['check_repo'] == 1){
58
- if(!is_dir($repo_file_path)){
59
- mkdir($repo_file_path);
60
- }
61
- if($scan_config['core_scan'] == 1){
62
- require(ABSPATH . 'wp-includes/version.php');
63
- //wordpress name to be changed to be changed based on version
64
- $zip_name="wp-".$wp_version;
65
- $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
66
- update_option('downloaded_wordpress_repo_name', $zip_name);
67
- if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
68
- $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
69
- if($result === -99){
70
- $scan_config['check_repo'] = 0;
71
- $repo_check_status_code = -99;
72
- }else if(!$result){
73
- $scan_config['check_repo'] = 0;
74
- $repo_check_status_code = -100;
75
- }
76
- }
77
- }
78
- if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
79
- $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
80
- if(!is_dir($wp_plugin_repo_file)){
81
- mkdir($wp_plugin_repo_file);
82
- }
83
- $wp_repo_file['plugins']=$wp_plugin_repo_file;
84
- $plugin_list=get_site_transient( 'update_plugins' );
85
- $all_plugins=array();
86
- foreach ($plugin_list as $key => $value) {
87
- if($key=='response'||$key=='no_update'){
88
- foreach ($value as $ke => $val) {
89
- $all_plugins[$ke] = $val;
90
- }
91
- }
92
- }
93
- $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
94
- if($result === -99){
95
- $scan_config['check_repo'] = 0;
96
- $repo_check_status_code = -99;
97
- }else if(!$result){
98
- $scan_config['check_repo'] = 0;
99
- $repo_check_status_code = -100;
100
- }
101
- }
102
- if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
103
- $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
104
- if(!is_dir($wp_theme_repo_file)){
105
- mkdir($wp_theme_repo_file);
106
- }
107
- $wp_repo_file['themes']=$wp_theme_repo_file;
108
- $all_themes=get_site_transient( 'update_themes' )->checked;
109
- $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
110
- if($result === -99){
111
- $scan_config['check_repo'] = 0;
112
- $repo_check_status_code = -99;
113
- }else if(!$result){
114
- $scan_config['check_repo'] = 0;
115
- $repo_check_status_code = -100;
116
- }
117
- }
118
- }
119
- $mo2f_malware_db_handler = new MoWpnsDB();
120
- $time = current_time('timestamp');
121
- $result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
122
- $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
123
- if($result['scan']){
124
- foreach ($result['scan'] as $key => $value) {
125
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
126
- }
127
- }
128
- $result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
129
- $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
130
- if(is_dir($repo_file_path)){
131
- $this->remove_dir($repo_file_path);
132
- }
133
- update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
134
- $total_scan=$mo2f_malware_db_handler->count_files();
135
- $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
136
- $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
137
- $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
138
- if($total_scan > 999){
139
- $total_scan=($total_scan/1000);
140
- $total_scan= round($total_scan,1)."k";
141
- }
142
- if($total_malicious > 999){
143
- $total_malicious=($total_malicious/1000);
144
- $total_malicious= round($total_malicious,1)."k";
145
- }
146
- $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
147
- wp_send_json($response);
148
- }
149
-
150
- function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
151
- foreach($themes_or_plugins as $key => $data){
152
- if($type=='plugins'){
153
- $plugin_slug=$data->slug;
154
- $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
155
- $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
156
- $plugin_version=$plugin_data['Version'];
157
- if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
158
- $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
- if($result === -99){
160
- return -99;
161
- }else if(!$result){
162
- return false;
163
- }
164
- }
165
- } else if($type=='themes'){
166
- if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
- $result= $this->download_repo($key, $data, $path, $type);
168
- if($result === -99){
169
- return -99;
170
- }else if(!$result){
171
- return false;
172
- }
173
- }
174
- }
175
- }
176
- return true;
177
- }
178
-
179
- function download_repo($zip_name, $version, $path, $type=''){
180
- if ($type=='plugins') {
181
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
182
- $plugin_name=$zip_name.'.'.$version;
183
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
184
- if( $download_result){
185
- $result = $this->unzip_downloaded_repo($zip_name, $path);
186
- return $result;
187
- }else {
188
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
189
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
190
- if( $download_result){
191
- $result = $this->unzip_downloaded_repo($zip_name, $path);
192
- return $result;
193
- }else {
194
- error_log("Unable to download Plugin: ".$plugin_name);
195
- return -99;
196
- }
197
- return -99;
198
- }
199
- } else if($type=='themes'){
200
- $theme_name=$zip_name.'.'.$version;
201
- $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
202
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
203
- if( $download_result){
204
- $result = $this->unzip_downloaded_repo($zip_name, $path);
205
- return $result;
206
- }else {
207
- $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
208
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
209
- if( $download_result){
210
- $result = $this->unzip_downloaded_repo($zip_name, $path);
211
- return $result;
212
- }else {
213
- error_log("Unable to download Theme: ".$theme_name);
214
- return -99;
215
- }
216
- return -99;
217
- }
218
- } else {
219
- $download_link="https://wordpress.org/wordpress-".$version.".zip";
220
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
221
- if($download_result){
222
- $result=$this->unzip_downloaded_repo($zip_name, $path);
223
- return $result;
224
- } else {
225
- error_log("Unable to download wordpress-".$version);
226
- return -99;
227
- }
228
- }
229
- return false;
230
- }
231
-
232
- function unzip_downloaded_repo($name, $path){
233
- $zip = new ZipArchive;
234
- $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
235
- $res = $zip->open($folder_path);
236
- if ($res === TRUE) {
237
- // extract it to the path we determined above
238
- $result = $zip->extractTo($path);
239
- $zip->close();
240
- if ($name == get_option('downloaded_wordpress_repo_name')) {
241
- rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
242
- }
243
- unlink($folder_path);
244
- return true;
245
- } else {
246
- return false;
247
- }
248
- }
249
-
250
- function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
251
- if(!empty($folderpaths)){
252
- if ( in_array( 'curl', get_loaded_extensions() ) ) {
253
- $scanresults=array();
254
- $nooffiles=0;
255
- $scan_malware_count = 0;
256
- $repo_issue_count = 0;
257
- $malicious_link_count = 0;
258
- $file_ext = $scan_config['file_extension'];
259
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
260
- $extensions = array();
261
- $hostname = 'scanner.api.xecurify.com';
262
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
263
- if(empty($file_ext)){
264
- }else{
265
- if(strpos($file_ext,';') !=false){
266
- $extensions = explode(";", $file_ext);
267
- }else{
268
- array_push($extensions, $file_ext);
269
- }
270
- }
271
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
272
- $skip_path_array= array();
273
- for($i=0; $i<count($folder_skip_array); $i++){
274
- $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
275
- $n= sizeof($pathParts)-1;
276
- $folder= $pathParts[$n];
277
- array_push($skip_path_array, $folder);
278
- }
279
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
280
- foreach ($folderpaths as $value) {
281
- $onearr = array();
282
- if (is_dir($value)) {
283
- foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
284
- if ($item->isFile()) {
285
- $scanresult=array();
286
- $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
287
- if ($value == $base && ($scan_config['core_scan'] == 1)){
288
- $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
289
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
290
-
291
- }else{
292
- continue;
293
- }
294
- }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
295
- continue;
296
- } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
297
- continue;
298
- }
299
- $flag_skip=0;
300
- if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
301
- for($q=0; $q<count($skip_path_array); $q++){
302
- if(strpos($source_file_path, $skip_path_array[$q])){
303
- $flag_skip=1;
304
- break;
305
- }
306
- }
307
- }
308
- if($flag_skip == 1){
309
- continue;
310
- }
311
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
- $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
- if($extns){
314
- $nooffiles++;
315
- if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
316
- update_option('mo_wpns_files_scanned', $nooffiles);
317
- }
318
- }
319
-
320
- $hash_of_file= md5_file($source_file_path);
321
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
-
323
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
- $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
- $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
326
- $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
327
- $malware_status = $scanmalware? 0 : 1;
328
- $repo_status = $repocheck? 0 : 1;
329
- $link_status = $extlink? 0 : 1;
330
- if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
331
-
332
- else{
333
- $flag_update=0;
334
- $file_content=file_get_contents($source_file_path);
335
- $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
- if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
- $malware_status = 1;
338
- $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
- $postdata = array('file' => $cfile);
340
- $content_type = 'multipart/form-data';
341
- $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
342
- if ($issues) {
343
- $scan_malware_count++;
344
- $scanresult['scan'] = $issues;
345
- $flag_update=1;
346
- }
347
- }else{
348
-
349
- }
350
-
351
- if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
- if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
- $repo_status = 1;
355
- if($value==$base){
356
- $repo_file_path=$repo_folder_path['base'];
357
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
358
- $repo_file_path=$repo_folder_path['plugins'];
359
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
360
- $repo_file_path=$repo_folder_path['themes'];
361
- }
362
- $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
363
- if(!empty($issues)){
364
- $repo_issue_count++;
365
- $scanresult['repo']=$issues;
366
- $flag_update=1;
367
- }
368
- }
369
- }
370
- }
371
- if($extns && $extlink){
372
- if($scan_config['ext_link_check'] == 1){
373
- $link_status = 1;
374
- $elresult= $this->check_external_link($file_content);
375
- if(!empty($elresult)){
376
- $malicious_link_count++;
377
- $flag_update=1;
378
- $scanresult['extl']=$elresult;
379
- }
380
- }
381
- }
382
- if($flag_update == 0){
383
- $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
384
- $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
385
- $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
386
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
387
- if(empty($res)){
388
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
389
- }else{
390
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
391
- }
392
- }else{
393
- $infected_files=get_option('mo_wpns_infected_files');
394
- $infected_files++;
395
- if(!empty($res)){
396
- $mo2f_malware_db_handler->delete_hash($source_file_path);
397
- }
398
- update_option('mo_wpns_infected_files', $infected_files);
399
- }
400
- }
401
- if(!empty($scanresult))
402
- $scanresults[$source_file_path]=$scanresult;
403
- }
404
- }
405
- }
406
- }
407
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
408
- if($malware_server_status){
409
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
410
- $postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
411
- $content_type = 'application/x-www-form-urlencoded';
412
- $lastRequest = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
413
- }
414
- update_option('mo_wpns_files_scanned', $nooffiles);
415
- return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
416
- }else{
417
- return array('message'=>'CURL not installed on the server.');
418
- }
419
- } else {
420
- return array('message'=>'No folder selected for scanning.');
421
- }
422
- }
423
-
424
- function mo_wpns_check_malware_server_status($host){
425
- $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
426
- if ( ! $fsock ){
427
- return FALSE;
428
- }else{
429
- fclose($fsock);
430
- return TRUE;
431
- }
432
- }
433
-
434
- function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
435
- $response = null;
436
- $ch=curl_init($host);
437
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
438
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
439
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
440
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
441
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
442
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
443
- curl_setopt( $ch, CURLOPT_POST, true );
444
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
445
- $results=curl_exec($ch);
446
- curl_close($ch);
447
- if($results==false){
448
- error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
449
- }else{
450
- $result = json_decode($results, true);
451
- if(isset($result['status'])){
452
- if ($result['status'] == 'success') {
453
- if($result['result']!='OK')
454
- $response = $result['result'];
455
- }else if($result['status']=='error'){
456
- error_log("Exception on server");
457
- }
458
- }else if(strpos($results, 'Summary')){
459
-
460
- }else{
461
- error_log("Any other issues on server");
462
- }
463
- }
464
- return $response;
465
- }
466
-
467
- function check_with_repo_files($file_content, $repo_file_path){
468
- $issues = array();
469
- if(file_exists($repo_file_path)){
470
- $content=@file_get_contents($repo_file_path);
471
- $hash_repo = md5($content);
472
- $hash_file = md5($file_content);
473
- if ($hash_file != $hash_repo) {
474
- $flag=1;
475
- $issues=array("exist" => "Mismatch in Files");
476
- }
477
- } else {
478
- $issues=array('exist'=>'Unwanted File Found');
479
- }
480
- return $issues;
481
- }
482
-
483
- function getlines($contents, $href){
484
- $newissues = 0;
485
- $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
486
- for($i=0; $i<count($lines); $i++){
487
- $line = $lines[$i];
488
- if (strpos($line, $href) !== false) {
489
- $newissues = $i+1;
490
- }
491
- }
492
- return $newissues;
493
- }
494
-
495
- function check_external_link($contents){
496
- $issues = array();
497
- $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
498
- if(isset($hrefs[1])){
499
- foreach($hrefs[1] as $href){
500
- if($this->isexternal($href)){
501
- $line=$this->getlines($contents, $href);
502
- $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
503
- }
504
- }
505
- }
506
- return $issues;
507
- }
508
-
509
- function isexternal($url) {
510
- $url = trim($url);
511
- $url = trim($url,';');
512
- $url = trim($url,'(');
513
- $url = trim($url,')');
514
- $url = trim($url,"'");
515
- $url = trim($url,'"');
516
- $components = parse_url($url);
517
- if(isset($components['host'])){
518
- if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
519
- else{
520
- if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
521
- return true;
522
- }
523
- }
524
- }
525
- return false;
526
- }
527
- function check_vulnerable_code($contents){
528
- $issues = array();
529
- $tokens = token_get_all($contents);
530
-
531
- for($i=0; $i< sizeof($tokens); $i++) {
532
- $token = $tokens[$i];
533
- if (is_array($token)) {
534
- if(in_array(token_name($token[0]), array("T_EVAL"))){
535
- $issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
536
- if(!empty($issue))
537
- $issues[] = $issue;
538
- } else if(in_array(token_name($token[0]), array("T_STRING"))){
539
- if(in_array($token[1],array("popen","fsockopen"))){
540
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
541
- if(!empty($issue))
542
- $issues[] = $issue;
543
- } else if(in_array($token[1],array("assert"))){
544
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
545
- if(!empty($issue))
546
- $issues[] = $issue;
547
- } else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
548
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
549
- if(!empty($issue))
550
- $issues[] = $issue;
551
- } else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
552
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
553
- if(!empty($issue))
554
- $issues[] = $issue;
555
- }
556
- }
557
- }
558
- }
559
- return $issues;
560
- }
561
-
562
- function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
563
-
564
- $flag = 1;
565
- $argument = "";
566
- $line = "";
567
- $issue = array();
568
- for($j=$start; $j< sizeof($tokens); $j++) {
569
- $innertoken = $tokens[$j];
570
- if ($flag==1 && is_array($innertoken)) {
571
- $argument .= $innertoken[1];
572
- if(empty($line))
573
- $line = $innertoken[2];
574
- } else if($innertoken==";"){
575
- $argument .= ";";
576
- if($checkForExternalLink){
577
- if($this->isexternal($argument)){
578
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
579
- }
580
- } else {
581
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
582
- }
583
- break;
584
- } else if($flag==1){
585
- $argument .= $innertoken;
586
- }
587
- }
588
- return $issue;
589
- }
590
-
591
- function remove_dir($repo_path){
592
- $dir=$repo_path;
593
- $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
594
- $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
595
- foreach($files as $file) {
596
- if ($file->isDir()){
597
- rmdir($file->getRealPath());
598
- } else {
599
- unlink($file->getRealPath());
600
- }
601
- }
602
- rmdir($dir);
603
- }
604
-
605
- function count_total_files($folder_paths, $base, $scan_config){
606
-
607
- $file_count=0;
608
- $file_ext = $scan_config['file_extension'];
609
- $extensions = array();
610
- if(empty($file_ext)){
611
-
612
- }else{
613
- if(strpos($file_ext,';') !=false){
614
- $extensions = explode(";", $file_ext);
615
- }else{
616
- array_push($extensions, $file_ext);
617
- }
618
- }
619
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
620
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
621
- $skip_path_array= array();
622
- for($i=0; $i<count($folder_skip_array); $i++){
623
- $pathParts = explode('/', $folder_skip_array[$i]);
624
- $n= sizeof($pathParts)-1;
625
- $folder= $pathParts[$n];
626
- array_push($skip_path_array, $folder);
627
- }
628
- foreach ($folder_paths as $value) {
629
- if (is_dir($value)) {
630
- foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
631
- if ($item->isFile()) {
632
- $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
633
- if ($value == $base && ($scan_config['core_scan'] == 1)){
634
- $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
635
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
636
-
637
- }else{
638
- continue;
639
- }
640
- }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
641
- continue;
642
- } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
643
- continue;
644
- }
645
- $flag_skip=0;
646
- if (!empty($folder_skip_array)) {
647
- for($q=0; $q<count($skip_path_array); $q++){
648
- if(strpos($source_file_path, $skip_path_array[$q])){
649
- $flag_skip=1;
650
- break;
651
- }
652
- }
653
- }
654
- if($flag_skip == 1){
655
- continue;
656
- }
657
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
658
- $extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
659
- if($extns)
660
- $file_count++;
661
- }
662
- }
663
- }
664
- }
665
- update_option('mo_wpns_total_files', $file_count);
666
- }
667
- }
668
- new Mo_wpns_Scan_Handler;
669
  ?>
1
+ <?php
2
+
3
+ class Mo_wpns_Scan_Handler{
4
+ private $total_files_to_scan;
5
+ public $scanned_files = array();
6
+ function __construct(){
7
+
8
+ }
9
+ function mo2f_scan_all_files($scan_config){
10
+ update_option('mo_wpns_scan_initialize', 0);
11
+ update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
12
+ update_option('mo_wpns_files_scanned',0);
13
+ update_option('mo_wpns_infected_files',0);
14
+ ini_set('memory_limit', '-1');
15
+ ini_set('max_execution_time', 0);
16
+ $result = array();
17
+ $folderpaths = array();
18
+ $wp_repo_file = array();
19
+ $folderNames = "";
20
+ $repo_check_status = $scan_config['check_repo'];
21
+ $repo_check_status_code = 0;
22
+ $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
+ $hostname = 'wordpress.org';
24
+ $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
25
+ if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
26
+ $scan_config['check_repo'] = 0;
27
+ $repo_check_status_code = -97;
28
+ }
29
+ if (!$wordpress_server_status) {
30
+ $scan_config['check_repo'] = 0;
31
+ $repo_check_status_code = -98;
32
+ }
33
+ $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
34
+ if($scan_config['core_scan'] == 1){
35
+ $folderpaths['base'] = $base;
36
+ $folderNames .= "WP Files;";
37
+ }
38
+ if($scan_config['plugin_scan'] == 1){
39
+ $folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
40
+ $folderNames .= "Plugins;";
41
+ }
42
+ if($scan_config['theme_scan'] == 1){
43
+ $folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
44
+ $folderNames .= "Themes;";
45
+ }
46
+ if($scan_config['check_repo'] == 1){
47
+ $folderNames .= "WP Repo Files;";
48
+ }
49
+ $this->count_total_files($folderpaths, $base, $scan_config);
50
+
51
+ if ( ! function_exists( 'get_plugins' ) ) {
52
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
53
+ }
54
+ if ( ! function_exists( 'plugins_api' ) ) {
55
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
56
+ }
57
+ if($scan_config['check_repo'] == 1){
58
+ if(!is_dir($repo_file_path)){
59
+ mkdir($repo_file_path);
60
+ }
61
+ if($scan_config['core_scan'] == 1){
62
+ require(ABSPATH . 'wp-includes/version.php');
63
+ //wordpress name to be changed to be changed based on version
64
+ $zip_name="wp-".$wp_version;
65
+ $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
66
+ update_option('downloaded_wordpress_repo_name', $zip_name);
67
+ if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
68
+ $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
69
+ if($result === -99){
70
+ $scan_config['check_repo'] = 0;
71
+ $repo_check_status_code = -99;
72
+ }else if(!$result){
73
+ $scan_config['check_repo'] = 0;
74
+ $repo_check_status_code = -100;
75
+ }
76
+ }
77
+ }
78
+ if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
79
+ $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
80
+ if(!is_dir($wp_plugin_repo_file)){
81
+ mkdir($wp_plugin_repo_file);
82
+ }
83
+ $wp_repo_file['plugins']=$wp_plugin_repo_file;
84
+ $plugin_list=get_site_transient( 'update_plugins' );
85
+ $all_plugins=array();
86
+ foreach ($plugin_list as $key => $value) {
87
+ if($key=='response'||$key=='no_update'){
88
+ foreach ($value as $ke => $val) {
89
+ $all_plugins[$ke] = $val;
90
+ }
91
+ }
92
+ }
93
+ $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
94
+ if($result === -99){
95
+ $scan_config['check_repo'] = 0;
96
+ $repo_check_status_code = -99;
97
+ }else if(!$result){
98
+ $scan_config['check_repo'] = 0;
99
+ $repo_check_status_code = -100;
100
+ }
101
+ }
102
+ if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
103
+ $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
104
+ if(!is_dir($wp_theme_repo_file)){
105
+ mkdir($wp_theme_repo_file);
106
+ }
107
+ $wp_repo_file['themes']=$wp_theme_repo_file;
108
+ $all_themes=get_site_transient( 'update_themes' )->checked;
109
+ $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
110
+ if($result === -99){
111
+ $scan_config['check_repo'] = 0;
112
+ $repo_check_status_code = -99;
113
+ }else if(!$result){
114
+ $scan_config['check_repo'] = 0;
115
+ $repo_check_status_code = -100;
116
+ }
117
+ }
118
+ }
119
+ $mo2f_malware_db_handler = new MoWpnsDB();
120
+ $time = current_time('timestamp');
121
+ $result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
122
+ $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
123
+ if($result['scan']){
124
+ foreach ($result['scan'] as $key => $value) {
125
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
126
+ }
127
+ }
128
+ $result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
129
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
130
+ if(is_dir($repo_file_path)){
131
+ $this->remove_dir($repo_file_path);
132
+ }
133
+ update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
134
+ $total_scan=$mo2f_malware_db_handler->count_files();
135
+ $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
136
+ $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
137
+ $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
138
+ if($total_scan > 999){
139
+ $total_scan=($total_scan/1000);
140
+ $total_scan= round($total_scan,1)."k";
141
+ }
142
+ if($total_malicious > 999){
143
+ $total_malicious=($total_malicious/1000);
144
+ $total_malicious= round($total_malicious,1)."k";
145
+ }
146
+ $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
147
+ wp_send_json($response);
148
+ }
149
+
150
+ function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
151
+ foreach($themes_or_plugins as $key => $data){
152
+ if($type=='plugins'){
153
+ $plugin_slug=$data->slug;
154
+ $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
155
+ $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
156
+ $plugin_version=$plugin_data['Version'];
157
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
158
+ $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
+ if($result === -99){
160
+ return -99;
161
+ }else if(!$result){
162
+ return false;
163
+ }
164
+ }
165
+ } else if($type=='themes'){
166
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
+ $result= $this->download_repo($key, $data, $path, $type);
168
+ if($result === -99){
169
+ return -99;
170
+ }else if(!$result){
171
+ return false;
172
+ }
173
+ }
174
+ }
175
+ }
176
+ return true;
177
+ }
178
+
179
+ function download_repo($zip_name, $version, $path, $type=''){
180
+ if ($type=='plugins') {
181
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
182
+ $plugin_name=$zip_name.'.'.$version;
183
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
184
+ if( $download_result){
185
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
186
+ return $result;
187
+ }else {
188
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
189
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
190
+ if( $download_result){
191
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
192
+ return $result;
193
+ }else {
194
+ error_log("Unable to download Plugin: ".$plugin_name);
195
+ return -99;
196
+ }
197
+ return -99;
198
+ }
199
+ } else if($type=='themes'){
200
+ $theme_name=$zip_name.'.'.$version;
201
+ $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
202
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
203
+ if( $download_result){
204
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
205
+ return $result;
206
+ }else {
207
+ $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
208
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
209
+ if( $download_result){
210
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
211
+ return $result;
212
+ }else {
213
+ error_log("Unable to download Theme: ".$theme_name);
214
+ return -99;
215
+ }
216
+ return -99;
217
+ }
218
+ } else {
219
+ $download_link="https://wordpress.org/wordpress-".$version.".zip";
220
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
221
+ if($download_result){
222
+ $result=$this->unzip_downloaded_repo($zip_name, $path);
223
+ return $result;
224
+ } else {
225
+ error_log("Unable to download wordpress-".$version);
226
+ return -99;
227
+ }
228
+ }
229
+ return false;
230
+ }
231
+
232
+ function unzip_downloaded_repo($name, $path){
233
+ $zip = new ZipArchive;
234
+ $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
235
+ $res = $zip->open($folder_path);
236
+ if ($res === TRUE) {
237
+ // extract it to the path we determined above
238
+ $result = $zip->extractTo($path);
239
+ $zip->close();
240
+ if ($name == get_option('downloaded_wordpress_repo_name')) {
241
+ rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
242
+ }
243
+ unlink($folder_path);
244
+ return true;
245
+ } else {
246
+ return false;
247
+ }
248
+ }
249
+
250
+ function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
251
+ if(!empty($folderpaths)){
252
+ if ( in_array( 'curl', get_loaded_extensions() ) ) {
253
+ $scanresults=array();
254
+ $nooffiles=0;
255
+ $scan_malware_count = 0;
256
+ $repo_issue_count = 0;
257
+ $malicious_link_count = 0;
258
+ $file_ext = $scan_config['file_extension'];
259
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
260
+ $extensions = array();
261
+ $hostname = 'scanner.api.xecurify.com';
262
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
263
+ if(empty($file_ext)){
264
+ }else{
265
+ if(strpos($file_ext,';') !=false){
266
+ $extensions = explode(";", $file_ext);
267
+ }else{
268
+ array_push($extensions, $file_ext);
269
+ }
270
+ }
271
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
272
+ $skip_path_array= array();
273
+ for($i=0; $i<count($folder_skip_array); $i++){
274
+ $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
275
+ $n= sizeof($pathParts)-1;
276
+ $folder= $pathParts[$n];
277
+ array_push($skip_path_array, $folder);
278
+ }
279
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
280
+ foreach ($folderpaths as $value) {
281
+ $onearr = array();
282
+ if (is_dir($value)) {
283
+ foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
284
+ if ($item->isFile()) {
285
+ $scanresult=array();
286
+ $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
287
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
288
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
289
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
290
+
291
+ }else{
292
+ continue;
293
+ }
294
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
295
+ continue;
296
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
297
+ continue;
298
+ }
299
+ $flag_skip=0;
300
+ if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
301
+ for($q=0; $q<count($skip_path_array); $q++){
302
+ if(strpos($source_file_path, $skip_path_array[$q])){
303
+ $flag_skip=1;
304
+ break;
305
+ }
306
+ }
307
+ }
308
+ if($flag_skip == 1){
309
+ continue;
310
+ }
311
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
+ $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
+ if($extns){
314
+ $nooffiles++;
315
+ if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
316
+ update_option('mo_wpns_files_scanned', $nooffiles);
317
+ }
318
+ }
319
+
320
+ $hash_of_file= md5_file($source_file_path);
321
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
+
323
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
+ $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
+ $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
326
+ $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
327
+ $malware_status = $scanmalware? 0 : 1;
328
+ $repo_status = $repocheck? 0 : 1;
329
+ $link_status = $extlink? 0 : 1;
330
+ if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
331
+
332
+ else{
333
+ $flag_update=0;
334
+ $file_content=file_get_contents($source_file_path);
335
+ $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
+ if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
+ $malware_status = 1;
338
+ $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
+ $postdata = array('file' => $cfile);
340
+ $content_type = 'multipart/form-data';
341
+ $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
342
+ if ($issues) {
343
+ $scan_malware_count++;
344
+ $scanresult['scan'] = $issues;
345
+ $flag_update=1;
346
+ }
347
+ }else{
348
+
349
+ }
350
+
351
+ if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
+ if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
+ $repo_status = 1;
355
+ if($value==$base){
356
+ $repo_file_path=$repo_folder_path['base'];
357
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
358
+ $repo_file_path=$repo_folder_path['plugins'];
359
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
360
+ $repo_file_path=$repo_folder_path['themes'];
361
+ }
362
+ $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
363
+ if(!empty($issues)){
364
+ $repo_issue_count++;
365
+ $scanresult['repo']=$issues;
366
+ $flag_update=1;
367
+ }
368
+ }
369
+ }
370
+ }
371
+ if($extns && $extlink){
372
+ if($scan_config['ext_link_check'] == 1){
373
+ $link_status = 1;
374
+ $elresult= $this->check_external_link($file_content);
375
+ if(!empty($elresult)){
376
+ $malicious_link_count++;
377
+ $flag_update=1;
378
+ $scanresult['extl']=$elresult;
379
+ }
380
+ }
381
+ }
382
+ if($flag_update == 0){
383
+ $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
384
+ $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
385
+ $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
386
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
387
+ if(empty($res)){
388
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
389
+ }else{
390
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
391
+ }
392
+ }else{
393
+ $infected_files=get_option('mo_wpns_infected_files');
394
+ $infected_files++;
395
+ if(!empty($res)){
396
+ $mo2f_malware_db_handler->delete_hash($source_file_path);
397
+ }
398
+ update_option('mo_wpns_infected_files', $infected_files);
399
+ }
400
+ }
401
+ if(!empty($scanresult))
402
+ $scanresults[$source_file_path]=$scanresult;
403
+ }
404
+ }
405
+ }
406
+ }
407
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
408
+ if($malware_server_status){
409
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
410
+ $postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
411
+ $content_type = 'application/x-www-form-urlencoded';
412
+ $lastRequest = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
413
+ }
414
+ update_option('mo_wpns_files_scanned', $nooffiles);
415
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
416
+ }else{
417
+ return array('message'=>'CURL not installed on the server.');
418
+ }
419
+ } else {
420
+ return array('message'=>'No folder selected for scanning.');
421
+ }
422
+ }
423
+
424
+ function mo_wpns_check_malware_server_status($host){
425
+ $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
426
+ if ( ! $fsock ){
427
+ return FALSE;
428
+ }else{
429
+ fclose($fsock);
430
+ return TRUE;
431
+ }
432
+ }
433
+
434
+ function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
435
+ $response = null;
436
+ $ch=curl_init($host);
437
+ curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
438
+ curl_setopt( $ch, CURLOPT_ENCODING, "" );
439
+ curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
440
+ curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
441
+ curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
442
+ curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
443
+ curl_setopt( $ch, CURLOPT_POST, true );
444
+ curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
445
+ $results=curl_exec($ch);
446
+ curl_close($ch);
447
+ if($results==false){
448
+ error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
449
+ }else{
450
+ $result = json_decode($results, true);
451
+ if(isset($result['status'])){
452
+ if ($result['status'] == 'success') {
453
+ if($result['result']!='OK')
454
+ $response = $result['result'];
455
+ }else if($result['status']=='error'){
456
+ error_log("Exception on server");
457
+ }
458
+ }else if(strpos($results, 'Summary')){
459
+
460
+ }else{
461
+ error_log("Any other issues on server");
462
+ }
463
+ }
464
+ return $response;
465
+ }
466
+
467
+ function check_with_repo_files($file_content, $repo_file_path){
468
+ $issues = array();
469
+ if(file_exists($repo_file_path)){
470
+ $content=@file_get_contents($repo_file_path);
471
+ $hash_repo = md5($content);
472
+ $hash_file = md5($file_content);
473
+ if ($hash_file != $hash_repo) {
474
+ $flag=1;
475
+ $issues=array("exist" => "Mismatch in Files");
476
+ }
477
+ } else {
478
+ $issues=array('exist'=>'Unwanted File Found');
479
+ }
480
+ return $issues;
481
+ }
482
+
483
+ function getlines($contents, $href){
484
+ $newissues = 0;
485
+ $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
486
+ for($i=0; $i<count($lines); $i++){
487
+ $line = $lines[$i];
488
+ if (strpos($line, $href) !== false) {
489
+ $newissues = $i+1;
490
+ }
491
+ }
492
+ return $newissues;
493
+ }
494
+
495
+ function check_external_link($contents){
496
+ $issues = array();
497
+ $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
498
+ if(isset($hrefs[1])){
499
+ foreach($hrefs[1] as $href){
500
+ if($this->isexternal($href)){
501
+ $line=$this->getlines($contents, $href);
502
+ $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
503
+ }
504
+ }
505
+ }
506
+ return $issues;
507
+ }
508
+
509
+ function isexternal($url) {
510
+ $url = trim($url);
511
+ $url = trim($url,';');
512
+ $url = trim($url,'(');
513
+ $url = trim($url,')');
514
+ $url = trim($url,"'");
515
+ $url = trim($url,'"');
516
+ $components = parse_url($url);
517
+ if(isset($components['host'])){
518
+ if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
519
+ else{
520
+ if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
521
+ return true;
522
+ }
523
+ }
524
+ }
525
+ return false;
526
+ }
527
+ function check_vulnerable_code($contents){
528
+ $issues = array();
529
+ $tokens = token_get_all($contents);
530
+
531
+ for($i=0; $i< sizeof($tokens); $i++) {
532
+ $token = $tokens[$i];
533
+ if (is_array($token)) {
534
+ if(in_array(token_name($token[0]), array("T_EVAL"))){
535
+ $issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
536
+ if(!empty($issue))
537
+ $issues[] = $issue;
538
+ } else if(in_array(token_name($token[0]), array("T_STRING"))){
539
+ if(in_array($token[1],array("popen","fsockopen"))){
540
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
541
+ if(!empty($issue))
542
+ $issues[] = $issue;
543
+ } else if(in_array($token[1],array("assert"))){
544
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
545
+ if(!empty($issue))
546
+ $issues[] = $issue;
547
+ } else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
548
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
549
+ if(!empty($issue))
550
+ $issues[] = $issue;
551
+ } else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
552
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
553
+ if(!empty($issue))
554
+ $issues[] = $issue;
555
+ }
556
+ }
557
+ }
558
+ }
559
+ return $issues;
560
+ }
561
+
562
+ function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
563
+
564
+ $flag = 1;
565
+ $argument = "";
566
+ $line = "";
567
+ $issue = array();
568
+ for($j=$start; $j< sizeof($tokens); $j++) {
569
+ $innertoken = $tokens[$j];
570
+ if ($flag==1 && is_array($innertoken)) {
571
+ $argument .= $innertoken[1];
572
+ if(empty($line))
573
+ $line = $innertoken[2];
574
+ } else if($innertoken==";"){
575
+ $argument .= ";";
576
+ if($checkForExternalLink){
577
+ if($this->isexternal($argument)){
578
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
579
+ }
580
+ } else {
581
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
582
+ }
583
+ break;
584
+ } else if($flag==1){
585
+ $argument .= $innertoken;
586
+ }
587
+ }
588
+ return $issue;
589
+ }
590
+
591
+ function remove_dir($repo_path){
592
+ $dir=$repo_path;
593
+ $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
594
+ $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
595
+ foreach($files as $file) {
596
+ if ($file->isDir()){
597
+ rmdir($file->getRealPath());
598
+ } else {
599
+ unlink($file->getRealPath());
600
+ }
601
+ }
602
+ rmdir($dir);
603
+ }
604
+
605
+ function count_total_files($folder_paths, $base, $scan_config){
606
+
607
+ $file_count=0;
608
+ $file_ext = $scan_config['file_extension'];
609
+ $extensions = array();
610
+ if(empty($file_ext)){
611
+
612
+ }else{
613
+ if(strpos($file_ext,';') !=false){
614
+ $extensions = explode(";", $file_ext);
615
+ }else{
616
+ array_push($extensions, $file_ext);
617
+ }
618
+ }
619
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
620
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
621
+ $skip_path_array= array();
622
+ for($i=0; $i<count($folder_skip_array); $i++){
623
+ $pathParts = explode('/', $folder_skip_array[$i]);
624
+ $n= sizeof($pathParts)-1;
625
+ $folder= $pathParts[$n];
626
+ array_push($skip_path_array, $folder);
627
+ }
628
+ foreach ($folder_paths as $value) {
629
+ if (is_dir($value)) {
630
+ foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
631
+ if ($item->isFile()) {
632
+ $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
633
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
634
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
635
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
636
+
637
+ }else{
638
+ continue;
639
+ }
640
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
641
+ continue;
642
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
643
+ continue;
644
+ }
645
+ $flag_skip=0;
646
+ if (!empty($folder_skip_array)) {
647
+ for($q=0; $q<count($skip_path_array); $q++){
648
+ if(strpos($source_file_path, $skip_path_array[$q])){
649
+ $flag_skip=1;
650
+ break;
651
+ }
652
+ }
653
+ }
654
+ if($flag_skip == 1){
655
+ continue;
656
+ }
657
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
658
+ $extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
659
+ if($extns)
660
+ $file_count++;
661
+ }
662
+ }
663
+ }
664
+ }
665
+ update_option('mo_wpns_total_files', $file_count);
666
+ }
667
+ }
668
+ new Mo_wpns_Scan_Handler;
669
  ?>
handler/malware_scanner/malware_scanner_cron.php CHANGED
@@ -1,1050 +1,1192 @@
1
- <?php
2
-
3
- class Mo_wpns_Scan_Handler_Cron{
4
- private $total_files_to_scan;
5
- public $scanned_files = array();
6
- function __construct(){
7
-
8
- }
9
-
10
- function mo2f_scan_all_files($scan_config, $start_time){
11
- ini_set('memory_limit', '-1');
12
- ini_set('max_execution_time', 0);
13
- $time_limit= ini_get('max_execution_time');
14
-
15
- $result = array();
16
- $folderpaths = array();
17
- $wp_repo_file = array();
18
- $folderNames = "";
19
- $repo_check_status_code=0;
20
- update_option('mo_stop_scan','0');
21
- $base = get_home_path();
22
- $hostname = 'wordpress.org';
23
- $uploads_dir = wp_upload_dir();
24
- $uploads_path= $uploads_dir['basedir'];
25
- if (!is_writable($uploads_path)) {
26
- $scan_config['check_repo'] = 0;
27
- $repo_check_status_code = -97;
28
- }else{
29
- $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
30
- if (!$wordpress_server_status) {
31
- $scan_config['check_repo'] = 0;
32
- $repo_check_status_code = -98;
33
- }
34
- }
35
-
36
- if($scan_config['core_scan'] == 1){
37
- $folderpaths['base'] = $base;
38
- $folderNames .= "WP Files;";
39
- }
40
- if($scan_config['plugin_scan'] == 1){
41
- $folderpaths['plugins'] = WP_PLUGIN_DIR;
42
- $folderNames .= "Plugins;";
43
- }
44
- if($scan_config['theme_scan'] == 1){
45
- $folderpaths['themes'] = get_theme_root();
46
- $folderNames .= "Themes;";
47
- }
48
- if($scan_config['check_repo'] == 1){
49
- $folderNames .= "WP Repo Files;";
50
- }
51
-
52
- $this->count_total_files($folderpaths, $base, $scan_config);
53
- update_option('mo2f_repo_status', $repo_check_status_code);
54
-
55
- $mo2f_malware_db_handler = new MoWpnsDB();
56
- $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $start_time, $repo_check_status_code);
57
- update_option('mo2f_report_id', $reportid);
58
-
59
- $scanverification=$this->createKeyCurrentScan($scan_config['type_scan'],$reportid);
60
-
61
- $response=$this->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
62
-
63
- wp_send_json('success');
64
- }
65
-
66
- function createKeyCurrentScan($scan_mode,$reportid){
67
-
68
- $scanverification=md5($scan_mode. MO2f_Utility::random_str(24).$reportid);
69
- update_option("mo2f_scanverification",$scanverification);
70
- return $scanverification;
71
- }
72
-
73
- function mo2f_wp_remote_get($scan_mode, $reportid, $scanverification,$scan_stage_complete=1){
74
- //set time out based on time left or 10 secs
75
-
76
- $scan_nonce=rand(10,100000);
77
- $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
78
- $url = get_site_url()."?scan_request=1"."&scanverification=".$scanverification."&reportid=".$reportid."&scan_stage_complete=".$scan_stage_complete."&scan_mode=".$scan_mode."&scan_nonce=".$scan_nonce;//scanverification,report_id, scan_stage_complete and scan_mode
79
-
80
- $args = array(
81
- 'method' => 'GET',
82
- 'body' => '',
83
- 'timeout' => '5',
84
- 'redirection' => '5',
85
- 'httpversion' => '1.0',
86
- 'blocking' => true,
87
- 'headers' => $http_header_array
88
- );
89
- $response= wp_remote_get($url,$args);
90
-
91
- }
92
-
93
- function mo2f_download_core_wp($repo_file_path, $scan_config, $reportid, $scanverification){
94
- $repo_check_status = $scan_config['check_repo'];
95
- $repo_check_status_code=get_option('mo2f_repo_status');
96
- $wp_repo_file=get_option('mo2f_repo_path');
97
- if ( ! function_exists( 'get_plugins' ) ) {
98
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
99
- }
100
- if ( ! function_exists( 'plugins_api' ) ) {
101
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
102
- }
103
-
104
- if($scan_config['core_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
105
- if(!is_dir($repo_file_path)){
106
- mkdir($repo_file_path);
107
- }
108
- $download_status=time();
109
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
110
- $decoded_scan_configuration->status_download_time=$download_status;
111
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
112
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
113
- require(ABSPATH . 'wp-includes/version.php');
114
- //wordpress name to be changed to be changed based on version
115
- $zip_name="wp-".$wp_version;
116
- $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
117
- update_option('downloaded_wordpress_repo_name', $zip_name);
118
- if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
119
- $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
120
- if($result === -99){
121
- $scan_config['check_repo'] = 0;
122
- $repo_check_status_code = -99;
123
- }else if(!$result){
124
- $scan_config['check_repo'] = 0;
125
- $repo_check_status_code = -100;
126
- }
127
- }
128
- }
129
-
130
- if($repo_check_status != $scan_config['check_repo']){
131
- update_option('mo2f_repo_status', $repo_check_status_code);
132
- $scan_stage_complete=6;
133
- }else{
134
- update_option('mo2f_repo_path', $wp_repo_file);
135
- $scan_stage_complete=6;
136
- }
137
-
138
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
139
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
140
-
141
- }
142
-
143
- function mo2f_download_plugins_wp($repo_file_path, $scan_config, $start_time, $time_limit, $reportid, $scanverification){
144
- $repo_check_status = $scan_config['check_repo'];
145
- $repo_check_status_code=get_option('mo2f_repo_status');
146
- $flag=0;
147
- $wp_repo_file=array();
148
- if ( ! function_exists( 'get_plugins' ) ) {
149
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
150
- }
151
- if ( ! function_exists( 'plugins_api' ) ) {
152
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
153
- }
154
-
155
- if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
156
- if(!is_dir($repo_file_path)){
157
- mkdir($repo_file_path);
158
- }
159
- $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
160
- if(!is_dir($wp_plugin_repo_file)){
161
- mkdir($wp_plugin_repo_file);
162
- }
163
- $download_status=time();
164
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
165
- $decoded_scan_configuration->status_download_time=$download_status;
166
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
167
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
168
- $wp_repo_file['plugins']=$wp_plugin_repo_file;
169
- $plugin_list=get_site_transient( 'update_plugins' );
170
- $all_plugins=array();
171
- foreach ($plugin_list as $key => $value) {
172
- if($key=='response'||$key=='no_update'){
173
- foreach ($value as $ke => $val) {
174
- $all_plugins[$ke] = $val;
175
- }
176
- }
177
- }
178
- $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins', $start_time, $time_limit,$scan_config,$reportid, $scanverification);
179
- if($result === -99){
180
- $scan_config['check_repo'] = 0;
181
- $repo_check_status_code = -99;
182
- }else if(!$result){
183
- $scan_config['check_repo'] = 0;
184
- $repo_check_status_code = -100;
185
- }else if($result === 'incomplete'){
186
- $flag=1;
187
- }
188
- }
189
- if($repo_check_status != $scan_config['check_repo']){
190
- update_option('mo2f_repo_status', $repo_check_status_code);
191
- $scan_stage_complete=6;
192
- }else{
193
- if($flag == 1){
194
- $scan_stage_complete=3;
195
- }else{
196
- update_option('mo2f_repo_path', $wp_repo_file);
197
- update_option('mo2f_download_done',0);
198
- $scan_stage_complete=4;
199
- }
200
- }
201
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
202
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
203
-
204
- }
205
-
206
- function mo2f_download_themes_wp($repo_file_path, $scan_config, $start_time, $time_limit,$reportid, $scanverification){
207
- $repo_check_status = $scan_config['check_repo'];
208
- $repo_check_status_code=get_option('mo2f_repo_status');
209
- $flag=0;
210
- $wp_repo_file=get_option('mo2f_repo_path');
211
- if ( ! function_exists( 'get_plugins' ) ) {
212
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
213
- }
214
- if ( ! function_exists( 'plugins_api' ) ) {
215
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
216
- }
217
-
218
- if($scan_config['theme_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
219
- if(!is_dir($repo_file_path)){
220
- mkdir($repo_file_path);
221
- }
222
- $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
223
- if(!is_dir($wp_theme_repo_file)){
224
- mkdir($wp_theme_repo_file);
225
- }
226
- $download_status=time();
227
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
228
- $decoded_scan_configuration->status_download_time=$download_status;
229
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
230
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
231
- $wp_repo_file['themes']=$wp_theme_repo_file;
232
- $all_themes=get_site_transient( 'update_themes' )->checked;
233
- $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes', $start_time, $time_limit,$scan_config,$reportid,$scanverification);
234
- if($result === -99){
235
- $scan_config['check_repo'] = 0;
236
- $repo_check_status_code = -99;
237
- }else if(!$result){
238
- $scan_config['check_repo'] = 0;
239
- $repo_check_status_code = -100;
240
- }else if($result === 'incomplete'){
241
- $flag=1;
242
- }
243
- }
244
- if($repo_check_status != $scan_config['check_repo']){
245
- update_option('mo2f_repo_status', $repo_check_status_code);
246
- $scan_stage_complete=6;
247
- }else{
248
- if($flag == 1){
249
- $scan_stage_complete=4;
250
-
251
- }else{
252
- update_option('mo2f_repo_path', $wp_repo_file);
253
- update_option('mo2f_download_done',0);
254
- $scan_stage_complete=5;
255
- }
256
- }
257
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
258
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
259
- }
260
-
261
- function iterator_plugins_themes($themes_or_plugins, $path, $type='', $start_time, $time_limit, $scan_config,$reportid, $scanverification){
262
- $downloaded_already= get_option('mo2f_download_done');
263
- if($downloaded_already == false){
264
- $downloaded_already=0;
265
- }
266
- $i=0;
267
- foreach($themes_or_plugins as $key => $data){
268
- $i++;
269
- $exec_status= $this->check_exec_limit($start_time, $time_limit);
270
- if(! $exec_status){//wp_remote_get
271
- update_option('mo2f_download_done', $i-1);
272
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
273
- if($type=='plugins'){
274
- $scan_stage_complete=3;
275
- }else if($type=='themes'){
276
- $scan_stage_complete=4;
277
- }
278
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
279
- return 'incomplete';
280
- }
281
- if($i <= $downloaded_already){
282
- continue;
283
- }
284
- if($type=='plugins'){
285
- if(! file_exists(WP_PLUGIN_DIR.DIRECTORY_SEPARATOR.$data->plugin)){
286
- continue;
287
- }
288
- $plugin_slug=$data->slug;
289
- $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
290
- $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
291
- $plugin_version=$plugin_data['Version'];
292
- if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
293
- $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
294
- if($result === -99){
295
- return -99;
296
- }else if(!$result){
297
- return false;
298
- }
299
- }
300
- } else if($type=='themes'){
301
- $installed_themes = wp_get_themes();
302
- $flag_theme=0;
303
- foreach ($installed_themes as $theme_name => $attributes) {
304
- if($key == $theme_name){
305
- $flag_theme=1;
306
- break;
307
- }
308
- }
309
- if(!is_dir($path.DIRECTORY_SEPARATOR.$key) && $flag_theme == 1){
310
- $result= $this->download_repo($key, $data, $path, $type);
311
- if($result === -99){
312
- return -99;
313
- }else if(!$result){
314
- return false;
315
- }
316
- }
317
- }
318
- }
319
- return true;
320
- }
321
-
322
- function download_repo($zip_name, $version, $path, $type=''){
323
- if ($type=='plugins') {
324
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
325
- $plugin_name=$zip_name.'.'.$version;
326
-
327
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
328
- if( $download_result){
329
- $result = $this->unzip_downloaded_repo($zip_name, $path);
330
- return $result;
331
- }else {
332
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
333
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
334
- if( $download_result){
335
- $result = $this->unzip_downloaded_repo($zip_name, $path);
336
- return $result;
337
- }else {
338
- error_log("Unable to download Plugin: ".$plugin_name);
339
- return -99;
340
- }
341
- return -99;
342
- }
343
- } else if($type=='themes'){
344
- $theme_name=$zip_name.'.'.$version;
345
- $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
346
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
347
- if( $download_result){
348
- $result = $this->unzip_downloaded_repo($zip_name, $path);
349
- return $result;
350
- }else {
351
- $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
352
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
353
- if( $download_result){
354
- $result = $this->unzip_downloaded_repo($zip_name, $path);
355
- return $result;
356
- }else {
357
- error_log("Unable to download Theme: ".$theme_name);
358
- return -99;
359
- }
360
- return -99;
361
- }
362
- } else {
363
- $download_link="https://wordpress.org/wordpress-".$version.".zip";
364
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
365
- if($download_result){
366
- $result=$this->unzip_downloaded_repo($zip_name, $path);
367
- return $result;
368
- } else {
369
- error_log("Unable to download wordpress-".$version);
370
- return -99;
371
- }
372
- }
373
- return false;
374
- }
375
-
376
- function unzip_downloaded_repo($name, $path){
377
- $zip = new ZipArchive;
378
- $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
379
- $res = $zip->open($folder_path);
380
- if ($res === TRUE) {
381
- // extract it to the path we determined above
382
- $result = $zip->extractTo($path);
383
- $zip->close();
384
- if ($name == get_option('downloaded_wordpress_repo_name')) {
385
- rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
386
- }
387
- unlink($folder_path);
388
- return true;
389
- } else {
390
- return false;
391
- }
392
- }
393
-
394
- function mo_wpns_check_malware_server_status($host){
395
- $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
396
- if ( ! $fsock ){
397
- return FALSE;
398
- }else{
399
- fclose($fsock);
400
- return TRUE;
401
- }
402
- }
403
-
404
- function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
405
- $response = null;
406
- $ch=curl_init($host);
407
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
408
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
409
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
410
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
411
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
412
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
413
- curl_setopt( $ch, CURLOPT_POST, true );
414
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
415
- curl_setopt($ch, CURLOPT_TIMEOUT, 5);
416
- $results=curl_exec($ch);
417
- curl_close($ch);
418
- if($results==false){
419
-
420
- }else{
421
- $result = json_decode($results, true);
422
- if(isset($result['status'])){
423
- if ($result['status'] == 'success') {
424
- if($result['result']!='OK')
425
- $response = $result['result'];
426
- }else if($result['status']=='error'){
427
- error_log("Exception on server");
428
- }
429
- }else if(strpos($results, 'Summary')){
430
-
431
- }else{
432
- error_log("Any other issues on server");
433
- }
434
- }
435
- return $response;
436
- }
437
-
438
- function check_with_repo_files($file_content, $repo_file_path){
439
- $issues = array();
440
- if(file_exists($repo_file_path)){
441
- $content=@file_get_contents($repo_file_path);
442
- $hash_repo = md5($content);
443
- $hash_file = md5($file_content);
444
- if ($hash_file != $hash_repo) {
445
- $flag=1;
446
- $issues=array("exist" => "Mismatch in Files");
447
- }
448
- } else {
449
- $issues=array('exist'=>'Unwanted File Found');
450
- }
451
- return $issues;
452
- }
453
-
454
- function getlines($contents, $href){
455
- $newissues = 0;
456
- $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
457
- for($i=0; $i<count($lines); $i++){
458
- $line = $lines[$i];
459
- if (strpos($line, $href) !== false) {
460
- $newissues = $i+1;
461
- }
462
- }
463
- return $newissues;
464
- }
465
-
466
- function check_external_link($contents){
467
- $issues = array();
468
- $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
469
- if(isset($hrefs[1])){
470
- foreach($hrefs[1] as $href){
471
- if($this->isexternal($href)){
472
- $line=$this->getlines($contents, $href);
473
- $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
474
- }
475
- }
476
- }
477
- return $issues;
478
- }
479
-
480
- function isexternal($url) {
481
- $url = trim($url);
482
- $url = trim($url,';');
483
- $url = trim($url,'(');
484
- $url = trim($url,')');
485
- $url = trim($url,"'");
486
- $url = trim($url,'"');
487
- $components = parse_url($url);
488
- if(isset($components['host'])){
489
- if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot|php.net)/i', $components['host']) === 1) {}
490
- else{
491
- if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
492
- return true;
493
- }
494
- }
495
- }
496
- return false;
497
- }
498
-
499
- function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
500
-
501
- $flag = 1;
502
- $argument = "";
503
- $line = "";
504
- $issue = array();
505
- for($j=$start; $j< sizeof($tokens); $j++) {
506
- $innertoken = $tokens[$j];
507
- if ($flag==1 && is_array($innertoken)) {
508
- $argument .= $innertoken[1];
509
- if(empty($line))
510
- $line = $innertoken[2];
511
- } else if($innertoken==";"){
512
- $argument .= ";";
513
- if($checkForExternalLink){
514
- if($this->isexternal($argument)){
515
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
516
- }
517
- } else {
518
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
519
- }
520
- break;
521
- } else if($flag==1){
522
- $argument .= $innertoken;
523
- }
524
- }
525
- return $issue;
526
- }
527
-
528
- function remove_dir($repo_path){
529
- $dir=$repo_path;
530
- $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
531
- $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
532
- foreach($files as $file) {
533
- if ($file->isDir()){
534
- rmdir($file->getPathname());
535
- } else {
536
- unlink($file->getPathname());
537
- }
538
- }
539
- rmdir($dir);
540
- }
541
-
542
- function count_total_files($folder_paths, $base, $scan_config){
543
- if(isset($folder_paths['base'])){
544
- $temp= $folder_paths['base'];
545
- $folder_paths = array('base' => $temp);
546
- }
547
- $mo2f_malware_db_handler = new MoWpnsDB();
548
- $file_count=0;
549
- $nooffiles=0;
550
- $file_path_array=array();
551
- $skip_path_array= array();
552
- $folder_skip_array=array();
553
- $extensions = array();
554
- if($scan_config['type_scan'] == "Custom Scan"){
555
- $file_ext = $scan_config['file_extension'];
556
- if(empty($file_ext)){
557
-
558
- }else{
559
- if(strpos($file_ext,';') !=false){
560
- $extensions = explode(";", $file_ext);
561
- }else{
562
- array_push($extensions, $file_ext);
563
- }
564
- }
565
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
566
-
567
- for($i=0; $i<count($folder_skip_array); $i++){
568
- $pathParts = explode('/', $folder_skip_array[$i]);
569
- $n= sizeof($pathParts)-1;
570
- $folder= $pathParts[$n];
571
- array_push($skip_path_array, $folder);
572
- }
573
- }
574
- foreach ($folder_paths as $value) {
575
- $file_list= list_files($value,100);
576
- foreach ($file_list as $key => $value1) {
577
-
578
- $source_file_path= $value1;
579
-
580
- if(is_dir($source_file_path)){
581
- continue;
582
- }
583
- $source_file_path_for_explode = str_replace('/', '\\', $source_file_path);
584
- $arr= explode('\\', $source_file_path_for_explode);
585
- $theme_path=get_theme_root();
586
- if ($value == $base && ($scan_config['core_scan'] == 1)){
587
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
588
-
589
- }else{
590
- continue;
591
- }
592
- }elseif ($value == WP_PLUGIN_DIR && $arr[count($arr)-1]=='index.php'){
593
- continue;
594
- }elseif ($value == $theme_path && $arr[count($arr)-1]=='index.php'){
595
- continue;
596
- }
597
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
598
- if($scan_config['type_scan'] == "Custom Scan"){
599
- $flag_skip=0;
600
- if (!empty($folder_skip_array)) {
601
- for($q=0; $q<count($skip_path_array); $q++){
602
- if(strpos($source_file_path, $skip_path_array[$q])){
603
- $flag_skip=1;
604
- break;
605
- }
606
- }
607
- }
608
- if($flag_skip == 1){
609
- continue;
610
- }
611
-
612
- if(!empty($extensions)){
613
- if(!in_array($ext, $extensions)){
614
- continue;
615
- }
616
- }
617
- }
618
- if(in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw'))){
619
- continue;
620
- }
621
- $file_count++;
622
- $nooffiles=$nooffiles+1;
623
- $file_path_array[$nooffiles]= $source_file_path;
624
- if($nooffiles>0 && $nooffiles%100==0){
625
- $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
626
- $nooffiles=0;
627
- $file_path_array=array();
628
- }
629
- }
630
- $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
631
- $nooffiles=0;
632
- $file_path_array=array();
633
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
634
- $decoded_scan_status->total_files=$file_count;
635
- $encoded_scan_status=json_encode($decoded_scan_status);
636
- update_option("mo_wpns_scan_status",$encoded_scan_status);
637
- }
638
- }
639
-
640
- function averageFileScanTime($currentFileScanTime,$currentScanFileCount,$averageFileScanTime,$previous_scanned){
641
-
642
- if($previous_scanned!=0 || $currentScanFileCount!=0) {
643
- try {
644
- $totalTime = (float)($averageFileScanTime * $previous_scanned);
645
- $timeDifference = time() - $currentFileScanTime;
646
- $avergaeTimeEachFile = (float)(( $totalTime + $timeDifference )) / (float)(( $previous_scanned + $currentScanFileCount ));
647
-
648
- } catch ( Exception $e ) {
649
- $avergaeTimeEachFile = 0;
650
- }
651
- }else{
652
- $avergaeTimeEachFile = 0;
653
- }
654
- return $avergaeTimeEachFile;
655
- }
656
-
657
- function get_scan_result_parts($mo2f_malware_db_handler=null, $folderpaths=array(), $scan_config, $start_time, $time_limit){
658
- if(!empty($folderpaths)){
659
- if ( in_array( 'curl', get_loaded_extensions() ) ) {
660
- $scanresults=array();
661
- $nooffiles=0;
662
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
663
- $previous_scanned = $decoded_scan_status->files_scanned;
664
- $previous_processed_files=$decoded_scan_status->total_files_processed;
665
- $scan_malware_count = 0;
666
- $repo_issue_count = 0;
667
- $malicious_link_count = 0;
668
- $file_ext = $scan_config['file_extension'];
669
- $host = MoWpnsConstants::$host;
670
- $extensions = array();
671
- $hostname = MoWpnsConstants::$hostname;
672
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
673
- if(empty($file_ext)){
674
- }else{
675
- if(strpos($file_ext,';') !=false){
676
- $extensions = explode(";", $file_ext);
677
- }else{
678
- array_push($extensions, $file_ext);
679
- }
680
- }
681
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
682
- $skip_path_array= array();
683
- for($i=0; $i<count($folder_skip_array); $i++){
684
- $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
685
- $n= sizeof($pathParts)-1;
686
- $folder= $pathParts[$n];
687
- array_push($skip_path_array, $folder);
688
- }
689
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
690
- $currentFileScanTime=time();
691
- $currentScanFileCount=$nooffiles;
692
- $avergaeTimeEachFile=0;//in miliseconds
693
- foreach ($folderpaths as $value) {
694
- $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
695
-
696
- if(!$status){//wp_remote_get
697
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
698
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
699
- $mo_wpns_files_scanned=(0.7*$nooffiles)+$previous_scanned;
700
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
701
- $encoded_scan_status=json_encode($decoded_scan_status);
702
- update_option('mo_wpns_scan_status', $encoded_scan_status);
703
- return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
704
- //time limit close by. Returned status of current scan. Update DB and make next request.
705
- }
706
-
707
- $scanresult=array();
708
- $source_file_path=$value->path;
709
- if(!file_exists($source_file_path)){
710
- $nooffiles++;
711
- continue;
712
- }
713
-
714
- $source_file_path_size = str_replace("\\", "/", $source_file_path);
715
-
716
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
717
- $ext= strtolower($ext);
718
- if(!((filesize($source_file_path_size) < 1048576)) ){
719
- $nooffiles++;
720
- continue;
721
- }
722
- $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
723
- if($extns){
724
- $nooffiles++;
725
- if((0.7*$nooffiles) > 50){
726
- $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
727
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
728
- $encoded_scan_status=json_encode($decoded_scan_status);
729
- update_option('mo_wpns_scan_status', $encoded_scan_status);
730
-
731
- }
732
- }
733
-
734
- $hash_of_file= md5_file($source_file_path);
735
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
736
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
737
- $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
738
- $malware_status = $scanmalware? 0 : 1;
739
-
740
- if(!empty($res) && !$scanmalware ){
741
- }
742
- else{
743
- $flag_update=0;
744
- if((filesize($source_file_path_size) < 1048576) ){
745
- $file_content=file_get_contents($source_file_path);
746
-
747
- if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
748
- $malware_status = 1;
749
- $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
750
- $postdata = array('file' => $cfile);
751
-
752
- $content_type = 'multipart/form-data';
753
- $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
754
- if ($issues) {
755
- $scan_malware_count++;
756
- $scanresult['scan'] = $issues;
757
- $flag_update=1;
758
- }
759
- }else{
760
-
761
- }
762
- }
763
-
764
- if($flag_update == 0){
765
- $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
766
- $repo_status=0;
767
- $link_status=0;
768
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
769
- if(empty($res)){
770
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
771
- }else{
772
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
773
- }
774
- }else{
775
- $infected_files=get_option('mo_wpns_infected_files');
776
- $infected_files++;
777
- update_option('mo_wpns_infected_files', $infected_files);
778
- }
779
- }
780
- if(!empty($scanresult))
781
- $scanresults[$source_file_path]=$scanresult;
782
-
783
- }
784
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
785
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
786
- $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
787
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
788
- $encoded_scan_status=json_encode($decoded_scan_status);
789
- update_option('mo_wpns_scan_status', $encoded_scan_status);
790
-
791
- return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
792
- }else{
793
- return array('message'=>'CURL not installed on the server.');
794
- }
795
- } else {
796
- return array('message'=>'No folder selected for scanning.');
797
- }
798
- }
799
-
800
- function scan_for_ext_link($files_to_scan, $scan_config, $start_time, $time_limit, $reportid){
801
- $mo2f_malware_db_handler = new MoWpnsDB();
802
- $scanresults=array();
803
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
804
- $previous_scanned = $decoded_scan_status->files_scanned;
805
- $currentFileScanTime=time();
806
- $nooffiles=0;
807
- $malicious_link_count=0;
808
- $previous_processed_files=$decoded_scan_status->total_files_processed;
809
- foreach ($files_to_scan as $value) {
810
- $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
811
- if(!$status){//wp_remote_get
812
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
813
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
814
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
815
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
816
- $encoded_scan_status=json_encode($decoded_scan_status);
817
- update_option('mo_wpns_scan_status', $encoded_scan_status);
818
- return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
819
- }
820
- $flag_update=0;
821
- $nooffiles++;
822
- if((0.15*$nooffiles)> 50){// remove get_option
823
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
824
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
825
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
826
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
827
- $encoded_scan_status=json_encode($decoded_scan_status);
828
- update_option('mo_wpns_scan_status', $encoded_scan_status);
829
- }
830
- $source_file_path=$value->path;
831
- if(!file_exists($source_file_path) || filesize($source_file_path) > 5242880){
832
- continue;
833
- }
834
- $hash_of_file= md5_file($source_file_path);
835
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
836
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
837
- $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
838
- $link_status = $extlink? 0 : 1;
839
- if(is_array($datascan)){
840
- $malware_status= $datascan['malware'];
841
- }else{
842
- $malware_status=0;
843
- }
844
-
845
- $scanresult=array();
846
-
847
- $file_content=file_get_contents($source_file_path);
848
- if($scan_config['ext_link_check'] == 1 && $extlink){
849
- $link_status=1;
850
- $elresult= $this->check_external_link($file_content);
851
- if(!empty($elresult)){
852
- $malicious_link_count++;
853
- $flag_update=1;
854
- $scanresult['extl']=$elresult;
855
- }
856
- }
857
-
858
- if($flag_update == 0){
859
- $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
860
- $repo_status=0;
861
-
862
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
863
- $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
864
- $file_already_infected=false;
865
- foreach ($infected_array as $key => $value) {
866
- if($value->filename == $source_file_path){
867
- $file_already_infected=true;
868
- break;
869
- }
870
- }
871
-
872
- if($file_already_infected){
873
-
874
- }elseif(empty($res)){
875
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
876
- }else{
877
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
878
- }
879
- }else{
880
- $infected_files=get_option('mo_wpns_warning_files');
881
- $infected_files++;
882
- update_option('mo_wpns_warning_files', $infected_files);
883
- }
884
- if(!empty($scanresult))
885
- $scanresults[$source_file_path]=$scanresult;
886
- }
887
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
888
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
889
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
890
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
891
- $encoded_scan_status=json_encode($decoded_scan_status);
892
- update_option('mo_wpns_scan_status', $encoded_scan_status);
893
- return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
894
- }
895
-
896
- function scan_with_repo($files_to_scan, $scan_config, $start_time, $time_limit, $reportid, $repo_file_path){
897
- $mo2f_malware_db_handler = new MoWpnsDB();
898
- $scanresults=array();
899
- $default_themes = array('twentynineteen', 'twentyseventeen', 'twentysixteen', 'twentytwenty');
900
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
901
- $previous_scanned = $decoded_scan_status->files_scanned;
902
- $previous_processed_files=$decoded_scan_status->total_files_processed;
903
- $nooffiles=0;
904
- $repo_issue_count=0;
905
- $currentFileScanTime=time();
906
- foreach ($files_to_scan as $value) {
907
- $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
908
- if(!$status){//wp_remote_get
909
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
910
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
911
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
912
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
913
- $encoded_scan_status=json_encode($decoded_scan_status);
914
- update_option('mo_wpns_scan_status', $encoded_scan_status);
915
- return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
916
- //time limit close by. Returned status of current scan. Update DB and make next request.
917
- }
918
- $flag_update=0;
919
- $nooffiles++;
920
- if((0.15*$nooffiles) > 50){
921
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
922
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
923
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
924
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
925
- $encoded_scan_status=json_encode($decoded_scan_status);
926
- update_option('mo_wpns_scan_status', $encoded_scan_status);
927
- }
928
- $source_file_path=$value->path;
929
- if(!file_exists($source_file_path) || filesize($source_file_path) > 5242880){//5MB size limit
930
- continue;
931
- }
932
- $hash_of_file= md5_file($source_file_path);
933
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
934
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
935
- $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
936
- $repo_status = $repocheck? 0 : 1;
937
- if(is_array($datascan)){
938
- $malware_status = $datascan['malware'];
939
- $link_status = $datascan['ext_link'];
940
- }else{
941
- $malware_status=0;
942
- $link_status=0;
943
- }
944
- $scanresult=array();
945
-
946
- if($repocheck){
947
- $file_content=file_get_contents($source_file_path);
948
- $file_path_slash_correction = str_replace('/', '\\', $source_file_path);
949
- $source_file_path_array=explode("\\", $file_path_slash_correction);
950
- $theme_flag=0;
951
- foreach ($default_themes as $theme_key) {
952
- if(in_array($theme_key, $source_file_path_array)){
953
- $theme_flag=1;
954
- break;
955
- }
956
- }
957
- if($theme_flag){
958
- continue;
959
- }
960
- if(in_array('wp-content', $source_file_path_array) && !in_array('plugins', $source_file_path_array) && !in_array('themes', $source_file_path_array)){
961
- continue;
962
- }
963
- $repo_file_to_check=$repo_file_path;
964
- $path_flag=0;
965
- $path_key= array('wp-admin', 'wp-includes', 'plugins', 'themes');
966
- foreach ($path_key as $paths_key) {
967
- if(in_array($paths_key, $source_file_path_array)){
968
- $index= array_search($paths_key, $source_file_path_array);
969
- if($paths_key == 'wp-admin' || $paths_key == 'wp-includes'){
970
- $wordpress_name = get_option('downloaded_wordpress_repo_name');
971
- $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name;
972
- }
973
- for($i=$index; $i<sizeof($source_file_path_array); $i++){
974
- $repo_file_to_check.=DIRECTORY_SEPARATOR.$source_file_path_array[$i];
975
- }
976
- $path_flag=1;
977
-
978
- break;
979
- }
980
- }
981
- if($path_flag == 0){
982
- $last_index=sizeof($source_file_path_array)-1;
983
- $wordpress_name = get_option('downloaded_wordpress_repo_name');
984
- $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name.DIRECTORY_SEPARATOR.$source_file_path_array[$last_index];
985
- }
986
- $repo_status=1;
987
- $issues = $this->check_with_repo_files($file_content, $repo_file_to_check);
988
- if(!empty($issues)){
989
- $repo_issue_count++;
990
- $scanresult['repo']=$issues;
991
- $flag_update=1;
992
- }
993
- }
994
-
995
- if($flag_update == 0){
996
- $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
997
-
998
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
999
- $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
1000
- $file_already_infected=false;
1001
- foreach ($infected_array as $key => $value) {
1002
- if($value->filename == $source_file_path){
1003
- $file_already_infected=true;
1004
- break;
1005
- }
1006
- }
1007
-
1008
- if($file_already_infected){
1009
-
1010
- }elseif(empty($res)){
1011
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
1012
- }else{
1013
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
1014
- }
1015
- }else{
1016
- $infected_files=get_option('mo_wpns_warning_files');
1017
- $infected_files++;
1018
- if(!empty($res)){
1019
- $mo2f_malware_db_handler->delete_hash($source_file_path);
1020
- }
1021
- update_option('mo_wpns_warning_files', $infected_files);
1022
- }
1023
- if(!empty($scanresult))
1024
- $scanresults[$source_file_path]=$scanresult;
1025
- }
1026
- $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
1027
- $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
1028
- $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
1029
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
1030
- $encoded_scan_status=json_encode($decoded_scan_status);
1031
- update_option('mo_wpns_scan_status', $encoded_scan_status);
1032
- return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
1033
- }
1034
-
1035
- function check_exec_limit($start_time, $time_limit){
1036
- if($time_limit == 0){
1037
- return true;
1038
- }else{
1039
- $time_remaining= $time_limit - (time()-$start_time);
1040
- if($time_remaining > 10){
1041
- return true;
1042
- }else{
1043
- return false;
1044
- }
1045
- }
1046
- }
1047
-
1048
- }
1049
- new Mo_wpns_Scan_Handler_Cron;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1050
  ?>
1
+ <?php
2
+
3
+ class Mo_wpns_Scan_Handler_Cron{
4
+ private $total_files_to_scan;
5
+ public $scanned_files = array();
6
+ function __construct(){
7
+
8
+ }
9
+
10
+ function mo2f_scan_all_files($scan_config, $start_time){
11
+ ini_set('memory_limit', '-1');
12
+ ini_set('max_execution_time', 0);
13
+ $time_limit= ini_get('max_execution_time');
14
+
15
+ $result = array();
16
+ $folderpaths = array();
17
+ $wp_repo_file = array();
18
+ $folderNames = "";
19
+ $repo_check_status_code=0;
20
+ update_site_option('mo_stop_scan','0');
21
+ $base = get_home_path();
22
+ $hostname = 'wordpress.org';
23
+ $uploads_dir = wp_upload_dir();
24
+ $uploads_path= $uploads_dir['basedir'];
25
+ if (!is_writable($uploads_path)) {
26
+ $scan_config['check_repo'] = 0;
27
+ $repo_check_status_code = -97;
28
+ }else{
29
+ $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
30
+ if (!$wordpress_server_status) {
31
+ $scan_config['check_repo'] = 0;
32
+ $repo_check_status_code = -98;
33
+ }
34
+ }
35
+
36
+ if($scan_config['core_scan'] == 1){
37
+ $folderpaths['base'] = $base;
38
+ $folderNames .= "WP Files;";
39
+ }
40
+ if($scan_config['plugin_scan'] == 1){
41
+ $folderpaths['plugins'] = WP_PLUGIN_DIR;
42
+ $folderNames .= "Plugins;";
43
+ }
44
+ if($scan_config['theme_scan'] == 1){
45
+ $folderpaths['themes'] = get_theme_root();
46
+ $folderNames .= "Themes;";
47
+ }
48
+ if($scan_config['check_repo'] == 1){
49
+ $folderNames .= "WP Repo Files;";
50
+ }
51
+
52
+ $this->count_total_files($folderpaths, $base, $scan_config);
53
+ update_site_option('mo2f_repo_status', $repo_check_status_code);
54
+
55
+ $mo2f_malware_db_handler = new MoWpnsDB();
56
+ $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $start_time, $repo_check_status_code);
57
+ update_site_option('mo2f_report_id', $reportid);
58
+
59
+ $scanverification=$this->createKeyCurrentScan($scan_config['type_scan'],$reportid);
60
+
61
+ $response=$this->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
62
+
63
+ wp_send_json('success');
64
+ }
65
+
66
+ function createKeyCurrentScan($scan_mode,$reportid){
67
+
68
+ $scanverification=md5($scan_mode. MO2f_Utility::random_str(24).$reportid);
69
+ update_site_option("mo2f_scanverification",$scanverification);
70
+ return $scanverification;
71
+ }
72
+
73
+ function mo2f_wp_remote_get($scan_mode, $reportid, $scanverification,$scan_stage_complete=1){
74
+ //set time out based on time left or 10 secs
75
+
76
+ $scan_nonce=rand(10,100000);
77
+ $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
78
+ $url = get_site_url()."?scan_request=1"."&scanverification=".$scanverification."&reportid=".$reportid."&scan_stage_complete=".$scan_stage_complete."&scan_mode=".$scan_mode."&scan_nonce=".$scan_nonce;//scanverification,report_id, scan_stage_complete and scan_mode
79
+
80
+ $args = array(
81
+ 'method' => 'GET',
82
+ 'body' => '',
83
+ 'timeout' => '5',
84
+ 'redirection' => '5',
85
+ 'httpversion' => '1.0',
86
+ 'blocking' => true,
87
+ 'headers' => $http_header_array
88
+ );
89
+ $response= wp_remote_get($url,$args);
90
+
91
+ }
92
+
93
+ function mo2f_download_core_wp($repo_file_path, $scan_config, $reportid, $scanverification){
94
+ $repo_check_status = $scan_config['check_repo'];
95
+ $repo_check_status_code=get_site_option('mo2f_repo_status');
96
+ $wp_repo_file=get_site_option('mo2f_repo_path');
97
+ if ( ! function_exists( 'get_plugins' ) ) {
98
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
99
+ }
100
+ if ( ! function_exists( 'plugins_api' ) ) {
101
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
102
+ }
103
+
104
+ if($scan_config['core_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
105
+ if(!is_dir($repo_file_path)){
106
+ mkdir($repo_file_path);
107
+ }
108
+ $download_status=time();
109
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
110
+ $decoded_scan_configuration->status_download_time=$download_status;
111
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
112
+ update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
113
+ require(ABSPATH . 'wp-includes/version.php');
114
+ //wordpress name to be changed to be changed based on version
115
+ $zip_name="wp-".$wp_version;
116
+ $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
117
+ update_site_option('downloaded_wordpress_repo_name', $zip_name);
118
+
119
+ $download_info = get_site_option('mo2f_download_info');
120
+ if(! $download_info){
121
+ $download_info = array("plugin_count"=>0, "theme_count"=>0, "stage"=> "core");
122
+ }else{
123
+ $download_info['stage'] = "core";
124
+ }
125
+ update_site_option('mo2f_download_info', $download_info);
126
+ if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
127
+ $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
128
+ if($result === -99){
129
+ $scan_config['check_repo'] = 0;
130
+ $repo_check_status_code = -99;
131
+ }else if($result === -95){
132
+ $scan_config['check_repo'] = 0;
133
+ $repo_check_status_code = -95;
134
+ }else if(!$result){
135
+ $scan_config['check_repo'] = 0;
136
+ $repo_check_status_code = -100;
137
+ }
138
+ }
139
+
140
+ if($repo_check_status != $scan_config['check_repo']){
141
+ update_site_option('mo2f_repo_status', $repo_check_status_code);
142
+ $scan_stage_complete=6;
143
+ }else{
144
+ update_site_option('mo2f_repo_path', $wp_repo_file);
145
+ $scan_stage_complete=6;
146
+ }
147
+ }else{
148
+ $scan_stage_complete = 7;
149
+ }
150
+
151
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
152
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
153
+
154
+ }
155
+
156
+ function mo2f_download_plugins_wp($repo_file_path, $scan_config, $start_time, $time_limit, $reportid, $scanverification){
157
+ $repo_check_status = $scan_config['check_repo'];
158
+ $repo_check_status_code=get_site_option('mo2f_repo_status');
159
+ $flag=0;
160
+ $wp_repo_file=array();
161
+ if ( ! function_exists( 'get_plugins' ) ) {
162
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
163
+ }
164
+ if ( ! function_exists( 'plugins_api' ) ) {
165
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
166
+ }
167
+
168
+ if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
169
+ if(!is_dir($repo_file_path)){
170
+ mkdir($repo_file_path);
171
+ }
172
+ $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
173
+ if(!is_dir($wp_plugin_repo_file)){
174
+ mkdir($wp_plugin_repo_file);
175
+ }
176
+ $download_status=time();
177
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
178
+ $decoded_scan_configuration->status_download_time=$download_status;
179
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
180
+ update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
181
+ $wp_repo_file['plugins']=$wp_plugin_repo_file;
182
+ $plugin_list=get_site_transient( 'update_plugins' );
183
+
184
+ $plugin_count = sizeof($plugin_list->checked);
185
+ $download_info = array("plugin_count"=> $plugin_count, "theme_count"=>0, "stage"=>"plugins");
186
+ update_site_option('mo2f_download_info', $download_info);
187
+
188
+ $all_plugins=array();
189
+ foreach ($plugin_list as $key => $value) {
190
+ if($key=='response'||$key=='no_update'){
191
+ foreach ($value as $ke => $val) {
192
+ $all_plugins[$ke] = $val;
193
+ }
194
+ }
195
+ }
196
+ $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins', $start_time, $time_limit,$scan_config,$reportid, $scanverification);
197
+ if($result === -99){
198
+ $scan_config['check_repo'] = 0;
199
+ $repo_check_status_code = -99;
200
+ }else if($result === -95){
201
+ $scan_config['check_repo'] = 0;
202
+ $repo_check_status_code = -95;
203
+ }else if(!$result){
204
+ $scan_config['check_repo'] = 0;
205
+ $repo_check_status_code = -100;
206
+ }else if($result === 'incomplete'){
207
+ $flag=1;
208
+ }
209
+
210
+ if($repo_check_status != $scan_config['check_repo']){
211
+ update_site_option('mo2f_repo_status', $repo_check_status_code);
212
+ $scan_stage_complete=6;
213
+ }else{
214
+ if($flag == 1){
215
+ $scan_stage_complete=3;
216
+ }else{
217
+ update_site_option('mo2f_repo_path', $wp_repo_file);
218
+ $scan_stage_complete=6;
219
+ }
220
+ }
221
+ }else{
222
+ $scan_stage_complete = 4;
223
+ }
224
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
225
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
226
+
227
+ }
228
+
229
+ function mo2f_download_themes_wp($repo_file_path, $scan_config, $start_time, $time_limit,$reportid, $scanverification){
230
+ $repo_check_status = $scan_config['check_repo'];
231
+ $repo_check_status_code=get_site_option('mo2f_repo_status');
232
+ $flag=0;
233
+ $wp_repo_file=get_site_option('mo2f_repo_path');
234
+ if ( ! function_exists( 'get_plugins' ) ) {
235
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
236
+ }
237
+ if ( ! function_exists( 'plugins_api' ) ) {
238
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
239
+ }
240
+
241
+ if($scan_config['theme_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
242
+ if(!is_dir($repo_file_path)){
243
+ mkdir($repo_file_path);
244
+ }
245
+ $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
246
+ if(!is_dir($wp_theme_repo_file)){
247
+ mkdir($wp_theme_repo_file);
248
+ }
249
+ $download_status=time();
250
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
251
+ $decoded_scan_configuration->status_download_time=$download_status;
252
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
253
+ update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
254
+ $wp_repo_file['themes']=$wp_theme_repo_file;
255
+ $all_themes=get_site_transient( 'update_themes' )->checked;
256
+
257
+ $theme_count = sizeof($all_themes);
258
+ $download_info = get_site_option('mo2f_download_info');
259
+ if(! $download_info){
260
+ $download_info = array("plugin_count"=>0, "theme_count"=> $theme_count, "stage"=> "themes");
261
+ }else{
262
+ $download_info['theme_count'] = $theme_count;
263
+ $download_info['stage'] = "themes";
264
+ }
265
+ update_site_option('mo2f_download_info', $download_info);
266
+
267
+ $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes', $start_time, $time_limit,$scan_config,$reportid,$scanverification);
268
+ if($result === -99){
269
+ $scan_config['check_repo'] = 0;
270
+ $repo_check_status_code = -99;
271
+ }else if($result === -95){
272
+ $scan_config['check_repo'] = 0;
273
+ $repo_check_status_code = -95;
274
+ }else if(!$result){
275
+ $scan_config['check_repo'] = 0;
276
+ $repo_check_status_code = -100;
277
+ }else if($result === 'incomplete'){
278
+ $flag=1;
279
+ }
280
+
281
+ if($repo_check_status != $scan_config['check_repo']){
282
+ update_site_option('mo2f_repo_status', $repo_check_status_code);
283
+ $scan_stage_complete=6;
284
+ }else{
285
+ if($flag == 1){
286
+ $scan_stage_complete=4;
287
+
288
+ }else{
289
+ update_site_option('mo2f_repo_path', $wp_repo_file);
290
+ $scan_stage_complete=6;
291
+ }
292
+ }
293
+ }else{
294
+ $scan_stage_complete = 5;
295
+ }
296
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
297
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
298
+ }
299
+
300
+ function iterator_plugins_themes($themes_or_plugins, $path, $type='', $start_time, $time_limit, $scan_config,$reportid, $scanverification){
301
+ $downloaded_already= get_site_option('mo2f_download_done');
302
+ if($downloaded_already == false){
303
+ $downloaded_already=0;
304
+ }
305
+ $i=0;
306
+ foreach($themes_or_plugins as $key => $data){
307
+ $i++;
308
+ $exec_status= $this->check_exec_limit($start_time, $time_limit);
309
+ if(! $exec_status){//wp_remote_get
310
+ update_site_option('mo2f_download_done', $i-1);
311
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
312
+ if($type=='plugins'){
313
+ $scan_stage_complete=3;
314
+ }else if($type=='themes'){
315
+ $scan_stage_complete=4;
316
+ }
317
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
318
+ return 'incomplete';
319
+ }
320
+ if($i <= $downloaded_already){
321
+ continue;
322
+ }
323
+ if($type=='plugins'){
324
+ if(! file_exists(WP_PLUGIN_DIR.DIRECTORY_SEPARATOR.$data->plugin)){
325
+ continue;
326
+ }
327
+ $plugin_slug=$data->slug;
328
+ update_site_option('mo2f_current_repo_key', $plugin_slug);
329
+ $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
330
+ $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
331
+ $plugin_version=$plugin_data['Version'];
332
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
333
+ $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
334
+ if($result === -99){
335
+ return -99;
336
+ }else if($result === -95){
337
+ return -95;
338
+ }else if(!$result){
339
+ return false;
340
+ }else{
341
+ update_site_option('mo2f_download_done', $i);
342
+ return true;
343
+ }
344
+ }
345
+ } else if($type=='themes'){
346
+ $installed_themes = wp_get_themes();
347
+ $flag_theme=0;
348
+ foreach ($installed_themes as $theme_name => $attributes) {
349
+ if($key == $theme_name){
350
+ $flag_theme=1;
351
+ break;
352
+ }
353
+ }
354
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$key) && $flag_theme == 1){
355
+ update_site_option('mo2f_current_repo_key', $key);
356
+ $result= $this->download_repo($key, $data, $path, $type);
357
+ if($result === -99){
358
+ return -99;
359
+ }else if($result === -95){
360
+ return -95;
361
+ }else if(!$result){
362
+ return false;
363
+ }else{
364
+ update_site_option('mo2f_download_done', $i);
365
+ return true;
366
+ }
367
+ }
368
+ }
369
+ }
370
+ return true;
371
+ }
372
+
373
+ function download_repo($zip_name, $version, $path, $type=''){
374
+ if ($type=='plugins') {
375
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
376
+ $plugin_name=$zip_name.'.'.$version;
377
+
378
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
379
+ if( $download_result){
380
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
381
+ return $result;
382
+ }else {
383
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
384
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
385
+ if( $download_result){
386
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
387
+ return $result;
388
+ }else {
389
+ $connectivity = $this->check_net_connectivity();
390
+ if($connectivity){
391
+ return -99;
392
+ }else{
393
+ return -95;
394
+ }
395
+
396
+ }
397
+ return -99;
398
+ }
399
+ } else if($type=='themes'){
400
+ $theme_name=$zip_name.'.'.$version;
401
+ $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
402
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
403
+ if( $download_result){
404
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
405
+ return $result;
406
+ }else {
407
+ $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
408
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
409
+ if( $download_result){
410
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
411
+ return $result;
412
+ }else {
413
+ $connectivity = $this->check_net_connectivity();
414
+ if($connectivity){
415
+ error_log("Unable to download Theme: ".$theme_name);
416
+ return -99;
417
+ }else{
418
+ return -95;
419
+ }
420
+
421
+ }
422
+ return -99;
423
+ }
424
+ } else {
425
+ update_site_option('mo2f_current_repo_key', 'core');
426
+ $download_link="https://wordpress.org/wordpress-".$version.".zip";
427
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
428
+ if($download_result){
429
+ $result=$this->unzip_downloaded_repo($zip_name, $path);
430
+ return $result;
431
+ } else {
432
+ $connectivity = $this->check_net_connectivity();
433
+ if($connectivity){
434
+ error_log("Unable to download wordpress-".$version);
435
+ return -99;
436
+ }else{
437
+ return -95;
438
+ }
439
+ }
440
+ }
441
+ return false;
442
+ }
443
+
444
+ function check_net_connectivity(){
445
+ $hostname = 'wordpress.org';
446
+ $flag=0;
447
+ for ($i=0; $i <3 ; $i++) {
448
+ $net_connection = $this->mo_wpns_check_malware_server_status($hostname);
449
+ if($net_connection){
450
+ $flag=1;
451
+ break;
452
+ }else{
453
+ sleep(5);
454
+ }
455
+ }
456
+ if($flag){
457
+ return true;
458
+ }else{
459
+ return false;
460
+ }
461
+ }
462
+
463
+ function unzip_downloaded_repo($name, $path){
464
+ $zip = new ZipArchive;
465
+ $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
466
+ $res = $zip->open($folder_path);
467
+ if ($res === TRUE) {
468
+ // extract it to the path we determined above
469
+ $result = $zip->extractTo($path);
470
+ $zip->close();
471
+ if ($name == get_site_option('downloaded_wordpress_repo_name')) {
472
+ rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
473
+ }
474
+ unlink($folder_path);
475
+ return true;
476
+ } else {
477
+ return false;
478
+ }
479
+ }
480
+
481
+ function mo_wpns_check_malware_server_status($host){
482
+ $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
483
+ if ( ! $fsock ){
484
+ return FALSE;
485
+ }else{
486
+ fclose($fsock);
487
+ return TRUE;
488
+ }
489
+ }
490
+
491
+ function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
492
+ $response = null;
493
+ $ch=curl_init($host);
494
+ curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
495
+ curl_setopt( $ch, CURLOPT_ENCODING, "" );
496
+ curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
497
+ curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
498
+ curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
499
+ curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
500
+ curl_setopt( $ch, CURLOPT_POST, true );
501
+ curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
502
+ curl_setopt($ch, CURLOPT_TIMEOUT, 5);
503
+ $results=curl_exec($ch);
504
+ curl_close($ch);
505
+ if($results==false){
506
+
507
+ }else{
508
+ $result = json_decode($results, true);
509
+ if(isset($result['status'])){
510
+ if ($result['status'] == 'success') {
511
+ if($result['result']!='OK')
512
+ $response = $result['result'];
513
+ }else if($result['status']=='error'){
514
+ error_log("Exception on server");
515
+ }
516
+ }else if(strpos($results, 'Summary')){
517
+
518
+ }else{
519
+ error_log("Any other issues on server");
520
+ }
521
+ }
522
+ return $response;
523
+ }
524
+
525
+ function check_with_repo_files($file_content, $repo_file_path){
526
+ $issues = array();
527
+ if(file_exists($repo_file_path)){
528
+ $content=@file_get_contents($repo_file_path);
529
+ $hash_repo = md5($content);
530
+ $hash_file = md5($file_content);
531
+ if ($hash_file != $hash_repo) {
532
+ $flag=1;
533
+ $issues=array("exist" => "Mismatch in Files");
534
+ }
535
+ } else {
536
+ $issues=array('exist'=>'Unwanted File Found');
537
+ }
538
+ return $issues;
539
+ }
540
+
541
+ function getlines($contents, $href){
542
+ $newissues = 0;
543
+ $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
544
+ for($i=0; $i<count($lines); $i++){
545
+ $line = $lines[$i];
546
+ if (strpos($line, $href) !== false) {
547
+ $newissues = $i+1;
548
+ }
549
+ }
550
+ return $newissues;
551
+ }
552
+
553
+ function check_external_link($contents){
554
+ $issues = array();
555
+ $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
556
+ if(isset($hrefs[1])){
557
+ foreach($hrefs[1] as $href){
558
+ if($this->isexternal($href)){
559
+ $line=$this->getlines($contents, $href);
560
+ $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
561
+ }
562
+ }
563
+ }
564
+ return $issues;
565
+ }
566
+
567
+ function isexternal($url) {
568
+ $url = trim($url);
569
+ $url = trim($url,';');
570
+ $url = trim($url,'(');
571
+ $url = trim($url,')');
572
+ $url = trim($url,"'");
573
+ $url = trim($url,'"');
574
+ $components = parse_url($url);
575
+ if(isset($components['host'])){
576
+ if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot|php.net)/i', $components['host']) === 1) {}
577
+ else{
578
+ if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
579
+ return true;
580
+ }
581
+ }
582
+ }
583
+ return false;
584
+ }
585
+
586
+ function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
587
+
588
+ $flag = 1;
589
+ $argument = "";
590
+ $line = "";
591
+ $issue = array();
592
+ for($j=$start; $j< sizeof($tokens); $j++) {
593
+ $innertoken = $tokens[$j];
594
+ if ($flag==1 && is_array($innertoken)) {
595
+ $argument .= $innertoken[1];
596
+ if(empty($line))
597
+ $line = $innertoken[2];
598
+ } else if($innertoken==";"){
599
+ $argument .= ";";
600
+ if($checkForExternalLink){
601
+ if($this->isexternal($argument)){
602
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
603
+ }
604
+ } else {
605
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
606
+ }
607
+ break;
608
+ } else if($flag==1){
609
+ $argument .= $innertoken;
610
+ }
611
+ }
612
+ return $issue;
613
+ }
614
+
615
+ function remove_dir($repo_path){
616
+ $dir=$repo_path;
617
+ $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
618
+ $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
619
+ foreach($files as $file) {
620
+ if ($file->isDir()){
621
+ rmdir($file->getPathname());
622
+ } else {
623
+ unlink($file->getPathname());
624
+ }
625
+ }
626
+ rmdir($dir);
627
+ }
628
+
629
+ function count_total_files($folder_paths, $base, $scan_config){
630
+
631
+ $plugin_list=get_site_transient( 'update_plugins' );
632
+ $q = $plugin_list->checked;
633
+ $plugin_array = array();
634
+ foreach ($q as $key => $value) {
635
+ if(strpos($key, '/')){
636
+ $a=explode('/', $key);
637
+ array_push($plugin_array, $a[0]);
638
+ }else{
639
+ array_push($plugin_array, $key);
640
+ }
641
+ }
642
+ $all_themes=get_site_transient( 'update_themes' )->checked;
643
+ $theme_array = array();
644
+ foreach ($all_themes as $key => $value) {
645
+ array_push($theme_array, $key);
646
+ }
647
+ $mo2f_malware_db_handler = new MoWpnsDB();
648
+ $file_count=0;
649
+ $nooffiles=0;
650
+ $file_path_array=array();
651
+ $skip_path_array= array();
652
+ $folder_skip_array=array();
653
+ $extensions = array();
654
+ $files_number = 0;
655
+ if($scan_config['type_scan'] == "Custom Scan"){
656
+ $file_ext = $scan_config['file_extension'];
657
+ if(empty($file_ext)){
658
+
659
+ }else{
660
+ if(strpos($file_ext,';') !=false){
661
+ $extensions = explode(";", $file_ext);
662
+ }else{
663
+ array_push($extensions, $file_ext);
664
+ }
665
+ }
666
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
667
+
668
+ for($i=0; $i<count($folder_skip_array); $i++){
669
+ $pathParts = explode('/', $folder_skip_array[$i]);
670
+ $n= sizeof($pathParts)-1;
671
+ $folder= $pathParts[$n];
672
+ array_push($skip_path_array, $folder);
673
+ }
674
+ }
675
+ foreach ($folder_paths as $key_path => $value) {
676
+ $file_list= list_files($value,100);
677
+ if(isset($folder_paths['base'])){
678
+ if($key_path == 'base'){
679
+ $files_number = sizeof($file_list);
680
+ }
681
+ }else{
682
+ $files_number+= sizeof($file_list);
683
+ }
684
+ foreach ($file_list as $key => $value1) {
685
+
686
+ $source_file_path= $value1;
687
+
688
+ if(is_dir($source_file_path)){
689
+ continue;
690
+ }
691
+ $source_file_path_for_explode = str_replace('/', '\\', $source_file_path);
692
+ $arr= explode('\\', $source_file_path_for_explode);
693
+ $theme_path=get_theme_root();
694
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
695
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
696
+
697
+ }else{
698
+ continue;
699
+ }
700
+ }elseif ($value == WP_PLUGIN_DIR && $arr[count($arr)-1]=='index.php'){
701
+ continue;
702
+ }elseif ($value == $theme_path && $arr[count($arr)-1]=='index.php'){
703
+ continue;
704
+ }
705
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
706
+ if($scan_config['type_scan'] == "Custom Scan"){
707
+ $flag_skip=0;
708
+ if (!empty($folder_skip_array)) {
709
+ for($q=0; $q<count($skip_path_array); $q++){
710
+ if(strpos($source_file_path, $skip_path_array[$q])){
711
+ $flag_skip=1;
712
+ break;
713
+ }
714
+ }
715
+ }
716
+ if($flag_skip == 1){
717
+ continue;
718
+ }
719
+
720
+ if(!empty($extensions)){
721
+ if(!in_array($ext, $extensions)){
722
+ continue;
723
+ }
724
+ }
725
+ }
726
+ if(in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw'))){
727
+ continue;
728
+ }
729
+ $file_count++;
730
+ $nooffiles=$nooffiles+1;
731
+
732
+ if(in_array('wp-content', $arr) && in_array('plugins', $arr)){//plugins file
733
+ foreach ($plugin_array as $arr_index => $key_repo) {
734
+ if(in_array($key_repo, $arr)){
735
+ $repo_key = $key_repo;
736
+ break;
737
+ }
738
+ }
739
+ }
740
+ else if(in_array('wp-content', $arr) && in_array('themes', $arr)){//themes file
741
+ foreach ($theme_array as $arr_index => $key_repo) {
742
+ if(in_array($key_repo, $arr)){
743
+ $repo_key = $key_repo;
744
+ break;
745
+ }
746
+ }
747
+ }
748
+ else{//core file
749
+ $repo_key = 'core';
750
+ }
751
+
752
+ $file_path_array[$nooffiles]= array("file"=> $source_file_path, "key"=>$repo_key);
753
+ if($nooffiles>0 && $nooffiles%100==0){
754
+ $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
755
+ $nooffiles=0;
756
+ $file_path_array=array();
757
+ }
758
+ }
759
+ $mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
760
+ $nooffiles=0;
761
+ $file_path_array=array();
762
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
763
+ $decoded_scan_status->total_files=$file_count;
764
+ $encoded_scan_status=json_encode($decoded_scan_status);
765
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
766
+ $mo2f_files_skipped = $files_number-$file_count;
767
+ update_site_option('mo2f_files_skipped', $mo2f_files_skipped);
768
+ }
769
+ }
770
+
771
+ function averageFileScanTime($currentFileScanTime,$currentScanFileCount,$averageFileScanTime,$previous_scanned){
772
+
773
+ if($previous_scanned!=0 || $currentScanFileCount!=0) {
774
+ try {
775
+ $totalTime = (float)($averageFileScanTime * $previous_scanned);
776
+ $timeDifference = time() - $currentFileScanTime;
777
+ $avergaeTimeEachFile = (float)(( $totalTime + $timeDifference )) / (float)(( $previous_scanned + $currentScanFileCount ));
778
+
779
+ } catch ( Exception $e ) {
780
+ $avergaeTimeEachFile = 0;
781
+ }
782
+ }else{
783
+ $avergaeTimeEachFile = 0;
784
+ }
785
+ return $avergaeTimeEachFile;
786
+ }
787
+
788
+ function get_scan_result_parts($mo2f_malware_db_handler=null, $folderpaths=array(), $scan_config, $start_time, $time_limit){
789
+ if(!empty($folderpaths)){
790
+ if ( in_array( 'curl', get_loaded_extensions() ) ) {
791
+ $scanresults=array();
792
+ $nooffiles=0;
793
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
794
+ $previous_scanned = $decoded_scan_status->files_scanned;
795
+ $previous_processed_files=$decoded_scan_status->total_files_processed;
796
+ $scan_malware_count = 0;
797
+ $repo_issue_count = 0;
798
+ $malicious_link_count = 0;
799
+ $file_ext = $scan_config['file_extension'];
800
+ $host = MoWpnsConstants::$host;
801
+ $extensions = array();
802
+ $hostname = MoWpnsConstants::$hostname;
803
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
804
+ if(empty($file_ext)){
805
+ }else{
806
+ if(strpos($file_ext,';') !=false){
807
+ $extensions = explode(";", $file_ext);
808
+ }else{
809
+ array_push($extensions, $file_ext);
810
+ }
811
+ }
812
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
813
+ $skip_path_array= array();
814
+ for($i=0; $i<count($folder_skip_array); $i++){
815
+ $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
816
+ $n= sizeof($pathParts)-1;
817
+ $folder= $pathParts[$n];
818
+ array_push($skip_path_array, $folder);
819
+ }
820
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
821
+ $currentFileScanTime=time();
822
+ $currentScanFileCount=$nooffiles;
823
+ $avergaeTimeEachFile=0;//in miliseconds
824
+ foreach ($folderpaths as $value) {
825
+ $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
826
+
827
+ if(!$status){//wp_remote_get
828
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
829
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
830
+ $mo_wpns_files_scanned=(0.7*$nooffiles)+$previous_scanned;
831
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
832
+ $encoded_scan_status=json_encode($decoded_scan_status);
833
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
834
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
835
+ //time limit close by. Returned status of current scan. Update DB and make next request.
836
+ }
837
+
838
+ $scanresult=array();
839
+ $source_file_path=$value->path;
840
+ if(!file_exists($source_file_path)){
841
+ $nooffiles++;
842
+ continue;
843
+ }
844
+
845
+ $source_file_path_size = str_replace("\\", "/", $source_file_path);
846
+
847
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
848
+ $ext= strtolower($ext);
849
+ if(!((filesize($source_file_path_size) < 1048576)) ){
850
+ $excess_size = get_site_option('mo2f_file_size_excess');
851
+ update_site_option('mo2f_file_size_excess', $excess_size+1);
852
+ $nooffiles++;
853
+ continue;
854
+ }
855
+ $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
856
+ if($extns){
857
+ $nooffiles++;
858
+ if((0.7*$nooffiles) > 50){
859
+ $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
860
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
861
+ $encoded_scan_status=json_encode($decoded_scan_status);
862
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
863
+
864
+ }
865
+ }
866
+
867
+ $hash_of_file= md5_file($source_file_path);
868
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
869
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
870
+ $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
871
+ $malware_status = $scanmalware? 0 : 1;
872
+
873
+ if(!empty($res) && !$scanmalware ){
874
+ }
875
+ else{
876
+ $flag_update=0;
877
+ if((filesize($source_file_path_size) < 1048576) ){
878
+ $file_content=file_get_contents($source_file_path);
879
+
880
+ if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
881
+ $malware_status = 1;
882
+ $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
883
+ $postdata = array('file' => $cfile);
884
+
885
+ $content_type = 'multipart/form-data';
886
+ $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
887
+ if ($issues) {
888
+ $scan_malware_count++;
889
+ $scanresult['scan'] = $issues;
890
+ $flag_update=1;
891
+ }
892
+ }else{
893
+
894
+ }
895
+ }
896
+
897
+ if($flag_update == 0){
898
+ $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
899
+ $repo_status=0;
900
+ $link_status=0;
901
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
902
+ if(empty($res)){
903
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
904
+ }else{
905
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
906
+ }
907
+ }else{
908
+ $infected_files=get_site_option('mo_wpns_infected_files');
909
+ $infected_files++;
910
+ update_site_option('mo_wpns_infected_files', $infected_files);
911
+ }
912
+ }
913
+ if(!empty($scanresult))
914
+ $scanresults[$source_file_path]=$scanresult;
915
+
916
+ }
917
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
918
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
919
+ $mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
920
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
921
+ $encoded_scan_status=json_encode($decoded_scan_status);
922
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
923
+
924
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
925
+ }else{
926
+ return array('message'=>'CURL not installed on the server.');
927
+ }
928
+ } else {
929
+ return array('message'=>'No folder selected for scanning.');
930
+ }
931
+ }
932
+
933
+ function scan_for_ext_link($files_to_scan, $scan_config, $start_time, $time_limit, $reportid){
934
+ $mo2f_malware_db_handler = new MoWpnsDB();
935
+ $scanresults=array();
936
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
937
+ $previous_scanned = $decoded_scan_status->files_scanned;
938
+ $currentFileScanTime=time();
939
+ $nooffiles=0;
940
+ $malicious_link_count=0;
941
+ $previous_processed_files=$decoded_scan_status->total_files_processed;
942
+ foreach ($files_to_scan as $value) {
943
+ $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
944
+ if(!$status){//wp_remote_get
945
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
946
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
947
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
948
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
949
+ $encoded_scan_status=json_encode($decoded_scan_status);
950
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
951
+ return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
952
+ }
953
+ $flag_update=0;
954
+ $nooffiles++;
955
+ if((0.15*$nooffiles)> 50){// remove get_site_option
956
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
957
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
958
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
959
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
960
+ $encoded_scan_status=json_encode($decoded_scan_status);
961
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
962
+ }
963
+ $source_file_path=$value->path;
964
+ if(!file_exists($source_file_path)){
965
+ continue;
966
+ }
967
+ if(filesize($source_file_path) > 5242880){//5MB size limit
968
+ $excess_size = get_site_option('mo2f_file_size_excess');
969
+ update_site_option('mo2f_file_size_excess', $excess_size+1);
970
+ }
971
+
972
+ $hash_of_file= md5_file($source_file_path);
973
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
974
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
975
+ $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
976
+ $link_status = $extlink? 0 : 1;
977
+ if(is_array($datascan)){
978
+ $malware_status= $datascan['malware'];
979
+ }else{
980
+ $malware_status=0;
981
+ }
982
+
983
+ $scanresult=array();
984
+
985
+ $file_content=file_get_contents($source_file_path);
986
+ if($scan_config['ext_link_check'] == 1 && $extlink){
987
+ $link_status=1;
988
+ $elresult= $this->check_external_link($file_content);
989
+ if(!empty($elresult)){
990
+ $malicious_link_count++;
991
+ $flag_update=1;
992
+ $scanresult['extl']=$elresult;
993
+ }
994
+ }
995
+
996
+ if($flag_update == 0){
997
+ $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
998
+ $repo_status=0;
999
+
1000
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
1001
+ $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
1002
+ $file_already_infected=false;
1003
+ foreach ($infected_array as $key => $value) {
1004
+ if($value->filename == $source_file_path){
1005
+ $file_already_infected=true;
1006
+ break;
1007
+ }
1008
+ }
1009
+
1010
+ if($file_already_infected){
1011
+
1012
+ }elseif(empty($res)){
1013
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
1014
+ }else{
1015
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
1016
+ }
1017
+ }else{
1018
+ $infected_files=get_site_option('mo_wpns_warning_files');
1019
+ $infected_files++;
1020
+ update_site_option('mo_wpns_warning_files', $infected_files);
1021
+ }
1022
+ if(!empty($scanresult))
1023
+ $scanresults[$source_file_path]=$scanresult;
1024
+ }
1025
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
1026
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
1027
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
1028
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
1029
+ $encoded_scan_status=json_encode($decoded_scan_status);
1030
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
1031
+ return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
1032
+ }
1033
+
1034
+ function scan_with_repo($files_to_scan, $scan_config, $start_time, $time_limit, $reportid, $repo_file_path){
1035
+ $mo2f_malware_db_handler = new MoWpnsDB();
1036
+ $scanresults=array();
1037
+ $default_themes = array('twentynineteen', 'twentyseventeen', 'twentysixteen', 'twentytwenty');
1038
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
1039
+ $previous_scanned = $decoded_scan_status->files_scanned;
1040
+ $previous_processed_files=$decoded_scan_status->total_files_processed;
1041
+ $nooffiles=0;
1042
+ $repo_issue_count=0;
1043
+ $currentFileScanTime=time();
1044
+ foreach ($files_to_scan as $value) {
1045
+ $status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
1046
+ if(!$status){//wp_remote_get
1047
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
1048
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
1049
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
1050
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
1051
+ $encoded_scan_status=json_encode($decoded_scan_status);
1052
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
1053
+ return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
1054
+ //time limit close by. Returned status of current scan. Update DB and make next request.
1055
+ }
1056
+ $flag_update=0;
1057
+ $nooffiles++;
1058
+ if((0.15*$nooffiles) > 50){
1059
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
1060
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
1061
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
1062
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
1063
+ $encoded_scan_status=json_encode($decoded_scan_status);
1064
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
1065
+ }
1066
+ $source_file_path=$value->path;
1067
+ if(!file_exists($source_file_path)){
1068
+ continue;
1069
+ }
1070
+ if(filesize($source_file_path) > 5242880){//5MB size limit
1071
+ $excess_size = get_site_option('mo2f_file_size_excess');
1072
+ update_site_option('mo2f_file_size_excess', $excess_size+1);
1073
+ }
1074
+ $hash_of_file= md5_file($source_file_path);
1075
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
1076
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
1077
+ $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
1078
+ $repo_status = $repocheck? 0 : 1;
1079
+ if(is_array($datascan)){
1080
+ $malware_status = $datascan['malware'];
1081
+ $link_status = $datascan['ext_link'];
1082
+ }else{
1083
+ $malware_status=0;
1084
+ $link_status=0;
1085
+ }
1086
+ $scanresult=array();
1087
+
1088
+ if($repocheck){
1089
+ $file_content=file_get_contents($source_file_path);
1090
+ $file_path_slash_correction = str_replace('/', '\\', $source_file_path);
1091
+ $source_file_path_array=explode("\\", $file_path_slash_correction);
1092
+ $theme_flag=0;
1093
+ foreach ($default_themes as $theme_key) {
1094
+ if(in_array($theme_key, $source_file_path_array)){
1095
+ $theme_flag=1;
1096
+ break;
1097
+ }
1098
+ }
1099
+ if($theme_flag){
1100
+ continue;
1101
+ }
1102
+ if(in_array('wp-content', $source_file_path_array) && !in_array('plugins', $source_file_path_array) && !in_array('themes', $source_file_path_array)){
1103
+ continue;
1104
+ }
1105
+ $repo_file_to_check=$repo_file_path;
1106
+ $path_flag=0;
1107
+ $path_key= array('wp-admin', 'wp-includes', 'plugins', 'themes');
1108
+ foreach ($path_key as $paths_key) {
1109
+ if(in_array($paths_key, $source_file_path_array)){
1110
+ $index= array_search($paths_key, $source_file_path_array);
1111
+ if($paths_key == 'wp-admin' || $paths_key == 'wp-includes'){
1112
+ $wordpress_name = get_site_option('downloaded_wordpress_repo_name');
1113
+ $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name;
1114
+ }
1115
+ for($i=$index; $i<sizeof($source_file_path_array); $i++){
1116
+ $repo_file_to_check.=DIRECTORY_SEPARATOR.$source_file_path_array[$i];
1117
+ }
1118
+ $path_flag=1;
1119
+
1120
+ break;
1121
+ }
1122
+ }
1123
+ if($path_flag == 0){
1124
+ $last_index=sizeof($source_file_path_array)-1;
1125
+ $wordpress_name = get_site_option('downloaded_wordpress_repo_name');
1126
+ $repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name.DIRECTORY_SEPARATOR.$source_file_path_array[$last_index];
1127
+ }
1128
+ $repo_status=1;
1129
+ $issues = $this->check_with_repo_files($file_content, $repo_file_to_check);
1130
+ if(!empty($issues)){
1131
+ $repo_issue_count++;
1132
+ $scanresult['repo']=$issues;
1133
+ $flag_update=1;
1134
+ }
1135
+ }
1136
+
1137
+ if($flag_update == 0){
1138
+ $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
1139
+
1140
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
1141
+ $infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
1142
+ $file_already_infected=false;
1143
+ foreach ($infected_array as $key => $value) {
1144
+ if($value->filename == $source_file_path){
1145
+ $file_already_infected=true;
1146
+ break;
1147
+ }
1148
+ }
1149
+
1150
+ if($file_already_infected){
1151
+
1152
+ }elseif(empty($res)){
1153
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
1154
+ }else{
1155
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
1156
+ }
1157
+ }else{
1158
+ $infected_files=get_site_option('mo_wpns_warning_files');
1159
+ $infected_files++;
1160
+ if(!empty($res)){
1161
+ $mo2f_malware_db_handler->delete_hash($source_file_path);
1162
+ }
1163
+ update_site_option('mo_wpns_warning_files', $infected_files);
1164
+ }
1165
+ if(!empty($scanresult))
1166
+ $scanresults[$source_file_path]=$scanresult;
1167
+ }
1168
+ $decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
1169
+ $decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
1170
+ $mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
1171
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
1172
+ $encoded_scan_status=json_encode($decoded_scan_status);
1173
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
1174
+ return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
1175
+ }
1176
+
1177
+ function check_exec_limit($start_time, $time_limit){
1178
+ if($time_limit == 0){
1179
+ return true;
1180
+ }else{
1181
+ $time_remaining= $time_limit - (time()-$start_time);
1182
+ if($time_remaining > 10){
1183
+ return true;
1184
+ }else{
1185
+ return false;
1186
+ }
1187
+ }
1188
+ }
1189
+
1190
+ }
1191
+ new Mo_wpns_Scan_Handler_Cron;
1192
  ?>
handler/malware_scanner/scanner_set_cron.php CHANGED
@@ -1,260 +1,305 @@
1
- <?php
2
-
3
- class mo2f_scanner_parts
4
- {
5
- function __construct(){
6
- }
7
-
8
-
9
- function check_scan_status(){
10
-
11
- global $wpdb;
12
- $query="SELECT `option_value` from `".$wpdb->base_prefix."options` WHERE `option_name` = 'mo_stop_scan'";
13
- $stop_scan= $wpdb->get_results($query);
14
- $stop_scan_process=$stop_scan[0]->option_value;
15
- if($stop_scan_process=="1") {
16
- $this->mo2f_end_scan();
17
- return "1";
18
- }
19
- else{
20
- return "0";
21
- }
22
- }
23
- function file_cron_scan(){//main cron function
24
-
25
- $scan_request = isset($_GET['scan_request'])? $_GET['scan_request']:false;
26
- if($scan_request) {
27
- $status=$this->check_scan_status();
28
-
29
- if($status){
30
- exit;
31
- //abort
32
- }
33
- ini_set('memory_limit', '-1');
34
- ini_set('max_execution_time', 0);
35
- $scan_mode = isset( $_GET['scan_mode'] ) ? $_GET['scan_mode'] : false;
36
- $scan_stage_complete = isset( $_GET['scan_stage_complete'] ) ? $_GET['scan_stage_complete'] : false;
37
- $reportid = isset( $_GET['reportid'] ) ? $_GET['reportid'] : false;
38
-
39
- $scanverification = isset( $_GET['scanverification'] ) ? $_GET['scanverification'] : false;
40
- $scanverification_code = get_option( "mo2f_scanverification" );
41
- if ( $scanverification != $scanverification_code ) {
42
- error_log( "Request Does not exists" );
43
- exit;
44
- }
45
-
46
- $mo2f_malware_db_handler = new MoWpnsDB();
47
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
48
-
49
- //switch case stage wise
50
- if ( $scan_mode == 'Quick Scan' ) {
51
- $scan_config = MoWpnsConstants::$quick_scan_configuration;
52
- } elseif ( $scan_mode == 'Standard Scan' ) {
53
- $scan_config = MoWpnsConstants::$standard_scan_configuration;
54
- } else {
55
- $scan_config = get_option( 'mo2f_custom_scan_config' );
56
- }
57
-
58
- $repo_status_code = get_option('mo2f_repo_status');
59
- if ( ($scan_config['check_repo'] == 0 || $repo_status_code < 0) && $scan_stage_complete == 3 ) {//repo check not required so scan ended
60
-
61
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
62
- $mo_wpns_files_scanned=$decoded_scan_status->total_files;
63
- $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
64
- $encoded_scan_status=json_encode($decoded_scan_status);
65
- update_option('mo_wpns_scan_status', $encoded_scan_status);
66
- $this->mo2f_end_scan();
67
- exit;
68
- }
69
-
70
- $uploads_dir = wp_upload_dir();
71
- $uploads_path= $uploads_dir['basedir'];
72
- $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
73
- $current_time = time();
74
- $time_limit = ini_get( 'max_execution_time' );
75
- usleep(10000);//10miliseconds
76
- switch ( $scan_stage_complete ) {
77
- case 1:
78
- $this->mo2f_scan_with_service( $scan_config, $reportid, $scanverification);
79
- break;
80
- case 2:
81
- $this->mo2f_check_ext_link( $scan_config,$reportid,$scanverification);
82
- break;
83
- case 3:
84
- $mo_wpns_scan_handler->mo2f_download_plugins_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
85
- break;
86
- case 4:
87
- $mo_wpns_scan_handler->mo2f_download_themes_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
88
- break;
89
- case 5:
90
- $mo_wpns_scan_handler->mo2f_download_core_wp( $repo_file_path, $scan_config,$reportid, $scanverification);
91
- break;
92
- case 6:
93
- $this->mo2f_check_with_repo( $scan_config, $repo_file_path,$reportid,$scanverification);
94
- break;
95
- case 7:
96
- $this->mo2f_end_scan();
97
- break;
98
- }
99
- }
100
- }
101
-
102
- function mo2f_scan_with_service($scan_config, $reportid, $scanverification){
103
- $current_time= time();
104
- $mo2f_malware_db_handler = new MoWpnsDB();
105
- $files_to_scan=$mo2f_malware_db_handler->get_files_in_parts();
106
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
107
-
108
- if(empty($files_to_scan)){
109
-
110
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
111
- $scan_malware_count=$last_report[0]->malware_count;
112
- $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
113
-
114
- $hostname = 'scanner.api.xecurify.com';
115
- $malware_server_status = $mo_wpns_scan_handler->mo_wpns_check_malware_server_status($hostname);
116
- if($malware_server_status){
117
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
118
- $postdata = http_build_query(array('fileCount' => $last_scan, 'maliciousCount' => $scan_malware_count));
119
- $content_type = 'application/x-www-form-urlencoded';
120
- $lastRequest = $mo_wpns_scan_handler->mo_wpns_malware_scan_request($postdata, $host, $content_type);
121
- }
122
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
123
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
124
-
125
- }else{//sending next 100 files
126
- $current_time= time();
127
- $time_limit= ini_get('max_execution_time');
128
- $result=$mo_wpns_scan_handler->get_scan_result_parts($mo2f_malware_db_handler, $files_to_scan, $scan_config, $current_time, $time_limit);
129
-
130
- if($result['scan']){
131
- foreach ($result['scan'] as $key => $value) {
132
- $value=array('scan'=>'Premium');
133
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
134
- }
135
- }
136
- $mo2f_malware_db_handler->update_files_scan($files_to_scan, $result['file_count']);
137
-
138
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
139
- $result['file_count']= $last_report[0]->scanned_files + $result['file_count'];
140
- $result['malware_count'] = $last_report[0]->malware_count + $result['malware_count'];
141
- $result['malicious_link'] = 0;
142
- $result['repo_issues'] = $last_report[0]->repo_issues;
143
-
144
- $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
145
-
146
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
147
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
148
-
149
- }
150
- }
151
-
152
- function mo2f_check_ext_link($scan_config, $reportid, $scanverification){
153
- $mo2f_malware_db_handler = new MoWpnsDB();
154
- $files_to_scan=$mo2f_malware_db_handler->get_files_for_link();
155
- $currentFileScanTime=time();
156
-
157
- if(!empty($files_to_scan) && $scan_config['ext_link_check']){
158
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
159
- $current_time= time();
160
- $time_limit= ini_get('max_execution_time');
161
- $response=$mo_wpns_scan_handler->scan_for_ext_link($files_to_scan, $scan_config, $current_time, $time_limit, $reportid);
162
-
163
- if($response['scan']){
164
- foreach ($response['scan'] as $key => $value) {
165
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
166
- }
167
- }
168
- $mo2f_malware_db_handler->update_files_scan_ext_link($files_to_scan, $response['file_count']);
169
-
170
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
171
- $response['file_count']= $last_report[0]->scanned_files;
172
- $response['malware_count'] = $last_report[0]->malware_count;
173
- $response['repo_issues'] = $last_report[0]->repo_issues;
174
- $response['malicious_link'] = $last_report[0]->malicious_links + $response['malicious_link'];
175
-
176
- $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
177
-
178
- $response=$mo_wpns_scan_handler->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
179
- }else{
180
- $decoded_scan_status=json_decode(get_option('mo_wpns_scan_status'));
181
- $mo_wpns_files_scanned=$decoded_scan_status->total_files;
182
- $decoded_scan_status->files_scanned=0.85*$mo_wpns_files_scanned;
183
- $encoded_scan_status=json_encode($decoded_scan_status);
184
- update_option('mo_wpns_scan_status', $encoded_scan_status);
185
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
186
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 3);
187
-
188
- }
189
- }
190
-
191
- function mo2f_check_with_repo($scan_config, $repo_file_path,$reportid, $scanverification){
192
- $download_status=false;
193
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
194
- $decoded_scan_configuration->status_download_time=$download_status;
195
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
196
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
197
- $mo2f_malware_db_handler = new MoWpnsDB();
198
- $response=array();
199
- $repo_status = get_option('mo2f_repo_status');
200
- if($repo_status != 0){
201
- if($repo_status == -99 || $repo_status == -100){
202
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
203
- if(!empty($last_report)){
204
- $response['file_count']= $last_report[0]->scanned_files;
205
- $response['malware_count'] = $last_report[0]->malware_count;
206
- $response['malicious_link'] = $last_report[0]->malicious_links;
207
- $response['repo_issues']=$repo_status;
208
- $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
209
- }
210
- }
211
- $this->mo2f_end_scan();
212
- exit;
213
- }else{
214
- $files_to_scan=$mo2f_malware_db_handler->get_files_for_repo();
215
- if(empty($files_to_scan)){
216
- $this->mo2f_end_scan();
217
- }else{
218
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
219
- $current_time= time();
220
- $time_limit= ini_get('max_execution_time');
221
- $response=$mo_wpns_scan_handler->scan_with_repo($files_to_scan, $scan_config, $current_time, $time_limit, $reportid, $repo_file_path);
222
-
223
- if($response['scan']){
224
- foreach ($response['scan'] as $key => $value) {
225
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
226
- }
227
- }
228
- $mo2f_malware_db_handler->update_files_scan_repo($files_to_scan, $response['file_count']);
229
-
230
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
231
- $response['file_count']= $last_report[0]->scanned_files;
232
- $response['malware_count'] = $last_report[0]->malware_count;
233
- $response['repo_issues'] = $last_report[0]->repo_issues + $response['repo_issues'];
234
- $response['malicious_link'] = $last_report[0]->malicious_links;
235
-
236
- $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
237
- $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
238
- $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 6);
239
- }
240
- }
241
- }
242
-
243
- function mo2f_end_scan(){
244
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
245
- $mo2f_malware_db_handler = new MoWpnsDB();
246
- $uploads_dir = wp_upload_dir();
247
- $uploads_path= $uploads_dir['basedir'];
248
- $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
249
- if(is_dir($repo_file_path)){
250
- $mo_wpns_scan_handler->remove_dir($repo_file_path);
251
- }
252
- $decoded_scan_configuration=json_decode(get_option('mo_wpns_scan_status'));
253
- $decoded_scan_configuration->scan_progress="COMPLETE";
254
- $encoded_scan_configuration=json_encode($decoded_scan_configuration);
255
- update_option("mo_wpns_scan_status",$encoded_scan_configuration);
256
- $mo2f_malware_db_handler->delete_files_parts();
257
-
258
- }
259
-
260
- }new mo2f_scanner_parts;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class mo2f_scanner_parts
4
+ {
5
+ function __construct(){
6
+ }
7
+
8
+
9
+ function check_scan_status(){
10
+
11
+ global $wpdb;
12
+ if(is_multisite()){
13
+ $query="SELECT `meta_value` from `".$wpdb->base_prefix."sitemeta` WHERE `meta_key` = 'mo_stop_scan'";
14
+ $stop_scan= $wpdb->get_results($query);
15
+ $stop_scan_process=$stop_scan[0]->meta_value;
16
+ }else{
17
+ $query="SELECT `option_value` from `".$wpdb->base_prefix."options` WHERE `option_name` = 'mo_stop_scan'";
18
+ $stop_scan= $wpdb->get_results($query);
19
+ $stop_scan_process=$stop_scan[0]->option_value;
20
+ }
21
+
22
+ if($stop_scan_process=="1") {
23
+ $this->mo2f_end_scan();
24
+ return "1";
25
+ }
26
+ else{
27
+ return "0";
28
+ }
29
+ }
30
+ function file_cron_scan(){//main cron function
31
+
32
+ $scan_request = isset($_GET['scan_request'])? $_GET['scan_request']:false;
33
+ if($scan_request) {
34
+ $status=$this->check_scan_status();
35
+
36
+ if($status){
37
+ exit;
38
+ //abort
39
+ }
40
+ ini_set('memory_limit', '-1');
41
+ ini_set('max_execution_time', 0);
42
+ $scan_mode = isset( $_GET['scan_mode'] ) ? $_GET['scan_mode'] : false;
43
+ $scan_stage_complete = isset( $_GET['scan_stage_complete'] ) ? $_GET['scan_stage_complete'] : false;
44
+ $reportid = isset( $_GET['reportid'] ) ? $_GET['reportid'] : false;
45
+
46
+ $scanverification = isset( $_GET['scanverification'] ) ? $_GET['scanverification'] : false;
47
+ $scanverification_code = get_site_option( "mo2f_scanverification" );
48
+ if ( $scanverification != $scanverification_code ) {
49
+ error_log( "Request Does not exists" );
50
+ exit;
51
+ }
52
+
53
+ $mo2f_malware_db_handler = new MoWpnsDB();
54
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
55
+
56
+ //switch case stage wise
57
+ if ( $scan_mode == 'Quick Scan' ) {
58
+ $scan_config = MoWpnsConstants::$quick_scan_configuration;
59
+ } elseif ( $scan_mode == 'Standard Scan' ) {
60
+ $scan_config = MoWpnsConstants::$standard_scan_configuration;
61
+ } else {
62
+ $scan_config = get_site_option( 'mo2f_custom_scan_config' );
63
+ }
64
+
65
+ $repo_status_code = get_site_option('mo2f_repo_status');
66
+ if ( ($scan_config['check_repo'] == 0 || $repo_status_code < 0) && $scan_stage_complete == 3 ) {//repo check not required so scan ended
67
+
68
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
69
+ $mo_wpns_files_scanned=$decoded_scan_status->total_files;
70
+ $decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
71
+ $encoded_scan_status=json_encode($decoded_scan_status);
72
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
73
+ $this->mo2f_end_scan();
74
+ exit;
75
+ }
76
+
77
+ $uploads_dir = wp_upload_dir();
78
+ $uploads_path= $uploads_dir['basedir'];
79
+ $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
80
+ $current_time = time();
81
+ $time_limit = ini_get( 'max_execution_time' );
82
+ usleep(10000);//10miliseconds
83
+ switch ( $scan_stage_complete ) {
84
+ case 1:
85
+ $this->mo2f_scan_with_service( $scan_config, $reportid, $scanverification);
86
+ break;
87
+ case 2:
88
+ $this->mo2f_check_ext_link( $scan_config,$reportid,$scanverification);
89
+ break;
90
+ case 3:
91
+ $mo_wpns_scan_handler->mo2f_download_plugins_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
92
+ break;
93
+ case 4:
94
+ $mo_wpns_scan_handler->mo2f_download_themes_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
95
+ break;
96
+ case 5:
97
+ $mo_wpns_scan_handler->mo2f_download_core_wp( $repo_file_path, $scan_config,$reportid, $scanverification);
98
+ break;
99
+ case 6:
100
+ $this->mo2f_check_with_repo( $scan_config, $repo_file_path,$reportid,$scanverification);
101
+ break;
102
+ case 7:
103
+ $this->mo2f_end_scan();
104
+ break;
105
+ }
106
+ }
107
+ }
108
+
109
+ function mo2f_scan_with_service($scan_config, $reportid, $scanverification){
110
+ $current_time= time();
111
+ $mo2f_malware_db_handler = new MoWpnsDB();
112
+ $files_to_scan=$mo2f_malware_db_handler->get_files_in_parts();
113
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
114
+
115
+ if(empty($files_to_scan)){
116
+
117
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
118
+ $scan_malware_count=$last_report[0]->malware_count;
119
+ $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
120
+
121
+ $hostname = 'scanner.api.xecurify.com';
122
+ $malware_server_status = $mo_wpns_scan_handler->mo_wpns_check_malware_server_status($hostname);
123
+ if($malware_server_status){
124
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
125
+ $postdata = http_build_query(array('fileCount' => $last_scan, 'maliciousCount' => $scan_malware_count));
126
+ $content_type = 'application/x-www-form-urlencoded';
127
+ $lastRequest = $mo_wpns_scan_handler->mo_wpns_malware_scan_request($postdata, $host, $content_type);
128
+ }
129
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
130
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
131
+
132
+ }else{//sending next 100 files
133
+ $current_time= time();
134
+ $time_limit= ini_get('max_execution_time');
135
+ $result=$mo_wpns_scan_handler->get_scan_result_parts($mo2f_malware_db_handler, $files_to_scan, $scan_config, $current_time, $time_limit);
136
+
137
+ if($result['scan']){
138
+ foreach ($result['scan'] as $key => $value) {
139
+ $value=array('scan'=>'Premium');
140
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
141
+ }
142
+ }
143
+ $mo2f_malware_db_handler->update_files_scan($files_to_scan, $result['file_count']);
144
+
145
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
146
+ $result['file_count']= $last_report[0]->scanned_files + $result['file_count'];
147
+ $result['malware_count'] = $last_report[0]->malware_count + $result['malware_count'];
148
+ $result['malicious_link'] = 0;
149
+ $result['repo_issues'] = $last_report[0]->repo_issues;
150
+
151
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
152
+
153
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
154
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
155
+
156
+ }
157
+ }
158
+
159
+ function mo2f_check_ext_link($scan_config, $reportid, $scanverification){
160
+ $mo2f_malware_db_handler = new MoWpnsDB();
161
+ $files_to_scan=$mo2f_malware_db_handler->get_files_for_link();
162
+ $currentFileScanTime=time();
163
+
164
+ if(!empty($files_to_scan) && $scan_config['ext_link_check']){
165
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
166
+ $current_time= time();
167
+ $time_limit= ini_get('max_execution_time');
168
+ $response=$mo_wpns_scan_handler->scan_for_ext_link($files_to_scan, $scan_config, $current_time, $time_limit, $reportid);
169
+
170
+ if($response['scan']){
171
+ foreach ($response['scan'] as $key => $value) {
172
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
173
+ }
174
+ }
175
+ $mo2f_malware_db_handler->update_files_scan_ext_link($files_to_scan, $response['file_count']);
176
+
177
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
178
+ $response['file_count']= $last_report[0]->scanned_files;
179
+ $response['malware_count'] = $last_report[0]->malware_count;
180
+ $response['repo_issues'] = $last_report[0]->repo_issues;
181
+ $response['malicious_link'] = $last_report[0]->malicious_links + $response['malicious_link'];
182
+
183
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
184
+
185
+ $response=$mo_wpns_scan_handler->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
186
+ }else{
187
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
188
+ $mo_wpns_files_scanned=$decoded_scan_status->total_files;
189
+ $decoded_scan_status->files_scanned=0.85*$mo_wpns_files_scanned;
190
+ $encoded_scan_status=json_encode($decoded_scan_status);
191
+ update_site_option('mo_wpns_scan_status', $encoded_scan_status);
192
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
193
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 3);
194
+
195
+ }
196
+ }
197
+
198
+ function mo2f_check_with_repo($scan_config, $repo_file_path,$reportid, $scanverification){
199
+ $download_status=false;
200
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
201
+ $decoded_scan_configuration->status_download_time=$download_status;
202
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
203
+ update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
204
+ $mo2f_malware_db_handler = new MoWpnsDB();
205
+ $response=array();
206
+ $repo_status = get_site_option('mo2f_repo_status');
207
+ $repo_key = get_site_option('mo2f_current_repo_key');
208
+ if($repo_status != 0){
209
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
210
+ if($repo_status == -95){
211
+ if(!empty($last_report)){
212
+ $mo2f_malware_db_handler->mo2f_update_net_issue($reportid);
213
+ }
214
+ $this->mo2f_end_scan();
215
+ exit;
216
+ }else{
217
+ if(! empty($last_report)){
218
+ $issue = $last_report[0]->repo_key;
219
+ if($repo_key == 'core'){
220
+ $issue.= "WordPress Core Files;";
221
+ }else{
222
+ $issue.= $repo_key.";";
223
+ }
224
+ $mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
225
+ }
226
+
227
+ $this->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
228
+ }
229
+
230
+ }else{
231
+ $files_to_scan=$mo2f_malware_db_handler->get_files_for_repo($repo_key);
232
+ if(empty($files_to_scan)){
233
+ $this->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
234
+ }else{
235
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
236
+ $current_time= time();
237
+ $time_limit= ini_get('max_execution_time');
238
+ $response=$mo_wpns_scan_handler->scan_with_repo($files_to_scan, $scan_config, $current_time, $time_limit, $reportid, $repo_file_path);
239
+
240
+ if($response['scan']){
241
+ foreach ($response['scan'] as $key => $value) {
242
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
243
+ }
244
+ }
245
+ $mo2f_malware_db_handler->update_files_scan_repo($files_to_scan, $response['file_count']);
246
+
247
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
248
+ $response['file_count']= $last_report[0]->scanned_files;
249
+ $response['malware_count'] = $last_report[0]->malware_count;
250
+ $response['repo_issues'] = $last_report[0]->repo_issues + $response['repo_issues'];
251
+ $response['malicious_link'] = $last_report[0]->malicious_links;
252
+
253
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
254
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
255
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 6);
256
+ }
257
+ }
258
+ }
259
+
260
+ function mo2f_end_scan(){
261
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
262
+ $mo2f_malware_db_handler = new MoWpnsDB();
263
+ $uploads_dir = wp_upload_dir();
264
+ $uploads_path= $uploads_dir['basedir'];
265
+ $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
266
+ if(is_dir($repo_file_path)){
267
+ $mo_wpns_scan_handler->remove_dir($repo_file_path);
268
+ }
269
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
270
+ $decoded_scan_configuration->scan_progress="COMPLETE";
271
+ $encoded_scan_configuration=json_encode($decoded_scan_configuration);
272
+ update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
273
+ $mo2f_malware_db_handler->delete_files_parts();
274
+ exit;
275
+ }
276
+
277
+ function mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path){
278
+ $download_info = get_site_option('mo2f_download_info');
279
+ $download_done = get_site_option('mo2f_download_done');
280
+ $Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
281
+ if(is_dir($repo_file_path)){
282
+ $Mo_wpns_Scan_Handler_Cron->remove_dir($repo_file_path);
283
+ }
284
+ if($download_info['stage'] == 'plugins'){
285
+ if($download_done < $download_info['plugin_count']){
286
+ $next_stage = 3;
287
+ }else{
288
+ update_site_option('mo2f_download_done',0);
289
+ $next_stage = 4;
290
+ }
291
+ }else if ($download_info['stage'] == 'themes') {
292
+ if($download_done < $download_info['theme_count']){
293
+ $next_stage = 4;
294
+ }else{
295
+ update_site_option('mo2f_download_done',0);
296
+ $next_stage = 5;
297
+ }
298
+ }else{
299
+ $next_stage = 7;
300
+ }
301
+
302
+ $response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $next_stage);
303
+ }
304
+
305
+ }new mo2f_scanner_parts;
handler/mo-error.html CHANGED
@@ -1,11 +1,11 @@
1
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
- <div>
3
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
- <div>
5
- <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
- <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
- <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
- <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
- <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
- </div>
11
  </div>
1
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
+ <div>
3
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
+ <div>
5
+ <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
+ <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
+ <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
+ <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
+ <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
+ </div>
11
  </div>
handler/mo-waf.php CHANGED
@@ -1,586 +1,586 @@
1
- <?php
2
-
3
- $dir =dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
- $xssFile = $dir.'/signature/APXSS.php';
7
- $lfiFile = $dir.'/signature/APLFI.php';
8
- $configfilepath = explode('wp-content', $dir);
9
- $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
-
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include_once($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
- $dir_name = explode('wp-content', $dir);
26
- $file = file_get_contents($dir_name[0].'wp-config.php');
27
- $content = explode("\n", $file);
28
- $len = sizeof($content);
29
- $Ismultisite = 0;
30
- $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
31
-
32
- $prefix = 'wp_';
33
-
34
- for($i=0;$i<$len;$i++)
35
- {
36
-
37
- if(preg_match("/define/", $content[$i]))
38
- {
39
- $cont = explode(",", $content[$i]);
40
- $string = str_replace(array('define(',' ','\''), '', $cont[0]);
41
- switch ($string) {
42
- case "DB_NAME":
43
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
44
- $res = preg_replace('/\s/', '', $res);
45
- $dbD['DB_NAME'] = $res;
46
- break;
47
- case 'DB_USER':
48
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
49
- $res = preg_replace('/\s/', '', $res);
50
- $dbD['DB_USER'] = $res;
51
- break;
52
- case "DB_PASSWORD":
53
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
54
- $res = preg_replace('/\s/', '', $res);
55
- $dbD['DB_PASSWORD'] = $res;
56
- break;
57
- case 'DB_HOST':
58
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
59
- $res = preg_replace('/\s/', '', $res);
60
- $dbD['DB_HOST'] = $res;
61
- break;
62
- case "DB_CHARSET":
63
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
64
- $res = preg_replace('/\s/', '', $res);
65
- $dbD['DB_CHARSET'] = $res;
66
- break;
67
- case 'DB_COLLATE':
68
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
69
- $res = preg_replace('/\s/', '', $res);
70
- $dbD['DB_COLLATE'] = $res;
71
- break;
72
- default:
73
-
74
- break;
75
- }
76
- }
77
- if(preg_match('/\$table_prefix/', $content[$i]))
78
- {
79
- $cont = explode("'", $content[$i]);
80
-
81
- $prefix = $cont['1'];
82
- }
83
- }
84
-
85
-
86
- global $dbcon;
87
- $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
88
- if(!$dbcon)
89
- {
90
- echo "database connection error";
91
- exit;
92
-
93
- }
94
-
95
- if(mysqli_select_db($dbcon,$dbD['DB_NAME']))
96
- {
97
- $query = 'SELECT * FROM '.$prefix.'options WHERE `option_name`="WAF";';
98
- $results1 = mysqli_query($dbcon,$query);
99
- $row = mysqli_fetch_array($results1);
100
- if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
101
- $ipaddress = '';
102
- if (isset($_SERVER['HTTP_CLIENT_IP']))
103
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
104
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
105
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
106
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
107
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
108
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
109
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
110
- else if(isset($_SERVER['HTTP_FORWARDED']))
111
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
112
- else if(isset($_SERVER['REMOTE_ADDR']))
113
- $ipaddress = $_SERVER['REMOTE_ADDR'];
114
- else
115
- $ipaddress = 'UNKNOWN';
116
-
117
- $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
118
- $results = mysqli_query($dbcon,$query);
119
- if($results)
120
- {
121
- $row = mysqli_fetch_array($results);
122
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
123
- $results = mysqli_query($dbcon,$query);
124
- if($results)
125
- {
126
- $row1 = mysqli_fetch_array($results);
127
- if(!is_null($row1['ip_address']))
128
- {
129
-
130
- }
131
- else if(!is_null($row['ip_address']))
132
- {
133
- header('HTTP/1.1 403 Forbidden');
134
- include_once("mo-block.html");
135
- exit;
136
- }
137
- }
138
- else if(!is_null($row['ip_address']))
139
- {
140
- header('HTTP/1.1 403 Forbidden');
141
- include_once("mo-block.html");
142
- exit;
143
-
144
- }
145
-
146
- }
147
-
148
-
149
- $dir_name = dirname(__FILE__);
150
- $dir_name1 = explode('wp-content', $dir_name);
151
- $dir_name = $dir_name1[0];
152
- $filepath = str_replace('\\', '/', $dir_name1[0]);
153
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
154
- if($missingFile==1)
155
- {
156
- if(!file_exists($fileName))
157
- {
158
- $file = fopen($fileName, "a+");
159
- $string = "<?php".PHP_EOL;
160
- $query = 'select option_value from '.$prefix.'options where option_name = "SQLInjection";' ;
161
- $results = mysqli_query($dbcon,$query);
162
- if($results)
163
- {
164
- $row = mysqli_fetch_array($results);
165
- $string .= '$SQL='.$row["option_value"].';'.PHP_EOL;
166
- }
167
- $query = 'select option_value from '.$prefix.'options where option_name = "XSSAttack";' ;
168
- $results = mysqli_query($dbcon,$query);
169
- if($results)
170
- {
171
- $row = mysqli_fetch_array($results);
172
- $string .= '$XSS='.$row["option_value"].';'.PHP_EOL;
173
- }
174
- $query = 'select option_value from '.$prefix.'options where option_name = "RFIAttack";' ;
175
- $results = mysqli_query($dbcon,$query);
176
- if($results)
177
- {
178
- $row = mysqli_fetch_array($results);
179
- $string .= '$RFI='.$row["option_value"].';'.PHP_EOL;
180
- }
181
- $query = 'select option_value from '.$prefix.'options where option_name = "LFIAttack";' ;
182
- $results = mysqli_query($dbcon,$query);
183
- if($results)
184
- {
185
- $row = mysqli_fetch_array($results);
186
- $string .= '$LFI='.$row["option_value"].';'.PHP_EOL;
187
- }
188
- $query = 'select option_value from '.$prefix.'options where option_name = "RCEAttack";' ;
189
- $results = mysqli_query($dbcon,$query);
190
- if($results)
191
- {
192
- $row = mysqli_fetch_array($results);
193
- $string .= '$RCE='.$row["option_value"].';'.PHP_EOL;
194
- }
195
- $query = 'select option_value from '.$prefix.'options where option_name = "Rate_limiting";' ;
196
- $results = mysqli_query($dbcon,$query);
197
- if($results)
198
- {
199
- $row = mysqli_fetch_array($results);
200
- if($row["option_value"]!='')
201
- $string .= '$RateLimiting='.$row["option_value"].';'.PHP_EOL;
202
- else
203
- $string .= '$RateLimiting=0;'.PHP_EOL;
204
- }
205
- $query = 'select option_value from '.$prefix.'options where option_name = "Rate_request";' ;
206
- $results = mysqli_query($dbcon,$query);
207
- if($results)
208
- {
209
- $row = mysqli_fetch_array($results);
210
- if($row["option_value"]!='')
211
- $string .= '$RequestsPMin='.$row["option_value"].';'.PHP_EOL;
212
- else
213
- $string .= '$RequestsPMin=120;'.PHP_EOL;
214
- }
215
-
216
- $query = 'select option_value from '.$prefix.'options where option_name = "actionRateL";' ;
217
- $results = mysqli_query($dbcon,$query);
218
- if($results)
219
- {
220
-
221
- $row = mysqli_fetch_array($results);
222
- if($row["option_value"] == 1)
223
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
224
- else
225
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
226
- }
227
- $string .= '?>'.PHP_EOL;
228
- fwrite($file, $string);
229
- fclose($file);
230
-
231
- }
232
-
233
- }
234
-
235
- include_once($fileName);
236
- if($RateLimiting == 1)
237
- {
238
-
239
-
240
- $time = 60;
241
- $reqLimit = $RequestsPMin;
242
- $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
243
- $results = mysqli_query($dbcon,$query);
244
-
245
- $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
- $results = mysqli_query($dbcon,$query);
247
-
248
- $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
249
- $results = mysqli_query($dbcon,$query);
250
-
251
- if($results)
252
- {
253
- $row = mysqli_fetch_array($results);
254
- if($row['count(*)']>=$reqLimit)
255
- {
256
- $action = $actionRateL;
257
- if($action == 'ThrottleIP')
258
- {
259
- $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
260
- $results = mysqli_query($dbcon,$query);
261
- $results = mysqli_fetch_array($results);
262
- $current_time = time();
263
- if($current_time>$results['time']+60)
264
- {
265
- $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
266
- $results = mysqli_query($dbcon,$query);
267
- }
268
- header('HTTP/1.1 403 Forbidden');
269
- include_once("mo-error.html");
270
- exit;
271
- }
272
- else
273
- {
274
- $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
275
- $results = mysqli_query($dbcon,$query);
276
- $results = mysqli_fetch_array($results);
277
- $current_time = time();
278
- if($current_time>$results['time']+60)
279
- {
280
- $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
281
- $results = mysqli_query($dbcon,$query);
282
- }
283
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
284
- $results = mysqli_query($dbcon,$query);
285
- if($results)
286
- {
287
- $row1 = mysqli_fetch_array($results);
288
- if(!is_null($row1['ip_address']))
289
- {
290
-
291
- }
292
- else
293
- {
294
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".time().");";
295
- $results = mysqli_query($dbcon,$query);
296
- }
297
- header('HTTP/1.1 403 Forbidden');
298
- include_once("mo-error.html");
299
- exit;
300
- }
301
- }
302
- }
303
- }
304
-
305
- }
306
-
307
- $attack = array();
308
- if($SQL==1)
309
- {
310
- array_push($attack,"SQL");
311
- }
312
- if($XSS==1)
313
- {
314
- array_push($attack,"XSS");
315
- }
316
-
317
- if($LFI==1)
318
- {
319
- array_push($attack,"LFI");
320
- }
321
-
322
-
323
-
324
- $attackC = $attack;
325
- $ParanoiaLevel = 1;
326
- $annomalyS = 0;
327
- $SQLScore = 0;
328
- $XSSScore = 0;
329
- $query = 'select option_value from '.$prefix.'options where option_name ="limitAttack";';
330
- $results = mysqli_query($dbcon,$query);
331
- $rows = mysqli_fetch_array($results);
332
-
333
- $limitAttack = intval($rows['option_value']);
334
-
335
-
336
- foreach ($attackC as $key1 => $value1) {
337
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
338
- {
339
- if(isset($regex[$value1][$lev]))
340
- { $ooo = 0;
341
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
342
- {
343
- foreach ($_REQUEST as $key => $value) {
344
-
345
- if($regex[$value1][$lev][$i] != "")
346
- {
347
- if(strpos($regex[$value1][$lev][$i], '/') == false)
348
- {
349
- if(is_string($value))
350
- {
351
- if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
352
- {
353
-
354
- $scoreValue = 0;
355
-
356
- $annomalyMS = $score[$value1][$lev][$i];
357
- if(strcmp($annomalyMS,"CRITICAL")==0)
358
- {
359
- $scoreValue = 5;
360
- }
361
-
362
- elseif(strcmp($annomalyMS,"WARNING")==0)
363
- {
364
- $scoreValue = 3;
365
- }
366
- elseif(strcmp($annomalyMS,"ERROR")==0)
367
- {
368
- $scoreValue = 4;
369
- }
370
- elseif(strcmp($annomalyMS,"NOTICE")==0)
371
- {
372
- $scoreValue =2;
373
- }
374
-
375
-
376
- if($value1 == "SQL")
377
- {
378
- $SQLScore += $scoreValue;
379
- }
380
- elseif ($value1 == "XSS")
381
- {
382
- $XSSScore += $scoreValue;
383
- }
384
- else
385
- {
386
- $annomalyS += $scoreValue;
387
- }
388
-
389
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
390
- {
391
- $value = htmlspecialchars($value);
392
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
393
- $results = mysqli_query($dbcon,$query);
394
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
395
- $results = mysqli_query($dbcon,$query);
396
- $rows = mysqli_fetch_array($results);
397
- if($rows['count(*)']>$limitAttack)
398
- {
399
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
400
- $results = mysqli_query($dbcon,$query);
401
- if($results)
402
- {
403
- $row1 = mysqli_fetch_array($results);
404
- if(!is_null($row1['ip_address']))
405
- {
406
- //IP WHiTELISTED
407
- }
408
- else
409
- {
410
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
411
- $results = mysqli_query($dbcon,$query);
412
- }
413
- }
414
- }
415
-
416
-
417
- header('HTTP/1.1 403 Forbidden');
418
- include_once("mo-error.html");
419
- exit;
420
- }
421
-
422
- }}
423
- }
424
- else if (strpos($regex[$value1][$lev][$i], '#') == false) {
425
- if(is_string($value))
426
- {
427
- if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
428
- {
429
- $scoreValue = 0;
430
- $annomalyMS = $score[$value1][$lev][$i];
431
- if(strcmp($annomalyMS,"CRITICAL")==0)
432
- {
433
- $scoreValue = 5;
434
- }
435
-
436
- elseif(strcmp($annomalyMS,"WARNING")==0)
437
- {
438
- $scoreValue = 3;
439
- }
440
- elseif(strcmp($annomalyMS,"ERROR")==0)
441
- {
442
- $scoreValue = 4;
443
- }
444
- elseif(strcmp($annomalyMS,"NOTICE")==0)
445
- {
446
- $scoreValue =2;
447
- }
448
-
449
-
450
- if($value1 == "SQL")
451
- {
452
- $SQLScore += $scoreValue;
453
- }
454
- elseif ($value1 == "XSS")
455
- {
456
- $XSSScore += $scoreValue;
457
- }
458
- else
459
- {
460
- $annomalyS += $scoreValue;
461
- }
462
-
463
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
464
- {
465
- $value = htmlspecialchars($value);
466
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
467
- $results = mysqli_query($dbcon,$query);
468
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
469
- $results = mysqli_query($dbcon,$query);
470
- $rows = mysqli_fetch_array($results);
471
- if($rows['count(*)']>$limitAttack)
472
- {
473
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
474
- $results = mysqli_query($dbcon,$query);
475
- if($results)
476
- {
477
- $row1 = mysqli_fetch_array($results);
478
- if(!is_null($row1['ip_address']))
479
- {
480
- //IP WHiTELISTED
481
- }
482
- else
483
- {
484
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
485
- $results = mysqli_query($dbcon,$query);
486
- }
487
- }
488
- }
489
-
490
-
491
- header('HTTP/1.1 403 Forbidden');
492
- include_once("mo-error.html");
493
- exit;
494
- }
495
- }}
496
- }
497
-
498
- elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
499
- if(is_string($value))
500
- {
501
- if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
502
- {
503
- $scoreValue = 0;
504
- $annomalyMS = $score[$value1][$lev][$i];
505
- if(strcmp($annomalyMS,"CRITICAL")==0)
506
- {
507
- $scoreValue = 5;
508
- }
509
-
510
- elseif(strcmp($annomalyMS,"WARNING")==0)
511
- {
512
- $scoreValue = 3;
513
- }
514
- elseif(strcmp($annomalyMS,"ERROR")==0)
515
- {
516
- $scoreValue = 4;
517
- }
518
- elseif(strcmp($annomalyMS,"NOTICE")==0)
519
- {
520
- $scoreValue =2;
521
- }
522
-
523
-
524
- if($value1 == "SQL")
525
- {
526
- $SQLScore += $scoreValue;
527
- }
528
- elseif ($value1 == "XSS")
529
- {
530
- $XSSScore += $scoreValue;
531
- }
532
- else
533
- {
534
- $annomalyS += $scoreValue;
535
- }
536
-
537
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
538
- {
539
- $value = htmlspecialchars($value);
540
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
541
- $results = mysqli_query($dbcon,$query);
542
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
543
- $results = mysqli_query($dbcon,$query);
544
- $rows = mysqli_fetch_array($results);
545
- if($rows['count(*)']>$limitAttack)
546
- {
547
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
548
- $results = mysqli_query($dbcon,$query);
549
- if($results)
550
- {
551
- $row1 = mysqli_fetch_array($results);
552
- if(!is_null($row1['ip_address']))
553
- {
554
- //IP WHiTELISTED
555
- }
556
- else
557
- {
558
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
559
- $results = mysqli_query($dbcon,$query);
560
- }
561
- }
562
- }
563
-
564
-
565
- header('HTTP/1.1 403 Forbidden');
566
- include_once("mo-error.html");
567
- exit;
568
- }
569
- }
570
- }
571
-
572
- }
573
-
574
- }
575
- }
576
-
577
- }
578
- }
579
-
580
- }
581
- }
582
- }
583
- }
584
-
585
- $dbcon->close();
586
- ?>
1
+ <?php
2
+
3
+ $dir =dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
+ $xssFile = $dir.'/signature/APXSS.php';
7
+ $lfiFile = $dir.'/signature/APLFI.php';
8
+ $configfilepath = explode('wp-content', $dir);
9
+ $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
+
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include_once($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+ $dir_name = explode('wp-content', $dir);
26
+ $file = file_get_contents($dir_name[0].'wp-config.php');
27
+ $content = explode("\n", $file);
28
+ $len = sizeof($content);
29
+ $Ismultisite = 0;
30
+ $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
31
+
32
+ $prefix = 'wp_';
33
+
34
+ for($i=0;$i<$len;$i++)
35
+ {
36
+
37
+ if(preg_match("/define/", $content[$i]))
38
+ {
39
+ $cont = explode(",", $content[$i]);
40
+ $string = str_replace(array('define(',' ','\''), '', $cont[0]);
41
+ switch ($string) {
42
+ case "DB_NAME":
43
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
44
+ $res = preg_replace('/\s/', '', $res);
45
+ $dbD['DB_NAME'] = $res;
46
+ break;
47
+ case 'DB_USER':
48
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
49
+ $res = preg_replace('/\s/', '', $res);
50
+ $dbD['DB_USER'] = $res;
51
+ break;
52
+ case "DB_PASSWORD":
53
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
54
+ $res = preg_replace('/\s/', '', $res);
55
+ $dbD['DB_PASSWORD'] = $res;
56
+ break;
57
+ case 'DB_HOST':
58
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
59
+ $res = preg_replace('/\s/', '', $res);
60
+ $dbD['DB_HOST'] = $res;
61
+ break;
62
+ case "DB_CHARSET":
63
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
64
+ $res = preg_replace('/\s/', '', $res);
65
+ $dbD['DB_CHARSET'] = $res;
66
+ break;
67
+ case 'DB_COLLATE':
68
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
69
+ $res = preg_replace('/\s/', '', $res);
70
+ $dbD['DB_COLLATE'] = $res;
71
+ break;
72
+ default:
73
+
74
+ break;
75
+ }
76
+ }
77
+ if(preg_match('/\$table_prefix/', $content[$i]))
78
+ {
79
+ $cont = explode("'", $content[$i]);
80
+
81
+ $prefix = $cont['1'];
82
+ }
83
+ }
84
+
85
+
86
+ global $dbcon;
87
+ $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
88
+ if(!$dbcon)
89
+ {
90
+ echo "database connection error";
91
+ exit;
92
+
93
+ }
94
+
95
+ if(mysqli_select_db($dbcon,$dbD['DB_NAME']))
96
+ {
97
+ $query = 'SELECT * FROM '.$prefix.'options WHERE `option_name`="WAF";';
98
+ $results1 = mysqli_query($dbcon,$query);
99
+ $row = mysqli_fetch_array($results1);
100
+ if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
101
+ $ipaddress = '';
102
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
103
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
104
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
105
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
106
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
107
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
108
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
109
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
110
+ else if(isset($_SERVER['HTTP_FORWARDED']))
111
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
112
+ else if(isset($_SERVER['REMOTE_ADDR']))
113
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
114
+ else
115
+ $ipaddress = 'UNKNOWN';
116
+
117
+ $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
118
+ $results = mysqli_query($dbcon,$query);
119
+ if($results)
120
+ {
121
+ $row = mysqli_fetch_array($results);
122
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
123
+ $results = mysqli_query($dbcon,$query);
124
+ if($results)
125
+ {
126
+ $row1 = mysqli_fetch_array($results);
127
+ if(!is_null($row1['ip_address']))
128
+ {
129
+
130
+ }
131
+ else if(!is_null($row['ip_address']))
132
+ {
133
+ header('HTTP/1.1 403 Forbidden');
134
+ include_once("mo-block.html");
135
+ exit;
136
+ }
137
+ }
138
+ else if(!is_null($row['ip_address']))
139
+ {
140
+ header('HTTP/1.1 403 Forbidden');
141
+ include_once("mo-block.html");
142
+ exit;
143
+
144
+ }
145
+
146
+ }
147
+
148
+
149
+ $dir_name = dirname(__FILE__);
150
+ $dir_name1 = explode('wp-content', $dir_name);
151
+ $dir_name = $dir_name1[0];
152
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
153
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
154
+ if($missingFile==1)
155
+ {
156
+ if(!file_exists($fileName))
157
+ {
158
+ $file = fopen($fileName, "a+");
159
+ $string = "<?php".PHP_EOL;
160
+ $query = 'select option_value from '.$prefix.'options where option_name = "SQLInjection";' ;
161
+ $results = mysqli_query($dbcon,$query);
162
+ if($results)
163
+ {
164
+ $row = mysqli_fetch_array($results);
165
+ $string .= '$SQL='.$row["option_value"].';'.PHP_EOL;
166
+ }
167
+ $query = 'select option_value from '.$prefix.'options where option_name = "XSSAttack";' ;
168
+ $results = mysqli_query($dbcon,$query);
169
+ if($results)
170
+ {
171
+ $row = mysqli_fetch_array($results);
172
+ $string .= '$XSS='.$row["option_value"].';'.PHP_EOL;
173
+ }
174
+ $query = 'select option_value from '.$prefix.'options where option_name = "RFIAttack";' ;
175
+ $results = mysqli_query($dbcon,$query);
176
+ if($results)
177
+ {
178
+ $row = mysqli_fetch_array($results);
179
+ $string .= '$RFI='.$row["option_value"].';'.PHP_EOL;
180
+ }
181
+ $query = 'select option_value from '.$prefix.'options where option_name = "LFIAttack";' ;
182
+ $results = mysqli_query($dbcon,$query);
183
+ if($results)
184
+ {
185
+ $row = mysqli_fetch_array($results);
186
+ $string .= '$LFI='.$row["option_value"].';'.PHP_EOL;
187
+ }
188
+ $query = 'select option_value from '.$prefix.'options where option_name = "RCEAttack";' ;
189
+ $results = mysqli_query($dbcon,$query);
190
+ if($results)
191
+ {
192
+ $row = mysqli_fetch_array($results);
193
+ $string .= '$RCE='.$row["option_value"].';'.PHP_EOL;
194
+ }
195
+ $query = 'select option_value from '.$prefix.'options where option_name = "Rate_limiting";' ;
196
+ $results = mysqli_query($dbcon,$query);
197
+ if($results)
198
+ {
199
+ $row = mysqli_fetch_array($results);
200
+ if($row["option_value"]!='')
201
+ $string .= '$RateLimiting='.$row["option_value"].';'.PHP_EOL;
202
+ else
203
+ $string .= '$RateLimiting=0;'.PHP_EOL;
204
+ }
205
+ $query = 'select option_value from '.$prefix.'options where option_name = "Rate_request";' ;
206
+ $results = mysqli_query($dbcon,$query);
207
+ if($results)
208
+ {
209
+ $row = mysqli_fetch_array($results);
210
+ if($row["option_value"]!='')
211
+ $string .= '$RequestsPMin='.$row["option_value"].';'.PHP_EOL;
212
+ else
213
+ $string .= '$RequestsPMin=120;'.PHP_EOL;
214
+ }
215
+
216
+ $query = 'select option_value from '.$prefix.'options where option_name = "actionRateL";' ;
217
+ $results = mysqli_query($dbcon,$query);
218
+ if($results)
219
+ {
220
+
221
+ $row = mysqli_fetch_array($results);
222
+ if($row["option_value"] == 1)
223
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
224
+ else
225
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
226
+ }
227
+ $string .= '?>'.PHP_EOL;
228
+ fwrite($file, $string);
229
+ fclose($file);
230
+
231
+ }
232
+
233
+ }
234
+
235
+ include_once($fileName);
236
+ if($RateLimiting == 1)
237
+ {
238
+
239
+
240
+ $time = 60;
241
+ $reqLimit = $RequestsPMin;
242
+ $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
243
+ $results = mysqli_query($dbcon,$query);
244
+
245
+ $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
+ $results = mysqli_query($dbcon,$query);
247
+
248
+ $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
249
+ $results = mysqli_query($dbcon,$query);
250
+
251
+ if($results)
252
+ {
253
+ $row = mysqli_fetch_array($results);
254
+ if($row['count(*)']>=$reqLimit)
255
+ {
256
+ $action = $actionRateL;
257
+ if($action == 'ThrottleIP')
258
+ {
259
+ $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
260
+ $results = mysqli_query($dbcon,$query);
261
+ $results = mysqli_fetch_array($results);
262
+ $current_time = time();
263
+ if($current_time>$results['time']+60)
264
+ {
265
+ $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
266
+ $results = mysqli_query($dbcon,$query);
267
+ }
268
+ header('HTTP/1.1 403 Forbidden');
269
+ include_once("mo-error.html");
270
+ exit;
271
+ }
272
+ else
273
+ {
274
+ $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
275
+ $results = mysqli_query($dbcon,$query);
276
+ $results = mysqli_fetch_array($results);
277
+ $current_time = time();
278
+ if($current_time>$results['time']+60)
279
+ {
280
+ $query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
281
+ $results = mysqli_query($dbcon,$query);
282
+ }
283
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
284
+ $results = mysqli_query($dbcon,$query);
285
+ if($results)
286
+ {
287
+ $row1 = mysqli_fetch_array($results);
288
+ if(!is_null($row1['ip_address']))
289
+ {
290
+
291
+ }
292
+ else
293
+ {
294
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".time().");";
295
+ $results = mysqli_query($dbcon,$query);
296
+ }
297
+ header('HTTP/1.1 403 Forbidden');
298
+ include_once("mo-error.html");
299
+ exit;
300
+ }
301
+ }
302
+ }
303
+ }
304
+
305
+ }
306
+
307
+ $attack = array();
308
+ if($SQL==1)
309
+ {
310
+ array_push($attack,"SQL");
311
+ }
312
+ if($XSS==1)
313
+ {
314
+ array_push($attack,"XSS");
315
+ }
316
+
317
+ if($LFI==1)
318
+ {
319
+ array_push($attack,"LFI");
320
+ }
321
+
322
+
323
+
324
+ $attackC = $attack;
325
+ $ParanoiaLevel = 1;
326
+ $annomalyS = 0;
327
+ $SQLScore = 0;
328
+ $XSSScore = 0;
329
+ $query = 'select option_value from '.$prefix.'options where option_name ="limitAttack";';
330
+ $results = mysqli_query($dbcon,$query);
331
+ $rows = mysqli_fetch_array($results);
332
+
333
+ $limitAttack = intval($rows['option_value']);
334
+
335
+
336
+ foreach ($attackC as $key1 => $value1) {
337
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
338
+ {
339
+ if(isset($regex[$value1][$lev]))
340
+ { $ooo = 0;
341
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
342
+ {
343
+ foreach ($_REQUEST as $key => $value) {
344
+
345
+ if($regex[$value1][$lev][$i] != "")
346
+ {
347
+ if(strpos($regex[$value1][$lev][$i], '/') == false)
348
+ {
349
+ if(is_string($value))
350
+ {
351
+ if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
352
+ {
353
+
354
+ $scoreValue = 0;
355
+
356
+ $annomalyMS = $score[$value1][$lev][$i];
357
+ if(strcmp($annomalyMS,"CRITICAL")==0)
358
+ {
359
+ $scoreValue = 5;
360
+ }
361
+
362
+ elseif(strcmp($annomalyMS,"WARNING")==0)
363
+ {
364
+ $scoreValue = 3;
365
+ }
366
+ elseif(strcmp($annomalyMS,"ERROR")==0)
367
+ {
368
+ $scoreValue = 4;
369
+ }
370
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
371
+ {
372
+ $scoreValue =2;
373
+ }
374
+
375
+
376
+ if($value1 == "SQL")
377
+ {
378
+ $SQLScore += $scoreValue;
379
+ }
380
+ elseif ($value1 == "XSS")
381
+ {
382
+ $XSSScore += $scoreValue;
383
+ }
384
+ else
385
+ {
386
+ $annomalyS += $scoreValue;
387
+ }
388
+
389
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
390
+ {
391
+ $value = htmlspecialchars($value);
392
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
393
+ $results = mysqli_query($dbcon,$query);
394
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
395
+ $results = mysqli_query($dbcon,$query);
396
+ $rows = mysqli_fetch_array($results);
397
+ if($rows['count(*)']>$limitAttack)
398
+ {
399
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
400
+ $results = mysqli_query($dbcon,$query);
401
+ if($results)
402
+ {
403
+ $row1 = mysqli_fetch_array($results);
404
+ if(!is_null($row1['ip_address']))
405
+ {
406
+ //IP WHiTELISTED
407
+ }
408
+ else
409
+ {
410
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
411
+ $results = mysqli_query($dbcon,$query);
412
+ }
413
+ }
414
+ }
415
+
416
+
417
+ header('HTTP/1.1 403 Forbidden');
418
+ include_once("mo-error.html");
419
+ exit;
420
+ }
421
+
422
+ }}
423
+ }
424
+ else if (strpos($regex[$value1][$lev][$i], '#') == false) {
425
+ if(is_string($value))
426
+ {
427
+ if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
428
+ {
429
+ $scoreValue = 0;
430
+ $annomalyMS = $score[$value1][$lev][$i];
431
+ if(strcmp($annomalyMS,"CRITICAL")==0)
432
+ {
433
+ $scoreValue = 5;
434
+ }
435
+
436
+ elseif(strcmp($annomalyMS,"WARNING")==0)
437
+ {
438
+ $scoreValue = 3;
439
+ }
440
+ elseif(strcmp($annomalyMS,"ERROR")==0)
441
+ {
442
+ $scoreValue = 4;
443
+ }
444
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
445
+ {
446
+ $scoreValue =2;
447
+ }
448
+
449
+
450
+ if($value1 == "SQL")
451
+ {
452
+ $SQLScore += $scoreValue;
453
+ }
454
+ elseif ($value1 == "XSS")
455
+ {
456
+ $XSSScore += $scoreValue;
457
+ }
458
+ else
459
+ {
460
+ $annomalyS += $scoreValue;
461
+ }
462
+
463
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
464
+ {
465
+ $value = htmlspecialchars($value);
466
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
467
+ $results = mysqli_query($dbcon,$query);
468
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
469
+ $results = mysqli_query($dbcon,$query);
470
+ $rows = mysqli_fetch_array($results);
471
+ if($rows['count(*)']>$limitAttack)
472
+ {
473
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
474
+ $results = mysqli_query($dbcon,$query);
475
+ if($results)
476
+ {
477
+ $row1 = mysqli_fetch_array($results);
478
+ if(!is_null($row1['ip_address']))
479
+ {
480
+ //IP WHiTELISTED
481
+ }
482
+ else
483
+ {
484
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
485
+ $results = mysqli_query($dbcon,$query);
486
+ }
487
+ }
488
+ }
489
+
490
+
491
+ header('HTTP/1.1 403 Forbidden');
492
+ include_once("mo-error.html");
493
+ exit;
494
+ }
495
+ }}
496
+ }
497
+
498
+ elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
499
+ if(is_string($value))
500
+ {
501
+ if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
502
+ {
503
+ $scoreValue = 0;
504
+ $annomalyMS = $score[$value1][$lev][$i];
505
+ if(strcmp($annomalyMS,"CRITICAL")==0)
506
+ {
507
+ $scoreValue = 5;
508
+ }
509
+
510
+ elseif(strcmp($annomalyMS,"WARNING")==0)
511
+ {
512
+ $scoreValue = 3;
513
+ }
514
+ elseif(strcmp($annomalyMS,"ERROR")==0)
515
+ {
516
+ $scoreValue = 4;
517
+ }
518
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
519
+ {
520
+ $scoreValue =2;
521
+ }
522
+
523
+
524
+ if($value1 == "SQL")
525
+ {
526
+ $SQLScore += $scoreValue;
527
+ }
528
+ elseif ($value1 == "XSS")
529
+ {
530
+ $XSSScore += $scoreValue;
531
+ }
532
+ else
533
+ {
534
+ $annomalyS += $scoreValue;
535
+ }
536
+
537
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
538
+ {
539
+ $value = htmlspecialchars($value);
540
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
541
+ $results = mysqli_query($dbcon,$query);
542
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
543
+ $results = mysqli_query($dbcon,$query);
544
+ $rows = mysqli_fetch_array($results);
545
+ if($rows['count(*)']>$limitAttack)
546
+ {
547
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
548
+ $results = mysqli_query($dbcon,$query);
549
+ if($results)
550
+ {
551
+ $row1 = mysqli_fetch_array($results);
552
+ if(!is_null($row1['ip_address']))
553
+ {
554
+ //IP WHiTELISTED
555
+ }
556
+ else
557
+ {
558
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
559
+ $results = mysqli_query($dbcon,$query);
560
+ }
561
+ }
562
+ }
563
+
564
+
565
+ header('HTTP/1.1 403 Forbidden');
566
+ include_once("mo-error.html");
567
+ exit;
568
+ }
569
+ }
570
+ }
571
+
572
+ }
573
+
574
+ }
575
+ }
576
+
577
+ }
578
+ }
579
+
580
+ }
581
+ }
582
+ }
583
+ }
584
+
585
+ $dbcon->close();
586
+ ?>
handler/signature/APLFI.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
- $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
1
+ <?php
2
+
3
+ $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
+ $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
handler/spam.php CHANGED
@@ -1,42 +1,42 @@
1
- <?php
2
-
3
- class Spam
4
- {
5
- function __construct()
6
- {
7
- if(get_option('mo_wpns_enable_comment_spam_blocking') || get_option('mo_wpns_enable_comment_recaptcha'))
8
- {
9
- add_filter( 'preprocess_comment' , array($this, 'comment_spam_check' ) );
10
- add_action( 'comment_form_after_fields' , array($this, 'comment_spam_custom_field' ) );
11
- }
12
- }
13
-
14
- function comment_spam_check( $comment_data )
15
- {
16
- if(!is_user_logged_in()){
17
- global $moWpnsUtility;
18
- if( isset($_POST['mocomment']) && !empty($_POST['mocomment']))
19
- wp_die( __( 'You are not authorised to perform this action.'));
20
- else if(get_option('mo_wpns_enable_comment_recaptcha'))
21
- {
22
- if(is_wp_error($moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']))))
23
- wp_die( __( 'Invalid captcha. Please verify captcha again.'));
24
- }
25
- return $comment_data;
26
- }
27
- else{
28
- return $comment_data;
29
- }
30
- }
31
-
32
- function comment_spam_custom_field()
33
- {
34
- echo '<input type="hidden" name="mocomment" />';
35
- if(get_option('mo_wpns_enable_comment_recaptcha'))
36
- {
37
- echo '<script src="'.MoWpnsConstants::RECAPTCHA_URL.'"></script>';
38
- echo '<div class="g-recaptcha" data-sitekey="'.get_option('mo_wpns_recaptcha_site_key').'"></div>';
39
- }
40
- }
41
- }
42
  new Spam;
1
+ <?php
2
+
3
+ class Spam
4
+ {
5
+ function __construct()
6
+ {
7
+ if(get_option('mo_wpns_enable_comment_spam_blocking') || get_option('mo_wpns_enable_comment_recaptcha'))
8
+ {
9
+ add_filter( 'preprocess_comment' , array($this, 'comment_spam_check' ) );
10
+ add_action( 'comment_form_after_fields' , array($this, 'comment_spam_custom_field' ) );
11
+ }
12
+ }
13
+
14
+ function comment_spam_check( $comment_data )
15
+ {
16
+ if(!is_user_logged_in()){
17
+ global $moWpnsUtility;
18
+ if( isset($_POST['mocomment']) && !empty($_POST['mocomment']))
19
+ wp_die( __( 'You are not authorised to perform this action.'));
20
+ else if(get_option('mo_wpns_enable_comment_recaptcha'))
21
+ {
22
+ if(is_wp_error($moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']))))
23
+ wp_die( __( 'Invalid captcha. Please verify captcha again.'));
24
+ }
25
+ return $comment_data;
26
+ }
27
+ else{
28
+ return $comment_data;
29
+ }
30
+ }
31
+
32
+ function comment_spam_custom_field()
33
+ {
34
+ echo '<input type="hidden" name="mocomment" />';
35
+ if(get_option('mo_wpns_enable_comment_recaptcha'))
36
+ {
37
+ echo '<script src="'.MoWpnsConstants::RECAPTCHA_URL.'"></script>';
38
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option('mo_wpns_recaptcha_site_key').'"></div>';
39
+ }
40
+ }
41
+ }
42
  new Spam;
handler/twofa/setup_twofa.php CHANGED
@@ -88,7 +88,9 @@
88
  "Authy Authenticator",
89
  "Email Verification",
90
  "OTP Over SMS and Email",
91
- "Hardware Token"
 
 
92
  );
93
  $two_factor_methods_descriptions = array(
94
  ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
@@ -102,7 +104,9 @@
102
  "Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
103
  "Email Verification" => "Accept the verification link sent to your email to login.",
104
  "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
105
- "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
 
 
106
  );
107
  $two_factor_methods_doc = array(
108
  "Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
@@ -116,6 +120,8 @@
116
  "OTP Over Email" => "",
117
  "OTP Over SMS and Email" => "",
118
  "Hardware Token" => "",
 
 
119
  "" => ""
120
  );
121
  $two_factor_methods_video = array(
@@ -130,6 +136,8 @@
130
  "OTP Over Email" => "",
131
  "OTP Over SMS and Email" => "",
132
  "Hardware Token" => "",
 
 
133
  "" => ""
134
  );
135
 
@@ -148,7 +156,9 @@
148
  "OTP Over SMS",
149
  "OTP Over Email",
150
  "OTP Over SMS and Email",
151
- "Hardware Token"
 
 
152
  );
153
  $two_factor_methods_descriptions = array(
154
  ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
@@ -162,7 +172,9 @@
162
  "OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
163
  "OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
164
  "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
165
- "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
 
 
166
  );
167
  }
168
 
@@ -329,7 +341,7 @@
329
 
330
  </span>';
331
  break;
332
- case 'Authy Authenticator':
333
  $form .=' <span style="float:right">
334
  <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
335
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
88
  "Authy Authenticator",
89
  "Email Verification",
90
  "OTP Over SMS and Email",
91
+ "Hardware Token",
92
+ "OTP Over Whatsapp",
93
+ "OTP Over Telegram"
94
  );
95
  $two_factor_methods_descriptions = array(
96
  ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
104
  "Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
105
  "Email Verification" => "Accept the verification link sent to your email to login.",
106
  "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
107
+ "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login.",
108
+ "OTP Over Whatsapp" => "Enter the One Time Passcode sent to your Whatsapp account to login. This method is supported with twillio",
109
+ "OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account to login."
110
  );
111
  $two_factor_methods_doc = array(
112
  "Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
120
  "OTP Over Email" => "",
121
  "OTP Over SMS and Email" => "",
122
  "Hardware Token" => "",
123
+ "OTP Over Whatsapp" => "",
124
+ "OTP Over Telegram" => "",
125
  "" => ""
126
  );
127
  $two_factor_methods_video = array(
136
  "OTP Over Email" => "",
137
  "OTP Over SMS and Email" => "",
138
  "Hardware Token" => "",
139
+ "OTP Over Whatsapp" => "",
140
+ "OTP Over Telegram" => "",
141
  "" => ""
142
  );
143
 
156
  "OTP Over SMS",
157
  "OTP Over Email",
158
  "OTP Over SMS and Email",
159
+ "Hardware Token",
160
+ "OTP Over Whatsapp",
161
+ "OTP Over Telegram"
162
  );
163
  $two_factor_methods_descriptions = array(
164
  ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
172
  "OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
173
  "OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
174
  "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
175
+ "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login.",
176
+ "OTP Over Whatsapp" => "Enter the One Time Passcode sent to your Whatsapp account to login. This method is supported with twillio",
177
+ "OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account to login."
178
  );
179
  }
180
 
341
 
342
  </span>';
343
  break;
344
+ case 'Authy Authenticator':
345
  $form .=' <span style="float:right">
346
  <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
347
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
handler/twofa/two_fa_constants.php CHANGED
@@ -330,7 +330,9 @@ class Mo2fConstants {
330
  case 'ERROR_IN_SENDING_OTP_ONPREM':
331
  Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
332
  break;
333
-
 
 
334
  case 'PUSH_NOTIFICATION_SENT':
335
  Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
336
  break;
@@ -428,4 +430,3 @@ class Mo2fConstants {
428
  }
429
 
430
  new Mo2fConstants;
431
- ?>
330
  case 'ERROR_IN_SENDING_OTP_ONPREM':
331
  Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
332
  break;
333
+ case 'SMTP_CHECK_FOR_EMAIL_VERIFICATON':
334
+ Return mo2f_lt('Please set your SMTP to get the email to verify the email at the time of login otherwise you will get logged out');
335
+ break;
336
  case 'PUSH_NOTIFICATION_SENT':
337
  Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
338
  break;
430
  }
431
 
432
  new Mo2fConstants;
 
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1,2656 +1,2849 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
-
25
- include 'two_fa_login.php';
26
- class Miniorange_Password_2Factor_Login {
27
-
28
- private $mo2f_kbaquestions;
29
- private $mo2f_userID;
30
- private $mo2f_rbastatus;
31
- private $mo2f_transactionid;
32
-
33
- function mo2f_inline_login(){
34
- global $moWpnsUtility;
35
- $email = sanitize_email( $_POST['email'] );
36
- $password = sanitize_text_field( $_POST['password'] );
37
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
38
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
39
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
40
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
- {
42
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
- return;
46
- }
47
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
- }
49
- function mo2f_inline_register(){
50
- global $moWpnsUtility, $Mo2fdbQueries;
51
- $email = sanitize_email($_POST['email']);
52
- $company = $_SERVER["SERVER_NAME"];
53
- $password = sanitize_text_field($_POST['password']);
54
- $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
56
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
57
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
58
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
59
- {
60
- $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
61
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
62
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
63
- }
64
- if( $password != $confirmPassword )
65
- {
66
- $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
67
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
68
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
69
- }
70
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
71
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
72
- {
73
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
74
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
75
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
76
- }
77
-
78
- update_option( 'mo2f_email', $email );
79
-
80
- update_option( 'mo_wpns_company' , $company );
81
-
82
- update_option( 'mo_wpns_password' , $password );
83
-
84
- $customer = new MocURL();
85
- $content = json_decode($customer->check_customer($email), true);
86
- $Mo2fdbQueries->insert_user( $user_id );
87
- switch ($content['status'])
88
- {
89
- case 'CUSTOMER_NOT_FOUND':
90
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
91
-
92
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
93
- {
94
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
95
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
96
- }
97
-
98
- break;
99
- default:
100
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
101
- break;
102
- }
103
-
104
- }
105
-
106
- function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
107
- {
108
- global $Mo2fdbQueries;
109
- $customer = new MocURL();
110
-
111
- $content = $customer->get_customer_key($email, $password);
112
- $customerKey = json_decode($content, true);
113
- if(json_last_error() == JSON_ERROR_NONE)
114
- {
115
- if(isset($customerKey['phone'])){
116
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
117
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
118
- }
119
- update_option('mo2f_email',$email);
120
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
121
- $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
122
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
123
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
124
- }
125
- else
126
- {
127
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
128
- $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
129
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
130
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
131
- }
132
- }
133
-
134
- function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
135
- {
136
- global $Mo2fdbQueries;
137
- update_option( 'mo2f_customerKey' , $id );
138
- update_option( 'mo2f_api_key' , $apiKey );
139
- update_option( 'mo2f_customer_token' , $token );
140
- update_option( 'mo2f_app_secret' , $appSecret );
141
- update_option( 'mo_wpns_enable_log_requests' , true );
142
- update_option( 'mo2f_miniorange_admin', $id );
143
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
144
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
145
- $Mo2fdbQueries->update_user_details( $user_id, array(
146
- 'mo2f_user_email' =>$email
147
- ) );
148
- }
149
- function mo2f_inline_validate_otp(){
150
- if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
151
- $nonce = sanitize_text_field($_POST['miniorange_inline_validate_otp_nonce']);
152
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
153
- $error = new WP_Error();
154
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
155
- return $error;
156
- } else {
157
- global $Mo2fdbQueries;
158
- $this->miniorange_pass2login_start_session();
159
- $otp_token = '';
160
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
161
- $mo2fa_login_message = '';
162
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
163
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
164
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
165
- } else{
166
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
167
- }
168
-
169
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
170
- $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
171
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
172
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
173
- $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
174
- $customer = new Customer_Setup();
175
- $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
176
- if($content['status'] == 'ERROR'){
177
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
178
- }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
179
- $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
180
- if($user_phone && strlen($user_phone) >= 4){
181
- if($phone != $user_phone ){
182
-
183
- $Mo2fdbQueries->update_user_details( $current_user, array(
184
- 'mobile_registration_status' =>false
185
- ) );
186
- }
187
- }
188
-
189
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
190
- if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
191
- $Mo2fdbQueries->update_user_details( $current_user, array(
192
- 'mo2f_OTPOverSMS_config_status' =>true,
193
- 'mo2f_user_phone' =>$phone
194
- ) );
195
- }else{
196
- $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
197
-
198
- }
199
- // unset($_SESSION[ 'mo2f_phone']);
200
- // if(MO2F_IS_ONPREM)
201
- // update_user_meta($current_user,'currentMethod','OTP Over SMS'); ///current_user = current_user_id
202
- // else
203
- // {
204
- $Mo2fdbQueries->update_user_details($current_user, array(
205
- "mo2f_configured_2FA_method" => 'OTP Over SMS',
206
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
207
- ) );
208
- $TwoF_setup = new Two_Factor_Setup();
209
- $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
210
-
211
- // }
212
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
213
-
214
- }else{ // OTP Validation failed.
215
- $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
216
- }
217
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
218
- }
219
- }
220
-
221
- }
222
- function mo2f_inline_send_otp(){
223
- if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
224
- $nonce = sanitize_text_field($_POST['miniorange_inline_verify_phone_nonce']);
225
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
226
- $error = new WP_Error();
227
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
228
- return $error;
229
- } else {
230
- global $Mo2fdbQueries;
231
- $this->miniorange_pass2login_start_session();
232
- $phone = sanitize_text_field( $_POST['verify_phone'] );
233
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
234
- $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
235
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
236
- $customer = new Customer_Setup();
237
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
238
- $parameters = array();
239
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
240
-
241
- $mo2fa_login_message = '';
242
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
243
- if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
244
- $phone = sanitize_text_field( $_POST['verify_phone'] );
245
- $phone = sanitize_text_field( $_POST['verify_phone'] );
246
- if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
247
- $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
248
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
249
- }
250
- $phone = str_replace(' ', '', $phone);
251
- // $_SESSION['mo2f_phone'] = $phone;
252
- update_user_meta($current_user,'mo2f_user_phone',$phone);
253
- }
254
- if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
255
- $currentMethod = "SMS";
256
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
257
- $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
258
- $parameters = array("phone" => $phone, "email" => $email);
259
- }else if($selected_2factor_method == 'PHONE VERIFICATION'){
260
- $currentMethod = "PHONE_VERIFICATION";
261
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
262
- $currentMethod = "OTP_OVER_EMAIL";
263
- $parameters = $email;
264
- }
265
- if($selected_2factor_method == 'SMS AND EMAIL'){
266
- $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
267
- }
268
- else if($selected_2factor_method == 'OTP OVER EMAIL'){
269
- $content = json_decode($customer->send_otp_token($email,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
270
- }
271
- else{
272
- $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
273
-
274
- }
275
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
276
- if($content['status'] == 'ERROR'){
277
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
278
- }else if($content['status'] == 'SUCCESS'){
279
- // $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
280
- update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
281
- if($selected_2factor_method == 'SMS'){
282
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
283
- $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
284
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
285
- $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
286
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
287
- $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
288
- }else if($selected_2factor_method== 'PHONE VERIFICATION'){
289
- $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
290
- }
291
- }else if($content['status'] == 'FAILED'){
292
- $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
293
- }else{
294
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
295
- }
296
- }else{
297
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
298
- }
299
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
300
- }
301
- }
302
-
303
- }
304
- function mo2f_inline_validate_kba(){
305
- if(isset($_POST['mo2f_inline_save_kba_nonce'])){
306
- $nonce = sanitize_text_field($_POST['mo2f_inline_save_kba_nonce']);
307
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
308
- $error = new WP_Error();
309
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
310
- return $error;
311
- } else {
312
- global $Mo2fdbQueries;
313
- $this->miniorange_pass2login_start_session();
314
- $mo2fa_login_message = '';
315
- $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
316
- $temp_array = array($_POST['mo2f_kbaquestion_1'],$_POST['mo2f_kbaquestion_2'],$_POST['mo2f_kbaquestion_3']);
317
- $kba_questions = array();
318
- foreach($temp_array as $question){
319
- if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
320
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
321
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
322
- }else{
323
- $ques = sanitize_text_field($question);
324
- $ques = addcslashes(stripslashes($ques), '"\\');
325
- array_push($kba_questions, $ques);
326
- }
327
- }
328
- if(!(array_unique($kba_questions) == $kba_questions)){
329
- $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
330
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
331
- }
332
- $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
333
- $kba_answers = array();
334
- foreach($temp_array_ans as $answer){
335
- if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
336
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
337
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message);
338
- }else{
339
- $ques = sanitize_text_field($answer);
340
- $answer = strtolower($answer);
341
- array_push($kba_answers, $answer);
342
- }
343
- }
344
- $size = sizeof($kba_questions);
345
- $kba_q_a_list = array();
346
- for($c = 0; $c < $size; $c++){
347
- array_push($kba_q_a_list, $kba_questions[$c]);
348
- array_push($kba_q_a_list, $kba_answers[$c]);
349
- }
350
-
351
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
352
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
353
- $current_user = get_user_by('id',$user_id);
354
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
355
-
356
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
357
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
358
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
359
- 'mo2f_SecurityQuestions_config_status' =>true,
360
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
361
- ) );
362
- if(!MO2F_IS_ONPREM)
363
- {
364
- $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
365
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
366
- $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
367
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
368
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
369
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
370
-
371
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
372
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
373
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
374
-
375
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
376
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
377
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
378
-
379
- $kba_registration = new Two_Factor_Setup();
380
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
381
-
382
- if ( json_last_error() == JSON_ERROR_NONE ) {
383
-
384
- if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
385
- $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
386
- }
387
-
388
- }
389
- }
390
-
391
- $kba_q1 = $kba_q_a_list[0];
392
- $kba_a1 = md5($kba_q_a_list[1]);
393
- $kba_q2 = $kba_q_a_list[2];
394
- $kba_a2 = md5($kba_q_a_list[3]);
395
- $kba_q3 = $kba_q_a_list[4];
396
- $kba_a3 = md5($kba_q_a_list[5]);
397
- $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
398
- update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
399
- if(!isset($_POST['mo2f_inline_kba_status'])){
400
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
401
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
402
- // update_user_meta($current_user->ID, 'currentMethod','Security Questions');
403
- }
404
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
405
- }
406
- }
407
- }
408
-
409
- function mo2f_inline_validate_mobile_authentication(){
410
- if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
411
- $nonce = sanitize_text_field($_POST['mo_auth_inline_mobile_registration_complete_nonce']);
412
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
413
- $error = new WP_Error();
414
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
415
- return $error;
416
- } else {
417
- global $Mo2fdbQueries;
418
- $this->miniorange_pass2login_start_session();
419
- // unset($_SESSION[ 'mo2f-login-qrCode' ]);
420
- // unset($_SESSION[ 'mo2f-login-transactionId' ]);
421
- // unset($_SESSION[ 'mo2f_show_qr_code'] );
422
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
423
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
424
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
425
- // $current_user = get_user_by('id',$user_id);
426
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
427
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
428
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
429
- $mo2fa_login_message = '';
430
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
431
- $enduser = new Two_Factor_Setup();
432
- if($selected_2factor_method == 'SOFT TOKEN')
433
- $selected_2factor_method_onprem = 'miniOrange Soft Token';
434
- else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
435
- $selected_2factor_method_onprem = 'miniOrange Push Notification';
436
- else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
437
- $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
438
-
439
- $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
440
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
441
- if($response['status'] == 'ERROR'){
442
- $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
443
- }else if($response['status'] == 'SUCCESS'){
444
- $Mo2fdbQueries->update_user_details( $user_id, array(
445
- 'mobile_registration_status' =>true,
446
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
447
- 'mo2f_miniOrangeSoftToken_config_status' => true,
448
- 'mo2f_miniOrangePushNotification_config_status' => true,
449
- 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
450
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
451
- ) );
452
- // $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
453
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
454
- }else{
455
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
456
- }
457
- }else{
458
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
459
- }
460
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
461
- }
462
- }
463
-
464
- }
465
-
466
- function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
467
- global $Mo2fdbQueries;
468
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
469
- $pass2fa= new Miniorange_Password_2Factor_Login();
470
- $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
471
- exit;
472
- }
473
-
474
- function mo2f_inline_get_qr_code_for_mobile($email,$id){
475
- $registerMobile = new Two_Factor_Setup();
476
- $content = $registerMobile->register_mobile($email);
477
- $response = json_decode($content, true);
478
- $message = '';
479
- $miniorageqr=array();
480
- if(json_last_error() == JSON_ERROR_NONE) {
481
- if($response['status'] == 'ERROR'){
482
- $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
483
- delete_user_meta( $id, 'miniorageqr' );
484
- }else{
485
- if($response['status'] == 'IN_PROGRESS'){
486
-
487
- $miniorageqr['message']='';
488
- $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
489
- $miniorageqr['mo2f-login-transactionId']=$response['txId'];
490
- $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
491
- update_user_meta($id,'miniorageqr',$miniorageqr);
492
- }else{
493
- $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
494
- delete_user_meta( $id, 'miniorageqr' );
495
- }
496
- }
497
- }
498
- return $miniorageqr;
499
- }
500
-
501
- function inline_mobile_configure(){
502
- if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
503
- $nonce = sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']);
504
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
505
- $error = new WP_Error();
506
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
507
- return $error;
508
- } else {
509
- global $Mo2fdbQueries;
510
- $this->miniorange_pass2login_start_session();
511
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
512
-
513
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
514
-
515
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
516
- $current_user = get_user_by('id',$user_id);
517
- $mo2fa_login_message = '';
518
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
519
- $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
520
- if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
521
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
522
- $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
523
- $mo2fa_login_message=$miniorageqr['message'];
524
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
525
- $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
526
- }else{
527
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
528
- }
529
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
530
- }
531
- }
532
- }
533
-
534
- function inline_validate_and_set_ga(){
535
- if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
536
- $nonce = sanitize_text_field($_POST['mo2f_inline_validate_ga_nonce']);
537
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
538
- $error = new WP_Error();
539
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
540
- return $error;
541
- } else {
542
- global $Mo2fdbQueries;
543
- $this->miniorange_pass2login_start_session();
544
- $otpToken = sanitize_text_field($_POST['google_auth_code']);
545
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
546
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
547
- $current_user = get_user_by('id',$user_id);
548
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
549
- $mo2f_google_auth=json_decode(get_user_meta($user_id,'mo2f_google_auth', true),true);
550
- $mo2f_google_auth = isset($mo2f_google_auth) ?$mo2f_google_auth : null;
551
- // $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
552
- $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
553
- $mo2fa_login_message = '';
554
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
555
- if(MO2f_Utility::mo2f_check_number_length($otpToken)){
556
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
557
- //$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user->ID);
558
- $google_auth = new Miniorange_Rba_Attributes();
559
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
560
- if(json_last_error() == JSON_ERROR_NONE) {
561
- if($google_response['status'] == 'SUCCESS'){
562
- $response = $google_response;
563
- if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
564
- if($response['status'] == 'SUCCESS'){
565
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
566
- 'mo2f_GoogleAuthenticator_config_status' => true,
567
- 'mo2f_configured_2FA_method' => 'Google Authenticator',
568
- 'mo2f_AuthyAuthenticator_config_status' => false,
569
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
570
- ) );
571
-
572
- if(MO2F_IS_ONPREM){
573
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
574
- //update_user_meta($current_user->ID, 'currentMethod','Google Authenticator');
575
- //update_user_meta($current_user->ID,'Google Authenticator',true);
576
- $gauth_obj= new Google_auth_onpremise();
577
- $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
578
- }
579
- update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
580
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
581
- unset($_SESSION['mo2f_google_auth']);
582
- }else{
583
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
584
- }
585
- }else{
586
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
587
- }
588
- }else{
589
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
590
- }
591
- }else{
592
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
593
- }
594
- }else{
595
- $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
596
- }
597
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
598
- }
599
- }
600
- }
601
-
602
- function back_to_select_2fa(){
603
- if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
604
- $nonce = sanitize_text_field($_POST['miniorange_inline_two_factor_setup']);
605
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
606
- $error = new WP_Error();
607
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
608
- return $error;
609
- } else {
610
- global $Mo2fdbQueries;
611
- $this->miniorange_pass2login_start_session();
612
- unset($_SESSION['mo2f_google_auth']);
613
- unset($_SESSION['mo2f_authy_keys']);
614
- unset($_SESSION['secret_ga']);
615
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
616
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
617
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
618
- $current_user = get_user_by('id',$user_id);
619
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
620
- $mo2fa_login_message = '';
621
- $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
622
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
623
- }
624
- }
625
- }
626
-
627
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
628
- {
629
- $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
630
- if(isset($tempEmail) and $tempEmail != '')
631
- $email = $tempEmail;
632
- global $Mo2fdbQueries;
633
-
634
- $enduser = new Two_Factor_Setup();
635
- if($current_user_id == get_option('mo2f_miniorange_admin'))
636
- $email = get_option('mo2f_email');
637
-
638
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
639
-
640
- if(json_last_error() == JSON_ERROR_NONE){
641
-
642
-
643
-
644
- if($check_user['status'] == 'ERROR'){
645
- return $check_user;
646
-
647
- }
648
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
649
-
650
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
651
- 'user_registration_with_miniorange' =>'SUCCESS',
652
- 'mo2f_user_email' =>$email,
653
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
654
- ) );
655
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
656
-
657
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
658
- return $check_user;
659
- }
660
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
661
- $current_user = get_user_by('id',$current_user_id);
662
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
663
-
664
- if(json_last_error() == JSON_ERROR_NONE) {
665
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
666
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
667
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
668
- 'user_registration_with_miniorange' =>'SUCCESS',
669
- 'mo2f_user_email' =>$email,
670
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
671
- ) );
672
-
673
- $mo2fa_login_message = '';
674
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
675
- return $check_user;
676
- }else{
677
- $check_user['status']='ERROR';
678
- $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
679
- return $check_user;
680
- }
681
- }
682
-
683
-
684
- }
685
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
686
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
687
- $check_user['status']='ERROR';
688
- $check_user['message']=$mo2fa_login_message;
689
- return $check_user;
690
- // $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
691
- }
692
-
693
- }
694
- // }
695
-
696
- }
697
- function mo2f_skip_2fa_setup()
698
- {
699
- if(isset($_POST['miniorange_skip_2fa_nonce'])){
700
- $nonce = sanitize_text_field($_POST['miniorange_skip_2fa_nonce']);
701
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
702
- $error = new WP_Error();
703
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
704
- return $error;
705
- }
706
- else{
707
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
708
- global $Mo2fdbQueries;
709
- $redirect_to = esc_url_raw($_POST['redirect_to']);
710
- $session_id_encrypt = sanitize_text_field($session_id_encrypt);
711
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
712
-
713
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
714
-
715
- $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
716
- }
717
- }
718
- }
719
-
720
- function save_inline_2fa_method(){
721
- if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
722
- $nonce = sanitize_text_field($_POST['miniorange_inline_save_2factor_method_nonce']);
723
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
724
- $error = new WP_Error();
725
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
726
- return $error;
727
- } else {
728
-
729
-
730
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
731
- global $Mo2fdbQueries;
732
- $this->miniorange_pass2login_start_session();
733
- $mo2fa_login_message = '';
734
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
735
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
736
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
737
- $current_user = get_user_by('id',$user_id);
738
- $currentUserId = $current_user->ID;
739
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
740
- $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
741
- if($user_registration_with_miniorange == 'SUCCESS'){
742
- $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? sanitize_text_field($_POST['mo2f_selected_2factor_method']) : 'NONE';
743
-
744
- if($selected_method == 'OUT OF BAND EMAIL'){
745
- if(!MO2F_IS_ONPREM)
746
- {
747
- $current_user = get_userdata($currentUserId);
748
- $email = $current_user->user_email;
749
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
750
-
751
- if($response['status']=='ERROR') {
752
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
753
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
754
- }
755
- else
756
- {
757
- $enduser = new Two_Factor_Setup();
758
-
759
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
760
- 'mo2f_email_verification_status' =>true,
761
- 'mo2f_configured_2FA_method' =>'Email Verification',
762
- 'mo2f_user_email' => $email
763
- ) );
764
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
765
- }
766
- }
767
- else
768
- {
769
- $enduser = new Two_Factor_Setup();
770
-
771
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
772
- 'mo2f_email_verification_status' =>true,
773
- 'mo2f_configured_2FA_method' =>'Email Verification',
774
- 'mo2f_user_email' => $email
775
- ) );
776
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
777
- }
778
- }else if($selected_method == 'OTP OVER EMAIL'){
779
- $email = $current_user->user_email;
780
- if(!MO2F_IS_ONPREM)
781
- {
782
- $current_user = get_userdata($currentUserId);
783
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
784
- if($response['status']=='ERROR') {
785
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
786
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
787
- }
788
- else
789
- {
790
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
791
- if($user_email != '' and !is_null($user_email))
792
- $email = $user_email;
793
- $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
794
-
795
- }
796
- }
797
- else
798
- {
799
- $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
800
- }
801
- }else if($selected_method == "GOOGLE AUTHENTICATOR"){
802
- $this->miniorange_pass2login_start_session();
803
- $mo2fa_login_message = '';
804
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
805
- $google_auth = new Miniorange_Rba_Attributes();
806
-
807
- $gauth_name= get_site_option('mo2f_google_appname');
808
- $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
809
-
810
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
811
-
812
- if ( MO2F_IS_ONPREM ) { //this should not be here
813
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
814
- 'mo2f_configured_2FA_method' =>$selected_method,
815
- ) );
816
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
817
- $gauth_obj = new Google_auth_onpremise();
818
-
819
- $onpremise_secret = $gauth_obj->createSecret();
820
- $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
821
- $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
822
- $mo2f_google_auth = array();
823
- $mo2f_google_auth['ga_qrCode'] = $url;
824
- $mo2f_google_auth['ga_secret'] = $onpremise_secret;
825
- $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
826
- update_user_meta($current_user->ID,'mo2f_google_auth', json_encode($mo2f_google_auth));
827
-
828
- }else{
829
- $current_user = get_userdata($currentUserId);
830
- $email = $current_user->user_email;
831
- $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
832
-
833
- if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
834
- {
835
- $email = $tempemail;
836
- }
837
-
838
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
839
- if($response['status']=='ERROR') {
840
- $mo2fa_login_message=$response['message'];
841
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
842
-
843
- }else{
844
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
845
- 'mo2f_configured_2FA_method' =>$selected_method,
846
- ) );
847
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
848
- if ( json_last_error() == JSON_ERROR_NONE ) {
849
- if ( $google_response['status'] == 'SUCCESS' ) {
850
-
851
- $mo2f_google_auth = array();
852
- $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
853
- $mo2f_google_auth['ga_secret'] = $google_response['secret'];
854
- $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
855
- update_user_meta( $current_user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
856
-
857
- } else {
858
- $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
859
- }
860
- }
861
- }
862
- }
863
-
864
-
865
- }else{
866
- //inline for others
867
- if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
868
- {
869
- $current_user = get_userdata($currentUserId);
870
- $email = $current_user->user_email;
871
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
872
- if($response['status']=='ERROR') {
873
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
874
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
875
- }
876
- else {
877
- $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
878
- }
879
- }else{
880
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
881
- 'mo2f_configured_2FA_method' =>$selected_method,
882
- ) );
883
- }
884
- }
885
- }else{
886
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
887
- }
888
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
889
- }
890
- }
891
- }
892
-
893
- function check_kba_validation($POSTED){
894
- if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
895
- $nonce = $POSTED['miniorange_kba_nonce'];
896
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
897
- $error = new WP_Error();
898
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
899
- return $error;
900
- }else{
901
- $this->miniorange_pass2login_start_session();
902
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
903
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
904
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
905
- if ( isset( $user_id ) ) {
906
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
907
- $mo2fa_login_message = 'Please provide both the answers.';
908
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
909
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
910
- }
911
- $otpToken = array();
912
- $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
913
- $otpToken[0] = $kba_questions[0]['question'];
914
- $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
915
- $otpToken[2] = $kba_questions[1]['question'];
916
- $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
917
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
918
- //if the php session folder has insufficient permissions, cookies to be used
919
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
920
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
921
- $kba_validate = new Customer_Setup();
922
- $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
923
- global $Mo2fdbQueries;
924
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
925
- if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
926
- if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
927
- try {
928
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
929
- } catch ( Exception $e ) {
930
- echo $e->getMessage();
931
- }
932
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
933
- } else {
934
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
935
- }
936
- } else {
937
- $mo2fa_login_message = 'The answers you have provided are incorrect.';
938
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
939
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
940
- }
941
- } else {
942
- $this->remove_current_activity($session_id_encrypt);
943
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
944
- }
945
- }
946
- }
947
- }
948
- function check_rba_cancalation($POSTED){
949
- $nonce = sanitize_text_field($POSTED['mo2f_trust_device_cancel_nonce']);
950
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
951
- $error = new WP_Error();
952
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
953
- return $error;
954
- } else {
955
- $this->miniorange_pass2login_start_session();
956
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
957
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
958
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
959
- }
960
- }
961
- function check_rba_validation($POSTED){
962
- $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
963
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
964
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id'] ): null;
965
- $this->remove_current_activity($session_id_encrypt);
966
- $error = new WP_Error();
967
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
968
- return $error;
969
- } else {
970
- $this->miniorange_pass2login_start_session();
971
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
972
- try {
973
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
974
- Global $Mo2fdbQueries;
975
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
976
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
977
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
978
- } catch ( Exception $e ) {
979
- echo $e->getMessage();
980
- }
981
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
982
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
983
- }
984
- }
985
-
986
- function miniorange2f_back_to_inline_registration($POSTED)
987
- {
988
- $nonce = sanitize_text_field($_POST['miniorange_back_inline_reg_nonce']);
989
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
990
- $error = new WP_Error();
991
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
992
- return $error;
993
- } else {
994
-
995
- $session_id_encrypt = sanitize_text_field($POSTED['session_id']);
996
- $redirect_to = esc_url_raw($POSTED['redirect_to']);
997
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
998
- $mo2fa_login_message = '';
999
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
1000
- }
1001
-
1002
- }
1003
-
1004
- function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
1005
- $nonce = sanitize_text_field($_POST['miniorange_forgotphone']);
1006
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1007
- $error = new WP_Error();
1008
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1009
- return $error;
1010
- } else {
1011
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1012
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1013
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1014
- $mo2fa_login_message = '';
1015
- $this->miniorange_pass2login_start_session();
1016
- $customer = new Customer_Setup();
1017
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1018
- Global $Mo2fdbQueries;
1019
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1020
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1021
- if ( $kba_configuration_status ) {
1022
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1023
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1024
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1025
- } else {
1026
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1027
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1028
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1029
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1030
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1031
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1032
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1033
- //if the php session folder has insufficient permissions, cookies to be used
1034
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1035
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1036
- $this->mo2f_transactionid=$content['txId'];
1037
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1038
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1039
- } else {
1040
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1041
- }
1042
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1043
- }
1044
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1045
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1046
- }
1047
- }
1048
- function check_miniorange_alternate_login_kba($POSTED){
1049
- $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1050
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1051
- $error = new WP_Error();
1052
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1053
- return $error;
1054
- } else {
1055
- $this->miniorange_pass2login_start_session();
1056
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1057
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1058
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1059
- $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1060
- }
1061
- }
1062
- function check_miniorange_mobile_validation($POSTED){
1063
- /*check mobile validation */
1064
-
1065
- $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1066
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1067
- $error = new WP_Error();
1068
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1069
- return $error;
1070
- } else {
1071
- if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1072
- {
1073
- $txid = $POSTED['TxidEmail'];
1074
- $status = get_option($txid);
1075
- if($status != '')
1076
- {
1077
- if($status != 1)
1078
- {
1079
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1080
- }
1081
- }
1082
- }
1083
- $this->miniorange_pass2login_start_session();
1084
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1085
- //if the php session folder has insufficient permissions, cookies to be used
1086
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1087
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1088
- $checkMobileStatus = new Two_Factor_Setup();
1089
- $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1090
- $response = json_decode( $content, true );
1091
- if(MO2F_IS_ONPREM)
1092
- {
1093
- $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1094
- }
1095
- if ( json_last_error() == JSON_ERROR_NONE ) {
1096
- if ( $response['status'] == 'SUCCESS' ) {
1097
- if ( get_option( 'mo2f_remember_device' ) ) {
1098
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1099
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1100
- } else {
1101
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1102
- }
1103
- } else {
1104
- $this->remove_current_activity($session_id_encrypt);
1105
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1106
- }
1107
- } else {
1108
- $this->remove_current_activity($session_id_encrypt);
1109
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1110
- }
1111
- }
1112
- }
1113
- function check_miniorange_mobile_validation_failed($POSTED){
1114
- /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1115
- $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1116
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1117
- $error = new WP_Error();
1118
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1119
- return $error;
1120
- } else {
1121
- $this->miniorange_pass2login_start_session();
1122
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1123
- $this->remove_current_activity($session_id_encrypt);
1124
-
1125
- }
1126
- }
1127
- function check_miniorange_forgotphone($POSTED){
1128
- $nonce = $POSTED['miniorange_forgotphone'];
1129
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1130
- $error = new WP_Error();
1131
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1132
- return $error;
1133
- } else {
1134
- global $Mo2fdbQueries;
1135
- $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1136
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1137
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1138
- $mo2fa_login_message = '';
1139
- $this->miniorange_pass2login_start_session();
1140
- $customer = new Customer_Setup();
1141
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1142
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1143
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1144
- if ( $kba_configuration_status ) {
1145
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1146
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1147
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1148
- } else {
1149
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1150
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1151
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1152
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1153
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1154
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1155
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1156
- //if the php session folder has insufficient permissions, cookies to be used
1157
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1158
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1159
- $this->mo2f_transactionid=$content['txId'];
1160
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1161
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1162
- } else {
1163
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1164
- }
1165
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1166
- }
1167
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1168
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1169
- }
1170
- }
1171
- function check_miniorange_softtoken($POSTED){
1172
- /*Click on the link of phone is offline */
1173
- $nonce = $POSTED['miniorange_softtoken'];
1174
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1175
- $error = new WP_Error();
1176
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1177
- return $error;
1178
- } else {
1179
- $this->miniorange_pass2login_start_session();
1180
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1181
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1182
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1183
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1184
- MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1185
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1186
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1187
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1188
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1189
- }
1190
- }
1191
- function check_miniorange_soft_token($POSTED){
1192
- /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1193
- $nonce = sanitize_text_field($_POST['miniorange_soft_token_nonce']);
1194
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1195
- $error = new WP_Error();
1196
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1197
- return $error;
1198
- }else {
1199
- $this->miniorange_pass2login_start_session();
1200
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1201
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1202
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1203
- $softtoken = '';
1204
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1205
- $attempts = get_option('mo2f_attempts_before_redirect', 3);
1206
- if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1207
- if($attempts>1 || $attempts=='disabled')
1208
- {
1209
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1210
- $mo2fa_login_message = 'Please enter OTP to proceed.';
1211
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1212
- }else{
1213
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1214
- $this->remove_current_activity($session_id_encrypt);
1215
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1216
- }
1217
- } else {
1218
- $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1219
- if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1220
- if($attempts>1|| $attempts=='disabled')
1221
- {
1222
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1223
- $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1224
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1225
- }else{
1226
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1227
- $this->remove_current_activity($session_id_encrypt);
1228
- update_option('mo2f_attempts_before_redirect', 3);
1229
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1230
- $data = array('reload' => "reload", );
1231
- wp_send_json_success($data);
1232
- }
1233
- else
1234
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1235
- }
1236
- }
1237
- }
1238
-
1239
- global $Mo2fdbQueries;
1240
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1241
- if ( isset( $user_id ) ) {
1242
- $customer = new Customer_Setup();
1243
- $content = '';
1244
- $current_user = get_userdata($user_id);
1245
- //if the php session folder has insufficient permissions, cookies to be used
1246
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1247
-
1248
- if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1249
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1250
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1251
- $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1252
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1253
- $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1254
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1255
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1256
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1257
- $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1258
- } else {
1259
- $this->remove_current_activity($session_id_encrypt);
1260
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1261
- }
1262
-
1263
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1264
- update_option('mo2f_attempts_before_redirect', 3);
1265
- if ( get_option( 'mo2f_remember_device' ) ) {
1266
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1267
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1268
- } else {
1269
- if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1270
- {
1271
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1272
- $enduser = new Two_Factor_Setup();
1273
-
1274
- $enduser->mo2f_update_userinfo( $user_email, 'OTP Over Email', null, null, null );
1275
-
1276
- }
1277
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1278
- }
1279
- } else {
1280
- if($attempts>1 || $attempts=='disabled')
1281
- {
1282
- update_option('mo2f_attempts_before_redirect', $attempts-1);
1283
- $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1284
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1285
- }else{
1286
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1287
- $this->remove_current_activity($session_id_encrypt);
1288
- update_option('mo2f_attempts_before_redirect', 3);
1289
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1290
- $data = array('reload' => "reload", );
1291
- wp_send_json_success($data);
1292
- }
1293
- else
1294
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1295
- }
1296
- }
1297
- } else {
1298
- $this->remove_current_activity($session_id_encrypt);
1299
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1300
- }
1301
- }
1302
- }
1303
- function check_miniorange_attribute_collection($POSTED){
1304
- $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1305
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1306
- $error = new WP_Error();
1307
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1308
- return $error;
1309
- } else {
1310
- $this->miniorange_pass2login_start_session();
1311
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1312
- $currentuser = get_user_by( 'id', $user_id );
1313
- $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1314
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1315
- $session_id = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1316
- $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1317
- }
1318
- }
1319
- function check_miniorange_inline_skip_registration($POSTED){
1320
- $error = new WP_Error();
1321
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1322
- }
1323
- function miniorange_pass2login_redirect() {
1324
- do_action('mo2f_network_init');
1325
- global $Mo2fdbQueries;
1326
-
1327
- if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
1328
- if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1329
- $nonce = sanitize_text_field($_POST['miniorange_login_nonce']);
1330
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1331
-
1332
- if(is_null($session_id)) {
1333
- $session_id=$this->create_session();
1334
- }
1335
-
1336
-
1337
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1338
- $this->remove_current_activity($session_id);
1339
- $error = new WP_Error();
1340
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1341
- return $error;
1342
- } else {
1343
- $this->miniorange_pass2login_start_session();
1344
- $mobile_login = new Miniorange_Mobile_Login();
1345
- //validation and sanitization
1346
- $username = '';
1347
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
1348
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1349
- $mobile_login->mo_auth_show_error_message();
1350
- return;
1351
- } else {
1352
- $username = sanitize_text_field( $_POST['mo2fa_username'] );
1353
- }
1354
- if ( username_exists( $username ) ) { /*if username exists in wp site */
1355
- $user = new WP_User( $username );
1356
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
1357
- MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
1358
- MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
1359
- $this->mo2f_userId=$user->ID;
1360
- $this->fstfactor='VALIDATE_SUCCESS';
1361
- $current_roles = miniorange_get_user_role( $user );
1362
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1363
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1364
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1365
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1366
-
1367
- if(MO2F_IS_ONPREM )
1368
- {
1369
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1370
-
1371
- }
1372
- if ( $mo2f_configured_2FA_method ) {
1373
- if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
1374
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
1375
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1376
- } else {
1377
- $mo2f_second_factor = '';
1378
-
1379
- if(MO2F_IS_ONPREM)
1380
- {
1381
- global $Mo2fdbQueries;
1382
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1383
- if($mo2f_second_factor == 'Security Questions')
1384
- {
1385
- $mo2f_second_factor = 'KBA';
1386
- }
1387
- else if($mo2f_second_factor == 'Google Authenticator')
1388
- {
1389
- $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
1390
- }
1391
- else if($mo2f_second_factor != 'Email Verification')
1392
- $mo2f_second_factor = 'NONE';
1393
- }else{
1394
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
1395
- }
1396
-
1397
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
1398
- $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
1399
- } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
1400
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1401
- }
1402
- else if($mo2f_second_factor == 'Email Verification'){
1403
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1404
- }
1405
- else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
1406
- $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1407
- } else if ( $mo2f_second_factor == 'KBA' ) {
1408
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1409
- } else {
1410
- $this->remove_current_activity($session_id);
1411
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
1412
- $mobile_login->mo_auth_show_success_message();
1413
- }
1414
- }
1415
- } else {
1416
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
1417
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1418
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1419
- $mobile_login->mo2f_redirectto_wp_login();
1420
- }
1421
- } else {
1422
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
1423
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1424
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1425
- $mobile_login->mo2f_redirectto_wp_login();
1426
- }
1427
- } else {
1428
- $mobile_login->remove_current_activity($session_id);
1429
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
1430
- $mobile_login->mo_auth_show_error_message('Invalid Username.');
1431
- }
1432
- }
1433
- }
1434
-
1435
- }
1436
- if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
1437
- {
1438
- $userIDGet = sanitize_text_field($_GET['userID']);
1439
- $txIdGet = sanitize_text_field($_GET['Txid']);
1440
- $otpToken = get_site_option($userIDGet);
1441
- $txidstatus = get_site_option($txIdGet);
1442
- $userIDd = $userIDGet.'D';
1443
- $otpTokenD = get_site_option($userIDd);
1444
- $mo2f_dirName = dirname(__FILE__);
1445
- $mo2f_dirName = explode('wp-content', $mo2f_dirName);
1446
- $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
1447
-
1448
- $head = "You are not authorized to perform this action";
1449
- $body = "Please contact to your admin";
1450
- $color = "red";
1451
- if(3 == $txidstatus)
1452
- {
1453
- $time = "time".$txIdGet;
1454
- $currentTimeInMillis = round(microtime(true) * 1000);
1455
- $generatedTimeINMillis = get_site_option($time);
1456
- $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
1457
- if($difference <= 300)
1458
- {
1459
- $accessTokenGet = sanitize_text_field($_GET['accessToken']);
1460
- if( $accessTokenGet == $otpToken)
1461
- {
1462
- update_site_option($txIdGet,1);
1463
- $body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
1464
- $head = "TRANSACTION SUCCESSFUL";
1465
- $color = "green";
1466
- }
1467
- else if($accessTokenGet==$otpTokenD)
1468
- {
1469
- update_site_option($txIdGet,0);
1470
- $body = "Transaction has been Canceled.<br><br>Please Try Again.";
1471
- $head = "TRANSACTION DENIED";
1472
- }
1473
- }
1474
- delete_site_option($userIDGet);
1475
- delete_site_option($userIDd);
1476
- delete_site_option($time);
1477
-
1478
- }
1479
-
1480
- $this->display_email_verification($head,$body,$color);
1481
- exit;
1482
-
1483
- }
1484
- elseif (isset($_POST['emailInlineCloud'])) {
1485
- $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
1486
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
1487
- $error = new WP_Error();
1488
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1489
- return $error;
1490
- } else {
1491
- $email = sanitize_text_field($_POST['emailInlineCloud']);
1492
- $current_user_id = sanitize_text_field($_POST['current_user_id']);
1493
- //$session_id = sanitize_text_field($_POST['session_id']);
1494
- if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
1495
- global $Mo2fdbQueries;
1496
- $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
1497
- prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','','','',null);
1498
- }
1499
- }
1500
- }
1501
- else if(isset($_POST['txid']))
1502
- {
1503
- $txidpost = sanitize_text_field($_POST['txid']);
1504
- $status = get_site_option($txidpost);
1505
- update_option('optionVal1',$status); //??
1506
- if($status ==1 || $status ==0)
1507
- delete_site_option($txidpost);
1508
- echo $status;
1509
- exit();
1510
- }
1511
-
1512
-
1513
-
1514
- else{
1515
-
1516
- $value=isset($_POST['option'])?sanitize_text_field($_POST['option']):false;
1517
-
1518
- switch ($value) {
1519
- case 'miniorange_rba_validate':
1520
- $this->check_rba_validation($_POST);
1521
- break;
1522
-
1523
- case 'miniorange_rba_cancle':
1524
-
1525
- $this->check_rba_cancalation($_POST);
1526
- break;
1527
-
1528
- case 'miniorange_forgotphone':
1529
- $this->check_miniorange_challenge_forgotphone($_POST);
1530
- break;
1531
-
1532
- case 'miniorange2f_back_to_inline_registration':
1533
- $this->miniorange2f_back_to_inline_registration($_POST);
1534
- exit;
1535
-
1536
- case 'miniorange_alternate_login_kba':
1537
-
1538
- $this->check_miniorange_alternate_login_kba($_POST);
1539
- break;
1540
-
1541
- case 'miniorange_kba_validate':
1542
- $this->check_kba_validation($_POST);
1543
-
1544
- break;
1545
-
1546
- case 'miniorange_mobile_validation':
1547
- $this->check_miniorange_mobile_validation($_POST);
1548
- break;
1549
-
1550
- case 'miniorange_mobile_validation_failed':
1551
- $this->check_miniorange_mobile_validation_failed($_POST);
1552
- break;
1553
-
1554
- case 'miniorange_softtoken':
1555
- $this->check_miniorange_softtoken($_POST);
1556
-
1557
- break;
1558
-
1559
-
1560
- case 'miniorange_soft_token':
1561
-
1562
- $this->check_miniorange_soft_token($_POST);
1563
- break;
1564
-
1565
- case 'miniorange_inline_skip_registration':
1566
- $this->check_miniorange_inline_skip_registration($_POST);
1567
- break;
1568
-
1569
- case 'miniorange_attribute_collection':
1570
- $this->check_miniorange_attribute_collection($_POST);
1571
- break;
1572
-
1573
- case 'miniorange_inline_save_2factor_method':
1574
- $this->save_inline_2fa_method();
1575
- break;
1576
-
1577
- case 'mo2f_skip_2fa_setup':
1578
- $this->mo2f_skip_2fa_setup();
1579
- break;
1580
-
1581
- case 'miniorange_back_inline':
1582
- $this->back_to_select_2fa();
1583
- break;
1584
-
1585
- case 'miniorange_inline_ga_validate':
1586
- $this->inline_validate_and_set_ga();
1587
- break;
1588
-
1589
- case 'miniorange_inline_show_mobile_config':
1590
- $this->inline_mobile_configure();
1591
- break;
1592
-
1593
- case 'miniorange_inline_complete_mobile':
1594
- $this->mo2f_inline_validate_mobile_authentication();
1595
- break;
1596
-
1597
- case 'mo2f_inline_kba_option':
1598
- $this->mo2f_inline_validate_kba();
1599
- break;
1600
-
1601
- case 'miniorange_inline_complete_otp_over_sms':
1602
- $this->mo2f_inline_send_otp();
1603
- break;
1604
-
1605
- case 'miniorange_inline_complete_otp':
1606
- $this->mo2f_inline_validate_otp();
1607
- break;
1608
-
1609
- case 'miniorange_inline_login':
1610
- $this->mo2f_inline_login();
1611
- break;
1612
- case 'miniorange_inline_register':
1613
- $this->mo2f_inline_register();
1614
- break;
1615
- default:
1616
- $error = new WP_Error();
1617
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1618
-
1619
- return $error;
1620
- break;
1621
-
1622
-
1623
- }
1624
- }
1625
- }
1626
-
1627
- function deniedMessage($message)
1628
- {
1629
- if(empty($message) && get_option("deniedMessage") )
1630
- {
1631
- delete_option('deniedMessage');
1632
- }
1633
- else
1634
- return $message;
1635
- }
1636
- function remove_current_activity($session_id) {
1637
- global $Mo2fdbQueries;
1638
- $session_variables = array(
1639
- 'mo2f_current_user_id',
1640
- 'mo2f_1stfactor_status',
1641
- 'mo_2factor_login_status',
1642
- 'mo2f-login-qrCode',
1643
- 'mo2f_transactionId',
1644
- 'mo2f_login_message',
1645
- 'mo2f_rba_status',
1646
- 'mo_2_factor_kba_questions',
1647
- 'mo2f_show_qr_code',
1648
- 'mo2f_google_auth',
1649
- 'mo2f_authy_keys'
1650
- );
1651
-
1652
- $cookie_variables = array(
1653
- 'mo2f_current_user_id',
1654
- 'mo2f_1stfactor_status',
1655
- 'mo_2factor_login_status',
1656
- 'mo2f-login-qrCode',
1657
- 'mo2f_transactionId',
1658
- 'mo2f_login_message',
1659
- 'mo2f_rba_status_status',
1660
- 'mo2f_rba_status_sessionUuid',
1661
- 'mo2f_rba_status_decision_flag',
1662
- 'kba_question1',
1663
- 'kba_question2',
1664
- 'mo2f_show_qr_code',
1665
- 'mo2f_google_auth',
1666
- 'mo2f_authy_keys'
1667
- );
1668
-
1669
- $temp_table_variables = array(
1670
- 'session_id',
1671
- 'mo2f_current_user_id',
1672
- 'mo2f_login_message',
1673
- 'mo2f_1stfactor_status',
1674
- 'mo2f_transactionId',
1675
- 'mo_2_factor_kba_questions',
1676
- 'mo2f_rba_status',
1677
- 'ts_created'
1678
- );
1679
-
1680
- MO2f_Utility::unset_session_variables( $session_variables );
1681
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
1682
- $key = get_option( 'mo2f_encryption_key' );
1683
- $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
1684
- $Mo2fdbQueries->save_user_login_details( $session_id, array(
1685
-
1686
- 'mo2f_current_user_id' => '',
1687
- 'mo2f_login_message' => '',
1688
- 'mo2f_1stfactor_status' => '',
1689
- 'mo2f_transactionId' => '',
1690
- 'mo_2_factor_kba_questions' => '',
1691
- 'mo2f_rba_status' => '',
1692
- 'ts_created' => ''
1693
- ) );
1694
-
1695
-
1696
- }
1697
-
1698
- public function miniorange_pass2login_start_session() {
1699
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1700
- $session_path = ini_get('session.save_path');
1701
- if( is_writable($session_path) && is_readable($session_path) ) {
1702
- session_start();
1703
- }
1704
- }
1705
- }
1706
-
1707
- function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
1708
- global $Mo2fdbQueries,$LoginuserID;
1709
- $LoginuserID = $user_id;
1710
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1711
- if(is_null($session_id)) {
1712
- $session_id=$this->create_session();
1713
- }
1714
- if(MO2F_IS_ONPREM){
1715
- $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
1716
- $challenge_questions = array_keys($question_answers);
1717
- $random_keys = array_rand($challenge_questions,2);
1718
- $challenge_ques1 = $challenge_questions[$random_keys[0]];
1719
- $challenge_ques2 = $challenge_questions[$random_keys[1]];
1720
- $questions[0] = array('question'=>$challenge_ques1);
1721
- $questions[1] = array('question'=>$challenge_ques2);
1722
- update_user_meta( $user_id, 'kba_questions_user', $questions );
1723
- $mo2fa_login_message = 'Please answer the following questions:';
1724
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1725
- $mo2f_kbaquestions = $questions;
1726
- MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1727
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1728
- }
1729
-
1730
- else{
1731
- $challengeKba = new Customer_Setup();
1732
- $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1733
- $response = json_decode( $content, true );
1734
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1735
- if ( $response['status'] == 'SUCCESS' ) {
1736
- MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
1737
- $this->mo2f_transactionid = $response['txId'];
1738
- $questions = array();
1739
- $questions[0] = $response['questions'][0];
1740
- $questions[1] = $response['questions'][1];
1741
- MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1742
- $this->mo2f_kbaquestions=$questions;
1743
- $mo2fa_login_message = 'Please answer the following questions:';
1744
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1745
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1746
- } else if ( $response['status'] == 'ERROR' ) {
1747
- $this->remove_current_activity($session_id);
1748
- $error = new WP_Error();
1749
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1750
-
1751
- return $error;
1752
- }
1753
- } else {
1754
- $this->remove_current_activity($session_id);
1755
- $error = new WP_Error();
1756
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1757
-
1758
- return $error;
1759
- }
1760
- }
1761
- }
1762
-
1763
- function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt=null,$show_back_button =null ) {
1764
-
1765
- $login_status = $mo2fa_login_status;
1766
- $login_message = $mo2fa_login_message;
1767
- switch ($login_status) {
1768
- case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
1769
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1770
- mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
1771
- exit;
1772
- break;
1773
- case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
1774
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1775
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1776
- exit;
1777
- break;
1778
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
1779
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1780
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button );
1781
- exit;
1782
- break;
1783
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
1784
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1785
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1786
- exit;
1787
- break;
1788
- case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
1789
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1790
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1791
- exit;
1792
- break;
1793
- case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
1794
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1795
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1796
- exit;
1797
- break;
1798
- case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
1799
- mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
1800
- exit;
1801
- break;
1802
-
1803
- case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
1804
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1805
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1806
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1807
- exit;
1808
- break;
1809
-
1810
- case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
1811
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1812
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1813
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1814
- exit;
1815
- break;
1816
-
1817
- case 'MO_2_FACTOR_RECONFIG_GOOGLE':
1818
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1819
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
1820
- exit;
1821
- break;
1822
-
1823
- case 'MO_2_FACTOR_RECONFIG_KBA':
1824
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1825
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
1826
- exit;
1827
- break;
1828
-
1829
- case 'MO_2_FACTOR_SETUP_SUCCESS':
1830
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1831
- $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
1832
- break;
1833
-
1834
- case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
1835
- $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
1836
- if(MO2F_IS_ONPREM){
1837
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1838
- $ques = get_user_meta( $user_id, 'kba_questions_user');
1839
- mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
1840
- }
1841
- else{
1842
- mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
1843
- }
1844
- exit;
1845
- break;
1846
-
1847
- case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
1848
- mo2f_get_device_form( $redirect_to, $session_id_encrypt );
1849
- exit;
1850
- break;
1851
-
1852
- case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
1853
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1854
- prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
1855
- exit;
1856
- break;
1857
-
1858
- default:
1859
- $this->mo_2_factor_pass2login_show_wp_login_form();
1860
- if(MO2F_IS_ONPREM){
1861
- $this->mo_2_factor_pass2login_show_wp_login_form();
1862
- }
1863
- break;
1864
- }
1865
- }
1866
-
1867
- function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
1868
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
1869
- return true;
1870
- }
1871
-
1872
- return false;
1873
- }
1874
-
1875
- function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
1876
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1877
- return true;
1878
- }
1879
-
1880
- return false;
1881
- }
1882
-
1883
- function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
1884
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
1885
- return true;
1886
- }
1887
-
1888
- return false;
1889
- }
1890
-
1891
- function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
1892
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
1893
- return true;
1894
- }
1895
-
1896
- return false;
1897
- }
1898
-
1899
- function miniorange_pass2login_reconfig_google( $login_status ) {
1900
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
1901
- return true;
1902
- }
1903
-
1904
- return false;
1905
- }
1906
-
1907
- function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
1908
-
1909
- do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
1910
-
1911
-
1912
- }
1913
-
1914
- function miniorange_pass2login_reconfig_kba( $login_status ) {
1915
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
1916
- return true;
1917
- }
1918
-
1919
- return false;
1920
- }
1921
-
1922
- function miniorange_pass2login_check_kba_status( $login_status ) {
1923
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
1924
- return true;
1925
- }
1926
-
1927
- return false;
1928
- }
1929
-
1930
- function miniorange_pass2login_check_trusted_device_status( $login_status ) {
1931
-
1932
- if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
1933
- return true;
1934
- }
1935
-
1936
- return false;
1937
- }
1938
-
1939
- function mo_2_factor_pass2login_woocommerce(){
1940
- ?>
1941
- <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
1942
- <?php
1943
- }
1944
- function mo_2_factor_pass2login_show_wp_login_form() {
1945
-
1946
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1947
- if(is_null($session_id_encrypt)) {
1948
- $session_id_encrypt=$this->create_session();
1949
- }
1950
- if(class_exists('Theme_My_Login'))
1951
- {
1952
- wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
1953
- wp_localize_script( 'tmlajax_script', 'my_ajax_object',
1954
- array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
1955
- }
1956
- ?>
1957
- <p><input type="hidden" name="miniorange_login_nonce"
1958
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
1959
-
1960
- <input type="hidden" id="sessid" name="session_id"
1961
- value="<?php echo $session_id_encrypt; ?>"/>
1962
-
1963
- </p>
1964
-
1965
- <?php
1966
- if ( get_option( 'mo2f_remember_device' ) ) {
1967
- ?>
1968
- <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
1969
- <?php
1970
- wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
1971
- wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
1972
- wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
1973
- wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
1974
- wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
1975
- wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
1976
- wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
1977
- wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
1978
- wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
1979
- }else{
1980
-
1981
-
1982
- if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option'))
1983
- {
1984
- echo "\t<p>\n";
1985
- echo "\t\t<label class=\"mo2f_instuction1\" title=\"".__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('2 Factor Authentication code*','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
1986
- echo "\t\t<input type=\"text\" placeholder=\"No soft Token ? Skip\" name=\"mo_softtoken\" id=\"mo2f_2fa_code\" class=\"mo2f_2fa_code\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
1987
- echo "\t<p class=\"mo2f_instuction2\" style='color:red; font-size:12px;padding:5px'>* Skip the authentication code if it doesn't apply.</p>\n";
1988
- echo "\t</p>\n";
1989
- echo " \r\n";
1990
- echo " \r\n";
1991
- echo "\n";
1992
- }
1993
- }
1994
-
1995
- }
1996
-
1997
- function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
1998
- global $Mo2fdbQueries;
1999
- if (is_null($session_id_encrypt)){
2000
- $session_id_encrypt=$this->create_session();
2001
- }
2002
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2003
- $useragent = $_SERVER['HTTP_USER_AGENT'];
2004
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
2005
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
2006
-
2007
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
2008
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
2009
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
2010
-
2011
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2012
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2013
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
2014
- } else {
2015
- $challengeMobile = new Customer_Setup();
2016
- $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2017
- $response = json_decode( $content, true );
2018
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2019
- if ( $response['status'] == 'SUCCESS' ) {
2020
- $qrCode = $response['qrCode'];
2021
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
2022
- $this->mo2f_transactionid=$response['txId'];
2023
- $mo2fa_login_message = '';
2024
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
2025
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
2026
- } else if ( $response['status'] == 'ERROR' ) {
2027
- $this->remove_current_activity($session_id_encrypt);
2028
- $error = new WP_Error();
2029
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2030
-
2031
- return $error;
2032
- }
2033
- } else {
2034
- $this->remove_current_activity($session_id_encrypt);
2035
- $error = new WP_Error();
2036
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2037
-
2038
- return $error;
2039
- }
2040
- }
2041
-
2042
- }
2043
-
2044
- function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2045
-
2046
- global $Mo2fdbQueries;
2047
- if(is_null($session_id)){
2048
- $session_id=$this->create_session();
2049
- }
2050
- $challengeMobile = new Customer_Setup();
2051
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2052
- if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2053
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2054
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2055
- $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2056
-
2057
- }else {
2058
- $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2059
- }
2060
- $response = json_decode( $content, true );
2061
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2062
- if ( $response['status'] == 'SUCCESS' ) {
2063
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2064
- $this->mo2f_transactionid=$response['txId'];
2065
-
2066
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2067
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2068
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2069
- } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2070
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2071
- $this->mo2f_transactionid=$response['txId'];
2072
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2073
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2074
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2075
- }
2076
- } else {
2077
- $this->remove_current_activity($session_id);
2078
- $error = new WP_Error();
2079
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2080
-
2081
- return $error;
2082
- }
2083
- }
2084
-
2085
- function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2086
- global $Mo2fdbQueries;
2087
- if(is_null($session_id)){
2088
- $session_id=$this->create_session();
2089
- }
2090
- $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2091
- if($mo2f_second_factor == 'EMAIL')
2092
- {
2093
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2094
- $wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
2095
- if($wdewdeqdqq >30 or get_site_option(base64_encode("limitReached")))
2096
- {
2097
- update_site_option(base64_encode("remainingOTP"),0);
2098
- }
2099
- }
2100
- else
2101
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2102
- if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2103
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2104
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2105
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2106
- } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2107
- $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2108
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2109
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2110
- } else {
2111
- $challengeMobile = new Customer_Setup();
2112
- $content = '';
2113
- $response = [];
2114
- $otpLIMiTE = 0;
2115
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
2116
- {
2117
- if($mo2f_second_factor == 'OTP Over SMS')
2118
- $mo2f_second_factor = 'SMS';
2119
- $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2120
- $response = json_decode( $content, true );
2121
-
2122
- }
2123
- else
2124
- {
2125
- $response['status'] = 'FAILED';
2126
- $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2127
- $otpLIMiTE = 1;
2128
- }
2129
- if ( json_last_error() == JSON_ERROR_NONE ) {
2130
- if ( $response['status'] == 'SUCCESS' ) {
2131
- if($mo2f_second_factor == 'EMAIL')
2132
- {
2133
- $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2134
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2135
- }
2136
- elseif($mo2f_second_factor == 'SMS')
2137
- {
2138
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
2139
- }
2140
- if(!isset($response['phoneDelivery']['contact']))
2141
- $response['phoneDelivery']['contact'] = '';
2142
- $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2143
- update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2144
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2145
- $this->mo2f_transactionid=$response['txId'];
2146
- $mo2fa_login_message = $message;
2147
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2148
-
2149
- if($currentMethod == 'OTP Over Email')
2150
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2151
- else
2152
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2153
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2154
- } else {
2155
-
2156
-
2157
- if($response['message'] == 'TEST FAILED.')
2158
- $response['message'] = 'There is an error in sending the OTP.';
2159
-
2160
- $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
2161
-
2162
- if($otpLIMiTE ==1)
2163
- $last_message = 'or contact miniOrange';
2164
-
2165
- else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
2166
- $last_message = 'Or check your SMTP Server and remaining transacions.';
2167
- else
2168
- $last_message = 'Or check your remaining transacions';
2169
-
2170
- $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
2171
- if(!isset($response['txId']))
2172
- $response['txId'] = '';
2173
- MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2174
- $this->mo2f_transactionid=$response['txId'];
2175
- $mo2fa_login_message = $message;
2176
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2177
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2178
- }
2179
- } else {
2180
- $this->remove_current_activity($session_id);
2181
- $error = new WP_Error();
2182
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2183
- return $error;
2184
- }
2185
- }
2186
- }
2187
-
2188
- function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
2189
- if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
2190
- $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
2191
- $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
2192
- } else {
2193
- $user_id=$this->mo2f_userID;
2194
- $mo2f_1stfactor_status=$this->fstfactor;
2195
- }
2196
- if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
2197
- $currentuser = get_user_by( 'id', $user_id );
2198
- wp_set_current_user( $user_id, $currentuser->user_login );
2199
- $mobile_login = new Miniorange_Mobile_Login();
2200
- $mobile_login->remove_current_activity($session_id_encrypted);
2201
- wp_set_auth_cookie( $user_id, true );
2202
- do_action( 'wp_login', $currentuser->user_login, $currentuser );
2203
- redirect_user_to( $currentuser, $redirect_to );
2204
- exit;
2205
- } else {
2206
- $this->remove_current_activity($session_id_encrypted);
2207
- }
2208
- }
2209
-
2210
- function create_session(){
2211
- global $Mo2fdbQueries;
2212
- $session_id = MO2f_Utility::random_str(20);
2213
- $Mo2fdbQueries->insert_user_login_session($session_id);
2214
- $key = get_option( 'mo2f_encryption_key' );
2215
- $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
2216
- return $session_id_encrypt;
2217
- }
2218
-
2219
- function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
2220
-
2221
- global $Mo2fdbQueries;
2222
- $this->miniorange_pass2login_start_session();
2223
- if(is_null($session_id_encrypt)) {
2224
- $session_id_encrypt=$this->create_session();
2225
- }
2226
-
2227
- if(class_exists('UM_Functions'))
2228
- {
2229
- if(!isset($_POST['wp-submit']) and isset($_POST['um_request']))
2230
- {
2231
- $meta = get_option('um_role_'.$currentuser->roles[0].'_meta');
2232
- if(isset($meta) and $meta != '')
2233
- {
2234
- if(isset($meta['_um_login_redirect_url']))
2235
- $redirect_to = $meta['_um_login_redirect_url'];
2236
- if($redirect_to == '')
2237
- {
2238
- $redirect_to = get_site_url();
2239
- }
2240
- }
2241
- $login_form_url = '';
2242
- if(isset($_POST['redirect_to']))
2243
- $login_form_url = esc_url_raw($_POST['redirect_to']);
2244
-
2245
- if($login_form_url != '' and !is_null($login_form_url))
2246
- {
2247
- $redirect_to = $login_form_url;
2248
- }
2249
-
2250
- }
2251
-
2252
- }
2253
- MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
2254
- MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
2255
-
2256
- $this->mo2f_userID=$currentuser->ID;
2257
- $this->fstfactor='VALIDATE_SUCCESS';
2258
-
2259
- $is_customer_admin = true;
2260
-
2261
- $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
2262
- if($dG90YWxVc2Vyc0Nsb3Vk<3)
2263
- $is_customer_admin = true;
2264
-
2265
- $roles = ( array ) $currentuser->roles;
2266
- $twofactor_enabled = 0;
2267
- foreach ( $roles as $role ) {
2268
- if(get_option('mo2fa_'.$role)=='1')
2269
- $twofactor_enabled=1;
2270
- }
2271
-
2272
- if ( $is_customer_admin && $twofactor_enabled ) {
2273
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
2274
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
2275
-
2276
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
2277
- $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
2278
- }else{
2279
- $mo2f_allwed_login_attempts= 'disabled';
2280
- }
2281
- update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
2282
-
2283
- $twofactor_transactions = new Mo2fDB;
2284
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
2285
- $tfa_enabled = $Mo2fdbQueries->get_user_detail( 'mo2f_2factor_enable_2fa_byusers', $currentuser->ID );
2286
- if($tfa_enabled == 0 && ($mo_2factor_user_registration_status != 'MO_2_FACTOR_PLUGIN_SETTINGS') && $tfa_enabled != '')
2287
- $exceeded =1;
2288
-
2289
- if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
2290
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2291
- try {
2292
- $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
2293
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
2294
- $this->mo2f_rbastatus=$mo2f_rba_status;
2295
- } catch ( Exception $e ) {
2296
- echo $e->getMessage();
2297
- }
2298
-
2299
- if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
2300
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2301
- } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
2302
-
2303
- $this->mo2f_restrict_access( 'Access_denied' );
2304
- exit;
2305
- } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
2306
- $this->mo2f_restrict_access( 'Access_denied' );
2307
- exit;
2308
- } else {
2309
-
2310
- $mo2f_second_factor = '';
2311
-
2312
- if(MO2F_IS_ONPREM)
2313
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2314
- else
2315
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
2316
-
2317
- if($mo2f_second_factor == 'miniOrange Soft Token')
2318
- $mo2f_second_factor = "SOFT TOKEN";
2319
- else if($mo2f_second_factor == "miniOrange Push Notification")
2320
- $mo2f_second_factor = "PUSH NOTIFICATIONS";
2321
- else if($mo2f_second_factor == "miniOrange QR Code Authentication")
2322
- $mo2f_second_factor = "MOBILE AUTHENTICATION";
2323
- else if($mo2f_second_factor == 'Security Questions')
2324
- $mo2f_second_factor = 'KBA';
2325
- else if($mo2f_second_factor == 'Google Authenticator')
2326
- $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2327
- else if($mo2f_second_factor == 'OTP Over SMS')
2328
- $mo2f_second_factor = 'SMS';
2329
- else if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
2330
- $mo2f_second_factor = "EMAIL";
2331
-
2332
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
2333
- {
2334
- update_site_option("bGltaXRSZWFjaGVk",1);
2335
-
2336
- }
2337
- }
2338
-
2339
-
2340
- if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
2341
- {
2342
- $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
2343
- if(is_wp_error( $error))
2344
- {
2345
- return $error;
2346
- }
2347
- }
2348
- else{
2349
-
2350
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2351
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
2352
- } else {
2353
-
2354
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2355
- $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
2356
- } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification') {
2357
- $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2358
- } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL') {
2359
- $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2360
- } else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
2361
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
2362
- } else if ( $mo2f_second_factor == 'NONE' ) {
2363
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2364
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2365
- else
2366
- return $currentuser;
2367
- } else {
2368
- $this->remove_current_activity($session_id_encrypt);
2369
- $error = new WP_Error();
2370
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2371
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Two Factor method has not been configured.', );
2372
- wp_send_json_success($data);
2373
- }
2374
- else{
2375
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
2376
- return $error;
2377
- }
2378
- }
2379
- }
2380
- }
2381
-
2382
- }
2383
- }else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
2384
- $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
2385
-
2386
- } else {
2387
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2388
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2389
- else
2390
- return $currentuser;
2391
- }
2392
-
2393
- } else { //plugin is not activated for current role then logged him in without asking 2 factor
2394
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2395
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2396
- else
2397
- return $currentuser;
2398
- }
2399
-
2400
- }
2401
-
2402
- function mo2fa_inline($currentuser,$redirect_to,$session_id){
2403
-
2404
- global $Mo2fdbQueries;
2405
- $currentUserId = $currentuser->ID;
2406
- $email = $currentuser->user_email;
2407
- $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
2408
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
2409
- 'user_registration_with_miniorange' =>'SUCCESS',
2410
- 'mo2f_user_email' =>$email,
2411
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
2412
- ) );
2413
-
2414
- $mo2fa_login_message = '';
2415
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2416
-
2417
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
2418
- //}
2419
- }
2420
-
2421
- function mo2f_validate_soft_token($currentuser, $redirect_to = null, $mo2f_second_factor, $softtoken,$session_id_encrypt){
2422
- global $Mo2fdbQueries;
2423
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2424
- $customer = new Customer_Setup();
2425
- $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2426
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2427
- if ( get_option( 'mo2f_remember_device' ) ) {
2428
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
2429
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
2430
- } else {
2431
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2432
- }
2433
- } else {
2434
- if( MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2435
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid One Time Passcode.', );
2436
- wp_send_json_success($data);
2437
- }
2438
- else
2439
- return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
2440
- }
2441
- }
2442
-
2443
- function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
2444
- {
2445
-
2446
- $challengeMobile = new Customer_Setup();
2447
- $content = '';
2448
- $response = [];
2449
- $otpLIMiTE = 0;
2450
- if(get_site_option("cmVtYWluaW5nT1RQ")>0)
2451
- {
2452
- $content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
2453
- $response = json_decode( $content, true );
2454
- if(!MO2F_IS_ONPREM)
2455
- {
2456
- if(isset($response['txId']))
2457
- MO2f_Utility::set_user_values( $session_id_encrypt, "mo2f_transactionId", $response['txId'] );
2458
- }
2459
-
2460
- }
2461
- else
2462
- {
2463
- $response['status'] = 'FAILED';
2464
- $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2465
- $otpLIMiTE = 1;
2466
- }
2467
- if ( json_last_error() == JSON_ERROR_NONE ) {
2468
- if ( $response['status'] == 'SUCCESS' ) {
2469
- $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
2470
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2471
- $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
2472
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2473
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 );
2474
- }
2475
- else
2476
- {
2477
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2478
- $mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
2479
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
2480
- }
2481
- }
2482
- }
2483
- function mo2f_restrict_access( $identity ) {
2484
- apply_filters( 'mo2f_rba_addon', $identity );
2485
- exit;
2486
- }
2487
-
2488
- function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
2489
- global $Mo2fdbQueries;
2490
- if ( get_option( 'mo2f_remember_device' ) ) {
2491
- $this->miniorange_pass2login_start_session();
2492
-
2493
- $session_id=$this->create_session();
2494
- MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
2495
- $this->mo2f_userID=$currentuser->ID;
2496
-
2497
- mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
2498
- exit;
2499
- } else {
2500
- $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to );
2501
- }
2502
- }
2503
-
2504
- function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
2505
- if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
2506
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2507
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp;Invalid User Credentials', );
2508
- wp_send_json_success($data);
2509
- }
2510
- else
2511
- return $user;
2512
- }
2513
- if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
2514
- return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
2515
- }
2516
- // if an app password is enabled, this is an XMLRPC / APP login ?
2517
- if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
2518
-
2519
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
2520
- if ( is_wp_error( $currentuser ) ) {
2521
- $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
2522
-
2523
- return false;
2524
- } else {
2525
- return $currentuser;
2526
- }
2527
-
2528
- } else {
2529
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
2530
- if ( is_wp_error( $currentuser ) ) {
2531
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2532
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
2533
- wp_send_json_success($data);
2534
- }
2535
- else{
2536
- $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
2537
- return $currentuser;
2538
- }
2539
- } else {
2540
- global $Mo2fdbQueries;
2541
-
2542
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2543
-
2544
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to'] ): null;
2545
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2546
- $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
2547
- if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
2548
- {
2549
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
2550
- }
2551
- else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
2552
- {
2553
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
2554
- }
2555
- else
2556
- {
2557
- if ( empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')))
2558
- {
2559
-
2560
-
2561
- if(isset($_POST['mo_woocommerce_login_prompt'])){
2562
-
2563
- $this->miniorange_initiate_2nd_factor( $currentuser, "", "","");
2564
- }
2565
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2566
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Please enter the One Time Passcode', );
2567
- wp_send_json_success($data);
2568
- }
2569
- else
2570
- return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
2571
- // Prevent PHP notices when using app password login
2572
-
2573
- }
2574
- else
2575
- {
2576
- $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
2577
- }
2578
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
2579
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2580
-
2581
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
2582
-
2583
- if(is_null($session_id)) {
2584
- $session_id=$this->create_session();
2585
- }
2586
-
2587
-
2588
- $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
2589
-
2590
-
2591
- if(is_wp_error( $error)){
2592
- return $error;
2593
- }
2594
- return $error;
2595
- }
2596
- }
2597
- }
2598
-
2599
- }
2600
-
2601
- function display_email_verification($head,$body,$color)
2602
- {
2603
- echo "<div style='background-color: #d5e3d9; height:850px;' >
2604
- <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
2605
- <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
2606
- <img alt='logo' style='margin-left:240px ;
2607
- margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
2608
- <div><hr></div>
2609
-
2610
- <tbody>
2611
- <tr>
2612
- <td>
2613
-
2614
- <p style='margin-top:0;margin-bottom:10px'>
2615
- <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".$head ."</h1></p>
2616
- <p style='margin-top:0;margin-bottom:10px'>
2617
- <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".$body."</h2></p>
2618
- <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
2619
-
2620
- </td>
2621
- </tr>
2622
-
2623
- </div>
2624
- </div>
2625
- </div>";
2626
- }
2627
-
2628
- function mo_2_factor_enable_jquery_default_login() {
2629
- wp_enqueue_script( 'jquery' );
2630
- }
2631
-
2632
- function miniorange_pass2login_footer_form() {
2633
- ?>
2634
- <script>
2635
- jQuery(document).ready(function () {
2636
- if (document.getElementById('loginform') != null) {
2637
- jQuery('#loginform').on('submit', function (e) {
2638
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2639
- });
2640
- } else {
2641
- if (document.getElementsByClassName('login') != null) {
2642
- jQuery('.login').on('submit', function (e) {
2643
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2644
- });
2645
- }
2646
- }
2647
- });
2648
- </script>
2649
- <?php
2650
-
2651
- }
2652
-
2653
-
2654
- }
2655
-
2656
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+
25
+ include 'two_fa_login.php';
26
+ class Miniorange_Password_2Factor_Login {
27
+
28
+ private $mo2f_kbaquestions;
29
+ private $mo2f_userID;
30
+ private $mo2f_rbastatus;
31
+ private $mo2f_transactionid;
32
+
33
+ function mo2f_inline_login(){
34
+ global $moWpnsUtility;
35
+ $email = sanitize_email( $_POST['email'] );
36
+ $password = sanitize_text_field( $_POST['password'] );
37
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
38
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
39
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
40
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
+ {
42
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
+ return;
46
+ }
47
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
+ }
49
+ function mo2f_inline_register(){
50
+ global $moWpnsUtility, $Mo2fdbQueries;
51
+ $email = sanitize_email($_POST['email']);
52
+ $company = $_SERVER["SERVER_NAME"];
53
+ $password = sanitize_text_field($_POST['password']);
54
+ $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
56
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
57
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
58
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
59
+ {
60
+ $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
61
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
62
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
63
+ }
64
+ if( $password != $confirmPassword )
65
+ {
66
+ $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
67
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
68
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
69
+ }
70
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
71
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
72
+ {
73
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
74
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
75
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
76
+ }
77
+
78
+ update_option( 'mo2f_email', $email );
79
+
80
+ update_option( 'mo_wpns_company' , $company );
81
+
82
+ update_option( 'mo_wpns_password' , $password );
83
+
84
+ $customer = new MocURL();
85
+ $content = json_decode($customer->check_customer($email), true);
86
+ $Mo2fdbQueries->insert_user( $user_id );
87
+ switch ($content['status'])
88
+ {
89
+ case 'CUSTOMER_NOT_FOUND':
90
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
91
+
92
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
93
+ {
94
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
95
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
96
+ }
97
+
98
+ break;
99
+ default:
100
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
101
+ break;
102
+ }
103
+
104
+ }
105
+
106
+ function mo2f_download_backup_codes_inline(){
107
+ $nonce = sanitize_text_field($_POST['mo2f_inline_backup_nonce']);
108
+ $backups= sanitize_text_field($_POST['mo2f_inline_backup_codes']);
109
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-backup-nonce' ) ) {
110
+ $error = new WP_Error();
111
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
112
+ return $error;
113
+ } else {
114
+ $codes=explode(",", $backups);
115
+ $session_id = sanitize_text_field($_POST['session_id']);
116
+ $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id );
117
+ update_user_meta($id, 'mo_backup_code_downloaded', 1);
118
+ delete_user_meta($id, 'chqwetcsdvnvd');
119
+ MO2f_Utility::mo2f_download_backup_codes($id, $codes);
120
+ }
121
+ }
122
+
123
+ function mo2f_goto_wp_dashboard(){
124
+ global $Mo2fdbQueries;
125
+ $nonce = sanitize_text_field($_POST['mo2f_inline_wp_dashboard_nonce']);
126
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-wp-dashboard-nonce' ) ) {
127
+ $error = new WP_Error();
128
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
129
+ return $error;
130
+ } else {
131
+ $pass2fa= new Miniorange_Password_2Factor_Login();
132
+ $pass2fa->mo2fa_pass2login(esc_url_raw($_POST['redirect_to']),sanitize_text_field($_POST['session_id']));
133
+ exit;
134
+ }
135
+ }
136
+
137
+ function mo2f_use_backup_codes($POSTED){
138
+ $nonce = sanitize_text_field($POSTED['miniorange_backup_nonce']);
139
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-backup-nonce' ) ) {
140
+ $error = new WP_Error();
141
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
142
+ return $error;
143
+ }else {
144
+ $this->miniorange_pass2login_start_session();
145
+ $session_id_encrypt = isset($POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
146
+ $currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
147
+ $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
148
+ $mo2fa_login_message = __('Please provide your backup codes.','miniorange-2-factor-authentication');
149
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
150
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
151
+ }
152
+ }
153
+
154
+ function check_backup_codes_validation($POSTED){
155
+ global $Mo2fdbQueries;
156
+ $nonce = sanitize_text_field($POSTED['miniorange_validate_backup_nonce']);
157
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
158
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-validate-backup-nonce' ) ) {
159
+ $error = new WP_Error();
160
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
161
+ return $error;
162
+ } else {
163
+ $this->miniorange_pass2login_start_session();
164
+ $currentuser_id = isset($_SESSION[ 'mo2f_current_user_id' ]) ? $_SESSION[ 'mo2f_current_user_id' ] : null;
165
+ $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
166
+ if(isset($_SESSION[ 'mo2f_current_user_id' ])){
167
+ if(MO2f_Utility::mo2f_check_empty_or_null($POSTED[ 'mo2f_backup_code' ]) ){
168
+ $mo2fa_login_message = __('Please provide backup code.','miniorange-2-factor-authentication');
169
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
170
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
171
+ }
172
+ $backup_codes=get_user_meta($currentuser_id,'mo2f_backup_codes',true);
173
+ $mo2f_backup_code= sanitize_text_field($POSTED[ 'mo2f_backup_code' ]);
174
+ $mo2f_backup_code=md5($mo2f_backup_code);
175
+ if(!empty($backup_codes)){
176
+ if(in_array($mo2f_backup_code,$backup_codes)){
177
+ foreach ($backup_codes as $key => $value) {
178
+ if($value==$mo2f_backup_code){
179
+ unset($backup_codes[$key]);
180
+ update_user_meta($currentuser_id,'mo2f_backup_codes', $backup_codes);
181
+ }
182
+ }
183
+
184
+ if(sizeof($backup_codes) <= 2){
185
+ $codes_remaining = sizeof($backup_codes);
186
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser_id );
187
+ if(empty($mo2f_user_email)){
188
+ $currentuser = get_user_by( 'id', $currentuser_id );
189
+ $mo2f_user_email = $currentuser->user_email;
190
+ }
191
+ $subject = '2-Factor Authentication(Backup Codes)';
192
+ $headers = array('Content-Type: text/html; charset=UTF-8');
193
+ $message = MO2f_Utility::get_codes_warning_email_content($codes_remaining);
194
+ $result = wp_mail($mo2f_user_email,$subject,$message,$headers);
195
+ }
196
+
197
+ $this->mo2fa_pass2login($redirect_to);
198
+ }else{
199
+ $mo2fa_login_message = __('The codes you have provided are either expired or incorrect.','miniorange-2-factor-authentication');
200
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
201
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
202
+ }
203
+ }else{
204
+ $mo2fa_login_message = __('There are no codes left.','miniorange-2-factor-authentication');
205
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
206
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
207
+ }
208
+ }else{
209
+ $this->remove_current_activity($session_id_encrypt);
210
+ return new WP_Error('invalid_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') . '</strong>: ' . __('Please try again..', 'miniorange-2-factor-authentication'));
211
+ }
212
+ }
213
+ }
214
+
215
+ function mo2f_create_backup_codes(){
216
+ $nonce = sanitize_text_field($_POST['miniorange_generate_backup_nonce']);
217
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-generate-backup-nonce' ) ) {
218
+ $error = new WP_Error();
219
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
220
+ return $error;
221
+ }else {
222
+ global $Mo2fdbQueries;
223
+
224
+ $redirect_to = esc_url_raw($_POST['redirect_to']);
225
+ $session_id = sanitize_text_field($_POST['session_id']);
226
+
227
+ $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id );
228
+
229
+ $codes=MO2f_Utility::mo_2f_generate_backup_codes();
230
+ $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
231
+ $str1="";
232
+ for ($x = 0; $x < 5; $x++) {
233
+ $str = $codes[$x];
234
+ $str1.=$str;
235
+ if($x != 4){
236
+ $str1.=',';
237
+ }
238
+ }
239
+ update_user_meta($id,'mo2f_backup_codes', $codes_hash);
240
+ $key = get_option( 'mo2f_encryption_key' );
241
+ $codes_encrypt = MO2f_Utility::encrypt_data($str1, $key);
242
+ update_user_meta($id,'chqwetcsdvnvd', $codes_encrypt);
243
+
244
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
245
+ if(empty($mo2f_user_email)){
246
+ $currentuser = get_user_by( 'id', $id );
247
+ $mo2f_user_email = $currentuser->user_email;
248
+ }
249
+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
250
+ update_user_meta($id, 'mo_backup_code_generated', 1);
251
+
252
+ $mo2fa_login_message = "An email containing the backup codes has been sent. Please click on Use backup codes to login using the backup codes.";
253
+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
254
+
255
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
256
+ }
257
+ }
258
+
259
+ function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
260
+ {
261
+ global $Mo2fdbQueries;
262
+ $customer = new MocURL();
263
+
264
+ $content = $customer->get_customer_key($email, $password);
265
+ $customerKey = json_decode($content, true);
266
+ if(json_last_error() == JSON_ERROR_NONE)
267
+ {
268
+ if(isset($customerKey['phone'])){
269
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
270
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
271
+ }
272
+ update_option('mo2f_email',$email);
273
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
274
+ $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
275
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
276
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
277
+ }
278
+ else
279
+ {
280
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
281
+ $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
282
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
283
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
284
+ }
285
+ }
286
+
287
+ function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
288
+ {
289
+ global $Mo2fdbQueries;
290
+ update_option( 'mo2f_customerKey' , $id );
291
+ update_option( 'mo2f_api_key' , $apiKey );
292
+ update_option( 'mo2f_customer_token' , $token );
293
+ update_option( 'mo2f_app_secret' , $appSecret );
294
+ update_option( 'mo_wpns_enable_log_requests' , true );
295
+ update_option( 'mo2f_miniorange_admin', $id );
296
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
297
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
298
+ $Mo2fdbQueries->update_user_details( $user_id, array(
299
+ 'mo2f_user_email' =>$email
300
+ ) );
301
+ }
302
+ function mo2f_inline_validate_otp(){
303
+ if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
304
+ $nonce = sanitize_text_field($_POST['miniorange_inline_validate_otp_nonce']);
305
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
306
+ $error = new WP_Error();
307
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
308
+ return $error;
309
+ } else {
310
+ global $Mo2fdbQueries;
311
+ $this->miniorange_pass2login_start_session();
312
+ $otp_token = '';
313
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
314
+ $mo2fa_login_message = '';
315
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
316
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
317
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
318
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
319
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
320
+ } else{
321
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
322
+ }
323
+
324
+
325
+ $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
326
+
327
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
328
+ $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
329
+ $customer = new Customer_Setup();
330
+ $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
331
+ if($content['status'] == 'ERROR'){
332
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
333
+ }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
334
+ $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
335
+ if($user_phone && strlen($user_phone) >= 4){
336
+ if($phone != $user_phone ){
337
+
338
+ $Mo2fdbQueries->update_user_details( $current_user, array(
339
+ 'mobile_registration_status' =>false
340
+ ) );
341
+ }
342
+ }
343
+
344
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
345
+ if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
346
+ $Mo2fdbQueries->update_user_details( $current_user, array(
347
+ 'mo2f_OTPOverSMS_config_status' =>true,
348
+ 'mo2f_user_phone' =>$phone
349
+ ) );
350
+ }else{
351
+ $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
352
+
353
+ }
354
+ // unset($_SESSION[ 'mo2f_phone']);
355
+ // if(MO2F_IS_ONPREM)
356
+ // update_user_meta($current_user,'currentMethod','OTP Over SMS'); ///current_user = current_user_id
357
+ // else
358
+ // {
359
+ $Mo2fdbQueries->update_user_details($current_user, array(
360
+ "mo2f_configured_2FA_method" => 'OTP Over SMS',
361
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
362
+ ) );
363
+ $TwoF_setup = new Two_Factor_Setup();
364
+ $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
365
+
366
+ // }
367
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
368
+
369
+ }else{ // OTP Validation failed.
370
+ $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
371
+ }
372
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
373
+ }
374
+ }
375
+
376
+ }
377
+ function mo2f_inline_send_otp(){
378
+ if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
379
+ $nonce = sanitize_text_field($_POST['miniorange_inline_verify_phone_nonce']);
380
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
381
+ $error = new WP_Error();
382
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
383
+ return $error;
384
+ } else {
385
+ global $Mo2fdbQueries;
386
+ $this->miniorange_pass2login_start_session();
387
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
388
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
389
+ $current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
390
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
391
+ $customer = new Customer_Setup();
392
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
393
+ $parameters = array();
394
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
395
+
396
+ $mo2fa_login_message = '';
397
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
398
+ if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
399
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
400
+
401
+ if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
402
+ $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
403
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
404
+ }
405
+ $phone = str_replace(' ', '', $phone);
406
+ // $_SESSION['mo2f_phone'] = $phone;
407
+ update_user_meta($current_user,'mo2f_user_phone',$phone);
408
+ }
409
+ if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
410
+ $currentMethod = "SMS";
411
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
412
+ $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
413
+ $parameters = array("phone" => $phone, "email" => $email);
414
+ }else if($selected_2factor_method == 'PHONE VERIFICATION'){
415
+ $currentMethod = "PHONE_VERIFICATION";
416
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
417
+ $currentMethod = "OTP_OVER_EMAIL";
418
+ $parameters = $email;
419
+ }
420
+ if($selected_2factor_method == 'SMS AND EMAIL'){
421
+ $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
422
+ }
423
+ else if($selected_2factor_method == 'OTP OVER EMAIL'){
424
+ $content = json_decode($customer->send_otp_token($email,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
425
+ }
426
+ else{
427
+ $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
428
+
429
+ }
430
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
431
+ if($content['status'] == 'ERROR'){
432
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
433
+ }else if($content['status'] == 'SUCCESS'){
434
+ // $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
435
+ update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
436
+ if($selected_2factor_method == 'SMS'){
437
+ if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')>0)
438
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
439
+ $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
440
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
441
+ $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
442
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
443
+ $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
444
+ }else if($selected_2factor_method== 'PHONE VERIFICATION'){
445
+ $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
446
+ }
447
+ }else if($content['status'] == 'FAILED'){
448
+ $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
449
+ }else{
450
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
451
+ }
452
+ }else{
453
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
454
+ }
455
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
456
+ }
457
+ }
458
+
459
+ }
460
+ function mo2f_inline_validate_kba(){
461
+ if(isset($_POST['mo2f_inline_save_kba_nonce'])){
462
+ $nonce = sanitize_text_field($_POST['mo2f_inline_save_kba_nonce']);
463
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
464
+ $error = new WP_Error();
465
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
466
+ return $error;
467
+ } else {
468
+ global $Mo2fdbQueries;
469
+ $this->miniorange_pass2login_start_session();
470
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
471
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
472
+ $mo2fa_login_message = '';
473
+ $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
474
+ $temp_array = array(sanitize_text_field($_POST['mo2f_kbaquestion_1']),sanitize_text_field($_POST['mo2f_kbaquestion_2']),sanitize_text_field($_POST['mo2f_kbaquestion_3']));
475
+ $kba_questions = array();
476
+ foreach($temp_array as $question){
477
+ if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
478
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
479
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
480
+ }else{
481
+ $ques = sanitize_text_field($question);
482
+ $ques = addcslashes(stripslashes($ques), '"\\');
483
+ array_push($kba_questions, $ques);
484
+ }
485
+ }
486
+ if(!(array_unique($kba_questions) == $kba_questions)){
487
+ $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
488
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
489
+ }
490
+ $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
491
+ $kba_answers = array();
492
+ foreach($temp_array_ans as $answer){
493
+ if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
494
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
495
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
496
+ }else{
497
+ $ques = sanitize_text_field($answer);
498
+ $answer = strtolower($answer);
499
+ array_push($kba_answers, $answer);
500
+ }
501
+ }
502
+ $size = sizeof($kba_questions);
503
+ $kba_q_a_list = array();
504
+ for($c = 0; $c < $size; $c++){
505
+ array_push($kba_q_a_list, $kba_questions[$c]);
506
+ array_push($kba_q_a_list, $kba_answers[$c]);
507
+ }
508
+
509
+
510
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
511
+ $current_user = get_user_by('id',$user_id);
512
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
513
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
514
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
515
+ 'mo2f_SecurityQuestions_config_status' =>true,
516
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
517
+ ) );
518
+ if(!MO2F_IS_ONPREM)
519
+ {
520
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
521
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
522
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
523
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
524
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
525
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
526
+
527
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
528
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
529
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
530
+
531
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
532
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
533
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
534
+
535
+ $kba_registration = new Two_Factor_Setup();
536
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
537
+
538
+ if ( json_last_error() == JSON_ERROR_NONE ) {
539
+
540
+ if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
541
+ $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
542
+ }
543
+
544
+ }
545
+ }
546
+
547
+ $kba_q1 = $kba_q_a_list[0];
548
+ $kba_a1 = md5($kba_q_a_list[1]);
549
+ $kba_q2 = $kba_q_a_list[2];
550
+ $kba_a2 = md5($kba_q_a_list[3]);
551
+ $kba_q3 = $kba_q_a_list[4];
552
+ $kba_a3 = md5($kba_q_a_list[5]);
553
+ $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
554
+ update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
555
+ if(!isset($_POST['mo2f_inline_kba_status'])){
556
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
557
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
558
+ // update_user_meta($current_user->ID, 'currentMethod','Security Questions');
559
+ }
560
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
561
+ }
562
+ }
563
+ }
564
+
565
+ function mo2f_inline_validate_mobile_authentication(){
566
+ if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
567
+ $nonce = sanitize_text_field($_POST['mo_auth_inline_mobile_registration_complete_nonce']);
568
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
569
+ $error = new WP_Error();
570
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
571
+ return $error;
572
+ } else {
573
+ global $Mo2fdbQueries;
574
+ $this->miniorange_pass2login_start_session();
575
+ // unset($_SESSION[ 'mo2f-login-qrCode' ]);
576
+ // unset($_SESSION[ 'mo2f-login-transactionId' ]);
577
+ // unset($_SESSION[ 'mo2f_show_qr_code'] );
578
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
579
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
580
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
581
+ // $current_user = get_user_by('id',$user_id);
582
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
583
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
584
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
585
+ $mo2fa_login_message = '';
586
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
587
+ $enduser = new Two_Factor_Setup();
588
+ if($selected_2factor_method == 'SOFT TOKEN')
589
+ $selected_2factor_method_onprem = 'miniOrange Soft Token';
590
+ else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
591
+ $selected_2factor_method_onprem = 'miniOrange Push Notification';
592
+ else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
593
+ $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
594
+
595
+ $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
596
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
597
+ if($response['status'] == 'ERROR'){
598
+ $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
599
+ }else if($response['status'] == 'SUCCESS'){
600
+ $Mo2fdbQueries->update_user_details( $user_id, array(
601
+ 'mobile_registration_status' =>true,
602
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
603
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
604
+ 'mo2f_miniOrangePushNotification_config_status' => true,
605
+ 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
606
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
607
+ ) );
608
+ // $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
609
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
610
+ }else{
611
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
612
+ }
613
+ }else{
614
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
615
+ }
616
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
617
+ }
618
+ }
619
+
620
+ }
621
+
622
+ function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
623
+ global $Mo2fdbQueries;
624
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
625
+
626
+ $code_generate = get_user_meta($current_user_id, 'mo_backup_code_generated', true);
627
+ if(empty($code_generate)){
628
+ $mo2fa_login_message = '';
629
+ $mo2fa_login_status = 'MO_2_FACTOR_GENERATE_BACKUP_CODES';
630
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
631
+ }else{
632
+ $pass2fa= new Miniorange_Password_2Factor_Login();
633
+ $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
634
+ exit;
635
+ }
636
+ }
637
+
638
+ function mo2f_inline_get_qr_code_for_mobile($email,$id){
639
+ $registerMobile = new Two_Factor_Setup();
640
+ $content = $registerMobile->register_mobile($email);
641
+ $response = json_decode($content, true);
642
+ $message = '';
643
+ $miniorageqr=array();
644
+ if(json_last_error() == JSON_ERROR_NONE) {
645
+ if($response['status'] == 'ERROR'){
646
+ $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
647
+ delete_user_meta( $id, 'miniorageqr' );
648
+ }else{
649
+ if($response['status'] == 'IN_PROGRESS'){
650
+
651
+ $miniorageqr['message']='';
652
+ $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
653
+ $miniorageqr['mo2f-login-transactionId']=$response['txId'];
654
+ $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
655
+ update_user_meta($id,'miniorageqr',$miniorageqr);
656
+ }else{
657
+ $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
658
+ delete_user_meta( $id, 'miniorageqr' );
659
+ }
660
+ }
661
+ }
662
+ return $miniorageqr;
663
+ }
664
+
665
+ function inline_mobile_configure(){
666
+ if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
667
+ $nonce = sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']);
668
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
669
+ $error = new WP_Error();
670
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
671
+ return $error;
672
+ } else {
673
+ global $Mo2fdbQueries;
674
+ $this->miniorange_pass2login_start_session();
675
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
676
+
677
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
678
+
679
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
680
+ $current_user = get_user_by('id',$user_id);
681
+ $mo2fa_login_message = '';
682
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
683
+ $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
684
+ if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
685
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
686
+ $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
687
+ $mo2fa_login_message=$miniorageqr['message'];
688
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
689
+ $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
690
+ }else{
691
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
692
+ }
693
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
694
+ }
695
+ }
696
+ }
697
+
698
+ function inline_validate_and_set_ga(){
699
+ if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
700
+ $nonce = sanitize_text_field($_POST['mo2f_inline_validate_ga_nonce']);
701
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
702
+ $error = new WP_Error();
703
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
704
+ return $error;
705
+ } else {
706
+ global $Mo2fdbQueries;
707
+ $this->miniorange_pass2login_start_session();
708
+ $otpToken = sanitize_text_field($_POST['google_auth_code']);
709
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
710
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
711
+ $current_user = get_user_by('id',$user_id);
712
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
713
+ $mo2f_google_auth=json_decode(get_user_meta($user_id,'mo2f_google_auth', true),true);
714
+ $mo2f_google_auth = isset($mo2f_google_auth) ?$mo2f_google_auth : null;
715
+ // $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
716
+ $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
717
+ $mo2fa_login_message = '';
718
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
719
+ if(MO2f_Utility::mo2f_check_number_length($otpToken)){
720
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
721
+ //$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user->ID);
722
+ $google_auth = new Miniorange_Rba_Attributes();
723
+ $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
724
+ if(json_last_error() == JSON_ERROR_NONE) {
725
+ if($google_response['status'] == 'SUCCESS'){
726
+ $response = $google_response;
727
+ if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
728
+ if($response['status'] == 'SUCCESS'){
729
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
730
+ 'mo2f_GoogleAuthenticator_config_status' => true,
731
+ 'mo2f_configured_2FA_method' => 'Google Authenticator',
732
+ 'mo2f_AuthyAuthenticator_config_status' => false,
733
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
734
+ ) );
735
+
736
+ if(MO2F_IS_ONPREM){
737
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
738
+ //update_user_meta($current_user->ID, 'currentMethod','Google Authenticator');
739
+ //update_user_meta($current_user->ID,'Google Authenticator',true);
740
+ $gauth_obj= new Google_auth_onpremise();
741
+ $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
742
+ }
743
+ update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
744
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
745
+ unset($_SESSION['mo2f_google_auth']);
746
+ }else{
747
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
748
+ }
749
+ }else{
750
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
751
+ }
752
+ }else{
753
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
754
+ }
755
+ }else{
756
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
757
+ }
758
+ }else{
759
+ $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
760
+ }
761
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
762
+ }
763
+ }
764
+ }
765
+
766
+ function back_to_select_2fa(){
767
+ if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
768
+ $nonce = sanitize_text_field($_POST['miniorange_inline_two_factor_setup']);
769
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
770
+ $error = new WP_Error();
771
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
772
+ return $error;
773
+ } else {
774
+ global $Mo2fdbQueries;
775
+ $this->miniorange_pass2login_start_session();
776
+ unset($_SESSION['mo2f_google_auth']);
777
+ unset($_SESSION['mo2f_authy_keys']);
778
+ unset($_SESSION['secret_ga']);
779
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
780
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
781
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
782
+ $current_user = get_user_by('id',$user_id);
783
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
784
+ $mo2fa_login_message = '';
785
+ $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
786
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
787
+ }
788
+ }
789
+ }
790
+
791
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
792
+ {
793
+ $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
794
+ if(isset($tempEmail) and $tempEmail != '')
795
+ $email = $tempEmail;
796
+ global $Mo2fdbQueries;
797
+
798
+ $enduser = new Two_Factor_Setup();
799
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
800
+ $email = get_option('mo2f_email');
801
+
802
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
803
+
804
+ if(json_last_error() == JSON_ERROR_NONE){
805
+
806
+
807
+
808
+ if($check_user['status'] == 'ERROR'){
809
+ return $check_user;
810
+
811
+ }
812
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
813
+
814
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
815
+ 'user_registration_with_miniorange' =>'SUCCESS',
816
+ 'mo2f_user_email' =>$email,
817
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
818
+ ) );
819
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
820
+
821
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
822
+ return $check_user;
823
+ }
824
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
825
+ $current_user = get_user_by('id',$current_user_id);
826
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
827
+
828
+ if(json_last_error() == JSON_ERROR_NONE) {
829
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
830
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
831
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
832
+ 'user_registration_with_miniorange' =>'SUCCESS',
833
+ 'mo2f_user_email' =>$email,
834
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
835
+ ) );
836
+
837
+ $mo2fa_login_message = '';
838
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
839
+ return $check_user;
840
+ }else{
841
+ $check_user['status']='ERROR';
842
+ $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
843
+ return $check_user;
844
+ }
845
+ }
846
+
847
+
848
+ }
849
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
850
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
851
+ $check_user['status']='ERROR';
852
+ $check_user['message']=$mo2fa_login_message;
853
+ return $check_user;
854
+ // $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
855
+ }
856
+
857
+ }
858
+ // }
859
+
860
+ }
861
+ function mo2f_skip_2fa_setup()
862
+ {
863
+ if(isset($_POST['miniorange_skip_2fa_nonce'])){
864
+ $nonce = sanitize_text_field($_POST['miniorange_skip_2fa_nonce']);
865
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
866
+ $error = new WP_Error();
867
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
868
+ return $error;
869
+ }
870
+ else{
871
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
872
+ global $Mo2fdbQueries;
873
+ $redirect_to = esc_url_raw($_POST['redirect_to']);
874
+ $session_id_encrypt = sanitize_text_field($session_id_encrypt);
875
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
876
+
877
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
878
+
879
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
880
+ }
881
+ }
882
+ }
883
+
884
+ function save_inline_2fa_method(){
885
+ if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
886
+ $nonce = sanitize_text_field($_POST['miniorange_inline_save_2factor_method_nonce']);
887
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
888
+ $error = new WP_Error();
889
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
890
+ return $error;
891
+ } else {
892
+
893
+
894
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
895
+ global $Mo2fdbQueries;
896
+ $this->miniorange_pass2login_start_session();
897
+ $mo2fa_login_message = '';
898
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
899
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
900
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
901
+ $current_user = get_user_by('id',$user_id);
902
+ $currentUserId = $current_user->ID;
903
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
904
+ $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
905
+ if($user_registration_with_miniorange == 'SUCCESS'){
906
+ $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? sanitize_text_field($_POST['mo2f_selected_2factor_method']) : 'NONE';
907
+
908
+ if($selected_method == 'OUT OF BAND EMAIL'){
909
+ if(!MO2F_IS_ONPREM)
910
+ {
911
+ $current_user = get_userdata($currentUserId);
912
+ $email = $current_user->user_email;
913
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
914
+
915
+ if($response['status']=='ERROR') {
916
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
917
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
918
+ }
919
+ else
920
+ {
921
+ $enduser = new Two_Factor_Setup();
922
+
923
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
924
+ 'mo2f_email_verification_status' =>true,
925
+ 'mo2f_configured_2FA_method' =>'Email Verification',
926
+ 'mo2f_user_email' => $email
927
+ ) );
928
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
929
+ }
930
+ }
931
+ else
932
+ {
933
+ $enduser = new Two_Factor_Setup();
934
+
935
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
936
+ 'mo2f_email_verification_status' =>true,
937
+ 'mo2f_configured_2FA_method' =>'Email Verification',
938
+ 'mo2f_user_email' => $email
939
+ ) );
940
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
941
+ }
942
+ }else if($selected_method == 'OTP OVER EMAIL'){
943
+ $email = $current_user->user_email;
944
+ if(!MO2F_IS_ONPREM)
945
+ {
946
+ $current_user = get_userdata($currentUserId);
947
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
948
+ if($response['status']=='ERROR') {
949
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
950
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
951
+ }
952
+ else
953
+ {
954
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
955
+ if($user_email != '' and !is_null($user_email))
956
+ $email = $user_email;
957
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
958
+
959
+ }
960
+ }
961
+ else
962
+ {
963
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
964
+ }
965
+ }else if($selected_method == "GOOGLE AUTHENTICATOR"){
966
+ $this->miniorange_pass2login_start_session();
967
+ $mo2fa_login_message = '';
968
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
969
+ $google_auth = new Miniorange_Rba_Attributes();
970
+
971
+ $gauth_name= get_site_option('mo2f_google_appname');
972
+ $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
973
+
974
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
975
+
976
+ if ( MO2F_IS_ONPREM ) { //this should not be here
977
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
978
+ 'mo2f_configured_2FA_method' =>$selected_method,
979
+ ) );
980
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
981
+ $gauth_obj = new Google_auth_onpremise();
982
+
983
+ $onpremise_secret = $gauth_obj->createSecret();
984
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
985
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
986
+ $mo2f_google_auth = array();
987
+ $mo2f_google_auth['ga_qrCode'] = $url;
988
+ $mo2f_google_auth['ga_secret'] = $onpremise_secret;
989
+ $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
990
+ update_user_meta($current_user->ID,'mo2f_google_auth', json_encode($mo2f_google_auth));
991
+
992
+ }else{
993
+ $current_user = get_userdata($currentUserId);
994
+ $email = $current_user->user_email;
995
+ $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
996
+
997
+ if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
998
+ {
999
+ $email = $tempemail;
1000
+ }
1001
+
1002
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1003
+ if($response['status']=='ERROR') {
1004
+ $mo2fa_login_message=$response['message'];
1005
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1006
+
1007
+ }else{
1008
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1009
+ 'mo2f_configured_2FA_method' =>$selected_method,
1010
+ ) );
1011
+ $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
1012
+ if ( json_last_error() == JSON_ERROR_NONE ) {
1013
+ if ( $google_response['status'] == 'SUCCESS' ) {
1014
+
1015
+ $mo2f_google_auth = array();
1016
+ $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
1017
+ $mo2f_google_auth['ga_secret'] = $google_response['secret'];
1018
+ $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
1019
+ update_user_meta( $current_user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
1020
+
1021
+ } else {
1022
+ $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
1023
+ }
1024
+ }
1025
+ }
1026
+ }
1027
+
1028
+
1029
+ }else{
1030
+ //inline for others
1031
+ if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
1032
+ {
1033
+ $current_user = get_userdata($currentUserId);
1034
+ $email = $current_user->user_email;
1035
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1036
+ if($response['status']=='ERROR') {
1037
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1038
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
1039
+ }
1040
+ else {
1041
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
1042
+ }
1043
+ }else{
1044
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1045
+ 'mo2f_configured_2FA_method' =>$selected_method,
1046
+ ) );
1047
+ }
1048
+ }
1049
+ }else{
1050
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
1051
+ }
1052
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
1053
+ }
1054
+ }
1055
+ }
1056
+
1057
+ function check_kba_validation($POSTED){
1058
+ if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
1059
+ $nonce = $POSTED['miniorange_kba_nonce'];
1060
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
1061
+ $error = new WP_Error();
1062
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1063
+ return $error;
1064
+ }else{
1065
+ $this->miniorange_pass2login_start_session();
1066
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1067
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1068
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1069
+ if ( isset( $user_id ) ) {
1070
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
1071
+ $mo2fa_login_message = 'Please provide both the answers.';
1072
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1073
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1074
+ }
1075
+ $otpToken = array();
1076
+ $kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
1077
+ $otpToken[0] = $kba_questions[0]['question'];
1078
+ $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
1079
+ $otpToken[2] = $kba_questions[1]['question'];
1080
+ $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
1081
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
1082
+ //if the php session folder has insufficient permissions, cookies to be used
1083
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1084
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
1085
+ $kba_validate = new Customer_Setup();
1086
+ $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1087
+ global $Mo2fdbQueries;
1088
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1089
+ if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
1090
+ if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
1091
+ try {
1092
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
1093
+ } catch ( Exception $e ) {
1094
+ echo $e->getMessage();
1095
+ }
1096
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1097
+ } else {
1098
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1099
+ }
1100
+ } else {
1101
+ $mo2fa_login_message = 'The answers you have provided are incorrect.';
1102
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1103
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
1104
+ }
1105
+ } else {
1106
+ $this->remove_current_activity($session_id_encrypt);
1107
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1108
+ }
1109
+ }
1110
+ }
1111
+ }
1112
+ function check_rba_cancalation($POSTED){
1113
+ $nonce = sanitize_text_field($POSTED['mo2f_trust_device_cancel_nonce']);
1114
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
1115
+ $error = new WP_Error();
1116
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1117
+ return $error;
1118
+ } else {
1119
+ $this->miniorange_pass2login_start_session();
1120
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1121
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1122
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1123
+ }
1124
+ }
1125
+ function check_rba_validation($POSTED){
1126
+ $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
1127
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
1128
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id'] ): null;
1129
+ $this->remove_current_activity($session_id_encrypt);
1130
+ $error = new WP_Error();
1131
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
1132
+ return $error;
1133
+ } else {
1134
+ $this->miniorange_pass2login_start_session();
1135
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1136
+ try {
1137
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
1138
+ Global $Mo2fdbQueries;
1139
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1140
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
1141
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
1142
+ } catch ( Exception $e ) {
1143
+ echo $e->getMessage();
1144
+ }
1145
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1146
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1147
+ }
1148
+ }
1149
+
1150
+ function miniorange2f_back_to_inline_registration($POSTED)
1151
+ {
1152
+ $nonce = sanitize_text_field($_POST['miniorange_back_inline_reg_nonce']);
1153
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
1154
+ $error = new WP_Error();
1155
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1156
+ return $error;
1157
+ } else {
1158
+
1159
+ $session_id_encrypt = sanitize_text_field($POSTED['session_id']);
1160
+ $redirect_to = esc_url_raw($POSTED['redirect_to']);
1161
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1162
+ $mo2fa_login_message = '';
1163
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
1164
+ }
1165
+
1166
+ }
1167
+
1168
+ function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
1169
+ $nonce = sanitize_text_field($_POST['miniorange_forgotphone']);
1170
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1171
+ $error = new WP_Error();
1172
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1173
+ return $error;
1174
+ } else {
1175
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1176
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1177
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1178
+ $mo2fa_login_message = '';
1179
+ $this->miniorange_pass2login_start_session();
1180
+ $customer = new Customer_Setup();
1181
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1182
+ Global $Mo2fdbQueries;
1183
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1184
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1185
+ if ( $kba_configuration_status ) {
1186
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1187
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1188
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1189
+ } else {
1190
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1191
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1192
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1193
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1194
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1195
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1196
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1197
+ //if the php session folder has insufficient permissions, cookies to be used
1198
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1199
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1200
+ $this->mo2f_transactionid=$content['txId'];
1201
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1202
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1203
+ } else {
1204
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1205
+ }
1206
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1207
+ }
1208
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1209
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1210
+ }
1211
+ }
1212
+ function check_miniorange_alternate_login_kba($POSTED){
1213
+ $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1214
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1215
+ $error = new WP_Error();
1216
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1217
+ return $error;
1218
+ } else {
1219
+ $this->miniorange_pass2login_start_session();
1220
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1221
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1222
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1223
+ $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1224
+ }
1225
+ }
1226
+ function check_miniorange_mobile_validation($POSTED){
1227
+ /*check mobile validation */
1228
+
1229
+ $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1230
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1231
+ $error = new WP_Error();
1232
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1233
+ return $error;
1234
+ } else {
1235
+ if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1236
+ {
1237
+ $txid = $POSTED['TxidEmail'];
1238
+ $status = get_option($txid);
1239
+ if($status != '')
1240
+ {
1241
+ if($status != 1)
1242
+ {
1243
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1244
+ }
1245
+ }
1246
+ }
1247
+ $this->miniorange_pass2login_start_session();
1248
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1249
+ //if the php session folder has insufficient permissions, cookies to be used
1250
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1251
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1252
+ $checkMobileStatus = new Two_Factor_Setup();
1253
+ $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1254
+ $response = json_decode( $content, true );
1255
+ if(MO2F_IS_ONPREM)
1256
+ {
1257
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1258
+ }
1259
+ if ( json_last_error() == JSON_ERROR_NONE ) {
1260
+ if ( $response['status'] == 'SUCCESS' ) {
1261
+ if ( get_option( 'mo2f_remember_device' ) ) {
1262
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1263
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1264
+ } else {
1265
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1266
+ }
1267
+ } else {
1268
+ $this->remove_current_activity($session_id_encrypt);
1269
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1270
+ }
1271
+ } else {
1272
+ $this->remove_current_activity($session_id_encrypt);
1273
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1274
+ }
1275
+ }
1276
+ }
1277
+ function check_miniorange_mobile_validation_failed($POSTED){
1278
+ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1279
+ $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1280
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1281
+ $error = new WP_Error();
1282
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1283
+ return $error;
1284
+ } else {
1285
+ $this->miniorange_pass2login_start_session();
1286
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1287
+ $this->remove_current_activity($session_id_encrypt);
1288
+
1289
+ }
1290
+ }
1291
+ function check_miniorange_forgotphone($POSTED){
1292
+ $nonce = $POSTED['miniorange_forgotphone'];
1293
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1294
+ $error = new WP_Error();
1295
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1296
+ return $error;
1297
+ } else {
1298
+ global $Mo2fdbQueries;
1299
+ $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1300
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1301
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1302
+ $mo2fa_login_message = '';
1303
+ $this->miniorange_pass2login_start_session();
1304
+ $customer = new Customer_Setup();
1305
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1306
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1307
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1308
+ if ( $kba_configuration_status ) {
1309
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1310
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1311
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1312
+ } else {
1313
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1314
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1315
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1316
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1317
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1318
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1319
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1320
+ //if the php session folder has insufficient permissions, cookies to be used
1321
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1322
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1323
+ $this->mo2f_transactionid=$content['txId'];
1324
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1325
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1326
+ } else {
1327
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1328
+ }
1329
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1330
+ }
1331
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1332
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1333
+ }
1334
+ }
1335
+ function check_miniorange_softtoken($POSTED){
1336
+ /*Click on the link of phone is offline */
1337
+ $nonce = $POSTED['miniorange_softtoken'];
1338
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1339
+ $error = new WP_Error();
1340
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1341
+ return $error;
1342
+ } else {
1343
+ $this->miniorange_pass2login_start_session();
1344
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1345
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1346
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1347
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1348
+ MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1349
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1350
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1351
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1352
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1353
+ }
1354
+ }
1355
+ function check_miniorange_soft_token($POSTED){
1356
+ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1357
+ $nonce = sanitize_text_field($_POST['miniorange_soft_token_nonce']);
1358
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1359
+ $error = new WP_Error();
1360
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1361
+ return $error;
1362
+ }else {
1363
+ $this->miniorange_pass2login_start_session();
1364
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1365
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1366
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1367
+ $softtoken = '';
1368
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1369
+ $attempts = get_option('mo2f_attempts_before_redirect', 3);
1370
+ if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1371
+ if($attempts>1 || $attempts=='disabled')
1372
+ {
1373
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1374
+ $mo2fa_login_message = 'Please enter OTP to proceed.';
1375
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1376
+ }else{
1377
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1378
+ $this->remove_current_activity($session_id_encrypt);
1379
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1380
+ }
1381
+ } else {
1382
+ $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1383
+ if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1384
+ if($attempts>1|| $attempts=='disabled')
1385
+ {
1386
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1387
+ $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1388
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1389
+ }else{
1390
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1391
+ $this->remove_current_activity($session_id_encrypt);
1392
+ update_option('mo2f_attempts_before_redirect', 3);
1393
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1394
+ $data = array('reload' => "reload", );
1395
+ wp_send_json_success($data);
1396
+ }
1397
+ else
1398
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1399
+ }
1400
+ }
1401
+ }
1402
+
1403
+ global $Mo2fdbQueries;
1404
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1405
+ if ( isset( $user_id ) ) {
1406
+ $customer = new Customer_Setup();
1407
+ $content = '';
1408
+ $current_user = get_userdata($user_id);
1409
+ //if the php session folder has insufficient permissions, cookies to be used
1410
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1411
+
1412
+ if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1413
+ $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1414
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1415
+ $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1416
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1417
+ $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1418
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1419
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1420
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1421
+ $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1422
+ } else {
1423
+ $this->remove_current_activity($session_id_encrypt);
1424
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1425
+ }
1426
+
1427
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1428
+ update_option('mo2f_attempts_before_redirect', 3);
1429
+ if ( get_option( 'mo2f_remember_device' ) ) {
1430
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1431
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1432
+ } else {
1433
+ if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1434
+ {
1435
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS', 'mo2f_OTPOverEmail_config_status' => 1) );
1436
+ $enduser = new Two_Factor_Setup();
1437
+
1438
+ $enduser->mo2f_update_userinfo( $user_email, 'OTP Over Email', null, null, null );
1439
+
1440
+ }
1441
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1442
+ }
1443
+ } else {
1444
+ if($attempts>1 || $attempts=='disabled')
1445
+ {
1446
+ update_option('mo2f_attempts_before_redirect', $attempts-1);
1447
+ $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1448
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1449
+ }else{
1450
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1451
+ $this->remove_current_activity($session_id_encrypt);
1452
+ update_option('mo2f_attempts_before_redirect', 3);
1453
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1454
+ $data = array('reload' => "reload", );
1455
+ wp_send_json_success($data);
1456
+ }
1457
+ else
1458
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1459
+ }
1460
+ }
1461
+ } else {
1462
+ $this->remove_current_activity($session_id_encrypt);
1463
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1464
+ }
1465
+ }
1466
+ }
1467
+ function check_miniorange_attribute_collection($POSTED){
1468
+ $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1469
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1470
+ $error = new WP_Error();
1471
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1472
+ return $error;
1473
+ } else {
1474
+ $this->miniorange_pass2login_start_session();
1475
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1476
+ $currentuser = get_user_by( 'id', $user_id );
1477
+ $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1478
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1479
+ $session_id = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1480
+ $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1481
+ }
1482
+ }
1483
+ function check_miniorange_inline_skip_registration($POSTED){
1484
+ $error = new WP_Error();
1485
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1486
+ }
1487
+ function miniorange_pass2login_redirect() {
1488
+ do_action('mo2f_network_init');
1489
+ global $Mo2fdbQueries;
1490
+
1491
+ if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
1492
+ if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1493
+ $nonce = sanitize_text_field($_POST['miniorange_login_nonce']);
1494
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1495
+
1496
+ if(is_null($session_id)) {
1497
+ $session_id=$this->create_session();
1498
+ }
1499
+
1500
+
1501
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1502
+ $this->remove_current_activity($session_id);
1503
+ $error = new WP_Error();
1504
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1505
+ return $error;
1506
+ } else {
1507
+ $this->miniorange_pass2login_start_session();
1508
+ $mobile_login = new Miniorange_Mobile_Login();
1509
+ //validation and sanitization
1510
+ $username = '';
1511
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
1512
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1513
+ $mobile_login->mo_auth_show_error_message();
1514
+ return;
1515
+ } else {
1516
+ $username = sanitize_text_field( $_POST['mo2fa_username'] );
1517
+ }
1518
+ if ( username_exists( $username ) ) { /*if username exists in wp site */
1519
+ $user = new WP_User( $username );
1520
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
1521
+ MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
1522
+ MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
1523
+ $this->mo2f_userId=$user->ID;
1524
+ $this->fstfactor='VALIDATE_SUCCESS';
1525
+ $current_roles = miniorange_get_user_role( $user );
1526
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1527
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1528
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1529
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1530
+
1531
+ if(MO2F_IS_ONPREM )
1532
+ {
1533
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1534
+
1535
+ }
1536
+ if ( $mo2f_configured_2FA_method ) {
1537
+ if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
1538
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
1539
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1540
+ } else {
1541
+ $mo2f_second_factor = '';
1542
+
1543
+ if(MO2F_IS_ONPREM)
1544
+ {
1545
+ global $Mo2fdbQueries;
1546
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1547
+ if($mo2f_second_factor == 'Security Questions')
1548
+ {
1549
+ $mo2f_second_factor = 'KBA';
1550
+ }
1551
+ else if($mo2f_second_factor == 'Google Authenticator')
1552
+ {
1553
+ $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
1554
+ }
1555
+ else if($mo2f_second_factor != 'Email Verification')
1556
+ $mo2f_second_factor = 'NONE';
1557
+ }else{
1558
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
1559
+ }
1560
+
1561
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
1562
+ $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
1563
+ } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
1564
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1565
+ }
1566
+ else if($mo2f_second_factor == 'Email Verification'){
1567
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1568
+ }
1569
+ else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
1570
+ $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
1571
+ } else if ( $mo2f_second_factor == 'KBA' ) {
1572
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
1573
+ } else {
1574
+ $this->remove_current_activity($session_id);
1575
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
1576
+ $mobile_login->mo_auth_show_success_message();
1577
+ }
1578
+ }
1579
+ } else {
1580
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
1581
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1582
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1583
+ $mobile_login->mo2f_redirectto_wp_login();
1584
+ }
1585
+ } else {
1586
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
1587
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
1588
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
1589
+ $mobile_login->mo2f_redirectto_wp_login();
1590
+ }
1591
+ } else {
1592
+ $mobile_login->remove_current_activity($session_id);
1593
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
1594
+ $mobile_login->mo_auth_show_error_message('Invalid Username.');
1595
+ }
1596
+ }
1597
+ }
1598
+
1599
+ }
1600
+ if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
1601
+ {
1602
+ $userIDGet = sanitize_text_field($_GET['userID']);
1603
+ $txIdGet = sanitize_text_field($_GET['Txid']);
1604
+ $otpToken = get_site_option($userIDGet);
1605
+ $txidstatus = get_site_option($txIdGet);
1606
+ $userIDd = $userIDGet.'D';
1607
+ $otpTokenD = get_site_option($userIDd);
1608
+ $mo2f_dirName = dirname(__FILE__);
1609
+ $mo2f_dirName = explode('wp-content', $mo2f_dirName);
1610
+ $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
1611
+
1612
+ $head = "You are not authorized to perform this action";
1613
+ $body = "Please contact to your admin";
1614
+ $color = "red";
1615
+ if(3 == $txidstatus)
1616
+ {
1617
+ $time = "time".$txIdGet;
1618
+ $currentTimeInMillis = round(microtime(true) * 1000);
1619
+ $generatedTimeINMillis = get_site_option($time);
1620
+ $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
1621
+ if($difference <= 300)
1622
+ {
1623
+ $accessTokenGet = sanitize_text_field($_GET['accessToken']);
1624
+ if( $accessTokenGet == $otpToken)
1625
+ {
1626
+ update_site_option($txIdGet,1);
1627
+ $body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
1628
+ $head = "TRANSACTION SUCCESSFUL";
1629
+ $color = "green";
1630
+ }
1631
+ else if($accessTokenGet==$otpTokenD)
1632
+ {
1633
+ update_site_option($txIdGet,0);
1634
+ $body = "Transaction has been Canceled.<br><br>Please Try Again.";
1635
+ $head = "TRANSACTION DENIED";
1636
+ }
1637
+ }
1638
+ delete_site_option($userIDGet);
1639
+ delete_site_option($userIDd);
1640
+ delete_site_option($time);
1641
+
1642
+ }
1643
+
1644
+ $this->display_email_verification($head,$body,$color);
1645
+ exit;
1646
+
1647
+ }
1648
+ elseif (isset($_POST['emailInlineCloud'])) {
1649
+ $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
1650
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
1651
+ $error = new WP_Error();
1652
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1653
+ return $error;
1654
+ } else {
1655
+ $email = sanitize_text_field($_POST['emailInlineCloud']);
1656
+ $current_user_id = sanitize_text_field($_POST['current_user_id']);
1657
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1658
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1659
+ if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
1660
+ global $Mo2fdbQueries;
1661
+ $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
1662
+ prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','',$redirect_to,$session_id_encrypt,null);
1663
+ }
1664
+ }
1665
+ }
1666
+ else if(isset($_POST['txid']))
1667
+ {
1668
+ $txidpost = sanitize_text_field($_POST['txid']);
1669
+ $status = get_site_option($txidpost);
1670
+ update_option('optionVal1',$status); //??
1671
+ if($status ==1 || $status ==0)
1672
+ delete_site_option($txidpost);
1673
+ echo $status;
1674
+ exit();
1675
+ }
1676
+
1677
+
1678
+
1679
+ else{
1680
+
1681
+ $value=isset($_POST['option'])?sanitize_text_field($_POST['option']):false;
1682
+
1683
+ switch ($value) {
1684
+ case 'miniorange_rba_validate':
1685
+ $this->check_rba_validation($_POST);
1686
+ break;
1687
+
1688
+ case 'miniorange_rba_cancle':
1689
+
1690
+ $this->check_rba_cancalation($_POST);
1691
+ break;
1692
+
1693
+ case 'miniorange_forgotphone':
1694
+ $this->check_miniorange_challenge_forgotphone($_POST);
1695
+ break;
1696
+
1697
+ case 'miniorange2f_back_to_inline_registration':
1698
+ $this->miniorange2f_back_to_inline_registration($_POST);
1699
+ exit;
1700
+
1701
+ case 'miniorange_alternate_login_kba':
1702
+
1703
+ $this->check_miniorange_alternate_login_kba($_POST);
1704
+ break;
1705
+
1706
+ case 'miniorange_kba_validate':
1707
+ $this->check_kba_validation($_POST);
1708
+
1709
+ break;
1710
+
1711
+ case 'miniorange_mobile_validation':
1712
+ $this->check_miniorange_mobile_validation($_POST);
1713
+ break;
1714
+
1715
+ case 'miniorange_mobile_validation_failed':
1716
+ $this->check_miniorange_mobile_validation_failed($_POST);
1717
+ break;
1718
+
1719
+ case 'miniorange_softtoken':
1720
+ $this->check_miniorange_softtoken($_POST);
1721
+
1722
+ break;
1723
+
1724
+
1725
+ case 'miniorange_soft_token':
1726
+
1727
+ $this->check_miniorange_soft_token($_POST);
1728
+ break;
1729
+
1730
+ case 'miniorange_inline_skip_registration':
1731
+ $this->check_miniorange_inline_skip_registration($_POST);
1732
+ break;
1733
+
1734
+ case 'miniorange_attribute_collection':
1735
+ $this->check_miniorange_attribute_collection($_POST);
1736
+ break;
1737
+
1738
+ case 'miniorange_inline_save_2factor_method':
1739
+ $this->save_inline_2fa_method();
1740
+ break;
1741
+
1742
+ case 'mo2f_skip_2fa_setup':
1743
+ $this->mo2f_skip_2fa_setup();
1744
+ break;
1745
+
1746
+ case 'miniorange_back_inline':
1747
+ $this->back_to_select_2fa();
1748
+ break;
1749
+
1750
+ case 'miniorange_inline_ga_validate':
1751
+ $this->inline_validate_and_set_ga();
1752
+ break;
1753
+
1754
+ case 'miniorange_inline_show_mobile_config':
1755
+ $this->inline_mobile_configure();
1756
+ break;
1757
+
1758
+ case 'miniorange_inline_complete_mobile':
1759
+ $this->mo2f_inline_validate_mobile_authentication();
1760
+ break;
1761
+
1762
+ case 'mo2f_inline_kba_option':
1763
+ $this->mo2f_inline_validate_kba();
1764
+ break;
1765
+
1766
+ case 'miniorange_inline_complete_otp_over_sms':
1767
+ $this->mo2f_inline_send_otp();
1768
+ break;
1769
+
1770
+ case 'miniorange_inline_complete_otp':
1771
+ $this->mo2f_inline_validate_otp();
1772
+ break;
1773
+
1774
+ case 'miniorange_inline_login':
1775
+ $this->mo2f_inline_login();
1776
+ break;
1777
+ case 'miniorange_inline_register':
1778
+ $this->mo2f_inline_register();
1779
+ break;
1780
+ case 'mo2f_users_backup1':
1781
+ $this->mo2f_download_backup_codes_inline();
1782
+ break;
1783
+ case 'mo2f_goto_wp_dashboard':
1784
+ $this->mo2f_goto_wp_dashboard();
1785
+ break;
1786
+ case 'miniorange_backup_nonce':
1787
+ $this->mo2f_use_backup_codes($_POST);
1788
+ break;
1789
+ case 'miniorange_validate_backup_nonce':
1790
+ $this->check_backup_codes_validation($_POST);
1791
+ break;
1792
+ case 'miniorange_create_backup_codes':
1793
+ $this->mo2f_create_backup_codes();
1794
+ break;
1795
+ default:
1796
+ $error = new WP_Error();
1797
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1798
+
1799
+ return $error;
1800
+ break;
1801
+
1802
+
1803
+ }
1804
+ }
1805
+ }
1806
+
1807
+ function deniedMessage($message)
1808
+ {
1809
+ if(empty($message) && get_option("deniedMessage") )
1810
+ {
1811
+ delete_option('deniedMessage');
1812
+ }
1813
+ else
1814
+ return $message;
1815
+ }
1816
+ function remove_current_activity($session_id) {
1817
+ global $Mo2fdbQueries;
1818
+ $session_variables = array(
1819
+ 'mo2f_current_user_id',
1820
+ 'mo2f_1stfactor_status',
1821
+ 'mo_2factor_login_status',
1822
+ 'mo2f-login-qrCode',
1823
+ 'mo2f_transactionId',
1824
+ 'mo2f_login_message',
1825
+ 'mo2f_rba_status',
1826
+ 'mo_2_factor_kba_questions',
1827
+ 'mo2f_show_qr_code',
1828
+ 'mo2f_google_auth',
1829
+ 'mo2f_authy_keys'
1830
+ );
1831
+
1832
+ $cookie_variables = array(
1833
+ 'mo2f_current_user_id',
1834
+ 'mo2f_1stfactor_status',
1835
+ 'mo_2factor_login_status',
1836
+ 'mo2f-login-qrCode',
1837
+ 'mo2f_transactionId',
1838
+ 'mo2f_login_message',
1839
+ 'mo2f_rba_status_status',
1840
+ 'mo2f_rba_status_sessionUuid',
1841
+ 'mo2f_rba_status_decision_flag',
1842
+ 'kba_question1',
1843
+ 'kba_question2',
1844
+ 'mo2f_show_qr_code',
1845
+ 'mo2f_google_auth',
1846
+ 'mo2f_authy_keys'
1847
+ );
1848
+
1849
+ $temp_table_variables = array(
1850
+ 'session_id',
1851
+ 'mo2f_current_user_id',
1852
+ 'mo2f_login_message',
1853
+ 'mo2f_1stfactor_status',
1854
+ 'mo2f_transactionId',
1855
+ 'mo_2_factor_kba_questions',
1856
+ 'mo2f_rba_status',
1857
+ 'ts_created'
1858
+ );
1859
+
1860
+ MO2f_Utility::unset_session_variables( $session_variables );
1861
+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
1862
+ $key = get_option( 'mo2f_encryption_key' );
1863
+ $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
1864
+ $Mo2fdbQueries->save_user_login_details( $session_id, array(
1865
+
1866
+ 'mo2f_current_user_id' => '',
1867
+ 'mo2f_login_message' => '',
1868
+ 'mo2f_1stfactor_status' => '',
1869
+ 'mo2f_transactionId' => '',
1870
+ 'mo_2_factor_kba_questions' => '',
1871
+ 'mo2f_rba_status' => '',
1872
+ 'ts_created' => ''
1873
+ ) );
1874
+
1875
+
1876
+ }
1877
+
1878
+ public function miniorange_pass2login_start_session() {
1879
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1880
+ $session_path = ini_get('session.save_path');
1881
+ if( is_writable($session_path) && is_readable($session_path) ) {
1882
+ session_start();
1883
+ }
1884
+ }
1885
+ }
1886
+
1887
+ function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
1888
+ global $Mo2fdbQueries,$LoginuserID;
1889
+ $LoginuserID = $user_id;
1890
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1891
+ if(is_null($session_id)) {
1892
+ $session_id=$this->create_session();
1893
+ }
1894
+ if(MO2F_IS_ONPREM){
1895
+ $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
1896
+ $challenge_questions = array_keys($question_answers);
1897
+ $random_keys = array_rand($challenge_questions,2);
1898
+ $challenge_ques1 = $challenge_questions[$random_keys[0]];
1899
+ $challenge_ques2 = $challenge_questions[$random_keys[1]];
1900
+ $questions[0] = array('question'=>$challenge_ques1);
1901
+ $questions[1] = array('question'=>$challenge_ques2);
1902
+ update_user_meta( $user_id, 'kba_questions_user', $questions );
1903
+ $mo2fa_login_message = 'Please answer the following questions:';
1904
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1905
+ $mo2f_kbaquestions = $questions;
1906
+ MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1907
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1908
+ }
1909
+
1910
+ else{
1911
+ $challengeKba = new Customer_Setup();
1912
+ $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
1913
+ $response = json_decode( $content, true );
1914
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
1915
+ if ( $response['status'] == 'SUCCESS' ) {
1916
+ MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
1917
+ $this->mo2f_transactionid = $response['txId'];
1918
+ $questions = array();
1919
+ $questions[0] = $response['questions'][0];
1920
+ $questions[1] = $response['questions'][1];
1921
+ MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
1922
+ $this->mo2f_kbaquestions=$questions;
1923
+ $mo2fa_login_message = 'Please answer the following questions:';
1924
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1925
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
1926
+ } else if ( $response['status'] == 'ERROR' ) {
1927
+ $this->remove_current_activity($session_id);
1928
+ $error = new WP_Error();
1929
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1930
+
1931
+ return $error;
1932
+ }
1933
+ } else {
1934
+ $this->remove_current_activity($session_id);
1935
+ $error = new WP_Error();
1936
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
1937
+
1938
+ return $error;
1939
+ }
1940
+ }
1941
+ }
1942
+
1943
+ function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt=null,$show_back_button =null ) {
1944
+
1945
+ $login_status = $mo2fa_login_status;
1946
+ $login_message = $mo2fa_login_message;
1947
+ switch ($login_status) {
1948
+ case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
1949
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1950
+ mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
1951
+ exit;
1952
+ break;
1953
+ case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
1954
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1955
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1956
+ exit;
1957
+ break;
1958
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
1959
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1960
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button );
1961
+ exit;
1962
+ break;
1963
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
1964
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1965
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1966
+ exit;
1967
+ break;
1968
+ case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
1969
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1970
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1971
+ exit;
1972
+ break;
1973
+ case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
1974
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1975
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
1976
+ exit;
1977
+ break;
1978
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
1979
+ mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
1980
+ exit;
1981
+ break;
1982
+
1983
+ case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
1984
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1985
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1986
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1987
+ exit;
1988
+ break;
1989
+
1990
+ case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
1991
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
1992
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1993
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
1994
+ exit;
1995
+ break;
1996
+
1997
+ case 'MO_2_FACTOR_RECONFIG_GOOGLE':
1998
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
1999
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
2000
+ exit;
2001
+ break;
2002
+
2003
+ case 'MO_2_FACTOR_RECONFIG_KBA':
2004
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
2005
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
2006
+ exit;
2007
+ break;
2008
+
2009
+ case 'MO_2_FACTOR_SETUP_SUCCESS':
2010
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
2011
+ $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
2012
+ break;
2013
+
2014
+ case 'MO_2_FACTOR_GENERATE_BACKUP_CODES':
2015
+ $current_user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
2016
+ mo2f_backup_codes_generate($current_user_id, $redirect_to, $session_id_encrypt);
2017
+ exit;
2018
+
2019
+ case 'MO_2_FACTOR_CHALLENGE_BACKUP':
2020
+ mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt);
2021
+ exit;
2022
+
2023
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
2024
+ $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
2025
+ if(MO2F_IS_ONPREM){
2026
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
2027
+ $ques = get_user_meta( $user_id, 'kba_questions_user');
2028
+ mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
2029
+ }
2030
+ else{
2031
+ mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
2032
+ }
2033
+ exit;
2034
+ break;
2035
+
2036
+ case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
2037
+ mo2f_get_device_form( $redirect_to, $session_id_encrypt );
2038
+ exit;
2039
+ break;
2040
+
2041
+ case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
2042
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
2043
+ prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
2044
+ exit;
2045
+ break;
2046
+
2047
+ default:
2048
+ $this->mo_2_factor_pass2login_show_wp_login_form();
2049
+
2050
+ break;
2051
+ }
2052
+ }
2053
+
2054
+ function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
2055
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
2056
+ return true;
2057
+ }
2058
+
2059
+ return false;
2060
+ }
2061
+
2062
+ function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
2063
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
2064
+ return true;
2065
+ }
2066
+
2067
+ return false;
2068
+ }
2069
+
2070
+ function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
2071
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
2072
+ return true;
2073
+ }
2074
+
2075
+ return false;
2076
+ }
2077
+
2078
+ function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
2079
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
2080
+ return true;
2081
+ }
2082
+
2083
+ return false;
2084
+ }
2085
+
2086
+ function miniorange_pass2login_reconfig_google( $login_status ) {
2087
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
2088
+ return true;
2089
+ }
2090
+
2091
+ return false;
2092
+ }
2093
+
2094
+ function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
2095
+
2096
+ do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
2097
+
2098
+
2099
+ }
2100
+
2101
+ function miniorange_pass2login_reconfig_kba( $login_status ) {
2102
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
2103
+ return true;
2104
+ }
2105
+
2106
+ return false;
2107
+ }
2108
+
2109
+ function miniorange_pass2login_check_kba_status( $login_status ) {
2110
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
2111
+ return true;
2112
+ }
2113
+
2114
+ return false;
2115
+ }
2116
+
2117
+ function miniorange_pass2login_check_trusted_device_status( $login_status ) {
2118
+
2119
+ if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
2120
+ return true;
2121
+ }
2122
+
2123
+ return false;
2124
+ }
2125
+
2126
+ function mo_2_factor_pass2login_woocommerce(){
2127
+ ?>
2128
+ <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
2129
+ <?php
2130
+ }
2131
+ function mo_2_factor_pass2login_show_wp_login_form() {
2132
+
2133
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2134
+ if(is_null($session_id_encrypt)) {
2135
+ $session_id_encrypt=$this->create_session();
2136
+ }
2137
+ if(class_exists('Theme_My_Login'))
2138
+ {
2139
+ wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
2140
+ wp_localize_script( 'tmlajax_script', 'my_ajax_object',
2141
+ array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
2142
+ }
2143
+ ?>
2144
+ <p><input type="hidden" name="miniorange_login_nonce"
2145
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
2146
+
2147
+ <input type="hidden" id="sessid" name="session_id"
2148
+ value="<?php echo $session_id_encrypt; ?>"/>
2149
+
2150
+ </p>
2151
+
2152
+ <?php
2153
+ if ( get_option( 'mo2f_remember_device' ) ) {
2154
+ ?>
2155
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
2156
+ <?php
2157
+ wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
2158
+ wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
2159
+ wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
2160
+ wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
2161
+ wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
2162
+ wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
2163
+ wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
2164
+ wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
2165
+ wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
2166
+ }else{
2167
+
2168
+
2169
+ if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option'))
2170
+ {
2171
+ echo "\t<p>\n";
2172
+ echo "\t\t<label class=\"mo2f_instuction1\" title=\"".__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('2 Factor Authentication code*','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
2173
+ echo "\t\t<input type=\"text\" placeholder=\"No soft Token ? Skip\" name=\"mo_softtoken\" id=\"mo2f_2fa_code\" class=\"mo2f_2fa_code\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
2174
+ echo "\t<p class=\"mo2f_instuction2\" style='color:red; font-size:12px;padding:5px'>* Skip the authentication code if it doesn't apply.</p>\n";
2175
+ echo "\t</p>\n";
2176
+ echo " \r\n";
2177
+ echo " \r\n";
2178
+ echo "\n";
2179
+ }
2180
+ }
2181
+
2182
+ }
2183
+
2184
+ function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
2185
+ global $Mo2fdbQueries;
2186
+ if (is_null($session_id_encrypt)){
2187
+ $session_id_encrypt=$this->create_session();
2188
+ }
2189
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2190
+ $useragent = $_SERVER['HTTP_USER_AGENT'];
2191
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
2192
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
2193
+
2194
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
2195
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
2196
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
2197
+
2198
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2199
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2200
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
2201
+ } else {
2202
+ $challengeMobile = new Customer_Setup();
2203
+ $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2204
+ $response = json_decode( $content, true );
2205
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2206
+ if ( $response['status'] == 'SUCCESS' ) {
2207
+ $qrCode = $response['qrCode'];
2208
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
2209
+ $this->mo2f_transactionid=$response['txId'];
2210
+ $mo2fa_login_message = '';
2211
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
2212
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
2213
+ } else if ( $response['status'] == 'ERROR' ) {
2214
+ $this->remove_current_activity($session_id_encrypt);
2215
+ $error = new WP_Error();
2216
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2217
+
2218
+ return $error;
2219
+ }
2220
+ } else {
2221
+ $this->remove_current_activity($session_id_encrypt);
2222
+ $error = new WP_Error();
2223
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2224
+
2225
+ return $error;
2226
+ }
2227
+ }
2228
+
2229
+ }
2230
+
2231
+ function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2232
+
2233
+ global $Mo2fdbQueries;
2234
+ if(is_null($session_id)){
2235
+ $session_id=$this->create_session();
2236
+ }
2237
+ $challengeMobile = new Customer_Setup();
2238
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2239
+ if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2240
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2241
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2242
+ $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2243
+
2244
+ }else {
2245
+ $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2246
+ }
2247
+ $response = json_decode( $content, true );
2248
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2249
+ if ( $response['status'] == 'SUCCESS' ) {
2250
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2251
+ $this->mo2f_transactionid=$response['txId'];
2252
+
2253
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2254
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2255
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2256
+ } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2257
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2258
+ $this->mo2f_transactionid=$response['txId'];
2259
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2260
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2261
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2262
+ }
2263
+ } else {
2264
+ $this->remove_current_activity($session_id);
2265
+ $error = new WP_Error();
2266
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2267
+
2268
+ return $error;
2269
+ }
2270
+ }
2271
+
2272
+ function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2273
+ global $Mo2fdbQueries;
2274
+ if(is_null($session_id)){
2275
+ $session_id=$this->create_session();
2276
+ }
2277
+ $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2278
+ if($mo2f_second_factor == 'EMAIL')
2279
+ {
2280
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2281
+ $wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
2282
+ if($wdewdeqdqq >get_site_option('EmailTransactionCurrent', 30) or get_site_option(base64_encode("limitReached")))
2283
+ {
2284
+ update_site_option(base64_encode("remainingOTP"),0);
2285
+ }
2286
+ }
2287
+ else
2288
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2289
+ if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2290
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2291
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2292
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2293
+ } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2294
+ $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2295
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2296
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2297
+ } else {
2298
+ $challengeMobile = new Customer_Setup();
2299
+ $content = '';
2300
+ $response = [];
2301
+ $otpLIMiTE = 0;
2302
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
2303
+ {
2304
+ if($mo2f_second_factor == 'OTP Over SMS')
2305
+ $mo2f_second_factor = 'SMS';
2306
+ $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2307
+ $response = json_decode( $content, true );
2308
+
2309
+ }
2310
+ else
2311
+ {
2312
+ $response['status'] = 'FAILED';
2313
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2314
+ $otpLIMiTE = 1;
2315
+ }
2316
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2317
+ if ( $response['status'] == 'SUCCESS' ) {
2318
+ if($mo2f_second_factor == 'EMAIL')
2319
+ {
2320
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2321
+ if($cmVtYWluaW5nT1RQ>0)
2322
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2323
+ }
2324
+ elseif($mo2f_second_factor == 'SMS')
2325
+ {
2326
+ $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
2327
+ if($mo2f_sms>0)
2328
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
2329
+ }
2330
+ if(!isset($response['phoneDelivery']['contact']))
2331
+ $response['phoneDelivery']['contact'] = '';
2332
+ $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2333
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2334
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2335
+ $this->mo2f_transactionid=$response['txId'];
2336
+ $mo2fa_login_message = $message;
2337
+ $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2338
+
2339
+ if($currentMethod == 'OTP Over Email')
2340
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2341
+ else
2342
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2343
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2344
+ } else {
2345
+
2346
+
2347
+ if($response['message'] == 'TEST FAILED.')
2348
+ $response['message'] = 'There is an error in sending the OTP.';
2349
+
2350
+ $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
2351
+
2352
+ if($otpLIMiTE ==1)
2353
+ $last_message = 'or contact miniOrange';
2354
+
2355
+ else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
2356
+ $last_message = 'Or check your SMTP Server and remaining transacions.';
2357
+ else
2358
+ $last_message = 'Or check your remaining transacions';
2359
+
2360
+ $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
2361
+ if(!isset($response['txId']))
2362
+ $response['txId'] = '';
2363
+ MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
2364
+ $this->mo2f_transactionid=$response['txId'];
2365
+ $mo2fa_login_message = $message;
2366
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2367
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2368
+ }
2369
+ } else {
2370
+ $this->remove_current_activity($session_id);
2371
+ $error = new WP_Error();
2372
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2373
+ return $error;
2374
+ }
2375
+ }
2376
+ }
2377
+
2378
+ function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
2379
+ global $Mo2fdbQueries;
2380
+ if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
2381
+ $user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
2382
+ $mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
2383
+ } else {
2384
+ $user_id=$this->mo2f_userID;
2385
+ $mo2f_1stfactor_status=$this->fstfactor;
2386
+ }
2387
+
2388
+ if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
2389
+ $currentuser = get_user_by( 'id', $user_id );
2390
+ wp_set_current_user( $user_id, $currentuser->user_login );
2391
+ $mobile_login = new Miniorange_Mobile_Login();
2392
+ $mobile_login->remove_current_activity($session_id_encrypted);
2393
+ wp_set_auth_cookie( $user_id, true );
2394
+ do_action( 'wp_login', $currentuser->user_login, $currentuser );
2395
+ redirect_user_to( $currentuser, $redirect_to );
2396
+ exit;
2397
+ } else {
2398
+ $this->remove_current_activity($session_id_encrypted);
2399
+ }
2400
+ }
2401
+
2402
+ function create_session(){
2403
+ global $Mo2fdbQueries;
2404
+ $session_id = MO2f_Utility::random_str(20);
2405
+ $Mo2fdbQueries->insert_user_login_session($session_id);
2406
+ $key = get_option( 'mo2f_encryption_key' );
2407
+ $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
2408
+ return $session_id_encrypt;
2409
+ }
2410
+
2411
+ function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
2412
+
2413
+ global $Mo2fdbQueries;
2414
+ $this->miniorange_pass2login_start_session();
2415
+ if(is_null($session_id_encrypt)) {
2416
+ $session_id_encrypt=$this->create_session();
2417
+ }
2418
+
2419
+ if(class_exists('UM_Functions'))
2420
+ {
2421
+ if(!isset($_POST['wp-submit']) and isset($_POST['um_request']))
2422
+ {
2423
+ $meta = get_option('um_role_'.$currentuser->roles[0].'_meta');
2424
+ if(isset($meta) and $meta != '')
2425
+ {
2426
+ if(isset($meta['_um_login_redirect_url']))
2427
+ $redirect_to = $meta['_um_login_redirect_url'];
2428
+ if($redirect_to == '')
2429
+ {
2430
+ $redirect_to = get_site_url();
2431
+ }
2432
+ }
2433
+ $login_form_url = '';
2434
+ if(isset($_POST['redirect_to']))
2435
+ $login_form_url = esc_url_raw($_POST['redirect_to']);
2436
+
2437
+ if($login_form_url != '' and !is_null($login_form_url))
2438
+ {
2439
+ $redirect_to = $login_form_url;
2440
+ }
2441
+
2442
+ }
2443
+
2444
+ }
2445
+ MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
2446
+ MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
2447
+
2448
+ $this->mo2f_userID=$currentuser->ID;
2449
+ $this->fstfactor='VALIDATE_SUCCESS';
2450
+
2451
+ $is_customer_admin = true;
2452
+
2453
+ $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
2454
+ if($dG90YWxVc2Vyc0Nsb3Vk<3)
2455
+ $is_customer_admin = true;
2456
+
2457
+ $roles = ( array ) $currentuser->roles;
2458
+ $twofactor_enabled = 0;
2459
+ foreach ( $roles as $role ) {
2460
+ if(get_option('mo2fa_'.$role)=='1')
2461
+ $twofactor_enabled=1;
2462
+ }
2463
+
2464
+ if ( $is_customer_admin && $twofactor_enabled ) {
2465
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
2466
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
2467
+
2468
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
2469
+ $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
2470
+ }else{
2471
+ $mo2f_allwed_login_attempts= 'disabled';
2472
+ }
2473
+ update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
2474
+
2475
+ $twofactor_transactions = new Mo2fDB;
2476
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
2477
+ $tfa_enabled = $Mo2fdbQueries->get_user_detail( 'mo2f_2factor_enable_2fa_byusers', $currentuser->ID );
2478
+ if($tfa_enabled == 0 && ($mo_2factor_user_registration_status != 'MO_2_FACTOR_PLUGIN_SETTINGS') && $tfa_enabled != '')
2479
+ $exceeded =1;
2480
+
2481
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
2482
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2483
+ try {
2484
+ $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
2485
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
2486
+ $this->mo2f_rbastatus=$mo2f_rba_status;
2487
+ } catch ( Exception $e ) {
2488
+ echo $e->getMessage();
2489
+ }
2490
+
2491
+ if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
2492
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2493
+ } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
2494
+
2495
+ $this->mo2f_restrict_access( 'Access_denied' );
2496
+ exit;
2497
+ } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
2498
+ $this->mo2f_restrict_access( 'Access_denied' );
2499
+ exit;
2500
+ } else {
2501
+
2502
+ $mo2f_second_factor = '';
2503
+
2504
+ if(MO2F_IS_ONPREM)
2505
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2506
+ else
2507
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
2508
+
2509
+ if($mo2f_second_factor == 'miniOrange Soft Token')
2510
+ $mo2f_second_factor = "SOFT TOKEN";
2511
+ else if($mo2f_second_factor == "miniOrange Push Notification")
2512
+ $mo2f_second_factor = "PUSH NOTIFICATIONS";
2513
+ else if($mo2f_second_factor == "miniOrange QR Code Authentication")
2514
+ $mo2f_second_factor = "MOBILE AUTHENTICATION";
2515
+ else if($mo2f_second_factor == 'Security Questions')
2516
+ $mo2f_second_factor = 'KBA';
2517
+ else if($mo2f_second_factor == 'Google Authenticator')
2518
+ $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2519
+ else if($mo2f_second_factor == 'OTP Over SMS')
2520
+ $mo2f_second_factor = 'SMS';
2521
+ else if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
2522
+ $mo2f_second_factor = "EMAIL";
2523
+
2524
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
2525
+ {
2526
+ update_site_option("bGltaXRSZWFjaGVk",1);
2527
+
2528
+ }
2529
+ }
2530
+
2531
+
2532
+ if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
2533
+ {
2534
+ $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
2535
+ if(is_wp_error( $error))
2536
+ {
2537
+ return $error;
2538
+ }
2539
+ }
2540
+ else{
2541
+
2542
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2543
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
2544
+ } else {
2545
+
2546
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2547
+ $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
2548
+ } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification') {
2549
+ $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2550
+ } else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL') {
2551
+ $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
2552
+ } else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
2553
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
2554
+ } else if ( $mo2f_second_factor == 'NONE' ) {
2555
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2556
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2557
+ else
2558
+ return $currentuser;
2559
+ } else {
2560
+ $this->remove_current_activity($session_id_encrypt);
2561
+ $error = new WP_Error();
2562
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2563
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Two Factor method has not been configured.', );
2564
+ wp_send_json_success($data);
2565
+ }
2566
+ else{
2567
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
2568
+ return $error;
2569
+ }
2570
+ }
2571
+ }
2572
+ }
2573
+
2574
+ }
2575
+ }else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
2576
+ $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
2577
+
2578
+ } else {
2579
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2580
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2581
+ else
2582
+ return $currentuser;
2583
+ }
2584
+
2585
+ } else { //plugin is not activated for current role then logged him in without asking 2 factor
2586
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
2587
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2588
+ else
2589
+ return $currentuser;
2590
+ }
2591
+
2592
+ }
2593
+
2594
+ function mo2fa_inline($currentuser,$redirect_to,$session_id){
2595
+
2596
+ global $Mo2fdbQueries;
2597
+ $currentUserId = $currentuser->ID;
2598
+ $email = $currentuser->user_email;
2599
+ $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
2600
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
2601
+ 'user_registration_with_miniorange' =>'SUCCESS',
2602
+ 'mo2f_user_email' =>$email,
2603
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
2604
+ ) );
2605
+
2606
+ $mo2fa_login_message = '';
2607
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2608
+
2609
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
2610
+ //}
2611
+ }
2612
+
2613
+ function mo2f_validate_soft_token($currentuser, $redirect_to = null, $mo2f_second_factor, $softtoken,$session_id_encrypt){
2614
+ global $Mo2fdbQueries;
2615
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
2616
+ $customer = new Customer_Setup();
2617
+ $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2618
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2619
+ if ( get_option( 'mo2f_remember_device' ) ) {
2620
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
2621
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
2622
+ } else {
2623
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
2624
+ }
2625
+ } else {
2626
+ if( MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2627
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid One Time Passcode.', );
2628
+ wp_send_json_success($data);
2629
+ }
2630
+ else
2631
+ return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
2632
+ }
2633
+ }
2634
+
2635
+ function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
2636
+ {
2637
+
2638
+ $challengeMobile = new Customer_Setup();
2639
+ $content = '';
2640
+ $response = [];
2641
+ $otpLIMiTE = 0;
2642
+ if(get_site_option("cmVtYWluaW5nT1RQ")>0)
2643
+ {
2644
+ $content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
2645
+ $response = json_decode( $content, true );
2646
+ if(!MO2F_IS_ONPREM)
2647
+ {
2648
+ if(isset($response['txId']))
2649
+ MO2f_Utility::set_user_values( $session_id_encrypt, "mo2f_transactionId", $response['txId'] );
2650
+ }
2651
+
2652
+ }
2653
+ else
2654
+ {
2655
+ $response['status'] = 'FAILED';
2656
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2657
+ $otpLIMiTE = 1;
2658
+ }
2659
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2660
+ if ( $response['status'] == 'SUCCESS' ) {
2661
+ $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
2662
+ if($cmVtYWluaW5nT1RQ>0)
2663
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2664
+ $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
2665
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2666
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 );
2667
+ }
2668
+ else
2669
+ {
2670
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
2671
+ $mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
2672
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
2673
+ }
2674
+ }
2675
+ }
2676
+ function mo2f_restrict_access( $identity ) {
2677
+ apply_filters( 'mo2f_rba_addon', $identity );
2678
+ exit;
2679
+ }
2680
+
2681
+ function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
2682
+ $session_id=$this->create_session();
2683
+ if ( get_option( 'mo2f_remember_device' ) ) {
2684
+ $this->miniorange_pass2login_start_session();
2685
+
2686
+
2687
+ MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
2688
+ $this->mo2f_userID=$currentuser->ID;
2689
+
2690
+ mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
2691
+ exit;
2692
+ } else {
2693
+ $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to ,null ,$session_id );
2694
+ }
2695
+ }
2696
+
2697
+ function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
2698
+ if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
2699
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2700
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp;Invalid User Credentials', );
2701
+ wp_send_json_success($data);
2702
+ }
2703
+ else
2704
+ return $user;
2705
+ }
2706
+ if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
2707
+ return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
2708
+ }
2709
+ // if an app password is enabled, this is an XMLRPC / APP login ?
2710
+ if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
2711
+
2712
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
2713
+ if ( is_wp_error( $currentuser ) ) {
2714
+ $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
2715
+
2716
+ return false;
2717
+ } else {
2718
+ return $currentuser;
2719
+ }
2720
+
2721
+ } else {
2722
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
2723
+ if ( is_wp_error( $currentuser ) ) {
2724
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2725
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
2726
+ wp_send_json_success($data);
2727
+ }
2728
+ else{
2729
+ $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
2730
+ return $currentuser;
2731
+ }
2732
+ } else {
2733
+ global $Mo2fdbQueries;
2734
+
2735
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2736
+
2737
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to'] ): null;
2738
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
2739
+ $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
2740
+ if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
2741
+ {
2742
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
2743
+ }
2744
+ else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
2745
+ {
2746
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
2747
+ }
2748
+ else
2749
+ {
2750
+ if ( empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')))
2751
+ {
2752
+
2753
+
2754
+ if(isset($_POST['mo_woocommerce_login_prompt'])){
2755
+
2756
+ $this->miniorange_initiate_2nd_factor( $currentuser, "", "","",$session_id);
2757
+ }
2758
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
2759
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Please enter the One Time Passcode', );
2760
+ wp_send_json_success($data);
2761
+ }
2762
+ else
2763
+ return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
2764
+ // Prevent PHP notices when using app password login
2765
+
2766
+ }
2767
+ else
2768
+ {
2769
+ $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
2770
+ }
2771
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
2772
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2773
+
2774
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
2775
+
2776
+ if(is_null($session_id)) {
2777
+ $session_id=$this->create_session();
2778
+ }
2779
+
2780
+
2781
+ $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
2782
+
2783
+
2784
+ if(is_wp_error( $error)){
2785
+ return $error;
2786
+ }
2787
+ return $error;
2788
+ }
2789
+ }
2790
+ }
2791
+
2792
+ }
2793
+
2794
+ function display_email_verification($head,$body,$color)
2795
+ {
2796
+ echo "<div style='background-color: #d5e3d9; height:850px;' >
2797
+ <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
2798
+ <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
2799
+ <img alt='logo' style='margin-left:240px ;
2800
+ margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
2801
+ <div><hr></div>
2802
+
2803
+ <tbody>
2804
+ <tr>
2805
+ <td>
2806
+
2807
+ <p style='margin-top:0;margin-bottom:10px'>
2808
+ <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".$head ."</h1></p>
2809
+ <p style='margin-top:0;margin-bottom:10px'>
2810
+ <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".$body."</h2></p>
2811
+ <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
2812
+
2813
+ </td>
2814
+ </tr>
2815
+
2816
+ </div>
2817
+ </div>
2818
+ </div>";
2819
+ }
2820
+
2821
+ function mo_2_factor_enable_jquery_default_login() {
2822
+ wp_enqueue_script( 'jquery' );
2823
+ }
2824
+
2825
+ function miniorange_pass2login_footer_form() {
2826
+ ?>
2827
+ <script>
2828
+ jQuery(document).ready(function () {
2829
+ if (document.getElementById('loginform') != null) {
2830
+ jQuery('#loginform').on('submit', function (e) {
2831
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2832
+ });
2833
+ } else {
2834
+ if (document.getElementsByClassName('login') != null) {
2835
+ jQuery('.login').on('submit', function (e) {
2836
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
2837
+ });
2838
+ }
2839
+ }
2840
+ });
2841
+ </script>
2842
+ <?php
2843
+
2844
+ }
2845
+
2846
+
2847
+ }
2848
+
2849
+ ?>
handler/twofa/two_fa_settings.php CHANGED
@@ -280,7 +280,7 @@ class Miniorange_Authentication {
280
  if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
281
  $customer = new Customer_Setup();
282
 
283
- $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
284
 
285
  update_option( 'mo2f_set_transactions', 1 );
286
  if ( ! array_key_exists( 'smsRemaining', $content ) ) {
@@ -1059,7 +1059,7 @@ class Miniorange_Authentication {
1059
  }
1060
  }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
1061
  $customer = new Customer_Setup();
1062
- $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1063
  if ( ! array_key_exists( 'smsRemaining', $content ) ) {
1064
  $smsRemaining = 0;
1065
  } else {
@@ -1863,19 +1863,20 @@ class Miniorange_Authentication {
1863
  $this->mo_auth_show_error_message();
1864
  return;
1865
  }
1866
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_2'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans2'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_3'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans3'] ) ) {
1867
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
1868
- $this->mo_auth_show_error_message();
1869
- return;
1870
- }
1871
 
1872
- $kba_q1 = $_POST['mo2f_kbaquestion_1'];
1873
  $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
1874
- $kba_q2 = $_POST['mo2f_kbaquestion_2'];
1875
  $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
1876
  $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
1877
  $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
1878
 
 
 
 
 
 
 
1879
  if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
1880
  update_option( 'mo2f_message', 'The questions you select must be unique.' );
1881
  $this->mo_auth_show_error_message();
@@ -2036,7 +2037,9 @@ class Miniorange_Authentication {
2036
  update_option( 'mo2f_transactionId', $content['txId'] );
2037
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2038
  update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2039
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
 
 
2040
  $this->mo_auth_show_success_message();
2041
  } else {
2042
  update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
@@ -2309,6 +2312,7 @@ class Miniorange_Authentication {
2309
  $response['status'] = 'FAILED';
2310
  if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0) {
2311
  $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
 
2312
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2313
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2314
  update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
@@ -2526,11 +2530,14 @@ class Miniorange_Authentication {
2526
  if($selected_2FA_method == 'OTP Over Email')
2527
  {
2528
  $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
 
2529
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2530
  }
2531
  else if($selected_2FA_method == 'OTP Over SMS')
2532
  {
2533
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
 
 
2534
  }
2535
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2536
  update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
@@ -2618,6 +2625,17 @@ class Miniorange_Authentication {
2618
  }
2619
  }
2620
 
 
 
 
 
 
 
 
 
 
 
 
2621
  }
2622
 
2623
  function mo_auth_deactivate() {
280
  if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
281
  $customer = new Customer_Setup();
282
 
283
+ $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
284
 
285
  update_option( 'mo2f_set_transactions', 1 );
286
  if ( ! array_key_exists( 'smsRemaining', $content ) ) {
1059
  }
1060
  }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
1061
  $customer = new Customer_Setup();
1062
+ $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
1063
  if ( ! array_key_exists( 'smsRemaining', $content ) ) {
1064
  $smsRemaining = 0;
1065
  } else {
1863
  $this->mo_auth_show_error_message();
1864
  return;
1865
  }
 
 
 
 
 
1866
 
1867
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
1868
  $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
1869
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
1870
  $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
1871
  $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
1872
  $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
1873
 
1874
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
1875
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
1876
+ $this->mo_auth_show_error_message();
1877
+ return;
1878
+ }
1879
+
1880
  if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
1881
  update_option( 'mo2f_message', 'The questions you select must be unique.' );
1882
  $this->mo_auth_show_error_message();
2037
  update_option( 'mo2f_transactionId', $content['txId'] );
2038
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2039
  update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2040
+ $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
2041
+ if($mo2f_sms>0)
2042
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
2043
  $this->mo_auth_show_success_message();
2044
  } else {
2045
  update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
2312
  $response['status'] = 'FAILED';
2313
  if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0) {
2314
  $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2315
+ if($cmVtYWluaW5nT1RQ>0)
2316
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2317
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2318
  update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2530
  if($selected_2FA_method == 'OTP Over Email')
2531
  {
2532
  $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2533
+ if($cmVtYWluaW5nT1RQ>0)
2534
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2535
  }
2536
  else if($selected_2FA_method == 'OTP Over SMS')
2537
  {
2538
+ $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
2539
+ if($mo2f_sms>0)
2540
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
2541
  }
2542
  update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2543
  update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2625
  }
2626
  }
2627
 
2628
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_2factor_generate_backup_codes' ) {
2629
+ $nonce = sanitize_text_field($_POST['mo_2factor_generate_backup_codes_nonce']);
2630
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-generate-backup-codes-nonce' ) ) {
2631
+ $error = new WP_Error();
2632
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
2633
+ return $error;
2634
+ }else {
2635
+ MO2f_Utility::mo2f_mail_and_download_codes();
2636
+ }
2637
+ }
2638
+
2639
  }
2640
 
2641
  function mo_auth_deactivate() {
handler/twofa/two_fa_short_call.php CHANGED
@@ -1,44 +1,44 @@
1
- <?php
2
-
3
- include_once('two_fa_short_gateway.php');
4
-
5
- class TwoFACustomRegFormAPI
6
- {
7
- public function __construct()
8
- {
9
-
10
- }
11
-
12
- public static function challenge($phone_number,$email,$authTypeSend)
13
- {
14
-
15
-
16
- if($authTypeSend == 'email')
17
- {
18
- $auierpyasdcRy = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
19
- $cmVtYWluaW5nT1RQ = $auierpyasdcRy? $auierpyasdcRy : 0;
20
-
21
- if($cmVtYWluaW5nT1RQ > 0)
22
- {
23
- $response = TwoFAMOGateway:: mo_send_otp_token('EMAIL', '', $email);
24
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
25
- }
26
- else
27
- {
28
- $response = ['status'=>'ERROR','message'=>'Email Transaction Limit Exceeded'];
29
- wp_send_json($response);
30
- }
31
- }
32
- else
33
- {
34
- $response = TwoFAMOGateway:: mo_send_otp_token('SMS', $phone_number, $email);
35
- }
36
- wp_send_json($response);
37
-
38
- }
39
-
40
- public static function validate($txId, $otp)
41
- {
42
- wp_send_json(TwoFAMOGateway :: mo_validate_otp_token('OTP',$txId, $otp));
43
- }
44
  }
1
+ <?php
2
+
3
+ include_once('two_fa_short_gateway.php');
4
+
5
+ class TwoFACustomRegFormAPI
6
+ {
7
+ public function __construct()
8
+ {
9
+
10
+ }
11
+
12
+ public static function challenge($phone_number,$email,$authTypeSend)
13
+ {
14
+
15
+
16
+ if($authTypeSend == 'email')
17
+ {
18
+ $auierpyasdcRy = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
19
+ $cmVtYWluaW5nT1RQ = $auierpyasdcRy? $auierpyasdcRy : 0;
20
+
21
+ if($cmVtYWluaW5nT1RQ > 0)
22
+ {
23
+ $response = TwoFAMOGateway:: mo_send_otp_token('EMAIL', '', $email);
24
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
25
+ }
26
+ else
27
+ {
28
+ $response = ['status'=>'ERROR','message'=>'Email Transaction Limit Exceeded'];
29
+ wp_send_json($response);
30
+ }
31
+ }
32
+ else
33
+ {
34
+ $response = TwoFAMOGateway:: mo_send_otp_token('SMS', $phone_number, $email);
35
+ }
36
+ wp_send_json($response);
37
+
38
+ }
39
+
40
+ public static function validate($txId, $otp)
41
+ {
42
+ wp_send_json(TwoFAMOGateway :: mo_validate_otp_token('OTP',$txId, $otp));
43
+ }
44
  }
handler/twofa/two_fa_short_gateway.php CHANGED
@@ -27,13 +27,16 @@ class TwoFAMOGateway
27
  if($authType == 'EMAIL')
28
  {
29
  $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
 
30
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
31
  $content = (new Customer_Cloud_Setup)->send_otp_token($email,$authType,$customerKey,$apiKey);
32
  }
33
 
34
  else
35
  {
36
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
 
 
37
  $content = (new Customer_Cloud_Setup)->send_otp_token($phone,$authType,$customerKey,$apiKey);
38
  }
39
  return json_decode($content,TRUE);
27
  if($authType == 'EMAIL')
28
  {
29
  $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
30
+ if($cmVtYWluaW5nT1RQ>0)
31
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
32
  $content = (new Customer_Cloud_Setup)->send_otp_token($email,$authType,$customerKey,$apiKey);
33
  }
34
 
35
  else
36
  {
37
+ $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
38
+ if($mo2f_sms>0)
39
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
40
  $content = (new Customer_Cloud_Setup)->send_otp_token($phone,$authType,$customerKey,$apiKey);
41
  }
42
  return json_decode($content,TRUE);
handler/twofa/two_fa_utility.php CHANGED
@@ -561,6 +561,130 @@ class MO2f_Utility {
561
  }
562
  }
563
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
564
 
565
  }
566
 
561
  }
562
  }
563
 
564
+ public static function get_codes_email_content($codes){
565
+ $message = '<table cellpadding="25" style="margin:0px auto">
566
+ <tbody>
567
+ <tr>
568
+ <td>
569
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
570
+ <tbody>
571
+ <tr>
572
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
573
+ </tr>
574
+ </tbody>
575
+ </table>
576
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
577
+ <tbody>
578
+ <tr>
579
+ <td>
580
+ <p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
581
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction from <b>WordPress 2 Factor Authentication Plugin</b>:</p>
582
+ <p style="margin-top:0;margin-bottom:10px">Your backup codes are:-
583
+ <table cellspacing="10">
584
+ <tr><td>'.$codes[0].'</td><td>'.$codes[1].'</td><td>'.$codes[2].'</td><td>'.$codes[3].'</td><td>'.$codes[4].'</td>
585
+ </table></p>
586
+ <p style="margin-top:0;margin-bottom:10px">Please use this carefully as each code can only be used once. Please do not share these codes with anyone.</p>
587
+ <p style="margin-top:0;margin-bottom:10px">Also, we would highly recommend you to reconfigure your two-factor after logging in.</p>
588
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
589
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
590
+ </div></div></td>
591
+ </tr>
592
+ </tbody>
593
+ </table>
594
+ </td>
595
+ </tr>
596
+ </tbody>
597
+ </table>';
598
+ return $message;
599
+ }
600
+
601
+ public static function get_codes_warning_email_content($codes_remaining){
602
+ $message = '<table cellpadding="25" style="margin:0px auto">
603
+ <tbody>
604
+ <tr>
605
+ <td>
606
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
607
+ <tbody>
608
+ <tr>
609
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
610
+ </tr>
611
+ </tbody>
612
+ </table>
613
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
614
+ <tbody>
615
+ <tr>
616
+ <td>
617
+ <p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
618
+ <p style="margin-top:0;margin-bottom:10px">You have '.$codes_remaining.' backup codes remaining. Kindly reconfigure your two-factor to avoid being locked out.</b></p>
619
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
620
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
621
+ </div></div></td>
622
+ </tr>
623
+ </tbody>
624
+ </table>
625
+ </td>
626
+ </tr>
627
+ </tbody>
628
+ </table>';
629
+ return $message;
630
+ }
631
+
632
+ public static function mo_2f_generate_backup_codes(){
633
+ $codes=array();
634
+ for ($x = 0; $x < 5; $x++) {
635
+ $str = MO2f_Utility::random_str(10);
636
+ array_push($codes,$str);
637
+ }
638
+ return $codes;
639
+ }
640
+
641
+ public static function mo2f_get_codes_hash($codes){
642
+ $codes_hash=array();
643
+ for ($x = 0; $x < 5; $x++) {
644
+ $str = $codes[$x];
645
+ array_push($codes_hash,md5($str));
646
+ }
647
+ return $codes_hash;
648
+ }
649
+
650
+ public static function mo2f_email_backup_codes($codes, $mo2f_user_email){
651
+ $subject = '2-Factor Authentication(Backup Codes)';
652
+ $headers = array('Content-Type: text/html; charset=UTF-8');
653
+ $message = MO2f_Utility::get_codes_email_content($codes);
654
+ $result = wp_mail($mo2f_user_email,$subject,$message,$headers);
655
+ return $result;
656
+ }
657
+
658
+ public static function mo2f_download_backup_codes($id, $codes){
659
+ update_user_meta($id, 'mo_backup_code_downloaded', 1);
660
+ header('Content-Disposition: attachment; filename=miniOrange2-factor-BackupCodes.txt');
661
+ echo "Two Factor Backup Codes:".PHP_EOL.PHP_EOL;
662
+ echo "These are the codes which can be used incase you lose your phone or cannot access your email. Please reconfigure you authentication method after login.".PHP_EOL."Please use this carefully as each code can only be used once. Please do not share these codes with anyone.".PHP_EOL.PHP_EOL;
663
+ for ($x = 0; $x < 5; $x++){
664
+ $str1= $codes[$x];
665
+ echo(($x+1).". ".$str1." ");
666
+ }
667
+
668
+ exit;
669
+ }
670
+
671
+ public static function mo2f_mail_and_download_codes(){
672
+ global $Mo2fdbQueries;
673
+ $codes=MO2f_Utility::mo_2f_generate_backup_codes();
674
+ $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
675
+ $id = get_current_user_id();
676
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
677
+ if(empty($mo2f_user_email)){
678
+ $currentuser = get_user_by( 'id', $id );
679
+ $mo2f_user_email = $currentuser->user_email;
680
+ }
681
+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
682
+ update_user_meta($id, 'mo_backup_code_generated', 1);
683
+ update_user_meta($id, 'mo_backup_code_downloaded', 1);
684
+ update_user_meta($id,'mo2f_backup_codes', $codes_hash);
685
+ MO2f_Utility::mo2f_download_backup_codes($id, $codes);
686
+ }
687
+
688
 
689
  }
690
 
helper/constants.php CHANGED
@@ -11,7 +11,7 @@
11
  const ERR_403 = "403";
12
  const DEFAULT_CUSTOMER_KEY = "16555";
13
  const DEFAULT_API_KEY = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
14
- const DB_VERSION = 150;
15
  const SUPPORT_EMAIL = 'info@xecurify.com';
16
  const IP_LOOKUP_TEMPLATE = '<span style="font-size:14px;font-weight:bold">GENERAL INFORMATION</span><table style="margin-left:2%;"><tr><td style="width:100px;">Response</td><td >:</td><td>{{status}}</td></tr><tr><td style="width:100px;">IP Address</td><td>:</td><td>{{ip}}</td></tr><tr><td>HostName</td><td>:</td><td>{{hostname}}</td></tr><tr><td>TimeZone</td><td>:</td><td>{{timezone}}</td></tr><tr><td>Time Difference</td><td>:</td><td>{{offset}}</td></tr></table><hr><span style="font-size:14px;font-weight:bold">LOCATION INFORMATION</span><table style="margin-left:2%;"><tr><td>Latitude</td><td>:</td><td>{{latitude}}</td></tr><tr><td>Longitude</td><td>:</td><td>{{longitude}}</td></tr><tr><td>Region</td><td>:</td><td>{{region}}</td></tr><tr><td>Country</td><td>:</td><td>{{country}}</td></tr><tr><td>City</td><td>:</td><td>{{city}}</td></tr><tr><td>Continent</td><td>:</td><td>{{continent}}</td></tr><tr><td>Curreny Code</td><td>:</td><td>{{curreny_code}}</td></tr><tr><td>Curreny Symbol</td><td>:</td><td>{{curreny_symbol}}</td></tr><tr><td>Per Dollar Value</td><td>:</td><td>{{per_dollar_value}}</td></tr></table>';
17
  const CURRENT_BROWSER = '<span style="font-size:10px;color:red;">( Current Browser )</span>';
11
  const ERR_403 = "403";
12
  const DEFAULT_CUSTOMER_KEY = "16555";
13
  const DEFAULT_API_KEY = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
14
+ const DB_VERSION = 151;
15
  const SUPPORT_EMAIL = 'info@xecurify.com';
16
  const IP_LOOKUP_TEMPLATE = '<span style="font-size:14px;font-weight:bold">GENERAL INFORMATION</span><table style="margin-left:2%;"><tr><td style="width:100px;">Response</td><td >:</td><td>{{status}}</td></tr><tr><td style="width:100px;">IP Address</td><td>:</td><td>{{ip}}</td></tr><tr><td>HostName</td><td>:</td><td>{{hostname}}</td></tr><tr><td>TimeZone</td><td>:</td><td>{{timezone}}</td></tr><tr><td>Time Difference</td><td>:</td><td>{{offset}}</td></tr></table><hr><span style="font-size:14px;font-weight:bold">LOCATION INFORMATION</span><table style="margin-left:2%;"><tr><td>Latitude</td><td>:</td><td>{{latitude}}</td></tr><tr><td>Longitude</td><td>:</td><td>{{longitude}}</td></tr><tr><td>Region</td><td>:</td><td>{{region}}</td></tr><tr><td>Country</td><td>:</td><td>{{country}}</td></tr><tr><td>City</td><td>:</td><td>{{city}}</td></tr><tr><td>Continent</td><td>:</td><td>{{continent}}</td></tr><tr><td>Curreny Code</td><td>:</td><td>{{curreny_code}}</td></tr><tr><td>Curreny Symbol</td><td>:</td><td>{{curreny_symbol}}</td></tr><tr><td>Per Dollar Value</td><td>:</td><td>{{per_dollar_value}}</td></tr></table>';
17
  const CURRENT_BROWSER = '<span style="font-size:10px;color:red;">( Current Browser )</span>';
helper/messages.php CHANGED
@@ -75,7 +75,8 @@
75
  const REQUIRED_FIELDS = "Please enter all the required fields";
76
  const RESET_PASS = "You password has been reset successfully and sent to your registered email. Please check your mailbox.";
77
  const TEMPLATE_SAVED = "Email template saved.";
78
- const FEEDBACK = "<div class='custom-notice notice notice-warning feedback-notice'><p><p class='notice-message'>Looking for a feature? Help us make the plugin better. Send us your feedback using the Support Form below.</p><button class='feedback notice-button'><i>Dismiss</i></button></p></div>";
 
79
  const WHITELIST_SELF = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>It looks like you have not whitelisted your IP. Whitelist your IP as you can get blocked from your site.</p><button class='whitelist_self notice-button'><i>WhiteList</i></button></p></div>";
80
 
81
  const CLOUD2FA_SINGLEUSER = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>The current solution is cloud which supports 2-factor for only one user. Either upgrade your plan or contact your administrator.</p></p></div>";
@@ -123,15 +124,31 @@
123
  const REPORT_DISABLE = 'Login and error reports are disabled.';
124
  const NOTIF_ENABLE = 'Notification options are available. Configure it in the Notification tab.';
125
  const NOTIF_DISABLE = 'Notifications are disabled.';
126
- const NEW_PLUGIN_THEME_CHECK = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>We detected a change in plugins/themes folder. Kindly scan for better security.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
127
- const INFECTED_FILE = "<div class='custom-notice notice notice-warning file_infected-notice'><p><p class='notice-message'>Your last scan found infections/warnings on your website. Kindly fix them to avoid any threats.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='infected_file_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='infected_file_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
128
- const WEEKLY_SCAN_CHECK = "<div class='custom-notice notice notice-warning weekly_notice-notice'><p><p class='notice-message'>You last scanned your website a week ago. Scan now to imrove security.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='weekly_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='weekly_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
 
 
 
 
 
 
 
129
 
130
  const LOW_SMS_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few SMS transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
131
 
132
  const LOW_EMAIL_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few Email transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
133
 
134
 
 
 
 
 
 
 
 
 
 
135
  public static function showMessage($message , $data=array())
136
  {
137
  $message = constant( "self::".$message );
75
  const REQUIRED_FIELDS = "Please enter all the required fields";
76
  const RESET_PASS = "You password has been reset successfully and sent to your registered email. Please check your mailbox.";
77
  const TEMPLATE_SAVED = "Email template saved.";
78
+ const GET_BACKUP_CODES = "<div class='custom-notice notice notice-warning backupcodes-notice'><p><p class='notice-message'><b>Please download backup codes using the 'Get backup codes' button to avoid getting locked out. Backup codes will be emailed as well as downloaded.</b></p><button class='backup_codes_dismiss notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
79
+
80
  const WHITELIST_SELF = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>It looks like you have not whitelisted your IP. Whitelist your IP as you can get blocked from your site.</p><button class='whitelist_self notice-button'><i>WhiteList</i></button></p></div>";
81
 
82
  const CLOUD2FA_SINGLEUSER = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>The current solution is cloud which supports 2-factor for only one user. Either upgrade your plan or contact your administrator.</p></p></div>";
124
  const REPORT_DISABLE = 'Login and error reports are disabled.';
125
  const NOTIF_ENABLE = 'Notification options are available. Configure it in the Notification tab.';
126
  const NOTIF_DISABLE = 'Notifications are disabled.';
127
+
128
+ const NEW_PLUGIN_THEME_CHECK = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>We detected a change in plugins/themes folder. Kindly scan for better security.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
129
+
130
+ const CREATE_BACKUP = "<div class='custom-notice notice notice-warning create_backup-notice'><p><p class='notice-message'>It looks like you have not created a single backup of your website. Make the backup and secure your site.</p><a class='notice-button' href='admin.php?page=mo_2fa_backup' style='margin-right: 15px;'>Take Backup</a><button class='dismiss_website_backup_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
131
+
132
+ const BRUTE_FORCE_NOTICE = "<div class='custom-notice notice notice-warning brute_force-notice'><p><p class='notice-message'>It looks like your login protection is too weak. Enable brute force feature and safe your website from brute force attacker</p><a class='notice-button' href='admin.php?page=mo_2fa_login_and_spam' style='margin-right: 15px;'>Brute Force</a><button class='dismiss_brute_force_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
133
+
134
+ const GOOGLE_RECAPTCHA_NOTICE = "<div class='custom-notice notice notice-warning google_recaptcha-notice'><p><p class='notice-message'>It looks like your login protection is too weak. Enable Google reCAPTCHA and increase your website login security</p><a class='notice-button' href='admin.php?page=mo_2fa_login_and_spam' style='margin-right: 15px;'>Google_reCAPTCHA</a><button class='dismiss_google_recaptcha_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
135
+
136
+ const WAF_NOTICE = "<div class='custom-notice notice notice-warning firewall-notice'><p><p class='notice-message'>Your website is on risk. Turn on firewall and make secure your website from crawler</p><a class='notice-button' href='admin.php?page=mo_2fa_waf' style='margin-right: 15px;'>Firewall</a><button class='dismiss_firewall_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
137
 
138
  const LOW_SMS_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few SMS transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
139
 
140
  const LOW_EMAIL_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few Email transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
141
 
142
 
143
+
144
+
145
+ public static $notification_array = array('malware_notification_option' => MoWpnsMessages::NEW_PLUGIN_THEME_CHECK ,
146
+ 'backup_notification_option' => MoWpnsMessages::CREATE_BACKUP,
147
+ 'bruteforce_notification_option' => MoWpnsMessages::BRUTE_FORCE_NOTICE,
148
+ 'recaptcha_notification_option' => MoWpnsMessages::GOOGLE_RECAPTCHA_NOTICE,
149
+ 'waf_notification_option' => MoWpnsMessages::WAF_NOTICE
150
+ );
151
+
152
  public static function showMessage($message , $data=array())
153
  {
154
  $message = constant( "self::".$message );
helper/plugins.php CHANGED
@@ -1,103 +1,103 @@
1
- <?php
2
-
3
- class FeaturePluginInterface
4
- {
5
- function __construct()
6
- {
7
- if ( ! function_exists( 'get_plugins' ) )
8
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
9
- }
10
- }
11
-
12
-
13
- class TwoFAPlugin extends FeaturePluginInterface
14
- {
15
-
16
- function getstatus()
17
- {
18
- $all_plugins = get_plugins();
19
- $status = 'NOT_INSTALLED';
20
- if(isset($all_plugins[MoWpnsConstants::TWO_FACTOR_SETTINGS]))
21
- $status = is_plugin_active(MoWpnsConstants::TWO_FACTOR_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
22
- return $status;
23
- }
24
-
25
-
26
- function updatePluginConfiguration()
27
- {
28
- if(!get_option('mo_wpns_enable_2fa'))
29
- return;
30
-
31
- if(!get_option( 'mo2f_customerKey') || !get_option( 'mo2f_api_key') || !get_option( 'mo2f_customer_token') || !get_option( 'mo2f_app_secret'))
32
- {
33
- global $mo2f_dirName;
34
- $current_user = wp_get_current_user();
35
- $mo2fa = new Two_Factor_Setup();
36
- update_option( 'mo2f_email' ,get_option( 'mo2f_email'));
37
- update_option( 'mo2f_host_name' ,MoWpnsConstants::HOST_NAME);
38
- update_option( 'mo2f_phone' ,get_option( 'mo_wpns_admin_phone'));
39
- update_option( 'mo2f_customerKey' ,get_option( 'mo2f_customerKey'));
40
- update_option( 'mo2f_api_key' ,get_option( 'mo2f_api_key'));
41
- update_option( 'mo2f_customer_token' ,get_option( 'mo2f_customer_token'));
42
- update_option( 'mo2f_app_secret' ,get_option( 'mo2f_app_secret'));
43
- update_option( 'mo2f_miniorange_admin' ,$current_user->ID);
44
- update_option( 'mo2f_new_customer' ,true);
45
-
46
- update_option( 'mo_2factor_admin_registration_status','MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS');
47
- update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
48
- update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',get_option( 'mo2f_email'));
49
- update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
50
- $mo2fa->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,'API_2FA',true);
51
- update_user_meta($current_user->ID,'mo2f_email_verification_status',true);
52
- }
53
- }
54
- }
55
-
56
-
57
- class OTPPlugin extends FeaturePluginInterface
58
- {
59
- function getstatus()
60
- {
61
- $all_plugins = get_plugins();
62
- $status = 'NOT_INSTALLED';
63
- if(isset($all_plugins[MoWpnsConstants::OTP_VERIFICATION_SETTINGS]))
64
- $status = is_plugin_active(MoWpnsConstants::OTP_VERIFICATION_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
65
- return $status;
66
- }
67
-
68
- function updatePluginConfiguration()
69
- {
70
- if(!get_option('mo_wpns_enable_advanced_user_verification'))
71
- return;
72
-
73
- if(!get_option( 'mo_customer_validation_admin_email') || !get_option( 'mo_customer_validation_admin_customer_key') || !get_option( 'mo_customer_validation_admin_api_key') || !get_option( 'mo_customer_validation_customer_token'))
74
- {
75
- update_option( 'mo_customer_validation_wp_default_enable' ,1);
76
- update_option( 'mo_customer_validation_admin_email' ,get_option( 'mo2f_email'));
77
- update_option( 'mo_customer_validation_admin_phone' ,get_option( 'mo_wpns_admin_phone'));
78
- update_option( 'mo_customer_validation_admin_customer_key' ,get_option( 'mo2f_customerKey') );
79
- update_option( 'mo_customer_validation_admin_api_key' ,get_option( 'mo2f_api_key') );
80
- update_option( 'mo_customer_validation_customer_token' ,get_option( 'mo2f_customer_token') );
81
- update_option( 'mo_customer_validation_admin_password' ,'');
82
- update_option( 'mo_customer_validation_message' ,'Registration complete!');
83
- update_option( 'mo_customer_validation_registration_status' ,'MO_CUSTOMER_VALIDATION_REGISTRATION_COMPLETE');
84
- update_option( 'mo_customer_email_transactions_remaining' ,10);
85
- update_option( 'mo_customer_phone_transactions_remaining' ,10);
86
- update_option( 'mo_otp_plugin_version' ,1.8);
87
- }
88
- }
89
-
90
- }
91
-
92
-
93
- class SocialPlugin extends FeaturePluginInterface
94
- {
95
- function getstatus()
96
- {
97
- $all_plugins = get_plugins();
98
- $status = 'NOT_INSTALLED';
99
- if(isset($all_plugins[MoWpnsConstants::SOCIAL_LOGIN_SETTINGS]))
100
- $status = is_plugin_active(MoWpnsConstants::SOCIAL_LOGIN_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
101
- return $status;
102
- }
103
  }
1
+ <?php
2
+
3
+ class FeaturePluginInterface
4
+ {
5
+ function __construct()
6
+ {
7
+ if ( ! function_exists( 'get_plugins' ) )
8
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
9
+ }
10
+ }
11
+
12
+
13
+ class TwoFAPlugin extends FeaturePluginInterface
14
+ {
15
+
16
+ function getstatus()
17
+ {
18
+ $all_plugins = get_plugins();
19
+ $status = 'NOT_INSTALLED';
20
+ if(isset($all_plugins[MoWpnsConstants::TWO_FACTOR_SETTINGS]))
21
+ $status = is_plugin_active(MoWpnsConstants::TWO_FACTOR_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
22
+ return $status;
23
+ }
24
+
25
+
26
+ function updatePluginConfiguration()
27
+ {
28
+ if(!get_option('mo_wpns_enable_2fa'))
29
+ return;
30
+
31
+ if(!get_option( 'mo2f_customerKey') || !get_option( 'mo2f_api_key') || !get_option( 'mo2f_customer_token') || !get_option( 'mo2f_app_secret'))
32
+ {
33
+ global $mo2f_dirName;
34
+ $current_user = wp_get_current_user();
35
+ $mo2fa = new Two_Factor_Setup();
36
+ update_option( 'mo2f_email' ,get_option( 'mo2f_email'));
37
+ update_option( 'mo2f_host_name' ,MoWpnsConstants::HOST_NAME);
38
+ update_option( 'mo2f_phone' ,get_option( 'mo_wpns_admin_phone'));
39
+ update_option( 'mo2f_customerKey' ,get_option( 'mo2f_customerKey'));
40
+ update_option( 'mo2f_api_key' ,get_option( 'mo2f_api_key'));
41
+ update_option( 'mo2f_customer_token' ,get_option( 'mo2f_customer_token'));
42
+ update_option( 'mo2f_app_secret' ,get_option( 'mo2f_app_secret'));
43
+ update_option( 'mo2f_miniorange_admin' ,$current_user->ID);
44
+ update_option( 'mo2f_new_customer' ,true);
45
+
46
+ update_option( 'mo_2factor_admin_registration_status','MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS');
47
+ update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
48
+ update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',get_option( 'mo2f_email'));
49
+ update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
50
+ $mo2fa->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,'API_2FA',true);
51
+ update_user_meta($current_user->ID,'mo2f_email_verification_status',true);
52
+ }
53
+ }
54
+ }
55
+
56
+
57
+ class OTPPlugin extends FeaturePluginInterface
58
+ {
59
+ function getstatus()
60
+ {
61
+ $all_plugins = get_plugins();
62
+ $status = 'NOT_INSTALLED';
63
+ if(isset($all_plugins[MoWpnsConstants::OTP_VERIFICATION_SETTINGS]))
64
+ $status = is_plugin_active(MoWpnsConstants::OTP_VERIFICATION_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
65
+ return $status;
66
+ }
67
+
68
+ function updatePluginConfiguration()
69
+ {
70
+ if(!get_option('mo_wpns_enable_advanced_user_verification'))
71
+ return;
72
+
73
+ if(!get_option( 'mo_customer_validation_admin_email') || !get_option( 'mo_customer_validation_admin_customer_key') || !get_option( 'mo_customer_validation_admin_api_key') || !get_option( 'mo_customer_validation_customer_token'))
74
+ {
75
+ update_option( 'mo_customer_validation_wp_default_enable' ,1);
76
+ update_option( 'mo_customer_validation_admin_email' ,get_option( 'mo2f_email'));
77
+ update_option( 'mo_customer_validation_admin_phone' ,get_option( 'mo_wpns_admin_phone'));
78
+ update_option( 'mo_customer_validation_admin_customer_key' ,get_option( 'mo2f_customerKey') );
79
+ update_option( 'mo_customer_validation_admin_api_key' ,get_option( 'mo2f_api_key') );
80
+ update_option( 'mo_customer_validation_customer_token' ,get_option( 'mo2f_customer_token') );
81
+ update_option( 'mo_customer_validation_admin_password' ,'');
82
+ update_option( 'mo_customer_validation_message' ,'Registration complete!');
83
+ update_option( 'mo_customer_validation_registration_status' ,'MO_CUSTOMER_VALIDATION_REGISTRATION_COMPLETE');
84
+ update_option( 'mo_customer_email_transactions_remaining' ,10);
85
+ update_option( 'mo_customer_phone_transactions_remaining' ,10);
86
+ update_option( 'mo_otp_plugin_version' ,1.8);
87
+ }
88
+ }
89
+
90
+ }
91
+
92
+
93
+ class SocialPlugin extends FeaturePluginInterface
94
+ {
95
+ function getstatus()
96
+ {
97
+ $all_plugins = get_plugins();
98
+ $status = 'NOT_INSTALLED';
99
+ if(isset($all_plugins[MoWpnsConstants::SOCIAL_LOGIN_SETTINGS]))
100
+ $status = is_plugin_active(MoWpnsConstants::SOCIAL_LOGIN_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
101
+ return $status;
102
+ }
103
  }
includes/css/jquery.dataTables.min.css CHANGED
@@ -1 +1 @@
1
- table.dataTable{width:100%;margin:0 auto;clear:both;border-collapse:separate;border-spacing:0}table.dataTable thead th,table.dataTable tfoot th{font-weight:bold}table.dataTable thead th,table.dataTable thead td{padding:10px 18px;border-bottom:1px solid #111}table.dataTable thead th:active,table.dataTable thead td:active{outline:none}table.dataTable tfoot th,table.dataTable tfoot td{padding:10px 18px 6px 18px;border-top:1px solid #111}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc{cursor:pointer;*cursor:hand}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc,table.dataTable thead .sorting_asc_disabled,table.dataTable thead .sorting_desc_disabled{background-repeat:no-repeat;background-position:center right}table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable tbody tr{background-color:#ffffff}table.dataTable tbody tr.selected{background-color:#B0BED9}table.dataTable tbody th,table.dataTable tbody td{padding:8px 10px}table.dataTable.row-border tbody th,table.dataTable.row-border tbody td,table.dataTable.display tbody th,table.dataTable.display tbody td{border-top:1px solid #ddd}table.dataTable.row-border tbody tr:first-child th,table.dataTable.row-border tbody tr:first-child td,table.dataTable.display tbody tr:first-child th,table.dataTable.display tbody tr:first-child td{border-top:none}table.dataTable.cell-border tbody th,table.dataTable.cell-border tbody td{border-top:1px solid #ddd;border-right:1px solid #ddd}table.dataTable.cell-border tbody tr th:first-child,table.dataTable.cell-border tbody tr td:first-child{border-left:1px solid #ddd}table.dataTable.cell-border tbody tr:first-child th,table.dataTable.cell-border tbody tr:first-child td{border-top:none}table.dataTable.stripe tbody tr.odd,table.dataTable.display tbody tr.odd{background-color:#f9f9f9}table.dataTable.stripe tbody tr.odd.selected,table.dataTable.display tbody tr.odd.selected{background-color:#acbad4}table.dataTable.hover tbody tr:hover,table.dataTable.display tbody tr:hover{background-color:#f6f6f6}table.dataTable.hover tbody tr:hover.selected,table.dataTable.display tbody tr:hover.selected{background-color:#aab7d1}table.dataTable.order-column tbody tr>.sorting_1,table.dataTable.order-column tbody tr>.sorting_2,table.dataTable.order-column tbody tr>.sorting_3,table.dataTable.display tbody tr>.sorting_1,table.dataTable.display tbody tr>.sorting_2,table.dataTable.display tbody tr>.sorting_3{background-color:#fafafa}table.dataTable.order-column tbody tr.selected>.sorting_1,table.dataTable.order-column tbody tr.selected>.sorting_2,table.dataTable.order-column tbody tr.selected>.sorting_3,table.dataTable.display tbody tr.selected>.sorting_1,table.dataTable.display tbody tr.selected>.sorting_2,table.dataTable.display tbody tr.selected>.sorting_3{background-color:#acbad5}table.dataTable.display tbody tr.odd>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd>.sorting_1{background-color:#f1f1f1}table.dataTable.display tbody tr.odd>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd>.sorting_2{background-color:#f3f3f3}table.dataTable.display tbody tr.odd>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd>.sorting_3{background-color:whitesmoke}table.dataTable.display tbody tr.odd.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_1{background-color:#a6b4cd}table.dataTable.display tbody tr.odd.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_2{background-color:#a8b5cf}table.dataTable.display tbody tr.odd.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_3{background-color:#a9b7d1}table.dataTable.display tbody tr.even>.sorting_1,table.dataTable.order-column.stripe tbody tr.even>.sorting_1{background-color:#fafafa}table.dataTable.display tbody tr.even>.sorting_2,table.dataTable.order-column.stripe tbody tr.even>.sorting_2{background-color:#fcfcfc}table.dataTable.display tbody tr.even>.sorting_3,table.dataTable.order-column.stripe tbody tr.even>.sorting_3{background-color:#fefefe}table.dataTable.display tbody tr.even.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_1{background-color:#acbad5}table.dataTable.display tbody tr.even.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_2{background-color:#aebcd6}table.dataTable.display tbody tr.even.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_3{background-color:#afbdd8}table.dataTable.display tbody tr:hover>.sorting_1,table.dataTable.order-column.hover tbody tr:hover>.sorting_1{background-color:#eaeaea}table.dataTable.display tbody tr:hover>.sorting_2,table.dataTable.order-column.hover tbody tr:hover>.sorting_2{background-color:#ececec}table.dataTable.display tbody tr:hover>.sorting_3,table.dataTable.order-column.hover tbody tr:hover>.sorting_3{background-color:#efefef}table.dataTable.display tbody tr:hover.selected>.sorting_1,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_1{background-color:#a2aec7}table.dataTable.display tbody tr:hover.selected>.sorting_2,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_2{background-color:#a3b0c9}table.dataTable.display tbody tr:hover.selected>.sorting_3,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_3{background-color:#a5b2cb}table.dataTable.no-footer{border-bottom:1px solid #111}table.dataTable.nowrap th,table.dataTable.nowrap td{white-space:nowrap}table.dataTable.compact thead th,table.dataTable.compact thead td{padding:4px 17px 4px 4px}table.dataTable.compact tfoot th,table.dataTable.compact tfoot td{padding:4px}table.dataTable.compact tbody th,table.dataTable.compact tbody td{padding:4px}table.dataTable th.dt-left,table.dataTable td.dt-left{text-align:left}table.dataTable th.dt-center,table.dataTable td.dt-center,table.dataTable td.dataTables_empty{text-align:center}table.dataTable th.dt-right,table.dataTable td.dt-right{text-align:right}table.dataTable th.dt-justify,table.dataTable td.dt-justify{text-align:justify}table.dataTable th.dt-nowrap,table.dataTable td.dt-nowrap{white-space:nowrap}table.dataTable thead th.dt-head-left,table.dataTable thead td.dt-head-left,table.dataTable tfoot th.dt-head-left,table.dataTable tfoot td.dt-head-left{text-align:left}table.dataTable thead th.dt-head-center,table.dataTable thead td.dt-head-center,table.dataTable tfoot th.dt-head-center,table.dataTable tfoot td.dt-head-center{text-align:center}table.dataTable thead th.dt-head-right,table.dataTable thead td.dt-head-right,table.dataTable tfoot th.dt-head-right,table.dataTable tfoot td.dt-head-right{text-align:right}table.dataTable thead th.dt-head-justify,table.dataTable thead td.dt-head-justify,table.dataTable tfoot th.dt-head-justify,table.dataTable tfoot td.dt-head-justify{text-align:justify}table.dataTable thead th.dt-head-nowrap,table.dataTable thead td.dt-head-nowrap,table.dataTable tfoot th.dt-head-nowrap,table.dataTable tfoot td.dt-head-nowrap{white-space:nowrap}table.dataTable tbody th.dt-body-left,table.dataTable tbody td.dt-body-left{text-align:left}table.dataTable tbody th.dt-body-center,table.dataTable tbody td.dt-body-center{text-align:center}table.dataTable tbody th.dt-body-right,table.dataTable tbody td.dt-body-right{text-align:right}table.dataTable tbody th.dt-body-justify,table.dataTable tbody td.dt-body-justify{text-align:justify}table.dataTable tbody th.dt-body-nowrap,table.dataTable tbody td.dt-body-nowrap{white-space:nowrap}table.dataTable,table.dataTable th,table.dataTable td{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}.dataTables_wrapper{position:relative;clear:both;*zoom:1;zoom:1}.dataTables_wrapper .dataTables_length{float:left}.dataTables_wrapper .dataTables_filter{float:right;text-align:right}.dataTables_wrapper .dataTables_filter input{margin-left:0.5em}.dataTables_wrapper .dataTables_info{clear:both;float:left;padding-top:0.755em}.dataTables_wrapper .dataTables_paginate{float:right;text-align:right;padding-top:0.25em}.dataTables_wrapper .dataTables_paginate .paginate_button{box-sizing:border-box;display:inline-block;min-width:1.5em;padding:0.5em 1em;margin-left:2px;text-align:center;text-decoration:none !important;cursor:pointer;*cursor:hand;color:#333 !important;border:1px solid transparent;border-radius:2px}.dataTables_wrapper .dataTables_paginate .paginate_button.current,.dataTables_wrapper .dataTables_paginate .paginate_button.current:hover{color:#333 !important;border:1px solid #979797;background-color:white;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #fff), color-stop(100%, #dcdcdc));background:-webkit-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-moz-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-ms-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-o-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:linear-gradient(to bottom, #fff 0%, #dcdcdc 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button.disabled,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:hover,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:active{cursor:default;color:#666 !important;border:1px solid transparent;background:transparent;box-shadow:none}.dataTables_wrapper .dataTables_paginate .paginate_button:hover{color:white !important;border:1px solid #111;background-color:#585858;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #585858), color-stop(100%, #111));background:-webkit-linear-gradient(top, #585858 0%, #111 100%);background:-moz-linear-gradient(top, #585858 0%, #111 100%);background:-ms-linear-gradient(top, #585858 0%, #111 100%);background:-o-linear-gradient(top, #585858 0%, #111 100%);background:linear-gradient(to bottom, #585858 0%, #111 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button:active{outline:none;background-color:#2b2b2b;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #2b2b2b), color-stop(100%, #0c0c0c));background:-webkit-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-moz-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-ms-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-o-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:linear-gradient(to bottom, #2b2b2b 0%, #0c0c0c 100%);box-shadow:inset 0 0 3px #111}.dataTables_wrapper .dataTables_paginate .ellipsis{padding:0 1em}.dataTables_wrapper .dataTables_processing{position:absolute;top:50%;left:50%;width:100%;height:40px;margin-left:-50%;margin-top:-25px;padding-top:20px;text-align:center;font-size:1.2em;background-color:white;background:-webkit-gradient(linear, left top, right top, color-stop(0%, rgba(255,255,255,0)), color-stop(25%, rgba(255,255,255,0.9)), color-stop(75%, rgba(255,255,255,0.9)), color-stop(100%, rgba(255,255,255,0)));background:-webkit-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-moz-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-ms-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-o-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:linear-gradient(to right, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%)}.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter,.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_processing,.dataTables_wrapper .dataTables_paginate{color:#333}.dataTables_wrapper .dataTables_scroll{clear:both}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody{*margin-top:-1px;-webkit-overflow-scrolling:touch}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td{vertical-align:middle}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th>div.dataTables_sizing,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td>div.dataTables_sizing{height:0;overflow:hidden;margin:0 !important;padding:0 !important}.dataTables_wrapper.no-footer .dataTables_scrollBody{border-bottom:1px solid #111}.dataTables_wrapper.no-footer div.dataTables_scrollHead table,.dataTables_wrapper.no-footer div.dataTables_scrollBody table{border-bottom:none}.dataTables_wrapper:after{visibility:hidden;display:block;content:"";clear:both;height:0}@media screen and (max-width: 767px){.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_paginate{float:none;text-align:center}.dataTables_wrapper .dataTables_paginate{margin-top:0.5em}}@media screen and (max-width: 640px){.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter{float:none;text-align:center}.dataTables_wrapper .dataTables_filter{margin-top:0.5em}}
1
+ table.dataTable{width:100%;margin:0 auto;clear:both;border-collapse:separate;border-spacing:0}table.dataTable thead th,table.dataTable tfoot th{font-weight:bold}table.dataTable thead th,table.dataTable thead td{padding:10px 18px;border-bottom:1px solid #111}table.dataTable thead th:active,table.dataTable thead td:active{outline:none}table.dataTable tfoot th,table.dataTable tfoot td{padding:10px 18px 6px 18px;border-top:1px solid #111}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc{cursor:pointer;*cursor:hand}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc,table.dataTable thead .sorting_asc_disabled,table.dataTable thead .sorting_desc_disabled{background-repeat:no-repeat;background-position:center right}table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable tbody tr{background-color:#ffffff}table.dataTable tbody tr.selected{background-color:#B0BED9}table.dataTable tbody th,table.dataTable tbody td{padding:8px 10px}table.dataTable.row-border tbody th,table.dataTable.row-border tbody td,table.dataTable.display tbody th,table.dataTable.display tbody td{border-top:1px solid #ddd}table.dataTable.row-border tbody tr:first-child th,table.dataTable.row-border tbody tr:first-child td,table.dataTable.display tbody tr:first-child th,table.dataTable.display tbody tr:first-child td{border-top:none}table.dataTable.cell-border tbody th,table.dataTable.cell-border tbody td{border-top:1px solid #ddd;border-right:1px solid #ddd}table.dataTable.cell-border tbody tr th:first-child,table.dataTable.cell-border tbody tr td:first-child{border-left:1px solid #ddd}table.dataTable.cell-border tbody tr:first-child th,table.dataTable.cell-border tbody tr:first-child td{border-top:none}table.dataTable.stripe tbody tr.odd,table.dataTable.display tbody tr.odd{background-color:#f9f9f9}table.dataTable.stripe tbody tr.odd.selected,table.dataTable.display tbody tr.odd.selected{background-color:#acbad4}table.dataTable.hover tbody tr:hover,table.dataTable.display tbody tr:hover{background-color:#f6f6f6}table.dataTable.hover tbody tr:hover.selected,table.dataTable.display tbody tr:hover.selected{background-color:#aab7d1}table.dataTable.order-column tbody tr>.sorting_1,table.dataTable.order-column tbody tr>.sorting_2,table.dataTable.order-column tbody tr>.sorting_3,table.dataTable.display tbody tr>.sorting_1,table.dataTable.display tbody tr>.sorting_2,table.dataTable.display tbody tr>.sorting_3{background-color:#fafafa}table.dataTable.order-column tbody tr.selected>.sorting_1,table.dataTable.order-column tbody tr.selected>.sorting_2,table.dataTable.order-column tbody tr.selected>.sorting_3,table.dataTable.display tbody tr.selected>.sorting_1,table.dataTable.display tbody tr.selected>.sorting_2,table.dataTable.display tbody tr.selected>.sorting_3{background-color:#acbad5}table.dataTable.display tbody tr.odd>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd>.sorting_1{background-color:#f1f1f1}table.dataTable.display tbody tr.odd>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd>.sorting_2{background-color:#f3f3f3}table.dataTable.display tbody tr.odd>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd>.sorting_3{background-color:whitesmoke}table.dataTable.display tbody tr.odd.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_1{background-color:#a6b4cd}table.dataTable.display tbody tr.odd.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_2{background-color:#a8b5cf}table.dataTable.display tbody tr.odd.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_3{background-color:#a9b7d1}table.dataTable.display tbody tr.even>.sorting_1,table.dataTable.order-column.stripe tbody tr.even>.sorting_1{background-color:#fafafa}table.dataTable.display tbody tr.even>.sorting_2,table.dataTable.order-column.stripe tbody tr.even>.sorting_2{background-color:#fcfcfc}table.dataTable.display tbody tr.even>.sorting_3,table.dataTable.order-column.stripe tbody tr.even>.sorting_3{background-color:#fefefe}table.dataTable.display tbody tr.even.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_1{background-color:#acbad5}table.dataTable.display tbody tr.even.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_2{background-color:#aebcd6}table.dataTable.display tbody tr.even.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_3{background-color:#afbdd8}table.dataTable.display tbody tr:hover>.sorting_1,table.dataTable.order-column.hover tbody tr:hover>.sorting_1{background-color:#eaeaea}table.dataTable.display tbody tr:hover>.sorting_2,table.dataTable.order-column.hover tbody tr:hover>.sorting_2{background-color:#ececec}table.dataTable.display tbody tr:hover>.sorting_3,table.dataTable.order-column.hover tbody tr:hover>.sorting_3{background-color:#efefef}table.dataTable.display tbody tr:hover.selected>.sorting_1,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_1{background-color:#a2aec7}table.dataTable.display tbody tr:hover.selected>.sorting_2,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_2{background-color:#a3b0c9}table.dataTable.display tbody tr:hover.selected>.sorting_3,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_3{background-color:#a5b2cb}table.dataTable.no-footer{border-bottom:1px solid #111}table.dataTable.nowrap th,table.dataTable.nowrap td{white-space:nowrap}table.dataTable.compact thead th,table.dataTable.compact thead td{padding:4px 17px 4px 4px}table.dataTable.compact tfoot th,table.dataTable.compact tfoot td{padding:4px}table.dataTable.compact tbody th,table.dataTable.compact tbody td{padding:4px}table.dataTable th.dt-left,table.dataTable td.dt-left{text-align:left}table.dataTable th.dt-center,table.dataTable td.dt-center,table.dataTable td.dataTables_empty{text-align:center}table.dataTable th.dt-right,table.dataTable td.dt-right{text-align:right}table.dataTable th.dt-justify,table.dataTable td.dt-justify{text-align:justify}table.dataTable th.dt-nowrap,table.dataTable td.dt-nowrap{white-space:nowrap}table.dataTable thead th.dt-head-left,table.dataTable thead td.dt-head-left,table.dataTable tfoot th.dt-head-left,table.dataTable tfoot td.dt-head-left{text-align:left}table.dataTable thead th.dt-head-center,table.dataTable thead td.dt-head-center,table.dataTable tfoot th.dt-head-center,table.dataTable tfoot td.dt-head-center{text-align:center}table.dataTable thead th.dt-head-right,table.dataTable thead td.dt-head-right,table.dataTable tfoot th.dt-head-right,table.dataTable tfoot td.dt-head-right{text-align:right}table.dataTable thead th.dt-head-justify,table.dataTable thead td.dt-head-justify,table.dataTable tfoot th.dt-head-justify,table.dataTable tfoot td.dt-head-justify{text-align:justify}table.dataTable thead th.dt-head-nowrap,table.dataTable thead td.dt-head-nowrap,table.dataTable tfoot th.dt-head-nowrap,table.dataTable tfoot td.dt-head-nowrap{white-space:nowrap}table.dataTable tbody th.dt-body-left,table.dataTable tbody td.dt-body-left{text-align:left}table.dataTable tbody th.dt-body-center,table.dataTable tbody td.dt-body-center{text-align:center}table.dataTable tbody th.dt-body-right,table.dataTable tbody td.dt-body-right{text-align:right}table.dataTable tbody th.dt-body-justify,table.dataTable tbody td.dt-body-justify{text-align:justify}table.dataTable tbody th.dt-body-nowrap,table.dataTable tbody td.dt-body-nowrap{white-space:nowrap}table.dataTable,table.dataTable th,table.dataTable td{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}.dataTables_wrapper{position:relative;clear:both;*zoom:1;zoom:1}.dataTables_wrapper .dataTables_length{float:left}.dataTables_wrapper .dataTables_filter{float:right;text-align:right}.dataTables_wrapper .dataTables_filter input{margin-left:0.5em}.dataTables_wrapper .dataTables_info{clear:both;float:left;padding-top:0.755em}.dataTables_wrapper .dataTables_paginate{float:right;text-align:right;padding-top:0.25em}.dataTables_wrapper .dataTables_paginate .paginate_button{box-sizing:border-box;display:inline-block;min-width:1.5em;padding:0.5em 1em;margin-left:2px;text-align:center;text-decoration:none !important;cursor:pointer;*cursor:hand;color:#333 !important;border:1px solid transparent;border-radius:2px}.dataTables_wrapper .dataTables_paginate .paginate_button.current,.dataTables_wrapper .dataTables_paginate .paginate_button.current:hover{color:#333 !important;border:1px solid #979797;background-color:white;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #fff), color-stop(100%, #dcdcdc));background:-webkit-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-moz-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-ms-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-o-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:linear-gradient(to bottom, #fff 0%, #dcdcdc 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button.disabled,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:hover,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:active{cursor:default;color:#666 !important;border:1px solid transparent;background:transparent;box-shadow:none}.dataTables_wrapper .dataTables_paginate .paginate_button:hover{color:white !important;border:1px solid #111;background-color:#585858;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #585858), color-stop(100%, #111));background:-webkit-linear-gradient(top, #585858 0%, #111 100%);background:-moz-linear-gradient(top, #585858 0%, #111 100%);background:-ms-linear-gradient(top, #585858 0%, #111 100%);background:-o-linear-gradient(top, #585858 0%, #111 100%);background:linear-gradient(to bottom, #585858 0%, #111 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button:active{outline:none;background-color:#2b2b2b;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #2b2b2b), color-stop(100%, #0c0c0c));background:-webkit-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-moz-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-ms-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-o-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:linear-gradient(to bottom, #2b2b2b 0%, #0c0c0c 100%);box-shadow:inset 0 0 3px #111}.dataTables_wrapper .dataTables_paginate .ellipsis{padding:0 1em}.dataTables_wrapper .dataTables_processing{position:absolute;top:50%;left:50%;width:100%;height:40px;margin-left:-50%;margin-top:-25px;padding-top:20px;text-align:center;font-size:1.2em;background-color:white;background:-webkit-gradient(linear, left top, right top, color-stop(0%, rgba(255,255,255,0)), color-stop(25%, rgba(255,255,255,0.9)), color-stop(75%, rgba(255,255,255,0.9)), color-stop(100%, rgba(255,255,255,0)));background:-webkit-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-moz-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-ms-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-o-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:linear-gradient(to right, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%)}.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter,.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_processing,.dataTables_wrapper .dataTables_paginate{color:#333}.dataTables_wrapper .dataTables_scroll{clear:both}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody{*margin-top:-1px;-webkit-overflow-scrolling:touch}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td{vertical-align:middle}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th>div.dataTables_sizing,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td>div.dataTables_sizing{height:0;overflow:hidden;margin:0 !important;padding:0 !important}.dataTables_wrapper.no-footer .dataTables_scrollBody{border-bottom:1px solid #111}.dataTables_wrapper.no-footer div.dataTables_scrollHead table,.dataTables_wrapper.no-footer div.dataTables_scrollBody table{border-bottom:none}.dataTables_wrapper:after{visibility:hidden;display:block;content:"";clear:both;height:0}@media screen and (max-width: 767px){.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_paginate{float:none;text-align:center}.dataTables_wrapper .dataTables_paginate{margin-top:0.5em}}@media screen and (max-width: 640px){.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter{float:none;text-align:center}.dataTables_wrapper .dataTables_filter{margin-top:0.5em}}
includes/css/phone.css CHANGED
@@ -21,6 +21,18 @@
21
  padding:2px;
22
  }
23
 
 
 
 
 
 
 
 
 
 
 
 
 
24
  .mo2f_send_phoneotp_button {
25
  position:absolute;
26
  right: 0px;
@@ -31,7 +43,19 @@
31
  outline:none;
32
  text-align:center;
33
  padding:2px;
34
- }
 
 
 
 
 
 
 
 
 
 
 
 
35
 
36
  .intl-number-input { position: inherit; }
37
  .intl-number-input .hide { display: none; }
21
  padding:2px;
22
  }
23
 
24
+ .mo2ftimerEmail {
25
+ position:absolute;
26
+ right: 0px;
27
+ top: 0%;
28
+ border:none;
29
+ height:100%;
30
+ width:max-content;
31
+ outline:none;
32
+ text-align:center;
33
+ padding:14px;
34
+ }
35
+
36
  .mo2f_send_phoneotp_button {
37
  position:absolute;
38
  right: 0px;
43
  outline:none;
44
  text-align:center;
45
  padding:2px;
46
+ }
47
+
48
+ .mo2ftimerSMS {
49
+ position:absolute;
50
+ right: 0px;
51
+ top: 0%;
52
+ border:none;
53
+ height:100%;
54
+ width:max-content;
55
+ outline:none;
56
+ text-align:center;
57
+ padding:14px;
58
+ }
59
 
60
  .intl-number-input { position: inherit; }
61
  .intl-number-input .hide { display: none; }
includes/css/twofa_style_settings.css CHANGED
@@ -1,975 +1,975 @@
1
- .mo2f_modal-open {
2
- overflow: hidden !important;
3
- position: fixed !important;
4
- width: 100% !important;
5
-
6
- }
7
-
8
- .mo2f_modal {
9
- position: fixed !important;
10
- top: 0;
11
- right: 0;
12
- bottom: 0;
13
- left: 0;
14
- z-index: 100000 !important;
15
-
16
- overflow: hidden !important;
17
- -webkit-overflow-scrolling: touch;
18
- outline: 0;
19
-
20
- }
21
-
22
- .mo2f_modal_inner {
23
- display: none;
24
- }
25
-
26
- .mo2f_modal.fade .mo2f_modal-dialog {
27
- -webkit-transition: -webkit-transform .3s ease-out;
28
- -o-transition: -o-transform .3s ease-out;
29
- transition: transform .3s ease-out;
30
- -webkit-transform: translate(0, -25%);
31
- -ms-transform: translate(0, -25%);
32
- -o-transform: translate(0, -25%);
33
- transform: translate(0, -25%)
34
- }
35
-
36
- .mo2f_modal.in .mo2f_modal-dialog {
37
- -webkit-transform: translate(0, 80px) !important;
38
- -ms-transform: translate(0, 80px) !important;
39
- -o-transform: translate(0, 80px) !important;
40
- transform: translate(0, 80px) !important;
41
-
42
- }
43
-
44
- .mo2f_modal-open .mo2f_modal {
45
- overflow-x: hidden;
46
- overflow-y: hidden;
47
- }
48
-
49
- .mo2f_modal-dialog {
50
- position: relative;
51
- width: auto;
52
- margin: 10px;
53
-
54
- }
55
-
56
- .login mo_customer_validation-modal-content {
57
- position: relative !important;
58
- background-color: #fff !important;
59
- -webkit-background-clip: padding-box !important;
60
- background-clip: padding-box !important;
61
- border: 1px solid #999 !important;
62
- border: 1px solid rgba(0, 0, 0, .2) !important;
63
- border-radius: 6px !important;
64
- outline: 0 !important;
65
-
66
- -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
67
- box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
68
- }
69
-
70
- .mo2f-modal-backdrop {
71
- position: absolute;
72
- top: 0;
73
- right: 0;
74
- left: 0;
75
- background-color: #f1f1f1 !important;
76
- filter: alpha(opacity=50) !important;
77
- opacity: 0.8 !important;
78
- height: 100% !important;
79
- }
80
-
81
- #smsAlertModal {
82
- background-color: black !important;
83
- opacity: 0.8 !important;
84
- font-family: Roboto;
85
- }
86
-
87
- #twoFAtestAlertModal {
88
- background-color: black !important;
89
- opacity: 0.8 !important;
90
- filter: alpha(opacity=50) !important;
91
- }
92
-
93
- .mo2f_modal-header {
94
- min-height: 14px;
95
- padding: 10px;
96
- border-bottom: 1px solid #e5e5e5
97
- }
98
-
99
- .mo2f_modal-title {
100
- margin: 0 !important;
101
- line-height: 1.0 !important;
102
- font-size: 1rem;
103
- }
104
-
105
- .mo2f_modal-body {
106
- / / width: 96 % !important;
107
- position: relative !important;
108
- padding: 15px !important;
109
- overflow-y: auto !important;
110
- max-height: 550px !important;
111
- }
112
-
113
- .mo2f_modal-footer {
114
- padding: 15px;
115
- text-align: right;
116
- border-top: 1px solid #e5e5e5
117
- }
118
-
119
- .mo2f_modal-footer .btn + .btn {
120
- margin-bottom: 0;
121
- margin-left: 5px
122
- }
123
-
124
- .mo2f_modal-footer .btn-group .btn + .btn {
125
- margin-left: -1px
126
- }
127
-
128
- .mo2f_modal-footer .btn-block + .btn-block {
129
- margin-left: 0
130
- }
131
-
132
- .mo2f_modal-scrollbar-measure {
133
- position: absolute;
134
- top: -9999px;
135
- width: 50px;
136
- height: 50px;
137
- overflow: scroll
138
- }
139
-
140
- .mo2f_close {
141
- float: right;
142
- font-size: 21px;
143
- font-weight: 700;
144
- line-height: 1;
145
- color: #000;
146
- text-shadow: 0 1px 0 #fff;
147
- filter: alpha(opacity=20);
148
- opacity: .2
149
- }
150
-
151
- .mo2f_close:hover, .mo2f_close:focus {
152
- color: #000;
153
- text-decoration: none;
154
- cursor: pointer;
155
- filter: alpha(opacity=50);
156
- opacity: .5
157
- }
158
-
159
- button.mo2f_close {
160
- -webkit-appearance: none;
161
- padding: 0;
162
- cursor: pointer;
163
- background: 0 0;
164
- border: 0
165
- }
166
-
167
- @media ( min-width: 768px) {
168
- .mo2f_modal-dialog {
169
- width: 373px;
170
- margin: 0px auto
171
- }
172
-
173
- .login mo_customer_validation-modal-content {
174
- -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
175
- box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
176
- }
177
-
178
- .mo2f_modal-sm {
179
- width: 300px
180
- }
181
-
182
- .mo2f_modal-md {
183
- width: 550px
184
- }
185
- }
186
-
187
- @media ( min-width: 992px) {
188
- .mo2f_modal-lg {
189
- width: 900px;
190
- }
191
-
192
- .mo2f_modal-md {
193
- width: 550px
194
- }
195
- }
196
-
197
-
198
- @media ( min-width: 768px) {
199
- .mo2f_modal-dialog {
200
- width: 373px;
201
- margin: 0px auto
202
- }
203
-
204
- .login mo_customer_validation-modal-content {
205
- -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
206
- box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
207
- }
208
-
209
- .mo2f_modal-sm {
210
- width: 300px
211
- }
212
-
213
- .mo2f_modal-md {
214
- width: 550px
215
- }
216
- }
217
-
218
- @media ( min-width: 992px) {
219
- .mo2f_modal-lg {
220
- width: 900px;
221
- }
222
-
223
- .mo2f_modal-md {
224
- width: 550px
225
- }
226
- }
227
-
228
- .center{
229
-
230
- text-align: center !important;
231
- }
232
-
233
- #otpMessage {
234
- border-radius: 1px;
235
- padding: 1px 5px;
236
- background: #f1f1f1;
237
- }
238
-
239
- .mo2f_carousel-indicators {
240
- position: absolute;
241
- bottom: -20px;
242
- z-index: 15;
243
- width: 60%;
244
- list-style: none;
245
- text-align: center;
246
- }
247
-
248
- .miniorange_kba_validate:hover, .miniorange_validate_otp:hover, .miniorange_login_forgotphone:hover,
249
- .miniorange_login_offline:hover, .miniorange_login_forgotphone:hover, .miniorange_otp_token_submit:hover {
250
- background-color: #0073AA !important
251
- }
252
-
253
- .miniorange_kba_validate, .miniorange_validate_otp, .miniorange_login_forgotphone,
254
- .miniorange_login_offline, .miniorange_login_forgotphone, .miniorange_otp_token_submit {
255
- background: #00A0D2 !important;
256
- border-color: #0073AA !important;
257
- box-shadow: 0 1px 0 rgba(120, 200, 230, .5) inset, 0 1px 0 rgba(0, 0, 0, .15) !important;
258
- color: #FFF !important;
259
- text-decoration: none !important;
260
- cursor: pointer !important;
261
- border-width: 1px !important;
262
- border-style: solid !important;
263
- border-radius: 3px !important;
264
- white-space: nowrap !important;
265
- box-sizing: border-box !important;
266
- line-height: 28px !important;
267
- padding: 0 12px !important;
268
- font-size: 13px !important
269
- }
270
-
271
- .mo_customer_validation-modal.fade .mo_customer_validation-modal-dialog {
272
- -webkit-transition: -webkit-transform .3s ease-out;
273
- -o-transition: -o-transform .3s ease-out;
274
- transition: transform .3s ease-out;
275
- -webkit-transform: translate(0, -25%);
276
- -ms-transform: translate(0, -25%);
277
- -o-transform: translate(0, -25%);
278
- transform: translate(0, -25%)
279
- }
280
-
281
- .mo_customer_validation-modal.in .mo_customer_validation-modal-dialog {
282
- -webkit-transform: translate(0, 80px) !important;
283
- -ms-transform: translate(0, 80px) !important;
284
- -o-transform: translate(0, 80px) !important;
285
- transform: translate(0, 80px) !important
286
- }
287
-
288
- .mo_customer_validation-modal-open .mo_customer_validation-modal {
289
- overflow-x: hidden;
290
- overflow-y: hidden
291
- }
292
-
293
- .mo_customer_validation-modal-dialog {
294
- position: relative;
295
- width: auto;
296
- margin: 10px
297
- }
298
-
299
- .mo_customer_validation-modal-content {
300
- position: relative;
301
- -webkit-background-clip: padding-box;
302
- border: 1px solid #999;
303
- border: 1px solid rgba(0, 0, 0, .2);
304
- outline: 0;
305
- margin-top: 8%;
306
- margin-left: 0;
307
- padding: 15px 20px 0;
308
- font-family: "Open Sans", sans-serif;
309
- font-size: 14px;
310
- line-height: 1.4em;
311
- background: #FFF;
312
- box-shadow: 0 1px 3px rgba(0, 0, 0, .13)
313
- }
314
-
315
- .mo_customer_validation-modal-backdrop {
316
- position: absolute;
317
- top: 0;
318
- right: 0;
319
- left: 0;
320
- background-color: #000 !important;
321
- filter: alpha(opacity=50) !important;
322
- opacity: .9 !important;
323
- height: 100% !important
324
- }
325
-
326
- .mo_customer_validation-modal-header {
327
- min-height: 14px;
328
- padding: 10px 10px 20px;
329
- border-bottom: 1px solid #e5e5e5
330
- }
331
-
332
- .mo_customer_validation-modal-title {
333
- margin: 0 !important;
334
- line-height: 1 !important
335
- }
336
-
337
- .mo_customer_validation-modal-body {
338
- position: relative;
339
- padding: 5%;
340
- overflow: hidden !important;
341
- max-height: 550px !important
342
- }
343
-
344
- .mo_customer_validation-modal-footer {
345
- padding: 15px;
346
- text-align: right;
347
- border-top: 1px solid #e5e5e5
348
- }
349
-
350
- .mo_customer_validation-modal-footer .btn + .btn {
351
- margin-bottom: 0;
352
- margin-left: 5px
353
- }
354
-
355
- .mo_customer_validation-modal-footer .btn-group .btn + .btn {
356
- margin-left: -1px
357
- }
358
-
359
- .mo_customer_validation-modal-footer .btn-block + .btn-block {
360
- margin-left: 0
361
- }
362
-
363
- .mo_customer_validation-modal-scrollbar-measure {
364
- position: absolute;
365
- top: -9999px;
366
- width: 50px;
367
- height: 50px;
368
- overflow: scroll
369
- }
370
-
371
- @media (min-width: 768px) {
372
- .mo_customer_validation-modal-dialog {
373
- width: auto;
374
- margin: 0 auto
375
- }
376
-
377
- .mo_customer_validation-modal-content {
378
- -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
379
- box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
380
- }
381
-
382
- .mo_customer_validation-modal-sm {
383
- width: 300px
384
- }
385
-
386
- .mo_customer_validation-modal-md {
387
- width: 532px
388
- }
389
-
390
- .mo_customer_validation-modal-lg {
391
- width: 50%
392
- }
393
- }
394
-
395
- @media (min-width: 992px) {
396
- .mo_customer_validation-modal-dialog {
397
- width: auto;
398
- margin: 0 auto
399
- }
400
-
401
- .mo_customer_validation-modal-lg {
402
- width: 490px
403
- }
404
-
405
- .mo_customer_validation-modal-md {
406
- width: 532px
407
- }
408
- }
409
-
410
- .mo_customer_validation-textbox {
411
- background: #FBFBFB;
412
- font-family: "Open Sans", sans-serif;
413
- font-size: 24px;
414
- width: 100%;
415
- border: 1px solid #DDD;
416
- padding: 3px;
417
- margin: 2px 6px 16px 0
418
- }
419
-
420
- .mo_customer_validation-textbox:focus {
421
- border-color: #5B9DD9;
422
- box-shadow: 0 0 2px rgba(30, 140, 190, .8)
423
-
424
- }
425
-
426
-
427
-
428
- /*Hode login*/
429
-
430
- body.login-action-login div#login {
431
- display: none;
432
- }
433
-
434
- body.login-action-login div#login form#loginform input#user_login {
435
- display: none;
436
- }
437
-
438
- body.login-action-login div#login form#loginform p.forgetmenot {
439
- display: none;
440
- }
441
-
442
- body.login-action-login div#login form#loginform p.submit input#wp-submit {
443
- display: none;
444
- }
445
-
446
- body.login-action-login div#login form#loginform p label {
447
- display: none;
448
- }
449
-
450
- body.login-action-login div#login p#nav {
451
- display: none;
452
- }
453
-
454
- body.login-action-login div#login form#loginform input#user_pass {
455
- display: none;
456
- }
457
-
458
- body.login-action-login div#login div#login_error {
459
- display: none;
460
- }
461
-
462
- body.login-action-login p.message {
463
- display: none;
464
- }
465
-
466
- body.login-action-login div#login #loginform {
467
- box-shadow: inherit;
468
- }
469
-
470
- body.login-action-login div#login div#login_error1 {
471
- border-left: 4px solid #dd3d36;
472
- margin-left: 0;
473
- padding: 12px;
474
- background: #fff;
475
- -webkit-box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
476
- box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
477
- }
478
-
479
- .mo2f_header {
480
- font-size: 28px;
481
- font-family: -webkit-body;
482
- color: #777;
483
- }
484
-
485
- .mo2f_powered_by_miniorange {
486
- width: 100px;
487
- height: 25px;
488
- -webkit-background-size: 100px 25px;
489
- background-size: 100px 25px;
490
- background-repeat: no-repeat;
491
- display: inline-block;
492
- vertical-align: middle;
493
- }
494
-
495
- .mo2f_powered_by_div {
496
- text-align: right;
497
- font-size: 9px;
498
- padding-right: 2%;
499
- background-color: #FFFFFF;
500
- }
501
-
502
- .button-green {
503
- color: rgb(0, 160, 210);
504
- background: none !important;
505
- border: none;
506
- padding: 0 !important;
507
- font: inherit;
508
- border-color: transparent !important;
509
- /*border is optional*/
510
- border-bottom: 1px solid #444;
511
- cursor: pointer;
512
- }
513
-
514
- .mo2fa_display_message {
515
- padding: 12px;
516
- border-left: 4px solid #00a0d2;
517
- background-color: #fff;
518
- -webkit-box-shadow: 0 1px 1px 0 rgba(0, 0, 0, .1);
519
- box-shadow: 0 1px 1px 0 rgba(0, 0, 0, .1);
520
-
521
- }
522
-
523
- .mo2fa_messages_container {
524
- width: 300px;
525
- }
526
-
527
- .mo2fa_otp_messages_container {
528
- width: 400px;
529
- }
530
-
531
- .mo2fa_push_messages_container {
532
- width: 300px;
533
- }
534
-
535
- .miniorange_mobile_auth, .miniorange_app_setup_page {
536
- border: 1px none transparent;
537
- padding: 10% 24px 10px 20px;
538
- min-height: 360px;
539
- background: transparent;
540
- z-index: 99999;
541
- }
542
-
543
- .mo2f-textbox {
544
- width: 160px;
545
- margin: 15px 0px !important;
546
- background-color: rgba(123, 110, 110, 0.06) !important;
547
- border-radius: 4px !important;
548
- padding: 3px !important;
549
- }
550
-
551
- .miniorange_kba_page {
552
- border: 1px none transparent;
553
- padding: 10% 24px 10px 20px;
554
- min-height: 360px;
555
- background: transparent;
556
- z-index: 99999;
557
-
558
- }
559
-
560
- .miniorange_push_oobemail_auth, .miniorange_trust_device {
561
- border: 1px none transparent;
562
- padding: 10% 24px 10px 20px;
563
- min-height: 360px;
564
- background: transparent;
565
- z-index: 99999;
566
- }
567
-
568
- .miniorange_soft_auth {
569
- border: 1px none transparent;
570
- padding: 10% 24px 10px 20px;
571
- min-height: 360px;
572
- background: transparent;
573
- z-index: 99999;
574
- }
575
-
576
- .miniorange-inner-login-container {
577
- background-color: #fff;
578
- margin: 0px auto !important;
579
- width: 400px;
580
- border-radius: 5px;
581
- border: 1px solid rgba(128, 128, 128, 0.06);
582
- }
583
-
584
- .miniorange-inner-kba-login-container {
585
- background-color: #fff;
586
- margin: 0px auto !important;
587
- width: 500px;
588
- border-radius: 5px;
589
- z-index: 99999;
590
- border: 1px solid rgba(128, 128, 128, 0.06);
591
- }
592
-
593
- .miniorange-inner-push-login-container {
594
- background-color: #fff;
595
- margin: 0px auto !important;
596
- width: 300px;
597
- border-radius: 5px;
598
-
599
- z-index: 99999;
600
- border: 1px solid rgba(128, 128, 128, 0.06);
601
- }
602
-
603
- .miniorange-button {
604
- height: 30px;
605
- display: inline-block;
606
- font-size: 14px;
607
- line-height: 28px;
608
- padding: 0 12px 2px;
609
- border-width: 1px;
610
- vertical-align: baseline;
611
- background: #00a0d2;
612
- border-style: solid;
613
- border-color: #0073aa;
614
- -webkit-appearance: none;
615
- -webkit-border-radius: 3px;
616
- border-radius: 3px;
617
- white-space: nowrap;
618
- -webkit-box-sizing: border-box;
619
- -moz-box-sizing: border-box;
620
- box-sizing: border-box;
621
- -webkit-box-shadow: inset 0 1px 0 rgba(120, 200, 230, .5), 0 1px 0 rgba(0, 0, 0, .15);
622
- box-shadow: inset 0 1px 0 rgba(120, 200, 230, .5), 0 1px 0 rgba(0, 0, 0, .15);
623
- color: #fff;
624
- text-decoration: none;
625
- cursor: pointer;
626
- }
627
-
628
- .mo_green {
629
- background: #2ECC71;
630
- border-color: #2ECC71;
631
- width: 37%;
632
- }
633
-
634
- .mo_red {
635
- background: #E74C3C;
636
- border-color: #E74C3C;
637
- width: 37%;
638
- }
639
-
640
- .showQRHelp, .showOTPHelp {
641
- text-align: center !important;
642
- }
643
-
644
- .mo_email_textbox {
645
- width: 48%;
646
- text-align: center;
647
- height: 40px;
648
- font-size: 18px;
649
- border-radius: 5px;
650
- }
651
-
652
- .mo_header_background {
653
- padding: 5px !important;
654
- background-color: beige !important;
655
- }
656
-
657
- .mo2f_textbox {
658
- width: 60% !important;
659
- border-radius: 4px !important;
660
- height: 30px !important;
661
- font-size: 14px !important;
662
- }
663
-
664
- .mo2f_kba_textbox {
665
- width: 100% !important;
666
- border-radius: 4px !important;
667
- height: 30px !important;
668
- font-size: 14px !important;
669
- }
670
-
671
- .mo_hr {
672
- border-top: 1px solid rgba(220, 214, 214, 0.25) !important;
673
- margin-top: 5px !important;
674
- margin-right: 10px !important;
675
- }
676
-
677
- .mo_margin_left {
678
- margin-left: 20px !important;
679
- }
680
-
681
- .miniorange-app-setup-container {
682
- background-color: #fff;
683
- margin: 0px auto !important;
684
- width: 700px;
685
- border-radius: 5px;
686
- margin-top: -100px !important;
687
- z-index: 99999;
688
- border: 1px solid rgba(128, 128, 128, 0.06);
689
-
690
- }
691
-
692
- .miniorange-ga-setup-container {
693
- background-color: #fff;
694
- margin: 0px auto !important;
695
- width: 900px;
696
- border-radius: 5px;
697
- margin-top: -50px !important;
698
- z-index: 99999;
699
- border: 1px solid rgba(128, 128, 128, 0.06);
700
- }
701
-
702
- .mo_app_link {
703
- text-decoration: none !important;
704
- color: #000 !important;
705
- }
706
-
707
- .mo2fa_app_setup_messages {
708
- width: 700px;
709
- }
710
-
711
- .mo2f_td_show {
712
- display: grid !important;
713
- }
714
-
715
- .mo2f_td_hide {
716
- display: none !important;
717
- }
718
-
719
- .mo2f_kba_ques {
720
- width: 370px !important;
721
- border-radius: 4px !important;
722
- height: 30px !important;
723
- font-size: 14px !important;
724
- }
725
-
726
- .mo2f_kba_table {
727
- padding: 0 10px;
728
- width: 100%;
729
- }
730
-
731
- .mo2f_kba_tb_data {
732
- padding-left: 15px;
733
- }
734
-
735
- .mo2f_table_textbox {
736
- width: 150px;
737
- height: 30px !important;
738
- font-size: 14px !important;
739
-
740
- }
741
-
742
- .mo2f_kba_header {
743
- font-weight: bold;
744
- }
745
-
746
- .mo2f_separator {
747
- border-left: 1px solid #EBECEC;
748
- padding: 5px;
749
- }
750
-
751
- .mo2f_inline_padding {
752
- padding-left: 20px;
753
- padding-right: 20px;
754
- }
755
-
756
-
757
-
758
-
759
-
760
-
761
-
762
- .mo2f_powered_by_miniorange {
763
- width: 100px;
764
- height: 30px;
765
- -webkit-background-size: 100px 25px;
766
- background-size: 100px 25px;
767
- background-repeat: no-repeat;
768
- display: inline-block;
769
- vertical-align: middle;
770
- }
771
-
772
- .mo2f_powered_by_div {
773
- text-align: right;
774
- font-size: 9px;
775
- padding-right: 5px;
776
- background-color: #FFFFFF;
777
- width: 92%;
778
- border-radius: 6px;
779
- }
780
-
781
- .mo2f-login-container {
782
- display: inline-block !important;
783
- display: -moz-inline-stack !important;
784
- text-align: center !important;
785
- width: 100%;
786
-
787
- }
788
-
789
- .mo2f-button {
790
- width: 100% !important;
791
- color: #fff !important;
792
- line-height: normal;
793
- height: 30px !important;
794
- margin: 0px !important;
795
- font-size: 14px !important;
796
- padding: 7px !important;
797
- background-color: #f0ad4e !important;
798
- border-color: #eea236 !important;
799
- -webkit-appearance: none;
800
- -webkit-border-radius: 3px !important;
801
- border-radius: 3px !important;
802
-
803
- }
804
-
805
- .mo2fa_display_message_login {
806
- text-align: left !important;
807
- font-size: 13px !important;
808
- }
809
-
810
- .mo2f-link {
811
- color: #0191BF !important;
812
- font-size: 14px !important;
813
- font-weight: bold !important;
814
- cursor: pointer !important;
815
- }
816
-
817
- .mo_green {
818
- background: #2ECC71 !important;
819
- border-color: #2ECC71 !important;
820
- width: 26% !important;
821
- border-width: 1px;
822
- vertical-align: middle !important;
823
- border-radius: 3px !important;
824
- color: white;
825
- height: 30px;
826
- cursor: pointer;
827
- }
828
-
829
- .mo_red {
830
- background: #E74C3C !important;
831
- border-color: #E74C3C !important;
832
- width: 26% !important;
833
- border-width: 1px;
834
- vertical-align: middle !important;
835
- border-radius: 3px !important;
836
- color: white;
837
- height: 30px;
838
- cursor: pointer;
839
- }
840
-
841
- .mo_otp_token {
842
- font-size: 15px;
843
- color: #212F3C;
844
- border: none;
845
- display: block;
846
- border-bottom-style: solid;
847
- border-width: 2px;
848
- border-color: #D0D3D4;
849
- border-radius: 0px;
850
- outline: none;
851
- width: 140px;
852
- text-align: center;
853
- }
854
-
855
- .showQRHelp, .showOTPHelp {
856
- text-align: center !important;
857
-
858
- }
859
-
860
- .mo2f_device {
861
- padding-left: 200px !important;
862
- vertical-align: -webkit-baseline-middle !important;
863
- line-height: 3 !important;
864
- }
865
-
866
- .miniorange-button {
867
- height: 30px;
868
- font-size: 14px !important;
869
- line-height: 5px !important;
870
- padding: 16px !important;
871
- border-width: 1px;
872
- vertical-align: middle !important;
873
- background-color: #f0ad4e !important;
874
- border-color: #eea236 !important;
875
- -webkit-appearance: none;
876
- border-style: solid;
877
- -webkit-border-radius: 3px !important;
878
- border-radius: 3px !important;
879
- white-space: nowrap;
880
- -webkit-box-sizing: border-box;
881
- -moz-box-sizing: border-box;
882
- box-sizing: border-box;
883
- color: #fff;
884
- text-decoration: none;
885
- cursor: pointer;
886
- }
887
-
888
- .mo_hr {
889
- border-top: 1px solid rgba(220, 214, 214, 0.25) !important;
890
- margin-top: 5px !important;
891
- margin-right: 10px !important;
892
- }
893
-
894
- .mo_margin_left {
895
- margin-left: 20px !important;
896
- }
897
-
898
- .mo_app_link {
899
- text-decoration: none !important;
900
- color: #000 !important;
901
- }
902
-
903
- .mo2f_td_show {
904
- display: grid !important;
905
- }
906
-
907
- .mo2f_td_hide {
908
- display: none !important;
909
- }
910
-
911
- .mo2f_label {
912
- font-weight: 100 !important;
913
- margin-left: 10px !important;
914
-
915
- }
916
-
917
- .mo2f_kba_ques {
918
- width: 394px !important;
919
- border-radius: 4px !important;
920
- height: 40px !important;
921
- font-size: 14px !important;
922
- }
923
-
924
- .mo2f_kba_table {
925
- padding: 0 10px;
926
- width: 100%;
927
- border: hidden !important;
928
- }
929
-
930
- .mo2f_kba_tb_data {
931
- padding-left: 15px;
932
- }
933
-
934
- .mo2f_table_textbox_1 {
935
- width: 150px;
936
- height: 30px !important;
937
- font-size: 14px !important;
938
- }
939
-
940
- .mo2f_table_textbox {
941
- width: 200px;
942
- height: 40px !important;
943
- font-size: 14px !important;
944
-
945
- }
946
-
947
- .mo2f_kba_header {
948
- font-weight: bold;
949
- border: hidden !important;
950
- }
951
-
952
- .mo2f_kba_body {
953
- border: hidden !important;
954
- }
955
-
956
- .mo2f_separator {
957
- border-left: 1px solid #EBECEC;
958
- padding: 5px;
959
- }
960
-
961
- .mo2f_authn_header {
962
- font-size: 14px !important;
963
- }
964
-
965
- #mo2f_inline_table {
966
- border: hidden !important;
967
- }
968
-
969
- .mo2f_ordered_list {
970
- margin: 0 0 0 1em !important;
971
- }
972
-
973
- .mo2f_list {
974
- font-size: 14px !important;
1
+ .mo2f_modal-open {
2
+ overflow: hidden !important;
3
+ position: fixed !important;
4
+ width: 100% !important;
5
+
6
+ }
7
+
8
+ .mo2f_modal {
9
+ position: fixed !important;
10
+ top: 0;
11
+ right: 0;
12
+ bottom: 0;
13
+ left: 0;
14
+ z-index: 100000 !important;
15
+
16
+ overflow: hidden !important;
17
+ -webkit-overflow-scrolling: touch;
18
+ outline: 0;
19
+
20
+ }
21
+
22
+ .mo2f_modal_inner {
23
+ display: none;
24
+ }
25
+
26
+ .mo2f_modal.fade .mo2f_modal-dialog {
27
+ -webkit-transition: -webkit-transform .3s ease-out;
28
+ -o-transition: -o-transform .3s ease-out;
29
+ transition: transform .3s ease-out;
30
+ -webkit-transform: translate(0, -25%);
31
+ -ms-transform: translate(0, -25%);
32
+ -o-transform: translate(0, -25%);
33
+ transform: translate(0, -25%)
34
+ }
35
+
36
+ .mo2f_modal.in .mo2f_modal-dialog {
37
+ -webkit-transform: translate(0, 80px) !important;
38
+ -ms-transform: translate(0, 80px) !important;
39
+ -o-transform: translate(0, 80px) !important;
40
+ transform: translate(0, 80px) !important;
41
+
42
+ }
43
+
44
+ .mo2f_modal-open .mo2f_modal {
45
+ overflow-x: hidden;
46
+ overflow-y: hidden;
47
+ }
48
+
49
+ .mo2f_modal-dialog {
50
+ position: relative;
51
+ width: auto;
52
+ margin: 10px;
53
+
54
+ }
55
+
56
+ .login mo_customer_validation-modal-content {
57
+ position: relative !important;
58
+ background-color: #fff !important;
59
+ -webkit-background-clip: padding-box !important;
60
+ background-clip: padding-box !important;
61
+ border: 1px solid #999 !important;
62
+ border: 1px solid rgba(0, 0, 0, .2) !important;
63
+ border-radius: 6px !important;
64
+ outline: 0 !important;
65
+
66
+ -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
67
+ box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
68
+ }
69
+
70
+ .mo2f-modal-backdrop {
71
+ position: absolute;
72
+ top: 0;
73
+ right: 0;
74
+ left: 0;
75
+ background-color: #f1f1f1 !important;
76
+ filter: alpha(opacity=50) !important;
77
+ opacity: 0.8 !important;
78
+ height: 100% !important;
79
+ }
80
+
81
+ #smsAlertModal {
82
+ background-color: black !important;
83
+ opacity: 0.8 !important;
84
+ font-family: Roboto;
85
+ }
86
+
87
+ #twoFAtestAlertModal {
88
+ background-color: black !important;
89
+ opacity: 0.8 !important;
90
+ filter: alpha(opacity=50) !important;
91
+ }
92
+
93
+ .mo2f_modal-header {
94
+ min-height: 14px;
95
+ padding: 10px;
96
+ border-bottom: 1px solid #e5e5e5
97
+ }
98
+
99
+ .mo2f_modal-title {
100
+ margin: 0 !important;
101
+ line-height: 1.0 !important;
102
+ font-size: 1rem;
103
+ }
104
+
105
+ .mo2f_modal-body {
106
+ / / width: 96 % !important;
107
+ position: relative !important;
108
+ padding: 15px !important;
109
+ overflow-y: auto !important;
110
+ max-height: 550px !important;
111
+ }
112
+
113
+ .mo2f_modal-footer {
114
+ padding: 15px;
115
+ text-align: right;
116
+ border-top: 1px solid #e5e5e5
117
+ }
118
+
119
+ .mo2f_modal-footer .btn + .btn {
120
+ margin-bottom: 0;
121
+ margin-left: 5px
122
+ }
123
+
124
+ .mo2f_modal-footer .btn-group .btn + .btn {
125
+ margin-left: -1px
126
+ }
127
+
128
+ .mo2f_modal-footer .btn-block + .btn-block {
129
+ margin-left: 0
130
+ }
131
+
132
+ .mo2f_modal-scrollbar-measure {
133
+ position: absolute;
134
+ top: -9999px;
135
+ width: 50px;
136
+ height: 50px;
137
+ overflow: scroll
138
+ }
139
+
140
+ .mo2f_close {
141
+ float: right;
142
+ font-size: 21px;
143
+ font-weight: 700;
144
+ line-height: 1;
145
+ color: #000;
146
+ text-shadow: 0 1px 0 #fff;
147
+ filter: alpha(opacity=20);
148
+ opacity: .2
149
+ }
150
+
151
+ .mo2f_close:hover, .mo2f_close:focus {
152
+ color: #000;
153
+ text-decoration: none;
154
+ cursor: pointer;
155
+ filter: alpha(opacity=50);
156
+ opacity: .5
157
+ }
158
+
159
+ button.mo2f_close {
160
+ -webkit-appearance: none;
161
+ padding: 0;
162
+ cursor: pointer;
163
+ background: 0 0;
164
+ border: 0
165
+ }
166
+
167
+ @media ( min-width: 768px) {
168
+ .mo2f_modal-dialog {
169
+ width: 373px;
170
+ margin: 0px auto
171
+ }
172
+
173
+ .login mo_customer_validation-modal-content {
174
+ -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
175
+ box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
176
+ }
177
+
178
+ .mo2f_modal-sm {
179
+ width: 300px
180
+ }
181
+
182
+ .mo2f_modal-md {
183
+ width: 550px
184
+ }
185
+ }
186
+
187
+ @media ( min-width: 992px) {
188
+ .mo2f_modal-lg {
189
+ width: 900px;
190
+ }
191
+
192
+ .mo2f_modal-md {
193
+ width: 550px
194
+ }
195
+ }
196
+
197
+
198
+ @media ( min-width: 768px) {
199
+ .mo2f_modal-dialog {
200
+ width: 373px;
201
+ margin: 0px auto
202
+ }
203
+
204
+ .login mo_customer_validation-modal-content {
205
+ -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
206
+ box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
207
+ }
208
+
209
+ .mo2f_modal-sm {
210
+ width: 300px
211
+ }
212
+
213
+ .mo2f_modal-md {
214
+ width: 550px
215
+ }
216
+ }
217
+
218
+ @media ( min-width: 992px) {
219
+ .mo2f_modal-lg {
220
+ width: 900px;
221
+ }
222
+
223
+ .mo2f_modal-md {
224
+ width: 550px
225
+ }
226
+ }
227
+
228
+ .center{
229
+
230
+ text-align: center !important;
231
+ }
232
+
233
+ #otpMessage {
234
+ border-radius: 1px;
235
+ padding: 1px 5px;
236
+ background: #f1f1f1;
237
+ }
238
+
239
+ .mo2f_carousel-indicators {
240
+ position: absolute;
241
+ bottom: -20px;
242
+ z-index: 15;
243
+ width: 60%;
244
+ list-style: none;
245
+ text-align: center;
246
+ }
247
+
248
+ .miniorange_kba_validate:hover, .miniorange_validate_otp:hover, .miniorange_login_forgotphone:hover,
249
+ .miniorange_login_offline:hover, .miniorange_login_forgotphone:hover, .miniorange_otp_token_submit:hover {
250
+ background-color: #0073AA !important
251
+ }
252
+
253
+ .miniorange_kba_validate, .miniorange_validate_otp, .miniorange_login_forgotphone,
254
+ .miniorange_login_offline, .miniorange_login_forgotphone, .miniorange_otp_token_submit {
255
+ background: #00A0D2 !important;
256
+ border-color: #0073AA !important;
257
+ box-shadow: 0 1px 0 rgba(120, 200, 230, .5) inset, 0 1px 0 rgba(0, 0, 0, .15) !important;
258
+ color: #FFF !important;
259
+ text-decoration: none !important;
260
+ cursor: pointer !important;
261
+ border-width: 1px !important;
262
+ border-style: solid !important;
263
+ border-radius: 3px !important;
264
+ white-space: nowrap !important;
265
+ box-sizing: border-box !important;
266
+ line-height: 28px !important;
267
+ padding: 0 12px !important;
268
+ font-size: 13px !important
269
+ }
270
+
271
+ .mo_customer_validation-modal.fade .mo_customer_validation-modal-dialog {
272
+ -webkit-transition: -webkit-transform .3s ease-out;
273
+ -o-transition: -o-transform .3s ease-out;
274
+ transition: transform .3s ease-out;
275
+ -webkit-transform: translate(0, -25%);
276
+ -ms-transform: translate(0, -25%);
277
+ -o-transform: translate(0, -25%);
278
+ transform: translate(0, -25%)
279
+ }
280
+
281
+ .mo_customer_validation-modal.in .mo_customer_validation-modal-dialog {
282
+ -webkit-transform: translate(0, 80px) !important;
283
+ -ms-transform: translate(0, 80px) !important;
284
+ -o-transform: translate(0, 80px) !important;
285
+ transform: translate(0, 80px) !important
286
+ }
287
+
288
+ .mo_customer_validation-modal-open .mo_customer_validation-modal {
289
+ overflow-x: hidden;
290
+ overflow-y: hidden
291
+ }
292
+
293
+ .mo_customer_validation-modal-dialog {
294
+ position: relative;
295
+ width: auto;
296
+ margin: 10px
297
+ }
298
+
299
+ .mo_customer_validation-modal-content {
300
+ position: relative;
301
+ -webkit-background-clip: padding-box;
302
+ border: 1px solid #999;
303
+ border: 1px solid rgba(0, 0, 0, .2);
304
+ outline: 0;
305
+ margin-top: 8%;
306
+ margin-left: 0;
307
+ padding: 15px 20px 0;
308
+ font-family: "Open Sans", sans-serif;
309
+ font-size: 14px;
310
+ line-height: 1.4em;
311
+ background: #FFF;
312
+ box-shadow: 0 1px 3px rgba(0, 0, 0, .13)
313
+ }
314
+
315
+ .mo_customer_validation-modal-backdrop {
316
+ position: absolute;
317
+ top: 0;
318
+ right: 0;
319
+ left: 0;
320
+ background-color: #000 !important;
321
+ filter: alpha(opacity=50) !important;
322
+ opacity: .9 !important;
323
+ height: 100% !important
324
+ }
325
+
326
+ .mo_customer_validation-modal-header {
327
+ min-height: 14px;
328
+ padding: 10px 10px 20px;
329
+ border-bottom: 1px solid #e5e5e5
330
+ }
331
+
332
+ .mo_customer_validation-modal-title {
333
+ margin: 0 !important;
334
+ line-height: 1 !important
335
+ }
336
+
337
+ .mo_customer_validation-modal-body {
338
+ position: relative;
339
+ padding: 5%;
340
+ overflow: hidden !important;
341
+ max-height: 550px !important
342
+ }
343
+
344
+ .mo_customer_validation-modal-footer {
345
+ padding: 15px;
346
+ text-align: right;
347
+ border-top: 1px solid #e5e5e5
348
+ }
349
+
350
+ .mo_customer_validation-modal-footer .btn + .btn {
351
+ margin-bottom: 0;
352
+ margin-left: 5px
353
+ }
354
+
355
+ .mo_customer_validation-modal-footer .btn-group .btn + .btn {
356
+ margin-left: -1px
357
+ }
358
+
359
+ .mo_customer_validation-modal-footer .btn-block + .btn-block {
360
+ margin-left: 0
361
+ }
362
+
363
+ .mo_customer_validation-modal-scrollbar-measure {
364
+ position: absolute;
365
+ top: -9999px;
366
+ width: 50px;
367
+ height: 50px;
368
+ overflow: scroll
369
+ }
370
+
371
+ @media (min-width: 768px) {
372
+ .mo_customer_validation-modal-dialog {
373
+ width: auto;
374
+ margin: 0 auto
375
+ }
376
+
377
+ .mo_customer_validation-modal-content {
378
+ -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
379
+ box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
380
+ }
381
+
382
+ .mo_customer_validation-modal-sm {
383
+ width: 300px
384
+ }
385
+
386
+ .mo_customer_validation-modal-md {
387
+ width: 532px
388
+ }
389
+
390
+ .mo_customer_validation-modal-lg {
391
+ width: 50%
392
+ }
393
+ }
394
+
395
+ @media (min-width: 992px) {
396
+ .mo_customer_validation-modal-dialog {
397
+ width: auto;
398
+ margin: 0 auto
399
+ }
400
+
401
+ .mo_customer_validation-modal-lg {
402
+ width: 490px
403
+ }
404
+
405
+ .mo_customer_validation-modal-md {
406
+ width: 532px
407
+ }
408
+ }
409
+
410
+ .mo_customer_validation-textbox {
411
+ background: #FBFBFB;
412
+ font-family: "Open Sans", sans-serif;
413
+ font-size: 24px;
414
+ width: 100%;
415
+ border: 1px solid #DDD;
416
+ padding: 3px;
417
+ margin: 2px 6px 16px 0
418
+ }
419
+
420
+ .mo_customer_validation-textbox:focus {
421
+ border-color: #5B9DD9;
422
+ box-shadow: 0 0 2px rgba(30, 140, 190, .8)
423
+
424
+ }
425
+
426
+
427
+
428
+ /*Hode login*/
429
+
430
+ body.login-action-login div#login {
431
+ display: none;
432
+ }
433
+
434
+ body.login-action-login div#login form#loginform input#user_login {
435
+ display: none;
436
+ }
437
+
438
+ body.login-action-login div#login form#loginform p.forgetmenot {
439
+ display: none;
440
+ }
441
+
442
+ body.login-action-login div#login form#loginform p.submit input#wp-submit {
443
+ display: none;
444
+ }
445
+
446
+ body.login-action-login div#login form#loginform p label {
447
+ display: none;
448
+ }
449
+
450
+ body.login-action-login div#login p#nav {
451
+ display: none;
452
+ }
453
+
454
+ body.login-action-login div#login form#loginform input#user_pass {
455
+ display: none;
456
+ }
457
+
458
+ body.login-action-login div#login div#login_error {
459
+ display: none;
460
+ }
461
+
462
+ body.login-action-login p.message {
463
+ display: none;
464
+ }
465
+
466
+ body.login-action-login div#login #loginform {
467
+ box-shadow: inherit;
468
+ }
469
+
470
+ body.login-action-login div#login div#login_error1 {
471
+ border-left: 4px solid #dd3d36;
472
+ margin-left: 0;
473
+ padding: 12px;
474
+ background: #fff;
475
+ -webkit-box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
476
+ box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
477
+ }
478
+
479
+ .mo2f_header {
480
+ font-size: 28px;
481
+ font-family: -webkit-body;
482
+ color: #777;
483
+ }
484
+
485
+ .mo2f_powered_by_miniorange {
486
+ width: 100px;
487
+ height: 25px;
488
+ -webkit-background-size: 100px 25px;
489
+ background-size: 100px 25px;
490
+ background-repeat: no-repeat;
491
+ display: inline-block;
492
+ vertical-align: middle;
493
+ }
494
+
495
+ .mo2f_powered_by_div {
496
+ text-align: right;
497
+ font-size: 9px;
498
+ padding-right: 2%;
499
+ background-color: #FFFFFF;
500
+ }
501
+
502
+ .button-green {
503
+ color: rgb(0, 160, 210);
504
+ background: none !important;
505
+ border: none;
506
+ padding: 0 !important;
507
+ font: inherit;
508
+ border-color: transparent !important;
509
+ /*border is optional*/
510
+ border-bottom: 1px solid #444;
511
+ cursor: pointer;
512
+ }
513
+
514
+ .mo2fa_display_message {
515
+ padding: 12px;
516
+ border-left: 4px solid #00a0d2;
517
+ background-color: #fff;
518
+ -webkit-box-shadow: 0 1px