Version Description
- Google Authenticator-Two Factor Authentication (2FA, OTP) :
- Backup Codes
- Sanitization and JS improvements
- SMS and Email Sync
- Whatsapp based Two factor in Premium plugin
- Telegram based Two factor in Premium plugin
Download this release
Release Info
Developer | cyberlord92 |
Plugin | Google Authenticator – WordPress Two Factor Authentication (2FA) |
Version | 5.4.22 |
Comparing to | |
See all releases |
Code changes from version 5.4.21 to 5.4.22
- api/class-customer-common-setup.php +3 -3
- api/class-customer-onprem-setup.php +72 -72
- controllers/account.php +24 -2
- controllers/content-protection.php +93 -93
- controllers/ip-blocking.php +256 -256
- controllers/main_controller.php +111 -111
- controllers/malware_scanner/malware_scan_ajax.php +52 -35
- controllers/malware_scanner/scan_malware_settings.php +1 -1
- controllers/navbar.php +9 -0
- controllers/support.php +50 -50
- controllers/twofa/mo2fa_common_login.php +322 -11
- controllers/twofa/mo2fa_inline_registration.php +1264 -1233
- controllers/twofa/two_fa_unlimittedUser.php +3 -3
- controllers/twofa/two_fa_unlimittedUser_ajax.php +46 -46
- controllers/upgrade.php +1 -2
- controllers/wpns-loginsecurity-ajax.php +37 -1
- database/database_functions.php +55 -8
- handler/WAF/database/mo-waf-db-common.php +24 -24
- handler/WAF/database/mo-waf-plugin-db.php +90 -90
- handler/ajax.php +41 -42
- handler/backup.php +2 -2
- handler/malware_scanner.php +668 -668
- handler/malware_scanner/malware_scanner_cron.php +1191 -1049
- handler/malware_scanner/scanner_set_cron.php +305 -260
- handler/mo-error.html +10 -10
- handler/mo-waf.php +586 -586
- handler/signature/APLFI.php +4 -4
- handler/spam.php +41 -41
- handler/twofa/setup_twofa.php +17 -5
- handler/twofa/two_fa_constants.php +3 -2
- handler/twofa/two_fa_pass2login.php +2849 -2656
- handler/twofa/two_fa_settings.php +29 -11
- handler/twofa/two_fa_short_call.php +43 -43
- handler/twofa/two_fa_short_gateway.php +4 -1
- handler/twofa/two_fa_utility.php +124 -0
- helper/constants.php +1 -1
- helper/messages.php +21 -4
- helper/plugins.php +102 -102
- includes/css/jquery.dataTables.min.css +1 -1
- includes/css/phone.css +25 -1
- includes/css/twofa_style_settings.css +518 -974
api/class-customer-common-setup.php
CHANGED
@@ -259,7 +259,7 @@ class Customer_Cloud_Setup {
|
|
259 |
}
|
260 |
|
261 |
|
262 |
-
function get_customer_transactions( $cKey, $apiKey ) {
|
263 |
|
264 |
$url = MO_HOST_NAME . '/moas/rest/customer/license';
|
265 |
|
@@ -273,8 +273,8 @@ class Customer_Cloud_Setup {
|
|
273 |
$fields = '';
|
274 |
$fields = array(
|
275 |
'customerId' => $customerKey,
|
276 |
-
'applicationName' => '
|
277 |
-
'licenseType'
|
278 |
);
|
279 |
|
280 |
$field_string = json_encode( $fields );
|
259 |
}
|
260 |
|
261 |
|
262 |
+
function get_customer_transactions( $cKey, $apiKey ,$license_type) {
|
263 |
|
264 |
$url = MO_HOST_NAME . '/moas/rest/customer/license';
|
265 |
|
273 |
$fields = '';
|
274 |
$fields = array(
|
275 |
'customerId' => $customerKey,
|
276 |
+
'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
|
277 |
+
'licenseType' => $license_type
|
278 |
);
|
279 |
|
280 |
$field_string = json_encode( $fields );
|
api/class-customer-onprem-setup.php
CHANGED
@@ -1,73 +1,73 @@
|
|
1 |
-
<?php
|
2 |
-
/** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
|
3 |
-
* Copyright (C) 2015 miniOrange
|
4 |
-
*
|
5 |
-
* This program is free software: you can redistribute it and/or modify
|
6 |
-
* it under the terms of the GNU General Public License as published by
|
7 |
-
* the Free Software Foundation, either version 3 of the License, or
|
8 |
-
* (at your option) any later version.
|
9 |
-
*
|
10 |
-
* This program is distributed in the hope that it will be useful,
|
11 |
-
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12 |
-
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13 |
-
* GNU General Public License for more details.
|
14 |
-
*
|
15 |
-
* You should have received a copy of the GNU General Public License
|
16 |
-
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
17 |
-
* @package miniOrange OAuth
|
18 |
-
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
|
19 |
-
*/
|
20 |
-
|
21 |
-
/**
|
22 |
-
* This library is miniOrange Authentication Service.
|
23 |
-
* Contains Request Calls to Customer service.
|
24 |
-
**/
|
25 |
-
|
26 |
-
include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
|
27 |
-
|
28 |
-
class Customer_Setup extends Customer_Cloud_Setup {
|
29 |
-
|
30 |
-
|
31 |
-
|
32 |
-
function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
|
33 |
-
|
34 |
-
$cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
|
35 |
-
if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
|
36 |
-
include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
|
37 |
-
$mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
|
38 |
-
if(is_null($currentuser) or !isset($currentuser))
|
39 |
-
$currentuser = wp_get_current_user();
|
40 |
-
$content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
|
41 |
-
|
42 |
-
}else {
|
43 |
-
|
44 |
-
$content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
|
45 |
-
|
46 |
-
}
|
47 |
-
|
48 |
-
return $content;
|
49 |
-
}
|
50 |
-
|
51 |
-
|
52 |
-
function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
|
53 |
-
$content='';
|
54 |
-
if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
|
55 |
-
include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
|
56 |
-
$mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
|
57 |
-
if(!isset($current_user) or is_null($current_user) )
|
58 |
-
$current_user = wp_get_current_user();
|
59 |
-
$content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
|
60 |
-
//change parameters as per your requirement but make sure other methods are not affected.
|
61 |
-
|
62 |
-
}else{
|
63 |
-
|
64 |
-
$content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
|
65 |
-
|
66 |
-
}
|
67 |
-
return $content;
|
68 |
-
}
|
69 |
-
|
70 |
-
|
71 |
-
}
|
72 |
-
|
73 |
?>
|
1 |
+
<?php
|
2 |
+
/** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
|
3 |
+
* Copyright (C) 2015 miniOrange
|
4 |
+
*
|
5 |
+
* This program is free software: you can redistribute it and/or modify
|
6 |
+
* it under the terms of the GNU General Public License as published by
|
7 |
+
* the Free Software Foundation, either version 3 of the License, or
|
8 |
+
* (at your option) any later version.
|
9 |
+
*
|
10 |
+
* This program is distributed in the hope that it will be useful,
|
11 |
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12 |
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13 |
+
* GNU General Public License for more details.
|
14 |
+
*
|
15 |
+
* You should have received a copy of the GNU General Public License
|
16 |
+
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
17 |
+
* @package miniOrange OAuth
|
18 |
+
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
|
19 |
+
*/
|
20 |
+
|
21 |
+
/**
|
22 |
+
* This library is miniOrange Authentication Service.
|
23 |
+
* Contains Request Calls to Customer service.
|
24 |
+
**/
|
25 |
+
|
26 |
+
include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
|
27 |
+
|
28 |
+
class Customer_Setup extends Customer_Cloud_Setup {
|
29 |
+
|
30 |
+
|
31 |
+
|
32 |
+
function send_otp_token( $uKey, $authType, $cKey, $apiKey,$currentuser=null ) {
|
33 |
+
|
34 |
+
$cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
|
35 |
+
if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
|
36 |
+
include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
|
37 |
+
$mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
|
38 |
+
if(is_null($currentuser) or !isset($currentuser))
|
39 |
+
$currentuser = wp_get_current_user();
|
40 |
+
$content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
|
41 |
+
|
42 |
+
}else {
|
43 |
+
|
44 |
+
$content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey,$currentuser=null);
|
45 |
+
|
46 |
+
}
|
47 |
+
|
48 |
+
return $content;
|
49 |
+
}
|
50 |
+
|
51 |
+
|
52 |
+
function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
|
53 |
+
$content='';
|
54 |
+
if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
|
55 |
+
include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
|
56 |
+
$mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
|
57 |
+
if(!isset($current_user) or is_null($current_user) )
|
58 |
+
$current_user = wp_get_current_user();
|
59 |
+
$content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
|
60 |
+
//change parameters as per your requirement but make sure other methods are not affected.
|
61 |
+
|
62 |
+
}else{
|
63 |
+
|
64 |
+
$content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
|
65 |
+
|
66 |
+
}
|
67 |
+
return $content;
|
68 |
+
}
|
69 |
+
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
?>
|
controllers/account.php
CHANGED
@@ -181,11 +181,33 @@
|
|
181 |
do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
|
182 |
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
183 |
$customerT = new Customer_Cloud_Setup();
|
184 |
-
$content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
185 |
if(isset($content['smsRemaining']))
|
186 |
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
|
187 |
-
else
|
188 |
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
189 |
|
190 |
}
|
191 |
else
|
181 |
do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
|
182 |
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
183 |
$customerT = new Customer_Cloud_Setup();
|
184 |
+
$content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
|
185 |
+
if($content['status'] == 'SUCCESS')
|
186 |
+
{
|
187 |
+
update_site_option('mo2f_license_type','PREMIUM');
|
188 |
+
}
|
189 |
+
else
|
190 |
+
{
|
191 |
+
update_site_option('mo2f_license_type','DEMO');
|
192 |
+
$content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
|
193 |
+
}
|
194 |
if(isset($content['smsRemaining']))
|
195 |
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
|
196 |
+
else if($content['status'] =='SUCCESS')
|
197 |
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
|
198 |
+
if(isset($content['emailRemaining']))
|
199 |
+
{
|
200 |
+
if($content['emailRemaining']>30)
|
201 |
+
{
|
202 |
+
$currentTransaction = $content['emailRemaining'];
|
203 |
+
update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
|
204 |
+
update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
|
205 |
+
}
|
206 |
+
else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
|
207 |
+
{
|
208 |
+
update_site_option('cmVtYWluaW5nT1RQ',30);
|
209 |
+
}
|
210 |
+
}
|
211 |
|
212 |
}
|
213 |
else
|
controllers/content-protection.php
CHANGED
@@ -1,94 +1,94 @@
|
|
1 |
-
<?php
|
2 |
-
global $moWpnsUtility,$mo2f_dirName;
|
3 |
-
|
4 |
-
if(current_user_can( 'manage_options' ) && isset($_POST['option']))
|
5 |
-
{
|
6 |
-
switch($_POST['option'])
|
7 |
-
{
|
8 |
-
case "mo_wpns_content_protection":
|
9 |
-
wpns_handle_content_protection($_POST); break;
|
10 |
-
case "mo_wpns_enable_comment_spam_blocking":
|
11 |
-
wpns_handle_comment_spam_blocking($_POST); break;
|
12 |
-
case "mo_wpns_enable_comment_recaptcha":
|
13 |
-
wpns_handle_comment_recaptcha($_POST); break;
|
14 |
-
case "mo_wpns_comment_recaptcha_settings":
|
15 |
-
wpns_save_comment_recaptcha($_POST); break;
|
16 |
-
}
|
17 |
-
}
|
18 |
-
|
19 |
-
|
20 |
-
$protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
|
21 |
-
$protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
|
22 |
-
$disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
|
23 |
-
$comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
|
24 |
-
$enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
|
25 |
-
$htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
|
26 |
-
$restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
|
27 |
-
$test_recaptcha_url = "";
|
28 |
-
$wp_config = site_url().'/wp-config.php';
|
29 |
-
$wp_uploads = get_site_url().'/wp-content/uploads';
|
30 |
-
$plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
|
31 |
-
$restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
|
32 |
-
$restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
|
33 |
-
if($enable_recaptcha)
|
34 |
-
{
|
35 |
-
$test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
|
36 |
-
$captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
|
37 |
-
$captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
|
38 |
-
}
|
39 |
-
|
40 |
-
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
|
41 |
-
|
42 |
-
/* CONTENT PROTECTION FUNCTIONS */
|
43 |
-
|
44 |
-
//Function to save content protection settings
|
45 |
-
function wpns_handle_content_protection()
|
46 |
-
{
|
47 |
-
isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
|
48 |
-
isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
|
49 |
-
isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
|
50 |
-
isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
|
51 |
-
if(isset($_POST['restrictAPI'])){
|
52 |
-
update_site_option('mo2f_restrict_restAPI', 1);
|
53 |
-
}
|
54 |
-
else{
|
55 |
-
update_site_option('mo2f_restrict_restAPI',0);
|
56 |
-
}
|
57 |
-
|
58 |
-
|
59 |
-
|
60 |
-
|
61 |
-
$mo_wpns_htaccess_handler = new MoWpnsHandler();
|
62 |
-
$mo_wpns_htaccess_handler->update_htaccess_configuration();
|
63 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
|
64 |
-
}
|
65 |
-
|
66 |
-
|
67 |
-
//Function to handle comment spam blocking
|
68 |
-
function wpns_handle_comment_spam_blocking($postvalue)
|
69 |
-
{
|
70 |
-
$enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
|
71 |
-
update_option('mo_wpns_enable_comment_spam_blocking', $enable);
|
72 |
-
if($enable)
|
73 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
|
74 |
-
else
|
75 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
|
76 |
-
}
|
77 |
-
|
78 |
-
|
79 |
-
//Function to handle reCAPTCHA for comments
|
80 |
-
function wpns_handle_comment_recaptcha($postvalue)
|
81 |
-
{
|
82 |
-
$enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
|
83 |
-
update_option('mo_wpns_enable_comment_recaptcha', $enable);
|
84 |
-
if($enable)
|
85 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
|
86 |
-
else
|
87 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
|
88 |
-
}
|
89 |
-
|
90 |
-
function wpns_save_comment_recaptcha($postvalue){
|
91 |
-
update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
|
92 |
-
update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
|
93 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
|
94 |
}
|
1 |
+
<?php
|
2 |
+
global $moWpnsUtility,$mo2f_dirName;
|
3 |
+
|
4 |
+
if(current_user_can( 'manage_options' ) && isset($_POST['option']))
|
5 |
+
{
|
6 |
+
switch($_POST['option'])
|
7 |
+
{
|
8 |
+
case "mo_wpns_content_protection":
|
9 |
+
wpns_handle_content_protection($_POST); break;
|
10 |
+
case "mo_wpns_enable_comment_spam_blocking":
|
11 |
+
wpns_handle_comment_spam_blocking($_POST); break;
|
12 |
+
case "mo_wpns_enable_comment_recaptcha":
|
13 |
+
wpns_handle_comment_recaptcha($_POST); break;
|
14 |
+
case "mo_wpns_comment_recaptcha_settings":
|
15 |
+
wpns_save_comment_recaptcha($_POST); break;
|
16 |
+
}
|
17 |
+
}
|
18 |
+
|
19 |
+
|
20 |
+
$protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
|
21 |
+
$protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
|
22 |
+
$disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
|
23 |
+
$comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
|
24 |
+
$enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
|
25 |
+
$htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
|
26 |
+
$restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
|
27 |
+
$test_recaptcha_url = "";
|
28 |
+
$wp_config = site_url().'/wp-config.php';
|
29 |
+
$wp_uploads = get_site_url().'/wp-content/uploads';
|
30 |
+
$plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
|
31 |
+
$restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
|
32 |
+
$restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
|
33 |
+
if($enable_recaptcha)
|
34 |
+
{
|
35 |
+
$test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
|
36 |
+
$captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
|
37 |
+
$captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
|
38 |
+
}
|
39 |
+
|
40 |
+
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
|
41 |
+
|
42 |
+
/* CONTENT PROTECTION FUNCTIONS */
|
43 |
+
|
44 |
+
//Function to save content protection settings
|
45 |
+
function wpns_handle_content_protection()
|
46 |
+
{
|
47 |
+
isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
|
48 |
+
isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
|
49 |
+
isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
|
50 |
+
isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
|
51 |
+
if(isset($_POST['restrictAPI'])){
|
52 |
+
update_site_option('mo2f_restrict_restAPI', 1);
|
53 |
+
}
|
54 |
+
else{
|
55 |
+
update_site_option('mo2f_restrict_restAPI',0);
|
56 |
+
}
|
57 |
+
|
58 |
+
|
59 |
+
|
60 |
+
|
61 |
+
$mo_wpns_htaccess_handler = new MoWpnsHandler();
|
62 |
+
$mo_wpns_htaccess_handler->update_htaccess_configuration();
|
63 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
|
64 |
+
}
|
65 |
+
|
66 |
+
|
67 |
+
//Function to handle comment spam blocking
|
68 |
+
function wpns_handle_comment_spam_blocking($postvalue)
|
69 |
+
{
|
70 |
+
$enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
|
71 |
+
update_option('mo_wpns_enable_comment_spam_blocking', $enable);
|
72 |
+
if($enable)
|
73 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
|
74 |
+
else
|
75 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
|
76 |
+
}
|
77 |
+
|
78 |
+
|
79 |
+
//Function to handle reCAPTCHA for comments
|
80 |
+
function wpns_handle_comment_recaptcha($postvalue)
|
81 |
+
{
|
82 |
+
$enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
|
83 |
+
update_option('mo_wpns_enable_comment_recaptcha', $enable);
|
84 |
+
if($enable)
|
85 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
|
86 |
+
else
|
87 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
|
88 |
+
}
|
89 |
+
|
90 |
+
function wpns_save_comment_recaptcha($postvalue){
|
91 |
+
update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
|
92 |
+
update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
|
93 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
|
94 |
}
|
controllers/ip-blocking.php
CHANGED
@@ -1,257 +1,257 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
global $moWpnsUtility,$mo2f_dirName;
|
4 |
-
$mo_wpns_handler = new MoWpnsHandler();
|
5 |
-
|
6 |
-
if(current_user_can( 'manage_options' ) && isset($_POST['option']))
|
7 |
-
{
|
8 |
-
switch($_POST['option'])
|
9 |
-
{
|
10 |
-
case "mo_wpns_manual_block_ip":
|
11 |
-
wpns_handle_manual_block_ip($_POST['IP']); break;
|
12 |
-
case "mo_wpns_unblock_ip":
|
13 |
-
wpns_handle_unblock_ip($_POST['id']); break;
|
14 |
-
case "mo_wpns_whitelist_ip":
|
15 |
-
wpns_handle_whitelist_ip($_POST['IP']); break;
|
16 |
-
case "mo_wpns_remove_whitelist":
|
17 |
-
wpns_handle_remove_whitelist($_POST['id'] ); break;
|
18 |
-
}
|
19 |
-
}
|
20 |
-
|
21 |
-
$blockedips = $mo_wpns_handler->get_blocked_ips();
|
22 |
-
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
23 |
-
$path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
|
24 |
-
$path = explode('plugins', $path);
|
25 |
-
$img_loader_url = plugins_url().$path[1];
|
26 |
-
|
27 |
-
$page_url = "";
|
28 |
-
$license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
|
29 |
-
|
30 |
-
|
31 |
-
/** IP BLOCKING RELATED FUNCTIONS **/
|
32 |
-
|
33 |
-
// Function to handle Manual Block IP form submit
|
34 |
-
function wpns_handle_manual_block_ip($ip)
|
35 |
-
{
|
36 |
-
|
37 |
-
global $moWpnsUtility;
|
38 |
-
|
39 |
-
if( $moWpnsUtility->check_empty_or_null( $ip) )
|
40 |
-
{
|
41 |
-
//Improper message
|
42 |
-
echo("empty IP");
|
43 |
-
exit;
|
44 |
-
}
|
45 |
-
if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
|
46 |
-
{
|
47 |
-
echo("INVALID_IP_FORMAT");
|
48 |
-
exit;
|
49 |
-
}
|
50 |
-
else
|
51 |
-
{
|
52 |
-
$ipAddress = sanitize_text_field( $ip );
|
53 |
-
$mo_wpns_config = new MoWpnsHandler();
|
54 |
-
$isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
|
55 |
-
if(!$isWhitelisted)
|
56 |
-
{
|
57 |
-
if($mo_wpns_config->is_ip_blocked($ipAddress)){
|
58 |
-
//Change message
|
59 |
-
echo("already blocked");
|
60 |
-
exit;
|
61 |
-
} else{
|
62 |
-
$mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
|
63 |
-
//not in structures
|
64 |
-
?>
|
65 |
-
<table id="blockedips_table1" class="display">
|
66 |
-
<thead><tr><th>IP Address  </th><th>Reason  </th><th>Blocked Until  </th><th>Blocked Date  </th><th>Action  </th></tr></thead>
|
67 |
-
<tbody>
|
68 |
-
<?php
|
69 |
-
$mo_wpns_handler = new MoWpnsHandler();
|
70 |
-
$blockedips = $mo_wpns_handler->get_blocked_ips();
|
71 |
-
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
72 |
-
global $mo2f_dirName;
|
73 |
-
foreach($blockedips as $blockedip)
|
74 |
-
{
|
75 |
-
echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
|
76 |
-
if(empty($blockedip->blocked_for_time))
|
77 |
-
echo "<span class=redtext>Permanently</span>";
|
78 |
-
else
|
79 |
-
echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
|
80 |
-
echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
|
81 |
-
}
|
82 |
-
?>
|
83 |
-
</tbody>
|
84 |
-
</table>
|
85 |
-
<script type="text/javascript">
|
86 |
-
jQuery("#blockedips_table1").DataTable({
|
87 |
-
"order": [[ 3, "desc" ]]
|
88 |
-
});
|
89 |
-
</script>
|
90 |
-
<?php
|
91 |
-
exit;
|
92 |
-
}
|
93 |
-
}
|
94 |
-
else
|
95 |
-
{
|
96 |
-
// Change message
|
97 |
-
echo("IP_IN_WHITELISTED");
|
98 |
-
exit;
|
99 |
-
}
|
100 |
-
}
|
101 |
-
}
|
102 |
-
|
103 |
-
|
104 |
-
// Function to handle Manual Block IP form submit
|
105 |
-
function wpns_handle_unblock_ip($entryID)
|
106 |
-
{
|
107 |
-
global $moWpnsUtility;
|
108 |
-
|
109 |
-
if( $moWpnsUtility->check_empty_or_null($entryID))
|
110 |
-
{
|
111 |
-
// Change message
|
112 |
-
echo("UNKNOWN_ERROR");
|
113 |
-
exit;
|
114 |
-
}
|
115 |
-
else
|
116 |
-
{
|
117 |
-
$entryid = sanitize_text_field($entryID);
|
118 |
-
$mo_wpns_config = new MoWpnsHandler();
|
119 |
-
$mo_wpns_config->unblock_ip_entry($entryid);
|
120 |
-
//not is structure
|
121 |
-
?>
|
122 |
-
<table id="blockedips_table1" class="display">
|
123 |
-
<thead><tr><th>IP Address  </th><th>Reason  </th><th>Blocked Until  </th><th>Blocked Date  </th><th>Action  </th></tr></thead>
|
124 |
-
<tbody>
|
125 |
-
<?php
|
126 |
-
$mo_wpns_handler = new MoWpnsHandler();
|
127 |
-
$blockedips = $mo_wpns_handler->get_blocked_ips();
|
128 |
-
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
129 |
-
global $mo2f_dirName;
|
130 |
-
foreach($blockedips as $blockedip)
|
131 |
-
{
|
132 |
-
echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
|
133 |
-
if(empty($blockedip->blocked_for_time))
|
134 |
-
echo "<span class=redtext>Permanently</span>";
|
135 |
-
else
|
136 |
-
echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
|
137 |
-
echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
|
138 |
-
}
|
139 |
-
?>
|
140 |
-
</tbody>
|
141 |
-
</table>
|
142 |
-
<script type="text/javascript">
|
143 |
-
jQuery("#blockedips_table1").DataTable({
|
144 |
-
"order": [[ 3, "desc" ]]
|
145 |
-
});
|
146 |
-
</script>
|
147 |
-
<?php
|
148 |
-
|
149 |
-
exit;
|
150 |
-
}
|
151 |
-
}
|
152 |
-
|
153 |
-
|
154 |
-
// Function to handle Whitelist IP form submit
|
155 |
-
function wpns_handle_whitelist_ip($ip)
|
156 |
-
{
|
157 |
-
global $moWpnsUtility;
|
158 |
-
if( $moWpnsUtility->check_empty_or_null($ip))
|
159 |
-
{
|
160 |
-
//change message
|
161 |
-
echo("EMPTY IP");
|
162 |
-
exit;
|
163 |
-
}
|
164 |
-
if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
|
165 |
-
{ //change message
|
166 |
-
echo("INVALID_IP");
|
167 |
-
exit;
|
168 |
-
}
|
169 |
-
else
|
170 |
-
{
|
171 |
-
$ipAddress = sanitize_text_field($ip);
|
172 |
-
$mo_wpns_config = new MoWpnsHandler();
|
173 |
-
if($mo_wpns_config->is_whitelisted($ipAddress))
|
174 |
-
{
|
175 |
-
//change message
|
176 |
-
echo("IP_ALREADY_WHITELISTED");
|
177 |
-
exit;
|
178 |
-
}
|
179 |
-
else
|
180 |
-
{
|
181 |
-
$mo_wpns_config->whitelist_ip($ip);
|
182 |
-
//Structures issues
|
183 |
-
$mo_wpns_handler = new MoWpnsHandler();
|
184 |
-
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
185 |
-
|
186 |
-
?>
|
187 |
-
<table id="whitelistedips_table1" class="display">
|
188 |
-
<thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
|
189 |
-
<tbody>
|
190 |
-
<?php
|
191 |
-
foreach($whitelisted_ips as $whitelisted_ip)
|
192 |
-
{
|
193 |
-
echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
|
194 |
-
}
|
195 |
-
|
196 |
-
|
197 |
-
?>
|
198 |
-
</tbody>
|
199 |
-
</table>
|
200 |
-
<script type="text/javascript">
|
201 |
-
jQuery("#whitelistedips_table1").DataTable({
|
202 |
-
"order": [[ 1, "desc" ]]
|
203 |
-
});
|
204 |
-
</script>
|
205 |
-
|
206 |
-
<?php
|
207 |
-
exit;
|
208 |
-
}
|
209 |
-
}
|
210 |
-
}
|
211 |
-
|
212 |
-
|
213 |
-
// Function to handle remove whitelisted IP form submit
|
214 |
-
function wpns_handle_remove_whitelist($entryID)
|
215 |
-
{
|
216 |
-
global $moWpnsUtility;
|
217 |
-
if( $moWpnsUtility->check_empty_or_null($entryID))
|
218 |
-
{
|
219 |
-
//change Message
|
220 |
-
echo("UNKNOWN_ERROR");
|
221 |
-
exit;
|
222 |
-
}
|
223 |
-
else
|
224 |
-
{
|
225 |
-
$entryid = sanitize_text_field($entryID);
|
226 |
-
$mo_wpns_config = new MoWpnsHandler();
|
227 |
-
$mo_wpns_config->remove_whitelist_entry($entryid);
|
228 |
-
//structures
|
229 |
-
$mo_wpns_handler = new MoWpnsHandler();
|
230 |
-
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
231 |
-
|
232 |
-
?>
|
233 |
-
<table id="whitelistedips_table1" class="display">
|
234 |
-
<thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
|
235 |
-
<tbody>
|
236 |
-
<?php
|
237 |
-
foreach($whitelisted_ips as $whitelisted_ip)
|
238 |
-
{
|
239 |
-
echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
|
240 |
-
}
|
241 |
-
|
242 |
-
|
243 |
-
?>
|
244 |
-
</tbody>
|
245 |
-
</table>
|
246 |
-
<script type="text/javascript">
|
247 |
-
jQuery("#whitelistedips_table1").DataTable({
|
248 |
-
"order": [[ 1, "desc" ]]
|
249 |
-
});
|
250 |
-
</script>
|
251 |
-
|
252 |
-
<?php
|
253 |
-
exit;
|
254 |
-
}
|
255 |
-
}
|
256 |
-
|
257 |
|
1 |
+
<?php
|
2 |
+
|
3 |
+
global $moWpnsUtility,$mo2f_dirName;
|
4 |
+
$mo_wpns_handler = new MoWpnsHandler();
|
5 |
+
|
6 |
+
if(current_user_can( 'manage_options' ) && isset($_POST['option']))
|
7 |
+
{
|
8 |
+
switch($_POST['option'])
|
9 |
+
{
|
10 |
+
case "mo_wpns_manual_block_ip":
|
11 |
+
wpns_handle_manual_block_ip($_POST['IP']); break;
|
12 |
+
case "mo_wpns_unblock_ip":
|
13 |
+
wpns_handle_unblock_ip($_POST['id']); break;
|
14 |
+
case "mo_wpns_whitelist_ip":
|
15 |
+
wpns_handle_whitelist_ip($_POST['IP']); break;
|
16 |
+
case "mo_wpns_remove_whitelist":
|
17 |
+
wpns_handle_remove_whitelist($_POST['id'] ); break;
|
18 |
+
}
|
19 |
+
}
|
20 |
+
|
21 |
+
$blockedips = $mo_wpns_handler->get_blocked_ips();
|
22 |
+
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
23 |
+
$path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
|
24 |
+
$path = explode('plugins', $path);
|
25 |
+
$img_loader_url = plugins_url().$path[1];
|
26 |
+
|
27 |
+
$page_url = "";
|
28 |
+
$license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
|
29 |
+
|
30 |
+
|
31 |
+
/** IP BLOCKING RELATED FUNCTIONS **/
|
32 |
+
|
33 |
+
// Function to handle Manual Block IP form submit
|
34 |
+
function wpns_handle_manual_block_ip($ip)
|
35 |
+
{
|
36 |
+
|
37 |
+
global $moWpnsUtility;
|
38 |
+
|
39 |
+
if( $moWpnsUtility->check_empty_or_null( $ip) )
|
40 |
+
{
|
41 |
+
//Improper message
|
42 |
+
echo("empty IP");
|
43 |
+
exit;
|
44 |
+
}
|
45 |
+
if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
|
46 |
+
{
|
47 |
+
echo("INVALID_IP_FORMAT");
|
48 |
+
exit;
|
49 |
+
}
|
50 |
+
else
|
51 |
+
{
|
52 |
+
$ipAddress = sanitize_text_field( $ip );
|
53 |
+
$mo_wpns_config = new MoWpnsHandler();
|
54 |
+
$isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
|
55 |
+
if(!$isWhitelisted)
|
56 |
+
{
|
57 |
+
if($mo_wpns_config->is_ip_blocked($ipAddress)){
|
58 |
+
//Change message
|
59 |
+
echo("already blocked");
|
60 |
+
exit;
|
61 |
+
} else{
|
62 |
+
$mo_wpns_config->block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
|
63 |
+
//not in structures
|
64 |
+
?>
|
65 |
+
<table id="blockedips_table1" class="display">
|
66 |
+
<thead><tr><th>IP Address  </th><th>Reason  </th><th>Blocked Until  </th><th>Blocked Date  </th><th>Action  </th></tr></thead>
|
67 |
+
<tbody>
|
68 |
+
<?php
|
69 |
+
$mo_wpns_handler = new MoWpnsHandler();
|
70 |
+
$blockedips = $mo_wpns_handler->get_blocked_ips();
|
71 |
+
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
72 |
+
global $mo2f_dirName;
|
73 |
+
foreach($blockedips as $blockedip)
|
74 |
+
{
|
75 |
+
echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
|
76 |
+
if(empty($blockedip->blocked_for_time))
|
77 |
+
echo "<span class=redtext>Permanently</span>";
|
78 |
+
else
|
79 |
+
echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
|
80 |
+
echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
|
81 |
+
}
|
82 |
+
?>
|
83 |
+
</tbody>
|
84 |
+
</table>
|
85 |
+
<script type="text/javascript">
|
86 |
+
jQuery("#blockedips_table1").DataTable({
|
87 |
+
"order": [[ 3, "desc" ]]
|
88 |
+
});
|
89 |
+
</script>
|
90 |
+
<?php
|
91 |
+
exit;
|
92 |
+
}
|
93 |
+
}
|
94 |
+
else
|
95 |
+
{
|
96 |
+
// Change message
|
97 |
+
echo("IP_IN_WHITELISTED");
|
98 |
+
exit;
|
99 |
+
}
|
100 |
+
}
|
101 |
+
}
|
102 |
+
|
103 |
+
|
104 |
+
// Function to handle Manual Block IP form submit
|
105 |
+
function wpns_handle_unblock_ip($entryID)
|
106 |
+
{
|
107 |
+
global $moWpnsUtility;
|
108 |
+
|
109 |
+
if( $moWpnsUtility->check_empty_or_null($entryID))
|
110 |
+
{
|
111 |
+
// Change message
|
112 |
+
echo("UNKNOWN_ERROR");
|
113 |
+
exit;
|
114 |
+
}
|
115 |
+
else
|
116 |
+
{
|
117 |
+
$entryid = sanitize_text_field($entryID);
|
118 |
+
$mo_wpns_config = new MoWpnsHandler();
|
119 |
+
$mo_wpns_config->unblock_ip_entry($entryid);
|
120 |
+
//not is structure
|
121 |
+
?>
|
122 |
+
<table id="blockedips_table1" class="display">
|
123 |
+
<thead><tr><th>IP Address  </th><th>Reason  </th><th>Blocked Until  </th><th>Blocked Date  </th><th>Action  </th></tr></thead>
|
124 |
+
<tbody>
|
125 |
+
<?php
|
126 |
+
$mo_wpns_handler = new MoWpnsHandler();
|
127 |
+
$blockedips = $mo_wpns_handler->get_blocked_ips();
|
128 |
+
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
129 |
+
global $mo2f_dirName;
|
130 |
+
foreach($blockedips as $blockedip)
|
131 |
+
{
|
132 |
+
echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
|
133 |
+
if(empty($blockedip->blocked_for_time))
|
134 |
+
echo "<span class=redtext>Permanently</span>";
|
135 |
+
else
|
136 |
+
echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
|
137 |
+
echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
|
138 |
+
}
|
139 |
+
?>
|
140 |
+
</tbody>
|
141 |
+
</table>
|
142 |
+
<script type="text/javascript">
|
143 |
+
jQuery("#blockedips_table1").DataTable({
|
144 |
+
"order": [[ 3, "desc" ]]
|
145 |
+
});
|
146 |
+
</script>
|
147 |
+
<?php
|
148 |
+
|
149 |
+
exit;
|
150 |
+
}
|
151 |
+
}
|
152 |
+
|
153 |
+
|
154 |
+
// Function to handle Whitelist IP form submit
|
155 |
+
function wpns_handle_whitelist_ip($ip)
|
156 |
+
{
|
157 |
+
global $moWpnsUtility;
|
158 |
+
if( $moWpnsUtility->check_empty_or_null($ip))
|
159 |
+
{
|
160 |
+
//change message
|
161 |
+
echo("EMPTY IP");
|
162 |
+
exit;
|
163 |
+
}
|
164 |
+
if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
|
165 |
+
{ //change message
|
166 |
+
echo("INVALID_IP");
|
167 |
+
exit;
|
168 |
+
}
|
169 |
+
else
|
170 |
+
{
|
171 |
+
$ipAddress = sanitize_text_field($ip);
|
172 |
+
$mo_wpns_config = new MoWpnsHandler();
|
173 |
+
if($mo_wpns_config->is_whitelisted($ipAddress))
|
174 |
+
{
|
175 |
+
//change message
|
176 |
+
echo("IP_ALREADY_WHITELISTED");
|
177 |
+
exit;
|
178 |
+
}
|
179 |
+
else
|
180 |
+
{
|
181 |
+
$mo_wpns_config->whitelist_ip($ip);
|
182 |
+
//Structures issues
|
183 |
+
$mo_wpns_handler = new MoWpnsHandler();
|
184 |
+
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
185 |
+
|
186 |
+
?>
|
187 |
+
<table id="whitelistedips_table1" class="display">
|
188 |
+
<thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
|
189 |
+
<tbody>
|
190 |
+
<?php
|
191 |
+
foreach($whitelisted_ips as $whitelisted_ip)
|
192 |
+
{
|
193 |
+
echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
|
194 |
+
}
|
195 |
+
|
196 |
+
|
197 |
+
?>
|
198 |
+
</tbody>
|
199 |
+
</table>
|
200 |
+
<script type="text/javascript">
|
201 |
+
jQuery("#whitelistedips_table1").DataTable({
|
202 |
+
"order": [[ 1, "desc" ]]
|
203 |
+
});
|
204 |
+
</script>
|
205 |
+
|
206 |
+
<?php
|
207 |
+
exit;
|
208 |
+
}
|
209 |
+
}
|
210 |
+
}
|
211 |
+
|
212 |
+
|
213 |
+
// Function to handle remove whitelisted IP form submit
|
214 |
+
function wpns_handle_remove_whitelist($entryID)
|
215 |
+
{
|
216 |
+
global $moWpnsUtility;
|
217 |
+
if( $moWpnsUtility->check_empty_or_null($entryID))
|
218 |
+
{
|
219 |
+
//change Message
|
220 |
+
echo("UNKNOWN_ERROR");
|
221 |
+
exit;
|
222 |
+
}
|
223 |
+
else
|
224 |
+
{
|
225 |
+
$entryid = sanitize_text_field($entryID);
|
226 |
+
$mo_wpns_config = new MoWpnsHandler();
|
227 |
+
$mo_wpns_config->remove_whitelist_entry($entryid);
|
228 |
+
//structures
|
229 |
+
$mo_wpns_handler = new MoWpnsHandler();
|
230 |
+
$whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
|
231 |
+
|
232 |
+
?>
|
233 |
+
<table id="whitelistedips_table1" class="display">
|
234 |
+
<thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
|
235 |
+
<tbody>
|
236 |
+
<?php
|
237 |
+
foreach($whitelisted_ips as $whitelisted_ip)
|
238 |
+
{
|
239 |
+
echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
|
240 |
+
}
|
241 |
+
|
242 |
+
|
243 |
+
?>
|
244 |
+
</tbody>
|
245 |
+
</table>
|
246 |
+
<script type="text/javascript">
|
247 |
+
jQuery("#whitelistedips_table1").DataTable({
|
248 |
+
"order": [[ 1, "desc" ]]
|
249 |
+
});
|
250 |
+
</script>
|
251 |
+
|
252 |
+
<?php
|
253 |
+
exit;
|
254 |
+
}
|
255 |
+
}
|
256 |
+
|
257 |
|
controllers/main_controller.php
CHANGED
@@ -1,111 +1,111 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
global $moWpnsUtility,$mo2f_dirName;
|
4 |
-
|
5 |
-
$controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
|
6 |
-
|
7 |
-
|
8 |
-
if(current_user_can('administrator'))
|
9 |
-
{
|
10 |
-
include $controller . 'navbar.php';
|
11 |
-
include $controller . 'newtork_security_features.php';
|
12 |
-
|
13 |
-
$tour_started=get_option('mo2f_tour_started',0);
|
14 |
-
|
15 |
-
|
16 |
-
if($tour_started<1)
|
17 |
-
include $controller . 'two-fa-intro.php';
|
18 |
-
else if($tour_started != 0)
|
19 |
-
include $controller . 'tour-model.php';
|
20 |
-
|
21 |
-
if( isset( $_GET[ 'page' ]))
|
22 |
-
{
|
23 |
-
switch($_GET['page'])
|
24 |
-
{
|
25 |
-
case 'mo_2fa_dashboard':
|
26 |
-
include $controller . 'dashboard.php'; break;
|
27 |
-
case 'mo_2fa_login_and_spam':
|
28 |
-
include $controller . 'login-spam.php'; break;
|
29 |
-
case 'default':
|
30 |
-
include $controller . 'login-security.php'; break;
|
31 |
-
case 'mo_2fa_account':
|
32 |
-
include $controller . 'account.php'; break;
|
33 |
-
case 'mo_2fa_backup':
|
34 |
-
include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
|
35 |
-
case 'mo_2fa_upgrade':
|
36 |
-
include $controller . 'upgrade.php'; break;
|
37 |
-
case 'mo_2fa_waf':
|
38 |
-
include $controller . 'waf.php'; break;
|
39 |
-
case 'mo_2fa_blockedips':
|
40 |
-
include $controller . 'ip-blocking.php'; break;
|
41 |
-
case 'mo_2fa_advancedblocking':
|
42 |
-
include $controller . 'advanced-blocking.php'; break;
|
43 |
-
case 'mo_2fa_notifications':
|
44 |
-
include $controller . 'notification-settings.php'; break;
|
45 |
-
case 'mo_2fa_reports':
|
46 |
-
include $controller . 'reports.php'; break;
|
47 |
-
case 'mo_2fa_licensing':
|
48 |
-
include $controller . 'licensing.php'; break;
|
49 |
-
case 'mo_2fa_troubleshooting':
|
50 |
-
include $controller . 'troubleshooting.php'; break;
|
51 |
-
case 'mo_2fa_addons':
|
52 |
-
include $controller . 'addons.php'; break;
|
53 |
-
case 'mo_2fa_malwarescan':
|
54 |
-
include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
|
55 |
-
case 'mo_2fa_two_fa':
|
56 |
-
include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
|
57 |
-
case 'mo_2fa_request_demo':
|
58 |
-
include $controller . 'request_demo.php';
|
59 |
-
}
|
60 |
-
}
|
61 |
-
|
62 |
-
}
|
63 |
-
else
|
64 |
-
{
|
65 |
-
if( isset( $_GET[ 'page' ]))
|
66 |
-
{
|
67 |
-
switch($_GET['page'])
|
68 |
-
{
|
69 |
-
case 'mo_2fa_two_fa':
|
70 |
-
include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
|
71 |
-
|
72 |
-
}
|
73 |
-
|
74 |
-
}
|
75 |
-
|
76 |
-
}
|
77 |
-
if (isset( $_GET[ 'page' ])) {
|
78 |
-
|
79 |
-
if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
|
80 |
-
{
|
81 |
-
include $controller . 'feedback_footer.php';
|
82 |
-
}
|
83 |
-
else
|
84 |
-
{
|
85 |
-
include $controller . 'support.php';
|
86 |
-
}
|
87 |
-
}
|
88 |
-
?>
|
89 |
-
|
90 |
-
<!-- <script>
|
91 |
-
jQuery(document).ready(function(){
|
92 |
-
var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
|
93 |
-
var data={
|
94 |
-
'action':'mo_wpns_malware_redirect',
|
95 |
-
'call_type':'malware_scan_initiate',
|
96 |
-
'scan':'scan_start',
|
97 |
-
'scantype':'quick_scan',
|
98 |
-
'nonce': nonce
|
99 |
-
};
|
100 |
-
jQuery.post(ajaxurl, data, function(response){
|
101 |
-
jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
|
102 |
-
document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
|
103 |
-
jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
|
104 |
-
document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
|
105 |
-
jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
|
106 |
-
document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
|
107 |
-
document.getElementById("quick_scan_button").value = "Quick Scan";
|
108 |
-
});
|
109 |
-
});
|
110 |
-
</script> -->
|
111 |
-
|
1 |
+
<?php
|
2 |
+
|
3 |
+
global $moWpnsUtility,$mo2f_dirName;
|
4 |
+
|
5 |
+
$controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
|
6 |
+
|
7 |
+
|
8 |
+
if(current_user_can('administrator'))
|
9 |
+
{
|
10 |
+
include $controller . 'navbar.php';
|
11 |
+
include $controller . 'newtork_security_features.php';
|
12 |
+
|
13 |
+
$tour_started=get_option('mo2f_tour_started',0);
|
14 |
+
|
15 |
+
|
16 |
+
if($tour_started<1)
|
17 |
+
include $controller . 'two-fa-intro.php';
|
18 |
+
else if($tour_started != 0)
|
19 |
+
include $controller . 'tour-model.php';
|
20 |
+
|
21 |
+
if( isset( $_GET[ 'page' ]))
|
22 |
+
{
|
23 |
+
switch($_GET['page'])
|
24 |
+
{
|
25 |
+
case 'mo_2fa_dashboard':
|
26 |
+
include $controller . 'dashboard.php'; break;
|
27 |
+
case 'mo_2fa_login_and_spam':
|
28 |
+
include $controller . 'login-spam.php'; break;
|
29 |
+
case 'default':
|
30 |
+
include $controller . 'login-security.php'; break;
|
31 |
+
case 'mo_2fa_account':
|
32 |
+
include $controller . 'account.php'; break;
|
33 |
+
case 'mo_2fa_backup':
|
34 |
+
include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
|
35 |
+
case 'mo_2fa_upgrade':
|
36 |
+
include $controller . 'upgrade.php'; break;
|
37 |
+
case 'mo_2fa_waf':
|
38 |
+
include $controller . 'waf.php'; break;
|
39 |
+
case 'mo_2fa_blockedips':
|
40 |
+
include $controller . 'ip-blocking.php'; break;
|
41 |
+
case 'mo_2fa_advancedblocking':
|
42 |
+
include $controller . 'advanced-blocking.php'; break;
|
43 |
+
case 'mo_2fa_notifications':
|
44 |
+
include $controller . 'notification-settings.php'; break;
|
45 |
+
case 'mo_2fa_reports':
|
46 |
+
include $controller . 'reports.php'; break;
|
47 |
+
case 'mo_2fa_licensing':
|
48 |
+
include $controller . 'licensing.php'; break;
|
49 |
+
case 'mo_2fa_troubleshooting':
|
50 |
+
include $controller . 'troubleshooting.php'; break;
|
51 |
+
case 'mo_2fa_addons':
|
52 |
+
include $controller . 'addons.php'; break;
|
53 |
+
case 'mo_2fa_malwarescan':
|
54 |
+
include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
|
55 |
+
case 'mo_2fa_two_fa':
|
56 |
+
include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
|
57 |
+
case 'mo_2fa_request_demo':
|
58 |
+
include $controller . 'request_demo.php';
|
59 |
+
}
|
60 |
+
}
|
61 |
+
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
if( isset( $_GET[ 'page' ]))
|
66 |
+
{
|
67 |
+
switch($_GET['page'])
|
68 |
+
{
|
69 |
+
case 'mo_2fa_two_fa':
|
70 |
+
include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
}
|
75 |
+
|
76 |
+
}
|
77 |
+
if (isset( $_GET[ 'page' ])) {
|
78 |
+
|
79 |
+
if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons")
|
80 |
+
{
|
81 |
+
include $controller . 'feedback_footer.php';
|
82 |
+
}
|
83 |
+
else
|
84 |
+
{
|
85 |
+
include $controller . 'support.php';
|
86 |
+
}
|
87 |
+
}
|
88 |
+
?>
|
89 |
+
|
90 |
+
<!-- <script>
|
91 |
+
jQuery(document).ready(function(){
|
92 |
+
var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
|
93 |
+
var data={
|
94 |
+
'action':'mo_wpns_malware_redirect',
|
95 |
+
'call_type':'malware_scan_initiate',
|
96 |
+
'scan':'scan_start',
|
97 |
+
'scantype':'quick_scan',
|
98 |
+
'nonce': nonce
|
99 |
+
};
|
100 |
+
jQuery.post(ajaxurl, data, function(response){
|
101 |
+
jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
|
102 |
+
document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
|
103 |
+
jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
|
104 |
+
document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
|
105 |
+
jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
|
106 |
+
document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
|
107 |
+
document.getElementById("quick_scan_button").value = "Quick Scan";
|
108 |
+
});
|
109 |
+
});
|
110 |
+
</script> -->
|
111 |
+
|
controllers/malware_scanner/malware_scan_ajax.php
CHANGED
@@ -96,13 +96,13 @@ class Mo_wpns_scan_malware
|
|
96 |
);
|
97 |
|
98 |
$encoded_scan_configuration=json_encode($scan_configuration);
|
99 |
-
|
100 |
wp_send_json('save_success');
|
101 |
}
|
102 |
}
|
103 |
|
104 |
public function mo_wpns_start_malware_scan($POSTED){
|
105 |
-
$decoded_scan_configuration=json_decode(
|
106 |
if(isset($decoded_scan_configuration)){
|
107 |
$status = $decoded_scan_configuration->scan_progress;
|
108 |
}else{
|
@@ -118,15 +118,16 @@ class Mo_wpns_scan_malware
|
|
118 |
$mo2f_malware_db_handler = new MoWpnsDB();
|
119 |
|
120 |
$current_time= time();
|
121 |
-
|
122 |
$plugin_current= get_plugins();
|
123 |
-
|
124 |
$args=array();
|
125 |
$theme_current= wp_get_themes($args);
|
126 |
-
|
|
|
127 |
|
128 |
-
|
129 |
-
|
130 |
|
131 |
$mo_wpns_malware_scan_in_progress="IN PROGRESS";
|
132 |
$mo_wpns_files_scanned=0;
|
@@ -134,8 +135,11 @@ class Mo_wpns_scan_malware
|
|
134 |
$mo_wpns_warning_files=0;
|
135 |
$wordpress_download_status=false;
|
136 |
|
137 |
-
|
138 |
-
|
|
|
|
|
|
|
139 |
|
140 |
|
141 |
$scan_status = array(
|
@@ -153,7 +157,7 @@ class Mo_wpns_scan_malware
|
|
153 |
);
|
154 |
|
155 |
$encoded_scan_status=json_encode($scan_status);
|
156 |
-
|
157 |
|
158 |
|
159 |
$mo2f_malware_db_handler->delete_files_parts();
|
@@ -169,7 +173,7 @@ class Mo_wpns_scan_malware
|
|
169 |
return;
|
170 |
}
|
171 |
$scan_configuration = MoWpnsConstants::$quick_scan_configuration;
|
172 |
-
|
173 |
$scan_status = array(
|
174 |
'scan_progress' => $mo_wpns_malware_scan_in_progress,
|
175 |
'files_scanned' => $mo_wpns_files_scanned,
|
@@ -185,7 +189,7 @@ class Mo_wpns_scan_malware
|
|
185 |
);
|
186 |
|
187 |
$encoded_scan_status=json_encode($scan_status);
|
188 |
-
|
189 |
$mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
|
190 |
break;
|
191 |
case "standard_scan":
|
@@ -195,7 +199,7 @@ class Mo_wpns_scan_malware
|
|
195 |
return;
|
196 |
}
|
197 |
$scan_configuration = MoWpnsConstants::$standard_scan_configuration;
|
198 |
-
|
199 |
$scan_status = array(
|
200 |
'scan_progress' => $mo_wpns_malware_scan_in_progress,
|
201 |
'files_scanned' => $mo_wpns_files_scanned,
|
@@ -211,7 +215,7 @@ class Mo_wpns_scan_malware
|
|
211 |
);
|
212 |
|
213 |
$encoded_scan_status=json_encode($scan_status);
|
214 |
-
|
215 |
$mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
|
216 |
break;
|
217 |
case "custom_scan":
|
@@ -220,7 +224,7 @@ class Mo_wpns_scan_malware
|
|
220 |
wp_send_json('ERROR');
|
221 |
return;
|
222 |
}
|
223 |
-
$decode_scan_configuration=json_decode(
|
224 |
if(is_null($decode_scan_configuration))
|
225 |
{
|
226 |
delete_option("mo_wpns_scan_status",$encoded_scan_status);
|
@@ -255,9 +259,9 @@ class Mo_wpns_scan_malware
|
|
255 |
);
|
256 |
|
257 |
$encoded_scan_status=json_encode($scan_status);
|
258 |
-
|
259 |
-
|
260 |
-
|
261 |
$mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
|
262 |
break;
|
263 |
}
|
@@ -267,8 +271,8 @@ class Mo_wpns_scan_malware
|
|
267 |
|
268 |
public function mo_wpns_get_progress(){
|
269 |
|
270 |
-
$decoded_scan_status=json_decode(
|
271 |
-
$status= $decoded_scan_status->scan_progress
|
272 |
$files_scanned= $decoded_scan_status->files_scanned;
|
273 |
$total_files = $decoded_scan_status->total_files;
|
274 |
$check_repo = $decoded_scan_status->check_with_repo;
|
@@ -282,19 +286,32 @@ class Mo_wpns_scan_malware
|
|
282 |
|
283 |
if($time_spent_in_downloading > 600){
|
284 |
$mo2f_malware_db_handler = new MoWpnsDB();
|
285 |
-
$reportid=
|
286 |
$last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
|
287 |
if(!empty($last_report)){
|
288 |
-
$
|
289 |
-
$
|
290 |
-
$
|
291 |
-
|
292 |
-
|
293 |
-
|
|
|
|
|
294 |
}
|
295 |
-
|
296 |
-
$
|
297 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
298 |
}
|
299 |
}
|
300 |
$repo_scan=0;
|
@@ -307,7 +324,7 @@ class Mo_wpns_scan_malware
|
|
307 |
}
|
308 |
else{
|
309 |
//stop scan check
|
310 |
-
$stop_scan=
|
311 |
|
312 |
$mo_wpns_db_handler = new MoWpnsDB();
|
313 |
$total_scan=$mo_wpns_db_handler->count_files();
|
@@ -315,8 +332,8 @@ class Mo_wpns_scan_malware
|
|
315 |
$last_id=$mo_wpns_db_handler->get_last_id();
|
316 |
$send_id=$last_id[0]->max;
|
317 |
$last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
|
318 |
-
$malicious_last_scan=
|
319 |
-
$warning_last_scan =
|
320 |
if($total_scan > 999){
|
321 |
$total_scan=($total_scan/1000);
|
322 |
$total_scan= round($total_scan,1)."k";
|
@@ -340,14 +357,14 @@ class Mo_wpns_scan_malware
|
|
340 |
}
|
341 |
|
342 |
function mo_wpns_stop_scan(){
|
343 |
-
|
344 |
$mo2f_malware_db_handler = new MoWpnsDB();
|
345 |
$mo2f_malware_db_handler->delete_files_parts();
|
346 |
wp_send_json('success');
|
347 |
}
|
348 |
|
349 |
function mo_wpns_get_scan_result(){
|
350 |
-
$decoded_scan_configuration=json_decode(
|
351 |
$status=$decoded_scan_configuration->scan_progress;
|
352 |
$mo_wpns_db_handler = new MoWpnsDB();
|
353 |
$result = $mo_wpns_db_handler->get_report();
|
96 |
);
|
97 |
|
98 |
$encoded_scan_configuration=json_encode($scan_configuration);
|
99 |
+
update_site_option("mo_wpns_scan_configuration",$encoded_scan_configuration);
|
100 |
wp_send_json('save_success');
|
101 |
}
|
102 |
}
|
103 |
|
104 |
public function mo_wpns_start_malware_scan($POSTED){
|
105 |
+
$decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
|
106 |
if(isset($decoded_scan_configuration)){
|
107 |
$status = $decoded_scan_configuration->scan_progress;
|
108 |
}else{
|
118 |
$mo2f_malware_db_handler = new MoWpnsDB();
|
119 |
|
120 |
$current_time= time();
|
121 |
+
update_site_option('mo_wpns_last_scan_time', $current_time);
|
122 |
$plugin_current= get_plugins();
|
123 |
+
update_site_option('mo_wpns_last_plugins', $plugin_current);
|
124 |
$args=array();
|
125 |
$theme_current= wp_get_themes($args);
|
126 |
+
update_site_option('mo_wpns_last_themes', $theme_current);
|
127 |
+
update_site_option('malware_notification_option',1);
|
128 |
|
129 |
+
update_site_option('mo2f_scan_initialize', 0);
|
130 |
+
update_site_option('mo_wpns_hide_malware_popup', 1);
|
131 |
|
132 |
$mo_wpns_malware_scan_in_progress="IN PROGRESS";
|
133 |
$mo_wpns_files_scanned=0;
|
135 |
$mo_wpns_warning_files=0;
|
136 |
$wordpress_download_status=false;
|
137 |
|
138 |
+
update_site_option('mo_wpns_infected_files',0);
|
139 |
+
update_site_option('mo_wpns_warning_files',0);
|
140 |
+
update_site_option('mo2f_files_skipped', 0);
|
141 |
+
update_site_option('mo2f_file_size_excess', 0);
|
142 |
+
update_site_option('mo2f_download_done', 0);
|
143 |
|
144 |
|
145 |
$scan_status = array(
|
157 |
);
|
158 |
|
159 |
$encoded_scan_status=json_encode($scan_status);
|
160 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_status);
|
161 |
|
162 |
|
163 |
$mo2f_malware_db_handler->delete_files_parts();
|
173 |
return;
|
174 |
}
|
175 |
$scan_configuration = MoWpnsConstants::$quick_scan_configuration;
|
176 |
+
update_site_option('mo_wpns_scan_mode','quick_scan');
|
177 |
$scan_status = array(
|
178 |
'scan_progress' => $mo_wpns_malware_scan_in_progress,
|
179 |
'files_scanned' => $mo_wpns_files_scanned,
|
189 |
);
|
190 |
|
191 |
$encoded_scan_status=json_encode($scan_status);
|
192 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_status);
|
193 |
$mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
|
194 |
break;
|
195 |
case "standard_scan":
|
199 |
return;
|
200 |
}
|
201 |
$scan_configuration = MoWpnsConstants::$standard_scan_configuration;
|
202 |
+
update_site_option('mo_wpns_scan_mode','standard_scan');
|
203 |
$scan_status = array(
|
204 |
'scan_progress' => $mo_wpns_malware_scan_in_progress,
|
205 |
'files_scanned' => $mo_wpns_files_scanned,
|
215 |
);
|
216 |
|
217 |
$encoded_scan_status=json_encode($scan_status);
|
218 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_status);
|
219 |
$mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
|
220 |
break;
|
221 |
case "custom_scan":
|
224 |
wp_send_json('ERROR');
|
225 |
return;
|
226 |
}
|
227 |
+
$decode_scan_configuration=json_decode(get_site_option("mo_wpns_scan_configuration"));
|
228 |
if(is_null($decode_scan_configuration))
|
229 |
{
|
230 |
delete_option("mo_wpns_scan_status",$encoded_scan_status);
|
259 |
);
|
260 |
|
261 |
$encoded_scan_status=json_encode($scan_status);
|
262 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_status);
|
263 |
+
update_site_option('mo_wpns_scan_mode','custom_scan');
|
264 |
+
update_site_option('mo2f_custom_scan_config', $scan_configuration);
|
265 |
$mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
|
266 |
break;
|
267 |
}
|
271 |
|
272 |
public function mo_wpns_get_progress(){
|
273 |
|
274 |
+
$decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
|
275 |
+
$status= $decoded_scan_status->scan_progress;
|
276 |
$files_scanned= $decoded_scan_status->files_scanned;
|
277 |
$total_files = $decoded_scan_status->total_files;
|
278 |
$check_repo = $decoded_scan_status->check_with_repo;
|
286 |
|
287 |
if($time_spent_in_downloading > 600){
|
288 |
$mo2f_malware_db_handler = new MoWpnsDB();
|
289 |
+
$reportid= get_site_option('mo2f_report_id');
|
290 |
$last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
|
291 |
if(!empty($last_report)){
|
292 |
+
$issue = $last_report[0]->repo_key;
|
293 |
+
$repo_key = get_site_option('mo2f_current_repo_key');
|
294 |
+
if($repo_key == 'core'){
|
295 |
+
$issue.= "WordPress Core Files;";
|
296 |
+
}else{
|
297 |
+
$issue.= $repo_key.";";
|
298 |
+
}
|
299 |
+
$mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
|
300 |
}
|
301 |
+
$scan_mode = get_site_option('mo_wpns_scan_mode');
|
302 |
+
if ( $scan_mode == 'Quick Scan' ) {
|
303 |
+
$scan_config = MoWpnsConstants::$quick_scan_configuration;
|
304 |
+
} elseif ( $scan_mode == 'Standard Scan' ) {
|
305 |
+
$scan_config = MoWpnsConstants::$standard_scan_configuration;
|
306 |
+
} else {
|
307 |
+
$scan_config = get_site_option( 'mo2f_custom_scan_config' );
|
308 |
+
}
|
309 |
+
$uploads_dir = wp_upload_dir();
|
310 |
+
$uploads_path= $uploads_dir['basedir'];
|
311 |
+
$repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
|
312 |
+
$scanverification = get_site_option( "mo2f_scanverification" );
|
313 |
+
$req_obj = new mo2f_scanner_parts();
|
314 |
+
$req_obj->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
|
315 |
}
|
316 |
}
|
317 |
$repo_scan=0;
|
324 |
}
|
325 |
else{
|
326 |
//stop scan check
|
327 |
+
$stop_scan=get_site_option('mo_stop_scan');
|
328 |
|
329 |
$mo_wpns_db_handler = new MoWpnsDB();
|
330 |
$total_scan=$mo_wpns_db_handler->count_files();
|
332 |
$last_id=$mo_wpns_db_handler->get_last_id();
|
333 |
$send_id=$last_id[0]->max;
|
334 |
$last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
|
335 |
+
$malicious_last_scan= get_site_option('mo_wpns_infected_files');
|
336 |
+
$warning_last_scan = get_site_option('mo_wpns_warning_files');
|
337 |
if($total_scan > 999){
|
338 |
$total_scan=($total_scan/1000);
|
339 |
$total_scan= round($total_scan,1)."k";
|
357 |
}
|
358 |
|
359 |
function mo_wpns_stop_scan(){
|
360 |
+
update_site_option('mo_stop_scan','1');
|
361 |
$mo2f_malware_db_handler = new MoWpnsDB();
|
362 |
$mo2f_malware_db_handler->delete_files_parts();
|
363 |
wp_send_json('success');
|
364 |
}
|
365 |
|
366 |
function mo_wpns_get_scan_result(){
|
367 |
+
$decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
|
368 |
$status=$decoded_scan_configuration->scan_progress;
|
369 |
$mo_wpns_db_handler = new MoWpnsDB();
|
370 |
$result = $mo_wpns_db_handler->get_report();
|
controllers/malware_scanner/scan_malware_settings.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
|
3 |
|
4 |
|
5 |
-
$scan_configuration = json_decode(
|
6 |
if(is_null($scan_configuration)){
|
7 |
$mo_wpns_scan_files_extensions = "";
|
8 |
$mo_wpns_skip_folders = "";
|
2 |
|
3 |
|
4 |
|
5 |
+
$scan_configuration = json_decode(get_site_option('mo_wpns_scan_configuration'));
|
6 |
if(is_null($scan_configuration)){
|
7 |
$mo_wpns_scan_files_extensions = "";
|
8 |
$mo_wpns_skip_folders = "";
|
controllers/navbar.php
CHANGED
@@ -80,4 +80,13 @@
|
|
80 |
|
81 |
$active_tab = $_GET['page'];
|
82 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
83 |
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
|
80 |
|
81 |
$active_tab = $_GET['page'];
|
82 |
|
83 |
+
$user_id = get_current_user_id();
|
84 |
+
$mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
|
85 |
+
$backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
|
86 |
+
if(is_array($backup_codes_remaining)){
|
87 |
+
$backup_codes_remaining = sizeof($backup_codes_remaining);
|
88 |
+
}else{
|
89 |
+
$backup_codes_remaining = 0;
|
90 |
+
}
|
91 |
+
|
92 |
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
|
controllers/support.php
CHANGED
@@ -1,51 +1,51 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
global $mo2f_dirName;
|
4 |
-
|
5 |
-
if(current_user_can( 'manage_options' ) && isset($_POST['option']))
|
6 |
-
{
|
7 |
-
switch($_POST['option'])
|
8 |
-
{
|
9 |
-
case "mo_wpns_send_query":
|
10 |
-
wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
|
11 |
-
}
|
12 |
-
}
|
13 |
-
|
14 |
-
$current_user = wp_get_current_user();
|
15 |
-
$email = get_option("mo2f_email");
|
16 |
-
$phone = get_option("mo_wpns_admin_phone");
|
17 |
-
|
18 |
-
|
19 |
-
if(empty($email))
|
20 |
-
$email = $current_user->user_email;
|
21 |
-
|
22 |
-
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
|
23 |
-
|
24 |
-
|
25 |
-
/* SUPPORT FORM RELATED FUNCTIONS */
|
26 |
-
|
27 |
-
//Function to handle support form submit
|
28 |
-
function wpns_handle_support_form($email,$query,$phone)
|
29 |
-
{
|
30 |
-
|
31 |
-
if( empty($email) || empty($query) )
|
32 |
-
{
|
33 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'SUCCESS');
|
34 |
-
return;
|
35 |
-
}
|
36 |
-
|
37 |
-
|
38 |
-
$query = sanitize_text_field( $query );
|
39 |
-
$email = sanitize_text_field( $email );
|
40 |
-
$phone = sanitize_text_field( $phone );
|
41 |
-
$contact_us = new MocURL();
|
42 |
-
$submited = json_decode($contact_us->submit_contact_us($email, $phone, $query),true);
|
43 |
-
|
44 |
-
if(json_last_error() == JSON_ERROR_NONE && $submited)
|
45 |
-
{
|
46 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
|
47 |
-
return;
|
48 |
-
}
|
49 |
-
|
50 |
-
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
|
51 |
}
|
1 |
+
<?php
|
2 |
+
|
3 |
+
global $mo2f_dirName;
|
4 |
+
|
5 |
+
if(current_user_can( 'manage_options' ) && isset($_POST['option']))
|
6 |
+
{
|
7 |
+
switch($_POST['option'])
|
8 |
+
{
|
9 |
+
case "mo_wpns_send_query":
|
10 |
+
wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
|
11 |
+
}
|
12 |
+
}
|
13 |
+
|
14 |
+
$current_user = wp_get_current_user();
|
15 |
+
$email = get_option("mo2f_email");
|
16 |
+
$phone = get_option("mo_wpns_admin_phone");
|
17 |
+
|
18 |
+
|
19 |
+
if(empty($email))
|
20 |
+
$email = $current_user->user_email;
|
21 |
+
|
22 |
+
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
|
23 |
+
|
24 |
+
|
25 |
+
/* SUPPORT FORM RELATED FUNCTIONS */
|
26 |
+
|
27 |
+
//Function to handle support form submit
|
28 |
+
function wpns_handle_support_form($email,$query,$phone)
|
29 |
+
{
|
30 |
+
|
31 |
+
if( empty($email) || empty($query) )
|
32 |
+
{
|
33 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'SUCCESS');
|
34 |
+
return;
|
35 |
+
}
|
36 |
+
|
37 |
+
|
38 |
+
$query = sanitize_text_field( $query );
|
39 |
+
$email = sanitize_text_field( $email );
|
40 |
+
$phone = sanitize_text_field( $phone );
|
41 |
+
$contact_us = new MocURL();
|
42 |
+
$submited = json_decode($contact_us->submit_contact_us($email, $phone, $query),true);
|
43 |
+
|
44 |
+
if(json_last_error() == JSON_ERROR_NONE && $submited)
|
45 |
+
{
|
46 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
|
47 |
+
return;
|
48 |
+
}
|
49 |
+
|
50 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
|
51 |
}
|
controllers/twofa/mo2fa_common_login.php
CHANGED
@@ -229,6 +229,7 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
|
|
229 |
class="mo2f_display_none_forms">
|
230 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
231 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
|
|
232 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
233 |
</form>
|
234 |
<form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
|
@@ -255,10 +256,11 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
|
|
255 |
</html>
|
256 |
<?php }
|
257 |
|
258 |
-
function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
|
259 |
$mo_wpns_config = new MoWpnsHandler();
|
260 |
$mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
|
261 |
$mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
|
|
|
262 |
?>
|
263 |
<html>
|
264 |
<head>
|
@@ -290,7 +292,7 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
|
|
290 |
<form name="f" id="mo2f_submitkba_loginform" method="post">
|
291 |
<div id="mo2f_kba_content">
|
292 |
<p style="font-size:15px;">
|
293 |
-
<?php $kba_questions = $cookievalue
|
294 |
echo $kba_questions[0]['question']; ?><br>
|
295 |
<input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
|
296 |
required="true" autofocus="true"
|
@@ -327,12 +329,30 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
|
|
327 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
328 |
</form>
|
329 |
<br>
|
330 |
-
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
331 |
<div style="padding:10px;">
|
332 |
<p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
|
333 |
</div>
|
334 |
|
335 |
-
<?php
|
|
|
|
|
|
|
336 |
|
337 |
</div>
|
338 |
</div>
|
@@ -391,6 +411,12 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
|
|
391 |
});
|
392 |
}
|
393 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
394 |
</script>
|
395 |
</body>
|
396 |
|
@@ -398,6 +424,64 @@ function mo2f_get_kba_authentication_prompt( $login_message, $redirect_to, $sess
|
|
398 |
<?php
|
399 |
}
|
400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
401 |
function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
|
402 |
$mo_wpns_config = new MoWpnsHandler();
|
403 |
|
@@ -406,6 +490,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
|
|
406 |
$mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
|
407 |
$mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
408 |
$mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
|
|
|
409 |
if(!MO2F_IS_ONPREM)
|
410 |
$mo2f_EV_txid = $_SESSION['mo2f_transactionId'];
|
411 |
?>
|
@@ -471,13 +556,31 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
|
|
471 |
<?php } ?>
|
472 |
</span>
|
473 |
<center>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
474 |
<div style="padding:10px;">
|
475 |
<p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
|
476 |
</div>
|
477 |
</center>
|
478 |
</div>
|
479 |
|
480 |
-
<?php
|
|
|
|
|
|
|
481 |
</div>
|
482 |
</div>
|
483 |
</div>
|
@@ -487,6 +590,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
|
|
487 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
488 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
489 |
<input type="hidden" name="option" value="miniorange_mobile_validation_failed">
|
|
|
490 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
491 |
<input type="hidden" name="currentMethod" value="emailVer"/>
|
492 |
|
@@ -523,6 +627,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
|
|
523 |
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
524 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
525 |
</form>
|
|
|
526 |
<script>
|
527 |
var timeout;
|
528 |
var login_status = '<?php echo $login_status;?>';
|
@@ -607,6 +712,12 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
|
|
607 |
jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
|
608 |
jQuery('#mo2f_alternate_login_kbaform').submit();
|
609 |
});
|
|
|
|
|
|
|
|
|
|
|
|
|
610 |
|
611 |
</script>
|
612 |
</body>
|
@@ -618,6 +729,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
|
|
618 |
$mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
|
619 |
$mo_wpns_config = new MoWpnsHandler();
|
620 |
$mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
|
|
621 |
?>
|
622 |
<html>
|
623 |
<head>
|
@@ -670,11 +782,29 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
|
|
670 |
value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
|
671 |
</center>
|
672 |
</span>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
673 |
<div style="padding:10px;">
|
674 |
<p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
|
675 |
</div>
|
676 |
</div>
|
677 |
-
<?php
|
|
|
|
|
|
|
678 |
</div>
|
679 |
</div>
|
680 |
</div>
|
@@ -683,6 +813,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
|
|
683 |
class="mo2f_display_none_forms">
|
684 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
685 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
|
|
686 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
687 |
</form>
|
688 |
<form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
|
@@ -707,6 +838,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
|
|
707 |
<input type="hidden" name="option" value="miniorange_forgotphone">
|
708 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
709 |
</form>
|
|
|
710 |
<script>
|
711 |
var timeout;
|
712 |
pollMobileValidation();
|
@@ -755,6 +887,12 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
|
|
755 |
function mologinback() {
|
756 |
jQuery('#mo2f_backto_mo_loginform').submit();
|
757 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
758 |
|
759 |
</script>
|
760 |
</body>
|
@@ -763,10 +901,13 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
|
|
763 |
}
|
764 |
|
765 |
function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ) {
|
|
|
766 |
$mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
|
767 |
$mo_wpns_config = new MoWpnsHandler();
|
768 |
$mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
769 |
$attempts = get_option('mo2f_attempts_before_redirect', 3);
|
|
|
|
|
770 |
?>
|
771 |
<html>
|
772 |
<head>
|
@@ -841,14 +982,36 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
|
|
841 |
id="miniorange_login_forgotphone"
|
842 |
class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
|
843 |
<?php } ?>
|
844 |
-
<?php }
|
845 |
-
|
846 |
-
|
847 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
848 |
</div>
|
849 |
</div>
|
850 |
</center>
|
851 |
-
<?php
|
|
|
|
|
|
|
|
|
|
|
852 |
</div>
|
853 |
</div>
|
854 |
</div>
|
@@ -870,6 +1033,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
|
|
870 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
871 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
872 |
</form>
|
|
|
873 |
<?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
|
874 |
<form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
|
875 |
<input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
|
@@ -886,6 +1050,12 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $red
|
|
886 |
jQuery('#miniorange_otp_token_back').click(function(){
|
887 |
jQuery('#mo2f_backto_inline_registration').submit();
|
888 |
});
|
|
|
|
|
|
|
|
|
|
|
|
|
889 |
|
890 |
function mologinback() {
|
891 |
jQuery('#mo2f_backto_mo_loginform').submit();
|
@@ -991,6 +1161,7 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
|
|
991 |
class="mo2f_display_none_forms">
|
992 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
993 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
|
|
994 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
995 |
</form>
|
996 |
<form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
|
@@ -1041,5 +1212,145 @@ function echo_js_css_files() {
|
|
1041 |
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
|
1042 |
}
|
1043 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1044 |
|
1045 |
?>
|
229 |
class="mo2f_display_none_forms">
|
230 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
231 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
232 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
233 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
234 |
</form>
|
235 |
<form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
|
256 |
</html>
|
257 |
<?php }
|
258 |
|
259 |
+
function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
|
260 |
$mo_wpns_config = new MoWpnsHandler();
|
261 |
$mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
|
262 |
$mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
|
263 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
264 |
?>
|
265 |
<html>
|
266 |
<head>
|
292 |
<form name="f" id="mo2f_submitkba_loginform" method="post">
|
293 |
<div id="mo2f_kba_content">
|
294 |
<p style="font-size:15px;">
|
295 |
+
<?php $kba_questions = $cookievalue;
|
296 |
echo $kba_questions[0]['question']; ?><br>
|
297 |
<input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
|
298 |
required="true" autofocus="true"
|
329 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
330 |
</form>
|
331 |
<br>
|
332 |
+
</div><br>
|
333 |
+
<?php
|
334 |
+
if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
|
335 |
+
<div>
|
336 |
+
<a href="#mo2f_backup_generate">
|
337 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
|
338 |
+
</a>
|
339 |
+
</div>
|
340 |
+
<?php }else{ ?>
|
341 |
+
<div>
|
342 |
+
<a href="#mo2f_backup_option">
|
343 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
|
344 |
+
</a>
|
345 |
+
</div>
|
346 |
+
<?php }
|
347 |
+
?>
|
348 |
<div style="padding:10px;">
|
349 |
<p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
|
350 |
</div>
|
351 |
|
352 |
+
<?php
|
353 |
+
mo2f_customize_logo();
|
354 |
+
mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
|
355 |
+
?>
|
356 |
|
357 |
</div>
|
358 |
</div>
|
411 |
});
|
412 |
}
|
413 |
}
|
414 |
+
jQuery('a[href="#mo2f_backup_option"]').click(function() {
|
415 |
+
jQuery('#mo2f_backup').submit();
|
416 |
+
});
|
417 |
+
jQuery('a[href="#mo2f_backup_generate"]').click(function() {
|
418 |
+
jQuery('#mo2f_create_backup_codes').submit();
|
419 |
+
});
|
420 |
</script>
|
421 |
</body>
|
422 |
|
424 |
<?php
|
425 |
}
|
426 |
|
427 |
+
function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
|
428 |
+
?>
|
429 |
+
<html>
|
430 |
+
<head> <meta charset="utf-8"/>
|
431 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
432 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
433 |
+
<?php
|
434 |
+
echo_js_css_files(); ?>
|
435 |
+
</head>
|
436 |
+
<body>
|
437 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
438 |
+
<div class="mo2f-modal-backdrop"></div>
|
439 |
+
<div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
|
440 |
+
<div class="login mo_customer_validation-modal-content">
|
441 |
+
<div class="mo2f_modal-header">
|
442 |
+
<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
443 |
+
<?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
|
444 |
+
</h4>
|
445 |
+
</div>
|
446 |
+
<div class="mo2f_modal-body">
|
447 |
+
<div id="kbaSection" style="padding-left:10px;padding-right:10px;">
|
448 |
+
<div id="otpMessage" >
|
449 |
+
|
450 |
+
<p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
|
451 |
+
</div>
|
452 |
+
<form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
|
453 |
+
<div id="mo2f_kba_content">
|
454 |
+
<p style="font-size:15px;">
|
455 |
+
<input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
|
456 |
+
</p>
|
457 |
+
</div>
|
458 |
+
<input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
|
459 |
+
<input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
|
460 |
+
<input type="hidden" name="option" value="miniorange_validate_backup_nonce">
|
461 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
|
462 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
|
463 |
+
</form>
|
464 |
+
</br>
|
465 |
+
</div>
|
466 |
+
<br /><br /><br />
|
467 |
+
<?php mo2f_customize_logo() ?>
|
468 |
+
</div>
|
469 |
+
</div>
|
470 |
+
</div>
|
471 |
+
</div>
|
472 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
473 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
474 |
+
</form>
|
475 |
+
</body>
|
476 |
+
<script>
|
477 |
+
function mologinback(){
|
478 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
479 |
+
}
|
480 |
+
</script>
|
481 |
+
</html>
|
482 |
+
<?php
|
483 |
+
}
|
484 |
+
|
485 |
function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
|
486 |
$mo_wpns_config = new MoWpnsHandler();
|
487 |
|
490 |
$mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
|
491 |
$mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
492 |
$mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
|
493 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
494 |
if(!MO2F_IS_ONPREM)
|
495 |
$mo2f_EV_txid = $_SESSION['mo2f_transactionId'];
|
496 |
?>
|
556 |
<?php } ?>
|
557 |
</span>
|
558 |
<center>
|
559 |
+
<?php
|
560 |
+
if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
|
561 |
+
<div>
|
562 |
+
<a href="#mo2f_backup_generate">
|
563 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
|
564 |
+
</a>
|
565 |
+
</div>
|
566 |
+
<?php }else{ ?>
|
567 |
+
<div>
|
568 |
+
<a href="#mo2f_backup_option">
|
569 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
|
570 |
+
</a>
|
571 |
+
</div>
|
572 |
+
<?php }
|
573 |
+
?>
|
574 |
<div style="padding:10px;">
|
575 |
<p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
|
576 |
</div>
|
577 |
</center>
|
578 |
</div>
|
579 |
|
580 |
+
<?php
|
581 |
+
mo2f_customize_logo();
|
582 |
+
mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
|
583 |
+
?>
|
584 |
</div>
|
585 |
</div>
|
586 |
</div>
|
590 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
591 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
592 |
<input type="hidden" name="option" value="miniorange_mobile_validation_failed">
|
593 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
594 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
595 |
<input type="hidden" name="currentMethod" value="emailVer"/>
|
596 |
|
627 |
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
628 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
629 |
</form>
|
630 |
+
|
631 |
<script>
|
632 |
var timeout;
|
633 |
var login_status = '<?php echo $login_status;?>';
|
712 |
jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
|
713 |
jQuery('#mo2f_alternate_login_kbaform').submit();
|
714 |
});
|
715 |
+
jQuery('a[href="#mo2f_backup_option"]').click(function() {
|
716 |
+
jQuery('#mo2f_backup').submit();
|
717 |
+
});
|
718 |
+
jQuery('a[href="#mo2f_backup_generate"]').click(function() {
|
719 |
+
jQuery('#mo2f_create_backup_codes').submit();
|
720 |
+
});
|
721 |
|
722 |
</script>
|
723 |
</body>
|
729 |
$mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
|
730 |
$mo_wpns_config = new MoWpnsHandler();
|
731 |
$mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
732 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
733 |
?>
|
734 |
<html>
|
735 |
<head>
|
782 |
value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
|
783 |
</center>
|
784 |
</span>
|
785 |
+
<?php
|
786 |
+
if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
|
787 |
+
<div>
|
788 |
+
<a href="#mo2f_backup_generate">
|
789 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
|
790 |
+
</a>
|
791 |
+
</div>
|
792 |
+
<?php }else{ ?>
|
793 |
+
<div>
|
794 |
+
<a href="#mo2f_backup_option">
|
795 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
|
796 |
+
</a>
|
797 |
+
</div>
|
798 |
+
<?php }
|
799 |
+
?>
|
800 |
<div style="padding:10px;">
|
801 |
<p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
|
802 |
</div>
|
803 |
</div>
|
804 |
+
<?php
|
805 |
+
mo2f_customize_logo();
|
806 |
+
mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
|
807 |
+
?>
|
808 |
</div>
|
809 |
</div>
|
810 |
</div>
|
813 |
class="mo2f_display_none_forms">
|
814 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
815 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
816 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
817 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
818 |
</form>
|
819 |
<form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
|
838 |
<input type="hidden" name="option" value="miniorange_forgotphone">
|
839 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
840 |
</form>
|
841 |
+
|
842 |
<script>
|
843 |
var timeout;
|
844 |
pollMobileValidation();
|
887 |
function mologinback() {
|
888 |
jQuery('#mo2f_backto_mo_loginform').submit();
|
889 |
}
|
890 |
+
jQuery('a[href="#mo2f_backup_option"]').click(function() {
|
891 |
+
jQuery('#mo2f_backup').submit();
|
892 |
+
});
|
893 |
+
jQuery('a[href="#mo2f_backup_generate"]').click(function() {
|
894 |
+
jQuery('#mo2f_create_backup_codes').submit();
|
895 |
+
});
|
896 |
|
897 |
</script>
|
898 |
</body>
|
901 |
}
|
902 |
|
903 |
function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ) {
|
904 |
+
global $Mo2fdbQueries;
|
905 |
$mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
|
906 |
$mo_wpns_config = new MoWpnsHandler();
|
907 |
$mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
908 |
$attempts = get_option('mo2f_attempts_before_redirect', 3);
|
909 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
910 |
+
$mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
|
911 |
?>
|
912 |
<html>
|
913 |
<head>
|
982 |
id="miniorange_login_forgotphone"
|
983 |
class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
|
984 |
<?php } ?>
|
985 |
+
<?php }
|
986 |
+
if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
|
987 |
+
if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
|
988 |
+
<div>
|
989 |
+
<a href="#mo2f_backup_generate">
|
990 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
|
991 |
+
</a>
|
992 |
+
</div>
|
993 |
+
<?php }else{ ?>
|
994 |
+
<div>
|
995 |
+
<a href="#mo2f_backup_option">
|
996 |
+
<p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
|
997 |
+
</a>
|
998 |
+
</div>
|
999 |
+
<?php }
|
1000 |
+
?>
|
1001 |
+
|
1002 |
+
<div style="padding:10px;">
|
1003 |
+
<p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
|
1004 |
+
</div>
|
1005 |
+
<?php } ?>
|
1006 |
</div>
|
1007 |
</div>
|
1008 |
</center>
|
1009 |
+
<?php
|
1010 |
+
mo2f_customize_logo();
|
1011 |
+
if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
|
1012 |
+
mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
|
1013 |
+
}
|
1014 |
+
?>
|
1015 |
</div>
|
1016 |
</div>
|
1017 |
</div>
|
1033 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
1034 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
1035 |
</form>
|
1036 |
+
|
1037 |
<?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
|
1038 |
<form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
|
1039 |
<input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
|
1050 |
jQuery('#miniorange_otp_token_back').click(function(){
|
1051 |
jQuery('#mo2f_backto_inline_registration').submit();
|
1052 |
});
|
1053 |
+
jQuery('a[href="#mo2f_backup_option"]').click(function() {
|
1054 |
+
jQuery('#mo2f_backup').submit();
|
1055 |
+
});
|
1056 |
+
jQuery('a[href="#mo2f_backup_generate"]').click(function() {
|
1057 |
+
jQuery('#mo2f_create_backup_codes').submit();
|
1058 |
+
});
|
1059 |
|
1060 |
function mologinback() {
|
1061 |
jQuery('#mo2f_backto_mo_loginform').submit();
|
1161 |
class="mo2f_display_none_forms">
|
1162 |
<input type="hidden" name="miniorange_mobile_validation_failed_nonce"
|
1163 |
value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
|
1164 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1165 |
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
1166 |
</form>
|
1167 |
<form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
|
1212 |
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
|
1213 |
}
|
1214 |
|
1215 |
+
function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
|
1216 |
+
global $Mo2fdbQueries;
|
1217 |
+
if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
|
1218 |
+
$encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
|
1219 |
+
$key = get_option( 'mo2f_encryption_key' );
|
1220 |
+
$codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
|
1221 |
+
$codes = explode(",", $codes_string);
|
1222 |
+
delete_user_meta($id, 'chqwetcsdvnvd');
|
1223 |
+
$result = true;
|
1224 |
+
}else{
|
1225 |
+
$codes = MO2f_Utility::mo_2f_generate_backup_codes();
|
1226 |
+
$codes_hash = MO2f_Utility::mo2f_get_codes_hash($codes);
|
1227 |
+
update_user_meta($id,'mo2f_backup_codes', $codes_hash);
|
1228 |
+
$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
|
1229 |
+
if(empty($mo2f_user_email)){
|
1230 |
+
$currentuser = get_user_by( 'id', $id );
|
1231 |
+
$mo2f_user_email = $currentuser->user_email;
|
1232 |
+
}
|
1233 |
+
$result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
|
1234 |
+
update_user_meta($id, 'mo_backup_code_generated', 1);
|
1235 |
+
}
|
1236 |
+
update_user_meta($id, 'mo_backup_code_screen_shown', 1);
|
1237 |
+
?>
|
1238 |
+
<html>
|
1239 |
+
<head> <meta charset="utf-8"/>
|
1240 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
1241 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
1242 |
+
<?php
|
1243 |
+
echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
|
1244 |
+
echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) . '" ></script>';
|
1245 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
|
1246 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))) . '" />';
|
1247 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))) . '" />';
|
1248 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))) . '" />';
|
1249 |
+
?>
|
1250 |
+
<style>
|
1251 |
+
.mo2f_kba_ques, .mo2f_table_textbox{
|
1252 |
+
background: whitesmoke none repeat scroll 0% 0%;
|
1253 |
+
}
|
1254 |
+
</style>
|
1255 |
+
</head>
|
1256 |
+
<body>
|
1257 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
1258 |
+
<div class="mo2f-modal-backdrop"></div>
|
1259 |
+
<div class="mo2f_modal-dialog mo2f_modal-lg">
|
1260 |
+
<div class="login mo_customer_validation-modal-content">
|
1261 |
+
<div class="mo2f_modal-header">
|
1262 |
+
<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
1263 |
+
<?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
|
1264 |
+
</div>
|
1265 |
+
<div class="mo2f_modal-body center">
|
1266 |
+
|
1267 |
+
|
1268 |
+
<h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
|
1269 |
+
|
1270 |
+
<h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
|
1271 |
+
<br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
|
1272 |
+
|
1273 |
+
<h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
|
1274 |
+
<br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
|
1275 |
+
<?php ?>
|
1276 |
+
<div>
|
1277 |
+
<div style="display: inline-flex;width: 350px; ">
|
1278 |
+
<div id="clipboard" style="border: solid;width: 55%;float: left;">
|
1279 |
+
<?php
|
1280 |
+
for ($x = 0; $x < 5; $x++) {
|
1281 |
+
$str = $codes[$x];
|
1282 |
+
echo("<br>".$str." <br>");
|
1283 |
+
}
|
1284 |
+
|
1285 |
+
$str1="";
|
1286 |
+
for ($x = 0; $x < 5; $x++) {
|
1287 |
+
$str = $codes[$x];
|
1288 |
+
$str1.=$str;
|
1289 |
+
if($x != 4){
|
1290 |
+
$str1.=',';
|
1291 |
+
}
|
1292 |
+
}
|
1293 |
+
?>
|
1294 |
+
</div>
|
1295 |
+
<div style="width: 50%;float: right;">
|
1296 |
+
<form name="f" method="post" id="mo2f_users_backup1" action="">
|
1297 |
+
<input type="hidden" name="option" value="mo2f_users_backup1" />
|
1298 |
+
<input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
|
1299 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
1300 |
+
<input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
|
1301 |
+
|
1302 |
+
<input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
|
1303 |
+
</form>
|
1304 |
+
</div>
|
1305 |
+
|
1306 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
|
1307 |
+
<input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
|
1308 |
+
<input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
|
1309 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1310 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
|
1311 |
+
<input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
|
1312 |
+
</form>
|
1313 |
+
</div>
|
1314 |
+
</div>
|
1315 |
+
|
1316 |
+
<?php
|
1317 |
+
mo2f_customize_logo() ?>
|
1318 |
+
</div>
|
1319 |
+
</div>
|
1320 |
+
</div>
|
1321 |
+
</div>
|
1322 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
1323 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
1324 |
+
</form>
|
1325 |
+
</body>
|
1326 |
+
<script>
|
1327 |
+
function mologinback(){
|
1328 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
1329 |
+
}
|
1330 |
+
</script>
|
1331 |
+
</html>
|
1332 |
+
<?php
|
1333 |
+
|
1334 |
+
|
1335 |
+
}
|
1336 |
+
|
1337 |
+
function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
|
1338 |
+
?>
|
1339 |
+
<form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
|
1340 |
+
<input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
|
1341 |
+
<input type="hidden" name="option" value="miniorange_backup_nonce">
|
1342 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
|
1343 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
|
1344 |
+
</form>
|
1345 |
+
<form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
|
1346 |
+
<input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
|
1347 |
+
<input type="hidden" name="option" value="miniorange_create_backup_codes">
|
1348 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
|
1349 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
|
1350 |
+
<input type="hidden" name="login_status" value="<?php echo $login_status; ?>" />
|
1351 |
+
<input type="hidden" name="login_message" value="<?php echo $login_message; ?>" />
|
1352 |
+
</form>
|
1353 |
+
<?php
|
1354 |
+
}
|
1355 |
|
1356 |
?>
|
controllers/twofa/mo2fa_inline_registration.php
CHANGED
@@ -1,1233 +1,1264 @@
|
|
1 |
-
<?php
|
2 |
-
function fetch_methods(){
|
3 |
-
$methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL");
|
4 |
-
return $methods;
|
5 |
-
}
|
6 |
-
|
7 |
-
function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
|
8 |
-
|
9 |
-
global $Mo2fdbQueries;
|
10 |
-
$current_user = get_userdata($current_user_id);
|
11 |
-
$current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
|
12 |
-
|
13 |
-
$
|
14 |
-
|
15 |
-
|
16 |
-
|
17 |
-
|
18 |
-
|
19 |
-
|
20 |
-
|
21 |
-
|
22 |
-
|
23 |
-
|
24 |
-
|
25 |
-
{
|
26 |
-
$
|
27 |
-
|
28 |
-
|
29 |
-
if($current_selected_method == '
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
|
50 |
-
|
51 |
-
|
52 |
-
|
53 |
-
|
54 |
-
|
55 |
-
|
56 |
-
|
57 |
-
|
58 |
-
|
59 |
-
|
60 |
-
|
61 |
-
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
|
73 |
-
|
74 |
-
|
75 |
-
|
76 |
-
|
77 |
-
|
78 |
-
|
79 |
-
|
80 |
-
|
81 |
-
|
82 |
-
|
83 |
-
|
84 |
-
|
85 |
-
|
86 |
-
|
87 |
-
|
88 |
-
|
89 |
-
|
90 |
-
|
91 |
-
|
92 |
-
|
93 |
-
|
94 |
-
|
95 |
-
|
96 |
-
|
97 |
-
|
98 |
-
|
99 |
-
|
100 |
-
|
101 |
-
|
102 |
-
|
103 |
-
|
104 |
-
|
105 |
-
|
106 |
-
|
107 |
-
</
|
108 |
-
<
|
109 |
-
|
110 |
-
|
111 |
-
|
112 |
-
|
113 |
-
|
114 |
-
|
115 |
-
|
116 |
-
|
117 |
-
|
118 |
-
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
123 |
-
|
124 |
-
|
125 |
-
|
126 |
-
|
127 |
-
|
128 |
-
|
129 |
-
|
130 |
-
|
131 |
-
|
132 |
-
|
133 |
-
|
134 |
-
|
135 |
-
|
136 |
-
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
|
141 |
-
|
142 |
-
|
143 |
-
|
144 |
-
|
145 |
-
|
146 |
-
|
147 |
-
|
148 |
-
|
149 |
-
|
150 |
-
|
151 |
-
|
152 |
-
|
153 |
-
|
154 |
-
|
155 |
-
|
156 |
-
|
157 |
-
|
158 |
-
|
159 |
-
|
160 |
-
|
161 |
-
|
162 |
-
|
163 |
-
|
164 |
-
|
165 |
-
|
166 |
-
|
167 |
-
|
168 |
-
|
169 |
-
|
170 |
-
|
171 |
-
|
172 |
-
|
173 |
-
|
174 |
-
|
175 |
-
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
|
186 |
-
|
187 |
-
<input type="hidden" name="
|
188 |
-
</form>
|
189 |
-
|
190 |
-
|
191 |
-
|
192 |
-
|
193 |
-
|
194 |
-
|
195 |
-
|
196 |
-
|
197 |
-
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
223 |
-
|
224 |
-
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
|
239 |
-
|
240 |
-
|
241 |
-
|
242 |
-
if($check_user['status']
|
243 |
-
|
244 |
-
|
245 |
-
|
246 |
-
|
247 |
-
|
248 |
-
|
249 |
-
|
250 |
-
|
251 |
-
|
252 |
-
|
253 |
-
|
254 |
-
|
255 |
-
|
256 |
-
|
257 |
-
|
258 |
-
|
259 |
-
|
260 |
-
|
261 |
-
|
262 |
-
|
263 |
-
|
264 |
-
|
265 |
-
|
266 |
-
|
267 |
-
|
268 |
-
|
269 |
-
|
270 |
-
|
271 |
-
|
272 |
-
|
273 |
-
|
274 |
-
|
275 |
-
|
276 |
-
|
277 |
-
|
278 |
-
|
279 |
-
|
280 |
-
|
281 |
-
|
282 |
-
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
|
288 |
-
|
289 |
-
|
290 |
-
|
291 |
-
|
292 |
-
|
293 |
-
|
294 |
-
|
295 |
-
|
296 |
-
|
297 |
-
|
298 |
-
|
299 |
-
|
300 |
-
|
301 |
-
|
302 |
-
|
303 |
-
|
304 |
-
|
305 |
-
|
306 |
-
|
307 |
-
|
308 |
-
|
309 |
-
|
310 |
-
|
311 |
-
|
312 |
-
|
313 |
-
|
314 |
-
|
315 |
-
|
316 |
-
|
317 |
-
|
318 |
-
|
319 |
-
|
320 |
-
|
321 |
-
|
322 |
-
|
323 |
-
|
324 |
-
|
325 |
-
|
326 |
-
|
327 |
-
<input type="hidden" name="
|
328 |
-
</form>
|
329 |
-
|
330 |
-
|
331 |
-
|
332 |
-
|
333 |
-
|
334 |
-
|
335 |
-
|
336 |
-
|
337 |
-
|
338 |
-
|
339 |
-
|
340 |
-
|
341 |
-
|
342 |
-
|
343 |
-
|
344 |
-
|
345 |
-
|
346 |
-
|
347 |
-
|
348 |
-
|
349 |
-
|
350 |
-
|
351 |
-
|
352 |
-
|
353 |
-
|
354 |
-
|
355 |
-
|
356 |
-
|
357 |
-
|
358 |
-
|
359 |
-
|
360 |
-
|
361 |
-
|
362 |
-
|
363 |
-
|
364 |
-
|
365 |
-
|
366 |
-
|
367 |
-
|
368 |
-
|
369 |
-
|
370 |
-
|
371 |
-
|
372 |
-
|
373 |
-
|
374 |
-
|
375 |
-
|
376 |
-
|
377 |
-
|
378 |
-
|
379 |
-
|
380 |
-
|
381 |
-
|
382 |
-
|
383 |
-
|
384 |
-
|
385 |
-
|
386 |
-
|
387 |
-
|
388 |
-
|
389 |
-
|
390 |
-
|
391 |
-
|
392 |
-
|
393 |
-
|
394 |
-
|
395 |
-
|
396 |
-
|
397 |
-
|
398 |
-
|
399 |
-
|
400 |
-
|
401 |
-
|
402 |
-
|
403 |
-
|
404 |
-
|
405 |
-
|
406 |
-
<
|
407 |
-
|
408 |
-
|
409 |
-
|
410 |
-
|
411 |
-
|
412 |
-
|
413 |
-
|
414 |
-
|
415 |
-
|
416 |
-
|
417 |
-
|
418 |
-
|
419 |
-
|
420 |
-
|
421 |
-
|
422 |
-
|
423 |
-
|
424 |
-
|
425 |
-
|
426 |
-
|
427 |
-
|
428 |
-
|
429 |
-
|
430 |
-
|
431 |
-
|
432 |
-
|
433 |
-
|
434 |
-
<
|
435 |
-
|
436 |
-
|
437 |
-
|
438 |
-
|
439 |
-
</
|
440 |
-
<form name="f"
|
441 |
-
<input type="hidden" name="
|
442 |
-
|
443 |
-
|
444 |
-
<input type="hidden" name="
|
445 |
-
|
446 |
-
|
447 |
-
|
448 |
-
|
449 |
-
|
450 |
-
|
451 |
-
|
452 |
-
|
453 |
-
<?php
|
454 |
-
|
455 |
-
|
456 |
-
|
457 |
-
|
458 |
-
|
459 |
-
|
460 |
-
|
461 |
-
|
462 |
-
|
463 |
-
|
464 |
-
|
465 |
-
|
466 |
-
|
467 |
-
|
468 |
-
|
469 |
-
|
470 |
-
|
471 |
-
|
472 |
-
|
473 |
-
|
474 |
-
|
475 |
-
|
476 |
-
|
477 |
-
|
478 |
-
|
479 |
-
|
480 |
-
|
481 |
-
|
482 |
-
|
483 |
-
|
484 |
-
|
485 |
-
|
486 |
-
|
487 |
-
|
488 |
-
|
489 |
-
|
490 |
-
|
491 |
-
|
492 |
-
|
493 |
-
|
494 |
-
|
495 |
-
|
496 |
-
|
497 |
-
|
498 |
-
|
499 |
-
|
500 |
-
|
501 |
-
|
502 |
-
|
503 |
-
|
504 |
-
|
505 |
-
|
506 |
-
|
507 |
-
|
508 |
-
|
509 |
-
|
510 |
-
|
511 |
-
|
512 |
-
|
513 |
-
|
514 |
-
|
515 |
-
|
516 |
-
|
517 |
-
|
518 |
-
|
519 |
-
|
520 |
-
|
521 |
-
<?php
|
522 |
-
|
523 |
-
|
524 |
-
|
525 |
-
|
526 |
-
|
527 |
-
<
|
528 |
-
|
529 |
-
|
530 |
-
|
531 |
-
|
532 |
-
|
533 |
-
|
534 |
-
|
535 |
-
|
536 |
-
|
537 |
-
|
538 |
-
|
539 |
-
<option value="
|
540 |
-
|
541 |
-
|
542 |
-
<
|
543 |
-
|
544 |
-
|
545 |
-
|
546 |
-
|
547 |
-
|
548 |
-
|
549 |
-
|
550 |
-
|
551 |
-
|
552 |
-
|
553 |
-
|
554 |
-
|
555 |
-
|
556 |
-
|
557 |
-
|
558 |
-
|
559 |
-
|
560 |
-
|
561 |
-
|
562 |
-
|
563 |
-
|
564 |
-
|
565 |
-
|
566 |
-
|
567 |
-
|
568 |
-
|
569 |
-
|
570 |
-
|
571 |
-
|
572 |
-
|
573 |
-
|
574 |
-
|
575 |
-
|
576 |
-
|
577 |
-
|
578 |
-
|
579 |
-
|
580 |
-
|
581 |
-
|
582 |
-
|
583 |
-
|
584 |
-
|
585 |
-
|
586 |
-
|
587 |
-
|
588 |
-
|
589 |
-
|
590 |
-
|
591 |
-
|
592 |
-
|
593 |
-
|
594 |
-
|
595 |
-
|
596 |
-
|
597 |
-
<
|
598 |
-
|
599 |
-
<input type="hidden" name="
|
600 |
-
<input
|
601 |
-
<
|
602 |
-
|
603 |
-
|
604 |
-
<input type="
|
605 |
-
|
606 |
-
|
607 |
-
|
608 |
-
<input type="hidden" name="
|
609 |
-
|
610 |
-
|
611 |
-
|
612 |
-
|
613 |
-
|
614 |
-
|
615 |
-
|
616 |
-
|
617 |
-
|
618 |
-
|
619 |
-
|
620 |
-
<input type="hidden" name="
|
621 |
-
|
622 |
-
|
623 |
-
|
624 |
-
<input type="hidden" name="
|
625 |
-
|
626 |
-
|
627 |
-
|
628 |
-
|
629 |
-
|
630 |
-
|
631 |
-
|
632 |
-
|
633 |
-
|
634 |
-
jQuery('#
|
635 |
-
|
636 |
-
|
637 |
-
jQuery('#
|
638 |
-
|
639 |
-
|
640 |
-
jQuery('#links_to_apps').
|
641 |
-
|
642 |
-
|
643 |
-
|
644 |
-
|
645 |
-
jQuery('#links_to_apps').
|
646 |
-
|
647 |
-
|
648 |
-
|
649 |
-
|
650 |
-
jQuery('#links_to_apps').
|
651 |
-
|
652 |
-
|
653 |
-
|
654 |
-
|
655 |
-
jQuery('#links_to_apps').
|
656 |
-
|
657 |
-
|
658 |
-
|
659 |
-
|
660 |
-
jQuery('#
|
661 |
-
|
662 |
-
|
663 |
-
|
664 |
-
|
665 |
-
|
666 |
-
}
|
667 |
-
|
668 |
-
|
669 |
-
|
670 |
-
|
671 |
-
|
672 |
-
|
673 |
-
jQuery(
|
674 |
-
});
|
675 |
-
jQuery(
|
676 |
-
jQuery(
|
677 |
-
|
678 |
-
|
679 |
-
|
680 |
-
|
681 |
-
|
682 |
-
|
683 |
-
|
684 |
-
|
685 |
-
|
686 |
-
|
687 |
-
|
688 |
-
echo '
|
689 |
-
|
690 |
-
|
691 |
-
|
692 |
-
|
693 |
-
|
694 |
-
|
695 |
-
echo '<
|
696 |
-
echo '<
|
697 |
-
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/
|
698 |
-
|
699 |
-
|
700 |
-
|
701 |
-
|
702 |
-
|
703 |
-
|
704 |
-
|
705 |
-
$
|
706 |
-
|
707 |
-
|
708 |
-
|
709 |
-
|
710 |
-
<
|
711 |
-
|
712 |
-
|
713 |
-
|
714 |
-
|
715 |
-
|
716 |
-
|
717 |
-
|
718 |
-
|
719 |
-
|
720 |
-
|
721 |
-
|
722 |
-
|
723 |
-
|
724 |
-
|
725 |
-
|
726 |
-
|
727 |
-
<?php
|
728 |
-
?>
|
729 |
-
|
730 |
-
|
731 |
-
|
732 |
-
|
733 |
-
|
734 |
-
|
735 |
-
jQuery(
|
736 |
-
|
737 |
-
|
738 |
-
|
739 |
-
|
740 |
-
|
741 |
-
|
742 |
-
|
743 |
-
|
744 |
-
|
745 |
-
|
746 |
-
|
747 |
-
|
748 |
-
|
749 |
-
|
750 |
-
|
751 |
-
|
752 |
-
|
753 |
-
|
754 |
-
|
755 |
-
|
756 |
-
|
757 |
-
|
758 |
-
jQuery("#
|
759 |
-
|
760 |
-
|
761 |
-
jQuery("#
|
762 |
-
|
763 |
-
|
764 |
-
|
765 |
-
|
766 |
-
|
767 |
-
|
768 |
-
|
769 |
-
|
770 |
-
|
771 |
-
|
772 |
-
|
773 |
-
|
774 |
-
|
775 |
-
|
776 |
-
|
777 |
-
|
778 |
-
|
779 |
-
|
780 |
-
|
781 |
-
|
782 |
-
|
783 |
-
|
784 |
-
|
785 |
-
|
786 |
-
|
787 |
-
|
788 |
-
|
789 |
-
|
790 |
-
|
791 |
-
|
792 |
-
|
793 |
-
|
794 |
-
|
795 |
-
|
796 |
-
|
797 |
-
|
798 |
-
|
799 |
-
<?php
|
800 |
-
|
801 |
-
|
802 |
-
|
803 |
-
|
804 |
-
|
805 |
-
|
806 |
-
|
807 |
-
|
808 |
-
|
809 |
-
|
810 |
-
|
811 |
-
|
812 |
-
|
813 |
-
|
814 |
-
|
815 |
-
|
816 |
-
|
817 |
-
|
818 |
-
|
819 |
-
|
820 |
-
|
821 |
-
|
822 |
-
|
823 |
-
|
824 |
-
<
|
825 |
-
|
826 |
-
|
827 |
-
|
828 |
-
|
829 |
-
|
830 |
-
|
831 |
-
|
832 |
-
|
833 |
-
|
834 |
-
|
835 |
-
|
836 |
-
|
837 |
-
|
838 |
-
|
839 |
-
|
840 |
-
|
841 |
-
|
842 |
-
|
843 |
-
|
844 |
-
|
845 |
-
|
846 |
-
|
847 |
-
|
848 |
-
|
849 |
-
|
850 |
-
|
851 |
-
|
852 |
-
|
853 |
-
|
854 |
-
|
855 |
-
}
|
856 |
-
|
857 |
-
|
858 |
-
|
859 |
-
|
860 |
-
|
861 |
-
|
862 |
-
|
863 |
-
|
864 |
-
|
865 |
-
|
866 |
-
|
867 |
-
|
868 |
-
|
869 |
-
|
870 |
-
|
871 |
-
|
872 |
-
|
873 |
-
|
874 |
-
|
875 |
-
|
876 |
-
|
877 |
-
|
878 |
-
|
879 |
-
|
880 |
-
|
881 |
-
|
882 |
-
|
883 |
-
|
884 |
-
|
885 |
-
|
886 |
-
|
887 |
-
<
|
888 |
-
|
889 |
-
|
890 |
-
|
891 |
-
|
892 |
-
<
|
893 |
-
|
894 |
-
|
895 |
-
|
896 |
-
|
897 |
-
|
898 |
-
|
899 |
-
|
900 |
-
|
901 |
-
|
902 |
-
|
903 |
-
|
904 |
-
|
905 |
-
|
906 |
-
|
907 |
-
|
908 |
-
<td><
|
909 |
-
|
910 |
-
|
911 |
-
</tr>
|
912 |
-
|
913 |
-
|
914 |
-
|
915 |
-
|
916 |
-
|
917 |
-
|
918 |
-
|
919 |
-
|
920 |
-
|
921 |
-
|
922 |
-
|
923 |
-
</
|
924 |
-
|
925 |
-
|
926 |
-
|
927 |
-
|
928 |
-
|
929 |
-
|
930 |
-
|
931 |
-
|
932 |
-
|
933 |
-
|
934 |
-
|
935 |
-
|
936 |
-
|
937 |
-
|
938 |
-
|
939 |
-
|
940 |
-
|
941 |
-
|
942 |
-
|
943 |
-
|
944 |
-
|
945 |
-
|
946 |
-
|
947 |
-
|
948 |
-
|
949 |
-
|
950 |
-
|
951 |
-
|
952 |
-
|
953 |
-
|
954 |
-
|
955 |
-
|
956 |
-
|
957 |
-
|
958 |
-
|
959 |
-
|
960 |
-
|
961 |
-
|
962 |
-
|
963 |
-
|
964 |
-
|
965 |
-
|
966 |
-
|
967 |
-
|
968 |
-
|
969 |
-
|
970 |
-
|
971 |
-
|
972 |
-
|
973 |
-
|
974 |
-
|
975 |
-
|
976 |
-
|
977 |
-
|
978 |
-
|
979 |
-
|
980 |
-
|
981 |
-
|
982 |
-
|
983 |
-
|
984 |
-
|
985 |
-
|
986 |
-
|
987 |
-
|
988 |
-
|
989 |
-
|
990 |
-
|
991 |
-
|
992 |
-
|
993 |
-
|
994 |
-
|
995 |
-
|
996 |
-
|
997 |
-
|
998 |
-
|
999 |
-
|
1000 |
-
|
1001 |
-
|
1002 |
-
|
1003 |
-
|
1004 |
-
|
1005 |
-
|
1006 |
-
|
1007 |
-
|
1008 |
-
|
1009 |
-
|
1010 |
-
|
1011 |
-
|
1012 |
-
|
1013 |
-
|
1014 |
-
|
1015 |
-
|
1016 |
-
|
1017 |
-
|
1018 |
-
|
1019 |
-
|
1020 |
-
|
1021 |
-
|
1022 |
-
|
1023 |
-
$
|
1024 |
-
|
1025 |
-
|
1026 |
-
|
1027 |
-
|
1028 |
-
|
1029 |
-
|
1030 |
-
|
1031 |
-
|
1032 |
-
|
1033 |
-
|
1034 |
-
|
1035 |
-
|
1036 |
-
|
1037 |
-
|
1038 |
-
|
1039 |
-
|
1040 |
-
|
1041 |
-
|
1042 |
-
|
1043 |
-
|
1044 |
-
|
1045 |
-
|
1046 |
-
|
1047 |
-
|
1048 |
-
|
1049 |
-
|
1050 |
-
|
1051 |
-
|
1052 |
-
|
1053 |
-
|
1054 |
-
|
1055 |
-
|
1056 |
-
|
1057 |
-
|
1058 |
-
|
1059 |
-
|
1060 |
-
|
1061 |
-
|
1062 |
-
|
1063 |
-
|
1064 |
-
|
1065 |
-
|
1066 |
-
|
1067 |
-
|
1068 |
-
|
1069 |
-
|
1070 |
-
|
1071 |
-
|
1072 |
-
|
1073 |
-
|
1074 |
-
|
1075 |
-
|
1076 |
-
|
1077 |
-
|
1078 |
-
|
1079 |
-
|
1080 |
-
|
1081 |
-
|
1082 |
-
|
1083 |
-
|
1084 |
-
|
1085 |
-
|
1086 |
-
|
1087 |
-
|
1088 |
-
|
1089 |
-
|
1090 |
-
|
1091 |
-
|
1092 |
-
|
1093 |
-
|
1094 |
-
|
1095 |
-
|
1096 |
-
|
1097 |
-
|
1098 |
-
|
1099 |
-
|
1100 |
-
|
1101 |
-
|
1102 |
-
?>
|
1103 |
-
|
1104 |
-
|
1105 |
-
|
1106 |
-
|
1107 |
-
|
1108 |
-
|
1109 |
-
|
1110 |
-
|
1111 |
-
|
1112 |
-
|
1113 |
-
|
1114 |
-
|
1115 |
-
|
1116 |
-
|
1117 |
-
|
1118 |
-
|
1119 |
-
|
1120 |
-
|
1121 |
-
|
1122 |
-
|
1123 |
-
|
1124 |
-
|
1125 |
-
|
1126 |
-
|
1127 |
-
|
1128 |
-
|
1129 |
-
|
1130 |
-
|
1131 |
-
|
1132 |
-
|
1133 |
-
|
1134 |
-
|
1135 |
-
|
1136 |
-
|
1137 |
-
|
1138 |
-
|
1139 |
-
|
1140 |
-
|
1141 |
-
|
1142 |
-
|
1143 |
-
<?php
|
1144 |
-
|
1145 |
-
|
1146 |
-
|
1147 |
-
|
1148 |
-
|
1149 |
-
|
1150 |
-
|
1151 |
-
|
1152 |
-
|
1153 |
-
|
1154 |
-
|
1155 |
-
|
1156 |
-
|
1157 |
-
|
1158 |
-
|
1159 |
-
|
1160 |
-
|
1161 |
-
<?php
|
1162 |
-
|
1163 |
-
|
1164 |
-
|
1165 |
-
|
1166 |
-
|
1167 |
-
|
1168 |
-
|
1169 |
-
|
1170 |
-
|
1171 |
-
|
1172 |
-
|
1173 |
-
|
1174 |
-
|
1175 |
-
|
1176 |
-
|
1177 |
-
|
1178 |
-
|
1179 |
-
|
1180 |
-
|
1181 |
-
|
1182 |
-
|
1183 |
-
|
1184 |
-
|
1185 |
-
|
1186 |
-
|
1187 |
-
|
1188 |
-
|
1189 |
-
|
1190 |
-
|
1191 |
-
|
1192 |
-
|
1193 |
-
|
1194 |
-
|
1195 |
-
|
1196 |
-
|
1197 |
-
<
|
1198 |
-
|
1199 |
-
|
1200 |
-
|
1201 |
-
|
1202 |
-
|
1203 |
-
|
1204 |
-
|
1205 |
-
|
1206 |
-
|
1207 |
-
|
1208 |
-
|
1209 |
-
|
1210 |
-
|
1211 |
-
|
1212 |
-
|
1213 |
-
|
1214 |
-
|
1215 |
-
|
1216 |
-
|
1217 |
-
|
1218 |
-
|
1219 |
-
|
1220 |
-
|
1221 |
-
|
1222 |
-
|
1223 |
-
|
1224 |
-
|
1225 |
-
|
1226 |
-
|
1227 |
-
|
1228 |
-
|
1229 |
-
|
1230 |
-
|
1231 |
-
|
1232 |
-
<?php
|
1233 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
function fetch_methods(){
|
3 |
+
$methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL");
|
4 |
+
return $methods;
|
5 |
+
}
|
6 |
+
|
7 |
+
function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
|
8 |
+
|
9 |
+
global $Mo2fdbQueries;
|
10 |
+
$current_user = get_userdata($current_user_id);
|
11 |
+
$current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
|
12 |
+
|
13 |
+
if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
|
14 |
+
if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
|
15 |
+
prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
|
16 |
+
else
|
17 |
+
prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
|
18 |
+
}else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
|
19 |
+
if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
|
20 |
+
prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
|
21 |
+
else
|
22 |
+
prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
|
23 |
+
}else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
|
24 |
+
prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
|
25 |
+
}else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
|
26 |
+
prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
|
27 |
+
}else if($current_selected_method == 'KBA' ){
|
28 |
+
prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
|
29 |
+
}else if($current_selected_method == 'OUT OF BAND EMAIL' ){
|
30 |
+
$status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
|
31 |
+
if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
|
32 |
+
if(!MO2F_IS_ONPREM)
|
33 |
+
{
|
34 |
+
$current_user = get_userdata($current_user_id);
|
35 |
+
$email = $current_user->user_email;
|
36 |
+
$tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
|
37 |
+
if(isset($tempEmail) and $tempEmail != '')
|
38 |
+
$email = $tempEmail;
|
39 |
+
create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
|
40 |
+
}
|
41 |
+
$Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
|
42 |
+
$pass2fa= new Miniorange_Password_2Factor_Login();
|
43 |
+
$pass2fa->mo2fa_pass2login($redirect_to);
|
44 |
+
}
|
45 |
+
prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
|
46 |
+
}else{
|
47 |
+
$current_user = get_userdata($current_user_id);
|
48 |
+
if(isset($current_user->roles[0]))
|
49 |
+
$current_user_role=$current_user->roles[0];
|
50 |
+
$opt=fetch_methods($current_user);
|
51 |
+
?>
|
52 |
+
<html>
|
53 |
+
<head>
|
54 |
+
<meta charset="utf-8"/>
|
55 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
56 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
57 |
+
<?php
|
58 |
+
mo2f_inline_css_and_js();
|
59 |
+
?>
|
60 |
+
</head>
|
61 |
+
<body>
|
62 |
+
<div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
|
63 |
+
<div class="mo2f-modal-backdrop"></div>
|
64 |
+
<div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
|
65 |
+
<div class="login mo_customer_validation-modal-content">
|
66 |
+
<div class="mo2f_modal-header">
|
67 |
+
<h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
68 |
+
|
69 |
+
<?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
|
70 |
+
</div>
|
71 |
+
<div class="mo2f_modal-body">
|
72 |
+
<?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
|
73 |
+
if(isset($login_message) && !empty($login_message)) {
|
74 |
+
echo '<br><br>';
|
75 |
+
|
76 |
+
?>
|
77 |
+
|
78 |
+
<div id="otpMessage">
|
79 |
+
<p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
|
80 |
+
</div>
|
81 |
+
<?php }else
|
82 |
+
echo '<br>';
|
83 |
+
?>
|
84 |
+
|
85 |
+
<br>
|
86 |
+
<span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
|
87 |
+
<label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
|
88 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
|
89 |
+
<?php echo __('Google / Authy / Microsoft Authenticator<br>
|
90 |
+
(Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
|
91 |
+
</label>
|
92 |
+
<br>
|
93 |
+
</span>
|
94 |
+
<span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
|
95 |
+
<label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
|
96 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
|
97 |
+
<?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
|
98 |
+
</label>
|
99 |
+
<br>
|
100 |
+
</span>
|
101 |
+
<span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
|
102 |
+
<label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
|
103 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
|
104 |
+
<?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
|
105 |
+
</label>
|
106 |
+
<br>
|
107 |
+
</span>
|
108 |
+
<span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
|
109 |
+
<label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
|
110 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
|
111 |
+
<?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
|
112 |
+
</label>
|
113 |
+
<br>
|
114 |
+
</span>
|
115 |
+
<span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
|
116 |
+
<label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
|
117 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
|
118 |
+
<?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
|
119 |
+
</label>
|
120 |
+
<br>
|
121 |
+
</span>
|
122 |
+
<span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
|
123 |
+
<label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
|
124 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
|
125 |
+
<?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
|
126 |
+
</label>
|
127 |
+
<br>
|
128 |
+
</span>
|
129 |
+
<span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
|
130 |
+
<label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
|
131 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
|
132 |
+
<?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
|
133 |
+
</label>
|
134 |
+
<br>
|
135 |
+
</span>
|
136 |
+
<span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
|
137 |
+
<label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
|
138 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
|
139 |
+
<?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
|
140 |
+
</label>
|
141 |
+
<br>
|
142 |
+
</span>
|
143 |
+
<span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
|
144 |
+
<label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
|
145 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
|
146 |
+
<?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
|
147 |
+
</label>
|
148 |
+
<br>
|
149 |
+
</span>
|
150 |
+
<span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
|
151 |
+
<label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
|
152 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
|
153 |
+
<?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
|
154 |
+
</label>
|
155 |
+
<br>
|
156 |
+
</span>
|
157 |
+
<span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
|
158 |
+
<label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
|
159 |
+
<input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
|
160 |
+
<?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
|
161 |
+
</label>
|
162 |
+
</span>
|
163 |
+
<br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
|
164 |
+
<br />
|
165 |
+
<?php mo2f_customize_logo() ?>
|
166 |
+
</div>
|
167 |
+
</div>
|
168 |
+
</div>
|
169 |
+
</div>
|
170 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
171 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
172 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
173 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
174 |
+
</form>
|
175 |
+
<form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
|
176 |
+
<input type="hidden" name="mo2f_selected_2factor_method" />
|
177 |
+
<input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
|
178 |
+
<input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
|
179 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
180 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
181 |
+
</form>
|
182 |
+
|
183 |
+
<form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
|
184 |
+
<input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
|
185 |
+
<input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
|
186 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
187 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
188 |
+
</form>
|
189 |
+
|
190 |
+
<script>
|
191 |
+
function mologinback(){
|
192 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
193 |
+
}
|
194 |
+
jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
|
195 |
+
var selectedMethod = jQuery(this).val();
|
196 |
+
document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
|
197 |
+
jQuery('#mo2f_select_2fa_methods_form').submit();
|
198 |
+
});
|
199 |
+
jQuery('a[href="#skiptwofactor"]').click(function(e) {
|
200 |
+
|
201 |
+
jQuery('#mo2f_skip_loginform').submit();
|
202 |
+
});
|
203 |
+
</script>
|
204 |
+
</body>
|
205 |
+
</html>
|
206 |
+
<?php
|
207 |
+
}
|
208 |
+
}
|
209 |
+
|
210 |
+
function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
|
211 |
+
{
|
212 |
+
|
213 |
+
global $Mo2fdbQueries;
|
214 |
+
$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
|
215 |
+
if(isset($mo2f_user_email) and $mo2f_user_email != '')
|
216 |
+
$email = $mo2f_user_email;
|
217 |
+
|
218 |
+
$current_user = get_userdata($current_user_id);
|
219 |
+
if($current_user_id == get_option('mo2f_miniorange_admin'))
|
220 |
+
$email = get_option('mo2f_email');
|
221 |
+
|
222 |
+
$enduser = new Two_Factor_Setup();
|
223 |
+
$check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
|
224 |
+
|
225 |
+
if(json_last_error() == JSON_ERROR_NONE){
|
226 |
+
|
227 |
+
if($check_user['status'] == 'ERROR'){
|
228 |
+
return Mo2fConstants:: langTranslate( $check_user['message']);
|
229 |
+
|
230 |
+
}
|
231 |
+
else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
|
232 |
+
|
233 |
+
$Mo2fdbQueries->update_user_details( $current_user_id, array(
|
234 |
+
'user_registration_with_miniorange' =>'SUCCESS',
|
235 |
+
'mo2f_user_email' =>$email,
|
236 |
+
'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
|
237 |
+
) );
|
238 |
+
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
239 |
+
|
240 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
241 |
+
}
|
242 |
+
else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
|
243 |
+
|
244 |
+
$content = json_decode($enduser->mo_create_user($current_user,$email), true);
|
245 |
+
if(json_last_error() == JSON_ERROR_NONE) {
|
246 |
+
if(strcasecmp($content['status'], 'SUCCESS') == 0) {
|
247 |
+
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
248 |
+
$Mo2fdbQueries->update_user_details( $current_user_id, array(
|
249 |
+
'user_registration_with_miniorange' =>'SUCCESS',
|
250 |
+
'mo2f_user_email' =>$email,
|
251 |
+
'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
|
252 |
+
) );
|
253 |
+
|
254 |
+
$mo2fa_login_message = '';
|
255 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
256 |
+
}
|
257 |
+
}
|
258 |
+
|
259 |
+
|
260 |
+
}
|
261 |
+
else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
|
262 |
+
$mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
|
263 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
|
264 |
+
mo2f_inline_email_form($email,$current_user_id);
|
265 |
+
exit;
|
266 |
+
}
|
267 |
+
|
268 |
+
}
|
269 |
+
|
270 |
+
}
|
271 |
+
|
272 |
+
function mo2f_inline_email_form($email,$current_user_id)
|
273 |
+
{
|
274 |
+
?>
|
275 |
+
<html>
|
276 |
+
<head>
|
277 |
+
<meta charset="utf-8"/>
|
278 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
279 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
280 |
+
<?php
|
281 |
+
mo2f_inline_css_and_js();
|
282 |
+
?>
|
283 |
+
</head>
|
284 |
+
<body>
|
285 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
286 |
+
<div class="mo2f-modal-backdrop"></div>
|
287 |
+
<div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
|
288 |
+
<div class="login mo_customer_validation-modal-content">
|
289 |
+
<div class="mo2f_modal-header">
|
290 |
+
<h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
291 |
+
<?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
|
292 |
+
</div>
|
293 |
+
<div class="mo2f_modal-body">
|
294 |
+
<form action="" method="post" name="f">
|
295 |
+
<p>The Email assoicated with your account is already registered in miniOrnage. Please use a different email address or contact miniOrange.
|
296 |
+
</p><br>
|
297 |
+
<i><b>Enter your Email: </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
|
298 |
+
<br>
|
299 |
+
<p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
|
300 |
+
<br>
|
301 |
+
<input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
|
302 |
+
<input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
|
303 |
+
<button type="submit" class="mo_wpns_button mo_wpns_button1" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
|
304 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
305 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
306 |
+
</form>
|
307 |
+
<br>
|
308 |
+
<?php mo2f_customize_logo() ?>
|
309 |
+
</div>
|
310 |
+
</div>
|
311 |
+
</div>
|
312 |
+
</div>
|
313 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
314 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
315 |
+
</form>
|
316 |
+
<form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
|
317 |
+
<input type="hidden" name="mo2f_selected_2factor_method" />
|
318 |
+
<input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
|
319 |
+
<input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
|
320 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
321 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
322 |
+
</form>
|
323 |
+
<?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
|
324 |
+
<form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
|
325 |
+
<input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
|
326 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
327 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
328 |
+
</form>
|
329 |
+
<?php } ?>
|
330 |
+
|
331 |
+
<script type="text/javascript">
|
332 |
+
jQuery('#save_entered_email_inlinecloud1').click(function(){
|
333 |
+
var email = jQuery('#emailInlineCloud').val();
|
334 |
+
var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
|
335 |
+
var data = {
|
336 |
+
'action' : 'mo_two_factor_ajax',
|
337 |
+
'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
|
338 |
+
'email' : email,
|
339 |
+
'nonce' : nonce
|
340 |
+
|
341 |
+
};
|
342 |
+
|
343 |
+
var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
|
344 |
+
|
345 |
+
|
346 |
+
jQuery.post(ajaxurl, data, function(response) {
|
347 |
+
|
348 |
+
if(response == 'alreadyExist')
|
349 |
+
{
|
350 |
+
jQuery('#emailalredyused').show();
|
351 |
+
}
|
352 |
+
else if(response =='USERCANBECREATED')
|
353 |
+
{
|
354 |
+
document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
|
355 |
+
jQuery('#mo2f_select_2fa_methods_form').submit();
|
356 |
+
}
|
357 |
+
});
|
358 |
+
|
359 |
+
});
|
360 |
+
|
361 |
+
|
362 |
+
</script>
|
363 |
+
</body>
|
364 |
+
|
365 |
+
<?php
|
366 |
+
}
|
367 |
+
function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
|
368 |
+
|
369 |
+
global $Mo2fdbQueries;
|
370 |
+
if(isset($qrCode)){
|
371 |
+
$qrCodedata = $qrCode['mo2f-login-qrCode'];
|
372 |
+
$showqrCode = $qrCode['mo2f_show_qr_code'];
|
373 |
+
}
|
374 |
+
$current_user = get_userdata($current_user_id);
|
375 |
+
$email = $current_user->user_email;
|
376 |
+
|
377 |
+
$opt=fetch_methods($current_user);
|
378 |
+
|
379 |
+
$mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
|
380 |
+
?>
|
381 |
+
<html>
|
382 |
+
<head> <meta charset="utf-8"/>
|
383 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
384 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
385 |
+
<?php
|
386 |
+
mo2f_inline_css_and_js();
|
387 |
+
?>
|
388 |
+
</head>
|
389 |
+
<body>
|
390 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
391 |
+
<div class="mo2f-modal-backdrop"></div>
|
392 |
+
<div class="mo2f_modal-dialog mo2f_modal-lg" >
|
393 |
+
<div class="login mo_customer_validation-modal-content">
|
394 |
+
<div class="mo2f_modal-header">
|
395 |
+
<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
396 |
+
<?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
|
397 |
+
</div>
|
398 |
+
<div class="mo2f_modal-body">
|
399 |
+
<?php if(isset($login_message) && !empty($login_message)) { ?>
|
400 |
+
|
401 |
+
<div id="otpMessage">
|
402 |
+
<p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
|
403 |
+
</div>
|
404 |
+
<?php } ?>
|
405 |
+
<div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
|
406 |
+
<div class="mo_margin_left">
|
407 |
+
<h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
|
408 |
+
<div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
|
409 |
+
<center>
|
410 |
+
<?php if (sizeof($opt) > 1) { ?>
|
411 |
+
<input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
|
412 |
+
<?php } ?>
|
413 |
+
<input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
|
414 |
+
</center>
|
415 |
+
</div>
|
416 |
+
<?php
|
417 |
+
if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
|
418 |
+
initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
|
419 |
+
<?php } ?>
|
420 |
+
|
421 |
+
<?php mo2f_customize_logo() ?>
|
422 |
+
</div>
|
423 |
+
<br>
|
424 |
+
<br>
|
425 |
+
</div>
|
426 |
+
</div>
|
427 |
+
</div>
|
428 |
+
</div>
|
429 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
430 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
431 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
432 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
433 |
+
</form>
|
434 |
+
<form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
|
435 |
+
<input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
|
436 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
437 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
438 |
+
<input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
|
439 |
+
</form>
|
440 |
+
<form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
|
441 |
+
<input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
|
442 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
443 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
444 |
+
<input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
|
445 |
+
</form>
|
446 |
+
<?php if (sizeof($opt) > 1) { ?>
|
447 |
+
<form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
|
448 |
+
<input type="hidden" name="option" value="miniorange_back_inline"/>
|
449 |
+
<input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
|
450 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
451 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
452 |
+
</form>
|
453 |
+
<?php } ?>
|
454 |
+
<script>
|
455 |
+
function mologinback(){
|
456 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
457 |
+
}
|
458 |
+
function moconfigureapp(){
|
459 |
+
jQuery('#mo2f_inline_configureapp_form').submit();
|
460 |
+
}
|
461 |
+
jQuery('#mo2f_inline_back_btn').click(function() {
|
462 |
+
jQuery('#mo2f_goto_two_factor_form').submit();
|
463 |
+
});
|
464 |
+
<?php
|
465 |
+
if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
|
466 |
+
?>
|
467 |
+
<?php } ?>
|
468 |
+
</script>
|
469 |
+
</body>
|
470 |
+
</html>
|
471 |
+
<?php
|
472 |
+
}
|
473 |
+
|
474 |
+
function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
|
475 |
+
$mo2f_google_auth=json_decode(get_user_meta($current_user_id,'mo2f_google_auth', true),true);
|
476 |
+
$data = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_qrCode'] : null;
|
477 |
+
$ga_secret = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_secret'] : null;
|
478 |
+
|
479 |
+
?>
|
480 |
+
<html>
|
481 |
+
<head> <meta charset="utf-8"/>
|
482 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
483 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
484 |
+
<?php
|
485 |
+
mo2f_inline_css_and_js();
|
486 |
+
?>
|
487 |
+
</head>
|
488 |
+
<style>
|
489 |
+
* {
|
490 |
+
box-sizing: border-box;
|
491 |
+
}
|
492 |
+
[class*="mcol-"] {
|
493 |
+
float: left;
|
494 |
+
padding: 15px;
|
495 |
+
}
|
496 |
+
/* For desktop: */
|
497 |
+
.mcol-1 {width: 50%;}
|
498 |
+
.mcol-2 {width: 50%;}
|
499 |
+
@media only screen and (max-width: 768px) {
|
500 |
+
/* For mobile phones: */
|
501 |
+
[class*="mcol-"] {
|
502 |
+
width: 100%;
|
503 |
+
}
|
504 |
+
}
|
505 |
+
</style>
|
506 |
+
<body>
|
507 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
508 |
+
<div class="mo2f-modal-backdrop"></div>
|
509 |
+
<div class="mo2f_modal-dialog mo2f_modal-lg" >
|
510 |
+
<div class="login mo_customer_validation-modal-content">
|
511 |
+
<div class="mo2f_modal-header">
|
512 |
+
<h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
513 |
+
<?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
|
514 |
+
</div>
|
515 |
+
<div class="mo2f_modal-body">
|
516 |
+
<?php
|
517 |
+
|
518 |
+
$current_user = get_userdata($current_user_id);
|
519 |
+
$opt=fetch_methods($current_user);
|
520 |
+
?>
|
521 |
+
<?php if(isset($login_message) && !empty($login_message)) { ?>
|
522 |
+
<div id="otpMessage"
|
523 |
+
<?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
|
524 |
+
>
|
525 |
+
<p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
|
526 |
+
</div>
|
527 |
+
<?php if(isset($login_message)) {?> <br/> <?php } ?>
|
528 |
+
<?php } ?>
|
529 |
+
<div class="mcol-1">
|
530 |
+
<div id="mo2f_choose_app_tour">
|
531 |
+
<label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
|
532 |
+
|
533 |
+
<select id="authenticator_type">
|
534 |
+
<option value="google_authenticator">Google Authenticator</option>
|
535 |
+
<option value="msft_authenticator">Microsoft Authenticator</option>
|
536 |
+
<option value="authy_authenticator">Authy Authenticator</option>
|
537 |
+
<option value="last_pass_auth">LastPass Authenticator</option>
|
538 |
+
<option value="free_otp_auth">FreeOTP Authenticator</option>
|
539 |
+
<option value="duo_auth">Duo Mobile Authenticator</option>
|
540 |
+
</select>
|
541 |
+
<div id="links_to_apps_tour" style="background-color:white;padding:5px;">
|
542 |
+
<span id="links_to_apps">
|
543 |
+
<p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>,
|
544 |
+
<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b> </p></a>
|
545 |
+
|
546 |
+
</span>
|
547 |
+
</div>
|
548 |
+
</div>
|
549 |
+
<div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
|
550 |
+
<ol>
|
551 |
+
<li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
|
552 |
+
<li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
|
553 |
+
<br>
|
554 |
+
<?php if(MO2F_IS_ONPREM){ ?>
|
555 |
+
<div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
|
556 |
+
<?php
|
557 |
+
|
558 |
+
} else{ ?>
|
559 |
+
<div style="margin-left: 14%;">
|
560 |
+
<div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
|
561 |
+
<div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
|
562 |
+
</div>
|
563 |
+
</div>
|
564 |
+
<?php }
|
565 |
+
?>
|
566 |
+
<div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
|
567 |
+
|
568 |
+
</ol>
|
569 |
+
<div id="mo2f_scanbarcode_a" hidden>
|
570 |
+
<ol >
|
571 |
+
<li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
|
572 |
+
<li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
|
573 |
+
<li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
|
574 |
+
<li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
|
575 |
+
<div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
|
576 |
+
<div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
|
577 |
+
<?php echo $ga_secret; ?>
|
578 |
+
</div>
|
579 |
+
<div style="font-size: 80%;color: #666666;">
|
580 |
+
<?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
|
581 |
+
</div>
|
582 |
+
</div>
|
583 |
+
<li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
|
584 |
+
<li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
|
585 |
+
</ol>
|
586 |
+
</div>
|
587 |
+
</div>
|
588 |
+
<div class="mcol-2">
|
589 |
+
<div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
|
590 |
+
<div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
|
591 |
+
<form name="" method="post" id="mo2f_inline_verify_ga_code_form">
|
592 |
+
<span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
|
593 |
+
<br />
|
594 |
+
<input type="hidden" name="option" value="miniorange_inline_ga_validate">
|
595 |
+
<input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
|
596 |
+
<div class="center">
|
597 |
+
<input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
|
598 |
+
</div>
|
599 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
600 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
601 |
+
<input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
|
602 |
+
</form>
|
603 |
+
<form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
|
604 |
+
<input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
|
605 |
+
<input type="hidden" name="option" value="miniorange_back_inline"/>
|
606 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
607 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
608 |
+
<input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
|
609 |
+
</form>
|
610 |
+
</div>
|
611 |
+
<br>
|
612 |
+
<br>
|
613 |
+
<?php mo2f_customize_logo() ?>
|
614 |
+
</div>
|
615 |
+
</div>
|
616 |
+
</div>
|
617 |
+
</div>
|
618 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
619 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
620 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
621 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
622 |
+
</form>
|
623 |
+
<form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
|
624 |
+
<input type="hidden" name="google_phone_type" />
|
625 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
626 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
627 |
+
<input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
|
628 |
+
</form>
|
629 |
+
|
630 |
+
<script>
|
631 |
+
jQuery('#authenticator_type').change(function(){
|
632 |
+
var auth_type = jQuery(this).val();
|
633 |
+
if(auth_type == 'google_authenticator'){
|
634 |
+
jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
|
635 |
+
'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, ' +
|
636 |
+
'<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b> </p>');
|
637 |
+
jQuery('#mo2f_change_app_name').show();
|
638 |
+
jQuery('#links_to_apps').show();
|
639 |
+
}else if(auth_type == 'msft_authenticator'){
|
640 |
+
jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
|
641 |
+
'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, ' +
|
642 |
+
'<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b> </p>');
|
643 |
+
jQuery('#links_to_apps').show();
|
644 |
+
}else if(auth_type == 'free_otp_auth'){
|
645 |
+
jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
|
646 |
+
'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, ' +
|
647 |
+
'<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b> </p>');
|
648 |
+
jQuery('#links_to_apps').show();
|
649 |
+
}else if(auth_type == 'duo_auth'){
|
650 |
+
jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
|
651 |
+
'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, ' +
|
652 |
+
'<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b> </p>');
|
653 |
+
jQuery('#links_to_apps').show();
|
654 |
+
}else if(auth_type == 'authy_authenticator'){
|
655 |
+
jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
|
656 |
+
'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, ' +
|
657 |
+
'<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b> </p>');
|
658 |
+
jQuery('#links_to_apps').show();
|
659 |
+
}else{
|
660 |
+
jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
|
661 |
+
'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, ' +
|
662 |
+
'<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b> </p>');
|
663 |
+
jQuery('#mo2f_change_app_name').show();
|
664 |
+
jQuery('#links_to_apps').show();
|
665 |
+
}
|
666 |
+
});
|
667 |
+
function mologinback(){
|
668 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
669 |
+
}
|
670 |
+
jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
|
671 |
+
var selectedPhone = jQuery(this).val();
|
672 |
+
document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
|
673 |
+
jQuery('#mo2f_inline_app_type_ga_form').submit();
|
674 |
+
});
|
675 |
+
jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
|
676 |
+
jQuery("#mo2f_scanbarcode_a").toggle();
|
677 |
+
});
|
678 |
+
jQuery(document).ready(function() {
|
679 |
+
jQuery('.mo2f_gauth').qrcode({
|
680 |
+
'render': 'image',
|
681 |
+
size: 175,
|
682 |
+
'text': jQuery('.mo2f_gauth').data('qrcode')
|
683 |
+
});
|
684 |
+
});
|
685 |
+
</script>
|
686 |
+
</body>
|
687 |
+
<?php
|
688 |
+
echo '<head>';
|
689 |
+
echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
|
690 |
+
echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
|
691 |
+
echo '</head>';
|
692 |
+
}
|
693 |
+
|
694 |
+
function mo2f_inline_css_and_js(){
|
695 |
+
echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
|
696 |
+
echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))). '" ></script>';
|
697 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
|
698 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))). '" />';
|
699 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
|
700 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))) . '" />';
|
701 |
+
}
|
702 |
+
|
703 |
+
|
704 |
+
function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
|
705 |
+
$data = $qrCode;
|
706 |
+
$mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id );
|
707 |
+
$url = MO_HOST_NAME;
|
708 |
+
$opt=fetch_methods($current_user);
|
709 |
+
?>
|
710 |
+
<p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
|
711 |
+
<div class="red" style="color:#E74C3C;">
|
712 |
+
<p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
|
713 |
+
<div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
|
714 |
+
<?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
|
715 |
+
<ol>
|
716 |
+
<li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
|
717 |
+
<li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
|
718 |
+
<li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
|
719 |
+
</ol>
|
720 |
+
</div>
|
721 |
+
<table class="mo2f_settings_table">
|
722 |
+
<a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
|
723 |
+
<div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
|
724 |
+
</div>
|
725 |
+
</table>
|
726 |
+
<center>
|
727 |
+
<?php
|
728 |
+
if (sizeof($opt) > 1) { ?>
|
729 |
+
<input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
|
730 |
+
<?php }
|
731 |
+
?>
|
732 |
+
</center>
|
733 |
+
<script>
|
734 |
+
jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
|
735 |
+
jQuery('#mo2f_inline_configureapp_form').submit();
|
736 |
+
});
|
737 |
+
jQuery("#mo2f_configurePhone").empty();
|
738 |
+
jQuery("#mo2f_app_div").hide();
|
739 |
+
var timeout;
|
740 |
+
pollInlineMobileRegistration();
|
741 |
+
function pollInlineMobileRegistration()
|
742 |
+
{
|
743 |
+
var transId = "<?php echo $mo2f_login_transaction_id; ?>";
|
744 |
+
var jsonString = "{\"txId\":\""+ transId + "\"}";
|
745 |
+
var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
|
746 |
+
jQuery.ajax({
|
747 |
+
url: postUrl,
|
748 |
+
type : "POST",
|
749 |
+
dataType : "json",
|
750 |
+
data : jsonString,
|
751 |
+
contentType : "application/json; charset=utf-8",
|
752 |
+
success : function(result) {
|
753 |
+
var status = JSON.parse(JSON.stringify(result)).status;
|
754 |
+
if (status == 'SUCCESS') {
|
755 |
+
var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
|
756 |
+
jQuery("#displayInlineQrCode").empty();
|
757 |
+
jQuery("#displayInlineQrCode").append(content);
|
758 |
+
setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
|
759 |
+
} else if (status == 'ERROR' || status == 'FAILED') {
|
760 |
+
var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
|
761 |
+
jQuery("#displayInlineQrCode").empty();
|
762 |
+
jQuery("#displayInlineQrCode").append(content);
|
763 |
+
jQuery("#messages").empty();
|
764 |
+
jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
|
765 |
+
} else {
|
766 |
+
timeout = setTimeout(pollInlineMobileRegistration, 3000);
|
767 |
+
}
|
768 |
+
}
|
769 |
+
});
|
770 |
+
}
|
771 |
+
</script>
|
772 |
+
<?php
|
773 |
+
}
|
774 |
+
function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
|
775 |
+
$current_user = get_userdata($current_user_id);
|
776 |
+
$opt=fetch_methods($current_user);
|
777 |
+
|
778 |
+
?>
|
779 |
+
<html>
|
780 |
+
<head> <meta charset="utf-8"/>
|
781 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
782 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
783 |
+
<?php
|
784 |
+
mo2f_inline_css_and_js();
|
785 |
+
?>
|
786 |
+
<style>
|
787 |
+
.mo2f_kba_ques, .mo2f_table_textbox{
|
788 |
+
background: whitesmoke none repeat scroll 0% 0%;
|
789 |
+
}
|
790 |
+
</style>
|
791 |
+
</head>
|
792 |
+
<body>
|
793 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
794 |
+
<div class="mo2f-modal-backdrop"></div>
|
795 |
+
<div class="mo2f_modal-dialog mo2f_modal-lg">
|
796 |
+
<div class="login mo_customer_validation-modal-content">
|
797 |
+
<div class="mo2f_modal-header">
|
798 |
+
<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
799 |
+
<?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
|
800 |
+
</div>
|
801 |
+
<div class="mo2f_modal-body">
|
802 |
+
<?php if(isset($login_message) && !empty($login_message)) { ?>
|
803 |
+
<div id="otpMessage">
|
804 |
+
<p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
|
805 |
+
</div>
|
806 |
+
<?php } ?>
|
807 |
+
<form name="f" method="post" action="" >
|
808 |
+
<?php mo2f_configure_kba_questions(); ?>
|
809 |
+
<br />
|
810 |
+
<div class ="row">
|
811 |
+
<div class="col-md-4" style="margin: 0 auto;width: 100px;">
|
812 |
+
<input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
|
813 |
+
<button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
|
814 |
+
|
815 |
+
</div>
|
816 |
+
</div>
|
817 |
+
<input type="hidden" name="option" value="mo2f_inline_kba_option" />
|
818 |
+
<input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
|
819 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
820 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
821 |
+
</form>
|
822 |
+
<?php if (sizeof($opt) > 1) { ?>
|
823 |
+
<form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
|
824 |
+
<div class ="row">
|
825 |
+
<div class="col-md-4" style="margin: 0 auto;width: 100px;">
|
826 |
+
<input type="hidden" name="option" value="miniorange_back_inline"/>
|
827 |
+
</div>
|
828 |
+
</div>
|
829 |
+
<input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
|
830 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
831 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
832 |
+
</form>
|
833 |
+
<?php } ?>
|
834 |
+
|
835 |
+
<?php mo2f_customize_logo() ?>
|
836 |
+
</div>
|
837 |
+
</div>
|
838 |
+
</div>
|
839 |
+
</div>
|
840 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
841 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
842 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
843 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
844 |
+
</form>
|
845 |
+
|
846 |
+
<script>
|
847 |
+
|
848 |
+
|
849 |
+
|
850 |
+
|
851 |
+
|
852 |
+
|
853 |
+
function mologinback(){
|
854 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
855 |
+
}
|
856 |
+
|
857 |
+
function mobackinline(){
|
858 |
+
jQuery('#mo2f_goto_two_factor_form').submit();
|
859 |
+
}
|
860 |
+
</script>
|
861 |
+
</body>
|
862 |
+
</html>
|
863 |
+
<?php
|
864 |
+
}function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
|
865 |
+
$current_user = get_userdata($current_user_id);
|
866 |
+
$opt=fetch_methods($current_user);
|
867 |
+
?>
|
868 |
+
<html>
|
869 |
+
<head> <meta charset="utf-8"/>
|
870 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
871 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
872 |
+
<?php
|
873 |
+
mo2f_inline_css_and_js();
|
874 |
+
?>
|
875 |
+
<style>
|
876 |
+
.mo2f_kba_ques, .mo2f_table_textbox{
|
877 |
+
background: whitesmoke none repeat scroll 0% 0%;
|
878 |
+
}
|
879 |
+
</style>
|
880 |
+
</head>
|
881 |
+
<body>
|
882 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
883 |
+
<div class="mo2f-modal-backdrop"></div>
|
884 |
+
<div class="mo2f_modal-dialog mo2f_modal-lg">
|
885 |
+
<div class="login mo_customer_validation-modal-content">
|
886 |
+
<div class="mo2f_modal-header">
|
887 |
+
<h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
888 |
+
<b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
|
889 |
+
</div>
|
890 |
+
<div class="mo2f_modal-body">
|
891 |
+
<?php if(isset($login_message) && !empty($login_message)){ ?>
|
892 |
+
<div id="otpMessage">
|
893 |
+
<p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
|
894 |
+
</div>
|
895 |
+
<?php } ?>
|
896 |
+
<form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
|
897 |
+
<input type="hidden" name="option" value="miniorange_inline_register" />
|
898 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
899 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
900 |
+
<p>This method requires you to have an account with miniOrange.</p>
|
901 |
+
<table class="mo_wpns_settings_table">
|
902 |
+
<tr>
|
903 |
+
<td><b><font color="#FF0000">*</font>Email:</b></td>
|
904 |
+
<td><input class="mo_wpns_table_textbox" type="email" name="email"
|
905 |
+
required placeholder="person@example.com"/></td>
|
906 |
+
</tr>
|
907 |
+
<tr>
|
908 |
+
<td><b><font color="#FF0000">*</font>Password:</b></td>
|
909 |
+
<td><input class="mo_wpns_table_textbox" required type="password"
|
910 |
+
name="password" placeholder="Choose your password (Min. length 6)" /></td>
|
911 |
+
</tr>
|
912 |
+
<tr>
|
913 |
+
<td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
|
914 |
+
<td><input class="mo_wpns_table_textbox" required type="password"
|
915 |
+
name="confirmPassword" placeholder="Confirm your password" /></td>
|
916 |
+
</tr>
|
917 |
+
<tr>
|
918 |
+
<td> </td>
|
919 |
+
<td><br><input type="submit" name="submit" value="Create Account"
|
920 |
+
class="miniorange_button" />
|
921 |
+
<a href="#mo2f_account_exist">Already have an account?</a>
|
922 |
+
</tr>
|
923 |
+
</table>
|
924 |
+
</form>
|
925 |
+
<form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
|
926 |
+
<p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
|
927 |
+
<input type="hidden" name="option" value="miniorange_inline_login"/>
|
928 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
929 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
930 |
+
<table class="mo_wpns_settings_table">
|
931 |
+
<tr>
|
932 |
+
<td><b><font color="#FF0000">*</font>Email:</b></td>
|
933 |
+
<td><input class="mo_wpns_table_textbox" type="email" name="email"
|
934 |
+
required placeholder="person@example.com"
|
935 |
+
/></td>
|
936 |
+
</tr>
|
937 |
+
<tr>
|
938 |
+
<td><b><font color="#FF0000">*</font>Password:</b></td>
|
939 |
+
<td><input class="mo_wpns_table_textbox" required type="password"
|
940 |
+
name="password" placeholder="Enter your miniOrange password" /></td>
|
941 |
+
</tr>
|
942 |
+
<tr>
|
943 |
+
<td> </td>
|
944 |
+
<td><input type="submit" class="miniorange_button" />
|
945 |
+
<input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
|
946 |
+
</tr>
|
947 |
+
</table>
|
948 |
+
</form>
|
949 |
+
<br>
|
950 |
+
<input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
|
951 |
+
<?php mo2f_customize_logo() ?>
|
952 |
+
</div>
|
953 |
+
</div>
|
954 |
+
</div>
|
955 |
+
</div>
|
956 |
+
<form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
|
957 |
+
<input type="hidden" name="option" value="miniorange_back_inline"/>
|
958 |
+
<input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
|
959 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
960 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
961 |
+
</form>
|
962 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
963 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
964 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
965 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
966 |
+
</form>
|
967 |
+
|
968 |
+
<script>
|
969 |
+
jQuery('#mo2f_inline_back_btn').click(function() {
|
970 |
+
jQuery('#mo2f_goto_two_factor_form').submit();
|
971 |
+
});
|
972 |
+
jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
|
973 |
+
jQuery('#mo2f_inline_login_form').show();
|
974 |
+
jQuery('#mo2f_inline_register_form').hide();
|
975 |
+
});
|
976 |
+
jQuery('#cancel_link').click(function(){
|
977 |
+
jQuery('#mo2f_inline_register_form').show();
|
978 |
+
jQuery('#mo2f_inline_login_form').hide();
|
979 |
+
});
|
980 |
+
function mologinback(){
|
981 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
982 |
+
}
|
983 |
+
</script>
|
984 |
+
</body>
|
985 |
+
</html>
|
986 |
+
<?php
|
987 |
+
}
|
988 |
+
function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
|
989 |
+
global $Mo2fdbQueries;
|
990 |
+
?>
|
991 |
+
<html>
|
992 |
+
<head> <meta charset="utf-8"/>
|
993 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
994 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
995 |
+
<?php
|
996 |
+
mo2f_inline_css_and_js();
|
997 |
+
?>
|
998 |
+
<style>
|
999 |
+
.mo2f_kba_ques, .mo2f_table_textbox{
|
1000 |
+
background: whitesmoke none repeat scroll 0% 0%;
|
1001 |
+
}
|
1002 |
+
</style>
|
1003 |
+
</head>
|
1004 |
+
<body>
|
1005 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
1006 |
+
<div class="mo2f-modal-backdrop"></div>
|
1007 |
+
<div class="mo2f_modal-dialog mo2f_modal-lg">
|
1008 |
+
<div class="login mo_customer_validation-modal-content">
|
1009 |
+
<div class="mo2f_modal-header">
|
1010 |
+
<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
1011 |
+
<?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
|
1012 |
+
</div>
|
1013 |
+
<div class="mo2f_modal-body center">
|
1014 |
+
<?php
|
1015 |
+
global $Mo2fdbQueries;
|
1016 |
+
$mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
|
1017 |
+
if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
|
1018 |
+
$mo2f_second_factor = 'Email Verification';
|
1019 |
+
}else if($mo2f_second_factor == 'SMS'){
|
1020 |
+
$mo2f_second_factor = 'OTP over SMS';
|
1021 |
+
}else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
|
1022 |
+
$mo2f_second_factor = 'OTP_OVER_EMAIL';
|
1023 |
+
}else if($mo2f_second_factor == 'PHONE VERIFICATION'){
|
1024 |
+
$mo2f_second_factor = 'Phone Call Verification';
|
1025 |
+
}else if($mo2f_second_factor == 'SOFT TOKEN'){
|
1026 |
+
$mo2f_second_factor = 'Soft Token';
|
1027 |
+
}else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
|
1028 |
+
$mo2f_second_factor = 'QR Code Authentication';
|
1029 |
+
}else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
|
1030 |
+
$mo2f_second_factor = 'Push Notification';
|
1031 |
+
}else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
|
1032 |
+
if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
|
1033 |
+
$mo2f_second_factor = 'Google Authenticator';
|
1034 |
+
}else{
|
1035 |
+
$mo2f_second_factor = 'Authy 2-Factor Authentication';
|
1036 |
+
}
|
1037 |
+
}else if($mo2f_second_factor == 'KBA'){
|
1038 |
+
$mo2f_second_factor = 'Security Questions (KBA)';
|
1039 |
+
}
|
1040 |
+
$Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
|
1041 |
+
$status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
|
1042 |
+
|
1043 |
+
if(get_site_option( 'mo2f_disable_kba' )!=1){
|
1044 |
+
if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
|
1045 |
+
?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
|
1046 |
+
<div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
|
1047 |
+
<?php if(isset($login_message) && !empty($login_message)){ ?>
|
1048 |
+
<div id="otpMessage">
|
1049 |
+
<p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
|
1050 |
+
</div>
|
1051 |
+
<?php } ?>
|
1052 |
+
<h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
|
1053 |
+
<form name="f" method="post" action="" >
|
1054 |
+
<?php mo2f_configure_kba_questions(); ?>
|
1055 |
+
<br>
|
1056 |
+
<center>
|
1057 |
+
<input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
|
1058 |
+
</center>
|
1059 |
+
<input type="hidden" name="mo2f_inline_kba_option" />
|
1060 |
+
<input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
|
1061 |
+
<input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
|
1062 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1063 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
1064 |
+
</form>
|
1065 |
+
</div>
|
1066 |
+
<?php }
|
1067 |
+
}else{
|
1068 |
+
$mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
|
1069 |
+
$Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
|
1070 |
+
$status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
|
1071 |
+
}
|
1072 |
+
if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
|
1073 |
+
if(get_site_option('mo2f_remember_device')!=1)
|
1074 |
+
{
|
1075 |
+
$pass2fa= new Miniorange_Password_2Factor_Login();
|
1076 |
+
$pass2fa->mo2fa_pass2login(site_url());
|
1077 |
+
?>
|
1078 |
+
<center>
|
1079 |
+
<p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
|
1080 |
+
<?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
|
1081 |
+
</p>
|
1082 |
+
</center>
|
1083 |
+
<br>
|
1084 |
+
<center>
|
1085 |
+
<p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
|
1086 |
+
<br>
|
1087 |
+
</center>
|
1088 |
+
<?php
|
1089 |
+
}else{
|
1090 |
+
$redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
|
1091 |
+
$mo_enable_rem = new Miniorange_Password_2Factor_Login();
|
1092 |
+
mo2f_collect_device_attributes_handler($redirect_to,$session_id);
|
1093 |
+
}
|
1094 |
+
}
|
1095 |
+
mo2f_customize_logo() ?>
|
1096 |
+
</div>
|
1097 |
+
</div>
|
1098 |
+
</div>
|
1099 |
+
</div>
|
1100 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
1101 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
1102 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1103 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
1104 |
+
</form>
|
1105 |
+
|
1106 |
+
<script>
|
1107 |
+
function mologinback(){
|
1108 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
1109 |
+
}
|
1110 |
+
</script>
|
1111 |
+
</body>
|
1112 |
+
</html>
|
1113 |
+
<?php
|
1114 |
+
}
|
1115 |
+
|
1116 |
+
function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
|
1117 |
+
$current_user = get_userdata($current_user_id);
|
1118 |
+
$opt=fetch_methods($current_user);
|
1119 |
+
global $Mo2fdbQueries;
|
1120 |
+
$current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
|
1121 |
+
$current_user = get_userdata($current_user_id);
|
1122 |
+
$email = $current_user->user_email;
|
1123 |
+
?>
|
1124 |
+
<html>
|
1125 |
+
<head> <meta charset="utf-8"/>
|
1126 |
+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
1127 |
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
1128 |
+
<?php
|
1129 |
+
mo2f_inline_css_and_js();
|
1130 |
+
|
1131 |
+
echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))) . '" ></script>';
|
1132 |
+
echo '<script src="' . plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))). '" ></script>';
|
1133 |
+
echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
|
1134 |
+
?>
|
1135 |
+
</head>
|
1136 |
+
<body>
|
1137 |
+
<div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
|
1138 |
+
<div class="mo2f-modal-backdrop"></div>
|
1139 |
+
<div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
|
1140 |
+
<div class="login mo_customer_validation-modal-content">
|
1141 |
+
<div class="mo2f_modal-header">
|
1142 |
+
<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
|
1143 |
+
<?php
|
1144 |
+
if($current_selected_method == 'SMS AND EMAIL'){?>
|
1145 |
+
<?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
|
1146 |
+
<?php }
|
1147 |
+
else if($current_selected_method == 'OTP OVER EMAIL'){
|
1148 |
+
?>
|
1149 |
+
<?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
|
1150 |
+
<?php }
|
1151 |
+
else{
|
1152 |
+
?>
|
1153 |
+
<?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
|
1154 |
+
<?php } ?>
|
1155 |
+
</div>
|
1156 |
+
<div class="mo2f_modal-body">
|
1157 |
+
<?php if(isset($login_message) && !empty($login_message)) { ?>
|
1158 |
+
<div id="otpMessage"
|
1159 |
+
<?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
|
1160 |
+
>
|
1161 |
+
<p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
|
1162 |
+
</div>
|
1163 |
+
<?php if(isset($login_message)) {?> <br/> <?php } ?>
|
1164 |
+
<?php } ?>
|
1165 |
+
<div class="mo2f_row">
|
1166 |
+
<form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
|
1167 |
+
<p>
|
1168 |
+
<?php
|
1169 |
+
if($current_selected_method == 'SMS AND EMAIL'){?>
|
1170 |
+
<?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
|
1171 |
+
<?php
|
1172 |
+
}else if($current_selected_method == 'OTP OVER EMAIL'){
|
1173 |
+
//no message
|
1174 |
+
}else{
|
1175 |
+
?>
|
1176 |
+
<?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
|
1177 |
+
<?php }
|
1178 |
+
if(!($current_selected_method == 'OTP OVER EMAIL')){
|
1179 |
+
?>
|
1180 |
+
<input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
|
1181 |
+
value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
|
1182 |
+
<?php } ?>
|
1183 |
+
<?php
|
1184 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
|
1185 |
+
if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
|
1186 |
+
<input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
|
1187 |
+
value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
|
1188 |
+
<?php } ?>
|
1189 |
+
<input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
|
1190 |
+
<input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
|
1191 |
+
<input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
|
1192 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1193 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
1194 |
+
</form>
|
1195 |
+
</div>
|
1196 |
+
<form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
|
1197 |
+
<p>
|
1198 |
+
<?php
|
1199 |
+
if($current_selected_method == 'SMS AND EMAIL'){?>
|
1200 |
+
<h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
|
1201 |
+
<?php }
|
1202 |
+
else{
|
1203 |
+
?>
|
1204 |
+
<?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
|
1205 |
+
<?php } ?>
|
1206 |
+
<input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
|
1207 |
+
<span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span>
|
1208 |
+
<?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
|
1209 |
+
<a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
|
1210 |
+
<?php } else {?>
|
1211 |
+
<a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
|
1212 |
+
<?php } ?>
|
1213 |
+
<br /><br />
|
1214 |
+
<input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
|
1215 |
+
<?php if (sizeof($opt) > 1) { ?>
|
1216 |
+
|
1217 |
+
<input type="hidden" name="option" value="miniorange_back_inline"/>
|
1218 |
+
<input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
|
1219 |
+
<?php } ?>
|
1220 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1221 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
1222 |
+
<input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
|
1223 |
+
<input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
|
1224 |
+
</form>
|
1225 |
+
<?php mo2f_customize_logo() ?>
|
1226 |
+
</div>
|
1227 |
+
</div>
|
1228 |
+
</div>
|
1229 |
+
</div>
|
1230 |
+
<form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
|
1231 |
+
<input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
|
1232 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1233 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
1234 |
+
</form>
|
1235 |
+
<form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
|
1236 |
+
<input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
|
1237 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1238 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
1239 |
+
</form>
|
1240 |
+
<?php if (sizeof($opt) > 1) { ?>
|
1241 |
+
<form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
|
1242 |
+
<input type="hidden" name="option" value="miniorange_back_inline"/>
|
1243 |
+
<input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
|
1244 |
+
<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
|
1245 |
+
<input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
|
1246 |
+
</form>
|
1247 |
+
<?php } ?>
|
1248 |
+
<script>
|
1249 |
+
jQuery("#phone").intlTelInput();
|
1250 |
+
function mologinback(){
|
1251 |
+
jQuery('#mo2f_backto_mo_loginform').submit();
|
1252 |
+
}
|
1253 |
+
jQuery('#mo2f_inline_back_btn').click(function() {
|
1254 |
+
jQuery('#mo2f_goto_two_factor_form').submit();
|
1255 |
+
});
|
1256 |
+
jQuery('a[href="#resendsmslink"]').click(function(e) {
|
1257 |
+
jQuery('#mo2fa_inline_resend_otp_form').submit();
|
1258 |
+
});
|
1259 |
+
</script>
|
1260 |
+
</body>
|
1261 |
+
|
1262 |
+
</html>
|
1263 |
+
<?php
|
1264 |
+
}
|
controllers/twofa/two_fa_unlimittedUser.php
CHANGED
@@ -1,3 +1,3 @@
|
|
1 |
-
<?php
|
2 |
-
global $moWpnsUtility, $mo2f_dirName;
|
3 |
-
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
|
1 |
+
<?php
|
2 |
+
global $moWpnsUtility, $mo2f_dirName;
|
3 |
+
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
|
controllers/twofa/two_fa_unlimittedUser_ajax.php
CHANGED
@@ -1,47 +1,47 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
class WPNS_unlimittedUser
|
4 |
-
{
|
5 |
-
function __construct(){
|
6 |
-
|
7 |
-
add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
|
8 |
-
}
|
9 |
-
|
10 |
-
function mo_two_fa_unlimittedUser_ajax(){
|
11 |
-
add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
|
12 |
-
}
|
13 |
-
|
14 |
-
function wpns_two_fa_unlimittedUser(){
|
15 |
-
switch($_POST['wpns_unlimittedUser_ajax'])
|
16 |
-
{
|
17 |
-
case 'save':
|
18 |
-
$this->wpns_handle_save(); break;
|
19 |
-
}
|
20 |
-
}
|
21 |
-
function wpns_handle_save()
|
22 |
-
{
|
23 |
-
|
24 |
-
if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
|
25 |
-
wp_send_json('ERROR');
|
26 |
-
return;
|
27 |
-
}
|
28 |
-
global $wp_roles;
|
29 |
-
if (!isset($wp_roles))
|
30 |
-
$wp_roles = new WP_Roles();
|
31 |
-
foreach($wp_roles->role_names as $id => $name) {
|
32 |
-
update_option('mo2fa_'.$id, 0);
|
33 |
-
}
|
34 |
-
$enabledrole = $_POST['enabledrole'];
|
35 |
-
foreach($enabledrole as $role){
|
36 |
-
update_option($role, 1);
|
37 |
-
}
|
38 |
-
update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
|
39 |
-
update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
|
40 |
-
update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
|
41 |
-
update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
|
42 |
-
update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
|
43 |
-
wp_send_json('true');
|
44 |
-
return;
|
45 |
-
}
|
46 |
-
}new WPNS_unlimittedUser();
|
47 |
?>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class WPNS_unlimittedUser
|
4 |
+
{
|
5 |
+
function __construct(){
|
6 |
+
|
7 |
+
add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
|
8 |
+
}
|
9 |
+
|
10 |
+
function mo_two_fa_unlimittedUser_ajax(){
|
11 |
+
add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
|
12 |
+
}
|
13 |
+
|
14 |
+
function wpns_two_fa_unlimittedUser(){
|
15 |
+
switch($_POST['wpns_unlimittedUser_ajax'])
|
16 |
+
{
|
17 |
+
case 'save':
|
18 |
+
$this->wpns_handle_save(); break;
|
19 |
+
}
|
20 |
+
}
|
21 |
+
function wpns_handle_save()
|
22 |
+
{
|
23 |
+
|
24 |
+
if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
|
25 |
+
wp_send_json('ERROR');
|
26 |
+
return;
|
27 |
+
}
|
28 |
+
global $wp_roles;
|
29 |
+
if (!isset($wp_roles))
|
30 |
+
$wp_roles = new WP_Roles();
|
31 |
+
foreach($wp_roles->role_names as $id => $name) {
|
32 |
+
update_option('mo2fa_'.$id, 0);
|
33 |
+
}
|
34 |
+
$enabledrole = $_POST['enabledrole'];
|
35 |
+
foreach($enabledrole as $role){
|
36 |
+
update_option($role, 1);
|
37 |
+
}
|
38 |
+
update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
|
39 |
+
update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
|
40 |
+
update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
|
41 |
+
update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
|
42 |
+
update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
|
43 |
+
wp_send_json('true');
|
44 |
+
return;
|
45 |
+
}
|
46 |
+
}new WPNS_unlimittedUser();
|
47 |
?>
|
controllers/upgrade.php
CHANGED
@@ -1,3 +1,2 @@
|
|
1 |
<?php
|
2 |
-
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
|
3 |
-
MoWpnsUtility::checkSecurity();
|
1 |
<?php
|
2 |
+
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
|
|
controllers/wpns-loginsecurity-ajax.php
CHANGED
@@ -48,7 +48,8 @@ class wpns_ajax
|
|
48 |
$this->wpns_all_plans(); break;
|
49 |
case 'wpns_logout_form':
|
50 |
$this->wpns_logout_form(); break;
|
51 |
-
|
|
|
52 |
}
|
53 |
}
|
54 |
|
@@ -61,6 +62,36 @@ class wpns_ajax
|
|
61 |
$obj = new Miniorange_Password_2Factor_Login();
|
62 |
$obj->check_kba_validation($_POST);
|
63 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
64 |
function mo2f_ajax_login()
|
65 |
{
|
66 |
if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
|
@@ -85,6 +116,7 @@ class wpns_ajax
|
|
85 |
delete_option('mo2f_api_key');
|
86 |
delete_option('mo2f_customer_token');
|
87 |
delete_option('mo_wpns_transactionId');
|
|
|
88 |
delete_option('mo_wpns_registration_status');
|
89 |
delete_option( 'mo_2factor_admin_registration_status' );
|
90 |
|
@@ -129,6 +161,7 @@ class wpns_ajax
|
|
129 |
update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
|
130 |
update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
|
131 |
if($brute_force == "on"){
|
|
|
132 |
wp_send_json('true');
|
133 |
}
|
134 |
else if($brute_force == ""){
|
@@ -490,6 +523,7 @@ class wpns_ajax
|
|
490 |
{
|
491 |
update_option('WAF','PluginLevel');
|
492 |
update_option('WAFEnabled','1');
|
|
|
493 |
echo("PWAFenabled");exit;
|
494 |
}
|
495 |
}
|
@@ -513,6 +547,7 @@ class wpns_ajax
|
|
513 |
{
|
514 |
update_option('WAF','HtaccessLevel');
|
515 |
update_option('WAFEnabled','1');
|
|
|
516 |
$dir_name = dirname(__FILE__);
|
517 |
$dirN = $dir_name;
|
518 |
$dirN = str_replace('\\', '/', $dirN);
|
@@ -1171,6 +1206,7 @@ class wpns_ajax
|
|
1171 |
update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
|
1172 |
update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
|
1173 |
update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
|
|
|
1174 |
wp_send_json('true');
|
1175 |
}
|
1176 |
else if($enable_captcha == ""){
|
48 |
$this->wpns_all_plans(); break;
|
49 |
case 'wpns_logout_form':
|
50 |
$this->wpns_logout_form(); break;
|
51 |
+
case 'wpns_check_transaction':
|
52 |
+
$this->wpns_check_transaction(); break;
|
53 |
}
|
54 |
}
|
55 |
|
62 |
$obj = new Miniorange_Password_2Factor_Login();
|
63 |
$obj->check_kba_validation($_POST);
|
64 |
}
|
65 |
+
function wpns_check_transaction()
|
66 |
+
{
|
67 |
+
$customerT = new Customer_Cloud_Setup();
|
68 |
+
$content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
|
69 |
+
if($content['status'] == 'SUCCESS')
|
70 |
+
{
|
71 |
+
update_site_option('mo2f_license_type','PREMIUM');
|
72 |
+
}
|
73 |
+
else
|
74 |
+
{
|
75 |
+
update_site_option('mo2f_license_type','DEMO');
|
76 |
+
$content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
|
77 |
+
}
|
78 |
+
if(isset($content['smsRemaining']))
|
79 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
|
80 |
+
else if($content['status'] =='SUCCESS')
|
81 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
|
82 |
+
if(isset($content['emailRemaining']))
|
83 |
+
{
|
84 |
+
$available_transaction = get_site_option('EmailTransactionCurrent', 30);
|
85 |
+
if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
|
86 |
+
{
|
87 |
+
$currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
|
88 |
+
if($available_transaction>30)
|
89 |
+
$currentTransaction = $currentTransaction-$available_transaction;
|
90 |
+
update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
|
91 |
+
update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
|
92 |
+
}
|
93 |
+
}
|
94 |
+
}
|
95 |
function mo2f_ajax_login()
|
96 |
{
|
97 |
if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
|
116 |
delete_option('mo2f_api_key');
|
117 |
delete_option('mo2f_customer_token');
|
118 |
delete_option('mo_wpns_transactionId');
|
119 |
+
delete_site_option('EmailTransactionCurrent');
|
120 |
delete_option('mo_wpns_registration_status');
|
121 |
delete_option( 'mo_2factor_admin_registration_status' );
|
122 |
|
161 |
update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
|
162 |
update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
|
163 |
if($brute_force == "on"){
|
164 |
+
update_site_option('bruteforce_notification_option',1);
|
165 |
wp_send_json('true');
|
166 |
}
|
167 |
else if($brute_force == ""){
|
523 |
{
|
524 |
update_option('WAF','PluginLevel');
|
525 |
update_option('WAFEnabled','1');
|
526 |
+
update_site_option('waf_notification_option','1');
|
527 |
echo("PWAFenabled");exit;
|
528 |
}
|
529 |
}
|
547 |
{
|
548 |
update_option('WAF','HtaccessLevel');
|
549 |
update_option('WAFEnabled','1');
|
550 |
+
update_site_option('waf_notification_option','1');
|
551 |
$dir_name = dirname(__FILE__);
|
552 |
$dirN = $dir_name;
|
553 |
$dirN = str_replace('\\', '/', $dirN);
|
1206 |
update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
|
1207 |
update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
|
1208 |
update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
|
1209 |
+
update_site_option('recaptcha_notification_option',1);
|
1210 |
wp_send_json('true');
|
1211 |
}
|
1212 |
else if($enable_captcha == ""){
|
database/database_functions.php
CHANGED
@@ -120,7 +120,7 @@
|
|
120 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
121 |
{
|
122 |
$sql = "CREATE TABLE " . $tableName . " (
|
123 |
-
`id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
|
124 |
dbDelta($sql);
|
125 |
}
|
126 |
$result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
|
@@ -130,6 +130,20 @@
|
|
130 |
$sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
|
131 |
$resluts = $wpdb->query($sql1);
|
132 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
133 |
|
134 |
$tableName = $this->scanreportdetails;
|
135 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
@@ -151,9 +165,14 @@
|
|
151 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
152 |
{
|
153 |
$sql = "CREATE TABLE " . $tableName . " (
|
154 |
-
`id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
|
155 |
dbDelta($sql);
|
156 |
}
|
|
|
|
|
|
|
|
|
|
|
157 |
|
158 |
$tableName = $this->hashfile;
|
159 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
@@ -495,6 +514,32 @@
|
|
495 |
}
|
496 |
}
|
497 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
498 |
function add_report_details($reportid, $filename, $report){
|
499 |
global $wpdb;
|
500 |
$wpdb->insert(
|
@@ -578,12 +623,14 @@
|
|
578 |
if(!empty($file_path_array)){
|
579 |
$size=sizeof($file_path_array);
|
580 |
$default=0;
|
581 |
-
$query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`) VALUES";
|
582 |
for ($i=1; $i <= $size ; $i++) {
|
583 |
$value= $file_path_array[$i];
|
584 |
-
$
|
585 |
-
$
|
586 |
-
$
|
|
|
|
|
587 |
if($i < $size){
|
588 |
$query.= ",";
|
589 |
}
|
@@ -655,9 +702,9 @@
|
|
655 |
return $result;
|
656 |
}
|
657 |
|
658 |
-
function get_files_for_repo(){
|
659 |
global $wpdb;
|
660 |
-
$sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 LIMIT 100';
|
661 |
$result=$wpdb->get_results($sql);
|
662 |
return $result;
|
663 |
}
|
120 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
121 |
{
|
122 |
$sql = "CREATE TABLE " . $tableName . " (
|
123 |
+
`id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
|
124 |
dbDelta($sql);
|
125 |
}
|
126 |
$result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
|
130 |
$sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
|
131 |
$resluts = $wpdb->query($sql1);
|
132 |
}
|
133 |
+
$result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
|
134 |
+
if(is_null($result)){
|
135 |
+
$sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `malicious_links` ;";
|
136 |
+
$results1 = $wpdb->query($sql);
|
137 |
+
$sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
|
138 |
+
$resluts = $wpdb->query($sql1);
|
139 |
+
}
|
140 |
+
$result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'net_connection'");
|
141 |
+
if(is_null($result)){
|
142 |
+
$sql = "ALTER TABLE `$tableName` ADD `net_connection` mediumtext AFTER `repo_key` ;";
|
143 |
+
$results1 = $wpdb->query($sql);
|
144 |
+
$sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
|
145 |
+
$resluts = $wpdb->query($sql1);
|
146 |
+
}
|
147 |
|
148 |
$tableName = $this->scanreportdetails;
|
149 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
165 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
166 |
{
|
167 |
$sql = "CREATE TABLE " . $tableName . " (
|
168 |
+
`id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
|
169 |
dbDelta($sql);
|
170 |
}
|
171 |
+
$result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
|
172 |
+
if(is_null($result)){
|
173 |
+
$sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
|
174 |
+
$results1 = $wpdb->query($sql);
|
175 |
+
}
|
176 |
|
177 |
$tableName = $this->hashfile;
|
178 |
if($wpdb->get_var("show tables like '$tableName'") != $tableName)
|
514 |
}
|
515 |
}
|
516 |
|
517 |
+
function mo2f_update_net_issue($reportid){
|
518 |
+
global $wpdb;
|
519 |
+
$wpdb->update(
|
520 |
+
$this->malwarereportTable,
|
521 |
+
array(
|
522 |
+
'net_connection' => 1
|
523 |
+
),
|
524 |
+
array(
|
525 |
+
'id' => $reportid
|
526 |
+
)
|
527 |
+
);
|
528 |
+
}
|
529 |
+
|
530 |
+
function mo2f_update_repo_issue($reportid, $issue){
|
531 |
+
global $wpdb;
|
532 |
+
$wpdb->update(
|
533 |
+
$this->malwarereportTable,
|
534 |
+
array(
|
535 |
+
'repo_key' => $issue
|
536 |
+
),
|
537 |
+
array(
|
538 |
+
'id' => $reportid
|
539 |
+
)
|
540 |
+
);
|
541 |
+
}
|
542 |
+
|
543 |
function add_report_details($reportid, $filename, $report){
|
544 |
global $wpdb;
|
545 |
$wpdb->insert(
|
623 |
if(!empty($file_path_array)){
|
624 |
$size=sizeof($file_path_array);
|
625 |
$default=0;
|
626 |
+
$query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
|
627 |
for ($i=1; $i <= $size ; $i++) {
|
628 |
$value= $file_path_array[$i];
|
629 |
+
$file_path = $value['file'];
|
630 |
+
$file_path = addslashes($file_path);
|
631 |
+
$hash_value= md5($file_path);
|
632 |
+
$repo_key = $value['key'];
|
633 |
+
$query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
|
634 |
if($i < $size){
|
635 |
$query.= ",";
|
636 |
}
|
702 |
return $result;
|
703 |
}
|
704 |
|
705 |
+
function get_files_for_repo($repo_key){
|
706 |
global $wpdb;
|
707 |
+
$sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
|
708 |
$result=$wpdb->get_results($sql);
|
709 |
return $result;
|
710 |
}
|
handler/WAF/database/mo-waf-db-common.php
CHANGED
@@ -1,25 +1,25 @@
|
|
1 |
-
<?php
|
2 |
-
function retrivefullname($name)
|
3 |
-
{
|
4 |
-
|
5 |
-
switch ($name) {
|
6 |
-
case 'XSS':
|
7 |
-
return 'Cross-site Scripting';
|
8 |
-
case 'SQL':
|
9 |
-
return 'SQL injection';
|
10 |
-
case 'RCE':
|
11 |
-
return 'Remote Code Execution';
|
12 |
-
case 'LFI':
|
13 |
-
return 'Local File Inclusion';
|
14 |
-
case 'RFI':
|
15 |
-
return 'Remote File Inclusion';
|
16 |
-
case 'RLE':
|
17 |
-
return 'Rate limiting Exceeded';
|
18 |
-
case 'RLECrawler':
|
19 |
-
return 'Rate limit Exceeded for crawler';
|
20 |
-
default:
|
21 |
-
return $name;
|
22 |
-
|
23 |
-
}
|
24 |
-
|
25 |
}
|
1 |
+
<?php
|
2 |
+
function retrivefullname($name)
|
3 |
+
{
|
4 |
+
|
5 |
+
switch ($name) {
|
6 |
+
case 'XSS':
|
7 |
+
return 'Cross-site Scripting';
|
8 |
+
case 'SQL':
|
9 |
+
return 'SQL injection';
|
10 |
+
case 'RCE':
|
11 |
+
return 'Remote Code Execution';
|
12 |
+
case 'LFI':
|
13 |
+
return 'Local File Inclusion';
|
14 |
+
case 'RFI':
|
15 |
+
return 'Remote File Inclusion';
|
16 |
+
case 'RLE':
|
17 |
+
return 'Rate limiting Exceeded';
|
18 |
+
case 'RLECrawler':
|
19 |
+
return 'Rate limit Exceeded for crawler';
|
20 |
+
default:
|
21 |
+
return $name;
|
22 |
+
|
23 |
+
}
|
24 |
+
|
25 |
}
|
handler/WAF/database/mo-waf-plugin-db.php
CHANGED
@@ -1,91 +1,91 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
include_once('mo-waf-db-common.php');
|
4 |
-
function setting_file()
|
5 |
-
{
|
6 |
-
global $prefix,$dbcon;
|
7 |
-
$dir_name = dirname(__FILE__);
|
8 |
-
$dir_name1 = explode('wp-content', $dir_name);
|
9 |
-
$dir_name = $dir_name1[0];
|
10 |
-
$filepath = str_replace('\\', '/', $dir_name1[0]);
|
11 |
-
$fileName = $filepath.'/wp-includes/mo-waf-config.php';
|
12 |
-
$missingFile = 0;
|
13 |
-
if(!file_exists($fileName))
|
14 |
-
{
|
15 |
-
$missingFile = 1;
|
16 |
-
}
|
17 |
-
if($missingFile==1)
|
18 |
-
{
|
19 |
-
$file = fopen($fileName, "a+");
|
20 |
-
$string = "<?php".PHP_EOL;
|
21 |
-
$string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
|
22 |
-
$string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
|
23 |
-
$string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
|
24 |
-
$string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
|
25 |
-
$string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
|
26 |
-
$string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
|
27 |
-
$string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
|
28 |
-
|
29 |
-
if(get_option('actionRateL') == 0)
|
30 |
-
$string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
|
31 |
-
else
|
32 |
-
$string .= '$actionRateL="BlockIP";'.PHP_EOL;
|
33 |
-
|
34 |
-
$string .= '?>'.PHP_EOL;
|
35 |
-
fwrite($file, $string);
|
36 |
-
fclose($file);
|
37 |
-
return $fileName;
|
38 |
-
}
|
39 |
-
return "notMissing";
|
40 |
-
|
41 |
-
}
|
42 |
-
|
43 |
-
function getRLEAttack($ipaddress)
|
44 |
-
{
|
45 |
-
global $wpdb;
|
46 |
-
$query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
|
47 |
-
$results = $wpdb->get_results($query);
|
48 |
-
return $results[0]->time;
|
49 |
-
}
|
50 |
-
function log_attack($ipaddress,$value1,$value)
|
51 |
-
{
|
52 |
-
global $wpdb;
|
53 |
-
$value = htmlspecialchars($value);
|
54 |
-
$query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
55 |
-
$results = $wpdb->get_results($query);
|
56 |
-
$query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
|
57 |
-
$results = $wpdb->get_results($query);
|
58 |
-
return $results[0]->count;
|
59 |
-
}
|
60 |
-
|
61 |
-
|
62 |
-
function CheckRate($ipaddress)
|
63 |
-
{
|
64 |
-
global $wpdb;
|
65 |
-
$time = 60;
|
66 |
-
clearRate($time);
|
67 |
-
insertRate($ipaddress);
|
68 |
-
$query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
|
69 |
-
$results = $wpdb->get_results($query);
|
70 |
-
|
71 |
-
if(isset($results[0]->count))
|
72 |
-
{
|
73 |
-
return $results[0]->count;
|
74 |
-
}
|
75 |
-
return 0;
|
76 |
-
|
77 |
-
}
|
78 |
-
function clearRate($time)
|
79 |
-
{
|
80 |
-
global $wpdb;
|
81 |
-
$query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
|
82 |
-
$results = $wpdb->get_results($query);
|
83 |
-
}
|
84 |
-
function insertRate($ipaddress)
|
85 |
-
{
|
86 |
-
global $wpdb;
|
87 |
-
$query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
|
88 |
-
$results = $wpdb->get_results($query);
|
89 |
-
}
|
90 |
-
|
91 |
?>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
include_once('mo-waf-db-common.php');
|
4 |
+
function setting_file()
|
5 |
+
{
|
6 |
+
global $prefix,$dbcon;
|
7 |
+
$dir_name = dirname(__FILE__);
|
8 |
+
$dir_name1 = explode('wp-content', $dir_name);
|
9 |
+
$dir_name = $dir_name1[0];
|
10 |
+
$filepath = str_replace('\\', '/', $dir_name1[0]);
|
11 |
+
$fileName = $filepath.'/wp-includes/mo-waf-config.php';
|
12 |
+
$missingFile = 0;
|
13 |
+
if(!file_exists($fileName))
|
14 |
+
{
|
15 |
+
$missingFile = 1;
|
16 |
+
}
|
17 |
+
if($missingFile==1)
|
18 |
+
{
|
19 |
+
$file = fopen($fileName, "a+");
|
20 |
+
$string = "<?php".PHP_EOL;
|
21 |
+
$string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
|
22 |
+
$string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
|
23 |
+
$string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
|
24 |
+
$string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
|
25 |
+
$string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
|
26 |
+
$string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
|
27 |
+
$string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
|
28 |
+
|
29 |
+
if(get_option('actionRateL') == 0)
|
30 |
+
$string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
|
31 |
+
else
|
32 |
+
$string .= '$actionRateL="BlockIP";'.PHP_EOL;
|
33 |
+
|
34 |
+
$string .= '?>'.PHP_EOL;
|
35 |
+
fwrite($file, $string);
|
36 |
+
fclose($file);
|
37 |
+
return $fileName;
|
38 |
+
}
|
39 |
+
return "notMissing";
|
40 |
+
|
41 |
+
}
|
42 |
+
|
43 |
+
function getRLEAttack($ipaddress)
|
44 |
+
{
|
45 |
+
global $wpdb;
|
46 |
+
$query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
|
47 |
+
$results = $wpdb->get_results($query);
|
48 |
+
return $results[0]->time;
|
49 |
+
}
|
50 |
+
function log_attack($ipaddress,$value1,$value)
|
51 |
+
{
|
52 |
+
global $wpdb;
|
53 |
+
$value = htmlspecialchars($value);
|
54 |
+
$query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
55 |
+
$results = $wpdb->get_results($query);
|
56 |
+
$query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
|
57 |
+
$results = $wpdb->get_results($query);
|
58 |
+
return $results[0]->count;
|
59 |
+
}
|
60 |
+
|
61 |
+
|
62 |
+
function CheckRate($ipaddress)
|
63 |
+
{
|
64 |
+
global $wpdb;
|
65 |
+
$time = 60;
|
66 |
+
clearRate($time);
|
67 |
+
insertRate($ipaddress);
|
68 |
+
$query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
|
69 |
+
$results = $wpdb->get_results($query);
|
70 |
+
|
71 |
+
if(isset($results[0]->count))
|
72 |
+
{
|
73 |
+
return $results[0]->count;
|
74 |
+
}
|
75 |
+
return 0;
|
76 |
+
|
77 |
+
}
|
78 |
+
function clearRate($time)
|
79 |
+
{
|
80 |
+
global $wpdb;
|
81 |
+
$query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
|
82 |
+
$results = $wpdb->get_results($query);
|
83 |
+
}
|
84 |
+
function insertRate($ipaddress)
|
85 |
+
{
|
86 |
+
global $wpdb;
|
87 |
+
$query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
|
88 |
+
$results = $wpdb->get_results($query);
|
89 |
+
}
|
90 |
+
|
91 |
?>
|
handler/ajax.php
CHANGED
@@ -18,24 +18,28 @@ class AjaxHandler
|
|
18 |
case "iplookup":
|
19 |
$this->lookupIP($_GET['ip']); break;
|
20 |
|
21 |
-
|
22 |
-
$this->handle_feedback(); break;
|
23 |
case "dissmissSMTP":
|
24 |
$this->handle_smtp(); break;
|
25 |
case "whitelistself":
|
26 |
$this->whitelist_self(); break;
|
27 |
-
case "dismissinfected":
|
28 |
-
$this->wpns_infected_notice(); break;
|
29 |
-
case "dismissinfected_always":
|
30 |
-
$this->wpns_infected_notice_always(); break;
|
31 |
case "dismissplugin":
|
32 |
$this->wpns_plugin_notice(); break;
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
}
|
40 |
}
|
41 |
}
|
@@ -80,11 +84,7 @@ class AjaxHandler
|
|
80 |
|
81 |
}
|
82 |
|
83 |
-
|
84 |
-
{
|
85 |
-
update_option('donot_show_feedback_message',1);
|
86 |
-
wp_send_json('success');
|
87 |
-
}
|
88 |
|
89 |
private function whitelist_self()
|
90 |
{
|
@@ -94,43 +94,42 @@ class AjaxHandler
|
|
94 |
wp_send_json('success');
|
95 |
}
|
96 |
|
97 |
-
|
98 |
{
|
99 |
-
update_option('infected_dismiss', time());
|
100 |
-
wp_send_json('success');
|
101 |
-
}
|
102 |
|
103 |
-
|
104 |
-
|
105 |
-
update_option('donot_show_infected_file_notice', 1);
|
106 |
wp_send_json('success');
|
107 |
}
|
108 |
|
109 |
-
|
110 |
-
|
111 |
-
|
112 |
-
|
113 |
-
$args=array();
|
114 |
-
$theme_current= wp_get_themes($args);
|
115 |
-
update_option('mo_wpns_last_themes', $theme_current);
|
116 |
-
wp_send_json('success');
|
117 |
}
|
118 |
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
123 |
}
|
124 |
|
125 |
-
|
126 |
-
|
127 |
-
|
128 |
-
|
129 |
}
|
130 |
|
131 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
132 |
{
|
133 |
-
|
|
|
134 |
wp_send_json('success');
|
135 |
}
|
136 |
|
18 |
case "iplookup":
|
19 |
$this->lookupIP($_GET['ip']); break;
|
20 |
|
21 |
+
|
|
|
22 |
case "dissmissSMTP":
|
23 |
$this->handle_smtp(); break;
|
24 |
case "whitelistself":
|
25 |
$this->whitelist_self(); break;
|
|
|
|
|
|
|
|
|
26 |
case "dismissplugin":
|
27 |
$this->wpns_plugin_notice(); break;
|
28 |
+
|
29 |
+
case "dismissbackup":
|
30 |
+
$this->wpns_dismiss_backup_notice(); break;
|
31 |
+
|
32 |
+
case "dismissbruteforce":
|
33 |
+
$this->wpns_dismiss_bruteforce_notice(); break;
|
34 |
+
|
35 |
+
case "dismissrecaptcha":
|
36 |
+
$this-> wpns_dismiss_recaptcha_notice(); break;
|
37 |
+
|
38 |
+
case "dismissfirewall":
|
39 |
+
$this->wpns_dismiss_firewall_notice(); break;
|
40 |
+
|
41 |
+
case "dismisscodeswarning":
|
42 |
+
$this->mo2f_backup_codes_dismiss(); break;
|
43 |
}
|
44 |
}
|
45 |
}
|
84 |
|
85 |
}
|
86 |
|
87 |
+
|
|
|
|
|
|
|
|
|
88 |
|
89 |
private function whitelist_self()
|
90 |
{
|
94 |
wp_send_json('success');
|
95 |
}
|
96 |
|
97 |
+
private function wpns_plugin_notice()
|
98 |
{
|
|
|
|
|
|
|
99 |
|
100 |
+
update_site_option('malware_notification_option', 1);
|
101 |
+
update_site_option('notice_dismiss_time',time());
|
|
|
102 |
wp_send_json('success');
|
103 |
}
|
104 |
|
105 |
+
function wpns_dismiss_backup_notice(){
|
106 |
+
update_site_option('backup_notification_option', 1);
|
107 |
+
update_site_option('notice_dismiss_time',time());
|
108 |
+
wp_send_json('success');
|
|
|
|
|
|
|
|
|
109 |
}
|
110 |
|
111 |
+
function wpns_dismiss_bruteforce_notice(){
|
112 |
+
update_site_option(' bruteforce_notification_option', 1);
|
113 |
+
update_site_option('notice_dismiss_time',time());
|
114 |
+
wp_send_json('success');
|
115 |
}
|
116 |
|
117 |
+
function wpns_dismiss_recaptcha_notice(){
|
118 |
+
update_site_option('recaptcha_notification_option', 1);
|
119 |
+
update_site_option('notice_dismiss_time',time());
|
120 |
+
wp_send_json('success');
|
121 |
}
|
122 |
|
123 |
+
function wpns_dismiss_firewall_notice(){
|
124 |
+
update_site_option('waf_notification_option', 1);
|
125 |
+
update_site_option('notice_dismiss_time',time());
|
126 |
+
wp_send_json('success');
|
127 |
+
}
|
128 |
+
|
129 |
+
private function mo2f_backup_codes_dismiss()
|
130 |
{
|
131 |
+
$user_id = get_current_user_id();
|
132 |
+
update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
|
133 |
wp_send_json('success');
|
134 |
}
|
135 |
|
handler/backup.php
CHANGED
@@ -47,7 +47,7 @@ function file_cron_backup(){
|
|
47 |
if(get_site_option('mo_file_backup_wp_files') == '1'){
|
48 |
$this->wpfiles_backup($backup_store_path, $time);
|
49 |
}
|
50 |
-
|
51 |
}
|
52 |
|
53 |
function file_manual_backup(){
|
@@ -68,7 +68,7 @@ function file_manual_backup(){
|
|
68 |
if(get_site_option('mo_file_manual_backup_wp_files') == '1'){
|
69 |
$this->wpfiles_backup($backup_store_path, $time);
|
70 |
}
|
71 |
-
|
72 |
}
|
73 |
|
74 |
function file_eb_backup_interval($schedules){
|
47 |
if(get_site_option('mo_file_backup_wp_files') == '1'){
|
48 |
$this->wpfiles_backup($backup_store_path, $time);
|
49 |
}
|
50 |
+
update_site_option('backup_notification_option',1);
|
51 |
}
|
52 |
|
53 |
function file_manual_backup(){
|
68 |
if(get_site_option('mo_file_manual_backup_wp_files') == '1'){
|
69 |
$this->wpfiles_backup($backup_store_path, $time);
|
70 |
}
|
71 |
+
update_site_option('backup_notification_option',1);
|
72 |
}
|
73 |
|
74 |
function file_eb_backup_interval($schedules){
|
handler/malware_scanner.php
CHANGED
@@ -1,669 +1,669 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
class Mo_wpns_Scan_Handler{
|
4 |
-
private $total_files_to_scan;
|
5 |
-
public $scanned_files = array();
|
6 |
-
function __construct(){
|
7 |
-
|
8 |
-
}
|
9 |
-
function mo2f_scan_all_files($scan_config){
|
10 |
-
update_option('mo_wpns_scan_initialize', 0);
|
11 |
-
update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
|
12 |
-
update_option('mo_wpns_files_scanned',0);
|
13 |
-
update_option('mo_wpns_infected_files',0);
|
14 |
-
ini_set('memory_limit', '-1');
|
15 |
-
ini_set('max_execution_time', 0);
|
16 |
-
$result = array();
|
17 |
-
$folderpaths = array();
|
18 |
-
$wp_repo_file = array();
|
19 |
-
$folderNames = "";
|
20 |
-
$repo_check_status = $scan_config['check_repo'];
|
21 |
-
$repo_check_status_code = 0;
|
22 |
-
$base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
|
23 |
-
$hostname = 'wordpress.org';
|
24 |
-
$wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
25 |
-
if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
|
26 |
-
$scan_config['check_repo'] = 0;
|
27 |
-
$repo_check_status_code = -97;
|
28 |
-
}
|
29 |
-
if (!$wordpress_server_status) {
|
30 |
-
$scan_config['check_repo'] = 0;
|
31 |
-
$repo_check_status_code = -98;
|
32 |
-
}
|
33 |
-
$repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
|
34 |
-
if($scan_config['core_scan'] == 1){
|
35 |
-
$folderpaths['base'] = $base;
|
36 |
-
$folderNames .= "WP Files;";
|
37 |
-
}
|
38 |
-
if($scan_config['plugin_scan'] == 1){
|
39 |
-
$folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
|
40 |
-
$folderNames .= "Plugins;";
|
41 |
-
}
|
42 |
-
if($scan_config['theme_scan'] == 1){
|
43 |
-
$folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
|
44 |
-
$folderNames .= "Themes;";
|
45 |
-
}
|
46 |
-
if($scan_config['check_repo'] == 1){
|
47 |
-
$folderNames .= "WP Repo Files;";
|
48 |
-
}
|
49 |
-
$this->count_total_files($folderpaths, $base, $scan_config);
|
50 |
-
|
51 |
-
if ( ! function_exists( 'get_plugins' ) ) {
|
52 |
-
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
53 |
-
}
|
54 |
-
if ( ! function_exists( 'plugins_api' ) ) {
|
55 |
-
require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
|
56 |
-
}
|
57 |
-
if($scan_config['check_repo'] == 1){
|
58 |
-
if(!is_dir($repo_file_path)){
|
59 |
-
mkdir($repo_file_path);
|
60 |
-
}
|
61 |
-
if($scan_config['core_scan'] == 1){
|
62 |
-
require(ABSPATH . 'wp-includes/version.php');
|
63 |
-
//wordpress name to be changed to be changed based on version
|
64 |
-
$zip_name="wp-".$wp_version;
|
65 |
-
$wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
|
66 |
-
update_option('downloaded_wordpress_repo_name', $zip_name);
|
67 |
-
if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
|
68 |
-
$result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
|
69 |
-
if($result === -99){
|
70 |
-
$scan_config['check_repo'] = 0;
|
71 |
-
$repo_check_status_code = -99;
|
72 |
-
}else if(!$result){
|
73 |
-
$scan_config['check_repo'] = 0;
|
74 |
-
$repo_check_status_code = -100;
|
75 |
-
}
|
76 |
-
}
|
77 |
-
}
|
78 |
-
if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
|
79 |
-
$wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
|
80 |
-
if(!is_dir($wp_plugin_repo_file)){
|
81 |
-
mkdir($wp_plugin_repo_file);
|
82 |
-
}
|
83 |
-
$wp_repo_file['plugins']=$wp_plugin_repo_file;
|
84 |
-
$plugin_list=get_site_transient( 'update_plugins' );
|
85 |
-
$all_plugins=array();
|
86 |
-
foreach ($plugin_list as $key => $value) {
|
87 |
-
if($key=='response'||$key=='no_update'){
|
88 |
-
foreach ($value as $ke => $val) {
|
89 |
-
$all_plugins[$ke] = $val;
|
90 |
-
}
|
91 |
-
}
|
92 |
-
}
|
93 |
-
$result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
|
94 |
-
if($result === -99){
|
95 |
-
$scan_config['check_repo'] = 0;
|
96 |
-
$repo_check_status_code = -99;
|
97 |
-
}else if(!$result){
|
98 |
-
$scan_config['check_repo'] = 0;
|
99 |
-
$repo_check_status_code = -100;
|
100 |
-
}
|
101 |
-
}
|
102 |
-
if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
|
103 |
-
$wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
|
104 |
-
if(!is_dir($wp_theme_repo_file)){
|
105 |
-
mkdir($wp_theme_repo_file);
|
106 |
-
}
|
107 |
-
$wp_repo_file['themes']=$wp_theme_repo_file;
|
108 |
-
$all_themes=get_site_transient( 'update_themes' )->checked;
|
109 |
-
$result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
|
110 |
-
if($result === -99){
|
111 |
-
$scan_config['check_repo'] = 0;
|
112 |
-
$repo_check_status_code = -99;
|
113 |
-
}else if(!$result){
|
114 |
-
$scan_config['check_repo'] = 0;
|
115 |
-
$repo_check_status_code = -100;
|
116 |
-
}
|
117 |
-
}
|
118 |
-
}
|
119 |
-
$mo2f_malware_db_handler = new MoWpnsDB();
|
120 |
-
$time = current_time('timestamp');
|
121 |
-
$result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
|
122 |
-
$reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
|
123 |
-
if($result['scan']){
|
124 |
-
foreach ($result['scan'] as $key => $value) {
|
125 |
-
$mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
|
126 |
-
}
|
127 |
-
}
|
128 |
-
$result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
|
129 |
-
$mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
|
130 |
-
if(is_dir($repo_file_path)){
|
131 |
-
$this->remove_dir($repo_file_path);
|
132 |
-
}
|
133 |
-
update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
|
134 |
-
$total_scan=$mo2f_malware_db_handler->count_files();
|
135 |
-
$total_malicious=$mo2f_malware_db_handler->count_malicious_files();
|
136 |
-
$last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
|
137 |
-
$malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
|
138 |
-
if($total_scan > 999){
|
139 |
-
$total_scan=($total_scan/1000);
|
140 |
-
$total_scan= round($total_scan,1)."k";
|
141 |
-
}
|
142 |
-
if($total_malicious > 999){
|
143 |
-
$total_malicious=($total_malicious/1000);
|
144 |
-
$total_malicious= round($total_malicious,1)."k";
|
145 |
-
}
|
146 |
-
$response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
|
147 |
-
wp_send_json($response);
|
148 |
-
}
|
149 |
-
|
150 |
-
function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
|
151 |
-
foreach($themes_or_plugins as $key => $data){
|
152 |
-
if($type=='plugins'){
|
153 |
-
$plugin_slug=$data->slug;
|
154 |
-
$plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
|
155 |
-
$plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
|
156 |
-
$plugin_version=$plugin_data['Version'];
|
157 |
-
if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
|
158 |
-
$result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
|
159 |
-
if($result === -99){
|
160 |
-
return -99;
|
161 |
-
}else if(!$result){
|
162 |
-
return false;
|
163 |
-
}
|
164 |
-
}
|
165 |
-
} else if($type=='themes'){
|
166 |
-
if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
|
167 |
-
$result= $this->download_repo($key, $data, $path, $type);
|
168 |
-
if($result === -99){
|
169 |
-
return -99;
|
170 |
-
}else if(!$result){
|
171 |
-
return false;
|
172 |
-
}
|
173 |
-
}
|
174 |
-
}
|
175 |
-
}
|
176 |
-
return true;
|
177 |
-
}
|
178 |
-
|
179 |
-
function download_repo($zip_name, $version, $path, $type=''){
|
180 |
-
if ($type=='plugins') {
|
181 |
-
$download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
|
182 |
-
$plugin_name=$zip_name.'.'.$version;
|
183 |
-
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
184 |
-
if( $download_result){
|
185 |
-
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
186 |
-
return $result;
|
187 |
-
}else {
|
188 |
-
$download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
|
189 |
-
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
190 |
-
if( $download_result){
|
191 |
-
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
192 |
-
return $result;
|
193 |
-
}else {
|
194 |
-
error_log("Unable to download Plugin: ".$plugin_name);
|
195 |
-
return -99;
|
196 |
-
}
|
197 |
-
return -99;
|
198 |
-
}
|
199 |
-
} else if($type=='themes'){
|
200 |
-
$theme_name=$zip_name.'.'.$version;
|
201 |
-
$download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
|
202 |
-
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
203 |
-
if( $download_result){
|
204 |
-
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
205 |
-
return $result;
|
206 |
-
}else {
|
207 |
-
$download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
|
208 |
-
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
209 |
-
if( $download_result){
|
210 |
-
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
211 |
-
return $result;
|
212 |
-
}else {
|
213 |
-
error_log("Unable to download Theme: ".$theme_name);
|
214 |
-
return -99;
|
215 |
-
}
|
216 |
-
return -99;
|
217 |
-
}
|
218 |
-
} else {
|
219 |
-
$download_link="https://wordpress.org/wordpress-".$version.".zip";
|
220 |
-
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
|
221 |
-
if($download_result){
|
222 |
-
$result=$this->unzip_downloaded_repo($zip_name, $path);
|
223 |
-
return $result;
|
224 |
-
} else {
|
225 |
-
error_log("Unable to download wordpress-".$version);
|
226 |
-
return -99;
|
227 |
-
}
|
228 |
-
}
|
229 |
-
return false;
|
230 |
-
}
|
231 |
-
|
232 |
-
function unzip_downloaded_repo($name, $path){
|
233 |
-
$zip = new ZipArchive;
|
234 |
-
$folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
|
235 |
-
$res = $zip->open($folder_path);
|
236 |
-
if ($res === TRUE) {
|
237 |
-
// extract it to the path we determined above
|
238 |
-
$result = $zip->extractTo($path);
|
239 |
-
$zip->close();
|
240 |
-
if ($name == get_option('downloaded_wordpress_repo_name')) {
|
241 |
-
rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
|
242 |
-
}
|
243 |
-
unlink($folder_path);
|
244 |
-
return true;
|
245 |
-
} else {
|
246 |
-
return false;
|
247 |
-
}
|
248 |
-
}
|
249 |
-
|
250 |
-
function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
|
251 |
-
if(!empty($folderpaths)){
|
252 |
-
if ( in_array( 'curl', get_loaded_extensions() ) ) {
|
253 |
-
$scanresults=array();
|
254 |
-
$nooffiles=0;
|
255 |
-
$scan_malware_count = 0;
|
256 |
-
$repo_issue_count = 0;
|
257 |
-
$malicious_link_count = 0;
|
258 |
-
$file_ext = $scan_config['file_extension'];
|
259 |
-
$host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
|
260 |
-
$extensions = array();
|
261 |
-
$hostname = 'scanner.api.xecurify.com';
|
262 |
-
$malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
263 |
-
if(empty($file_ext)){
|
264 |
-
}else{
|
265 |
-
if(strpos($file_ext,';') !=false){
|
266 |
-
$extensions = explode(";", $file_ext);
|
267 |
-
}else{
|
268 |
-
array_push($extensions, $file_ext);
|
269 |
-
}
|
270 |
-
}
|
271 |
-
$folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
|
272 |
-
$skip_path_array= array();
|
273 |
-
for($i=0; $i<count($folder_skip_array); $i++){
|
274 |
-
$pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
|
275 |
-
$n= sizeof($pathParts)-1;
|
276 |
-
$folder= $pathParts[$n];
|
277 |
-
array_push($skip_path_array, $folder);
|
278 |
-
}
|
279 |
-
$enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
|
280 |
-
foreach ($folderpaths as $value) {
|
281 |
-
$onearr = array();
|
282 |
-
if (is_dir($value)) {
|
283 |
-
foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
|
284 |
-
if ($item->isFile()) {
|
285 |
-
$scanresult=array();
|
286 |
-
$source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
|
287 |
-
if ($value == $base && ($scan_config['core_scan'] == 1)){
|
288 |
-
$arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
|
289 |
-
if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
|
290 |
-
|
291 |
-
}else{
|
292 |
-
continue;
|
293 |
-
}
|
294 |
-
}elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
295 |
-
continue;
|
296 |
-
} elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
297 |
-
continue;
|
298 |
-
}
|
299 |
-
$flag_skip=0;
|
300 |
-
if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
|
301 |
-
for($q=0; $q<count($skip_path_array); $q++){
|
302 |
-
if(strpos($source_file_path, $skip_path_array[$q])){
|
303 |
-
$flag_skip=1;
|
304 |
-
break;
|
305 |
-
}
|
306 |
-
}
|
307 |
-
}
|
308 |
-
if($flag_skip == 1){
|
309 |
-
continue;
|
310 |
-
}
|
311 |
-
$ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
|
312 |
-
$extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
|
313 |
-
if($extns){
|
314 |
-
$nooffiles++;
|
315 |
-
if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
|
316 |
-
update_option('mo_wpns_files_scanned', $nooffiles);
|
317 |
-
}
|
318 |
-
}
|
319 |
-
|
320 |
-
$hash_of_file= md5_file($source_file_path);
|
321 |
-
$res=$mo2f_malware_db_handler->check_hash($hash_of_file);
|
322 |
-
|
323 |
-
$datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
|
324 |
-
$scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
|
325 |
-
$repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
|
326 |
-
$extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
|
327 |
-
$malware_status = $scanmalware? 0 : 1;
|
328 |
-
$repo_status = $repocheck? 0 : 1;
|
329 |
-
$link_status = $extlink? 0 : 1;
|
330 |
-
if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
|
331 |
-
|
332 |
-
else{
|
333 |
-
$flag_update=0;
|
334 |
-
$file_content=file_get_contents($source_file_path);
|
335 |
-
$source_file_path_size = str_replace("\\", "/", $source_file_path);
|
336 |
-
if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
|
337 |
-
$malware_status = 1;
|
338 |
-
$cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
|
339 |
-
$postdata = array('file' => $cfile);
|
340 |
-
$content_type = 'multipart/form-data';
|
341 |
-
$issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
|
342 |
-
if ($issues) {
|
343 |
-
$scan_malware_count++;
|
344 |
-
$scanresult['scan'] = $issues;
|
345 |
-
$flag_update=1;
|
346 |
-
}
|
347 |
-
}else{
|
348 |
-
|
349 |
-
}
|
350 |
-
|
351 |
-
if($scan_config['check_repo'] == 1 && $repocheck && $extns){
|
352 |
-
if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
|
353 |
-
if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
|
354 |
-
$repo_status = 1;
|
355 |
-
if($value==$base){
|
356 |
-
$repo_file_path=$repo_folder_path['base'];
|
357 |
-
} elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
|
358 |
-
$repo_file_path=$repo_folder_path['plugins'];
|
359 |
-
} elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
|
360 |
-
$repo_file_path=$repo_folder_path['themes'];
|
361 |
-
}
|
362 |
-
$issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
|
363 |
-
if(!empty($issues)){
|
364 |
-
$repo_issue_count++;
|
365 |
-
$scanresult['repo']=$issues;
|
366 |
-
$flag_update=1;
|
367 |
-
}
|
368 |
-
}
|
369 |
-
}
|
370 |
-
}
|
371 |
-
if($extns && $extlink){
|
372 |
-
if($scan_config['ext_link_check'] == 1){
|
373 |
-
$link_status = 1;
|
374 |
-
$elresult= $this->check_external_link($file_content);
|
375 |
-
if(!empty($elresult)){
|
376 |
-
$malicious_link_count++;
|
377 |
-
$flag_update=1;
|
378 |
-
$scanresult['extl']=$elresult;
|
379 |
-
}
|
380 |
-
}
|
381 |
-
}
|
382 |
-
if($flag_update == 0){
|
383 |
-
$malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
|
384 |
-
$repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
|
385 |
-
$link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
|
386 |
-
$scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
|
387 |
-
if(empty($res)){
|
388 |
-
$mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
|
389 |
-
}else{
|
390 |
-
$mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
|
391 |
-
}
|
392 |
-
}else{
|
393 |
-
$infected_files=get_option('mo_wpns_infected_files');
|
394 |
-
$infected_files++;
|
395 |
-
if(!empty($res)){
|
396 |
-
$mo2f_malware_db_handler->delete_hash($source_file_path);
|
397 |
-
}
|
398 |
-
update_option('mo_wpns_infected_files', $infected_files);
|
399 |
-
}
|
400 |
-
}
|
401 |
-
if(!empty($scanresult))
|
402 |
-
$scanresults[$source_file_path]=$scanresult;
|
403 |
-
}
|
404 |
-
}
|
405 |
-
}
|
406 |
-
}
|
407 |
-
$malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
408 |
-
if($malware_server_status){
|
409 |
-
$host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
|
410 |
-
$postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
|
411 |
-
$content_type = 'application/x-www-form-urlencoded';
|
412 |
-
$lastRequest = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
|
413 |
-
}
|
414 |
-
update_option('mo_wpns_files_scanned', $nooffiles);
|
415 |
-
return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
|
416 |
-
}else{
|
417 |
-
return array('message'=>'CURL not installed on the server.');
|
418 |
-
}
|
419 |
-
} else {
|
420 |
-
return array('message'=>'No folder selected for scanning.');
|
421 |
-
}
|
422 |
-
}
|
423 |
-
|
424 |
-
function mo_wpns_check_malware_server_status($host){
|
425 |
-
$fsock = @fsockopen($host, 80, $errno, $errstr, 5);
|
426 |
-
if ( ! $fsock ){
|
427 |
-
return FALSE;
|
428 |
-
}else{
|
429 |
-
fclose($fsock);
|
430 |
-
return TRUE;
|
431 |
-
}
|
432 |
-
}
|
433 |
-
|
434 |
-
function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
|
435 |
-
$response = null;
|
436 |
-
$ch=curl_init($host);
|
437 |
-
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
|
438 |
-
curl_setopt( $ch, CURLOPT_ENCODING, "" );
|
439 |
-
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
|
440 |
-
curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
|
441 |
-
curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
|
442 |
-
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
|
443 |
-
curl_setopt( $ch, CURLOPT_POST, true );
|
444 |
-
curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
|
445 |
-
$results=curl_exec($ch);
|
446 |
-
curl_close($ch);
|
447 |
-
if($results==false){
|
448 |
-
error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
|
449 |
-
}else{
|
450 |
-
$result = json_decode($results, true);
|
451 |
-
if(isset($result['status'])){
|
452 |
-
if ($result['status'] == 'success') {
|
453 |
-
if($result['result']!='OK')
|
454 |
-
$response = $result['result'];
|
455 |
-
}else if($result['status']=='error'){
|
456 |
-
error_log("Exception on server");
|
457 |
-
}
|
458 |
-
}else if(strpos($results, 'Summary')){
|
459 |
-
|
460 |
-
}else{
|
461 |
-
error_log("Any other issues on server");
|
462 |
-
}
|
463 |
-
}
|
464 |
-
return $response;
|
465 |
-
}
|
466 |
-
|
467 |
-
function check_with_repo_files($file_content, $repo_file_path){
|
468 |
-
$issues = array();
|
469 |
-
if(file_exists($repo_file_path)){
|
470 |
-
$content=@file_get_contents($repo_file_path);
|
471 |
-
$hash_repo = md5($content);
|
472 |
-
$hash_file = md5($file_content);
|
473 |
-
if ($hash_file != $hash_repo) {
|
474 |
-
$flag=1;
|
475 |
-
$issues=array("exist" => "Mismatch in Files");
|
476 |
-
}
|
477 |
-
} else {
|
478 |
-
$issues=array('exist'=>'Unwanted File Found');
|
479 |
-
}
|
480 |
-
return $issues;
|
481 |
-
}
|
482 |
-
|
483 |
-
function getlines($contents, $href){
|
484 |
-
$newissues = 0;
|
485 |
-
$lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
|
486 |
-
for($i=0; $i<count($lines); $i++){
|
487 |
-
$line = $lines[$i];
|
488 |
-
if (strpos($line, $href) !== false) {
|
489 |
-
$newissues = $i+1;
|
490 |
-
}
|
491 |
-
}
|
492 |
-
return $newissues;
|
493 |
-
}
|
494 |
-
|
495 |
-
function check_external_link($contents){
|
496 |
-
$issues = array();
|
497 |
-
$hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\']+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
|
498 |
-
if(isset($hrefs[1])){
|
499 |
-
foreach($hrefs[1] as $href){
|
500 |
-
if($this->isexternal($href)){
|
501 |
-
$line=$this->getlines($contents, $href);
|
502 |
-
$issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
|
503 |
-
}
|
504 |
-
}
|
505 |
-
}
|
506 |
-
return $issues;
|
507 |
-
}
|
508 |
-
|
509 |
-
function isexternal($url) {
|
510 |
-
$url = trim($url);
|
511 |
-
$url = trim($url,';');
|
512 |
-
$url = trim($url,'(');
|
513 |
-
$url = trim($url,')');
|
514 |
-
$url = trim($url,"'");
|
515 |
-
$url = trim($url,'"');
|
516 |
-
$components = parse_url($url);
|
517 |
-
if(isset($components['host'])){
|
518 |
-
if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
|
519 |
-
else{
|
520 |
-
if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
|
521 |
-
return true;
|
522 |
-
}
|
523 |
-
}
|
524 |
-
}
|
525 |
-
return false;
|
526 |
-
}
|
527 |
-
function check_vulnerable_code($contents){
|
528 |
-
$issues = array();
|
529 |
-
$tokens = token_get_all($contents);
|
530 |
-
|
531 |
-
for($i=0; $i< sizeof($tokens); $i++) {
|
532 |
-
$token = $tokens[$i];
|
533 |
-
if (is_array($token)) {
|
534 |
-
if(in_array(token_name($token[0]), array("T_EVAL"))){
|
535 |
-
$issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
|
536 |
-
if(!empty($issue))
|
537 |
-
$issues[] = $issue;
|
538 |
-
} else if(in_array(token_name($token[0]), array("T_STRING"))){
|
539 |
-
if(in_array($token[1],array("popen","fsockopen"))){
|
540 |
-
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
|
541 |
-
if(!empty($issue))
|
542 |
-
$issues[] = $issue;
|
543 |
-
} else if(in_array($token[1],array("assert"))){
|
544 |
-
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
|
545 |
-
if(!empty($issue))
|
546 |
-
$issues[] = $issue;
|
547 |
-
} else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
|
548 |
-
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
|
549 |
-
if(!empty($issue))
|
550 |
-
$issues[] = $issue;
|
551 |
-
} else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
|
552 |
-
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
|
553 |
-
if(!empty($issue))
|
554 |
-
$issues[] = $issue;
|
555 |
-
}
|
556 |
-
}
|
557 |
-
}
|
558 |
-
}
|
559 |
-
return $issues;
|
560 |
-
}
|
561 |
-
|
562 |
-
function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
|
563 |
-
|
564 |
-
$flag = 1;
|
565 |
-
$argument = "";
|
566 |
-
$line = "";
|
567 |
-
$issue = array();
|
568 |
-
for($j=$start; $j< sizeof($tokens); $j++) {
|
569 |
-
$innertoken = $tokens[$j];
|
570 |
-
if ($flag==1 && is_array($innertoken)) {
|
571 |
-
$argument .= $innertoken[1];
|
572 |
-
if(empty($line))
|
573 |
-
$line = $innertoken[2];
|
574 |
-
} else if($innertoken==";"){
|
575 |
-
$argument .= ";";
|
576 |
-
if($checkForExternalLink){
|
577 |
-
if($this->isexternal($argument)){
|
578 |
-
$issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
|
579 |
-
}
|
580 |
-
} else {
|
581 |
-
$issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
|
582 |
-
}
|
583 |
-
break;
|
584 |
-
} else if($flag==1){
|
585 |
-
$argument .= $innertoken;
|
586 |
-
}
|
587 |
-
}
|
588 |
-
return $issue;
|
589 |
-
}
|
590 |
-
|
591 |
-
function remove_dir($repo_path){
|
592 |
-
$dir=$repo_path;
|
593 |
-
$it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
|
594 |
-
$files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
|
595 |
-
foreach($files as $file) {
|
596 |
-
if ($file->isDir()){
|
597 |
-
rmdir($file->getRealPath());
|
598 |
-
} else {
|
599 |
-
unlink($file->getRealPath());
|
600 |
-
}
|
601 |
-
}
|
602 |
-
rmdir($dir);
|
603 |
-
}
|
604 |
-
|
605 |
-
function count_total_files($folder_paths, $base, $scan_config){
|
606 |
-
|
607 |
-
$file_count=0;
|
608 |
-
$file_ext = $scan_config['file_extension'];
|
609 |
-
$extensions = array();
|
610 |
-
if(empty($file_ext)){
|
611 |
-
|
612 |
-
}else{
|
613 |
-
if(strpos($file_ext,';') !=false){
|
614 |
-
$extensions = explode(";", $file_ext);
|
615 |
-
}else{
|
616 |
-
array_push($extensions, $file_ext);
|
617 |
-
}
|
618 |
-
}
|
619 |
-
$enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
|
620 |
-
$folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
|
621 |
-
$skip_path_array= array();
|
622 |
-
for($i=0; $i<count($folder_skip_array); $i++){
|
623 |
-
$pathParts = explode('/', $folder_skip_array[$i]);
|
624 |
-
$n= sizeof($pathParts)-1;
|
625 |
-
$folder= $pathParts[$n];
|
626 |
-
array_push($skip_path_array, $folder);
|
627 |
-
}
|
628 |
-
foreach ($folder_paths as $value) {
|
629 |
-
if (is_dir($value)) {
|
630 |
-
foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
|
631 |
-
if ($item->isFile()) {
|
632 |
-
$source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
|
633 |
-
if ($value == $base && ($scan_config['core_scan'] == 1)){
|
634 |
-
$arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
|
635 |
-
if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
|
636 |
-
|
637 |
-
}else{
|
638 |
-
continue;
|
639 |
-
}
|
640 |
-
}elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
641 |
-
continue;
|
642 |
-
} elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
643 |
-
continue;
|
644 |
-
}
|
645 |
-
$flag_skip=0;
|
646 |
-
if (!empty($folder_skip_array)) {
|
647 |
-
for($q=0; $q<count($skip_path_array); $q++){
|
648 |
-
if(strpos($source_file_path, $skip_path_array[$q])){
|
649 |
-
$flag_skip=1;
|
650 |
-
break;
|
651 |
-
}
|
652 |
-
}
|
653 |
-
}
|
654 |
-
if($flag_skip == 1){
|
655 |
-
continue;
|
656 |
-
}
|
657 |
-
$ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
|
658 |
-
$extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
|
659 |
-
if($extns)
|
660 |
-
$file_count++;
|
661 |
-
}
|
662 |
-
}
|
663 |
-
}
|
664 |
-
}
|
665 |
-
update_option('mo_wpns_total_files', $file_count);
|
666 |
-
}
|
667 |
-
}
|
668 |
-
new Mo_wpns_Scan_Handler;
|
669 |
?>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class Mo_wpns_Scan_Handler{
|
4 |
+
private $total_files_to_scan;
|
5 |
+
public $scanned_files = array();
|
6 |
+
function __construct(){
|
7 |
+
|
8 |
+
}
|
9 |
+
function mo2f_scan_all_files($scan_config){
|
10 |
+
update_option('mo_wpns_scan_initialize', 0);
|
11 |
+
update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
|
12 |
+
update_option('mo_wpns_files_scanned',0);
|
13 |
+
update_option('mo_wpns_infected_files',0);
|
14 |
+
ini_set('memory_limit', '-1');
|
15 |
+
ini_set('max_execution_time', 0);
|
16 |
+
$result = array();
|
17 |
+
$folderpaths = array();
|
18 |
+
$wp_repo_file = array();
|
19 |
+
$folderNames = "";
|
20 |
+
$repo_check_status = $scan_config['check_repo'];
|
21 |
+
$repo_check_status_code = 0;
|
22 |
+
$base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
|
23 |
+
$hostname = 'wordpress.org';
|
24 |
+
$wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
25 |
+
if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
|
26 |
+
$scan_config['check_repo'] = 0;
|
27 |
+
$repo_check_status_code = -97;
|
28 |
+
}
|
29 |
+
if (!$wordpress_server_status) {
|
30 |
+
$scan_config['check_repo'] = 0;
|
31 |
+
$repo_check_status_code = -98;
|
32 |
+
}
|
33 |
+
$repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
|
34 |
+
if($scan_config['core_scan'] == 1){
|
35 |
+
$folderpaths['base'] = $base;
|
36 |
+
$folderNames .= "WP Files;";
|
37 |
+
}
|
38 |
+
if($scan_config['plugin_scan'] == 1){
|
39 |
+
$folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
|
40 |
+
$folderNames .= "Plugins;";
|
41 |
+
}
|
42 |
+
if($scan_config['theme_scan'] == 1){
|
43 |
+
$folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
|
44 |
+
$folderNames .= "Themes;";
|
45 |
+
}
|
46 |
+
if($scan_config['check_repo'] == 1){
|
47 |
+
$folderNames .= "WP Repo Files;";
|
48 |
+
}
|
49 |
+
$this->count_total_files($folderpaths, $base, $scan_config);
|
50 |
+
|
51 |
+
if ( ! function_exists( 'get_plugins' ) ) {
|
52 |
+
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
53 |
+
}
|
54 |
+
if ( ! function_exists( 'plugins_api' ) ) {
|
55 |
+
require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
|
56 |
+
}
|
57 |
+
if($scan_config['check_repo'] == 1){
|
58 |
+
if(!is_dir($repo_file_path)){
|
59 |
+
mkdir($repo_file_path);
|
60 |
+
}
|
61 |
+
if($scan_config['core_scan'] == 1){
|
62 |
+
require(ABSPATH . 'wp-includes/version.php');
|
63 |
+
//wordpress name to be changed to be changed based on version
|
64 |
+
$zip_name="wp-".$wp_version;
|
65 |
+
$wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
|
66 |
+
update_option('downloaded_wordpress_repo_name', $zip_name);
|
67 |
+
if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
|
68 |
+
$result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
|
69 |
+
if($result === -99){
|
70 |
+
$scan_config['check_repo'] = 0;
|
71 |
+
$repo_check_status_code = -99;
|
72 |
+
}else if(!$result){
|
73 |
+
$scan_config['check_repo'] = 0;
|
74 |
+
$repo_check_status_code = -100;
|
75 |
+
}
|
76 |
+
}
|
77 |
+
}
|
78 |
+
if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
|
79 |
+
$wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
|
80 |
+
if(!is_dir($wp_plugin_repo_file)){
|
81 |
+
mkdir($wp_plugin_repo_file);
|
82 |
+
}
|
83 |
+
$wp_repo_file['plugins']=$wp_plugin_repo_file;
|
84 |
+
$plugin_list=get_site_transient( 'update_plugins' );
|
85 |
+
$all_plugins=array();
|
86 |
+
foreach ($plugin_list as $key => $value) {
|
87 |
+
if($key=='response'||$key=='no_update'){
|
88 |
+
foreach ($value as $ke => $val) {
|
89 |
+
$all_plugins[$ke] = $val;
|
90 |
+
}
|
91 |
+
}
|
92 |
+
}
|
93 |
+
$result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
|
94 |
+
if($result === -99){
|
95 |
+
$scan_config['check_repo'] = 0;
|
96 |
+
$repo_check_status_code = -99;
|
97 |
+
}else if(!$result){
|
98 |
+
$scan_config['check_repo'] = 0;
|
99 |
+
$repo_check_status_code = -100;
|
100 |
+
}
|
101 |
+
}
|
102 |
+
if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
|
103 |
+
$wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
|
104 |
+
if(!is_dir($wp_theme_repo_file)){
|
105 |
+
mkdir($wp_theme_repo_file);
|
106 |
+
}
|
107 |
+
$wp_repo_file['themes']=$wp_theme_repo_file;
|
108 |
+
$all_themes=get_site_transient( 'update_themes' )->checked;
|
109 |
+
$result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
|
110 |
+
if($result === -99){
|
111 |
+
$scan_config['check_repo'] = 0;
|
112 |
+
$repo_check_status_code = -99;
|
113 |
+
}else if(!$result){
|
114 |
+
$scan_config['check_repo'] = 0;
|
115 |
+
$repo_check_status_code = -100;
|
116 |
+
}
|
117 |
+
}
|
118 |
+
}
|
119 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
120 |
+
$time = current_time('timestamp');
|
121 |
+
$result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
|
122 |
+
$reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
|
123 |
+
if($result['scan']){
|
124 |
+
foreach ($result['scan'] as $key => $value) {
|
125 |
+
$mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
|
126 |
+
}
|
127 |
+
}
|
128 |
+
$result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
|
129 |
+
$mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
|
130 |
+
if(is_dir($repo_file_path)){
|
131 |
+
$this->remove_dir($repo_file_path);
|
132 |
+
}
|
133 |
+
update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
|
134 |
+
$total_scan=$mo2f_malware_db_handler->count_files();
|
135 |
+
$total_malicious=$mo2f_malware_db_handler->count_malicious_files();
|
136 |
+
$last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
|
137 |
+
$malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
|
138 |
+
if($total_scan > 999){
|
139 |
+
$total_scan=($total_scan/1000);
|
140 |
+
$total_scan= round($total_scan,1)."k";
|
141 |
+
}
|
142 |
+
if($total_malicious > 999){
|
143 |
+
$total_malicious=($total_malicious/1000);
|
144 |
+
$total_malicious= round($total_malicious,1)."k";
|
145 |
+
}
|
146 |
+
$response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
|
147 |
+
wp_send_json($response);
|
148 |
+
}
|
149 |
+
|
150 |
+
function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
|
151 |
+
foreach($themes_or_plugins as $key => $data){
|
152 |
+
if($type=='plugins'){
|
153 |
+
$plugin_slug=$data->slug;
|
154 |
+
$plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
|
155 |
+
$plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
|
156 |
+
$plugin_version=$plugin_data['Version'];
|
157 |
+
if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
|
158 |
+
$result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
|
159 |
+
if($result === -99){
|
160 |
+
return -99;
|
161 |
+
}else if(!$result){
|
162 |
+
return false;
|
163 |
+
}
|
164 |
+
}
|
165 |
+
} else if($type=='themes'){
|
166 |
+
if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
|
167 |
+
$result= $this->download_repo($key, $data, $path, $type);
|
168 |
+
if($result === -99){
|
169 |
+
return -99;
|
170 |
+
}else if(!$result){
|
171 |
+
return false;
|
172 |
+
}
|
173 |
+
}
|
174 |
+
}
|
175 |
+
}
|
176 |
+
return true;
|
177 |
+
}
|
178 |
+
|
179 |
+
function download_repo($zip_name, $version, $path, $type=''){
|
180 |
+
if ($type=='plugins') {
|
181 |
+
$download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
|
182 |
+
$plugin_name=$zip_name.'.'.$version;
|
183 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
184 |
+
if( $download_result){
|
185 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
186 |
+
return $result;
|
187 |
+
}else {
|
188 |
+
$download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
|
189 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
190 |
+
if( $download_result){
|
191 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
192 |
+
return $result;
|
193 |
+
}else {
|
194 |
+
error_log("Unable to download Plugin: ".$plugin_name);
|
195 |
+
return -99;
|
196 |
+
}
|
197 |
+
return -99;
|
198 |
+
}
|
199 |
+
} else if($type=='themes'){
|
200 |
+
$theme_name=$zip_name.'.'.$version;
|
201 |
+
$download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
|
202 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
203 |
+
if( $download_result){
|
204 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
205 |
+
return $result;
|
206 |
+
}else {
|
207 |
+
$download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
|
208 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
209 |
+
if( $download_result){
|
210 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
211 |
+
return $result;
|
212 |
+
}else {
|
213 |
+
error_log("Unable to download Theme: ".$theme_name);
|
214 |
+
return -99;
|
215 |
+
}
|
216 |
+
return -99;
|
217 |
+
}
|
218 |
+
} else {
|
219 |
+
$download_link="https://wordpress.org/wordpress-".$version.".zip";
|
220 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
|
221 |
+
if($download_result){
|
222 |
+
$result=$this->unzip_downloaded_repo($zip_name, $path);
|
223 |
+
return $result;
|
224 |
+
} else {
|
225 |
+
error_log("Unable to download wordpress-".$version);
|
226 |
+
return -99;
|
227 |
+
}
|
228 |
+
}
|
229 |
+
return false;
|
230 |
+
}
|
231 |
+
|
232 |
+
function unzip_downloaded_repo($name, $path){
|
233 |
+
$zip = new ZipArchive;
|
234 |
+
$folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
|
235 |
+
$res = $zip->open($folder_path);
|
236 |
+
if ($res === TRUE) {
|
237 |
+
// extract it to the path we determined above
|
238 |
+
$result = $zip->extractTo($path);
|
239 |
+
$zip->close();
|
240 |
+
if ($name == get_option('downloaded_wordpress_repo_name')) {
|
241 |
+
rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
|
242 |
+
}
|
243 |
+
unlink($folder_path);
|
244 |
+
return true;
|
245 |
+
} else {
|
246 |
+
return false;
|
247 |
+
}
|
248 |
+
}
|
249 |
+
|
250 |
+
function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
|
251 |
+
if(!empty($folderpaths)){
|
252 |
+
if ( in_array( 'curl', get_loaded_extensions() ) ) {
|
253 |
+
$scanresults=array();
|
254 |
+
$nooffiles=0;
|
255 |
+
$scan_malware_count = 0;
|
256 |
+
$repo_issue_count = 0;
|
257 |
+
$malicious_link_count = 0;
|
258 |
+
$file_ext = $scan_config['file_extension'];
|
259 |
+
$host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
|
260 |
+
$extensions = array();
|
261 |
+
$hostname = 'scanner.api.xecurify.com';
|
262 |
+
$malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
263 |
+
if(empty($file_ext)){
|
264 |
+
}else{
|
265 |
+
if(strpos($file_ext,';') !=false){
|
266 |
+
$extensions = explode(";", $file_ext);
|
267 |
+
}else{
|
268 |
+
array_push($extensions, $file_ext);
|
269 |
+
}
|
270 |
+
}
|
271 |
+
$folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
|
272 |
+
$skip_path_array= array();
|
273 |
+
for($i=0; $i<count($folder_skip_array); $i++){
|
274 |
+
$pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
|
275 |
+
$n= sizeof($pathParts)-1;
|
276 |
+
$folder= $pathParts[$n];
|
277 |
+
array_push($skip_path_array, $folder);
|
278 |
+
}
|
279 |
+
$enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
|
280 |
+
foreach ($folderpaths as $value) {
|
281 |
+
$onearr = array();
|
282 |
+
if (is_dir($value)) {
|
283 |
+
foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
|
284 |
+
if ($item->isFile()) {
|
285 |
+
$scanresult=array();
|
286 |
+
$source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
|
287 |
+
if ($value == $base && ($scan_config['core_scan'] == 1)){
|
288 |
+
$arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
|
289 |
+
if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
|
290 |
+
|
291 |
+
}else{
|
292 |
+
continue;
|
293 |
+
}
|
294 |
+
}elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
295 |
+
continue;
|
296 |
+
} elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
297 |
+
continue;
|
298 |
+
}
|
299 |
+
$flag_skip=0;
|
300 |
+
if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
|
301 |
+
for($q=0; $q<count($skip_path_array); $q++){
|
302 |
+
if(strpos($source_file_path, $skip_path_array[$q])){
|
303 |
+
$flag_skip=1;
|
304 |
+
break;
|
305 |
+
}
|
306 |
+
}
|
307 |
+
}
|
308 |
+
if($flag_skip == 1){
|
309 |
+
continue;
|
310 |
+
}
|
311 |
+
$ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
|
312 |
+
$extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
|
313 |
+
if($extns){
|
314 |
+
$nooffiles++;
|
315 |
+
if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
|
316 |
+
update_option('mo_wpns_files_scanned', $nooffiles);
|
317 |
+
}
|
318 |
+
}
|
319 |
+
|
320 |
+
$hash_of_file= md5_file($source_file_path);
|
321 |
+
$res=$mo2f_malware_db_handler->check_hash($hash_of_file);
|
322 |
+
|
323 |
+
$datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
|
324 |
+
$scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
|
325 |
+
$repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
|
326 |
+
$extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
|
327 |
+
$malware_status = $scanmalware? 0 : 1;
|
328 |
+
$repo_status = $repocheck? 0 : 1;
|
329 |
+
$link_status = $extlink? 0 : 1;
|
330 |
+
if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
|
331 |
+
|
332 |
+
else{
|
333 |
+
$flag_update=0;
|
334 |
+
$file_content=file_get_contents($source_file_path);
|
335 |
+
$source_file_path_size = str_replace("\\", "/", $source_file_path);
|
336 |
+
if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
|
337 |
+
$malware_status = 1;
|
338 |
+
$cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
|
339 |
+
$postdata = array('file' => $cfile);
|
340 |
+
$content_type = 'multipart/form-data';
|
341 |
+
$issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
|
342 |
+
if ($issues) {
|
343 |
+
$scan_malware_count++;
|
344 |
+
$scanresult['scan'] = $issues;
|
345 |
+
$flag_update=1;
|
346 |
+
}
|
347 |
+
}else{
|
348 |
+
|
349 |
+
}
|
350 |
+
|
351 |
+
if($scan_config['check_repo'] == 1 && $repocheck && $extns){
|
352 |
+
if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
|
353 |
+
if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
|
354 |
+
$repo_status = 1;
|
355 |
+
if($value==$base){
|
356 |
+
$repo_file_path=$repo_folder_path['base'];
|
357 |
+
} elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
|
358 |
+
$repo_file_path=$repo_folder_path['plugins'];
|
359 |
+
} elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
|
360 |
+
$repo_file_path=$repo_folder_path['themes'];
|
361 |
+
}
|
362 |
+
$issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
|
363 |
+
if(!empty($issues)){
|
364 |
+
$repo_issue_count++;
|
365 |
+
$scanresult['repo']=$issues;
|
366 |
+
$flag_update=1;
|
367 |
+
}
|
368 |
+
}
|
369 |
+
}
|
370 |
+
}
|
371 |
+
if($extns && $extlink){
|
372 |
+
if($scan_config['ext_link_check'] == 1){
|
373 |
+
$link_status = 1;
|
374 |
+
$elresult= $this->check_external_link($file_content);
|
375 |
+
if(!empty($elresult)){
|
376 |
+
$malicious_link_count++;
|
377 |
+
$flag_update=1;
|
378 |
+
$scanresult['extl']=$elresult;
|
379 |
+
}
|
380 |
+
}
|
381 |
+
}
|
382 |
+
if($flag_update == 0){
|
383 |
+
$malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
|
384 |
+
$repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
|
385 |
+
$link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
|
386 |
+
$scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
|
387 |
+
if(empty($res)){
|
388 |
+
$mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
|
389 |
+
}else{
|
390 |
+
$mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
|
391 |
+
}
|
392 |
+
}else{
|
393 |
+
$infected_files=get_option('mo_wpns_infected_files');
|
394 |
+
$infected_files++;
|
395 |
+
if(!empty($res)){
|
396 |
+
$mo2f_malware_db_handler->delete_hash($source_file_path);
|
397 |
+
}
|
398 |
+
update_option('mo_wpns_infected_files', $infected_files);
|
399 |
+
}
|
400 |
+
}
|
401 |
+
if(!empty($scanresult))
|
402 |
+
$scanresults[$source_file_path]=$scanresult;
|
403 |
+
}
|
404 |
+
}
|
405 |
+
}
|
406 |
+
}
|
407 |
+
$malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
408 |
+
if($malware_server_status){
|
409 |
+
$host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
|
410 |
+
$postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
|
411 |
+
$content_type = 'application/x-www-form-urlencoded';
|
412 |
+
$lastRequest = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
|
413 |
+
}
|
414 |
+
update_option('mo_wpns_files_scanned', $nooffiles);
|
415 |
+
return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
|
416 |
+
}else{
|
417 |
+
return array('message'=>'CURL not installed on the server.');
|
418 |
+
}
|
419 |
+
} else {
|
420 |
+
return array('message'=>'No folder selected for scanning.');
|
421 |
+
}
|
422 |
+
}
|
423 |
+
|
424 |
+
function mo_wpns_check_malware_server_status($host){
|
425 |
+
$fsock = @fsockopen($host, 80, $errno, $errstr, 5);
|
426 |
+
if ( ! $fsock ){
|
427 |
+
return FALSE;
|
428 |
+
}else{
|
429 |
+
fclose($fsock);
|
430 |
+
return TRUE;
|
431 |
+
}
|
432 |
+
}
|
433 |
+
|
434 |
+
function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
|
435 |
+
$response = null;
|
436 |
+
$ch=curl_init($host);
|
437 |
+
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
|
438 |
+
curl_setopt( $ch, CURLOPT_ENCODING, "" );
|
439 |
+
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
|
440 |
+
curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
|
441 |
+
curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
|
442 |
+
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
|
443 |
+
curl_setopt( $ch, CURLOPT_POST, true );
|
444 |
+
curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
|
445 |
+
$results=curl_exec($ch);
|
446 |
+
curl_close($ch);
|
447 |
+
if($results==false){
|
448 |
+
error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
|
449 |
+
}else{
|
450 |
+
$result = json_decode($results, true);
|
451 |
+
if(isset($result['status'])){
|
452 |
+
if ($result['status'] == 'success') {
|
453 |
+
if($result['result']!='OK')
|
454 |
+
$response = $result['result'];
|
455 |
+
}else if($result['status']=='error'){
|
456 |
+
error_log("Exception on server");
|
457 |
+
}
|
458 |
+
}else if(strpos($results, 'Summary')){
|
459 |
+
|
460 |
+
}else{
|
461 |
+
error_log("Any other issues on server");
|
462 |
+
}
|
463 |
+
}
|
464 |
+
return $response;
|
465 |
+
}
|
466 |
+
|
467 |
+
function check_with_repo_files($file_content, $repo_file_path){
|
468 |
+
$issues = array();
|
469 |
+
if(file_exists($repo_file_path)){
|
470 |
+
$content=@file_get_contents($repo_file_path);
|
471 |
+
$hash_repo = md5($content);
|
472 |
+
$hash_file = md5($file_content);
|
473 |
+
if ($hash_file != $hash_repo) {
|
474 |
+
$flag=1;
|
475 |
+
$issues=array("exist" => "Mismatch in Files");
|
476 |
+
}
|
477 |
+
} else {
|
478 |
+
$issues=array('exist'=>'Unwanted File Found');
|
479 |
+
}
|
480 |
+
return $issues;
|
481 |
+
}
|
482 |
+
|
483 |
+
function getlines($contents, $href){
|
484 |
+
$newissues = 0;
|
485 |
+
$lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
|
486 |
+
for($i=0; $i<count($lines); $i++){
|
487 |
+
$line = $lines[$i];
|
488 |
+
if (strpos($line, $href) !== false) {
|
489 |
+
$newissues = $i+1;
|
490 |
+
}
|
491 |
+
}
|
492 |
+
return $newissues;
|
493 |
+
}
|
494 |
+
|
495 |
+
function check_external_link($contents){
|
496 |
+
$issues = array();
|
497 |
+
$hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\']+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
|
498 |
+
if(isset($hrefs[1])){
|
499 |
+
foreach($hrefs[1] as $href){
|
500 |
+
if($this->isexternal($href)){
|
501 |
+
$line=$this->getlines($contents, $href);
|
502 |
+
$issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
|
503 |
+
}
|
504 |
+
}
|
505 |
+
}
|
506 |
+
return $issues;
|
507 |
+
}
|
508 |
+
|
509 |
+
function isexternal($url) {
|
510 |
+
$url = trim($url);
|
511 |
+
$url = trim($url,';');
|
512 |
+
$url = trim($url,'(');
|
513 |
+
$url = trim($url,')');
|
514 |
+
$url = trim($url,"'");
|
515 |
+
$url = trim($url,'"');
|
516 |
+
$components = parse_url($url);
|
517 |
+
if(isset($components['host'])){
|
518 |
+
if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
|
519 |
+
else{
|
520 |
+
if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
|
521 |
+
return true;
|
522 |
+
}
|
523 |
+
}
|
524 |
+
}
|
525 |
+
return false;
|
526 |
+
}
|
527 |
+
function check_vulnerable_code($contents){
|
528 |
+
$issues = array();
|
529 |
+
$tokens = token_get_all($contents);
|
530 |
+
|
531 |
+
for($i=0; $i< sizeof($tokens); $i++) {
|
532 |
+
$token = $tokens[$i];
|
533 |
+
if (is_array($token)) {
|
534 |
+
if(in_array(token_name($token[0]), array("T_EVAL"))){
|
535 |
+
$issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
|
536 |
+
if(!empty($issue))
|
537 |
+
$issues[] = $issue;
|
538 |
+
} else if(in_array(token_name($token[0]), array("T_STRING"))){
|
539 |
+
if(in_array($token[1],array("popen","fsockopen"))){
|
540 |
+
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
|
541 |
+
if(!empty($issue))
|
542 |
+
$issues[] = $issue;
|
543 |
+
} else if(in_array($token[1],array("assert"))){
|
544 |
+
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
|
545 |
+
if(!empty($issue))
|
546 |
+
$issues[] = $issue;
|
547 |
+
} else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
|
548 |
+
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
|
549 |
+
if(!empty($issue))
|
550 |
+
$issues[] = $issue;
|
551 |
+
} else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
|
552 |
+
$issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
|
553 |
+
if(!empty($issue))
|
554 |
+
$issues[] = $issue;
|
555 |
+
}
|
556 |
+
}
|
557 |
+
}
|
558 |
+
}
|
559 |
+
return $issues;
|
560 |
+
}
|
561 |
+
|
562 |
+
function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
|
563 |
+
|
564 |
+
$flag = 1;
|
565 |
+
$argument = "";
|
566 |
+
$line = "";
|
567 |
+
$issue = array();
|
568 |
+
for($j=$start; $j< sizeof($tokens); $j++) {
|
569 |
+
$innertoken = $tokens[$j];
|
570 |
+
if ($flag==1 && is_array($innertoken)) {
|
571 |
+
$argument .= $innertoken[1];
|
572 |
+
if(empty($line))
|
573 |
+
$line = $innertoken[2];
|
574 |
+
} else if($innertoken==";"){
|
575 |
+
$argument .= ";";
|
576 |
+
if($checkForExternalLink){
|
577 |
+
if($this->isexternal($argument)){
|
578 |
+
$issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
|
579 |
+
}
|
580 |
+
} else {
|
581 |
+
$issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
|
582 |
+
}
|
583 |
+
break;
|
584 |
+
} else if($flag==1){
|
585 |
+
$argument .= $innertoken;
|
586 |
+
}
|
587 |
+
}
|
588 |
+
return $issue;
|
589 |
+
}
|
590 |
+
|
591 |
+
function remove_dir($repo_path){
|
592 |
+
$dir=$repo_path;
|
593 |
+
$it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
|
594 |
+
$files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
|
595 |
+
foreach($files as $file) {
|
596 |
+
if ($file->isDir()){
|
597 |
+
rmdir($file->getRealPath());
|
598 |
+
} else {
|
599 |
+
unlink($file->getRealPath());
|
600 |
+
}
|
601 |
+
}
|
602 |
+
rmdir($dir);
|
603 |
+
}
|
604 |
+
|
605 |
+
function count_total_files($folder_paths, $base, $scan_config){
|
606 |
+
|
607 |
+
$file_count=0;
|
608 |
+
$file_ext = $scan_config['file_extension'];
|
609 |
+
$extensions = array();
|
610 |
+
if(empty($file_ext)){
|
611 |
+
|
612 |
+
}else{
|
613 |
+
if(strpos($file_ext,';') !=false){
|
614 |
+
$extensions = explode(";", $file_ext);
|
615 |
+
}else{
|
616 |
+
array_push($extensions, $file_ext);
|
617 |
+
}
|
618 |
+
}
|
619 |
+
$enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
|
620 |
+
$folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
|
621 |
+
$skip_path_array= array();
|
622 |
+
for($i=0; $i<count($folder_skip_array); $i++){
|
623 |
+
$pathParts = explode('/', $folder_skip_array[$i]);
|
624 |
+
$n= sizeof($pathParts)-1;
|
625 |
+
$folder= $pathParts[$n];
|
626 |
+
array_push($skip_path_array, $folder);
|
627 |
+
}
|
628 |
+
foreach ($folder_paths as $value) {
|
629 |
+
if (is_dir($value)) {
|
630 |
+
foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
|
631 |
+
if ($item->isFile()) {
|
632 |
+
$source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
|
633 |
+
if ($value == $base && ($scan_config['core_scan'] == 1)){
|
634 |
+
$arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
|
635 |
+
if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
|
636 |
+
|
637 |
+
}else{
|
638 |
+
continue;
|
639 |
+
}
|
640 |
+
}elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
641 |
+
continue;
|
642 |
+
} elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
|
643 |
+
continue;
|
644 |
+
}
|
645 |
+
$flag_skip=0;
|
646 |
+
if (!empty($folder_skip_array)) {
|
647 |
+
for($q=0; $q<count($skip_path_array); $q++){
|
648 |
+
if(strpos($source_file_path, $skip_path_array[$q])){
|
649 |
+
$flag_skip=1;
|
650 |
+
break;
|
651 |
+
}
|
652 |
+
}
|
653 |
+
}
|
654 |
+
if($flag_skip == 1){
|
655 |
+
continue;
|
656 |
+
}
|
657 |
+
$ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
|
658 |
+
$extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
|
659 |
+
if($extns)
|
660 |
+
$file_count++;
|
661 |
+
}
|
662 |
+
}
|
663 |
+
}
|
664 |
+
}
|
665 |
+
update_option('mo_wpns_total_files', $file_count);
|
666 |
+
}
|
667 |
+
}
|
668 |
+
new Mo_wpns_Scan_Handler;
|
669 |
?>
|
handler/malware_scanner/malware_scanner_cron.php
CHANGED
@@ -1,1050 +1,1192 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
class Mo_wpns_Scan_Handler_Cron{
|
4 |
-
private $total_files_to_scan;
|
5 |
-
public $scanned_files = array();
|
6 |
-
function __construct(){
|
7 |
-
|
8 |
-
}
|
9 |
-
|
10 |
-
function mo2f_scan_all_files($scan_config, $start_time){
|
11 |
-
ini_set('memory_limit', '-1');
|
12 |
-
ini_set('max_execution_time', 0);
|
13 |
-
$time_limit= ini_get('max_execution_time');
|
14 |
-
|
15 |
-
$result = array();
|
16 |
-
$folderpaths = array();
|
17 |
-
$wp_repo_file = array();
|
18 |
-
$folderNames = "";
|
19 |
-
$repo_check_status_code=0;
|
20 |
-
|
21 |
-
$base = get_home_path();
|
22 |
-
$hostname = 'wordpress.org';
|
23 |
-
$uploads_dir = wp_upload_dir();
|
24 |
-
$uploads_path= $uploads_dir['basedir'];
|
25 |
-
if (!is_writable($uploads_path)) {
|
26 |
-
$scan_config['check_repo'] = 0;
|
27 |
-
$repo_check_status_code = -97;
|
28 |
-
}else{
|
29 |
-
$wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
30 |
-
if (!$wordpress_server_status) {
|
31 |
-
$scan_config['check_repo'] = 0;
|
32 |
-
$repo_check_status_code = -98;
|
33 |
-
}
|
34 |
-
}
|
35 |
-
|
36 |
-
if($scan_config['core_scan'] == 1){
|
37 |
-
$folderpaths['base'] = $base;
|
38 |
-
$folderNames .= "WP Files;";
|
39 |
-
}
|
40 |
-
if($scan_config['plugin_scan'] == 1){
|
41 |
-
$folderpaths['plugins'] = WP_PLUGIN_DIR;
|
42 |
-
$folderNames .= "Plugins;";
|
43 |
-
}
|
44 |
-
if($scan_config['theme_scan'] == 1){
|
45 |
-
$folderpaths['themes'] = get_theme_root();
|
46 |
-
$folderNames .= "Themes;";
|
47 |
-
}
|
48 |
-
if($scan_config['check_repo'] == 1){
|
49 |
-
$folderNames .= "WP Repo Files;";
|
50 |
-
}
|
51 |
-
|
52 |
-
$this->count_total_files($folderpaths, $base, $scan_config);
|
53 |
-
|
54 |
-
|
55 |
-
$mo2f_malware_db_handler = new MoWpnsDB();
|
56 |
-
$reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $start_time, $repo_check_status_code);
|
57 |
-
|
58 |
-
|
59 |
-
$scanverification=$this->createKeyCurrentScan($scan_config['type_scan'],$reportid);
|
60 |
-
|
61 |
-
$response=$this->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
|
62 |
-
|
63 |
-
wp_send_json('success');
|
64 |
-
}
|
65 |
-
|
66 |
-
function createKeyCurrentScan($scan_mode,$reportid){
|
67 |
-
|
68 |
-
$scanverification=md5($scan_mode. MO2f_Utility::random_str(24).$reportid);
|
69 |
-
|
70 |
-
return $scanverification;
|
71 |
-
}
|
72 |
-
|
73 |
-
function mo2f_wp_remote_get($scan_mode, $reportid, $scanverification,$scan_stage_complete=1){
|
74 |
-
//set time out based on time left or 10 secs
|
75 |
-
|
76 |
-
$scan_nonce=rand(10,100000);
|
77 |
-
$http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
|
78 |
-
$url = get_site_url()."?scan_request=1"."&scanverification=".$scanverification."&reportid=".$reportid."&scan_stage_complete=".$scan_stage_complete."&scan_mode=".$scan_mode."&scan_nonce=".$scan_nonce;//scanverification,report_id, scan_stage_complete and scan_mode
|
79 |
-
|
80 |
-
$args = array(
|
81 |
-
'method' => 'GET',
|
82 |
-
'body' => '',
|
83 |
-
'timeout' => '5',
|
84 |
-
'redirection' => '5',
|
85 |
-
'httpversion' => '1.0',
|
86 |
-
'blocking' => true,
|
87 |
-
'headers' => $http_header_array
|
88 |
-
);
|
89 |
-
$response= wp_remote_get($url,$args);
|
90 |
-
|
91 |
-
}
|
92 |
-
|
93 |
-
function mo2f_download_core_wp($repo_file_path, $scan_config, $reportid, $scanverification){
|
94 |
-
$repo_check_status = $scan_config['check_repo'];
|
95 |
-
$repo_check_status_code=
|
96 |
-
$wp_repo_file=
|
97 |
-
if ( ! function_exists( 'get_plugins' ) ) {
|
98 |
-
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
99 |
-
}
|
100 |
-
if ( ! function_exists( 'plugins_api' ) ) {
|
101 |
-
require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
|
102 |
-
}
|
103 |
-
|
104 |
-
if($scan_config['core_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
|
105 |
-
if(!is_dir($repo_file_path)){
|
106 |
-
mkdir($repo_file_path);
|
107 |
-
}
|
108 |
-
$download_status=time();
|
109 |
-
$decoded_scan_configuration=json_decode(
|
110 |
-
$decoded_scan_configuration->status_download_time=$download_status;
|
111 |
-
$encoded_scan_configuration=json_encode($decoded_scan_configuration);
|
112 |
-
|
113 |
-
require(ABSPATH . 'wp-includes/version.php');
|
114 |
-
//wordpress name to be changed to be changed based on version
|
115 |
-
$zip_name="wp-".$wp_version;
|
116 |
-
$wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
|
117 |
-
|
118 |
-
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
123 |
-
|
124 |
-
|
125 |
-
|
126 |
-
|
127 |
-
|
128 |
-
|
129 |
-
|
130 |
-
|
131 |
-
|
132 |
-
|
133 |
-
|
134 |
-
|
135 |
-
|
136 |
-
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
|
141 |
-
|
142 |
-
|
143 |
-
|
144 |
-
|
145 |
-
|
146 |
-
|
147 |
-
|
148 |
-
|
149 |
-
|
150 |
-
|
151 |
-
|
152 |
-
|
153 |
-
|
154 |
-
|
155 |
-
|
156 |
-
|
157 |
-
|
158 |
-
|
159 |
-
|
160 |
-
|
161 |
-
|
162 |
-
|
163 |
-
|
164 |
-
|
165 |
-
|
166 |
-
|
167 |
-
|
168 |
-
|
169 |
-
$
|
170 |
-
|
171 |
-
|
172 |
-
|
173 |
-
|
174 |
-
|
175 |
-
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
|
186 |
-
|
187 |
-
|
188 |
-
|
189 |
-
|
190 |
-
|
191 |
-
|
192 |
-
|
193 |
-
|
194 |
-
|
195 |
-
}
|
196 |
-
|
197 |
-
|
198 |
-
$
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
$
|
223 |
-
|
224 |
-
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
|
239 |
-
|
240 |
-
|
241 |
-
|
242 |
-
|
243 |
-
|
244 |
-
|
245 |
-
|
246 |
-
$
|
247 |
-
|
248 |
-
|
249 |
-
|
250 |
-
|
251 |
-
|
252 |
-
|
253 |
-
|
254 |
-
|
255 |
-
|
256 |
-
|
257 |
-
|
258 |
-
|
259 |
-
|
260 |
-
|
261 |
-
|
262 |
-
|
263 |
-
|
264 |
-
|
265 |
-
|
266 |
-
|
267 |
-
|
268 |
-
|
269 |
-
|
270 |
-
|
271 |
-
|
272 |
-
|
273 |
-
|
274 |
-
|
275 |
-
|
276 |
-
|
277 |
-
|
278 |
-
|
279 |
-
|
280 |
-
|
281 |
-
|
282 |
-
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
|
288 |
-
|
289 |
-
|
290 |
-
|
291 |
-
|
292 |
-
|
293 |
-
|
294 |
-
|
295 |
-
|
296 |
-
|
297 |
-
|
298 |
-
|
299 |
-
|
300 |
-
|
301 |
-
|
302 |
-
|
303 |
-
|
304 |
-
|
305 |
-
|
306 |
-
|
307 |
-
|
308 |
-
|
309 |
-
|
310 |
-
|
311 |
-
|
312 |
-
|
313 |
-
|
314 |
-
|
315 |
-
|
316 |
-
|
317 |
-
|
318 |
-
|
319 |
-
|
320 |
-
|
321 |
-
|
322 |
-
|
323 |
-
|
324 |
-
|
325 |
-
|
326 |
-
|
327 |
-
|
328 |
-
|
329 |
-
$
|
330 |
-
|
331 |
-
|
332 |
-
|
333 |
-
|
334 |
-
|
335 |
-
|
336 |
-
|
337 |
-
|
338 |
-
|
339 |
-
|
340 |
-
|
341 |
-
|
342 |
-
|
343 |
-
|
344 |
-
|
345 |
-
|
346 |
-
|
347 |
-
|
348 |
-
|
349 |
-
|
350 |
-
|
351 |
-
|
352 |
-
|
353 |
-
|
354 |
-
|
355 |
-
|
356 |
-
|
357 |
-
|
358 |
-
|
359 |
-
|
360 |
-
|
361 |
-
|
362 |
-
|
363 |
-
|
364 |
-
|
365 |
-
|
366 |
-
|
367 |
-
|
368 |
-
|
369 |
-
|
370 |
-
|
371 |
-
|
372 |
-
|
373 |
-
|
374 |
-
|
375 |
-
|
376 |
-
|
377 |
-
|
378 |
-
|
379 |
-
|
380 |
-
|
381 |
-
|
382 |
-
|
383 |
-
|
384 |
-
|
385 |
-
|
386 |
-
|
387 |
-
|
388 |
-
|
389 |
-
|
390 |
-
|
391 |
-
|
392 |
-
|
393 |
-
|
394 |
-
|
395 |
-
|
396 |
-
|
397 |
-
|
398 |
-
|
399 |
-
|
400 |
-
|
401 |
-
|
402 |
-
|
403 |
-
|
404 |
-
|
405 |
-
|
406 |
-
|
407 |
-
|
408 |
-
|
409 |
-
|
410 |
-
|
411 |
-
|
412 |
-
|
413 |
-
|
414 |
-
|
415 |
-
|
416 |
-
|
417 |
-
|
418 |
-
|
419 |
-
|
420 |
-
|
421 |
-
|
422 |
-
|
423 |
-
|
424 |
-
|
425 |
-
|
426 |
-
|
427 |
-
|
428 |
-
|
429 |
-
|
430 |
-
|
431 |
-
}else{
|
432 |
-
|
433 |
-
|
434 |
-
|
435 |
-
|
436 |
-
|
437 |
-
|
438 |
-
|
439 |
-
|
440 |
-
|
441 |
-
|
442 |
-
|
443 |
-
|
444 |
-
|
445 |
-
|
446 |
-
|
447 |
-
|
448 |
-
|
449 |
-
|
450 |
-
|
451 |
-
|
452 |
-
|
453 |
-
|
454 |
-
|
455 |
-
|
456 |
-
|
457 |
-
|
458 |
-
|
459 |
-
|
460 |
-
|
461 |
-
|
462 |
-
|
463 |
-
|
464 |
-
|
465 |
-
|
466 |
-
|
467 |
-
|
468 |
-
|
469 |
-
|
470 |
-
|
471 |
-
|
472 |
-
|
473 |
-
|
474 |
-
|
475 |
-
|
476 |
-
|
477 |
-
|
478 |
-
|
479 |
-
|
480 |
-
|
481 |
-
|
482 |
-
|
483 |
-
|
484 |
-
|
485 |
-
|
486 |
-
|
487 |
-
|
488 |
-
|
489 |
-
|
490 |
-
|
491 |
-
|
492 |
-
|
493 |
-
|
494 |
-
|
495 |
-
|
496 |
-
|
497 |
-
|
498 |
-
|
499 |
-
|
500 |
-
|
501 |
-
$
|
502 |
-
$
|
503 |
-
$
|
504 |
-
$
|
505 |
-
|
506 |
-
|
507 |
-
|
508 |
-
|
509 |
-
|
510 |
-
|
511 |
-
|
512 |
-
|
513 |
-
if($
|
514 |
-
|
515 |
-
|
516 |
-
|
517 |
-
|
518 |
-
|
519 |
-
|
520 |
-
|
521 |
-
|
522 |
-
|
523 |
-
|
524 |
-
|
525 |
-
|
526 |
-
|
527 |
-
|
528 |
-
|
529 |
-
|
530 |
-
|
531 |
-
|
532 |
-
|
533 |
-
|
534 |
-
|
535 |
-
|
536 |
-
|
537 |
-
|
538 |
-
|
539 |
-
|
540 |
-
|
541 |
-
|
542 |
-
|
543 |
-
|
544 |
-
|
545 |
-
$
|
546 |
-
|
547 |
-
|
548 |
-
|
549 |
-
|
550 |
-
$
|
551 |
-
|
552 |
-
|
553 |
-
|
554 |
-
|
555 |
-
|
556 |
-
|
557 |
-
|
558 |
-
|
559 |
-
|
560 |
-
$
|
561 |
-
}
|
562 |
-
|
563 |
-
|
564 |
-
|
565 |
-
|
566 |
-
|
567 |
-
|
568 |
-
|
569 |
-
|
570 |
-
|
571 |
-
|
572 |
-
|
573 |
-
|
574 |
-
|
575 |
-
|
576 |
-
|
577 |
-
|
578 |
-
|
579 |
-
|
580 |
-
|
581 |
-
|
582 |
-
|
583 |
-
|
584 |
-
|
585 |
-
|
586 |
-
|
587 |
-
|
588 |
-
|
589 |
-
|
590 |
-
|
591 |
-
|
592 |
-
|
593 |
-
|
594 |
-
|
595 |
-
|
596 |
-
|
597 |
-
|
598 |
-
|
599 |
-
|
600 |
-
|
601 |
-
|
602 |
-
|
603 |
-
|
604 |
-
|
605 |
-
|
606 |
-
|
607 |
-
|
608 |
-
|
609 |
-
|
610 |
-
|
611 |
-
|
612 |
-
|
613 |
-
|
614 |
-
|
615 |
-
|
616 |
-
|
617 |
-
|
618 |
-
|
619 |
-
|
620 |
-
|
621 |
-
|
622 |
-
|
623 |
-
|
624 |
-
|
625 |
-
|
626 |
-
|
627 |
-
|
628 |
-
|
629 |
-
|
630 |
-
|
631 |
-
|
632 |
-
|
633 |
-
|
634 |
-
|
635 |
-
|
636 |
-
|
637 |
-
|
638 |
-
|
639 |
-
|
640 |
-
|
641 |
-
|
642 |
-
|
643 |
-
|
644 |
-
|
645 |
-
|
646 |
-
|
647 |
-
|
648 |
-
|
649 |
-
|
650 |
-
|
651 |
-
|
652 |
-
|
653 |
-
|
654 |
-
|
655 |
-
|
656 |
-
|
657 |
-
|
658 |
-
|
659 |
-
|
660 |
-
$
|
661 |
-
|
662 |
-
|
663 |
-
|
664 |
-
|
665 |
-
|
666 |
-
|
667 |
-
|
668 |
-
|
669 |
-
$
|
670 |
-
$
|
671 |
-
$
|
672 |
-
$
|
673 |
-
|
674 |
-
|
675 |
-
|
676 |
-
|
677 |
-
|
678 |
-
|
679 |
-
|
680 |
-
}
|
681 |
-
|
682 |
-
$
|
683 |
-
|
684 |
-
|
685 |
-
|
686 |
-
|
687 |
-
|
688 |
-
|
689 |
-
|
690 |
-
|
691 |
-
$
|
692 |
-
$
|
693 |
-
|
694 |
-
|
695 |
-
|
696 |
-
|
697 |
-
|
698 |
-
|
699 |
-
|
700 |
-
|
701 |
-
|
702 |
-
|
703 |
-
|
704 |
-
|
705 |
-
|
706 |
-
|
707 |
-
$
|
708 |
-
$
|
709 |
-
|
710 |
-
|
711 |
-
|
712 |
-
|
713 |
-
|
714 |
-
|
715 |
-
|
716 |
-
$
|
717 |
-
|
718 |
-
|
719 |
-
|
720 |
-
|
721 |
-
|
722 |
-
|
723 |
-
|
724 |
-
|
725 |
-
|
726 |
-
|
727 |
-
|
728 |
-
|
729 |
-
|
730 |
-
|
731 |
-
|
732 |
-
|
733 |
-
|
734 |
-
|
735 |
-
|
736 |
-
|
737 |
-
|
738 |
-
|
739 |
-
|
740 |
-
|
741 |
-
|
742 |
-
|
743 |
-
|
744 |
-
|
745 |
-
|
746 |
-
|
747 |
-
|
748 |
-
|
749 |
-
|
750 |
-
|
751 |
-
|
752 |
-
|
753 |
-
|
754 |
-
|
755 |
-
|
756 |
-
|
757 |
-
|
758 |
-
|
759 |
-
|
760 |
-
|
761 |
-
|
762 |
-
|
763 |
-
|
764 |
-
|
765 |
-
|
766 |
-
|
767 |
-
|
768 |
-
|
769 |
-
|
770 |
-
|
771 |
-
|
772 |
-
|
773 |
-
|
774 |
-
|
775 |
-
|
776 |
-
|
777 |
-
|
778 |
-
|
779 |
-
|
780 |
-
|
781 |
-
|
782 |
-
|
783 |
-
|
784 |
-
|
785 |
-
|
786 |
-
|
787 |
-
|
788 |
-
|
789 |
-
|
790 |
-
|
791 |
-
|
792 |
-
|
793 |
-
|
794 |
-
|
795 |
-
|
796 |
-
|
797 |
-
|
798 |
-
|
799 |
-
|
800 |
-
|
801 |
-
|
802 |
-
|
803 |
-
|
804 |
-
|
805 |
-
|
806 |
-
|
807 |
-
|
808 |
-
|
809 |
-
|
810 |
-
|
811 |
-
|
812 |
-
$
|
813 |
-
$
|
814 |
-
$
|
815 |
-
|
816 |
-
|
817 |
-
|
818 |
-
|
819 |
-
|
820 |
-
|
821 |
-
|
822 |
-
|
823 |
-
$
|
824 |
-
$
|
825 |
-
|
826 |
-
|
827 |
-
|
828 |
-
|
829 |
-
|
830 |
-
|
831 |
-
|
832 |
-
|
833 |
-
|
834 |
-
|
835 |
-
|
836 |
-
|
837 |
-
|
838 |
-
|
839 |
-
|
840 |
-
|
841 |
-
|
842 |
-
|
843 |
-
|
844 |
-
|
845 |
-
|
846 |
-
|
847 |
-
|
848 |
-
|
849 |
-
|
850 |
-
|
851 |
-
|
852 |
-
|
853 |
-
|
854 |
-
|
855 |
-
|
856 |
-
|
857 |
-
|
858 |
-
|
859 |
-
|
860 |
-
|
861 |
-
|
862 |
-
|
863 |
-
|
864 |
-
|
865 |
-
|
866 |
-
|
867 |
-
|
868 |
-
|
869 |
-
|
870 |
-
|
871 |
-
|
872 |
-
|
873 |
-
|
874 |
-
|
875 |
-
|
876 |
-
|
877 |
-
|
878 |
-
|
879 |
-
|
880 |
-
|
881 |
-
|
882 |
-
|
883 |
-
|
884 |
-
|
885 |
-
|
886 |
-
|
887 |
-
|
888 |
-
|
889 |
-
|
890 |
-
|
891 |
-
|
892 |
-
|
893 |
-
|
894 |
-
|
895 |
-
|
896 |
-
|
897 |
-
|
898 |
-
|
899 |
-
|
900 |
-
|
901 |
-
|
902 |
-
|
903 |
-
|
904 |
-
|
905 |
-
|
906 |
-
|
907 |
-
|
908 |
-
|
909 |
-
|
910 |
-
|
911 |
-
|
912 |
-
|
913 |
-
|
914 |
-
|
915 |
-
|
916 |
-
|
917 |
-
|
918 |
-
|
919 |
-
|
920 |
-
|
921 |
-
$
|
922 |
-
$
|
923 |
-
|
924 |
-
$
|
925 |
-
|
926 |
-
|
927 |
-
}
|
928 |
-
|
929 |
-
|
930 |
-
|
931 |
-
|
932 |
-
|
933 |
-
|
934 |
-
|
935 |
-
|
936 |
-
|
937 |
-
|
938 |
-
|
939 |
-
|
940 |
-
|
941 |
-
|
942 |
-
|
943 |
-
|
944 |
-
|
945 |
-
|
946 |
-
|
947 |
-
$
|
948 |
-
$
|
949 |
-
$
|
950 |
-
$
|
951 |
-
|
952 |
-
|
953 |
-
|
954 |
-
|
955 |
-
|
956 |
-
|
957 |
-
|
958 |
-
|
959 |
-
|
960 |
-
|
961 |
-
|
962 |
-
|
963 |
-
|
964 |
-
|
965 |
-
|
966 |
-
|
967 |
-
|
968 |
-
|
969 |
-
|
970 |
-
|
971 |
-
|
972 |
-
|
973 |
-
|
974 |
-
|
975 |
-
|
976 |
-
|
977 |
-
|
978 |
-
|
979 |
-
|
980 |
-
|
981 |
-
|
982 |
-
|
983 |
-
|
984 |
-
|
985 |
-
|
986 |
-
|
987 |
-
$
|
988 |
-
|
989 |
-
|
990 |
-
|
991 |
-
|
992 |
-
|
993 |
-
|
994 |
-
|
995 |
-
|
996 |
-
|
997 |
-
|
998 |
-
$
|
999 |
-
|
1000 |
-
$
|
1001 |
-
|
1002 |
-
|
1003 |
-
|
1004 |
-
|
1005 |
-
|
1006 |
-
|
1007 |
-
|
1008 |
-
|
1009 |
-
|
1010 |
-
|
1011 |
-
|
1012 |
-
}
|
1013 |
-
$mo2f_malware_db_handler->
|
1014 |
-
}
|
1015 |
-
|
1016 |
-
|
1017 |
-
|
1018 |
-
|
1019 |
-
|
1020 |
-
|
1021 |
-
|
1022 |
-
|
1023 |
-
|
1024 |
-
|
1025 |
-
|
1026 |
-
$decoded_scan_status->
|
1027 |
-
$
|
1028 |
-
$mo_wpns_files_scanned
|
1029 |
-
$decoded_scan_status
|
1030 |
-
$encoded_scan_status
|
1031 |
-
|
1032 |
-
|
1033 |
-
|
1034 |
-
|
1035 |
-
|
1036 |
-
|
1037 |
-
|
1038 |
-
|
1039 |
-
|
1040 |
-
|
1041 |
-
|
1042 |
-
|
1043 |
-
|
1044 |
-
|
1045 |
-
|
1046 |
-
|
1047 |
-
|
1048 |
-
|
1049 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1050 |
?>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class Mo_wpns_Scan_Handler_Cron{
|
4 |
+
private $total_files_to_scan;
|
5 |
+
public $scanned_files = array();
|
6 |
+
function __construct(){
|
7 |
+
|
8 |
+
}
|
9 |
+
|
10 |
+
function mo2f_scan_all_files($scan_config, $start_time){
|
11 |
+
ini_set('memory_limit', '-1');
|
12 |
+
ini_set('max_execution_time', 0);
|
13 |
+
$time_limit= ini_get('max_execution_time');
|
14 |
+
|
15 |
+
$result = array();
|
16 |
+
$folderpaths = array();
|
17 |
+
$wp_repo_file = array();
|
18 |
+
$folderNames = "";
|
19 |
+
$repo_check_status_code=0;
|
20 |
+
update_site_option('mo_stop_scan','0');
|
21 |
+
$base = get_home_path();
|
22 |
+
$hostname = 'wordpress.org';
|
23 |
+
$uploads_dir = wp_upload_dir();
|
24 |
+
$uploads_path= $uploads_dir['basedir'];
|
25 |
+
if (!is_writable($uploads_path)) {
|
26 |
+
$scan_config['check_repo'] = 0;
|
27 |
+
$repo_check_status_code = -97;
|
28 |
+
}else{
|
29 |
+
$wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
30 |
+
if (!$wordpress_server_status) {
|
31 |
+
$scan_config['check_repo'] = 0;
|
32 |
+
$repo_check_status_code = -98;
|
33 |
+
}
|
34 |
+
}
|
35 |
+
|
36 |
+
if($scan_config['core_scan'] == 1){
|
37 |
+
$folderpaths['base'] = $base;
|
38 |
+
$folderNames .= "WP Files;";
|
39 |
+
}
|
40 |
+
if($scan_config['plugin_scan'] == 1){
|
41 |
+
$folderpaths['plugins'] = WP_PLUGIN_DIR;
|
42 |
+
$folderNames .= "Plugins;";
|
43 |
+
}
|
44 |
+
if($scan_config['theme_scan'] == 1){
|
45 |
+
$folderpaths['themes'] = get_theme_root();
|
46 |
+
$folderNames .= "Themes;";
|
47 |
+
}
|
48 |
+
if($scan_config['check_repo'] == 1){
|
49 |
+
$folderNames .= "WP Repo Files;";
|
50 |
+
}
|
51 |
+
|
52 |
+
$this->count_total_files($folderpaths, $base, $scan_config);
|
53 |
+
update_site_option('mo2f_repo_status', $repo_check_status_code);
|
54 |
+
|
55 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
56 |
+
$reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $start_time, $repo_check_status_code);
|
57 |
+
update_site_option('mo2f_report_id', $reportid);
|
58 |
+
|
59 |
+
$scanverification=$this->createKeyCurrentScan($scan_config['type_scan'],$reportid);
|
60 |
+
|
61 |
+
$response=$this->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
|
62 |
+
|
63 |
+
wp_send_json('success');
|
64 |
+
}
|
65 |
+
|
66 |
+
function createKeyCurrentScan($scan_mode,$reportid){
|
67 |
+
|
68 |
+
$scanverification=md5($scan_mode. MO2f_Utility::random_str(24).$reportid);
|
69 |
+
update_site_option("mo2f_scanverification",$scanverification);
|
70 |
+
return $scanverification;
|
71 |
+
}
|
72 |
+
|
73 |
+
function mo2f_wp_remote_get($scan_mode, $reportid, $scanverification,$scan_stage_complete=1){
|
74 |
+
//set time out based on time left or 10 secs
|
75 |
+
|
76 |
+
$scan_nonce=rand(10,100000);
|
77 |
+
$http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
|
78 |
+
$url = get_site_url()."?scan_request=1"."&scanverification=".$scanverification."&reportid=".$reportid."&scan_stage_complete=".$scan_stage_complete."&scan_mode=".$scan_mode."&scan_nonce=".$scan_nonce;//scanverification,report_id, scan_stage_complete and scan_mode
|
79 |
+
|
80 |
+
$args = array(
|
81 |
+
'method' => 'GET',
|
82 |
+
'body' => '',
|
83 |
+
'timeout' => '5',
|
84 |
+
'redirection' => '5',
|
85 |
+
'httpversion' => '1.0',
|
86 |
+
'blocking' => true,
|
87 |
+
'headers' => $http_header_array
|
88 |
+
);
|
89 |
+
$response= wp_remote_get($url,$args);
|
90 |
+
|
91 |
+
}
|
92 |
+
|
93 |
+
function mo2f_download_core_wp($repo_file_path, $scan_config, $reportid, $scanverification){
|
94 |
+
$repo_check_status = $scan_config['check_repo'];
|
95 |
+
$repo_check_status_code=get_site_option('mo2f_repo_status');
|
96 |
+
$wp_repo_file=get_site_option('mo2f_repo_path');
|
97 |
+
if ( ! function_exists( 'get_plugins' ) ) {
|
98 |
+
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
99 |
+
}
|
100 |
+
if ( ! function_exists( 'plugins_api' ) ) {
|
101 |
+
require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
|
102 |
+
}
|
103 |
+
|
104 |
+
if($scan_config['core_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
|
105 |
+
if(!is_dir($repo_file_path)){
|
106 |
+
mkdir($repo_file_path);
|
107 |
+
}
|
108 |
+
$download_status=time();
|
109 |
+
$decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
|
110 |
+
$decoded_scan_configuration->status_download_time=$download_status;
|
111 |
+
$encoded_scan_configuration=json_encode($decoded_scan_configuration);
|
112 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
|
113 |
+
require(ABSPATH . 'wp-includes/version.php');
|
114 |
+
//wordpress name to be changed to be changed based on version
|
115 |
+
$zip_name="wp-".$wp_version;
|
116 |
+
$wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
|
117 |
+
update_site_option('downloaded_wordpress_repo_name', $zip_name);
|
118 |
+
|
119 |
+
$download_info = get_site_option('mo2f_download_info');
|
120 |
+
if(! $download_info){
|
121 |
+
$download_info = array("plugin_count"=>0, "theme_count"=>0, "stage"=> "core");
|
122 |
+
}else{
|
123 |
+
$download_info['stage'] = "core";
|
124 |
+
}
|
125 |
+
update_site_option('mo2f_download_info', $download_info);
|
126 |
+
if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
|
127 |
+
$result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
|
128 |
+
if($result === -99){
|
129 |
+
$scan_config['check_repo'] = 0;
|
130 |
+
$repo_check_status_code = -99;
|
131 |
+
}else if($result === -95){
|
132 |
+
$scan_config['check_repo'] = 0;
|
133 |
+
$repo_check_status_code = -95;
|
134 |
+
}else if(!$result){
|
135 |
+
$scan_config['check_repo'] = 0;
|
136 |
+
$repo_check_status_code = -100;
|
137 |
+
}
|
138 |
+
}
|
139 |
+
|
140 |
+
if($repo_check_status != $scan_config['check_repo']){
|
141 |
+
update_site_option('mo2f_repo_status', $repo_check_status_code);
|
142 |
+
$scan_stage_complete=6;
|
143 |
+
}else{
|
144 |
+
update_site_option('mo2f_repo_path', $wp_repo_file);
|
145 |
+
$scan_stage_complete=6;
|
146 |
+
}
|
147 |
+
}else{
|
148 |
+
$scan_stage_complete = 7;
|
149 |
+
}
|
150 |
+
|
151 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
152 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
|
153 |
+
|
154 |
+
}
|
155 |
+
|
156 |
+
function mo2f_download_plugins_wp($repo_file_path, $scan_config, $start_time, $time_limit, $reportid, $scanverification){
|
157 |
+
$repo_check_status = $scan_config['check_repo'];
|
158 |
+
$repo_check_status_code=get_site_option('mo2f_repo_status');
|
159 |
+
$flag=0;
|
160 |
+
$wp_repo_file=array();
|
161 |
+
if ( ! function_exists( 'get_plugins' ) ) {
|
162 |
+
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
163 |
+
}
|
164 |
+
if ( ! function_exists( 'plugins_api' ) ) {
|
165 |
+
require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
|
166 |
+
}
|
167 |
+
|
168 |
+
if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
|
169 |
+
if(!is_dir($repo_file_path)){
|
170 |
+
mkdir($repo_file_path);
|
171 |
+
}
|
172 |
+
$wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
|
173 |
+
if(!is_dir($wp_plugin_repo_file)){
|
174 |
+
mkdir($wp_plugin_repo_file);
|
175 |
+
}
|
176 |
+
$download_status=time();
|
177 |
+
$decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
|
178 |
+
$decoded_scan_configuration->status_download_time=$download_status;
|
179 |
+
$encoded_scan_configuration=json_encode($decoded_scan_configuration);
|
180 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
|
181 |
+
$wp_repo_file['plugins']=$wp_plugin_repo_file;
|
182 |
+
$plugin_list=get_site_transient( 'update_plugins' );
|
183 |
+
|
184 |
+
$plugin_count = sizeof($plugin_list->checked);
|
185 |
+
$download_info = array("plugin_count"=> $plugin_count, "theme_count"=>0, "stage"=>"plugins");
|
186 |
+
update_site_option('mo2f_download_info', $download_info);
|
187 |
+
|
188 |
+
$all_plugins=array();
|
189 |
+
foreach ($plugin_list as $key => $value) {
|
190 |
+
if($key=='response'||$key=='no_update'){
|
191 |
+
foreach ($value as $ke => $val) {
|
192 |
+
$all_plugins[$ke] = $val;
|
193 |
+
}
|
194 |
+
}
|
195 |
+
}
|
196 |
+
$result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins', $start_time, $time_limit,$scan_config,$reportid, $scanverification);
|
197 |
+
if($result === -99){
|
198 |
+
$scan_config['check_repo'] = 0;
|
199 |
+
$repo_check_status_code = -99;
|
200 |
+
}else if($result === -95){
|
201 |
+
$scan_config['check_repo'] = 0;
|
202 |
+
$repo_check_status_code = -95;
|
203 |
+
}else if(!$result){
|
204 |
+
$scan_config['check_repo'] = 0;
|
205 |
+
$repo_check_status_code = -100;
|
206 |
+
}else if($result === 'incomplete'){
|
207 |
+
$flag=1;
|
208 |
+
}
|
209 |
+
|
210 |
+
if($repo_check_status != $scan_config['check_repo']){
|
211 |
+
update_site_option('mo2f_repo_status', $repo_check_status_code);
|
212 |
+
$scan_stage_complete=6;
|
213 |
+
}else{
|
214 |
+
if($flag == 1){
|
215 |
+
$scan_stage_complete=3;
|
216 |
+
}else{
|
217 |
+
update_site_option('mo2f_repo_path', $wp_repo_file);
|
218 |
+
$scan_stage_complete=6;
|
219 |
+
}
|
220 |
+
}
|
221 |
+
}else{
|
222 |
+
$scan_stage_complete = 4;
|
223 |
+
}
|
224 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
225 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
|
226 |
+
|
227 |
+
}
|
228 |
+
|
229 |
+
function mo2f_download_themes_wp($repo_file_path, $scan_config, $start_time, $time_limit,$reportid, $scanverification){
|
230 |
+
$repo_check_status = $scan_config['check_repo'];
|
231 |
+
$repo_check_status_code=get_site_option('mo2f_repo_status');
|
232 |
+
$flag=0;
|
233 |
+
$wp_repo_file=get_site_option('mo2f_repo_path');
|
234 |
+
if ( ! function_exists( 'get_plugins' ) ) {
|
235 |
+
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
236 |
+
}
|
237 |
+
if ( ! function_exists( 'plugins_api' ) ) {
|
238 |
+
require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
|
239 |
+
}
|
240 |
+
|
241 |
+
if($scan_config['theme_scan'] == 1 && $scan_config['check_repo'] && ($repo_check_status_code == 0)){
|
242 |
+
if(!is_dir($repo_file_path)){
|
243 |
+
mkdir($repo_file_path);
|
244 |
+
}
|
245 |
+
$wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
|
246 |
+
if(!is_dir($wp_theme_repo_file)){
|
247 |
+
mkdir($wp_theme_repo_file);
|
248 |
+
}
|
249 |
+
$download_status=time();
|
250 |
+
$decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
|
251 |
+
$decoded_scan_configuration->status_download_time=$download_status;
|
252 |
+
$encoded_scan_configuration=json_encode($decoded_scan_configuration);
|
253 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
|
254 |
+
$wp_repo_file['themes']=$wp_theme_repo_file;
|
255 |
+
$all_themes=get_site_transient( 'update_themes' )->checked;
|
256 |
+
|
257 |
+
$theme_count = sizeof($all_themes);
|
258 |
+
$download_info = get_site_option('mo2f_download_info');
|
259 |
+
if(! $download_info){
|
260 |
+
$download_info = array("plugin_count"=>0, "theme_count"=> $theme_count, "stage"=> "themes");
|
261 |
+
}else{
|
262 |
+
$download_info['theme_count'] = $theme_count;
|
263 |
+
$download_info['stage'] = "themes";
|
264 |
+
}
|
265 |
+
update_site_option('mo2f_download_info', $download_info);
|
266 |
+
|
267 |
+
$result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes', $start_time, $time_limit,$scan_config,$reportid,$scanverification);
|
268 |
+
if($result === -99){
|
269 |
+
$scan_config['check_repo'] = 0;
|
270 |
+
$repo_check_status_code = -99;
|
271 |
+
}else if($result === -95){
|
272 |
+
$scan_config['check_repo'] = 0;
|
273 |
+
$repo_check_status_code = -95;
|
274 |
+
}else if(!$result){
|
275 |
+
$scan_config['check_repo'] = 0;
|
276 |
+
$repo_check_status_code = -100;
|
277 |
+
}else if($result === 'incomplete'){
|
278 |
+
$flag=1;
|
279 |
+
}
|
280 |
+
|
281 |
+
if($repo_check_status != $scan_config['check_repo']){
|
282 |
+
update_site_option('mo2f_repo_status', $repo_check_status_code);
|
283 |
+
$scan_stage_complete=6;
|
284 |
+
}else{
|
285 |
+
if($flag == 1){
|
286 |
+
$scan_stage_complete=4;
|
287 |
+
|
288 |
+
}else{
|
289 |
+
update_site_option('mo2f_repo_path', $wp_repo_file);
|
290 |
+
$scan_stage_complete=6;
|
291 |
+
}
|
292 |
+
}
|
293 |
+
}else{
|
294 |
+
$scan_stage_complete = 5;
|
295 |
+
}
|
296 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
297 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
|
298 |
+
}
|
299 |
+
|
300 |
+
function iterator_plugins_themes($themes_or_plugins, $path, $type='', $start_time, $time_limit, $scan_config,$reportid, $scanverification){
|
301 |
+
$downloaded_already= get_site_option('mo2f_download_done');
|
302 |
+
if($downloaded_already == false){
|
303 |
+
$downloaded_already=0;
|
304 |
+
}
|
305 |
+
$i=0;
|
306 |
+
foreach($themes_or_plugins as $key => $data){
|
307 |
+
$i++;
|
308 |
+
$exec_status= $this->check_exec_limit($start_time, $time_limit);
|
309 |
+
if(! $exec_status){//wp_remote_get
|
310 |
+
update_site_option('mo2f_download_done', $i-1);
|
311 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
312 |
+
if($type=='plugins'){
|
313 |
+
$scan_stage_complete=3;
|
314 |
+
}else if($type=='themes'){
|
315 |
+
$scan_stage_complete=4;
|
316 |
+
}
|
317 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $scan_stage_complete);
|
318 |
+
return 'incomplete';
|
319 |
+
}
|
320 |
+
if($i <= $downloaded_already){
|
321 |
+
continue;
|
322 |
+
}
|
323 |
+
if($type=='plugins'){
|
324 |
+
if(! file_exists(WP_PLUGIN_DIR.DIRECTORY_SEPARATOR.$data->plugin)){
|
325 |
+
continue;
|
326 |
+
}
|
327 |
+
$plugin_slug=$data->slug;
|
328 |
+
update_site_option('mo2f_current_repo_key', $plugin_slug);
|
329 |
+
$plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
|
330 |
+
$plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
|
331 |
+
$plugin_version=$plugin_data['Version'];
|
332 |
+
if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
|
333 |
+
$result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
|
334 |
+
if($result === -99){
|
335 |
+
return -99;
|
336 |
+
}else if($result === -95){
|
337 |
+
return -95;
|
338 |
+
}else if(!$result){
|
339 |
+
return false;
|
340 |
+
}else{
|
341 |
+
update_site_option('mo2f_download_done', $i);
|
342 |
+
return true;
|
343 |
+
}
|
344 |
+
}
|
345 |
+
} else if($type=='themes'){
|
346 |
+
$installed_themes = wp_get_themes();
|
347 |
+
$flag_theme=0;
|
348 |
+
foreach ($installed_themes as $theme_name => $attributes) {
|
349 |
+
if($key == $theme_name){
|
350 |
+
$flag_theme=1;
|
351 |
+
break;
|
352 |
+
}
|
353 |
+
}
|
354 |
+
if(!is_dir($path.DIRECTORY_SEPARATOR.$key) && $flag_theme == 1){
|
355 |
+
update_site_option('mo2f_current_repo_key', $key);
|
356 |
+
$result= $this->download_repo($key, $data, $path, $type);
|
357 |
+
if($result === -99){
|
358 |
+
return -99;
|
359 |
+
}else if($result === -95){
|
360 |
+
return -95;
|
361 |
+
}else if(!$result){
|
362 |
+
return false;
|
363 |
+
}else{
|
364 |
+
update_site_option('mo2f_download_done', $i);
|
365 |
+
return true;
|
366 |
+
}
|
367 |
+
}
|
368 |
+
}
|
369 |
+
}
|
370 |
+
return true;
|
371 |
+
}
|
372 |
+
|
373 |
+
function download_repo($zip_name, $version, $path, $type=''){
|
374 |
+
if ($type=='plugins') {
|
375 |
+
$download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
|
376 |
+
$plugin_name=$zip_name.'.'.$version;
|
377 |
+
|
378 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
379 |
+
if( $download_result){
|
380 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
381 |
+
return $result;
|
382 |
+
}else {
|
383 |
+
$download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
|
384 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
385 |
+
if( $download_result){
|
386 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
387 |
+
return $result;
|
388 |
+
}else {
|
389 |
+
$connectivity = $this->check_net_connectivity();
|
390 |
+
if($connectivity){
|
391 |
+
return -99;
|
392 |
+
}else{
|
393 |
+
return -95;
|
394 |
+
}
|
395 |
+
|
396 |
+
}
|
397 |
+
return -99;
|
398 |
+
}
|
399 |
+
} else if($type=='themes'){
|
400 |
+
$theme_name=$zip_name.'.'.$version;
|
401 |
+
$download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
|
402 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
403 |
+
if( $download_result){
|
404 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
405 |
+
return $result;
|
406 |
+
}else {
|
407 |
+
$download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
|
408 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
|
409 |
+
if( $download_result){
|
410 |
+
$result = $this->unzip_downloaded_repo($zip_name, $path);
|
411 |
+
return $result;
|
412 |
+
}else {
|
413 |
+
$connectivity = $this->check_net_connectivity();
|
414 |
+
if($connectivity){
|
415 |
+
error_log("Unable to download Theme: ".$theme_name);
|
416 |
+
return -99;
|
417 |
+
}else{
|
418 |
+
return -95;
|
419 |
+
}
|
420 |
+
|
421 |
+
}
|
422 |
+
return -99;
|
423 |
+
}
|
424 |
+
} else {
|
425 |
+
update_site_option('mo2f_current_repo_key', 'core');
|
426 |
+
$download_link="https://wordpress.org/wordpress-".$version.".zip";
|
427 |
+
$download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
|
428 |
+
if($download_result){
|
429 |
+
$result=$this->unzip_downloaded_repo($zip_name, $path);
|
430 |
+
return $result;
|
431 |
+
} else {
|
432 |
+
$connectivity = $this->check_net_connectivity();
|
433 |
+
if($connectivity){
|
434 |
+
error_log("Unable to download wordpress-".$version);
|
435 |
+
return -99;
|
436 |
+
}else{
|
437 |
+
return -95;
|
438 |
+
}
|
439 |
+
}
|
440 |
+
}
|
441 |
+
return false;
|
442 |
+
}
|
443 |
+
|
444 |
+
function check_net_connectivity(){
|
445 |
+
$hostname = 'wordpress.org';
|
446 |
+
$flag=0;
|
447 |
+
for ($i=0; $i <3 ; $i++) {
|
448 |
+
$net_connection = $this->mo_wpns_check_malware_server_status($hostname);
|
449 |
+
if($net_connection){
|
450 |
+
$flag=1;
|
451 |
+
break;
|
452 |
+
}else{
|
453 |
+
sleep(5);
|
454 |
+
}
|
455 |
+
}
|
456 |
+
if($flag){
|
457 |
+
return true;
|
458 |
+
}else{
|
459 |
+
return false;
|
460 |
+
}
|
461 |
+
}
|
462 |
+
|
463 |
+
function unzip_downloaded_repo($name, $path){
|
464 |
+
$zip = new ZipArchive;
|
465 |
+
$folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
|
466 |
+
$res = $zip->open($folder_path);
|
467 |
+
if ($res === TRUE) {
|
468 |
+
// extract it to the path we determined above
|
469 |
+
$result = $zip->extractTo($path);
|
470 |
+
$zip->close();
|
471 |
+
if ($name == get_site_option('downloaded_wordpress_repo_name')) {
|
472 |
+
rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
|
473 |
+
}
|
474 |
+
unlink($folder_path);
|
475 |
+
return true;
|
476 |
+
} else {
|
477 |
+
return false;
|
478 |
+
}
|
479 |
+
}
|
480 |
+
|
481 |
+
function mo_wpns_check_malware_server_status($host){
|
482 |
+
$fsock = @fsockopen($host, 80, $errno, $errstr, 5);
|
483 |
+
if ( ! $fsock ){
|
484 |
+
return FALSE;
|
485 |
+
}else{
|
486 |
+
fclose($fsock);
|
487 |
+
return TRUE;
|
488 |
+
}
|
489 |
+
}
|
490 |
+
|
491 |
+
function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
|
492 |
+
$response = null;
|
493 |
+
$ch=curl_init($host);
|
494 |
+
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
|
495 |
+
curl_setopt( $ch, CURLOPT_ENCODING, "" );
|
496 |
+
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
|
497 |
+
curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
|
498 |
+
curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
|
499 |
+
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
|
500 |
+
curl_setopt( $ch, CURLOPT_POST, true );
|
501 |
+
curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
|
502 |
+
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
|
503 |
+
$results=curl_exec($ch);
|
504 |
+
curl_close($ch);
|
505 |
+
if($results==false){
|
506 |
+
|
507 |
+
}else{
|
508 |
+
$result = json_decode($results, true);
|
509 |
+
if(isset($result['status'])){
|
510 |
+
if ($result['status'] == 'success') {
|
511 |
+
if($result['result']!='OK')
|
512 |
+
$response = $result['result'];
|
513 |
+
}else if($result['status']=='error'){
|
514 |
+
error_log("Exception on server");
|
515 |
+
}
|
516 |
+
}else if(strpos($results, 'Summary')){
|
517 |
+
|
518 |
+
}else{
|
519 |
+
error_log("Any other issues on server");
|
520 |
+
}
|
521 |
+
}
|
522 |
+
return $response;
|
523 |
+
}
|
524 |
+
|
525 |
+
function check_with_repo_files($file_content, $repo_file_path){
|
526 |
+
$issues = array();
|
527 |
+
if(file_exists($repo_file_path)){
|
528 |
+
$content=@file_get_contents($repo_file_path);
|
529 |
+
$hash_repo = md5($content);
|
530 |
+
$hash_file = md5($file_content);
|
531 |
+
if ($hash_file != $hash_repo) {
|
532 |
+
$flag=1;
|
533 |
+
$issues=array("exist" => "Mismatch in Files");
|
534 |
+
}
|
535 |
+
} else {
|
536 |
+
$issues=array('exist'=>'Unwanted File Found');
|
537 |
+
}
|
538 |
+
return $issues;
|
539 |
+
}
|
540 |
+
|
541 |
+
function getlines($contents, $href){
|
542 |
+
$newissues = 0;
|
543 |
+
$lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
|
544 |
+
for($i=0; $i<count($lines); $i++){
|
545 |
+
$line = $lines[$i];
|
546 |
+
if (strpos($line, $href) !== false) {
|
547 |
+
$newissues = $i+1;
|
548 |
+
}
|
549 |
+
}
|
550 |
+
return $newissues;
|
551 |
+
}
|
552 |
+
|
553 |
+
function check_external_link($contents){
|
554 |
+
$issues = array();
|
555 |
+
$hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\']+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
|
556 |
+
if(isset($hrefs[1])){
|
557 |
+
foreach($hrefs[1] as $href){
|
558 |
+
if($this->isexternal($href)){
|
559 |
+
$line=$this->getlines($contents, $href);
|
560 |
+
$issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
|
561 |
+
}
|
562 |
+
}
|
563 |
+
}
|
564 |
+
return $issues;
|
565 |
+
}
|
566 |
+
|
567 |
+
function isexternal($url) {
|
568 |
+
$url = trim($url);
|
569 |
+
$url = trim($url,';');
|
570 |
+
$url = trim($url,'(');
|
571 |
+
$url = trim($url,')');
|
572 |
+
$url = trim($url,"'");
|
573 |
+
$url = trim($url,'"');
|
574 |
+
$components = parse_url($url);
|
575 |
+
if(isset($components['host'])){
|
576 |
+
if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot|php.net)/i', $components['host']) === 1) {}
|
577 |
+
else{
|
578 |
+
if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
|
579 |
+
return true;
|
580 |
+
}
|
581 |
+
}
|
582 |
+
}
|
583 |
+
return false;
|
584 |
+
}
|
585 |
+
|
586 |
+
function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
|
587 |
+
|
588 |
+
$flag = 1;
|
589 |
+
$argument = "";
|
590 |
+
$line = "";
|
591 |
+
$issue = array();
|
592 |
+
for($j=$start; $j< sizeof($tokens); $j++) {
|
593 |
+
$innertoken = $tokens[$j];
|
594 |
+
if ($flag==1 && is_array($innertoken)) {
|
595 |
+
$argument .= $innertoken[1];
|
596 |
+
if(empty($line))
|
597 |
+
$line = $innertoken[2];
|
598 |
+
} else if($innertoken==";"){
|
599 |
+
$argument .= ";";
|
600 |
+
if($checkForExternalLink){
|
601 |
+
if($this->isexternal($argument)){
|
602 |
+
$issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
|
603 |
+
}
|
604 |
+
} else {
|
605 |
+
$issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
|
606 |
+
}
|
607 |
+
break;
|
608 |
+
} else if($flag==1){
|
609 |
+
$argument .= $innertoken;
|
610 |
+
}
|
611 |
+
}
|
612 |
+
return $issue;
|
613 |
+
}
|
614 |
+
|
615 |
+
function remove_dir($repo_path){
|
616 |
+
$dir=$repo_path;
|
617 |
+
$it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
|
618 |
+
$files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
|
619 |
+
foreach($files as $file) {
|
620 |
+
if ($file->isDir()){
|
621 |
+
rmdir($file->getPathname());
|
622 |
+
} else {
|
623 |
+
unlink($file->getPathname());
|
624 |
+
}
|
625 |
+
}
|
626 |
+
rmdir($dir);
|
627 |
+
}
|
628 |
+
|
629 |
+
function count_total_files($folder_paths, $base, $scan_config){
|
630 |
+
|
631 |
+
$plugin_list=get_site_transient( 'update_plugins' );
|
632 |
+
$q = $plugin_list->checked;
|
633 |
+
$plugin_array = array();
|
634 |
+
foreach ($q as $key => $value) {
|
635 |
+
if(strpos($key, '/')){
|
636 |
+
$a=explode('/', $key);
|
637 |
+
array_push($plugin_array, $a[0]);
|
638 |
+
}else{
|
639 |
+
array_push($plugin_array, $key);
|
640 |
+
}
|
641 |
+
}
|
642 |
+
$all_themes=get_site_transient( 'update_themes' )->checked;
|
643 |
+
$theme_array = array();
|
644 |
+
foreach ($all_themes as $key => $value) {
|
645 |
+
array_push($theme_array, $key);
|
646 |
+
}
|
647 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
648 |
+
$file_count=0;
|
649 |
+
$nooffiles=0;
|
650 |
+
$file_path_array=array();
|
651 |
+
$skip_path_array= array();
|
652 |
+
$folder_skip_array=array();
|
653 |
+
$extensions = array();
|
654 |
+
$files_number = 0;
|
655 |
+
if($scan_config['type_scan'] == "Custom Scan"){
|
656 |
+
$file_ext = $scan_config['file_extension'];
|
657 |
+
if(empty($file_ext)){
|
658 |
+
|
659 |
+
}else{
|
660 |
+
if(strpos($file_ext,';') !=false){
|
661 |
+
$extensions = explode(";", $file_ext);
|
662 |
+
}else{
|
663 |
+
array_push($extensions, $file_ext);
|
664 |
+
}
|
665 |
+
}
|
666 |
+
$folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
|
667 |
+
|
668 |
+
for($i=0; $i<count($folder_skip_array); $i++){
|
669 |
+
$pathParts = explode('/', $folder_skip_array[$i]);
|
670 |
+
$n= sizeof($pathParts)-1;
|
671 |
+
$folder= $pathParts[$n];
|
672 |
+
array_push($skip_path_array, $folder);
|
673 |
+
}
|
674 |
+
}
|
675 |
+
foreach ($folder_paths as $key_path => $value) {
|
676 |
+
$file_list= list_files($value,100);
|
677 |
+
if(isset($folder_paths['base'])){
|
678 |
+
if($key_path == 'base'){
|
679 |
+
$files_number = sizeof($file_list);
|
680 |
+
}
|
681 |
+
}else{
|
682 |
+
$files_number+= sizeof($file_list);
|
683 |
+
}
|
684 |
+
foreach ($file_list as $key => $value1) {
|
685 |
+
|
686 |
+
$source_file_path= $value1;
|
687 |
+
|
688 |
+
if(is_dir($source_file_path)){
|
689 |
+
continue;
|
690 |
+
}
|
691 |
+
$source_file_path_for_explode = str_replace('/', '\\', $source_file_path);
|
692 |
+
$arr= explode('\\', $source_file_path_for_explode);
|
693 |
+
$theme_path=get_theme_root();
|
694 |
+
if ($value == $base && ($scan_config['core_scan'] == 1)){
|
695 |
+
if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
|
696 |
+
|
697 |
+
}else{
|
698 |
+
continue;
|
699 |
+
}
|
700 |
+
}elseif ($value == WP_PLUGIN_DIR && $arr[count($arr)-1]=='index.php'){
|
701 |
+
continue;
|
702 |
+
}elseif ($value == $theme_path && $arr[count($arr)-1]=='index.php'){
|
703 |
+
continue;
|
704 |
+
}
|
705 |
+
$ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
|
706 |
+
if($scan_config['type_scan'] == "Custom Scan"){
|
707 |
+
$flag_skip=0;
|
708 |
+
if (!empty($folder_skip_array)) {
|
709 |
+
for($q=0; $q<count($skip_path_array); $q++){
|
710 |
+
if(strpos($source_file_path, $skip_path_array[$q])){
|
711 |
+
$flag_skip=1;
|
712 |
+
break;
|
713 |
+
}
|
714 |
+
}
|
715 |
+
}
|
716 |
+
if($flag_skip == 1){
|
717 |
+
continue;
|
718 |
+
}
|
719 |
+
|
720 |
+
if(!empty($extensions)){
|
721 |
+
if(!in_array($ext, $extensions)){
|
722 |
+
continue;
|
723 |
+
}
|
724 |
+
}
|
725 |
+
}
|
726 |
+
if(in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw'))){
|
727 |
+
continue;
|
728 |
+
}
|
729 |
+
$file_count++;
|
730 |
+
$nooffiles=$nooffiles+1;
|
731 |
+
|
732 |
+
if(in_array('wp-content', $arr) && in_array('plugins', $arr)){//plugins file
|
733 |
+
foreach ($plugin_array as $arr_index => $key_repo) {
|
734 |
+
if(in_array($key_repo, $arr)){
|
735 |
+
$repo_key = $key_repo;
|
736 |
+
break;
|
737 |
+
}
|
738 |
+
}
|
739 |
+
}
|
740 |
+
else if(in_array('wp-content', $arr) && in_array('themes', $arr)){//themes file
|
741 |
+
foreach ($theme_array as $arr_index => $key_repo) {
|
742 |
+
if(in_array($key_repo, $arr)){
|
743 |
+
$repo_key = $key_repo;
|
744 |
+
break;
|
745 |
+
}
|
746 |
+
}
|
747 |
+
}
|
748 |
+
else{//core file
|
749 |
+
$repo_key = 'core';
|
750 |
+
}
|
751 |
+
|
752 |
+
$file_path_array[$nooffiles]= array("file"=> $source_file_path, "key"=>$repo_key);
|
753 |
+
if($nooffiles>0 && $nooffiles%100==0){
|
754 |
+
$mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
|
755 |
+
$nooffiles=0;
|
756 |
+
$file_path_array=array();
|
757 |
+
}
|
758 |
+
}
|
759 |
+
$mo2f_malware_db_handler->insert_files_in_parts($file_path_array);
|
760 |
+
$nooffiles=0;
|
761 |
+
$file_path_array=array();
|
762 |
+
$decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
|
763 |
+
$decoded_scan_status->total_files=$file_count;
|
764 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
765 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_status);
|
766 |
+
$mo2f_files_skipped = $files_number-$file_count;
|
767 |
+
update_site_option('mo2f_files_skipped', $mo2f_files_skipped);
|
768 |
+
}
|
769 |
+
}
|
770 |
+
|
771 |
+
function averageFileScanTime($currentFileScanTime,$currentScanFileCount,$averageFileScanTime,$previous_scanned){
|
772 |
+
|
773 |
+
if($previous_scanned!=0 || $currentScanFileCount!=0) {
|
774 |
+
try {
|
775 |
+
$totalTime = (float)($averageFileScanTime * $previous_scanned);
|
776 |
+
$timeDifference = time() - $currentFileScanTime;
|
777 |
+
$avergaeTimeEachFile = (float)(( $totalTime + $timeDifference )) / (float)(( $previous_scanned + $currentScanFileCount ));
|
778 |
+
|
779 |
+
} catch ( Exception $e ) {
|
780 |
+
$avergaeTimeEachFile = 0;
|
781 |
+
}
|
782 |
+
}else{
|
783 |
+
$avergaeTimeEachFile = 0;
|
784 |
+
}
|
785 |
+
return $avergaeTimeEachFile;
|
786 |
+
}
|
787 |
+
|
788 |
+
function get_scan_result_parts($mo2f_malware_db_handler=null, $folderpaths=array(), $scan_config, $start_time, $time_limit){
|
789 |
+
if(!empty($folderpaths)){
|
790 |
+
if ( in_array( 'curl', get_loaded_extensions() ) ) {
|
791 |
+
$scanresults=array();
|
792 |
+
$nooffiles=0;
|
793 |
+
$decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
|
794 |
+
$previous_scanned = $decoded_scan_status->files_scanned;
|
795 |
+
$previous_processed_files=$decoded_scan_status->total_files_processed;
|
796 |
+
$scan_malware_count = 0;
|
797 |
+
$repo_issue_count = 0;
|
798 |
+
$malicious_link_count = 0;
|
799 |
+
$file_ext = $scan_config['file_extension'];
|
800 |
+
$host = MoWpnsConstants::$host;
|
801 |
+
$extensions = array();
|
802 |
+
$hostname = MoWpnsConstants::$hostname;
|
803 |
+
$malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
|
804 |
+
if(empty($file_ext)){
|
805 |
+
}else{
|
806 |
+
if(strpos($file_ext,';') !=false){
|
807 |
+
$extensions = explode(";", $file_ext);
|
808 |
+
}else{
|
809 |
+
array_push($extensions, $file_ext);
|
810 |
+
}
|
811 |
+
}
|
812 |
+
$folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
|
813 |
+
$skip_path_array= array();
|
814 |
+
for($i=0; $i<count($folder_skip_array); $i++){
|
815 |
+
$pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
|
816 |
+
$n= sizeof($pathParts)-1;
|
817 |
+
$folder= $pathParts[$n];
|
818 |
+
array_push($skip_path_array, $folder);
|
819 |
+
}
|
820 |
+
$enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
|
821 |
+
$currentFileScanTime=time();
|
822 |
+
$currentScanFileCount=$nooffiles;
|
823 |
+
$avergaeTimeEachFile=0;//in miliseconds
|
824 |
+
foreach ($folderpaths as $value) {
|
825 |
+
$status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
|
826 |
+
|
827 |
+
if(!$status){//wp_remote_get
|
828 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
829 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
830 |
+
$mo_wpns_files_scanned=(0.7*$nooffiles)+$previous_scanned;
|
831 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
832 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
833 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
834 |
+
return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
|
835 |
+
//time limit close by. Returned status of current scan. Update DB and make next request.
|
836 |
+
}
|
837 |
+
|
838 |
+
$scanresult=array();
|
839 |
+
$source_file_path=$value->path;
|
840 |
+
if(!file_exists($source_file_path)){
|
841 |
+
$nooffiles++;
|
842 |
+
continue;
|
843 |
+
}
|
844 |
+
|
845 |
+
$source_file_path_size = str_replace("\\", "/", $source_file_path);
|
846 |
+
|
847 |
+
$ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
|
848 |
+
$ext= strtolower($ext);
|
849 |
+
if(!((filesize($source_file_path_size) < 1048576)) ){
|
850 |
+
$excess_size = get_site_option('mo2f_file_size_excess');
|
851 |
+
update_site_option('mo2f_file_size_excess', $excess_size+1);
|
852 |
+
$nooffiles++;
|
853 |
+
continue;
|
854 |
+
}
|
855 |
+
$extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
|
856 |
+
if($extns){
|
857 |
+
$nooffiles++;
|
858 |
+
if((0.7*$nooffiles) > 50){
|
859 |
+
$mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
|
860 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
861 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
862 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
863 |
+
|
864 |
+
}
|
865 |
+
}
|
866 |
+
|
867 |
+
$hash_of_file= md5_file($source_file_path);
|
868 |
+
$res=$mo2f_malware_db_handler->check_hash($hash_of_file);
|
869 |
+
$datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
|
870 |
+
$scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
|
871 |
+
$malware_status = $scanmalware? 0 : 1;
|
872 |
+
|
873 |
+
if(!empty($res) && !$scanmalware ){
|
874 |
+
}
|
875 |
+
else{
|
876 |
+
$flag_update=0;
|
877 |
+
if((filesize($source_file_path_size) < 1048576) ){
|
878 |
+
$file_content=file_get_contents($source_file_path);
|
879 |
+
|
880 |
+
if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
|
881 |
+
$malware_status = 1;
|
882 |
+
$cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
|
883 |
+
$postdata = array('file' => $cfile);
|
884 |
+
|
885 |
+
$content_type = 'multipart/form-data';
|
886 |
+
$issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
|
887 |
+
if ($issues) {
|
888 |
+
$scan_malware_count++;
|
889 |
+
$scanresult['scan'] = $issues;
|
890 |
+
$flag_update=1;
|
891 |
+
}
|
892 |
+
}else{
|
893 |
+
|
894 |
+
}
|
895 |
+
}
|
896 |
+
|
897 |
+
if($flag_update == 0){
|
898 |
+
$malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
|
899 |
+
$repo_status=0;
|
900 |
+
$link_status=0;
|
901 |
+
$scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
|
902 |
+
if(empty($res)){
|
903 |
+
$mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
|
904 |
+
}else{
|
905 |
+
$mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
|
906 |
+
}
|
907 |
+
}else{
|
908 |
+
$infected_files=get_site_option('mo_wpns_infected_files');
|
909 |
+
$infected_files++;
|
910 |
+
update_site_option('mo_wpns_infected_files', $infected_files);
|
911 |
+
}
|
912 |
+
}
|
913 |
+
if(!empty($scanresult))
|
914 |
+
$scanresults[$source_file_path]=$scanresult;
|
915 |
+
|
916 |
+
}
|
917 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
918 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
919 |
+
$mo_wpns_files_scanned=((0.7*$nooffiles)+$previous_scanned);
|
920 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
921 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
922 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
923 |
+
|
924 |
+
return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
|
925 |
+
}else{
|
926 |
+
return array('message'=>'CURL not installed on the server.');
|
927 |
+
}
|
928 |
+
} else {
|
929 |
+
return array('message'=>'No folder selected for scanning.');
|
930 |
+
}
|
931 |
+
}
|
932 |
+
|
933 |
+
function scan_for_ext_link($files_to_scan, $scan_config, $start_time, $time_limit, $reportid){
|
934 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
935 |
+
$scanresults=array();
|
936 |
+
$decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
|
937 |
+
$previous_scanned = $decoded_scan_status->files_scanned;
|
938 |
+
$currentFileScanTime=time();
|
939 |
+
$nooffiles=0;
|
940 |
+
$malicious_link_count=0;
|
941 |
+
$previous_processed_files=$decoded_scan_status->total_files_processed;
|
942 |
+
foreach ($files_to_scan as $value) {
|
943 |
+
$status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
|
944 |
+
if(!$status){//wp_remote_get
|
945 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
946 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
947 |
+
$mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
|
948 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
949 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
950 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
951 |
+
return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
|
952 |
+
}
|
953 |
+
$flag_update=0;
|
954 |
+
$nooffiles++;
|
955 |
+
if((0.15*$nooffiles)> 50){// remove get_site_option
|
956 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
957 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
958 |
+
$mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
|
959 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
960 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
961 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
962 |
+
}
|
963 |
+
$source_file_path=$value->path;
|
964 |
+
if(!file_exists($source_file_path)){
|
965 |
+
continue;
|
966 |
+
}
|
967 |
+
if(filesize($source_file_path) > 5242880){//5MB size limit
|
968 |
+
$excess_size = get_site_option('mo2f_file_size_excess');
|
969 |
+
update_site_option('mo2f_file_size_excess', $excess_size+1);
|
970 |
+
}
|
971 |
+
|
972 |
+
$hash_of_file= md5_file($source_file_path);
|
973 |
+
$res=$mo2f_malware_db_handler->check_hash($hash_of_file);
|
974 |
+
$datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
|
975 |
+
$extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
|
976 |
+
$link_status = $extlink? 0 : 1;
|
977 |
+
if(is_array($datascan)){
|
978 |
+
$malware_status= $datascan['malware'];
|
979 |
+
}else{
|
980 |
+
$malware_status=0;
|
981 |
+
}
|
982 |
+
|
983 |
+
$scanresult=array();
|
984 |
+
|
985 |
+
$file_content=file_get_contents($source_file_path);
|
986 |
+
if($scan_config['ext_link_check'] == 1 && $extlink){
|
987 |
+
$link_status=1;
|
988 |
+
$elresult= $this->check_external_link($file_content);
|
989 |
+
if(!empty($elresult)){
|
990 |
+
$malicious_link_count++;
|
991 |
+
$flag_update=1;
|
992 |
+
$scanresult['extl']=$elresult;
|
993 |
+
}
|
994 |
+
}
|
995 |
+
|
996 |
+
if($flag_update == 0){
|
997 |
+
$link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
|
998 |
+
$repo_status=0;
|
999 |
+
|
1000 |
+
$scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
|
1001 |
+
$infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
|
1002 |
+
$file_already_infected=false;
|
1003 |
+
foreach ($infected_array as $key => $value) {
|
1004 |
+
if($value->filename == $source_file_path){
|
1005 |
+
$file_already_infected=true;
|
1006 |
+
break;
|
1007 |
+
}
|
1008 |
+
}
|
1009 |
+
|
1010 |
+
if($file_already_infected){
|
1011 |
+
|
1012 |
+
}elseif(empty($res)){
|
1013 |
+
$mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
|
1014 |
+
}else{
|
1015 |
+
$mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
|
1016 |
+
}
|
1017 |
+
}else{
|
1018 |
+
$infected_files=get_site_option('mo_wpns_warning_files');
|
1019 |
+
$infected_files++;
|
1020 |
+
update_site_option('mo_wpns_warning_files', $infected_files);
|
1021 |
+
}
|
1022 |
+
if(!empty($scanresult))
|
1023 |
+
$scanresults[$source_file_path]=$scanresult;
|
1024 |
+
}
|
1025 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
1026 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
1027 |
+
$mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
|
1028 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
1029 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
1030 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
1031 |
+
return array('file_count'=> $nooffiles, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
|
1032 |
+
}
|
1033 |
+
|
1034 |
+
function scan_with_repo($files_to_scan, $scan_config, $start_time, $time_limit, $reportid, $repo_file_path){
|
1035 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
1036 |
+
$scanresults=array();
|
1037 |
+
$default_themes = array('twentynineteen', 'twentyseventeen', 'twentysixteen', 'twentytwenty');
|
1038 |
+
$decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
|
1039 |
+
$previous_scanned = $decoded_scan_status->files_scanned;
|
1040 |
+
$previous_processed_files=$decoded_scan_status->total_files_processed;
|
1041 |
+
$nooffiles=0;
|
1042 |
+
$repo_issue_count=0;
|
1043 |
+
$currentFileScanTime=time();
|
1044 |
+
foreach ($files_to_scan as $value) {
|
1045 |
+
$status=$this->check_exec_limit($start_time, $time_limit);//check limit for each file.
|
1046 |
+
if(!$status){//wp_remote_get
|
1047 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
1048 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
1049 |
+
$mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
|
1050 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
1051 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
1052 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
1053 |
+
return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
|
1054 |
+
//time limit close by. Returned status of current scan. Update DB and make next request.
|
1055 |
+
}
|
1056 |
+
$flag_update=0;
|
1057 |
+
$nooffiles++;
|
1058 |
+
if((0.15*$nooffiles) > 50){
|
1059 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
1060 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
1061 |
+
$mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
|
1062 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
1063 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
1064 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
1065 |
+
}
|
1066 |
+
$source_file_path=$value->path;
|
1067 |
+
if(!file_exists($source_file_path)){
|
1068 |
+
continue;
|
1069 |
+
}
|
1070 |
+
if(filesize($source_file_path) > 5242880){//5MB size limit
|
1071 |
+
$excess_size = get_site_option('mo2f_file_size_excess');
|
1072 |
+
update_site_option('mo2f_file_size_excess', $excess_size+1);
|
1073 |
+
}
|
1074 |
+
$hash_of_file= md5_file($source_file_path);
|
1075 |
+
$res=$mo2f_malware_db_handler->check_hash($hash_of_file);
|
1076 |
+
$datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
|
1077 |
+
$repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
|
1078 |
+
$repo_status = $repocheck? 0 : 1;
|
1079 |
+
if(is_array($datascan)){
|
1080 |
+
$malware_status = $datascan['malware'];
|
1081 |
+
$link_status = $datascan['ext_link'];
|
1082 |
+
}else{
|
1083 |
+
$malware_status=0;
|
1084 |
+
$link_status=0;
|
1085 |
+
}
|
1086 |
+
$scanresult=array();
|
1087 |
+
|
1088 |
+
if($repocheck){
|
1089 |
+
$file_content=file_get_contents($source_file_path);
|
1090 |
+
$file_path_slash_correction = str_replace('/', '\\', $source_file_path);
|
1091 |
+
$source_file_path_array=explode("\\", $file_path_slash_correction);
|
1092 |
+
$theme_flag=0;
|
1093 |
+
foreach ($default_themes as $theme_key) {
|
1094 |
+
if(in_array($theme_key, $source_file_path_array)){
|
1095 |
+
$theme_flag=1;
|
1096 |
+
break;
|
1097 |
+
}
|
1098 |
+
}
|
1099 |
+
if($theme_flag){
|
1100 |
+
continue;
|
1101 |
+
}
|
1102 |
+
if(in_array('wp-content', $source_file_path_array) && !in_array('plugins', $source_file_path_array) && !in_array('themes', $source_file_path_array)){
|
1103 |
+
continue;
|
1104 |
+
}
|
1105 |
+
$repo_file_to_check=$repo_file_path;
|
1106 |
+
$path_flag=0;
|
1107 |
+
$path_key= array('wp-admin', 'wp-includes', 'plugins', 'themes');
|
1108 |
+
foreach ($path_key as $paths_key) {
|
1109 |
+
if(in_array($paths_key, $source_file_path_array)){
|
1110 |
+
$index= array_search($paths_key, $source_file_path_array);
|
1111 |
+
if($paths_key == 'wp-admin' || $paths_key == 'wp-includes'){
|
1112 |
+
$wordpress_name = get_site_option('downloaded_wordpress_repo_name');
|
1113 |
+
$repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name;
|
1114 |
+
}
|
1115 |
+
for($i=$index; $i<sizeof($source_file_path_array); $i++){
|
1116 |
+
$repo_file_to_check.=DIRECTORY_SEPARATOR.$source_file_path_array[$i];
|
1117 |
+
}
|
1118 |
+
$path_flag=1;
|
1119 |
+
|
1120 |
+
break;
|
1121 |
+
}
|
1122 |
+
}
|
1123 |
+
if($path_flag == 0){
|
1124 |
+
$last_index=sizeof($source_file_path_array)-1;
|
1125 |
+
$wordpress_name = get_site_option('downloaded_wordpress_repo_name');
|
1126 |
+
$repo_file_to_check.=DIRECTORY_SEPARATOR.$wordpress_name.DIRECTORY_SEPARATOR.$source_file_path_array[$last_index];
|
1127 |
+
}
|
1128 |
+
$repo_status=1;
|
1129 |
+
$issues = $this->check_with_repo_files($file_content, $repo_file_to_check);
|
1130 |
+
if(!empty($issues)){
|
1131 |
+
$repo_issue_count++;
|
1132 |
+
$scanresult['repo']=$issues;
|
1133 |
+
$flag_update=1;
|
1134 |
+
}
|
1135 |
+
}
|
1136 |
+
|
1137 |
+
if($flag_update == 0){
|
1138 |
+
$repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
|
1139 |
+
|
1140 |
+
$scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
|
1141 |
+
$infected_array=$mo2f_malware_db_handler->get_detail_report_with_id($reportid);
|
1142 |
+
$file_already_infected=false;
|
1143 |
+
foreach ($infected_array as $key => $value) {
|
1144 |
+
if($value->filename == $source_file_path){
|
1145 |
+
$file_already_infected=true;
|
1146 |
+
break;
|
1147 |
+
}
|
1148 |
+
}
|
1149 |
+
|
1150 |
+
if($file_already_infected){
|
1151 |
+
|
1152 |
+
}elseif(empty($res)){
|
1153 |
+
$mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
|
1154 |
+
}else{
|
1155 |
+
$mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
|
1156 |
+
}
|
1157 |
+
}else{
|
1158 |
+
$infected_files=get_site_option('mo_wpns_warning_files');
|
1159 |
+
$infected_files++;
|
1160 |
+
if(!empty($res)){
|
1161 |
+
$mo2f_malware_db_handler->delete_hash($source_file_path);
|
1162 |
+
}
|
1163 |
+
update_site_option('mo_wpns_warning_files', $infected_files);
|
1164 |
+
}
|
1165 |
+
if(!empty($scanresult))
|
1166 |
+
$scanresults[$source_file_path]=$scanresult;
|
1167 |
+
}
|
1168 |
+
$decoded_scan_status->average_time_each_file=$this->averageFileScanTime($currentFileScanTime,$nooffiles,$decoded_scan_status->average_time_each_file,$previous_processed_files);
|
1169 |
+
$decoded_scan_status->total_files_processed=$decoded_scan_status->total_files_processed+$nooffiles;
|
1170 |
+
$mo_wpns_files_scanned=(0.15*$nooffiles)+$previous_scanned;
|
1171 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
1172 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
1173 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
1174 |
+
return array('file_count'=> $nooffiles, 'repo_issues'=>$repo_issue_count, 'scan'=>$scanresults);
|
1175 |
+
}
|
1176 |
+
|
1177 |
+
function check_exec_limit($start_time, $time_limit){
|
1178 |
+
if($time_limit == 0){
|
1179 |
+
return true;
|
1180 |
+
}else{
|
1181 |
+
$time_remaining= $time_limit - (time()-$start_time);
|
1182 |
+
if($time_remaining > 10){
|
1183 |
+
return true;
|
1184 |
+
}else{
|
1185 |
+
return false;
|
1186 |
+
}
|
1187 |
+
}
|
1188 |
+
}
|
1189 |
+
|
1190 |
+
}
|
1191 |
+
new Mo_wpns_Scan_Handler_Cron;
|
1192 |
?>
|
handler/malware_scanner/scanner_set_cron.php
CHANGED
@@ -1,260 +1,305 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
class mo2f_scanner_parts
|
4 |
-
{
|
5 |
-
function __construct(){
|
6 |
-
}
|
7 |
-
|
8 |
-
|
9 |
-
function check_scan_status(){
|
10 |
-
|
11 |
-
global $wpdb;
|
12 |
-
|
13 |
-
|
14 |
-
|
15 |
-
|
16 |
-
|
17 |
-
|
18 |
-
|
19 |
-
|
20 |
-
|
21 |
-
|
22 |
-
|
23 |
-
|
24 |
-
|
25 |
-
|
26 |
-
|
27 |
-
|
28 |
-
|
29 |
-
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
|
46 |
-
$
|
47 |
-
$
|
48 |
-
|
49 |
-
|
50 |
-
|
51 |
-
|
52 |
-
|
53 |
-
|
54 |
-
|
55 |
-
|
56 |
-
|
57 |
-
|
58 |
-
|
59 |
-
|
60 |
-
|
61 |
-
|
62 |
-
$
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
|
73 |
-
|
74 |
-
|
75 |
-
|
76 |
-
|
77 |
-
|
78 |
-
|
79 |
-
|
80 |
-
|
81 |
-
|
82 |
-
|
83 |
-
|
84 |
-
|
85 |
-
|
86 |
-
|
87 |
-
|
88 |
-
|
89 |
-
|
90 |
-
|
91 |
-
|
92 |
-
|
93 |
-
|
94 |
-
|
95 |
-
|
96 |
-
|
97 |
-
|
98 |
-
|
99 |
-
|
100 |
-
|
101 |
-
|
102 |
-
|
103 |
-
|
104 |
-
|
105 |
-
|
106 |
-
|
107 |
-
|
108 |
-
|
109 |
-
|
110 |
-
|
111 |
-
|
112 |
-
|
113 |
-
|
114 |
-
|
115 |
-
|
116 |
-
|
117 |
-
|
118 |
-
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
123 |
-
|
124 |
-
|
125 |
-
|
126 |
-
|
127 |
-
|
128 |
-
|
129 |
-
|
130 |
-
|
131 |
-
|
132 |
-
|
133 |
-
|
134 |
-
|
135 |
-
|
136 |
-
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
|
141 |
-
|
142 |
-
|
143 |
-
|
144 |
-
|
145 |
-
|
146 |
-
|
147 |
-
|
148 |
-
|
149 |
-
|
150 |
-
|
151 |
-
|
152 |
-
|
153 |
-
|
154 |
-
|
155 |
-
|
156 |
-
|
157 |
-
|
158 |
-
|
159 |
-
|
160 |
-
|
161 |
-
|
162 |
-
|
163 |
-
|
164 |
-
|
165 |
-
|
166 |
-
|
167 |
-
|
168 |
-
|
169 |
-
|
170 |
-
|
171 |
-
|
172 |
-
|
173 |
-
|
174 |
-
|
175 |
-
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
$
|
186 |
-
|
187 |
-
|
188 |
-
|
189 |
-
|
190 |
-
|
191 |
-
|
192 |
-
|
193 |
-
|
194 |
-
|
195 |
-
|
196 |
-
|
197 |
-
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
223 |
-
|
224 |
-
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
$response=$
|
239 |
-
|
240 |
-
|
241 |
-
|
242 |
-
|
243 |
-
|
244 |
-
|
245 |
-
|
246 |
-
|
247 |
-
|
248 |
-
|
249 |
-
|
250 |
-
|
251 |
-
|
252 |
-
|
253 |
-
|
254 |
-
|
255 |
-
|
256 |
-
|
257 |
-
|
258 |
-
}
|
259 |
-
|
260 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class mo2f_scanner_parts
|
4 |
+
{
|
5 |
+
function __construct(){
|
6 |
+
}
|
7 |
+
|
8 |
+
|
9 |
+
function check_scan_status(){
|
10 |
+
|
11 |
+
global $wpdb;
|
12 |
+
if(is_multisite()){
|
13 |
+
$query="SELECT `meta_value` from `".$wpdb->base_prefix."sitemeta` WHERE `meta_key` = 'mo_stop_scan'";
|
14 |
+
$stop_scan= $wpdb->get_results($query);
|
15 |
+
$stop_scan_process=$stop_scan[0]->meta_value;
|
16 |
+
}else{
|
17 |
+
$query="SELECT `option_value` from `".$wpdb->base_prefix."options` WHERE `option_name` = 'mo_stop_scan'";
|
18 |
+
$stop_scan= $wpdb->get_results($query);
|
19 |
+
$stop_scan_process=$stop_scan[0]->option_value;
|
20 |
+
}
|
21 |
+
|
22 |
+
if($stop_scan_process=="1") {
|
23 |
+
$this->mo2f_end_scan();
|
24 |
+
return "1";
|
25 |
+
}
|
26 |
+
else{
|
27 |
+
return "0";
|
28 |
+
}
|
29 |
+
}
|
30 |
+
function file_cron_scan(){//main cron function
|
31 |
+
|
32 |
+
$scan_request = isset($_GET['scan_request'])? $_GET['scan_request']:false;
|
33 |
+
if($scan_request) {
|
34 |
+
$status=$this->check_scan_status();
|
35 |
+
|
36 |
+
if($status){
|
37 |
+
exit;
|
38 |
+
//abort
|
39 |
+
}
|
40 |
+
ini_set('memory_limit', '-1');
|
41 |
+
ini_set('max_execution_time', 0);
|
42 |
+
$scan_mode = isset( $_GET['scan_mode'] ) ? $_GET['scan_mode'] : false;
|
43 |
+
$scan_stage_complete = isset( $_GET['scan_stage_complete'] ) ? $_GET['scan_stage_complete'] : false;
|
44 |
+
$reportid = isset( $_GET['reportid'] ) ? $_GET['reportid'] : false;
|
45 |
+
|
46 |
+
$scanverification = isset( $_GET['scanverification'] ) ? $_GET['scanverification'] : false;
|
47 |
+
$scanverification_code = get_site_option( "mo2f_scanverification" );
|
48 |
+
if ( $scanverification != $scanverification_code ) {
|
49 |
+
error_log( "Request Does not exists" );
|
50 |
+
exit;
|
51 |
+
}
|
52 |
+
|
53 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
54 |
+
$mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
|
55 |
+
|
56 |
+
//switch case stage wise
|
57 |
+
if ( $scan_mode == 'Quick Scan' ) {
|
58 |
+
$scan_config = MoWpnsConstants::$quick_scan_configuration;
|
59 |
+
} elseif ( $scan_mode == 'Standard Scan' ) {
|
60 |
+
$scan_config = MoWpnsConstants::$standard_scan_configuration;
|
61 |
+
} else {
|
62 |
+
$scan_config = get_site_option( 'mo2f_custom_scan_config' );
|
63 |
+
}
|
64 |
+
|
65 |
+
$repo_status_code = get_site_option('mo2f_repo_status');
|
66 |
+
if ( ($scan_config['check_repo'] == 0 || $repo_status_code < 0) && $scan_stage_complete == 3 ) {//repo check not required so scan ended
|
67 |
+
|
68 |
+
$decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
|
69 |
+
$mo_wpns_files_scanned=$decoded_scan_status->total_files;
|
70 |
+
$decoded_scan_status->files_scanned=$mo_wpns_files_scanned;
|
71 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
72 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
73 |
+
$this->mo2f_end_scan();
|
74 |
+
exit;
|
75 |
+
}
|
76 |
+
|
77 |
+
$uploads_dir = wp_upload_dir();
|
78 |
+
$uploads_path= $uploads_dir['basedir'];
|
79 |
+
$repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
|
80 |
+
$current_time = time();
|
81 |
+
$time_limit = ini_get( 'max_execution_time' );
|
82 |
+
usleep(10000);//10miliseconds
|
83 |
+
switch ( $scan_stage_complete ) {
|
84 |
+
case 1:
|
85 |
+
$this->mo2f_scan_with_service( $scan_config, $reportid, $scanverification);
|
86 |
+
break;
|
87 |
+
case 2:
|
88 |
+
$this->mo2f_check_ext_link( $scan_config,$reportid,$scanverification);
|
89 |
+
break;
|
90 |
+
case 3:
|
91 |
+
$mo_wpns_scan_handler->mo2f_download_plugins_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
|
92 |
+
break;
|
93 |
+
case 4:
|
94 |
+
$mo_wpns_scan_handler->mo2f_download_themes_wp( $repo_file_path, $scan_config, $current_time, $time_limit,$reportid, $scanverification);
|
95 |
+
break;
|
96 |
+
case 5:
|
97 |
+
$mo_wpns_scan_handler->mo2f_download_core_wp( $repo_file_path, $scan_config,$reportid, $scanverification);
|
98 |
+
break;
|
99 |
+
case 6:
|
100 |
+
$this->mo2f_check_with_repo( $scan_config, $repo_file_path,$reportid,$scanverification);
|
101 |
+
break;
|
102 |
+
case 7:
|
103 |
+
$this->mo2f_end_scan();
|
104 |
+
break;
|
105 |
+
}
|
106 |
+
}
|
107 |
+
}
|
108 |
+
|
109 |
+
function mo2f_scan_with_service($scan_config, $reportid, $scanverification){
|
110 |
+
$current_time= time();
|
111 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
112 |
+
$files_to_scan=$mo2f_malware_db_handler->get_files_in_parts();
|
113 |
+
$mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
|
114 |
+
|
115 |
+
if(empty($files_to_scan)){
|
116 |
+
|
117 |
+
$last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
|
118 |
+
$scan_malware_count=$last_report[0]->malware_count;
|
119 |
+
$last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
|
120 |
+
|
121 |
+
$hostname = 'scanner.api.xecurify.com';
|
122 |
+
$malware_server_status = $mo_wpns_scan_handler->mo_wpns_check_malware_server_status($hostname);
|
123 |
+
if($malware_server_status){
|
124 |
+
$host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
|
125 |
+
$postdata = http_build_query(array('fileCount' => $last_scan, 'maliciousCount' => $scan_malware_count));
|
126 |
+
$content_type = 'application/x-www-form-urlencoded';
|
127 |
+
$lastRequest = $mo_wpns_scan_handler->mo_wpns_malware_scan_request($postdata, $host, $content_type);
|
128 |
+
}
|
129 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
130 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
|
131 |
+
|
132 |
+
}else{//sending next 100 files
|
133 |
+
$current_time= time();
|
134 |
+
$time_limit= ini_get('max_execution_time');
|
135 |
+
$result=$mo_wpns_scan_handler->get_scan_result_parts($mo2f_malware_db_handler, $files_to_scan, $scan_config, $current_time, $time_limit);
|
136 |
+
|
137 |
+
if($result['scan']){
|
138 |
+
foreach ($result['scan'] as $key => $value) {
|
139 |
+
$value=array('scan'=>'Premium');
|
140 |
+
$mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
|
141 |
+
}
|
142 |
+
}
|
143 |
+
$mo2f_malware_db_handler->update_files_scan($files_to_scan, $result['file_count']);
|
144 |
+
|
145 |
+
$last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
|
146 |
+
$result['file_count']= $last_report[0]->scanned_files + $result['file_count'];
|
147 |
+
$result['malware_count'] = $last_report[0]->malware_count + $result['malware_count'];
|
148 |
+
$result['malicious_link'] = 0;
|
149 |
+
$result['repo_issues'] = $last_report[0]->repo_issues;
|
150 |
+
|
151 |
+
$mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
|
152 |
+
|
153 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
154 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 1);
|
155 |
+
|
156 |
+
}
|
157 |
+
}
|
158 |
+
|
159 |
+
function mo2f_check_ext_link($scan_config, $reportid, $scanverification){
|
160 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
161 |
+
$files_to_scan=$mo2f_malware_db_handler->get_files_for_link();
|
162 |
+
$currentFileScanTime=time();
|
163 |
+
|
164 |
+
if(!empty($files_to_scan) && $scan_config['ext_link_check']){
|
165 |
+
$mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
|
166 |
+
$current_time= time();
|
167 |
+
$time_limit= ini_get('max_execution_time');
|
168 |
+
$response=$mo_wpns_scan_handler->scan_for_ext_link($files_to_scan, $scan_config, $current_time, $time_limit, $reportid);
|
169 |
+
|
170 |
+
if($response['scan']){
|
171 |
+
foreach ($response['scan'] as $key => $value) {
|
172 |
+
$mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
|
173 |
+
}
|
174 |
+
}
|
175 |
+
$mo2f_malware_db_handler->update_files_scan_ext_link($files_to_scan, $response['file_count']);
|
176 |
+
|
177 |
+
$last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
|
178 |
+
$response['file_count']= $last_report[0]->scanned_files;
|
179 |
+
$response['malware_count'] = $last_report[0]->malware_count;
|
180 |
+
$response['repo_issues'] = $last_report[0]->repo_issues;
|
181 |
+
$response['malicious_link'] = $last_report[0]->malicious_links + $response['malicious_link'];
|
182 |
+
|
183 |
+
$mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
|
184 |
+
|
185 |
+
$response=$mo_wpns_scan_handler->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 2);
|
186 |
+
}else{
|
187 |
+
$decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
|
188 |
+
$mo_wpns_files_scanned=$decoded_scan_status->total_files;
|
189 |
+
$decoded_scan_status->files_scanned=0.85*$mo_wpns_files_scanned;
|
190 |
+
$encoded_scan_status=json_encode($decoded_scan_status);
|
191 |
+
update_site_option('mo_wpns_scan_status', $encoded_scan_status);
|
192 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
193 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 3);
|
194 |
+
|
195 |
+
}
|
196 |
+
}
|
197 |
+
|
198 |
+
function mo2f_check_with_repo($scan_config, $repo_file_path,$reportid, $scanverification){
|
199 |
+
$download_status=false;
|
200 |
+
$decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
|
201 |
+
$decoded_scan_configuration->status_download_time=$download_status;
|
202 |
+
$encoded_scan_configuration=json_encode($decoded_scan_configuration);
|
203 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
|
204 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
205 |
+
$response=array();
|
206 |
+
$repo_status = get_site_option('mo2f_repo_status');
|
207 |
+
$repo_key = get_site_option('mo2f_current_repo_key');
|
208 |
+
if($repo_status != 0){
|
209 |
+
$last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
|
210 |
+
if($repo_status == -95){
|
211 |
+
if(!empty($last_report)){
|
212 |
+
$mo2f_malware_db_handler->mo2f_update_net_issue($reportid);
|
213 |
+
}
|
214 |
+
$this->mo2f_end_scan();
|
215 |
+
exit;
|
216 |
+
}else{
|
217 |
+
if(! empty($last_report)){
|
218 |
+
$issue = $last_report[0]->repo_key;
|
219 |
+
if($repo_key == 'core'){
|
220 |
+
$issue.= "WordPress Core Files;";
|
221 |
+
}else{
|
222 |
+
$issue.= $repo_key.";";
|
223 |
+
}
|
224 |
+
$mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
|
225 |
+
}
|
226 |
+
|
227 |
+
$this->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
|
228 |
+
}
|
229 |
+
|
230 |
+
}else{
|
231 |
+
$files_to_scan=$mo2f_malware_db_handler->get_files_for_repo($repo_key);
|
232 |
+
if(empty($files_to_scan)){
|
233 |
+
$this->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
|
234 |
+
}else{
|
235 |
+
$mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
|
236 |
+
$current_time= time();
|
237 |
+
$time_limit= ini_get('max_execution_time');
|
238 |
+
$response=$mo_wpns_scan_handler->scan_with_repo($files_to_scan, $scan_config, $current_time, $time_limit, $reportid, $repo_file_path);
|
239 |
+
|
240 |
+
if($response['scan']){
|
241 |
+
foreach ($response['scan'] as $key => $value) {
|
242 |
+
$mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
|
243 |
+
}
|
244 |
+
}
|
245 |
+
$mo2f_malware_db_handler->update_files_scan_repo($files_to_scan, $response['file_count']);
|
246 |
+
|
247 |
+
$last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
|
248 |
+
$response['file_count']= $last_report[0]->scanned_files;
|
249 |
+
$response['malware_count'] = $last_report[0]->malware_count;
|
250 |
+
$response['repo_issues'] = $last_report[0]->repo_issues + $response['repo_issues'];
|
251 |
+
$response['malicious_link'] = $last_report[0]->malicious_links;
|
252 |
+
|
253 |
+
$mo2f_malware_db_handler->scan_report_complete($reportid, $response['file_count'], $response['malware_count'], $response['repo_issues'], $response['malicious_link']);
|
254 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
255 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, 6);
|
256 |
+
}
|
257 |
+
}
|
258 |
+
}
|
259 |
+
|
260 |
+
function mo2f_end_scan(){
|
261 |
+
$mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
|
262 |
+
$mo2f_malware_db_handler = new MoWpnsDB();
|
263 |
+
$uploads_dir = wp_upload_dir();
|
264 |
+
$uploads_path= $uploads_dir['basedir'];
|
265 |
+
$repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
|
266 |
+
if(is_dir($repo_file_path)){
|
267 |
+
$mo_wpns_scan_handler->remove_dir($repo_file_path);
|
268 |
+
}
|
269 |
+
$decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
|
270 |
+
$decoded_scan_configuration->scan_progress="COMPLETE";
|
271 |
+
$encoded_scan_configuration=json_encode($decoded_scan_configuration);
|
272 |
+
update_site_option("mo_wpns_scan_status",$encoded_scan_configuration);
|
273 |
+
$mo2f_malware_db_handler->delete_files_parts();
|
274 |
+
exit;
|
275 |
+
}
|
276 |
+
|
277 |
+
function mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path){
|
278 |
+
$download_info = get_site_option('mo2f_download_info');
|
279 |
+
$download_done = get_site_option('mo2f_download_done');
|
280 |
+
$Mo_wpns_Scan_Handler_Cron = new Mo_wpns_Scan_Handler_Cron();
|
281 |
+
if(is_dir($repo_file_path)){
|
282 |
+
$Mo_wpns_Scan_Handler_Cron->remove_dir($repo_file_path);
|
283 |
+
}
|
284 |
+
if($download_info['stage'] == 'plugins'){
|
285 |
+
if($download_done < $download_info['plugin_count']){
|
286 |
+
$next_stage = 3;
|
287 |
+
}else{
|
288 |
+
update_site_option('mo2f_download_done',0);
|
289 |
+
$next_stage = 4;
|
290 |
+
}
|
291 |
+
}else if ($download_info['stage'] == 'themes') {
|
292 |
+
if($download_done < $download_info['theme_count']){
|
293 |
+
$next_stage = 4;
|
294 |
+
}else{
|
295 |
+
update_site_option('mo2f_download_done',0);
|
296 |
+
$next_stage = 5;
|
297 |
+
}
|
298 |
+
}else{
|
299 |
+
$next_stage = 7;
|
300 |
+
}
|
301 |
+
|
302 |
+
$response=$Mo_wpns_Scan_Handler_Cron->mo2f_wp_remote_get($scan_config['type_scan'], $reportid, $scanverification, $next_stage);
|
303 |
+
}
|
304 |
+
|
305 |
+
}new mo2f_scanner_parts;
|
handler/mo-error.html
CHANGED
@@ -1,11 +1,11 @@
|
|
1 |
-
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
|
2 |
-
<div>
|
3 |
-
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
|
4 |
-
<div>
|
5 |
-
<div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
|
6 |
-
<div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
|
7 |
-
<div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
|
8 |
-
<div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
|
9 |
-
<h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
|
10 |
-
</div>
|
11 |
</div>
|
1 |
+
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
|
2 |
+
<div>
|
3 |
+
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
|
4 |
+
<div>
|
5 |
+
<div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
|
6 |
+
<div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
|
7 |
+
<div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
|
8 |
+
<div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
|
9 |
+
<h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
|
10 |
+
</div>
|
11 |
</div>
|
handler/mo-waf.php
CHANGED
@@ -1,586 +1,586 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
$dir =dirname(__FILE__);
|
4 |
-
$dir = str_replace('\\', "/", $dir);
|
5 |
-
$sqlInjectionFile = $dir.'/signature/APSQLI.php';
|
6 |
-
$xssFile = $dir.'/signature/APXSS.php';
|
7 |
-
$lfiFile = $dir.'/signature/APLFI.php';
|
8 |
-
$configfilepath = explode('wp-content', $dir);
|
9 |
-
$configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
|
10 |
-
|
11 |
-
$missingFile = 0;
|
12 |
-
|
13 |
-
if(file_exists($configfile))
|
14 |
-
{
|
15 |
-
include_once($configfile);
|
16 |
-
}
|
17 |
-
else
|
18 |
-
{
|
19 |
-
$missingFile = 1;
|
20 |
-
}
|
21 |
-
include_once($sqlInjectionFile);
|
22 |
-
include_once($xssFile);
|
23 |
-
include_once($lfiFile);
|
24 |
-
|
25 |
-
$dir_name = explode('wp-content', $dir);
|
26 |
-
$file = file_get_contents($dir_name[0].'wp-config.php');
|
27 |
-
$content = explode("\n", $file);
|
28 |
-
$len = sizeof($content);
|
29 |
-
$Ismultisite = 0;
|
30 |
-
$dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
|
31 |
-
|
32 |
-
$prefix = 'wp_';
|
33 |
-
|
34 |
-
for($i=0;$i<$len;$i++)
|
35 |
-
{
|
36 |
-
|
37 |
-
if(preg_match("/define/", $content[$i]))
|
38 |
-
{
|
39 |
-
$cont = explode(",", $content[$i]);
|
40 |
-
$string = str_replace(array('define(',' ','\''), '', $cont[0]);
|
41 |
-
switch ($string) {
|
42 |
-
case "DB_NAME":
|
43 |
-
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
44 |
-
$res = preg_replace('/\s/', '', $res);
|
45 |
-
$dbD['DB_NAME'] = $res;
|
46 |
-
break;
|
47 |
-
case 'DB_USER':
|
48 |
-
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
49 |
-
$res = preg_replace('/\s/', '', $res);
|
50 |
-
$dbD['DB_USER'] = $res;
|
51 |
-
break;
|
52 |
-
case "DB_PASSWORD":
|
53 |
-
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
54 |
-
$res = preg_replace('/\s/', '', $res);
|
55 |
-
$dbD['DB_PASSWORD'] = $res;
|
56 |
-
break;
|
57 |
-
case 'DB_HOST':
|
58 |
-
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
59 |
-
$res = preg_replace('/\s/', '', $res);
|
60 |
-
$dbD['DB_HOST'] = $res;
|
61 |
-
break;
|
62 |
-
case "DB_CHARSET":
|
63 |
-
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
64 |
-
$res = preg_replace('/\s/', '', $res);
|
65 |
-
$dbD['DB_CHARSET'] = $res;
|
66 |
-
break;
|
67 |
-
case 'DB_COLLATE':
|
68 |
-
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
69 |
-
$res = preg_replace('/\s/', '', $res);
|
70 |
-
$dbD['DB_COLLATE'] = $res;
|
71 |
-
break;
|
72 |
-
default:
|
73 |
-
|
74 |
-
break;
|
75 |
-
}
|
76 |
-
}
|
77 |
-
if(preg_match('/\$table_prefix/', $content[$i]))
|
78 |
-
{
|
79 |
-
$cont = explode("'", $content[$i]);
|
80 |
-
|
81 |
-
$prefix = $cont['1'];
|
82 |
-
}
|
83 |
-
}
|
84 |
-
|
85 |
-
|
86 |
-
global $dbcon;
|
87 |
-
$dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
|
88 |
-
if(!$dbcon)
|
89 |
-
{
|
90 |
-
echo "database connection error";
|
91 |
-
exit;
|
92 |
-
|
93 |
-
}
|
94 |
-
|
95 |
-
if(mysqli_select_db($dbcon,$dbD['DB_NAME']))
|
96 |
-
{
|
97 |
-
$query = 'SELECT * FROM '.$prefix.'options WHERE `option_name`="WAF";';
|
98 |
-
$results1 = mysqli_query($dbcon,$query);
|
99 |
-
$row = mysqli_fetch_array($results1);
|
100 |
-
if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
|
101 |
-
$ipaddress = '';
|
102 |
-
if (isset($_SERVER['HTTP_CLIENT_IP']))
|
103 |
-
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
|
104 |
-
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
|
105 |
-
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
106 |
-
else if(isset($_SERVER['HTTP_X_FORWARDED']))
|
107 |
-
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
|
108 |
-
else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
|
109 |
-
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
|
110 |
-
else if(isset($_SERVER['HTTP_FORWARDED']))
|
111 |
-
$ipaddress = $_SERVER['HTTP_FORWARDED'];
|
112 |
-
else if(isset($_SERVER['REMOTE_ADDR']))
|
113 |
-
$ipaddress = $_SERVER['REMOTE_ADDR'];
|
114 |
-
else
|
115 |
-
$ipaddress = 'UNKNOWN';
|
116 |
-
|
117 |
-
$query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
|
118 |
-
$results = mysqli_query($dbcon,$query);
|
119 |
-
if($results)
|
120 |
-
{
|
121 |
-
$row = mysqli_fetch_array($results);
|
122 |
-
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
123 |
-
$results = mysqli_query($dbcon,$query);
|
124 |
-
if($results)
|
125 |
-
{
|
126 |
-
$row1 = mysqli_fetch_array($results);
|
127 |
-
if(!is_null($row1['ip_address']))
|
128 |
-
{
|
129 |
-
|
130 |
-
}
|
131 |
-
else if(!is_null($row['ip_address']))
|
132 |
-
{
|
133 |
-
header('HTTP/1.1 403 Forbidden');
|
134 |
-
include_once("mo-block.html");
|
135 |
-
exit;
|
136 |
-
}
|
137 |
-
}
|
138 |
-
else if(!is_null($row['ip_address']))
|
139 |
-
{
|
140 |
-
header('HTTP/1.1 403 Forbidden');
|
141 |
-
include_once("mo-block.html");
|
142 |
-
exit;
|
143 |
-
|
144 |
-
}
|
145 |
-
|
146 |
-
}
|
147 |
-
|
148 |
-
|
149 |
-
$dir_name = dirname(__FILE__);
|
150 |
-
$dir_name1 = explode('wp-content', $dir_name);
|
151 |
-
$dir_name = $dir_name1[0];
|
152 |
-
$filepath = str_replace('\\', '/', $dir_name1[0]);
|
153 |
-
$fileName = $filepath.'/wp-includes/mo-waf-config.php';
|
154 |
-
if($missingFile==1)
|
155 |
-
{
|
156 |
-
if(!file_exists($fileName))
|
157 |
-
{
|
158 |
-
$file = fopen($fileName, "a+");
|
159 |
-
$string = "<?php".PHP_EOL;
|
160 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "SQLInjection";' ;
|
161 |
-
$results = mysqli_query($dbcon,$query);
|
162 |
-
if($results)
|
163 |
-
{
|
164 |
-
$row = mysqli_fetch_array($results);
|
165 |
-
$string .= '$SQL='.$row["option_value"].';'.PHP_EOL;
|
166 |
-
}
|
167 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "XSSAttack";' ;
|
168 |
-
$results = mysqli_query($dbcon,$query);
|
169 |
-
if($results)
|
170 |
-
{
|
171 |
-
$row = mysqli_fetch_array($results);
|
172 |
-
$string .= '$XSS='.$row["option_value"].';'.PHP_EOL;
|
173 |
-
}
|
174 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "RFIAttack";' ;
|
175 |
-
$results = mysqli_query($dbcon,$query);
|
176 |
-
if($results)
|
177 |
-
{
|
178 |
-
$row = mysqli_fetch_array($results);
|
179 |
-
$string .= '$RFI='.$row["option_value"].';'.PHP_EOL;
|
180 |
-
}
|
181 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "LFIAttack";' ;
|
182 |
-
$results = mysqli_query($dbcon,$query);
|
183 |
-
if($results)
|
184 |
-
{
|
185 |
-
$row = mysqli_fetch_array($results);
|
186 |
-
$string .= '$LFI='.$row["option_value"].';'.PHP_EOL;
|
187 |
-
}
|
188 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "RCEAttack";' ;
|
189 |
-
$results = mysqli_query($dbcon,$query);
|
190 |
-
if($results)
|
191 |
-
{
|
192 |
-
$row = mysqli_fetch_array($results);
|
193 |
-
$string .= '$RCE='.$row["option_value"].';'.PHP_EOL;
|
194 |
-
}
|
195 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "Rate_limiting";' ;
|
196 |
-
$results = mysqli_query($dbcon,$query);
|
197 |
-
if($results)
|
198 |
-
{
|
199 |
-
$row = mysqli_fetch_array($results);
|
200 |
-
if($row["option_value"]!='')
|
201 |
-
$string .= '$RateLimiting='.$row["option_value"].';'.PHP_EOL;
|
202 |
-
else
|
203 |
-
$string .= '$RateLimiting=0;'.PHP_EOL;
|
204 |
-
}
|
205 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "Rate_request";' ;
|
206 |
-
$results = mysqli_query($dbcon,$query);
|
207 |
-
if($results)
|
208 |
-
{
|
209 |
-
$row = mysqli_fetch_array($results);
|
210 |
-
if($row["option_value"]!='')
|
211 |
-
$string .= '$RequestsPMin='.$row["option_value"].';'.PHP_EOL;
|
212 |
-
else
|
213 |
-
$string .= '$RequestsPMin=120;'.PHP_EOL;
|
214 |
-
}
|
215 |
-
|
216 |
-
$query = 'select option_value from '.$prefix.'options where option_name = "actionRateL";' ;
|
217 |
-
$results = mysqli_query($dbcon,$query);
|
218 |
-
if($results)
|
219 |
-
{
|
220 |
-
|
221 |
-
$row = mysqli_fetch_array($results);
|
222 |
-
if($row["option_value"] == 1)
|
223 |
-
$string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
|
224 |
-
else
|
225 |
-
$string .= '$actionRateL="BlockIP";'.PHP_EOL;
|
226 |
-
}
|
227 |
-
$string .= '?>'.PHP_EOL;
|
228 |
-
fwrite($file, $string);
|
229 |
-
fclose($file);
|
230 |
-
|
231 |
-
}
|
232 |
-
|
233 |
-
}
|
234 |
-
|
235 |
-
include_once($fileName);
|
236 |
-
if($RateLimiting == 1)
|
237 |
-
{
|
238 |
-
|
239 |
-
|
240 |
-
$time = 60;
|
241 |
-
$reqLimit = $RequestsPMin;
|
242 |
-
$query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
|
243 |
-
$results = mysqli_query($dbcon,$query);
|
244 |
-
|
245 |
-
$query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
|
246 |
-
$results = mysqli_query($dbcon,$query);
|
247 |
-
|
248 |
-
$query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
|
249 |
-
$results = mysqli_query($dbcon,$query);
|
250 |
-
|
251 |
-
if($results)
|
252 |
-
{
|
253 |
-
$row = mysqli_fetch_array($results);
|
254 |
-
if($row['count(*)']>=$reqLimit)
|
255 |
-
{
|
256 |
-
$action = $actionRateL;
|
257 |
-
if($action == 'ThrottleIP')
|
258 |
-
{
|
259 |
-
$query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
|
260 |
-
$results = mysqli_query($dbcon,$query);
|
261 |
-
$results = mysqli_fetch_array($results);
|
262 |
-
$current_time = time();
|
263 |
-
if($current_time>$results['time']+60)
|
264 |
-
{
|
265 |
-
$query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
|
266 |
-
$results = mysqli_query($dbcon,$query);
|
267 |
-
}
|
268 |
-
header('HTTP/1.1 403 Forbidden');
|
269 |
-
include_once("mo-error.html");
|
270 |
-
exit;
|
271 |
-
}
|
272 |
-
else
|
273 |
-
{
|
274 |
-
$query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
|
275 |
-
$results = mysqli_query($dbcon,$query);
|
276 |
-
$results = mysqli_fetch_array($results);
|
277 |
-
$current_time = time();
|
278 |
-
if($current_time>$results['time']+60)
|
279 |
-
{
|
280 |
-
$query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
|
281 |
-
$results = mysqli_query($dbcon,$query);
|
282 |
-
}
|
283 |
-
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
284 |
-
$results = mysqli_query($dbcon,$query);
|
285 |
-
if($results)
|
286 |
-
{
|
287 |
-
$row1 = mysqli_fetch_array($results);
|
288 |
-
if(!is_null($row1['ip_address']))
|
289 |
-
{
|
290 |
-
|
291 |
-
}
|
292 |
-
else
|
293 |
-
{
|
294 |
-
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".time().");";
|
295 |
-
$results = mysqli_query($dbcon,$query);
|
296 |
-
}
|
297 |
-
header('HTTP/1.1 403 Forbidden');
|
298 |
-
include_once("mo-error.html");
|
299 |
-
exit;
|
300 |
-
}
|
301 |
-
}
|
302 |
-
}
|
303 |
-
}
|
304 |
-
|
305 |
-
}
|
306 |
-
|
307 |
-
$attack = array();
|
308 |
-
if($SQL==1)
|
309 |
-
{
|
310 |
-
array_push($attack,"SQL");
|
311 |
-
}
|
312 |
-
if($XSS==1)
|
313 |
-
{
|
314 |
-
array_push($attack,"XSS");
|
315 |
-
}
|
316 |
-
|
317 |
-
if($LFI==1)
|
318 |
-
{
|
319 |
-
array_push($attack,"LFI");
|
320 |
-
}
|
321 |
-
|
322 |
-
|
323 |
-
|
324 |
-
$attackC = $attack;
|
325 |
-
$ParanoiaLevel = 1;
|
326 |
-
$annomalyS = 0;
|
327 |
-
$SQLScore = 0;
|
328 |
-
$XSSScore = 0;
|
329 |
-
$query = 'select option_value from '.$prefix.'options where option_name ="limitAttack";';
|
330 |
-
$results = mysqli_query($dbcon,$query);
|
331 |
-
$rows = mysqli_fetch_array($results);
|
332 |
-
|
333 |
-
$limitAttack = intval($rows['option_value']);
|
334 |
-
|
335 |
-
|
336 |
-
foreach ($attackC as $key1 => $value1) {
|
337 |
-
for($lev=1;$lev<=$ParanoiaLevel;$lev++)
|
338 |
-
{
|
339 |
-
if(isset($regex[$value1][$lev]))
|
340 |
-
{ $ooo = 0;
|
341 |
-
for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
|
342 |
-
{
|
343 |
-
foreach ($_REQUEST as $key => $value) {
|
344 |
-
|
345 |
-
if($regex[$value1][$lev][$i] != "")
|
346 |
-
{
|
347 |
-
if(strpos($regex[$value1][$lev][$i], '/') == false)
|
348 |
-
{
|
349 |
-
if(is_string($value))
|
350 |
-
{
|
351 |
-
if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
|
352 |
-
{
|
353 |
-
|
354 |
-
$scoreValue = 0;
|
355 |
-
|
356 |
-
$annomalyMS = $score[$value1][$lev][$i];
|
357 |
-
if(strcmp($annomalyMS,"CRITICAL")==0)
|
358 |
-
{
|
359 |
-
$scoreValue = 5;
|
360 |
-
}
|
361 |
-
|
362 |
-
elseif(strcmp($annomalyMS,"WARNING")==0)
|
363 |
-
{
|
364 |
-
$scoreValue = 3;
|
365 |
-
}
|
366 |
-
elseif(strcmp($annomalyMS,"ERROR")==0)
|
367 |
-
{
|
368 |
-
$scoreValue = 4;
|
369 |
-
}
|
370 |
-
elseif(strcmp($annomalyMS,"NOTICE")==0)
|
371 |
-
{
|
372 |
-
$scoreValue =2;
|
373 |
-
}
|
374 |
-
|
375 |
-
|
376 |
-
if($value1 == "SQL")
|
377 |
-
{
|
378 |
-
$SQLScore += $scoreValue;
|
379 |
-
}
|
380 |
-
elseif ($value1 == "XSS")
|
381 |
-
{
|
382 |
-
$XSSScore += $scoreValue;
|
383 |
-
}
|
384 |
-
else
|
385 |
-
{
|
386 |
-
$annomalyS += $scoreValue;
|
387 |
-
}
|
388 |
-
|
389 |
-
if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
|
390 |
-
{
|
391 |
-
$value = htmlspecialchars($value);
|
392 |
-
$query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
393 |
-
$results = mysqli_query($dbcon,$query);
|
394 |
-
$query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
|
395 |
-
$results = mysqli_query($dbcon,$query);
|
396 |
-
$rows = mysqli_fetch_array($results);
|
397 |
-
if($rows['count(*)']>$limitAttack)
|
398 |
-
{
|
399 |
-
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
400 |
-
$results = mysqli_query($dbcon,$query);
|
401 |
-
if($results)
|
402 |
-
{
|
403 |
-
$row1 = mysqli_fetch_array($results);
|
404 |
-
if(!is_null($row1['ip_address']))
|
405 |
-
{
|
406 |
-
//IP WHiTELISTED
|
407 |
-
}
|
408 |
-
else
|
409 |
-
{
|
410 |
-
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
|
411 |
-
$results = mysqli_query($dbcon,$query);
|
412 |
-
}
|
413 |
-
}
|
414 |
-
}
|
415 |
-
|
416 |
-
|
417 |
-
header('HTTP/1.1 403 Forbidden');
|
418 |
-
include_once("mo-error.html");
|
419 |
-
exit;
|
420 |
-
}
|
421 |
-
|
422 |
-
}}
|
423 |
-
}
|
424 |
-
else if (strpos($regex[$value1][$lev][$i], '#') == false) {
|
425 |
-
if(is_string($value))
|
426 |
-
{
|
427 |
-
if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
|
428 |
-
{
|
429 |
-
$scoreValue = 0;
|
430 |
-
$annomalyMS = $score[$value1][$lev][$i];
|
431 |
-
if(strcmp($annomalyMS,"CRITICAL")==0)
|
432 |
-
{
|
433 |
-
$scoreValue = 5;
|
434 |
-
}
|
435 |
-
|
436 |
-
elseif(strcmp($annomalyMS,"WARNING")==0)
|
437 |
-
{
|
438 |
-
$scoreValue = 3;
|
439 |
-
}
|
440 |
-
elseif(strcmp($annomalyMS,"ERROR")==0)
|
441 |
-
{
|
442 |
-
$scoreValue = 4;
|
443 |
-
}
|
444 |
-
elseif(strcmp($annomalyMS,"NOTICE")==0)
|
445 |
-
{
|
446 |
-
$scoreValue =2;
|
447 |
-
}
|
448 |
-
|
449 |
-
|
450 |
-
if($value1 == "SQL")
|
451 |
-
{
|
452 |
-
$SQLScore += $scoreValue;
|
453 |
-
}
|
454 |
-
elseif ($value1 == "XSS")
|
455 |
-
{
|
456 |
-
$XSSScore += $scoreValue;
|
457 |
-
}
|
458 |
-
else
|
459 |
-
{
|
460 |
-
$annomalyS += $scoreValue;
|
461 |
-
}
|
462 |
-
|
463 |
-
if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
|
464 |
-
{
|
465 |
-
$value = htmlspecialchars($value);
|
466 |
-
$query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
467 |
-
$results = mysqli_query($dbcon,$query);
|
468 |
-
$query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
|
469 |
-
$results = mysqli_query($dbcon,$query);
|
470 |
-
$rows = mysqli_fetch_array($results);
|
471 |
-
if($rows['count(*)']>$limitAttack)
|
472 |
-
{
|
473 |
-
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
474 |
-
$results = mysqli_query($dbcon,$query);
|
475 |
-
if($results)
|
476 |
-
{
|
477 |
-
$row1 = mysqli_fetch_array($results);
|
478 |
-
if(!is_null($row1['ip_address']))
|
479 |
-
{
|
480 |
-
//IP WHiTELISTED
|
481 |
-
}
|
482 |
-
else
|
483 |
-
{
|
484 |
-
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
|
485 |
-
$results = mysqli_query($dbcon,$query);
|
486 |
-
}
|
487 |
-
}
|
488 |
-
}
|
489 |
-
|
490 |
-
|
491 |
-
header('HTTP/1.1 403 Forbidden');
|
492 |
-
include_once("mo-error.html");
|
493 |
-
exit;
|
494 |
-
}
|
495 |
-
}}
|
496 |
-
}
|
497 |
-
|
498 |
-
elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
|
499 |
-
if(is_string($value))
|
500 |
-
{
|
501 |
-
if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
|
502 |
-
{
|
503 |
-
$scoreValue = 0;
|
504 |
-
$annomalyMS = $score[$value1][$lev][$i];
|
505 |
-
if(strcmp($annomalyMS,"CRITICAL")==0)
|
506 |
-
{
|
507 |
-
$scoreValue = 5;
|
508 |
-
}
|
509 |
-
|
510 |
-
elseif(strcmp($annomalyMS,"WARNING")==0)
|
511 |
-
{
|
512 |
-
$scoreValue = 3;
|
513 |
-
}
|
514 |
-
elseif(strcmp($annomalyMS,"ERROR")==0)
|
515 |
-
{
|
516 |
-
$scoreValue = 4;
|
517 |
-
}
|
518 |
-
elseif(strcmp($annomalyMS,"NOTICE")==0)
|
519 |
-
{
|
520 |
-
$scoreValue =2;
|
521 |
-
}
|
522 |
-
|
523 |
-
|
524 |
-
if($value1 == "SQL")
|
525 |
-
{
|
526 |
-
$SQLScore += $scoreValue;
|
527 |
-
}
|
528 |
-
elseif ($value1 == "XSS")
|
529 |
-
{
|
530 |
-
$XSSScore += $scoreValue;
|
531 |
-
}
|
532 |
-
else
|
533 |
-
{
|
534 |
-
$annomalyS += $scoreValue;
|
535 |
-
}
|
536 |
-
|
537 |
-
if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
|
538 |
-
{
|
539 |
-
$value = htmlspecialchars($value);
|
540 |
-
$query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
541 |
-
$results = mysqli_query($dbcon,$query);
|
542 |
-
$query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
|
543 |
-
$results = mysqli_query($dbcon,$query);
|
544 |
-
$rows = mysqli_fetch_array($results);
|
545 |
-
if($rows['count(*)']>$limitAttack)
|
546 |
-
{
|
547 |
-
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
548 |
-
$results = mysqli_query($dbcon,$query);
|
549 |
-
if($results)
|
550 |
-
{
|
551 |
-
$row1 = mysqli_fetch_array($results);
|
552 |
-
if(!is_null($row1['ip_address']))
|
553 |
-
{
|
554 |
-
//IP WHiTELISTED
|
555 |
-
}
|
556 |
-
else
|
557 |
-
{
|
558 |
-
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
|
559 |
-
$results = mysqli_query($dbcon,$query);
|
560 |
-
}
|
561 |
-
}
|
562 |
-
}
|
563 |
-
|
564 |
-
|
565 |
-
header('HTTP/1.1 403 Forbidden');
|
566 |
-
include_once("mo-error.html");
|
567 |
-
exit;
|
568 |
-
}
|
569 |
-
}
|
570 |
-
}
|
571 |
-
|
572 |
-
}
|
573 |
-
|
574 |
-
}
|
575 |
-
}
|
576 |
-
|
577 |
-
}
|
578 |
-
}
|
579 |
-
|
580 |
-
}
|
581 |
-
}
|
582 |
-
}
|
583 |
-
}
|
584 |
-
|
585 |
-
$dbcon->close();
|
586 |
-
?>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
$dir =dirname(__FILE__);
|
4 |
+
$dir = str_replace('\\', "/", $dir);
|
5 |
+
$sqlInjectionFile = $dir.'/signature/APSQLI.php';
|
6 |
+
$xssFile = $dir.'/signature/APXSS.php';
|
7 |
+
$lfiFile = $dir.'/signature/APLFI.php';
|
8 |
+
$configfilepath = explode('wp-content', $dir);
|
9 |
+
$configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
|
10 |
+
|
11 |
+
$missingFile = 0;
|
12 |
+
|
13 |
+
if(file_exists($configfile))
|
14 |
+
{
|
15 |
+
include_once($configfile);
|
16 |
+
}
|
17 |
+
else
|
18 |
+
{
|
19 |
+
$missingFile = 1;
|
20 |
+
}
|
21 |
+
include_once($sqlInjectionFile);
|
22 |
+
include_once($xssFile);
|
23 |
+
include_once($lfiFile);
|
24 |
+
|
25 |
+
$dir_name = explode('wp-content', $dir);
|
26 |
+
$file = file_get_contents($dir_name[0].'wp-config.php');
|
27 |
+
$content = explode("\n", $file);
|
28 |
+
$len = sizeof($content);
|
29 |
+
$Ismultisite = 0;
|
30 |
+
$dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
|
31 |
+
|
32 |
+
$prefix = 'wp_';
|
33 |
+
|
34 |
+
for($i=0;$i<$len;$i++)
|
35 |
+
{
|
36 |
+
|
37 |
+
if(preg_match("/define/", $content[$i]))
|
38 |
+
{
|
39 |
+
$cont = explode(",", $content[$i]);
|
40 |
+
$string = str_replace(array('define(',' ','\''), '', $cont[0]);
|
41 |
+
switch ($string) {
|
42 |
+
case "DB_NAME":
|
43 |
+
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
44 |
+
$res = preg_replace('/\s/', '', $res);
|
45 |
+
$dbD['DB_NAME'] = $res;
|
46 |
+
break;
|
47 |
+
case 'DB_USER':
|
48 |
+
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
49 |
+
$res = preg_replace('/\s/', '', $res);
|
50 |
+
$dbD['DB_USER'] = $res;
|
51 |
+
break;
|
52 |
+
case "DB_PASSWORD":
|
53 |
+
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
54 |
+
$res = preg_replace('/\s/', '', $res);
|
55 |
+
$dbD['DB_PASSWORD'] = $res;
|
56 |
+
break;
|
57 |
+
case 'DB_HOST':
|
58 |
+
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
59 |
+
$res = preg_replace('/\s/', '', $res);
|
60 |
+
$dbD['DB_HOST'] = $res;
|
61 |
+
break;
|
62 |
+
case "DB_CHARSET":
|
63 |
+
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
64 |
+
$res = preg_replace('/\s/', '', $res);
|
65 |
+
$dbD['DB_CHARSET'] = $res;
|
66 |
+
break;
|
67 |
+
case 'DB_COLLATE':
|
68 |
+
$res = str_replace(array('\'',')',';',' '), '', $cont[1]);
|
69 |
+
$res = preg_replace('/\s/', '', $res);
|
70 |
+
$dbD['DB_COLLATE'] = $res;
|
71 |
+
break;
|
72 |
+
default:
|
73 |
+
|
74 |
+
break;
|
75 |
+
}
|
76 |
+
}
|
77 |
+
if(preg_match('/\$table_prefix/', $content[$i]))
|
78 |
+
{
|
79 |
+
$cont = explode("'", $content[$i]);
|
80 |
+
|
81 |
+
$prefix = $cont['1'];
|
82 |
+
}
|
83 |
+
}
|
84 |
+
|
85 |
+
|
86 |
+
global $dbcon;
|
87 |
+
$dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
|
88 |
+
if(!$dbcon)
|
89 |
+
{
|
90 |
+
echo "database connection error";
|
91 |
+
exit;
|
92 |
+
|
93 |
+
}
|
94 |
+
|
95 |
+
if(mysqli_select_db($dbcon,$dbD['DB_NAME']))
|
96 |
+
{
|
97 |
+
$query = 'SELECT * FROM '.$prefix.'options WHERE `option_name`="WAF";';
|
98 |
+
$results1 = mysqli_query($dbcon,$query);
|
99 |
+
$row = mysqli_fetch_array($results1);
|
100 |
+
if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
|
101 |
+
$ipaddress = '';
|
102 |
+
if (isset($_SERVER['HTTP_CLIENT_IP']))
|
103 |
+
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
|
104 |
+
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
|
105 |
+
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
106 |
+
else if(isset($_SERVER['HTTP_X_FORWARDED']))
|
107 |
+
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
|
108 |
+
else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
|
109 |
+
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
|
110 |
+
else if(isset($_SERVER['HTTP_FORWARDED']))
|
111 |
+
$ipaddress = $_SERVER['HTTP_FORWARDED'];
|
112 |
+
else if(isset($_SERVER['REMOTE_ADDR']))
|
113 |
+
$ipaddress = $_SERVER['REMOTE_ADDR'];
|
114 |
+
else
|
115 |
+
$ipaddress = 'UNKNOWN';
|
116 |
+
|
117 |
+
$query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
|
118 |
+
$results = mysqli_query($dbcon,$query);
|
119 |
+
if($results)
|
120 |
+
{
|
121 |
+
$row = mysqli_fetch_array($results);
|
122 |
+
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
123 |
+
$results = mysqli_query($dbcon,$query);
|
124 |
+
if($results)
|
125 |
+
{
|
126 |
+
$row1 = mysqli_fetch_array($results);
|
127 |
+
if(!is_null($row1['ip_address']))
|
128 |
+
{
|
129 |
+
|
130 |
+
}
|
131 |
+
else if(!is_null($row['ip_address']))
|
132 |
+
{
|
133 |
+
header('HTTP/1.1 403 Forbidden');
|
134 |
+
include_once("mo-block.html");
|
135 |
+
exit;
|
136 |
+
}
|
137 |
+
}
|
138 |
+
else if(!is_null($row['ip_address']))
|
139 |
+
{
|
140 |
+
header('HTTP/1.1 403 Forbidden');
|
141 |
+
include_once("mo-block.html");
|
142 |
+
exit;
|
143 |
+
|
144 |
+
}
|
145 |
+
|
146 |
+
}
|
147 |
+
|
148 |
+
|
149 |
+
$dir_name = dirname(__FILE__);
|
150 |
+
$dir_name1 = explode('wp-content', $dir_name);
|
151 |
+
$dir_name = $dir_name1[0];
|
152 |
+
$filepath = str_replace('\\', '/', $dir_name1[0]);
|
153 |
+
$fileName = $filepath.'/wp-includes/mo-waf-config.php';
|
154 |
+
if($missingFile==1)
|
155 |
+
{
|
156 |
+
if(!file_exists($fileName))
|
157 |
+
{
|
158 |
+
$file = fopen($fileName, "a+");
|
159 |
+
$string = "<?php".PHP_EOL;
|
160 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "SQLInjection";' ;
|
161 |
+
$results = mysqli_query($dbcon,$query);
|
162 |
+
if($results)
|
163 |
+
{
|
164 |
+
$row = mysqli_fetch_array($results);
|
165 |
+
$string .= '$SQL='.$row["option_value"].';'.PHP_EOL;
|
166 |
+
}
|
167 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "XSSAttack";' ;
|
168 |
+
$results = mysqli_query($dbcon,$query);
|
169 |
+
if($results)
|
170 |
+
{
|
171 |
+
$row = mysqli_fetch_array($results);
|
172 |
+
$string .= '$XSS='.$row["option_value"].';'.PHP_EOL;
|
173 |
+
}
|
174 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "RFIAttack";' ;
|
175 |
+
$results = mysqli_query($dbcon,$query);
|
176 |
+
if($results)
|
177 |
+
{
|
178 |
+
$row = mysqli_fetch_array($results);
|
179 |
+
$string .= '$RFI='.$row["option_value"].';'.PHP_EOL;
|
180 |
+
}
|
181 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "LFIAttack";' ;
|
182 |
+
$results = mysqli_query($dbcon,$query);
|
183 |
+
if($results)
|
184 |
+
{
|
185 |
+
$row = mysqli_fetch_array($results);
|
186 |
+
$string .= '$LFI='.$row["option_value"].';'.PHP_EOL;
|
187 |
+
}
|
188 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "RCEAttack";' ;
|
189 |
+
$results = mysqli_query($dbcon,$query);
|
190 |
+
if($results)
|
191 |
+
{
|
192 |
+
$row = mysqli_fetch_array($results);
|
193 |
+
$string .= '$RCE='.$row["option_value"].';'.PHP_EOL;
|
194 |
+
}
|
195 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "Rate_limiting";' ;
|
196 |
+
$results = mysqli_query($dbcon,$query);
|
197 |
+
if($results)
|
198 |
+
{
|
199 |
+
$row = mysqli_fetch_array($results);
|
200 |
+
if($row["option_value"]!='')
|
201 |
+
$string .= '$RateLimiting='.$row["option_value"].';'.PHP_EOL;
|
202 |
+
else
|
203 |
+
$string .= '$RateLimiting=0;'.PHP_EOL;
|
204 |
+
}
|
205 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "Rate_request";' ;
|
206 |
+
$results = mysqli_query($dbcon,$query);
|
207 |
+
if($results)
|
208 |
+
{
|
209 |
+
$row = mysqli_fetch_array($results);
|
210 |
+
if($row["option_value"]!='')
|
211 |
+
$string .= '$RequestsPMin='.$row["option_value"].';'.PHP_EOL;
|
212 |
+
else
|
213 |
+
$string .= '$RequestsPMin=120;'.PHP_EOL;
|
214 |
+
}
|
215 |
+
|
216 |
+
$query = 'select option_value from '.$prefix.'options where option_name = "actionRateL";' ;
|
217 |
+
$results = mysqli_query($dbcon,$query);
|
218 |
+
if($results)
|
219 |
+
{
|
220 |
+
|
221 |
+
$row = mysqli_fetch_array($results);
|
222 |
+
if($row["option_value"] == 1)
|
223 |
+
$string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
|
224 |
+
else
|
225 |
+
$string .= '$actionRateL="BlockIP";'.PHP_EOL;
|
226 |
+
}
|
227 |
+
$string .= '?>'.PHP_EOL;
|
228 |
+
fwrite($file, $string);
|
229 |
+
fclose($file);
|
230 |
+
|
231 |
+
}
|
232 |
+
|
233 |
+
}
|
234 |
+
|
235 |
+
include_once($fileName);
|
236 |
+
if($RateLimiting == 1)
|
237 |
+
{
|
238 |
+
|
239 |
+
|
240 |
+
$time = 60;
|
241 |
+
$reqLimit = $RequestsPMin;
|
242 |
+
$query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
|
243 |
+
$results = mysqli_query($dbcon,$query);
|
244 |
+
|
245 |
+
$query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
|
246 |
+
$results = mysqli_query($dbcon,$query);
|
247 |
+
|
248 |
+
$query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
|
249 |
+
$results = mysqli_query($dbcon,$query);
|
250 |
+
|
251 |
+
if($results)
|
252 |
+
{
|
253 |
+
$row = mysqli_fetch_array($results);
|
254 |
+
if($row['count(*)']>=$reqLimit)
|
255 |
+
{
|
256 |
+
$action = $actionRateL;
|
257 |
+
if($action == 'ThrottleIP')
|
258 |
+
{
|
259 |
+
$query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
|
260 |
+
$results = mysqli_query($dbcon,$query);
|
261 |
+
$results = mysqli_fetch_array($results);
|
262 |
+
$current_time = time();
|
263 |
+
if($current_time>$results['time']+60)
|
264 |
+
{
|
265 |
+
$query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
|
266 |
+
$results = mysqli_query($dbcon,$query);
|
267 |
+
}
|
268 |
+
header('HTTP/1.1 403 Forbidden');
|
269 |
+
include_once("mo-error.html");
|
270 |
+
exit;
|
271 |
+
}
|
272 |
+
else
|
273 |
+
{
|
274 |
+
$query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
|
275 |
+
$results = mysqli_query($dbcon,$query);
|
276 |
+
$results = mysqli_fetch_array($results);
|
277 |
+
$current_time = time();
|
278 |
+
if($current_time>$results['time']+60)
|
279 |
+
{
|
280 |
+
$query = "insert into ".$prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
|
281 |
+
$results = mysqli_query($dbcon,$query);
|
282 |
+
}
|
283 |
+
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
284 |
+
$results = mysqli_query($dbcon,$query);
|
285 |
+
if($results)
|
286 |
+
{
|
287 |
+
$row1 = mysqli_fetch_array($results);
|
288 |
+
if(!is_null($row1['ip_address']))
|
289 |
+
{
|
290 |
+
|
291 |
+
}
|
292 |
+
else
|
293 |
+
{
|
294 |
+
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".time().");";
|
295 |
+
$results = mysqli_query($dbcon,$query);
|
296 |
+
}
|
297 |
+
header('HTTP/1.1 403 Forbidden');
|
298 |
+
include_once("mo-error.html");
|
299 |
+
exit;
|
300 |
+
}
|
301 |
+
}
|
302 |
+
}
|
303 |
+
}
|
304 |
+
|
305 |
+
}
|
306 |
+
|
307 |
+
$attack = array();
|
308 |
+
if($SQL==1)
|
309 |
+
{
|
310 |
+
array_push($attack,"SQL");
|
311 |
+
}
|
312 |
+
if($XSS==1)
|
313 |
+
{
|
314 |
+
array_push($attack,"XSS");
|
315 |
+
}
|
316 |
+
|
317 |
+
if($LFI==1)
|
318 |
+
{
|
319 |
+
array_push($attack,"LFI");
|
320 |
+
}
|
321 |
+
|
322 |
+
|
323 |
+
|
324 |
+
$attackC = $attack;
|
325 |
+
$ParanoiaLevel = 1;
|
326 |
+
$annomalyS = 0;
|
327 |
+
$SQLScore = 0;
|
328 |
+
$XSSScore = 0;
|
329 |
+
$query = 'select option_value from '.$prefix.'options where option_name ="limitAttack";';
|
330 |
+
$results = mysqli_query($dbcon,$query);
|
331 |
+
$rows = mysqli_fetch_array($results);
|
332 |
+
|
333 |
+
$limitAttack = intval($rows['option_value']);
|
334 |
+
|
335 |
+
|
336 |
+
foreach ($attackC as $key1 => $value1) {
|
337 |
+
for($lev=1;$lev<=$ParanoiaLevel;$lev++)
|
338 |
+
{
|
339 |
+
if(isset($regex[$value1][$lev]))
|
340 |
+
{ $ooo = 0;
|
341 |
+
for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
|
342 |
+
{
|
343 |
+
foreach ($_REQUEST as $key => $value) {
|
344 |
+
|
345 |
+
if($regex[$value1][$lev][$i] != "")
|
346 |
+
{
|
347 |
+
if(strpos($regex[$value1][$lev][$i], '/') == false)
|
348 |
+
{
|
349 |
+
if(is_string($value))
|
350 |
+
{
|
351 |
+
if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
|
352 |
+
{
|
353 |
+
|
354 |
+
$scoreValue = 0;
|
355 |
+
|
356 |
+
$annomalyMS = $score[$value1][$lev][$i];
|
357 |
+
if(strcmp($annomalyMS,"CRITICAL")==0)
|
358 |
+
{
|
359 |
+
$scoreValue = 5;
|
360 |
+
}
|
361 |
+
|
362 |
+
elseif(strcmp($annomalyMS,"WARNING")==0)
|
363 |
+
{
|
364 |
+
$scoreValue = 3;
|
365 |
+
}
|
366 |
+
elseif(strcmp($annomalyMS,"ERROR")==0)
|
367 |
+
{
|
368 |
+
$scoreValue = 4;
|
369 |
+
}
|
370 |
+
elseif(strcmp($annomalyMS,"NOTICE")==0)
|
371 |
+
{
|
372 |
+
$scoreValue =2;
|
373 |
+
}
|
374 |
+
|
375 |
+
|
376 |
+
if($value1 == "SQL")
|
377 |
+
{
|
378 |
+
$SQLScore += $scoreValue;
|
379 |
+
}
|
380 |
+
elseif ($value1 == "XSS")
|
381 |
+
{
|
382 |
+
$XSSScore += $scoreValue;
|
383 |
+
}
|
384 |
+
else
|
385 |
+
{
|
386 |
+
$annomalyS += $scoreValue;
|
387 |
+
}
|
388 |
+
|
389 |
+
if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
|
390 |
+
{
|
391 |
+
$value = htmlspecialchars($value);
|
392 |
+
$query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
393 |
+
$results = mysqli_query($dbcon,$query);
|
394 |
+
$query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
|
395 |
+
$results = mysqli_query($dbcon,$query);
|
396 |
+
$rows = mysqli_fetch_array($results);
|
397 |
+
if($rows['count(*)']>$limitAttack)
|
398 |
+
{
|
399 |
+
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
400 |
+
$results = mysqli_query($dbcon,$query);
|
401 |
+
if($results)
|
402 |
+
{
|
403 |
+
$row1 = mysqli_fetch_array($results);
|
404 |
+
if(!is_null($row1['ip_address']))
|
405 |
+
{
|
406 |
+
//IP WHiTELISTED
|
407 |
+
}
|
408 |
+
else
|
409 |
+
{
|
410 |
+
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
|
411 |
+
$results = mysqli_query($dbcon,$query);
|
412 |
+
}
|
413 |
+
}
|
414 |
+
}
|
415 |
+
|
416 |
+
|
417 |
+
header('HTTP/1.1 403 Forbidden');
|
418 |
+
include_once("mo-error.html");
|
419 |
+
exit;
|
420 |
+
}
|
421 |
+
|
422 |
+
}}
|
423 |
+
}
|
424 |
+
else if (strpos($regex[$value1][$lev][$i], '#') == false) {
|
425 |
+
if(is_string($value))
|
426 |
+
{
|
427 |
+
if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
|
428 |
+
{
|
429 |
+
$scoreValue = 0;
|
430 |
+
$annomalyMS = $score[$value1][$lev][$i];
|
431 |
+
if(strcmp($annomalyMS,"CRITICAL")==0)
|
432 |
+
{
|
433 |
+
$scoreValue = 5;
|
434 |
+
}
|
435 |
+
|
436 |
+
elseif(strcmp($annomalyMS,"WARNING")==0)
|
437 |
+
{
|
438 |
+
$scoreValue = 3;
|
439 |
+
}
|
440 |
+
elseif(strcmp($annomalyMS,"ERROR")==0)
|
441 |
+
{
|
442 |
+
$scoreValue = 4;
|
443 |
+
}
|
444 |
+
elseif(strcmp($annomalyMS,"NOTICE")==0)
|
445 |
+
{
|
446 |
+
$scoreValue =2;
|
447 |
+
}
|
448 |
+
|
449 |
+
|
450 |
+
if($value1 == "SQL")
|
451 |
+
{
|
452 |
+
$SQLScore += $scoreValue;
|
453 |
+
}
|
454 |
+
elseif ($value1 == "XSS")
|
455 |
+
{
|
456 |
+
$XSSScore += $scoreValue;
|
457 |
+
}
|
458 |
+
else
|
459 |
+
{
|
460 |
+
$annomalyS += $scoreValue;
|
461 |
+
}
|
462 |
+
|
463 |
+
if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
|
464 |
+
{
|
465 |
+
$value = htmlspecialchars($value);
|
466 |
+
$query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
467 |
+
$results = mysqli_query($dbcon,$query);
|
468 |
+
$query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
|
469 |
+
$results = mysqli_query($dbcon,$query);
|
470 |
+
$rows = mysqli_fetch_array($results);
|
471 |
+
if($rows['count(*)']>$limitAttack)
|
472 |
+
{
|
473 |
+
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
474 |
+
$results = mysqli_query($dbcon,$query);
|
475 |
+
if($results)
|
476 |
+
{
|
477 |
+
$row1 = mysqli_fetch_array($results);
|
478 |
+
if(!is_null($row1['ip_address']))
|
479 |
+
{
|
480 |
+
//IP WHiTELISTED
|
481 |
+
}
|
482 |
+
else
|
483 |
+
{
|
484 |
+
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
|
485 |
+
$results = mysqli_query($dbcon,$query);
|
486 |
+
}
|
487 |
+
}
|
488 |
+
}
|
489 |
+
|
490 |
+
|
491 |
+
header('HTTP/1.1 403 Forbidden');
|
492 |
+
include_once("mo-error.html");
|
493 |
+
exit;
|
494 |
+
}
|
495 |
+
}}
|
496 |
+
}
|
497 |
+
|
498 |
+
elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
|
499 |
+
if(is_string($value))
|
500 |
+
{
|
501 |
+
if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
|
502 |
+
{
|
503 |
+
$scoreValue = 0;
|
504 |
+
$annomalyMS = $score[$value1][$lev][$i];
|
505 |
+
if(strcmp($annomalyMS,"CRITICAL")==0)
|
506 |
+
{
|
507 |
+
$scoreValue = 5;
|
508 |
+
}
|
509 |
+
|
510 |
+
elseif(strcmp($annomalyMS,"WARNING")==0)
|
511 |
+
{
|
512 |
+
$scoreValue = 3;
|
513 |
+
}
|
514 |
+
elseif(strcmp($annomalyMS,"ERROR")==0)
|
515 |
+
{
|
516 |
+
$scoreValue = 4;
|
517 |
+
}
|
518 |
+
elseif(strcmp($annomalyMS,"NOTICE")==0)
|
519 |
+
{
|
520 |
+
$scoreValue =2;
|
521 |
+
}
|
522 |
+
|
523 |
+
|
524 |
+
if($value1 == "SQL")
|
525 |
+
{
|
526 |
+
$SQLScore += $scoreValue;
|
527 |
+
}
|
528 |
+
elseif ($value1 == "XSS")
|
529 |
+
{
|
530 |
+
$XSSScore += $scoreValue;
|
531 |
+
}
|
532 |
+
else
|
533 |
+
{
|
534 |
+
$annomalyS += $scoreValue;
|
535 |
+
}
|
536 |
+
|
537 |
+
if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
|
538 |
+
{
|
539 |
+
$value = htmlspecialchars($value);
|
540 |
+
$query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
|
541 |
+
$results = mysqli_query($dbcon,$query);
|
542 |
+
$query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
|
543 |
+
$results = mysqli_query($dbcon,$query);
|
544 |
+
$rows = mysqli_fetch_array($results);
|
545 |
+
if($rows['count(*)']>$limitAttack)
|
546 |
+
{
|
547 |
+
$query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
|
548 |
+
$results = mysqli_query($dbcon,$query);
|
549 |
+
if($results)
|
550 |
+
{
|
551 |
+
$row1 = mysqli_fetch_array($results);
|
552 |
+
if(!is_null($row1['ip_address']))
|
553 |
+
{
|
554 |
+
//IP WHiTELISTED
|
555 |
+
}
|
556 |
+
else
|
557 |
+
{
|
558 |
+
$query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".time().");";
|
559 |
+
$results = mysqli_query($dbcon,$query);
|
560 |
+
}
|
561 |
+
}
|
562 |
+
}
|
563 |
+
|
564 |
+
|
565 |
+
header('HTTP/1.1 403 Forbidden');
|
566 |
+
include_once("mo-error.html");
|
567 |
+
exit;
|
568 |
+
}
|
569 |
+
}
|
570 |
+
}
|
571 |
+
|
572 |
+
}
|
573 |
+
|
574 |
+
}
|
575 |
+
}
|
576 |
+
|
577 |
+
}
|
578 |
+
}
|
579 |
+
|
580 |
+
}
|
581 |
+
}
|
582 |
+
}
|
583 |
+
}
|
584 |
+
|
585 |
+
$dbcon->close();
|
586 |
+
?>
|
handler/signature/APLFI.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
$regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
|
4 |
-
$score['LFI'][1] = array( 5 , 5, 5, 5 );
|
5 |
?>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
$regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
|
4 |
+
$score['LFI'][1] = array( 5 , 5, 5, 5 );
|
5 |
?>
|
handler/spam.php
CHANGED
@@ -1,42 +1,42 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
class Spam
|
4 |
-
{
|
5 |
-
function __construct()
|
6 |
-
{
|
7 |
-
if(get_option('mo_wpns_enable_comment_spam_blocking') || get_option('mo_wpns_enable_comment_recaptcha'))
|
8 |
-
{
|
9 |
-
add_filter( 'preprocess_comment' , array($this, 'comment_spam_check' ) );
|
10 |
-
add_action( 'comment_form_after_fields' , array($this, 'comment_spam_custom_field' ) );
|
11 |
-
}
|
12 |
-
}
|
13 |
-
|
14 |
-
function comment_spam_check( $comment_data )
|
15 |
-
{
|
16 |
-
if(!is_user_logged_in()){
|
17 |
-
global $moWpnsUtility;
|
18 |
-
if( isset($_POST['mocomment']) && !empty($_POST['mocomment']))
|
19 |
-
wp_die( __( 'You are not authorised to perform this action.'));
|
20 |
-
else if(get_option('mo_wpns_enable_comment_recaptcha'))
|
21 |
-
{
|
22 |
-
if(is_wp_error($moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']))))
|
23 |
-
wp_die( __( 'Invalid captcha. Please verify captcha again.'));
|
24 |
-
}
|
25 |
-
return $comment_data;
|
26 |
-
}
|
27 |
-
else{
|
28 |
-
return $comment_data;
|
29 |
-
}
|
30 |
-
}
|
31 |
-
|
32 |
-
function comment_spam_custom_field()
|
33 |
-
{
|
34 |
-
echo '<input type="hidden" name="mocomment" />';
|
35 |
-
if(get_option('mo_wpns_enable_comment_recaptcha'))
|
36 |
-
{
|
37 |
-
echo '<script src="'.MoWpnsConstants::RECAPTCHA_URL.'"></script>';
|
38 |
-
echo '<div class="g-recaptcha" data-sitekey="'.get_option('mo_wpns_recaptcha_site_key').'"></div>';
|
39 |
-
}
|
40 |
-
}
|
41 |
-
}
|
42 |
new Spam;
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class Spam
|
4 |
+
{
|
5 |
+
function __construct()
|
6 |
+
{
|
7 |
+
if(get_option('mo_wpns_enable_comment_spam_blocking') || get_option('mo_wpns_enable_comment_recaptcha'))
|
8 |
+
{
|
9 |
+
add_filter( 'preprocess_comment' , array($this, 'comment_spam_check' ) );
|
10 |
+
add_action( 'comment_form_after_fields' , array($this, 'comment_spam_custom_field' ) );
|
11 |
+
}
|
12 |
+
}
|
13 |
+
|
14 |
+
function comment_spam_check( $comment_data )
|
15 |
+
{
|
16 |
+
if(!is_user_logged_in()){
|
17 |
+
global $moWpnsUtility;
|
18 |
+
if( isset($_POST['mocomment']) && !empty($_POST['mocomment']))
|
19 |
+
wp_die( __( 'You are not authorised to perform this action.'));
|
20 |
+
else if(get_option('mo_wpns_enable_comment_recaptcha'))
|
21 |
+
{
|
22 |
+
if(is_wp_error($moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']))))
|
23 |
+
wp_die( __( 'Invalid captcha. Please verify captcha again.'));
|
24 |
+
}
|
25 |
+
return $comment_data;
|
26 |
+
}
|
27 |
+
else{
|
28 |
+
return $comment_data;
|
29 |
+
}
|
30 |
+
}
|
31 |
+
|
32 |
+
function comment_spam_custom_field()
|
33 |
+
{
|
34 |
+
echo '<input type="hidden" name="mocomment" />';
|
35 |
+
if(get_option('mo_wpns_enable_comment_recaptcha'))
|
36 |
+
{
|
37 |
+
echo '<script src="'.MoWpnsConstants::RECAPTCHA_URL.'"></script>';
|
38 |
+
echo '<div class="g-recaptcha" data-sitekey="'.get_option('mo_wpns_recaptcha_site_key').'"></div>';
|
39 |
+
}
|
40 |
+
}
|
41 |
+
}
|
42 |
new Spam;
|
handler/twofa/setup_twofa.php
CHANGED
@@ -88,7 +88,9 @@
|
|
88 |
"Authy Authenticator",
|
89 |
"Email Verification",
|
90 |
"OTP Over SMS and Email",
|
91 |
-
"Hardware Token"
|
|
|
|
|
92 |
);
|
93 |
$two_factor_methods_descriptions = array(
|
94 |
""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
|
@@ -102,7 +104,9 @@
|
|
102 |
"Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
|
103 |
"Email Verification" => "Accept the verification link sent to your email to login.",
|
104 |
"OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
|
105 |
-
"Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
|
|
|
|
|
106 |
);
|
107 |
$two_factor_methods_doc = array(
|
108 |
"Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
|
@@ -116,6 +120,8 @@
|
|
116 |
"OTP Over Email" => "",
|
117 |
"OTP Over SMS and Email" => "",
|
118 |
"Hardware Token" => "",
|
|
|
|
|
119 |
"" => ""
|
120 |
);
|
121 |
$two_factor_methods_video = array(
|
@@ -130,6 +136,8 @@
|
|
130 |
"OTP Over Email" => "",
|
131 |
"OTP Over SMS and Email" => "",
|
132 |
"Hardware Token" => "",
|
|
|
|
|
133 |
"" => ""
|
134 |
);
|
135 |
|
@@ -148,7 +156,9 @@
|
|
148 |
"OTP Over SMS",
|
149 |
"OTP Over Email",
|
150 |
"OTP Over SMS and Email",
|
151 |
-
"Hardware Token"
|
|
|
|
|
152 |
);
|
153 |
$two_factor_methods_descriptions = array(
|
154 |
""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
|
@@ -162,7 +172,9 @@
|
|
162 |
"OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
|
163 |
"OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
|
164 |
"OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
|
165 |
-
"Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
|
|
|
|
|
166 |
);
|
167 |
}
|
168 |
|
@@ -329,7 +341,7 @@
|
|
329 |
|
330 |
</span>';
|
331 |
break;
|
332 |
-
case 'Authy Authenticator':
|
333 |
$form .=' <span style="float:right">
|
334 |
<a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
|
335 |
<span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
|
88 |
"Authy Authenticator",
|
89 |
"Email Verification",
|
90 |
"OTP Over SMS and Email",
|
91 |
+
"Hardware Token",
|
92 |
+
"OTP Over Whatsapp",
|
93 |
+
"OTP Over Telegram"
|
94 |
);
|
95 |
$two_factor_methods_descriptions = array(
|
96 |
""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
|
104 |
"Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
|
105 |
"Email Verification" => "Accept the verification link sent to your email to login.",
|
106 |
"OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
|
107 |
+
"Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login.",
|
108 |
+
"OTP Over Whatsapp" => "Enter the One Time Passcode sent to your Whatsapp account to login. This method is supported with twillio",
|
109 |
+
"OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account to login."
|
110 |
);
|
111 |
$two_factor_methods_doc = array(
|
112 |
"Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
|
120 |
"OTP Over Email" => "",
|
121 |
"OTP Over SMS and Email" => "",
|
122 |
"Hardware Token" => "",
|
123 |
+
"OTP Over Whatsapp" => "",
|
124 |
+
"OTP Over Telegram" => "",
|
125 |
"" => ""
|
126 |
);
|
127 |
$two_factor_methods_video = array(
|
136 |
"OTP Over Email" => "",
|
137 |
"OTP Over SMS and Email" => "",
|
138 |
"Hardware Token" => "",
|
139 |
+
"OTP Over Whatsapp" => "",
|
140 |
+
"OTP Over Telegram" => "",
|
141 |
"" => ""
|
142 |
);
|
143 |
|
156 |
"OTP Over SMS",
|
157 |
"OTP Over Email",
|
158 |
"OTP Over SMS and Email",
|
159 |
+
"Hardware Token",
|
160 |
+
"OTP Over Whatsapp",
|
161 |
+
"OTP Over Telegram"
|
162 |
);
|
163 |
$two_factor_methods_descriptions = array(
|
164 |
""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
|
172 |
"OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
|
173 |
"OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
|
174 |
"OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
|
175 |
+
"Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login.",
|
176 |
+
"OTP Over Whatsapp" => "Enter the One Time Passcode sent to your Whatsapp account to login. This method is supported with twillio",
|
177 |
+
"OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account to login."
|
178 |
);
|
179 |
}
|
180 |
|
341 |
|
342 |
</span>';
|
343 |
break;
|
344 |
+
case 'Authy Authenticator':
|
345 |
$form .=' <span style="float:right">
|
346 |
<a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
|
347 |
<span class="dashicons dashicons-text-page" style="font-size:19px;color:#269eb3;float: right;"></span>
|
handler/twofa/two_fa_constants.php
CHANGED
@@ -330,7 +330,9 @@ class Mo2fConstants {
|
|
330 |
case 'ERROR_IN_SENDING_OTP_ONPREM':
|
331 |
Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
|
332 |
break;
|
333 |
-
|
|
|
|
|
334 |
case 'PUSH_NOTIFICATION_SENT':
|
335 |
Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
|
336 |
break;
|
@@ -428,4 +430,3 @@ class Mo2fConstants {
|
|
428 |
}
|
429 |
|
430 |
new Mo2fConstants;
|
431 |
-
?>
|
330 |
case 'ERROR_IN_SENDING_OTP_ONPREM':
|
331 |
Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
|
332 |
break;
|
333 |
+
case 'SMTP_CHECK_FOR_EMAIL_VERIFICATON':
|
334 |
+
Return mo2f_lt('Please set your SMTP to get the email to verify the email at the time of login otherwise you will get logged out');
|
335 |
+
break;
|
336 |
case 'PUSH_NOTIFICATION_SENT':
|
337 |
Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
|
338 |
break;
|
430 |
}
|
431 |
|
432 |
new Mo2fConstants;
|
|
handler/twofa/two_fa_pass2login.php
CHANGED
@@ -1,2656 +1,2849 @@
|
|
1 |
-
<?php
|
2 |
-
/** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
|
3 |
-
* Copyright (C) 2015 miniOrange
|
4 |
-
*
|
5 |
-
* This program is free software: you can redistribute it and/or modify
|
6 |
-
* it under the terms of the GNU General Public License as published by
|
7 |
-
* the Free Software Foundation, either version 3 of the License, or
|
8 |
-
* (at your option) any later version.
|
9 |
-
*
|
10 |
-
* This program is distributed in the hope that it will be useful,
|
11 |
-
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12 |
-
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13 |
-
* GNU General Public License for more details.
|
14 |
-
*
|
15 |
-
* You should have received a copy of the GNU General Public License
|
16 |
-
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
17 |
-
* @package miniOrange OAuth
|
18 |
-
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
|
19 |
-
*/
|
20 |
-
/**
|
21 |
-
* This library is miniOrange Authentication Service.
|
22 |
-
* Contains Request Calls to Customer service.
|
23 |
-
**/
|
24 |
-
|
25 |
-
include 'two_fa_login.php';
|
26 |
-
class Miniorange_Password_2Factor_Login {
|
27 |
-
|
28 |
-
private $mo2f_kbaquestions;
|
29 |
-
private $mo2f_userID;
|
30 |
-
private $mo2f_rbastatus;
|
31 |
-
private $mo2f_transactionid;
|
32 |
-
|
33 |
-
function mo2f_inline_login(){
|
34 |
-
global $moWpnsUtility;
|
35 |
-
$email = sanitize_email( $_POST['email'] );
|
36 |
-
$password = sanitize_text_field( $_POST['password'] );
|
37 |
-
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
38 |
-
$
|
39 |
-
$
|
40 |
-
if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
|
41 |
-
{
|
42 |
-
$login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
|
43 |
-
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
44 |
-
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
45 |
-
return;
|
46 |
-
}
|
47 |
-
$this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
|
48 |
-
}
|
49 |
-
function mo2f_inline_register(){
|
50 |
-
global $moWpnsUtility, $Mo2fdbQueries;
|
51 |
-
$email = sanitize_email($_POST['email']);
|
52 |
-
$company = $_SERVER["SERVER_NAME"];
|
53 |
-
$password = sanitize_text_field($_POST['password']);
|
54 |
-
$confirmPassword = sanitize_text_field($_POST['confirmPassword']);
|
55 |
-
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
56 |
-
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
57 |
-
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
58 |
-
if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
|
59 |
-
{
|
60 |
-
$login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
|
61 |
-
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
62 |
-
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
63 |
-
}
|
64 |
-
if( $password != $confirmPassword )
|
65 |
-
{
|
66 |
-
$login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
|
67 |
-
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
68 |
-
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
69 |
-
}
|
70 |
-
if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
|
71 |
-
|| MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
|
72 |
-
{
|
73 |
-
$login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
|
74 |
-
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
75 |
-
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
76 |
-
}
|
77 |
-
|
78 |
-
update_option( 'mo2f_email', $email );
|
79 |
-
|
80 |
-
update_option( 'mo_wpns_company' , $company );
|
81 |
-
|
82 |
-
update_option( 'mo_wpns_password' , $password );
|
83 |
-
|
84 |
-
$customer = new MocURL();
|
85 |
-
$content = json_decode($customer->check_customer($email), true);
|
86 |
-
$Mo2fdbQueries->insert_user( $user_id );
|
87 |
-
switch ($content['status'])
|
88 |
-
{
|
89 |
-
case 'CUSTOMER_NOT_FOUND':
|
90 |
-
$customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
|
91 |
-
|
92 |
-
if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
|
93 |
-
{
|
94 |
-
$this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
|
95 |
-
$this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
|
96 |
-
}
|
97 |
-
|
98 |
-
break;
|
99 |
-
default:
|
100 |
-
$this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
|
101 |
-
break;
|
102 |
-
}
|
103 |
-
|
104 |
-
}
|
105 |
-
|
106 |
-
function
|
107 |
-
|
108 |
-
|
109 |
-
$
|
110 |
-
|
111 |
-
|
112 |
-
|
113 |
-
|
114 |
-
|
115 |
-
|
116 |
-
|
117 |
-
|
118 |
-
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
123 |
-
|
124 |
-
|
125 |
-
|
126 |
-
{
|
127 |
-
$
|
128 |
-
$
|
129 |
-
$
|
130 |
-
|
131 |
-
|
132 |
-
|
133 |
-
|
134 |
-
|
135 |
-
|
136 |
-
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
|
141 |
-
|
142 |
-
|
143 |
-
|
144 |
-
|
145 |
-
|
146 |
-
'
|
147 |
-
|
148 |
-
|
149 |
-
|
150 |
-
|
151 |
-
|
152 |
-
|
153 |
-
|
154 |
-
|
155 |
-
|
156 |
-
|
157 |
-
|
158 |
-
|
159 |
-
|
160 |
-
|
161 |
-
|
162 |
-
|
163 |
-
|
164 |
-
|
165 |
-
|
166 |
-
|
167 |
-
|
168 |
-
|
169 |
-
|
170 |
-
|
171 |
-
|
172 |
-
$
|
173 |
-
$
|
174 |
-
$
|
175 |
-
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
|
186 |
-
|
187 |
-
|
188 |
-
|
189 |
-
|
190 |
-
|
191 |
-
|
192 |
-
|
193 |
-
|
194 |
-
|
195 |
-
|
196 |
-
|
197 |
-
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
223 |
-
|
224 |
-
$
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
|
239 |
-
|
240 |
-
|
241 |
-
|
242 |
-
|
243 |
-
|
244 |
-
|
245 |
-
|
246 |
-
|
247 |
-
|
248 |
-
|
249 |
-
|
250 |
-
|
251 |
-
|
252 |
-
|
253 |
-
|
254 |
-
|
255 |
-
|
256 |
-
|
257 |
-
|
258 |
-
|
259 |
-
|
260 |
-
|
261 |
-
|
262 |
-
|
263 |
-
|
264 |
-
|
265 |
-
|
266 |
-
|
267 |
-
|
268 |
-
|
269 |
-
|
270 |
-
|
271 |
-
|
272 |
-
|
273 |
-
|
274 |
-
|
275 |
-
|
276 |
-
|
277 |
-
|
278 |
-
|
279 |
-
|
280 |
-
|
281 |
-
|
282 |
-
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
|
288 |
-
|
289 |
-
|
290 |
-
|
291 |
-
|
292 |
-
|
293 |
-
|
294 |
-
|
295 |
-
|
296 |
-
|
297 |
-
|
298 |
-
|
299 |
-
|
300 |
-
|
301 |
-
|
302 |
-
|
303 |
-
|
304 |
-
|
305 |
-
|
306 |
-
|
307 |
-
|
308 |
-
$error
|
309 |
-
|
310 |
-
|
311 |
-
|
312 |
-
|
313 |
-
$
|
314 |
-
$mo2fa_login_message = '';
|
315 |
-
$
|
316 |
-
$
|
317 |
-
$
|
318 |
-
|
319 |
-
|
320 |
-
|
321 |
-
|
322 |
-
|
323 |
-
|
324 |
-
|
325 |
-
|
326 |
-
|
327 |
-
|
328 |
-
|
329 |
-
|
330 |
-
|
331 |
-
|
332 |
-
|
333 |
-
$
|
334 |
-
|
335 |
-
|
336 |
-
|
337 |
-
|
338 |
-
|
339 |
-
|
340 |
-
|
341 |
-
|
342 |
-
|
343 |
-
|
344 |
-
|
345 |
-
|
346 |
-
|
347 |
-
|
348 |
-
|
349 |
-
|
350 |
-
|
351 |
-
|
352 |
-
|
353 |
-
|
354 |
-
|
355 |
-
|
356 |
-
|
357 |
-
|
358 |
-
|
359 |
-
|
360 |
-
|
361 |
-
|
362 |
-
|
363 |
-
|
364 |
-
|
365 |
-
|
366 |
-
|
367 |
-
$
|
368 |
-
|
369 |
-
|
370 |
-
|
371 |
-
|
372 |
-
|
373 |
-
|
374 |
-
|
375 |
-
|
376 |
-
|
377 |
-
|
378 |
-
|
379 |
-
|
380 |
-
|
381 |
-
|
382 |
-
|
383 |
-
|
384 |
-
|
385 |
-
|
386 |
-
|
387 |
-
|
388 |
-
|
389 |
-
|
390 |
-
|
391 |
-
$
|
392 |
-
|
393 |
-
$
|
394 |
-
|
395 |
-
|
396 |
-
$
|
397 |
-
|
398 |
-
|
399 |
-
|
400 |
-
|
401 |
-
|
402 |
-
|
403 |
-
|
404 |
-
|
405 |
-
|
406 |
-
|
407 |
-
|
408 |
-
|
409 |
-
|
410 |
-
|
411 |
-
|
412 |
-
|
413 |
-
|
414 |
-
|
415 |
-
|
416 |
-
|
417 |
-
|
418 |
-
|
419 |
-
|
420 |
-
|
421 |
-
|
422 |
-
|
423 |
-
|
424 |
-
|
425 |
-
|
426 |
-
|
427 |
-
$
|
428 |
-
|
429 |
-
|
430 |
-
|
431 |
-
|
432 |
-
|
433 |
-
$
|
434 |
-
|
435 |
-
|
436 |
-
|
437 |
-
|
438 |
-
|
439 |
-
|
440 |
-
|
441 |
-
|
442 |
-
|
443 |
-
|
444 |
-
|
445 |
-
|
446 |
-
|
447 |
-
|
448 |
-
|
449 |
-
|
450 |
-
|
451 |
-
|
452 |
-
|
453 |
-
|
454 |
-
|
455 |
-
|
456 |
-
|
457 |
-
|
458 |
-
|
459 |
-
|
460 |
-
|
461 |
-
|
462 |
-
|
463 |
-
|
464 |
-
|
465 |
-
|
466 |
-
|
467 |
-
|
468 |
-
$Mo2fdbQueries
|
469 |
-
|
470 |
-
|
471 |
-
|
472 |
-
|
473 |
-
|
474 |
-
|
475 |
-
|
476 |
-
|
477 |
-
|
478 |
-
|
479 |
-
|
480 |
-
|
481 |
-
|
482 |
-
|
483 |
-
|
484 |
-
|
485 |
-
|
486 |
-
|
487 |
-
|
488 |
-
|
489 |
-
|
490 |
-
|
491 |
-
|
492 |
-
|
493 |
-
|
494 |
-
|
495 |
-
|
496 |
-
|
497 |
-
|
498 |
-
|
499 |
-
|
500 |
-
|
501 |
-
|
502 |
-
|
503 |
-
|
504 |
-
|
505 |
-
|
506 |
-
|
507 |
-
|
508 |
-
|
509 |
-
|
510 |
-
$
|
511 |
-
$
|
512 |
-
|
513 |
-
$
|
514 |
-
|
515 |
-
|
516 |
-
|
517 |
-
|
518 |
-
|
519 |
-
|
520 |
-
|
521 |
-
$
|
522 |
-
$
|
523 |
-
$
|
524 |
-
|
525 |
-
$
|
526 |
-
|
527 |
-
$
|
528 |
-
|
529 |
-
|
530 |
-
|
531 |
-
|
532 |
-
|
533 |
-
|
534 |
-
|
535 |
-
|
536 |
-
|
537 |
-
|
538 |
-
|
539 |
-
|
540 |
-
|
541 |
-
|
542 |
-
|
543 |
-
|
544 |
-
|
545 |
-
|
546 |
-
|
547 |
-
$
|
548 |
-
$
|
549 |
-
$
|
550 |
-
$
|
551 |
-
|
552 |
-
$
|
553 |
-
|
554 |
-
|
555 |
-
|
556 |
-
|
557 |
-
|
558 |
-
|
559 |
-
|
560 |
-
|
561 |
-
|
562 |
-
|
563 |
-
|
564 |
-
|
565 |
-
|
566 |
-
|
567 |
-
|
568 |
-
|
569 |
-
|
570 |
-
|
571 |
-
|
572 |
-
|
573 |
-
|
574 |
-
|
575 |
-
|
576 |
-
|
577 |
-
|
578 |
-
|
579 |
-
|
580 |
-
|
581 |
-
|
582 |
-
|
583 |
-
|
584 |
-
|
585 |
-
|
586 |
-
|
587 |
-
|
588 |
-
|
589 |
-
|
590 |
-
|
591 |
-
|
592 |
-
|
593 |
-
|
594 |
-
|
595 |
-
|
596 |
-
|
597 |
-
|
598 |
-
|
599 |
-
|
600 |
-
|
601 |
-
|
602 |
-
|
603 |
-
|
604 |
-
|
605 |
-
|
606 |
-
|
607 |
-
|
608 |
-
|
609 |
-
|
610 |
-
|
611 |
-
|
612 |
-
|
613 |
-
|
614 |
-
|
615 |
-
|
616 |
-
$
|
617 |
-
|
618 |
-
|
619 |
-
|
620 |
-
|
621 |
-
|
622 |
-
|
623 |
-
|
624 |
-
|
625 |
-
|
626 |
-
|
627 |
-
|
628 |
-
|
629 |
-
|
630 |
-
|
631 |
-
|
632 |
-
|
633 |
-
|
634 |
-
|
635 |
-
|
636 |
-
|
637 |
-
|
638 |
-
|
639 |
-
|
640 |
-
|
641 |
-
|
642 |
-
|
643 |
-
|
644 |
-
|
645 |
-
|
646 |
-
|
647 |
-
|
648 |
-
|
649 |
-
|
650 |
-
|
651 |
-
|
652 |
-
|
653 |
-
|
654 |
-
|
655 |
-
|
656 |
-
|
657 |
-
|
658 |
-
|
659 |
-
|
660 |
-
|
661 |
-
|
662 |
-
|
663 |
-
|
664 |
-
|
665 |
-
|
666 |
-
|
667 |
-
|
668 |
-
|
669 |
-
|
670 |
-
|
671 |
-
|
672 |
-
|
673 |
-
|
674 |
-
|
675 |
-
|
676 |
-
|
677 |
-
|
678 |
-
|
679 |
-
|
680 |
-
|
681 |
-
|
682 |
-
|
683 |
-
|
684 |
-
|
685 |
-
|
686 |
-
|
687 |
-
|
688 |
-
|
689 |
-
|
690 |
-
|
691 |
-
|
692 |
-
|
693 |
-
|
694 |
-
|
695 |
-
|
696 |
-
}
|
697 |
-
|
698 |
-
{
|
699 |
-
if(isset($_POST['
|
700 |
-
$nonce = sanitize_text_field($_POST['
|
701 |
-
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-
|
702 |
-
$error = new WP_Error();
|
703 |
-
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
704 |
-
return $error;
|
705 |
-
}
|
706 |
-
|
707 |
-
|
708 |
-
|
709 |
-
|
710 |
-
|
711 |
-
|
712 |
-
|
713 |
-
|
714 |
-
|
715 |
-
|
716 |
-
|
717 |
-
|
718 |
-
|
719 |
-
|
720 |
-
|
721 |
-
|
722 |
-
|
723 |
-
|
724 |
-
|
725 |
-
|
726 |
-
|
727 |
-
|
728 |
-
|
729 |
-
|
730 |
-
|
731 |
-
|
732 |
-
|
733 |
-
|
734 |
-
|
735 |
-
|
736 |
-
|
737 |
-
|
738 |
-
|
739 |
-
|
740 |
-
|
741 |
-
|
742 |
-
|
743 |
-
|
744 |
-
|
745 |
-
|
746 |
-
|
747 |
-
|
748 |
-
|
749 |
-
|
750 |
-
|
751 |
-
|
752 |
-
|
753 |
-
|
754 |
-
|
755 |
-
|
756 |
-
|
757 |
-
|
758 |
-
|
759 |
-
|
760 |
-
|
761 |
-
|
762 |
-
|
763 |
-
|
764 |
-
|
765 |
-
|
766 |
-
|
767 |
-
|
768 |
-
|
769 |
-
|
770 |
-
|
771 |
-
|
772 |
-
|
773 |
-
|
774 |
-
|
775 |
-
|
776 |
-
|
777 |
-
|
778 |
-
|
779 |
-
|
780 |
-
|
781 |
-
|
782 |
-
|
783 |
-
|
784 |
-
|
785 |
-
|
786 |
-
|
787 |
-
|
788 |
-
|
789 |
-
|
790 |
-
|
791 |
-
|
792 |
-
|
793 |
-
|
794 |
-
|
795 |
-
|
796 |
-
|
797 |
-
|
798 |
-
|
799 |
-
|
800 |
-
|
801 |
-
|
802 |
-
|
803 |
-
|
804 |
-
|
805 |
-
|
806 |
-
|
807 |
-
|
808 |
-
|
809 |
-
|
810 |
-
|
811 |
-
|
812 |
-
|
813 |
-
|
814 |
-
|
815 |
-
|
816 |
-
|
817 |
-
|
818 |
-
|
819 |
-
|
820 |
-
|
821 |
-
|
822 |
-
|
823 |
-
|
824 |
-
|
825 |
-
|
826 |
-
|
827 |
-
|
828 |
-
|
829 |
-
|
830 |
-
|
831 |
-
|
832 |
-
|
833 |
-
|
834 |
-
|
835 |
-
|
836 |
-
|
837 |
-
|
838 |
-
|
839 |
-
|
840 |
-
|
841 |
-
|
842 |
-
|
843 |
-
|
844 |
-
|
845 |
-
|
846 |
-
|
847 |
-
|
848 |
-
|
849 |
-
|
850 |
-
|
851 |
-
|
852 |
-
|
853 |
-
|
854 |
-
|
855 |
-
|
856 |
-
|
857 |
-
|
858 |
-
|
859 |
-
|
860 |
-
|
861 |
-
|
862 |
-
|
863 |
-
|
864 |
-
|
865 |
-
|
866 |
-
|
867 |
-
|
868 |
-
|
869 |
-
|
870 |
-
|
871 |
-
|
872 |
-
|
873 |
-
|
874 |
-
|
875 |
-
|
876 |
-
|
877 |
-
|
878 |
-
|
879 |
-
|
880 |
-
|
881 |
-
|
882 |
-
|
883 |
-
|
884 |
-
|
885 |
-
|
886 |
-
|
887 |
-
|
888 |
-
$
|
889 |
-
|
890 |
-
|
891 |
-
|
892 |
-
|
893 |
-
|
894 |
-
|
895 |
-
|
896 |
-
|
897 |
-
|
898 |
-
|
899 |
-
|
900 |
-
|
901 |
-
|
902 |
-
|
903 |
-
|
904 |
-
|
905 |
-
|
906 |
-
|
907 |
-
|
908 |
-
|
909 |
-
|
910 |
-
|
911 |
-
|
912 |
-
|
913 |
-
|
914 |
-
|
915 |
-
|
916 |
-
|
917 |
-
|
918 |
-
|
919 |
-
|
920 |
-
|
921 |
-
|
922 |
-
|
923 |
-
|
924 |
-
|
925 |
-
|
926 |
-
|
927 |
-
|
928 |
-
|
929 |
-
|
930 |
-
|
931 |
-
|
932 |
-
|
933 |
-
|
934 |
-
|
935 |
-
|
936 |
-
|
937 |
-
|
938 |
-
|
939 |
-
|
940 |
-
|
941 |
-
}
|
942 |
-
|
943 |
-
|
944 |
-
|
945 |
-
|
946 |
-
|
947 |
-
|
948 |
-
|
949 |
-
|
950 |
-
|
951 |
-
|
952 |
-
|
953 |
-
|
954 |
-
|
955 |
-
|
956 |
-
|
957 |
-
|
958 |
-
|
959 |
-
|
960 |
-
|
961 |
-
|
962 |
-
|
963 |
-
|
964 |
-
|
965 |
-
|
966 |
-
|
967 |
-
|
968 |
-
|
969 |
-
|
970 |
-
|
971 |
-
|
972 |
-
|
973 |
-
|
974 |
-
|
975 |
-
|
976 |
-
|
977 |
-
|
978 |
-
|
979 |
-
|
980 |
-
|
981 |
-
|
982 |
-
|
983 |
-
|
984 |
-
|
985 |
-
|
986 |
-
|
987 |
-
|
988 |
-
|
989 |
-
|
990 |
-
|
991 |
-
|
992 |
-
|
993 |
-
|
994 |
-
|
995 |
-
|
996 |
-
|
997 |
-
|
998 |
-
|
999 |
-
|
1000 |
-
|
1001 |
-
|
1002 |
-
|
1003 |
-
|
1004 |
-
|
1005 |
-
|
1006 |
-
|
1007 |
-
|
1008 |
-
|
1009 |
-
|
1010 |
-
|
1011 |
-
|
1012 |
-
|
1013 |
-
|
1014 |
-
|
1015 |
-
|
1016 |
-
|
1017 |
-
|
1018 |
-
|
1019 |
-
|
1020 |
-
|
1021 |
-
|
1022 |
-
|
1023 |
-
|
1024 |
-
|
1025 |
-
|
1026 |
-
|
1027 |
-
|
1028 |
-
|
1029 |
-
|
1030 |
-
|
1031 |
-
|
1032 |
-
|
1033 |
-
|
1034 |
-
|
1035 |
-
|
1036 |
-
|
1037 |
-
|
1038 |
-
|
1039 |
-
|
1040 |
-
|
1041 |
-
|
1042 |
-
|
1043 |
-
|
1044 |
-
|
1045 |
-
|
1046 |
-
|
1047 |
-
|
1048 |
-
|
1049 |
-
|
1050 |
-
|
1051 |
-
|
1052 |
-
|
1053 |
-
|
1054 |
-
|
1055 |
-
|
1056 |
-
|
1057 |
-
|
1058 |
-
|
1059 |
-
|
1060 |
-
|
1061 |
-
|
1062 |
-
|
1063 |
-
|
1064 |
-
|
1065 |
-
|
1066 |
-
|
1067 |
-
|
1068 |
-
|
1069 |
-
|
1070 |
-
|
1071 |
-
|
1072 |
-
|
1073 |
-
|
1074 |
-
|
1075 |
-
|
1076 |
-
|
1077 |
-
|
1078 |
-
|
1079 |
-
|
1080 |
-
|
1081 |
-
|
1082 |
-
|
1083 |
-
|
1084 |
-
|
1085 |
-
|
1086 |
-
|
1087 |
-
|
1088 |
-
|
1089 |
-
|
1090 |
-
|
1091 |
-
|
1092 |
-
|
1093 |
-
|
1094 |
-
|
1095 |
-
|
1096 |
-
|
1097 |
-
|
1098 |
-
|
1099 |
-
|
1100 |
-
|
1101 |
-
|
1102 |
-
|
1103 |
-
|
1104 |
-
|
1105 |
-
|
1106 |
-
|
1107 |
-
|
1108 |
-
|
1109 |
-
|
1110 |
-
|
1111 |
-
|
1112 |
-
|
1113 |
-
|
1114 |
-
|
1115 |
-
|
1116 |
-
|
1117 |
-
|
1118 |
-
|
1119 |
-
|
1120 |
-
|
1121 |
-
|
1122 |
-
|
1123 |
-
|
1124 |
-
|
1125 |
-
|
1126 |
-
|
1127 |
-
|
1128 |
-
|
1129 |
-
|
1130 |
-
|
1131 |
-
|
1132 |
-
|
1133 |
-
|
1134 |
-
|
1135 |
-
|
1136 |
-
|
1137 |
-
|
1138 |
-
|
1139 |
-
|
1140 |
-
|
1141 |
-
|
1142 |
-
|
1143 |
-
|
1144 |
-
|
1145 |
-
|
1146 |
-
|
1147 |
-
|
1148 |
-
|
1149 |
-
|
1150 |
-
|
1151 |
-
|
1152 |
-
|
1153 |
-
|
1154 |
-
|
1155 |
-
|
1156 |
-
|
1157 |
-
|
1158 |
-
|
1159 |
-
|
1160 |
-
|
1161 |
-
|
1162 |
-
|
1163 |
-
|
1164 |
-
|
1165 |
-
|
1166 |
-
|
1167 |
-
|
1168 |
-
|
1169 |
-
|
1170 |
-
|
1171 |
-
|
1172 |
-
|
1173 |
-
|
1174 |
-
|
1175 |
-
$
|
1176 |
-
|
1177 |
-
|
1178 |
-
|
1179 |
-
$this->miniorange_pass2login_start_session();
|
1180 |
-
|
1181 |
-
$
|
1182 |
-
|
1183 |
-
|
1184 |
-
|
1185 |
-
|
1186 |
-
|
1187 |
-
|
1188 |
-
|
1189 |
-
|
1190 |
-
|
1191 |
-
|
1192 |
-
|
1193 |
-
|
1194 |
-
|
1195 |
-
|
1196 |
-
|
1197 |
-
|
1198 |
-
|
1199 |
-
|
1200 |
-
|
1201 |
-
|
1202 |
-
|
1203 |
-
|
1204 |
-
|
1205 |
-
|
1206 |
-
|
1207 |
-
|
1208 |
-
|
1209 |
-
|
1210 |
-
|
1211 |
-
|
1212 |
-
|
1213 |
-
|
1214 |
-
|
1215 |
-
|
1216 |
-
|
1217 |
-
|
1218 |
-
|
1219 |
-
|
1220 |
-
|
1221 |
-
|
1222 |
-
|
1223 |
-
|
1224 |
-
|
1225 |
-
|
1226 |
-
|
1227 |
-
|
1228 |
-
|
1229 |
-
|
1230 |
-
|
1231 |
-
|
1232 |
-
|
1233 |
-
|
1234 |
-
|
1235 |
-
|
1236 |
-
|
1237 |
-
|
1238 |
-
|
1239 |
-
|
1240 |
-
|
1241 |
-
|
1242 |
-
|
1243 |
-
|
1244 |
-
|
1245 |
-
|
1246 |
-
|
1247 |
-
|
1248 |
-
|
1249 |
-
|
1250 |
-
|
1251 |
-
|
1252 |
-
|
1253 |
-
|
1254 |
-
|
1255 |
-
|
1256 |
-
|
1257 |
-
|
1258 |
-
|
1259 |
-
|
1260 |
-
|
1261 |
-
|
1262 |
-
|
1263 |
-
|
1264 |
-
|
1265 |
-
|
1266 |
-
|
1267 |
-
|
1268 |
-
|
1269 |
-
|
1270 |
-
|
1271 |
-
|
1272 |
-
|
1273 |
-
|
1274 |
-
|
1275 |
-
|
1276 |
-
|
1277 |
-
|
1278 |
-
|
1279 |
-
|
1280 |
-
|
1281 |
-
|
1282 |
-
|
1283 |
-
|
1284 |
-
|
1285 |
-
|
1286 |
-
|
1287 |
-
|
1288 |
-
|
1289 |
-
|
1290 |
-
|
1291 |
-
|
1292 |
-
|
1293 |
-
|
1294 |
-
|
1295 |
-
|
1296 |
-
|
1297 |
-
|
1298 |
-
|
1299 |
-
|
1300 |
-
|
1301 |
-
|
1302 |
-
|
1303 |
-
|
1304 |
-
|
1305 |
-
|
1306 |
-
$
|
1307 |
-
$
|
1308 |
-
|
1309 |
-
|
1310 |
-
|
1311 |
-
|
1312 |
-
|
1313 |
-
|
1314 |
-
|
1315 |
-
|
1316 |
-
|
1317 |
-
|
1318 |
-
|
1319 |
-
|
1320 |
-
|
1321 |
-
|
1322 |
-
|
1323 |
-
|
1324 |
-
|
1325 |
-
|
1326 |
-
|
1327 |
-
|
1328 |
-
|
1329 |
-
|
1330 |
-
|
1331 |
-
|
1332 |
-
|
1333 |
-
|
1334 |
-
|
1335 |
-
|
1336 |
-
|
1337 |
-
|
1338 |
-
|
1339 |
-
|
1340 |
-
|
1341 |
-
|
1342 |
-
|
1343 |
-
|
1344 |
-
|
1345 |
-
|
1346 |
-
|
1347 |
-
|
1348 |
-
|
1349 |
-
|
1350 |
-
|
1351 |
-
|
1352 |
-
|
1353 |
-
|
1354 |
-
|
1355 |
-
|
1356 |
-
|
1357 |
-
|
1358 |
-
|
1359 |
-
|
1360 |
-
|
1361 |
-
|
1362 |
-
|
1363 |
-
|
1364 |
-
|
1365 |
-
|
1366 |
-
|
1367 |
-
|
1368 |
-
|
1369 |
-
|
1370 |
-
|
1371 |
-
|
1372 |
-
|
1373 |
-
|
1374 |
-
|
1375 |
-
|
1376 |
-
|
1377 |
-
|
1378 |
-
|
1379 |
-
|
1380 |
-
|
1381 |
-
|
1382 |
-
|
1383 |
-
|
1384 |
-
|
1385 |
-
|
1386 |
-
|
1387 |
-
|
1388 |
-
|
1389 |
-
|
1390 |
-
|
1391 |
-
|
1392 |
-
|
1393 |
-
|
1394 |
-
|
1395 |
-
|
1396 |
-
|
1397 |
-
|
1398 |
-
|
1399 |
-
|
1400 |
-
|
1401 |
-
|
1402 |
-
|
1403 |
-
|
1404 |
-
|
1405 |
-
|
1406 |
-
|
1407 |
-
|
1408 |
-
|
1409 |
-
|
1410 |
-
|
1411 |
-
|
1412 |
-
|
1413 |
-
|
1414 |
-
|
1415 |
-
|
1416 |
-
|
1417 |
-
|
1418 |
-
|
1419 |
-
|
1420 |
-
|
1421 |
-
|
1422 |
-
|
1423 |
-
|
1424 |
-
|
1425 |
-
|
1426 |
-
|
1427 |
-
|
1428 |
-
|
1429 |
-
|
1430 |
-
|
1431 |
-
|
1432 |
-
|
1433 |
-
|
1434 |
-
|
1435 |
-
|
1436 |
-
|
1437 |
-
|
1438 |
-
|
1439 |
-
|
1440 |
-
|
1441 |
-
|
1442 |
-
|
1443 |
-
|
1444 |
-
|
1445 |
-
|
1446 |
-
|
1447 |
-
|
1448 |
-
|
1449 |
-
|
1450 |
-
|
1451 |
-
|
1452 |
-
|
1453 |
-
|
1454 |
-
|
1455 |
-
|
1456 |
-
|
1457 |
-
|
1458 |
-
|
1459 |
-
|
1460 |
-
|
1461 |
-
|
1462 |
-
|
1463 |
-
|
1464 |
-
|
1465 |
-
|
1466 |
-
|
1467 |
-
|
1468 |
-
|
1469 |
-
|
1470 |
-
|
1471 |
-
|
1472 |
-
|
1473 |
-
|
1474 |
-
|
1475 |
-
|
1476 |
-
|
1477 |
-
|
1478 |
-
|
1479 |
-
|
1480 |
-
|
1481 |
-
|
1482 |
-
|
1483 |
-
|
1484 |
-
|
1485 |
-
$
|
1486 |
-
|
1487 |
-
|
1488 |
-
|
1489 |
-
|
1490 |
-
|
1491 |
-
|
1492 |
-
|
1493 |
-
|
1494 |
-
|
1495 |
-
|
1496 |
-
|
1497 |
-
|
1498 |
-
|
1499 |
-
|
1500 |
-
|
1501 |
-
|
1502 |
-
|
1503 |
-
|
1504 |
-
|
1505 |
-
|
1506 |
-
|
1507 |
-
|
1508 |
-
|
1509 |
-
|
1510 |
-
|
1511 |
-
|
1512 |
-
|
1513 |
-
|
1514 |
-
|
1515 |
-
|
1516 |
-
|
1517 |
-
|
1518 |
-
|
1519 |
-
|
1520 |
-
|
1521 |
-
|
1522 |
-
|
1523 |
-
|
1524 |
-
|
1525 |
-
|
1526 |
-
|
1527 |
-
|
1528 |
-
|
1529 |
-
|
1530 |
-
|
1531 |
-
|
1532 |
-
|
1533 |
-
|
1534 |
-
|
1535 |
-
|
1536 |
-
|
1537 |
-
|
1538 |
-
|
1539 |
-
|
1540 |
-
|
1541 |
-
|
1542 |
-
|
1543 |
-
|
1544 |
-
|
1545 |
-
|
1546 |
-
|
1547 |
-
|
1548 |
-
|
1549 |
-
|
1550 |
-
|
1551 |
-
|
1552 |
-
|
1553 |
-
|
1554 |
-
|
1555 |
-
|
1556 |
-
|
1557 |
-
|
1558 |
-
|
1559 |
-
|
1560 |
-
|
1561 |
-
|
1562 |
-
|
1563 |
-
|
1564 |
-
|
1565 |
-
|
1566 |
-
|
1567 |
-
|
1568 |
-
|
1569 |
-
|
1570 |
-
|
1571 |
-
|
1572 |
-
|
1573 |
-
|
1574 |
-
|
1575 |
-
|
1576 |
-
|
1577 |
-
|
1578 |
-
|
1579 |
-
|
1580 |
-
|
1581 |
-
|
1582 |
-
|
1583 |
-
|
1584 |
-
|
1585 |
-
|
1586 |
-
|
1587 |
-
|
1588 |
-
|
1589 |
-
|
1590 |
-
|
1591 |
-
|
1592 |
-
|
1593 |
-
|
1594 |
-
|
1595 |
-
|
1596 |
-
|
1597 |
-
|
1598 |
-
|
1599 |
-
|
1600 |
-
|
1601 |
-
|
1602 |
-
|
1603 |
-
|
1604 |
-
|
1605 |
-
|
1606 |
-
|
1607 |
-
|
1608 |
-
|
1609 |
-
|
1610 |
-
|
1611 |
-
|
1612 |
-
|
1613 |
-
|
1614 |
-
|
1615 |
-
|
1616 |
-
|
1617 |
-
$
|
1618 |
-
|
1619 |
-
|
1620 |
-
|
1621 |
-
|
1622 |
-
|
1623 |
-
|
1624 |
-
|
1625 |
-
|
1626 |
-
|
1627 |
-
|
1628 |
-
|
1629 |
-
|
1630 |
-
|
1631 |
-
|
1632 |
-
|
1633 |
-
|
1634 |
-
|
1635 |
-
|
1636 |
-
|
1637 |
-
|
1638 |
-
|
1639 |
-
|
1640 |
-
|
1641 |
-
|
1642 |
-
|
1643 |
-
|
1644 |
-
|
1645 |
-
|
1646 |
-
|
1647 |
-
|
1648 |
-
|
1649 |
-
'
|
1650 |
-
|
1651 |
-
|
1652 |
-
|
1653 |
-
|
1654 |
-
|
1655 |
-
|
1656 |
-
|
1657 |
-
|
1658 |
-
|
1659 |
-
|
1660 |
-
|
1661 |
-
|
1662 |
-
|
1663 |
-
|
1664 |
-
|
1665 |
-
|
1666 |
-
|
1667 |
-
|
1668 |
-
|
1669 |
-
|
1670 |
-
'
|
1671 |
-
|
1672 |
-
|
1673 |
-
|
1674 |
-
|
1675 |
-
|
1676 |
-
|
1677 |
-
|
1678 |
-
|
1679 |
-
|
1680 |
-
|
1681 |
-
|
1682 |
-
|
1683 |
-
|
1684 |
-
|
1685 |
-
|
1686 |
-
|
1687 |
-
|
1688 |
-
|
1689 |
-
|
1690 |
-
|
1691 |
-
|
1692 |
-
|
1693 |
-
|
1694 |
-
|
1695 |
-
|
1696 |
-
|
1697 |
-
|
1698 |
-
|
1699 |
-
|
1700 |
-
|
1701 |
-
|
1702 |
-
|
1703 |
-
|
1704 |
-
|
1705 |
-
|
1706 |
-
|
1707 |
-
|
1708 |
-
|
1709 |
-
|
1710 |
-
|
1711 |
-
|
1712 |
-
|
1713 |
-
|
1714 |
-
|
1715 |
-
|
1716 |
-
|
1717 |
-
|
1718 |
-
|
1719 |
-
|
1720 |
-
|
1721 |
-
|
1722 |
-
|
1723 |
-
|
1724 |
-
|
1725 |
-
|
1726 |
-
|
1727 |
-
|
1728 |
-
|
1729 |
-
|
1730 |
-
|
1731 |
-
|
1732 |
-
|
1733 |
-
|
1734 |
-
|
1735 |
-
|
1736 |
-
|
1737 |
-
|
1738 |
-
|
1739 |
-
$
|
1740 |
-
|
1741 |
-
|
1742 |
-
|
1743 |
-
$
|
1744 |
-
|
1745 |
-
|
1746 |
-
|
1747 |
-
$this->
|
1748 |
-
|
1749 |
-
|
1750 |
-
|
1751 |
-
|
1752 |
-
|
1753 |
-
|
1754 |
-
|
1755 |
-
|
1756 |
-
|
1757 |
-
|
1758 |
-
|
1759 |
-
|
1760 |
-
|
1761 |
-
|
1762 |
-
|
1763 |
-
|
1764 |
-
|
1765 |
-
|
1766 |
-
|
1767 |
-
|
1768 |
-
|
1769 |
-
|
1770 |
-
|
1771 |
-
|
1772 |
-
|
1773 |
-
|
1774 |
-
|
1775 |
-
|
1776 |
-
|
1777 |
-
|
1778 |
-
|
1779 |
-
|
1780 |
-
|
1781 |
-
|
1782 |
-
|
1783 |
-
case '
|
1784 |
-
$
|
1785 |
-
|
1786 |
-
|
1787 |
-
|
1788 |
-
|
1789 |
-
|
1790 |
-
|
1791 |
-
|
1792 |
-
|
1793 |
-
|
1794 |
-
|
1795 |
-
|
1796 |
-
|
1797 |
-
|
1798 |
-
|
1799 |
-
|
1800 |
-
|
1801 |
-
|
1802 |
-
|
1803 |
-
|
1804 |
-
|
1805 |
-
|
1806 |
-
|
1807 |
-
|
1808 |
-
|
1809 |
-
|
1810 |
-
|
1811 |
-
|
1812 |
-
|
1813 |
-
|
1814 |
-
|
1815 |
-
|
1816 |
-
|
1817 |
-
|
1818 |
-
|
1819 |
-
|
1820 |
-
|
1821 |
-
|
1822 |
-
|
1823 |
-
|
1824 |
-
|
1825 |
-
|
1826 |
-
|
1827 |
-
|
1828 |
-
|
1829 |
-
|
1830 |
-
|
1831 |
-
|
1832 |
-
|
1833 |
-
|
1834 |
-
|
1835 |
-
|
1836 |
-
|
1837 |
-
|
1838 |
-
|
1839 |
-
|
1840 |
-
|
1841 |
-
|
1842 |
-
|
1843 |
-
|
1844 |
-
|
1845 |
-
|
1846 |
-
|
1847 |
-
|
1848 |
-
|
1849 |
-
|
1850 |
-
|
1851 |
-
|
1852 |
-
|
1853 |
-
|
1854 |
-
|
1855 |
-
|
1856 |
-
|
1857 |
-
|
1858 |
-
|
1859 |
-
|
1860 |
-
|
1861 |
-
|
1862 |
-
|
1863 |
-
|
1864 |
-
|
1865 |
-
|
1866 |
-
|
1867 |
-
|
1868 |
-
|
1869 |
-
|
1870 |
-
|
1871 |
-
|
1872 |
-
|
1873 |
-
|
1874 |
-
|
1875 |
-
|
1876 |
-
|
1877 |
-
|
1878 |
-
|
1879 |
-
|
1880 |
-
|
1881 |
-
|
1882 |
-
|
1883 |
-
|
1884 |
-
|
1885 |
-
|
1886 |
-
|
1887 |
-
|
1888 |
-
|
1889 |
-
|
1890 |
-
|
1891 |
-
|
1892 |
-
|
1893 |
-
|
1894 |
-
|
1895 |
-
|
1896 |
-
|
1897 |
-
|
1898 |
-
|
1899 |
-
|
1900 |
-
|
1901 |
-
|
1902 |
-
|
1903 |
-
|
1904 |
-
|
1905 |
-
|
1906 |
-
|
1907 |
-
|
1908 |
-
|
1909 |
-
|
1910 |
-
|
1911 |
-
|
1912 |
-
|
1913 |
-
|
1914 |
-
|
1915 |
-
|
1916 |
-
|
1917 |
-
|
1918 |
-
|
1919 |
-
|
1920 |
-
|
1921 |
-
|
1922 |
-
|
1923 |
-
|
1924 |
-
|
1925 |
-
|
1926 |
-
|
1927 |
-
|
1928 |
-
|
1929 |
-
|
1930 |
-
|
1931 |
-
|
1932 |
-
|
1933 |
-
|
1934 |
-
|
1935 |
-
|
1936 |
-
|
1937 |
-
|
1938 |
-
|
1939 |
-
|
1940 |
-
|
1941 |
-
|
1942 |
-
|
1943 |
-
|
1944 |
-
|
1945 |
-
|
1946 |
-
|
1947 |
-
|
1948 |
-
|
1949 |
-
|
1950 |
-
|
1951 |
-
|
1952 |
-
|
1953 |
-
|
1954 |
-
|
1955 |
-
|
1956 |
-
|
1957 |
-
|
1958 |
-
|
1959 |
-
|
1960 |
-
|
1961 |
-
|
1962 |
-
|
1963 |
-
|
1964 |
-
|
1965 |
-
|
1966 |
-
|
1967 |
-
|
1968 |
-
|
1969 |
-
|
1970 |
-
|
1971 |
-
|
1972 |
-
|
1973 |
-
|
1974 |
-
|
1975 |
-
|
1976 |
-
|
1977 |
-
|
1978 |
-
|
1979 |
-
|
1980 |
-
|
1981 |
-
|
1982 |
-
|
1983 |
-
|
1984 |
-
|
1985 |
-
|
1986 |
-
|
1987 |
-
|
1988 |
-
|
1989 |
-
|
1990 |
-
|
1991 |
-
|
1992 |
-
|
1993 |
-
|
1994 |
-
|
1995 |
-
|
1996 |
-
|
1997 |
-
|
1998 |
-
|
1999 |
-
|
2000 |
-
|
2001 |
-
|
2002 |
-
|
2003 |
-
|
2004 |
-
|
2005 |
-
|
2006 |
-
|
2007 |
-
|
2008 |
-
|
2009 |
-
|
2010 |
-
|
2011 |
-
|
2012 |
-
|
2013 |
-
|
2014 |
-
|
2015 |
-
|
2016 |
-
|
2017 |
-
|
2018 |
-
|
2019 |
-
|
2020 |
-
|
2021 |
-
|
2022 |
-
|
2023 |
-
|
2024 |
-
|
2025 |
-
|
2026 |
-
|
2027 |
-
$
|
2028 |
-
$
|
2029 |
-
|
2030 |
-
|
2031 |
-
|
2032 |
-
}
|
2033 |
-
|
2034 |
-
|
2035 |
-
|
2036 |
-
|
2037 |
-
|
2038 |
-
|
2039 |
-
|
2040 |
-
|
2041 |
-
|
2042 |
-
|
2043 |
-
|
2044 |
-
|
2045 |
-
|
2046 |
-
|
2047 |
-
|
2048 |
-
|
2049 |
-
|
2050 |
-
|
2051 |
-
|
2052 |
-
|
2053 |
-
|
2054 |
-
|
2055 |
-
|
2056 |
-
|
2057 |
-
|
2058 |
-
|
2059 |
-
|
2060 |
-
|
2061 |
-
|
2062 |
-
|
2063 |
-
|
2064 |
-
|
2065 |
-
|
2066 |
-
|
2067 |
-
|
2068 |
-
|
2069 |
-
|
2070 |
-
|
2071 |
-
|
2072 |
-
|
2073 |
-
|
2074 |
-
|
2075 |
-
|
2076 |
-
|
2077 |
-
|
2078 |
-
|
2079 |
-
|
2080 |
-
|
2081 |
-
|
2082 |
-
|
2083 |
-
|
2084 |
-
|
2085 |
-
|
2086 |
-
|
2087 |
-
|
2088 |
-
|
2089 |
-
|
2090 |
-
|
2091 |
-
|
2092 |
-
|
2093 |
-
|
2094 |
-
|
2095 |
-
|
2096 |
-
|
2097 |
-
|
2098 |
-
|
2099 |
-
|
2100 |
-
|
2101 |
-
|
2102 |
-
if ( $
|
2103 |
-
|
2104 |
-
|
2105 |
-
|
2106 |
-
|
2107 |
-
|
2108 |
-
|
2109 |
-
|
2110 |
-
|
2111 |
-
|
2112 |
-
|
2113 |
-
|
2114 |
-
|
2115 |
-
|
2116 |
-
|
2117 |
-
|
2118 |
-
|
2119 |
-
|
2120 |
-
|
2121 |
-
|
2122 |
-
|
2123 |
-
|
2124 |
-
|
2125 |
-
|
2126 |
-
|
2127 |
-
|
2128 |
-
|
2129 |
-
|
2130 |
-
|
2131 |
-
|
2132 |
-
|
2133 |
-
|
2134 |
-
|
2135 |
-
|
2136 |
-
|
2137 |
-
|
2138 |
-
|
2139 |
-
|
2140 |
-
|
2141 |
-
|
2142 |
-
|
2143 |
-
|
2144 |
-
|
2145 |
-
|
2146 |
-
|
2147 |
-
|
2148 |
-
|
2149 |
-
|
2150 |
-
|
2151 |
-
|
2152 |
-
|
2153 |
-
|
2154 |
-
|
2155 |
-
|
2156 |
-
|
2157 |
-
|
2158 |
-
|
2159 |
-
|
2160 |
-
|
2161 |
-
|
2162 |
-
|
2163 |
-
|
2164 |
-
|
2165 |
-
|
2166 |
-
|
2167 |
-
|
2168 |
-
|
2169 |
-
|
2170 |
-
|
2171 |
-
|
2172 |
-
|
2173 |
-
|
2174 |
-
|
2175 |
-
|
2176 |
-
|
2177 |
-
|
2178 |
-
|
2179 |
-
}
|
2180 |
-
|
2181 |
-
|
2182 |
-
|
2183 |
-
|
2184 |
-
|
2185 |
-
|
2186 |
-
|
2187 |
-
|
2188 |
-
|
2189 |
-
|
2190 |
-
|
2191 |
-
|
2192 |
-
|
2193 |
-
|
2194 |
-
$
|
2195 |
-
|
2196 |
-
|
2197 |
-
|
2198 |
-
|
2199 |
-
$
|
2200 |
-
$
|
2201 |
-
|
2202 |
-
|
2203 |
-
|
2204 |
-
|
2205 |
-
|
2206 |
-
|
2207 |
-
|
2208 |
-
|
2209 |
-
|
2210 |
-
|
2211 |
-
|
2212 |
-
|
2213 |
-
|
2214 |
-
|
2215 |
-
|
2216 |
-
|
2217 |
-
|
2218 |
-
|
2219 |
-
|
2220 |
-
|
2221 |
-
|
2222 |
-
|
2223 |
-
|
2224 |
-
|
2225 |
-
|
2226 |
-
|
2227 |
-
|
2228 |
-
|
2229 |
-
|
2230 |
-
|
2231 |
-
|
2232 |
-
|
2233 |
-
|
2234 |
-
|
2235 |
-
|
2236 |
-
|
2237 |
-
|
2238 |
-
|
2239 |
-
|
2240 |
-
|
2241 |
-
|
2242 |
-
|
2243 |
-
|
2244 |
-
|
2245 |
-
|
2246 |
-
|
2247 |
-
|
2248 |
-
|
2249 |
-
|
2250 |
-
|
2251 |
-
|
2252 |
-
|
2253 |
-
|
2254 |
-
|
2255 |
-
|
2256 |
-
|
2257 |
-
|
2258 |
-
|
2259 |
-
|
2260 |
-
|
2261 |
-
|
2262 |
-
|
2263 |
-
|
2264 |
-
|
2265 |
-
|
2266 |
-
|
2267 |
-
|
2268 |
-
|
2269 |
-
|
2270 |
-
|
2271 |
-
|
2272 |
-
|
2273 |
-
|
2274 |
-
|
2275 |
-
|
2276 |
-
|
2277 |
-
|
2278 |
-
|
2279 |
-
|
2280 |
-
|
2281 |
-
|
2282 |
-
|
2283 |
-
|
2284 |
-
|
2285 |
-
|
2286 |
-
|
2287 |
-
|
2288 |
-
|
2289 |
-
|
2290 |
-
|
2291 |
-
|
2292 |
-
|
2293 |
-
|
2294 |
-
|
2295 |
-
|
2296 |
-
|
2297 |
-
|
2298 |
-
|
2299 |
-
|
2300 |
-
|
2301 |
-
|
2302 |
-
|
2303 |
-
|
2304 |
-
|
2305 |
-
|
2306 |
-
|
2307 |
-
|
2308 |
-
|
2309 |
-
|
2310 |
-
|
2311 |
-
|
2312 |
-
|
2313 |
-
|
2314 |
-
|
2315 |
-
|
2316 |
-
|
2317 |
-
|
2318 |
-
|
2319 |
-
|
2320 |
-
|
2321 |
-
|
2322 |
-
|
2323 |
-
|
2324 |
-
|
2325 |
-
|
2326 |
-
|
2327 |
-
|
2328 |
-
|
2329 |
-
|
2330 |
-
|
2331 |
-
|
2332 |
-
|
2333 |
-
|
2334 |
-
|
2335 |
-
|
2336 |
-
|
2337 |
-
|
2338 |
-
|
2339 |
-
|
2340 |
-
|
2341 |
-
|
2342 |
-
|
2343 |
-
|
2344 |
-
|
2345 |
-
|
2346 |
-
|
2347 |
-
|
2348 |
-
|
2349 |
-
|
2350 |
-
|
2351 |
-
|
2352 |
-
|
2353 |
-
|
2354 |
-
|
2355 |
-
|
2356 |
-
|
2357 |
-
|
2358 |
-
|
2359 |
-
|
2360 |
-
|
2361 |
-
|
2362 |
-
|
2363 |
-
|
2364 |
-
|
2365 |
-
|
2366 |
-
|
2367 |
-
|
2368 |
-
|
2369 |
-
|
2370 |
-
|
2371 |
-
|
2372 |
-
|
2373 |
-
|
2374 |
-
|
2375 |
-
|
2376 |
-
|
2377 |
-
|
2378 |
-
|
2379 |
-
|
2380 |
-
|
2381 |
-
|
2382 |
-
|
2383 |
-
|
2384 |
-
|
2385 |
-
|
2386 |
-
|
2387 |
-
|
2388 |
-
|
2389 |
-
|
2390 |
-
|
2391 |
-
|
2392 |
-
|
2393 |
-
|
2394 |
-
|
2395 |
-
|
2396 |
-
|
2397 |
-
|
2398 |
-
|
2399 |
-
|
2400 |
-
}
|
2401 |
-
|
2402 |
-
function
|
2403 |
-
|
2404 |
-
|
2405 |
-
|
2406 |
-
$
|
2407 |
-
$
|
2408 |
-
|
2409 |
-
|
2410 |
-
|
2411 |
-
|
2412 |
-
|
2413 |
-
|
2414 |
-
$
|
2415 |
-
|
2416 |
-
|
2417 |
-
|
2418 |
-
|
2419 |
-
|
2420 |
-
|
2421 |
-
|
2422 |
-
|
2423 |
-
|
2424 |
-
|
2425 |
-
|
2426 |
-
|
2427 |
-
|
2428 |
-
|
2429 |
-
|
2430 |
-
|
2431 |
-
|
2432 |
-
|
2433 |
-
|
2434 |
-
if(
|
2435 |
-
$
|
2436 |
-
|
2437 |
-
|
2438 |
-
|
2439 |
-
|
2440 |
-
|
2441 |
-
|
2442 |
-
|
2443 |
-
|
2444 |
-
|
2445 |
-
|
2446 |
-
$
|
2447 |
-
|
2448 |
-
$
|
2449 |
-
$
|
2450 |
-
|
2451 |
-
|
2452 |
-
|
2453 |
-
|
2454 |
-
|
2455 |
-
|
2456 |
-
|
2457 |
-
|
2458 |
-
|
2459 |
-
|
2460 |
-
|
2461 |
-
|
2462 |
-
|
2463 |
-
|
2464 |
-
|
2465 |
-
$
|
2466 |
-
|
2467 |
-
|
2468 |
-
if
|
2469 |
-
|
2470 |
-
|
2471 |
-
|
2472 |
-
|
2473 |
-
|
2474 |
-
|
2475 |
-
|
2476 |
-
|
2477 |
-
|
2478 |
-
|
2479 |
-
$
|
2480 |
-
|
2481 |
-
|
2482 |
-
|
2483 |
-
|
2484 |
-
|
2485 |
-
|
2486 |
-
|
2487 |
-
|
2488 |
-
|
2489 |
-
|
2490 |
-
|
2491 |
-
|
2492 |
-
|
2493 |
-
|
2494 |
-
|
2495 |
-
|
2496 |
-
|
2497 |
-
|
2498 |
-
|
2499 |
-
|
2500 |
-
|
2501 |
-
|
2502 |
-
|
2503 |
-
|
2504 |
-
|
2505 |
-
|
2506 |
-
|
2507 |
-
|
2508 |
-
|
2509 |
-
|
2510 |
-
|
2511 |
-
|
2512 |
-
|
2513 |
-
|
2514 |
-
|
2515 |
-
|
2516 |
-
|
2517 |
-
|
2518 |
-
|
2519 |
-
|
2520 |
-
|
2521 |
-
|
2522 |
-
|
2523 |
-
|
2524 |
-
|
2525 |
-
|
2526 |
-
|
2527 |
-
|
2528 |
-
|
2529 |
-
|
2530 |
-
|
2531 |
-
|
2532 |
-
$
|
2533 |
-
|
2534 |
-
|
2535 |
-
|
2536 |
-
|
2537 |
-
|
2538 |
-
|
2539 |
-
|
2540 |
-
|
2541 |
-
|
2542 |
-
|
2543 |
-
|
2544 |
-
|
2545 |
-
|
2546 |
-
|
2547 |
-
|
2548 |
-
|
2549 |
-
|
2550 |
-
|
2551 |
-
|
2552 |
-
|
2553 |
-
|
2554 |
-
|
2555 |
-
|
2556 |
-
|
2557 |
-
|
2558 |
-
|
2559 |
-
|
2560 |
-
|
2561 |
-
|
2562 |
-
|
2563 |
-
|
2564 |
-
|
2565 |
-
|
2566 |
-
|
2567 |
-
|
2568 |
-
|
2569 |
-
|
2570 |
-
|
2571 |
-
|
2572 |
-
|
2573 |
-
|
2574 |
-
|
2575 |
-
|
2576 |
-
|
2577 |
-
|
2578 |
-
|
2579 |
-
|
2580 |
-
|
2581 |
-
|
2582 |
-
|
2583 |
-
|
2584 |
-
|
2585 |
-
|
2586 |
-
|
2587 |
-
|
2588 |
-
|
2589 |
-
|
2590 |
-
|
2591 |
-
|
2592 |
-
|
2593 |
-
|
2594 |
-
|
2595 |
-
|
2596 |
-
|
2597 |
-
|
2598 |
-
|
2599 |
-
|
2600 |
-
|
2601 |
-
|
2602 |
-
|
2603 |
-
|
2604 |
-
|
2605 |
-
|
2606 |
-
|
2607 |
-
|
2608 |
-
|
2609 |
-
|
2610 |
-
|
2611 |
-
|
2612 |
-
|
2613 |
-
|
2614 |
-
|
2615 |
-
|
2616 |
-
|
2617 |
-
|
2618 |
-
|
2619 |
-
|
2620 |
-
|
2621 |
-
|
2622 |
-
|
2623 |
-
|
2624 |
-
|
2625 |
-
|
2626 |
-
|
2627 |
-
|
2628 |
-
|
2629 |
-
|
2630 |
-
|
2631 |
-
|
2632 |
-
|
2633 |
-
|
2634 |
-
|
2635 |
-
|
2636 |
-
|
2637 |
-
|
2638 |
-
|
2639 |
-
|
2640 |
-
|
2641 |
-
|
2642 |
-
|
2643 |
-
|
2644 |
-
|
2645 |
-
|
2646 |
-
|
2647 |
-
|
2648 |
-
|
2649 |
-
|
2650 |
-
|
2651 |
-
|
2652 |
-
|
2653 |
-
|
2654 |
-
|
2655 |
-
|
2656 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
|
3 |
+
* Copyright (C) 2015 miniOrange
|
4 |
+
*
|
5 |
+
* This program is free software: you can redistribute it and/or modify
|
6 |
+
* it under the terms of the GNU General Public License as published by
|
7 |
+
* the Free Software Foundation, either version 3 of the License, or
|
8 |
+
* (at your option) any later version.
|
9 |
+
*
|
10 |
+
* This program is distributed in the hope that it will be useful,
|
11 |
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12 |
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13 |
+
* GNU General Public License for more details.
|
14 |
+
*
|
15 |
+
* You should have received a copy of the GNU General Public License
|
16 |
+
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
17 |
+
* @package miniOrange OAuth
|
18 |
+
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
|
19 |
+
*/
|
20 |
+
/**
|
21 |
+
* This library is miniOrange Authentication Service.
|
22 |
+
* Contains Request Calls to Customer service.
|
23 |
+
**/
|
24 |
+
|
25 |
+
include 'two_fa_login.php';
|
26 |
+
class Miniorange_Password_2Factor_Login {
|
27 |
+
|
28 |
+
private $mo2f_kbaquestions;
|
29 |
+
private $mo2f_userID;
|
30 |
+
private $mo2f_rbastatus;
|
31 |
+
private $mo2f_transactionid;
|
32 |
+
|
33 |
+
function mo2f_inline_login(){
|
34 |
+
global $moWpnsUtility;
|
35 |
+
$email = sanitize_email( $_POST['email'] );
|
36 |
+
$password = sanitize_text_field( $_POST['password'] );
|
37 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
38 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
39 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
40 |
+
if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
|
41 |
+
{
|
42 |
+
$login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
|
43 |
+
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
44 |
+
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
45 |
+
return;
|
46 |
+
}
|
47 |
+
$this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
|
48 |
+
}
|
49 |
+
function mo2f_inline_register(){
|
50 |
+
global $moWpnsUtility, $Mo2fdbQueries;
|
51 |
+
$email = sanitize_email($_POST['email']);
|
52 |
+
$company = $_SERVER["SERVER_NAME"];
|
53 |
+
$password = sanitize_text_field($_POST['password']);
|
54 |
+
$confirmPassword = sanitize_text_field($_POST['confirmPassword']);
|
55 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
56 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
57 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
58 |
+
if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
|
59 |
+
{
|
60 |
+
$login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
|
61 |
+
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
62 |
+
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
63 |
+
}
|
64 |
+
if( $password != $confirmPassword )
|
65 |
+
{
|
66 |
+
$login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
|
67 |
+
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
68 |
+
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
69 |
+
}
|
70 |
+
if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
|
71 |
+
|| MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
|
72 |
+
{
|
73 |
+
$login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
|
74 |
+
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
75 |
+
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
76 |
+
}
|
77 |
+
|
78 |
+
update_option( 'mo2f_email', $email );
|
79 |
+
|
80 |
+
update_option( 'mo_wpns_company' , $company );
|
81 |
+
|
82 |
+
update_option( 'mo_wpns_password' , $password );
|
83 |
+
|
84 |
+
$customer = new MocURL();
|
85 |
+
$content = json_decode($customer->check_customer($email), true);
|
86 |
+
$Mo2fdbQueries->insert_user( $user_id );
|
87 |
+
switch ($content['status'])
|
88 |
+
{
|
89 |
+
case 'CUSTOMER_NOT_FOUND':
|
90 |
+
$customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
|
91 |
+
|
92 |
+
if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
|
93 |
+
{
|
94 |
+
$this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
|
95 |
+
$this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
|
96 |
+
}
|
97 |
+
|
98 |
+
break;
|
99 |
+
default:
|
100 |
+
$this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
|
101 |
+
break;
|
102 |
+
}
|
103 |
+
|
104 |
+
}
|
105 |
+
|
106 |
+
function mo2f_download_backup_codes_inline(){
|
107 |
+
$nonce = sanitize_text_field($_POST['mo2f_inline_backup_nonce']);
|
108 |
+
$backups= sanitize_text_field($_POST['mo2f_inline_backup_codes']);
|
109 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-backup-nonce' ) ) {
|
110 |
+
$error = new WP_Error();
|
111 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
112 |
+
return $error;
|
113 |
+
} else {
|
114 |
+
$codes=explode(",", $backups);
|
115 |
+
$session_id = sanitize_text_field($_POST['session_id']);
|
116 |
+
$id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id );
|
117 |
+
update_user_meta($id, 'mo_backup_code_downloaded', 1);
|
118 |
+
delete_user_meta($id, 'chqwetcsdvnvd');
|
119 |
+
MO2f_Utility::mo2f_download_backup_codes($id, $codes);
|
120 |
+
}
|
121 |
+
}
|
122 |
+
|
123 |
+
function mo2f_goto_wp_dashboard(){
|
124 |
+
global $Mo2fdbQueries;
|
125 |
+
$nonce = sanitize_text_field($_POST['mo2f_inline_wp_dashboard_nonce']);
|
126 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-wp-dashboard-nonce' ) ) {
|
127 |
+
$error = new WP_Error();
|
128 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
129 |
+
return $error;
|
130 |
+
} else {
|
131 |
+
$pass2fa= new Miniorange_Password_2Factor_Login();
|
132 |
+
$pass2fa->mo2fa_pass2login(esc_url_raw($_POST['redirect_to']),sanitize_text_field($_POST['session_id']));
|
133 |
+
exit;
|
134 |
+
}
|
135 |
+
}
|
136 |
+
|
137 |
+
function mo2f_use_backup_codes($POSTED){
|
138 |
+
$nonce = sanitize_text_field($POSTED['miniorange_backup_nonce']);
|
139 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-backup-nonce' ) ) {
|
140 |
+
$error = new WP_Error();
|
141 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
142 |
+
return $error;
|
143 |
+
}else {
|
144 |
+
$this->miniorange_pass2login_start_session();
|
145 |
+
$session_id_encrypt = isset($POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
|
146 |
+
$currentuser = isset($_SESSION[ 'mo2f_current_user' ]) ? unserialize( $_SESSION[ 'mo2f_current_user' ] ) : null;
|
147 |
+
$redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
|
148 |
+
$mo2fa_login_message = __('Please provide your backup codes.','miniorange-2-factor-authentication');
|
149 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
|
150 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
|
151 |
+
}
|
152 |
+
}
|
153 |
+
|
154 |
+
function check_backup_codes_validation($POSTED){
|
155 |
+
global $Mo2fdbQueries;
|
156 |
+
$nonce = sanitize_text_field($POSTED['miniorange_validate_backup_nonce']);
|
157 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
|
158 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-validate-backup-nonce' ) ) {
|
159 |
+
$error = new WP_Error();
|
160 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
161 |
+
return $error;
|
162 |
+
} else {
|
163 |
+
$this->miniorange_pass2login_start_session();
|
164 |
+
$currentuser_id = isset($_SESSION[ 'mo2f_current_user_id' ]) ? $_SESSION[ 'mo2f_current_user_id' ] : null;
|
165 |
+
$redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
|
166 |
+
if(isset($_SESSION[ 'mo2f_current_user_id' ])){
|
167 |
+
if(MO2f_Utility::mo2f_check_empty_or_null($POSTED[ 'mo2f_backup_code' ]) ){
|
168 |
+
$mo2fa_login_message = __('Please provide backup code.','miniorange-2-factor-authentication');
|
169 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
|
170 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
|
171 |
+
}
|
172 |
+
$backup_codes=get_user_meta($currentuser_id,'mo2f_backup_codes',true);
|
173 |
+
$mo2f_backup_code= sanitize_text_field($POSTED[ 'mo2f_backup_code' ]);
|
174 |
+
$mo2f_backup_code=md5($mo2f_backup_code);
|
175 |
+
if(!empty($backup_codes)){
|
176 |
+
if(in_array($mo2f_backup_code,$backup_codes)){
|
177 |
+
foreach ($backup_codes as $key => $value) {
|
178 |
+
if($value==$mo2f_backup_code){
|
179 |
+
unset($backup_codes[$key]);
|
180 |
+
update_user_meta($currentuser_id,'mo2f_backup_codes', $backup_codes);
|
181 |
+
}
|
182 |
+
}
|
183 |
+
|
184 |
+
if(sizeof($backup_codes) <= 2){
|
185 |
+
$codes_remaining = sizeof($backup_codes);
|
186 |
+
$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser_id );
|
187 |
+
if(empty($mo2f_user_email)){
|
188 |
+
$currentuser = get_user_by( 'id', $currentuser_id );
|
189 |
+
$mo2f_user_email = $currentuser->user_email;
|
190 |
+
}
|
191 |
+
$subject = '2-Factor Authentication(Backup Codes)';
|
192 |
+
$headers = array('Content-Type: text/html; charset=UTF-8');
|
193 |
+
$message = MO2f_Utility::get_codes_warning_email_content($codes_remaining);
|
194 |
+
$result = wp_mail($mo2f_user_email,$subject,$message,$headers);
|
195 |
+
}
|
196 |
+
|
197 |
+
$this->mo2fa_pass2login($redirect_to);
|
198 |
+
}else{
|
199 |
+
$mo2fa_login_message = __('The codes you have provided are either expired or incorrect.','miniorange-2-factor-authentication');
|
200 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
|
201 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
|
202 |
+
}
|
203 |
+
}else{
|
204 |
+
$mo2fa_login_message = __('There are no codes left.','miniorange-2-factor-authentication');
|
205 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
|
206 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
|
207 |
+
}
|
208 |
+
}else{
|
209 |
+
$this->remove_current_activity($session_id_encrypt);
|
210 |
+
return new WP_Error('invalid_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') . '</strong>: ' . __('Please try again..', 'miniorange-2-factor-authentication'));
|
211 |
+
}
|
212 |
+
}
|
213 |
+
}
|
214 |
+
|
215 |
+
function mo2f_create_backup_codes(){
|
216 |
+
$nonce = sanitize_text_field($_POST['miniorange_generate_backup_nonce']);
|
217 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-generate-backup-nonce' ) ) {
|
218 |
+
$error = new WP_Error();
|
219 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
220 |
+
return $error;
|
221 |
+
}else {
|
222 |
+
global $Mo2fdbQueries;
|
223 |
+
|
224 |
+
$redirect_to = esc_url_raw($_POST['redirect_to']);
|
225 |
+
$session_id = sanitize_text_field($_POST['session_id']);
|
226 |
+
|
227 |
+
$id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id );
|
228 |
+
|
229 |
+
$codes=MO2f_Utility::mo_2f_generate_backup_codes();
|
230 |
+
$codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
|
231 |
+
$str1="";
|
232 |
+
for ($x = 0; $x < 5; $x++) {
|
233 |
+
$str = $codes[$x];
|
234 |
+
$str1.=$str;
|
235 |
+
if($x != 4){
|
236 |
+
$str1.=',';
|
237 |
+
}
|
238 |
+
}
|
239 |
+
update_user_meta($id,'mo2f_backup_codes', $codes_hash);
|
240 |
+
$key = get_option( 'mo2f_encryption_key' );
|
241 |
+
$codes_encrypt = MO2f_Utility::encrypt_data($str1, $key);
|
242 |
+
update_user_meta($id,'chqwetcsdvnvd', $codes_encrypt);
|
243 |
+
|
244 |
+
$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
|
245 |
+
if(empty($mo2f_user_email)){
|
246 |
+
$currentuser = get_user_by( 'id', $id );
|
247 |
+
$mo2f_user_email = $currentuser->user_email;
|
248 |
+
}
|
249 |
+
$result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
|
250 |
+
update_user_meta($id, 'mo_backup_code_generated', 1);
|
251 |
+
|
252 |
+
$mo2fa_login_message = "An email containing the backup codes has been sent. Please click on Use backup codes to login using the backup codes.";
|
253 |
+
$mo2fa_login_status = sanitize_text_field($_POST['login_status']);
|
254 |
+
|
255 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
|
256 |
+
}
|
257 |
+
}
|
258 |
+
|
259 |
+
function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
|
260 |
+
{
|
261 |
+
global $Mo2fdbQueries;
|
262 |
+
$customer = new MocURL();
|
263 |
+
|
264 |
+
$content = $customer->get_customer_key($email, $password);
|
265 |
+
$customerKey = json_decode($content, true);
|
266 |
+
if(json_last_error() == JSON_ERROR_NONE)
|
267 |
+
{
|
268 |
+
if(isset($customerKey['phone'])){
|
269 |
+
update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
|
270 |
+
$Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
|
271 |
+
}
|
272 |
+
update_option('mo2f_email',$email);
|
273 |
+
$this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
|
274 |
+
$login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
|
275 |
+
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
276 |
+
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
277 |
+
}
|
278 |
+
else
|
279 |
+
{
|
280 |
+
$Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
|
281 |
+
$login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
|
282 |
+
$login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
|
283 |
+
$this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
|
284 |
+
}
|
285 |
+
}
|
286 |
+
|
287 |
+
function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
|
288 |
+
{
|
289 |
+
global $Mo2fdbQueries;
|
290 |
+
update_option( 'mo2f_customerKey' , $id );
|
291 |
+
update_option( 'mo2f_api_key' , $apiKey );
|
292 |
+
update_option( 'mo2f_customer_token' , $token );
|
293 |
+
update_option( 'mo2f_app_secret' , $appSecret );
|
294 |
+
update_option( 'mo_wpns_enable_log_requests' , true );
|
295 |
+
update_option( 'mo2f_miniorange_admin', $id );
|
296 |
+
update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
|
297 |
+
update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
|
298 |
+
$Mo2fdbQueries->update_user_details( $user_id, array(
|
299 |
+
'mo2f_user_email' =>$email
|
300 |
+
) );
|
301 |
+
}
|
302 |
+
function mo2f_inline_validate_otp(){
|
303 |
+
if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
|
304 |
+
$nonce = sanitize_text_field($_POST['miniorange_inline_validate_otp_nonce']);
|
305 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
|
306 |
+
$error = new WP_Error();
|
307 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
308 |
+
return $error;
|
309 |
+
} else {
|
310 |
+
global $Mo2fdbQueries;
|
311 |
+
$this->miniorange_pass2login_start_session();
|
312 |
+
$otp_token = '';
|
313 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
314 |
+
$mo2fa_login_message = '';
|
315 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
316 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
317 |
+
if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
|
318 |
+
$mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
|
319 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
320 |
+
} else{
|
321 |
+
$otp_token = sanitize_text_field( $_POST['otp_token'] );
|
322 |
+
}
|
323 |
+
|
324 |
+
|
325 |
+
$current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
326 |
+
|
327 |
+
$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
|
328 |
+
$user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
|
329 |
+
$customer = new Customer_Setup();
|
330 |
+
$content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
|
331 |
+
if($content['status'] == 'ERROR'){
|
332 |
+
$mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
|
333 |
+
}else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
|
334 |
+
$phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
|
335 |
+
if($user_phone && strlen($user_phone) >= 4){
|
336 |
+
if($phone != $user_phone ){
|
337 |
+
|
338 |
+
$Mo2fdbQueries->update_user_details( $current_user, array(
|
339 |
+
'mobile_registration_status' =>false
|
340 |
+
) );
|
341 |
+
}
|
342 |
+
}
|
343 |
+
|
344 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
|
345 |
+
if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
|
346 |
+
$Mo2fdbQueries->update_user_details( $current_user, array(
|
347 |
+
'mo2f_OTPOverSMS_config_status' =>true,
|
348 |
+
'mo2f_user_phone' =>$phone
|
349 |
+
) );
|
350 |
+
}else{
|
351 |
+
$Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
|
352 |
+
|
353 |
+
}
|
354 |
+
// unset($_SESSION[ 'mo2f_phone']);
|
355 |
+
// if(MO2F_IS_ONPREM)
|
356 |
+
// update_user_meta($current_user,'currentMethod','OTP Over SMS'); ///current_user = current_user_id
|
357 |
+
// else
|
358 |
+
// {
|
359 |
+
$Mo2fdbQueries->update_user_details($current_user, array(
|
360 |
+
"mo2f_configured_2FA_method" => 'OTP Over SMS',
|
361 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
|
362 |
+
) );
|
363 |
+
$TwoF_setup = new Two_Factor_Setup();
|
364 |
+
$response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
|
365 |
+
|
366 |
+
// }
|
367 |
+
$mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
|
368 |
+
|
369 |
+
}else{ // OTP Validation failed.
|
370 |
+
$mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
|
371 |
+
}
|
372 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
373 |
+
}
|
374 |
+
}
|
375 |
+
|
376 |
+
}
|
377 |
+
function mo2f_inline_send_otp(){
|
378 |
+
if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
|
379 |
+
$nonce = sanitize_text_field($_POST['miniorange_inline_verify_phone_nonce']);
|
380 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
|
381 |
+
$error = new WP_Error();
|
382 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
383 |
+
return $error;
|
384 |
+
} else {
|
385 |
+
global $Mo2fdbQueries;
|
386 |
+
$this->miniorange_pass2login_start_session();
|
387 |
+
$phone = sanitize_text_field( $_POST['verify_phone'] );
|
388 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
389 |
+
$current_user = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
390 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
391 |
+
$customer = new Customer_Setup();
|
392 |
+
$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
|
393 |
+
$parameters = array();
|
394 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
|
395 |
+
|
396 |
+
$mo2fa_login_message = '';
|
397 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
398 |
+
if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
|
399 |
+
$phone = sanitize_text_field( $_POST['verify_phone'] );
|
400 |
+
|
401 |
+
if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
|
402 |
+
$mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
|
403 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
404 |
+
}
|
405 |
+
$phone = str_replace(' ', '', $phone);
|
406 |
+
// $_SESSION['mo2f_phone'] = $phone;
|
407 |
+
update_user_meta($current_user,'mo2f_user_phone',$phone);
|
408 |
+
}
|
409 |
+
if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
|
410 |
+
$currentMethod = "SMS";
|
411 |
+
}else if($selected_2factor_method == 'SMS AND EMAIL'){
|
412 |
+
$currentMethod = "OTP_OVER_SMS_AND_EMAIL";
|
413 |
+
$parameters = array("phone" => $phone, "email" => $email);
|
414 |
+
}else if($selected_2factor_method == 'PHONE VERIFICATION'){
|
415 |
+
$currentMethod = "PHONE_VERIFICATION";
|
416 |
+
}else if($selected_2factor_method == 'OTP OVER EMAIL'){
|
417 |
+
$currentMethod = "OTP_OVER_EMAIL";
|
418 |
+
$parameters = $email;
|
419 |
+
}
|
420 |
+
if($selected_2factor_method == 'SMS AND EMAIL'){
|
421 |
+
$content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
|
422 |
+
}
|
423 |
+
else if($selected_2factor_method == 'OTP OVER EMAIL'){
|
424 |
+
$content = json_decode($customer->send_otp_token($email,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
|
425 |
+
}
|
426 |
+
else{
|
427 |
+
$content = json_decode($customer->send_otp_token($phone,$currentMethod,get_site_option( 'mo2f_customerKey'),get_site_option( 'mo2f_api_key')), true);
|
428 |
+
|
429 |
+
}
|
430 |
+
if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
|
431 |
+
if($content['status'] == 'ERROR'){
|
432 |
+
$mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
|
433 |
+
}else if($content['status'] == 'SUCCESS'){
|
434 |
+
// $_SESSION[ 'mo2f_transactionId' ] = $content['txId'];
|
435 |
+
update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
|
436 |
+
if($selected_2factor_method == 'SMS'){
|
437 |
+
if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')>0)
|
438 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
|
439 |
+
$mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
|
440 |
+
}else if($selected_2factor_method == 'SMS AND EMAIL'){
|
441 |
+
$mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
|
442 |
+
}else if($selected_2factor_method == 'OTP OVER EMAIL'){
|
443 |
+
$mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
|
444 |
+
}else if($selected_2factor_method== 'PHONE VERIFICATION'){
|
445 |
+
$mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
|
446 |
+
}
|
447 |
+
}else if($content['status'] == 'FAILED'){
|
448 |
+
$mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
|
449 |
+
}else{
|
450 |
+
$mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
|
451 |
+
}
|
452 |
+
}else{
|
453 |
+
$mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
|
454 |
+
}
|
455 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
456 |
+
}
|
457 |
+
}
|
458 |
+
|
459 |
+
}
|
460 |
+
function mo2f_inline_validate_kba(){
|
461 |
+
if(isset($_POST['mo2f_inline_save_kba_nonce'])){
|
462 |
+
$nonce = sanitize_text_field($_POST['mo2f_inline_save_kba_nonce']);
|
463 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
|
464 |
+
$error = new WP_Error();
|
465 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
466 |
+
return $error;
|
467 |
+
} else {
|
468 |
+
global $Mo2fdbQueries;
|
469 |
+
$this->miniorange_pass2login_start_session();
|
470 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
471 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
472 |
+
$mo2fa_login_message = '';
|
473 |
+
$mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
474 |
+
$temp_array = array(sanitize_text_field($_POST['mo2f_kbaquestion_1']),sanitize_text_field($_POST['mo2f_kbaquestion_2']),sanitize_text_field($_POST['mo2f_kbaquestion_3']));
|
475 |
+
$kba_questions = array();
|
476 |
+
foreach($temp_array as $question){
|
477 |
+
if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
|
478 |
+
$mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
|
479 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
480 |
+
}else{
|
481 |
+
$ques = sanitize_text_field($question);
|
482 |
+
$ques = addcslashes(stripslashes($ques), '"\\');
|
483 |
+
array_push($kba_questions, $ques);
|
484 |
+
}
|
485 |
+
}
|
486 |
+
if(!(array_unique($kba_questions) == $kba_questions)){
|
487 |
+
$mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
|
488 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
489 |
+
}
|
490 |
+
$temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
|
491 |
+
$kba_answers = array();
|
492 |
+
foreach($temp_array_ans as $answer){
|
493 |
+
if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
|
494 |
+
$mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
|
495 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
496 |
+
}else{
|
497 |
+
$ques = sanitize_text_field($answer);
|
498 |
+
$answer = strtolower($answer);
|
499 |
+
array_push($kba_answers, $answer);
|
500 |
+
}
|
501 |
+
}
|
502 |
+
$size = sizeof($kba_questions);
|
503 |
+
$kba_q_a_list = array();
|
504 |
+
for($c = 0; $c < $size; $c++){
|
505 |
+
array_push($kba_q_a_list, $kba_questions[$c]);
|
506 |
+
array_push($kba_q_a_list, $kba_answers[$c]);
|
507 |
+
}
|
508 |
+
|
509 |
+
|
510 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
511 |
+
$current_user = get_user_by('id',$user_id);
|
512 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
|
513 |
+
$mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
|
514 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array(
|
515 |
+
'mo2f_SecurityQuestions_config_status' =>true,
|
516 |
+
'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
|
517 |
+
) );
|
518 |
+
if(!MO2F_IS_ONPREM)
|
519 |
+
{
|
520 |
+
$kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
|
521 |
+
$kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
|
522 |
+
$kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
|
523 |
+
$kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
|
524 |
+
$kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
|
525 |
+
$kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
|
526 |
+
|
527 |
+
$kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
|
528 |
+
$kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
|
529 |
+
$kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
|
530 |
+
|
531 |
+
$kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
|
532 |
+
$kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
|
533 |
+
$kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
|
534 |
+
|
535 |
+
$kba_registration = new Two_Factor_Setup();
|
536 |
+
$kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
|
537 |
+
|
538 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
539 |
+
|
540 |
+
if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
|
541 |
+
$response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
|
542 |
+
}
|
543 |
+
|
544 |
+
}
|
545 |
+
}
|
546 |
+
|
547 |
+
$kba_q1 = $kba_q_a_list[0];
|
548 |
+
$kba_a1 = md5($kba_q_a_list[1]);
|
549 |
+
$kba_q2 = $kba_q_a_list[2];
|
550 |
+
$kba_a2 = md5($kba_q_a_list[3]);
|
551 |
+
$kba_q3 = $kba_q_a_list[4];
|
552 |
+
$kba_a3 = md5($kba_q_a_list[5]);
|
553 |
+
$question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
|
554 |
+
update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
|
555 |
+
if(!isset($_POST['mo2f_inline_kba_status'])){
|
556 |
+
update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
|
557 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
|
558 |
+
// update_user_meta($current_user->ID, 'currentMethod','Security Questions');
|
559 |
+
}
|
560 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
561 |
+
}
|
562 |
+
}
|
563 |
+
}
|
564 |
+
|
565 |
+
function mo2f_inline_validate_mobile_authentication(){
|
566 |
+
if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
|
567 |
+
$nonce = sanitize_text_field($_POST['mo_auth_inline_mobile_registration_complete_nonce']);
|
568 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
|
569 |
+
$error = new WP_Error();
|
570 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
571 |
+
return $error;
|
572 |
+
} else {
|
573 |
+
global $Mo2fdbQueries;
|
574 |
+
$this->miniorange_pass2login_start_session();
|
575 |
+
// unset($_SESSION[ 'mo2f-login-qrCode' ]);
|
576 |
+
// unset($_SESSION[ 'mo2f-login-transactionId' ]);
|
577 |
+
// unset($_SESSION[ 'mo2f_show_qr_code'] );
|
578 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
579 |
+
MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
|
580 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
581 |
+
// $current_user = get_user_by('id',$user_id);
|
582 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
583 |
+
$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
|
584 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
|
585 |
+
$mo2fa_login_message = '';
|
586 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
587 |
+
$enduser = new Two_Factor_Setup();
|
588 |
+
if($selected_2factor_method == 'SOFT TOKEN')
|
589 |
+
$selected_2factor_method_onprem = 'miniOrange Soft Token';
|
590 |
+
else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
|
591 |
+
$selected_2factor_method_onprem = 'miniOrange Push Notification';
|
592 |
+
else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
|
593 |
+
$selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
|
594 |
+
|
595 |
+
$response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
|
596 |
+
if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
|
597 |
+
if($response['status'] == 'ERROR'){
|
598 |
+
$mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
|
599 |
+
}else if($response['status'] == 'SUCCESS'){
|
600 |
+
$Mo2fdbQueries->update_user_details( $user_id, array(
|
601 |
+
'mobile_registration_status' =>true,
|
602 |
+
'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
|
603 |
+
'mo2f_miniOrangeSoftToken_config_status' => true,
|
604 |
+
'mo2f_miniOrangePushNotification_config_status' => true,
|
605 |
+
'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
|
606 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
|
607 |
+
) );
|
608 |
+
// $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
|
609 |
+
$mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
|
610 |
+
}else{
|
611 |
+
$mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
|
612 |
+
}
|
613 |
+
}else{
|
614 |
+
$mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
|
615 |
+
}
|
616 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
|
617 |
+
}
|
618 |
+
}
|
619 |
+
|
620 |
+
}
|
621 |
+
|
622 |
+
function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
|
623 |
+
global $Mo2fdbQueries;
|
624 |
+
$Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
|
625 |
+
|
626 |
+
$code_generate = get_user_meta($current_user_id, 'mo_backup_code_generated', true);
|
627 |
+
if(empty($code_generate)){
|
628 |
+
$mo2fa_login_message = '';
|
629 |
+
$mo2fa_login_status = 'MO_2_FACTOR_GENERATE_BACKUP_CODES';
|
630 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
|
631 |
+
}else{
|
632 |
+
$pass2fa= new Miniorange_Password_2Factor_Login();
|
633 |
+
$pass2fa->mo2fa_pass2login($redirect_to,$session_id);
|
634 |
+
exit;
|
635 |
+
}
|
636 |
+
}
|
637 |
+
|
638 |
+
function mo2f_inline_get_qr_code_for_mobile($email,$id){
|
639 |
+
$registerMobile = new Two_Factor_Setup();
|
640 |
+
$content = $registerMobile->register_mobile($email);
|
641 |
+
$response = json_decode($content, true);
|
642 |
+
$message = '';
|
643 |
+
$miniorageqr=array();
|
644 |
+
if(json_last_error() == JSON_ERROR_NONE) {
|
645 |
+
if($response['status'] == 'ERROR'){
|
646 |
+
$miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
|
647 |
+
delete_user_meta( $id, 'miniorageqr' );
|
648 |
+
}else{
|
649 |
+
if($response['status'] == 'IN_PROGRESS'){
|
650 |
+
|
651 |
+
$miniorageqr['message']='';
|
652 |
+
$miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
|
653 |
+
$miniorageqr['mo2f-login-transactionId']=$response['txId'];
|
654 |
+
$miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
|
655 |
+
update_user_meta($id,'miniorageqr',$miniorageqr);
|
656 |
+
}else{
|
657 |
+
$miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
|
658 |
+
delete_user_meta( $id, 'miniorageqr' );
|
659 |
+
}
|
660 |
+
}
|
661 |
+
}
|
662 |
+
return $miniorageqr;
|
663 |
+
}
|
664 |
+
|
665 |
+
function inline_mobile_configure(){
|
666 |
+
if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
|
667 |
+
$nonce = sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']);
|
668 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
|
669 |
+
$error = new WP_Error();
|
670 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
671 |
+
return $error;
|
672 |
+
} else {
|
673 |
+
global $Mo2fdbQueries;
|
674 |
+
$this->miniorange_pass2login_start_session();
|
675 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
676 |
+
|
677 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
678 |
+
|
679 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
680 |
+
$current_user = get_user_by('id',$user_id);
|
681 |
+
$mo2fa_login_message = '';
|
682 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
683 |
+
$user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
|
684 |
+
if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
|
685 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
|
686 |
+
$miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
|
687 |
+
$mo2fa_login_message=$miniorageqr['message'];
|
688 |
+
MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
|
689 |
+
$this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
|
690 |
+
}else{
|
691 |
+
$mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
|
692 |
+
}
|
693 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
|
694 |
+
}
|
695 |
+
}
|
696 |
+
}
|
697 |
+
|
698 |
+
function inline_validate_and_set_ga(){
|
699 |
+
if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
|
700 |
+
$nonce = sanitize_text_field($_POST['mo2f_inline_validate_ga_nonce']);
|
701 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
|
702 |
+
$error = new WP_Error();
|
703 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
704 |
+
return $error;
|
705 |
+
} else {
|
706 |
+
global $Mo2fdbQueries;
|
707 |
+
$this->miniorange_pass2login_start_session();
|
708 |
+
$otpToken = sanitize_text_field($_POST['google_auth_code']);
|
709 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
710 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
711 |
+
$current_user = get_user_by('id',$user_id);
|
712 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
713 |
+
$mo2f_google_auth=json_decode(get_user_meta($user_id,'mo2f_google_auth', true),true);
|
714 |
+
$mo2f_google_auth = isset($mo2f_google_auth) ?$mo2f_google_auth : null;
|
715 |
+
// $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
|
716 |
+
$ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
|
717 |
+
$mo2fa_login_message = '';
|
718 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
719 |
+
if(MO2f_Utility::mo2f_check_number_length($otpToken)){
|
720 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
|
721 |
+
//$selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user->ID);
|
722 |
+
$google_auth = new Miniorange_Rba_Attributes();
|
723 |
+
$google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
|
724 |
+
if(json_last_error() == JSON_ERROR_NONE) {
|
725 |
+
if($google_response['status'] == 'SUCCESS'){
|
726 |
+
$response = $google_response;
|
727 |
+
if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
|
728 |
+
if($response['status'] == 'SUCCESS'){
|
729 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array(
|
730 |
+
'mo2f_GoogleAuthenticator_config_status' => true,
|
731 |
+
'mo2f_configured_2FA_method' => 'Google Authenticator',
|
732 |
+
'mo2f_AuthyAuthenticator_config_status' => false,
|
733 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
|
734 |
+
) );
|
735 |
+
|
736 |
+
if(MO2F_IS_ONPREM){
|
737 |
+
update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
|
738 |
+
//update_user_meta($current_user->ID, 'currentMethod','Google Authenticator');
|
739 |
+
//update_user_meta($current_user->ID,'Google Authenticator',true);
|
740 |
+
$gauth_obj= new Google_auth_onpremise();
|
741 |
+
$gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
|
742 |
+
}
|
743 |
+
update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
|
744 |
+
$mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
|
745 |
+
unset($_SESSION['mo2f_google_auth']);
|
746 |
+
}else{
|
747 |
+
$mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
|
748 |
+
}
|
749 |
+
}else{
|
750 |
+
$mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
|
751 |
+
}
|
752 |
+
}else{
|
753 |
+
$mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
|
754 |
+
}
|
755 |
+
}else{
|
756 |
+
$mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
|
757 |
+
}
|
758 |
+
}else{
|
759 |
+
$mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
|
760 |
+
}
|
761 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
|
762 |
+
}
|
763 |
+
}
|
764 |
+
}
|
765 |
+
|
766 |
+
function back_to_select_2fa(){
|
767 |
+
if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
|
768 |
+
$nonce = sanitize_text_field($_POST['miniorange_inline_two_factor_setup']);
|
769 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
|
770 |
+
$error = new WP_Error();
|
771 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
772 |
+
return $error;
|
773 |
+
} else {
|
774 |
+
global $Mo2fdbQueries;
|
775 |
+
$this->miniorange_pass2login_start_session();
|
776 |
+
unset($_SESSION['mo2f_google_auth']);
|
777 |
+
unset($_SESSION['mo2f_authy_keys']);
|
778 |
+
unset($_SESSION['secret_ga']);
|
779 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
780 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
781 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
782 |
+
$current_user = get_user_by('id',$user_id);
|
783 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
|
784 |
+
$mo2fa_login_message = '';
|
785 |
+
$mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
786 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
|
787 |
+
}
|
788 |
+
}
|
789 |
+
}
|
790 |
+
|
791 |
+
function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
|
792 |
+
{
|
793 |
+
$tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
|
794 |
+
if(isset($tempEmail) and $tempEmail != '')
|
795 |
+
$email = $tempEmail;
|
796 |
+
global $Mo2fdbQueries;
|
797 |
+
|
798 |
+
$enduser = new Two_Factor_Setup();
|
799 |
+
if($current_user_id == get_option('mo2f_miniorange_admin'))
|
800 |
+
$email = get_option('mo2f_email');
|
801 |
+
|
802 |
+
$check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
|
803 |
+
|
804 |
+
if(json_last_error() == JSON_ERROR_NONE){
|
805 |
+
|
806 |
+
|
807 |
+
|
808 |
+
if($check_user['status'] == 'ERROR'){
|
809 |
+
return $check_user;
|
810 |
+
|
811 |
+
}
|
812 |
+
else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
|
813 |
+
|
814 |
+
$Mo2fdbQueries->update_user_details( $current_user_id, array(
|
815 |
+
'user_registration_with_miniorange' =>'SUCCESS',
|
816 |
+
'mo2f_user_email' =>$email,
|
817 |
+
'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
|
818 |
+
) );
|
819 |
+
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
820 |
+
|
821 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
822 |
+
return $check_user;
|
823 |
+
}
|
824 |
+
else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
|
825 |
+
$current_user = get_user_by('id',$current_user_id);
|
826 |
+
$content = json_decode($enduser->mo_create_user($current_user,$email), true);
|
827 |
+
|
828 |
+
if(json_last_error() == JSON_ERROR_NONE) {
|
829 |
+
if(strcasecmp($content['status'], 'SUCCESS') == 0) {
|
830 |
+
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
831 |
+
$Mo2fdbQueries->update_user_details( $current_user_id, array(
|
832 |
+
'user_registration_with_miniorange' =>'SUCCESS',
|
833 |
+
'mo2f_user_email' =>$email,
|
834 |
+
'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
|
835 |
+
) );
|
836 |
+
|
837 |
+
$mo2fa_login_message = '';
|
838 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
839 |
+
return $check_user;
|
840 |
+
}else{
|
841 |
+
$check_user['status']='ERROR';
|
842 |
+
$check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
|
843 |
+
return $check_user;
|
844 |
+
}
|
845 |
+
}
|
846 |
+
|
847 |
+
|
848 |
+
}
|
849 |
+
else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
|
850 |
+
$mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
|
851 |
+
$check_user['status']='ERROR';
|
852 |
+
$check_user['message']=$mo2fa_login_message;
|
853 |
+
return $check_user;
|
854 |
+
// $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
|
855 |
+
}
|
856 |
+
|
857 |
+
}
|
858 |
+
// }
|
859 |
+
|
860 |
+
}
|
861 |
+
function mo2f_skip_2fa_setup()
|
862 |
+
{
|
863 |
+
if(isset($_POST['miniorange_skip_2fa_nonce'])){
|
864 |
+
$nonce = sanitize_text_field($_POST['miniorange_skip_2fa_nonce']);
|
865 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
|
866 |
+
$error = new WP_Error();
|
867 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
868 |
+
return $error;
|
869 |
+
}
|
870 |
+
else{
|
871 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
872 |
+
global $Mo2fdbQueries;
|
873 |
+
$redirect_to = esc_url_raw($_POST['redirect_to']);
|
874 |
+
$session_id_encrypt = sanitize_text_field($session_id_encrypt);
|
875 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
876 |
+
|
877 |
+
$Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
|
878 |
+
|
879 |
+
$this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
|
880 |
+
}
|
881 |
+
}
|
882 |
+
}
|
883 |
+
|
884 |
+
function save_inline_2fa_method(){
|
885 |
+
if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
|
886 |
+
$nonce = sanitize_text_field($_POST['miniorange_inline_save_2factor_method_nonce']);
|
887 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
|
888 |
+
$error = new WP_Error();
|
889 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
890 |
+
return $error;
|
891 |
+
} else {
|
892 |
+
|
893 |
+
|
894 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
895 |
+
global $Mo2fdbQueries;
|
896 |
+
$this->miniorange_pass2login_start_session();
|
897 |
+
$mo2fa_login_message = '';
|
898 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
899 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
900 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
901 |
+
$current_user = get_user_by('id',$user_id);
|
902 |
+
$currentUserId = $current_user->ID;
|
903 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
|
904 |
+
$user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
|
905 |
+
if($user_registration_with_miniorange == 'SUCCESS'){
|
906 |
+
$selected_method = isset($_POST['mo2f_selected_2factor_method']) ? sanitize_text_field($_POST['mo2f_selected_2factor_method']) : 'NONE';
|
907 |
+
|
908 |
+
if($selected_method == 'OUT OF BAND EMAIL'){
|
909 |
+
if(!MO2F_IS_ONPREM)
|
910 |
+
{
|
911 |
+
$current_user = get_userdata($currentUserId);
|
912 |
+
$email = $current_user->user_email;
|
913 |
+
$response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
|
914 |
+
|
915 |
+
if($response['status']=='ERROR') {
|
916 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
917 |
+
$mo2fa_login_message=$response['message'].'Skip the two-factor for login';
|
918 |
+
}
|
919 |
+
else
|
920 |
+
{
|
921 |
+
$enduser = new Two_Factor_Setup();
|
922 |
+
|
923 |
+
$Mo2fdbQueries->update_user_details( $currentUserId, array(
|
924 |
+
'mo2f_email_verification_status' =>true,
|
925 |
+
'mo2f_configured_2FA_method' =>'Email Verification',
|
926 |
+
'mo2f_user_email' => $email
|
927 |
+
) );
|
928 |
+
$mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
|
929 |
+
}
|
930 |
+
}
|
931 |
+
else
|
932 |
+
{
|
933 |
+
$enduser = new Two_Factor_Setup();
|
934 |
+
|
935 |
+
$Mo2fdbQueries->update_user_details( $currentUserId, array(
|
936 |
+
'mo2f_email_verification_status' =>true,
|
937 |
+
'mo2f_configured_2FA_method' =>'Email Verification',
|
938 |
+
'mo2f_user_email' => $email
|
939 |
+
) );
|
940 |
+
$mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
|
941 |
+
}
|
942 |
+
}else if($selected_method == 'OTP OVER EMAIL'){
|
943 |
+
$email = $current_user->user_email;
|
944 |
+
if(!MO2F_IS_ONPREM)
|
945 |
+
{
|
946 |
+
$current_user = get_userdata($currentUserId);
|
947 |
+
$response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
|
948 |
+
if($response['status']=='ERROR') {
|
949 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
950 |
+
$mo2fa_login_message=$response['message'].'Skip the two-factor for login';
|
951 |
+
}
|
952 |
+
else
|
953 |
+
{
|
954 |
+
$user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
|
955 |
+
if($user_email != '' and !is_null($user_email))
|
956 |
+
$email = $user_email;
|
957 |
+
$this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
|
958 |
+
|
959 |
+
}
|
960 |
+
}
|
961 |
+
else
|
962 |
+
{
|
963 |
+
$this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
|
964 |
+
}
|
965 |
+
}else if($selected_method == "GOOGLE AUTHENTICATOR"){
|
966 |
+
$this->miniorange_pass2login_start_session();
|
967 |
+
$mo2fa_login_message = '';
|
968 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
969 |
+
$google_auth = new Miniorange_Rba_Attributes();
|
970 |
+
|
971 |
+
$gauth_name= get_site_option('mo2f_google_appname');
|
972 |
+
$google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
|
973 |
+
|
974 |
+
$email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
|
975 |
+
|
976 |
+
if ( MO2F_IS_ONPREM ) { //this should not be here
|
977 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array(
|
978 |
+
'mo2f_configured_2FA_method' =>$selected_method,
|
979 |
+
) );
|
980 |
+
include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
|
981 |
+
$gauth_obj = new Google_auth_onpremise();
|
982 |
+
|
983 |
+
$onpremise_secret = $gauth_obj->createSecret();
|
984 |
+
$issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
|
985 |
+
$url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
|
986 |
+
$mo2f_google_auth = array();
|
987 |
+
$mo2f_google_auth['ga_qrCode'] = $url;
|
988 |
+
$mo2f_google_auth['ga_secret'] = $onpremise_secret;
|
989 |
+
$_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
|
990 |
+
update_user_meta($current_user->ID,'mo2f_google_auth', json_encode($mo2f_google_auth));
|
991 |
+
|
992 |
+
}else{
|
993 |
+
$current_user = get_userdata($currentUserId);
|
994 |
+
$email = $current_user->user_email;
|
995 |
+
$tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
|
996 |
+
|
997 |
+
if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
|
998 |
+
{
|
999 |
+
$email = $tempemail;
|
1000 |
+
}
|
1001 |
+
|
1002 |
+
$response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
|
1003 |
+
if($response['status']=='ERROR') {
|
1004 |
+
$mo2fa_login_message=$response['message'];
|
1005 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
1006 |
+
|
1007 |
+
}else{
|
1008 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array(
|
1009 |
+
'mo2f_configured_2FA_method' =>$selected_method,
|
1010 |
+
) );
|
1011 |
+
$google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
|
1012 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
1013 |
+
if ( $google_response['status'] == 'SUCCESS' ) {
|
1014 |
+
|
1015 |
+
$mo2f_google_auth = array();
|
1016 |
+
$mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
|
1017 |
+
$mo2f_google_auth['ga_secret'] = $google_response['secret'];
|
1018 |
+
$_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
|
1019 |
+
update_user_meta( $current_user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
|
1020 |
+
|
1021 |
+
} else {
|
1022 |
+
$mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
|
1023 |
+
}
|
1024 |
+
}
|
1025 |
+
}
|
1026 |
+
}
|
1027 |
+
|
1028 |
+
|
1029 |
+
}else{
|
1030 |
+
//inline for others
|
1031 |
+
if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
|
1032 |
+
{
|
1033 |
+
$current_user = get_userdata($currentUserId);
|
1034 |
+
$email = $current_user->user_email;
|
1035 |
+
$response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
|
1036 |
+
if($response['status']=='ERROR') {
|
1037 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
1038 |
+
$mo2fa_login_message=$response['message'].'Skip the two-factor for login';
|
1039 |
+
}
|
1040 |
+
else {
|
1041 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
|
1042 |
+
}
|
1043 |
+
}else{
|
1044 |
+
$Mo2fdbQueries->update_user_details( $current_user->ID, array(
|
1045 |
+
'mo2f_configured_2FA_method' =>$selected_method,
|
1046 |
+
) );
|
1047 |
+
}
|
1048 |
+
}
|
1049 |
+
}else{
|
1050 |
+
$mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
|
1051 |
+
}
|
1052 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
|
1053 |
+
}
|
1054 |
+
}
|
1055 |
+
}
|
1056 |
+
|
1057 |
+
function check_kba_validation($POSTED){
|
1058 |
+
if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
|
1059 |
+
$nonce = $POSTED['miniorange_kba_nonce'];
|
1060 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
|
1061 |
+
$error = new WP_Error();
|
1062 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1063 |
+
return $error;
|
1064 |
+
}else{
|
1065 |
+
$this->miniorange_pass2login_start_session();
|
1066 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1067 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1068 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
1069 |
+
if ( isset( $user_id ) ) {
|
1070 |
+
if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
|
1071 |
+
$mo2fa_login_message = 'Please provide both the answers.';
|
1072 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
|
1073 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
|
1074 |
+
}
|
1075 |
+
$otpToken = array();
|
1076 |
+
$kba_questions = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
|
1077 |
+
$otpToken[0] = $kba_questions[0]['question'];
|
1078 |
+
$otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
|
1079 |
+
$otpToken[2] = $kba_questions[1]['question'];
|
1080 |
+
$otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
|
1081 |
+
$check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
|
1082 |
+
//if the php session folder has insufficient permissions, cookies to be used
|
1083 |
+
$mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
|
1084 |
+
$mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
|
1085 |
+
$kba_validate = new Customer_Setup();
|
1086 |
+
$kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1087 |
+
global $Mo2fdbQueries;
|
1088 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
|
1089 |
+
if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
|
1090 |
+
if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
|
1091 |
+
try {
|
1092 |
+
mo2f_register_profile( $email, 'true', $mo2f_rba_status );
|
1093 |
+
} catch ( Exception $e ) {
|
1094 |
+
echo $e->getMessage();
|
1095 |
+
}
|
1096 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
1097 |
+
} else {
|
1098 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
1099 |
+
}
|
1100 |
+
} else {
|
1101 |
+
$mo2fa_login_message = 'The answers you have provided are incorrect.';
|
1102 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
|
1103 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
|
1104 |
+
}
|
1105 |
+
} else {
|
1106 |
+
$this->remove_current_activity($session_id_encrypt);
|
1107 |
+
return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
|
1108 |
+
}
|
1109 |
+
}
|
1110 |
+
}
|
1111 |
+
}
|
1112 |
+
function check_rba_cancalation($POSTED){
|
1113 |
+
$nonce = sanitize_text_field($POSTED['mo2f_trust_device_cancel_nonce']);
|
1114 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
|
1115 |
+
$error = new WP_Error();
|
1116 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
1117 |
+
return $error;
|
1118 |
+
} else {
|
1119 |
+
$this->miniorange_pass2login_start_session();
|
1120 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
|
1121 |
+
$redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
|
1122 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
1123 |
+
}
|
1124 |
+
}
|
1125 |
+
function check_rba_validation($POSTED){
|
1126 |
+
$nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
|
1127 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
|
1128 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id'] ): null;
|
1129 |
+
$this->remove_current_activity($session_id_encrypt);
|
1130 |
+
$error = new WP_Error();
|
1131 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
|
1132 |
+
return $error;
|
1133 |
+
} else {
|
1134 |
+
$this->miniorange_pass2login_start_session();
|
1135 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
|
1136 |
+
try {
|
1137 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypt );
|
1138 |
+
Global $Mo2fdbQueries;
|
1139 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
|
1140 |
+
$mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
|
1141 |
+
mo2f_register_profile( $email, 'true', $mo2f_rba_status );
|
1142 |
+
} catch ( Exception $e ) {
|
1143 |
+
echo $e->getMessage();
|
1144 |
+
}
|
1145 |
+
$redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
|
1146 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
1147 |
+
}
|
1148 |
+
}
|
1149 |
+
|
1150 |
+
function miniorange2f_back_to_inline_registration($POSTED)
|
1151 |
+
{
|
1152 |
+
$nonce = sanitize_text_field($_POST['miniorange_back_inline_reg_nonce']);
|
1153 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
|
1154 |
+
$error = new WP_Error();
|
1155 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1156 |
+
return $error;
|
1157 |
+
} else {
|
1158 |
+
|
1159 |
+
$session_id_encrypt = sanitize_text_field($POSTED['session_id']);
|
1160 |
+
$redirect_to = esc_url_raw($POSTED['redirect_to']);
|
1161 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
1162 |
+
$mo2fa_login_message = '';
|
1163 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
|
1164 |
+
}
|
1165 |
+
|
1166 |
+
}
|
1167 |
+
|
1168 |
+
function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
|
1169 |
+
$nonce = sanitize_text_field($_POST['miniorange_forgotphone']);
|
1170 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
|
1171 |
+
$error = new WP_Error();
|
1172 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1173 |
+
return $error;
|
1174 |
+
} else {
|
1175 |
+
$mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
|
1176 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1177 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
1178 |
+
$mo2fa_login_message = '';
|
1179 |
+
$this->miniorange_pass2login_start_session();
|
1180 |
+
$customer = new Customer_Setup();
|
1181 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1182 |
+
Global $Mo2fdbQueries;
|
1183 |
+
$user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
|
1184 |
+
$kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
|
1185 |
+
if ( $kba_configuration_status ) {
|
1186 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
|
1187 |
+
$pass2fa_login = new Miniorange_Password_2Factor_Login();
|
1188 |
+
$pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
|
1189 |
+
} else {
|
1190 |
+
$hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
|
1191 |
+
$content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1192 |
+
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
|
1193 |
+
$session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
|
1194 |
+
MO2f_Utility::unset_session_variables( $session_cookie_variables );
|
1195 |
+
MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
|
1196 |
+
MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
|
1197 |
+
//if the php session folder has insufficient permissions, cookies to be used
|
1198 |
+
MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
|
1199 |
+
MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
|
1200 |
+
$this->mo2f_transactionid=$content['txId'];
|
1201 |
+
$mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
|
1202 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
|
1203 |
+
} else {
|
1204 |
+
$mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
|
1205 |
+
}
|
1206 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
|
1207 |
+
}
|
1208 |
+
$pass2fa_login = new Miniorange_Password_2Factor_Login();
|
1209 |
+
$pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
|
1210 |
+
}
|
1211 |
+
}
|
1212 |
+
function check_miniorange_alternate_login_kba($POSTED){
|
1213 |
+
$nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
|
1214 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
|
1215 |
+
$error = new WP_Error();
|
1216 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1217 |
+
return $error;
|
1218 |
+
} else {
|
1219 |
+
$this->miniorange_pass2login_start_session();
|
1220 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
|
1221 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1222 |
+
$redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
|
1223 |
+
$this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
|
1224 |
+
}
|
1225 |
+
}
|
1226 |
+
function check_miniorange_mobile_validation($POSTED){
|
1227 |
+
/*check mobile validation */
|
1228 |
+
|
1229 |
+
$nonce = $POSTED['miniorange_mobile_validation_nonce'];
|
1230 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
|
1231 |
+
$error = new WP_Error();
|
1232 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1233 |
+
return $error;
|
1234 |
+
} else {
|
1235 |
+
if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
|
1236 |
+
{
|
1237 |
+
$txid = $POSTED['TxidEmail'];
|
1238 |
+
$status = get_option($txid);
|
1239 |
+
if($status != '')
|
1240 |
+
{
|
1241 |
+
if($status != 1)
|
1242 |
+
{
|
1243 |
+
return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
|
1244 |
+
}
|
1245 |
+
}
|
1246 |
+
}
|
1247 |
+
$this->miniorange_pass2login_start_session();
|
1248 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
|
1249 |
+
//if the php session folder has insufficient permissions, cookies to be used
|
1250 |
+
$mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
|
1251 |
+
$redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
|
1252 |
+
$checkMobileStatus = new Two_Factor_Setup();
|
1253 |
+
$content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
|
1254 |
+
$response = json_decode( $content, true );
|
1255 |
+
if(MO2F_IS_ONPREM)
|
1256 |
+
{
|
1257 |
+
$this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
|
1258 |
+
}
|
1259 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
1260 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
1261 |
+
if ( get_option( 'mo2f_remember_device' ) ) {
|
1262 |
+
$mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
|
1263 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
|
1264 |
+
} else {
|
1265 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
1266 |
+
}
|
1267 |
+
} else {
|
1268 |
+
$this->remove_current_activity($session_id_encrypt);
|
1269 |
+
return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
|
1270 |
+
}
|
1271 |
+
} else {
|
1272 |
+
$this->remove_current_activity($session_id_encrypt);
|
1273 |
+
return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
|
1274 |
+
}
|
1275 |
+
}
|
1276 |
+
}
|
1277 |
+
function check_miniorange_mobile_validation_failed($POSTED){
|
1278 |
+
/*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
|
1279 |
+
$nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
|
1280 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
|
1281 |
+
$error = new WP_Error();
|
1282 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
1283 |
+
return $error;
|
1284 |
+
} else {
|
1285 |
+
$this->miniorange_pass2login_start_session();
|
1286 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
|
1287 |
+
$this->remove_current_activity($session_id_encrypt);
|
1288 |
+
|
1289 |
+
}
|
1290 |
+
}
|
1291 |
+
function check_miniorange_forgotphone($POSTED){
|
1292 |
+
$nonce = $POSTED['miniorange_forgotphone'];
|
1293 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
|
1294 |
+
$error = new WP_Error();
|
1295 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1296 |
+
return $error;
|
1297 |
+
} else {
|
1298 |
+
global $Mo2fdbQueries;
|
1299 |
+
$mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
|
1300 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
|
1301 |
+
$redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
|
1302 |
+
$mo2fa_login_message = '';
|
1303 |
+
$this->miniorange_pass2login_start_session();
|
1304 |
+
$customer = new Customer_Setup();
|
1305 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1306 |
+
$user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
|
1307 |
+
$kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
|
1308 |
+
if ( $kba_configuration_status ) {
|
1309 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
|
1310 |
+
$pass2fa_login = new Miniorange_Password_2Factor_Login();
|
1311 |
+
$pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
|
1312 |
+
} else {
|
1313 |
+
$hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
|
1314 |
+
$content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1315 |
+
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
|
1316 |
+
$session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
|
1317 |
+
MO2f_Utility::unset_session_variables( $session_cookie_variables );
|
1318 |
+
MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
|
1319 |
+
MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
|
1320 |
+
//if the php session folder has insufficient permissions, cookies to be used
|
1321 |
+
MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
|
1322 |
+
MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
|
1323 |
+
$this->mo2f_transactionid=$content['txId'];
|
1324 |
+
$mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
|
1325 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
|
1326 |
+
} else {
|
1327 |
+
$mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
|
1328 |
+
}
|
1329 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
|
1330 |
+
}
|
1331 |
+
$pass2fa_login = new Miniorange_Password_2Factor_Login();
|
1332 |
+
$pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
|
1333 |
+
}
|
1334 |
+
}
|
1335 |
+
function check_miniorange_softtoken($POSTED){
|
1336 |
+
/*Click on the link of phone is offline */
|
1337 |
+
$nonce = $POSTED['miniorange_softtoken'];
|
1338 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
|
1339 |
+
$error = new WP_Error();
|
1340 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1341 |
+
return $error;
|
1342 |
+
} else {
|
1343 |
+
$this->miniorange_pass2login_start_session();
|
1344 |
+
$session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
|
1345 |
+
$session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
|
1346 |
+
MO2f_Utility::unset_session_variables( $session_cookie_variables );
|
1347 |
+
MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
|
1348 |
+
MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
|
1349 |
+
$redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
|
1350 |
+
$mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
|
1351 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
|
1352 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
|
1353 |
+
}
|
1354 |
+
}
|
1355 |
+
function check_miniorange_soft_token($POSTED){
|
1356 |
+
/*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
|
1357 |
+
$nonce = sanitize_text_field($_POST['miniorange_soft_token_nonce']);
|
1358 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
|
1359 |
+
$error = new WP_Error();
|
1360 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1361 |
+
return $error;
|
1362 |
+
}else {
|
1363 |
+
$this->miniorange_pass2login_start_session();
|
1364 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1365 |
+
$mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
|
1366 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
1367 |
+
$softtoken = '';
|
1368 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1369 |
+
$attempts = get_option('mo2f_attempts_before_redirect', 3);
|
1370 |
+
if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
|
1371 |
+
if($attempts>1 || $attempts=='disabled')
|
1372 |
+
{
|
1373 |
+
update_option('mo2f_attempts_before_redirect', $attempts-1 );
|
1374 |
+
$mo2fa_login_message = 'Please enter OTP to proceed.';
|
1375 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
|
1376 |
+
}else{
|
1377 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1378 |
+
$this->remove_current_activity($session_id_encrypt);
|
1379 |
+
return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
|
1380 |
+
}
|
1381 |
+
} else {
|
1382 |
+
$softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
|
1383 |
+
if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
|
1384 |
+
if($attempts>1|| $attempts=='disabled')
|
1385 |
+
{
|
1386 |
+
update_option('mo2f_attempts_before_redirect', $attempts-1 );
|
1387 |
+
$mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
|
1388 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
|
1389 |
+
}else{
|
1390 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1391 |
+
$this->remove_current_activity($session_id_encrypt);
|
1392 |
+
update_option('mo2f_attempts_before_redirect', 3);
|
1393 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
|
1394 |
+
$data = array('reload' => "reload", );
|
1395 |
+
wp_send_json_success($data);
|
1396 |
+
}
|
1397 |
+
else
|
1398 |
+
return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
|
1399 |
+
}
|
1400 |
+
}
|
1401 |
+
}
|
1402 |
+
|
1403 |
+
global $Mo2fdbQueries;
|
1404 |
+
$user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
|
1405 |
+
if ( isset( $user_id ) ) {
|
1406 |
+
$customer = new Customer_Setup();
|
1407 |
+
$content = '';
|
1408 |
+
$current_user = get_userdata($user_id);
|
1409 |
+
//if the php session folder has insufficient permissions, cookies to be used
|
1410 |
+
$mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
|
1411 |
+
|
1412 |
+
if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
|
1413 |
+
$content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
|
1414 |
+
} else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
|
1415 |
+
$content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1416 |
+
} else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
|
1417 |
+
$content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1418 |
+
} else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
|
1419 |
+
$content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1420 |
+
} else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
|
1421 |
+
$content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1422 |
+
} else {
|
1423 |
+
$this->remove_current_activity($session_id_encrypt);
|
1424 |
+
return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
|
1425 |
+
}
|
1426 |
+
|
1427 |
+
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
|
1428 |
+
update_option('mo2f_attempts_before_redirect', 3);
|
1429 |
+
if ( get_option( 'mo2f_remember_device' ) ) {
|
1430 |
+
$mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
|
1431 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
|
1432 |
+
} else {
|
1433 |
+
if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
|
1434 |
+
{
|
1435 |
+
$Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS', 'mo2f_OTPOverEmail_config_status' => 1) );
|
1436 |
+
$enduser = new Two_Factor_Setup();
|
1437 |
+
|
1438 |
+
$enduser->mo2f_update_userinfo( $user_email, 'OTP Over Email', null, null, null );
|
1439 |
+
|
1440 |
+
}
|
1441 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
1442 |
+
}
|
1443 |
+
} else {
|
1444 |
+
if($attempts>1 || $attempts=='disabled')
|
1445 |
+
{
|
1446 |
+
update_option('mo2f_attempts_before_redirect', $attempts-1);
|
1447 |
+
$message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
|
1448 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
|
1449 |
+
}else{
|
1450 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1451 |
+
$this->remove_current_activity($session_id_encrypt);
|
1452 |
+
update_option('mo2f_attempts_before_redirect', 3);
|
1453 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
|
1454 |
+
$data = array('reload' => "reload", );
|
1455 |
+
wp_send_json_success($data);
|
1456 |
+
}
|
1457 |
+
else
|
1458 |
+
return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
|
1459 |
+
}
|
1460 |
+
}
|
1461 |
+
} else {
|
1462 |
+
$this->remove_current_activity($session_id_encrypt);
|
1463 |
+
return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
|
1464 |
+
}
|
1465 |
+
}
|
1466 |
+
}
|
1467 |
+
function check_miniorange_attribute_collection($POSTED){
|
1468 |
+
$nonce = $POSTED['miniorange_attribute_collection_nonce'];
|
1469 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
|
1470 |
+
$error = new WP_Error();
|
1471 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1472 |
+
return $error;
|
1473 |
+
} else {
|
1474 |
+
$this->miniorange_pass2login_start_session();
|
1475 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1476 |
+
$currentuser = get_user_by( 'id', $user_id );
|
1477 |
+
$attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
|
1478 |
+
$redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
|
1479 |
+
$session_id = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
|
1480 |
+
$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
|
1481 |
+
}
|
1482 |
+
}
|
1483 |
+
function check_miniorange_inline_skip_registration($POSTED){
|
1484 |
+
$error = new WP_Error();
|
1485 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1486 |
+
}
|
1487 |
+
function miniorange_pass2login_redirect() {
|
1488 |
+
do_action('mo2f_network_init');
|
1489 |
+
global $Mo2fdbQueries;
|
1490 |
+
|
1491 |
+
if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
|
1492 |
+
if ( isset( $_POST['miniorange_login_nonce'] ) ) {
|
1493 |
+
$nonce = sanitize_text_field($_POST['miniorange_login_nonce']);
|
1494 |
+
$session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1495 |
+
|
1496 |
+
if(is_null($session_id)) {
|
1497 |
+
$session_id=$this->create_session();
|
1498 |
+
}
|
1499 |
+
|
1500 |
+
|
1501 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
|
1502 |
+
$this->remove_current_activity($session_id);
|
1503 |
+
$error = new WP_Error();
|
1504 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
1505 |
+
return $error;
|
1506 |
+
} else {
|
1507 |
+
$this->miniorange_pass2login_start_session();
|
1508 |
+
$mobile_login = new Miniorange_Mobile_Login();
|
1509 |
+
//validation and sanitization
|
1510 |
+
$username = '';
|
1511 |
+
if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2fa_username'] ) ) {
|
1512 |
+
MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
|
1513 |
+
$mobile_login->mo_auth_show_error_message();
|
1514 |
+
return;
|
1515 |
+
} else {
|
1516 |
+
$username = sanitize_text_field( $_POST['mo2fa_username'] );
|
1517 |
+
}
|
1518 |
+
if ( username_exists( $username ) ) { /*if username exists in wp site */
|
1519 |
+
$user = new WP_User( $username );
|
1520 |
+
$redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
|
1521 |
+
MO2f_Utility::set_user_values($session_id, 'mo2f_current_user_id', $user->ID );
|
1522 |
+
MO2f_Utility::set_user_values($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS' );
|
1523 |
+
$this->mo2f_userId=$user->ID;
|
1524 |
+
$this->fstfactor='VALIDATE_SUCCESS';
|
1525 |
+
$current_roles = miniorange_get_user_role( $user );
|
1526 |
+
$mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
|
1527 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
1528 |
+
$mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
|
1529 |
+
$kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
|
1530 |
+
|
1531 |
+
if(MO2F_IS_ONPREM )
|
1532 |
+
{
|
1533 |
+
$mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
|
1534 |
+
|
1535 |
+
}
|
1536 |
+
if ( $mo2f_configured_2FA_method ) {
|
1537 |
+
if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
|
1538 |
+
if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
|
1539 |
+
$this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
|
1540 |
+
} else {
|
1541 |
+
$mo2f_second_factor = '';
|
1542 |
+
|
1543 |
+
if(MO2F_IS_ONPREM)
|
1544 |
+
{
|
1545 |
+
global $Mo2fdbQueries;
|
1546 |
+
$mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
|
1547 |
+
if($mo2f_second_factor == 'Security Questions')
|
1548 |
+
{
|
1549 |
+
$mo2f_second_factor = 'KBA';
|
1550 |
+
}
|
1551 |
+
else if($mo2f_second_factor == 'Google Authenticator')
|
1552 |
+
{
|
1553 |
+
$mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
|
1554 |
+
}
|
1555 |
+
else if($mo2f_second_factor != 'Email Verification')
|
1556 |
+
$mo2f_second_factor = 'NONE';
|
1557 |
+
}else{
|
1558 |
+
$mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
|
1559 |
+
}
|
1560 |
+
|
1561 |
+
if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
|
1562 |
+
$this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
|
1563 |
+
} else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
|
1564 |
+
$this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
|
1565 |
+
}
|
1566 |
+
else if($mo2f_second_factor == 'Email Verification'){
|
1567 |
+
$this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
|
1568 |
+
}
|
1569 |
+
else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
|
1570 |
+
$this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
|
1571 |
+
} else if ( $mo2f_second_factor == 'KBA' ) {
|
1572 |
+
$this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
|
1573 |
+
} else {
|
1574 |
+
$this->remove_current_activity($session_id);
|
1575 |
+
MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
|
1576 |
+
$mobile_login->mo_auth_show_success_message();
|
1577 |
+
}
|
1578 |
+
}
|
1579 |
+
} else {
|
1580 |
+
MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
|
1581 |
+
$mobile_login->mo_auth_show_success_message('Please login into your account using password.');
|
1582 |
+
update_user_meta($user->ID,'userMessage','Please login into your account using password.');
|
1583 |
+
$mobile_login->mo2f_redirectto_wp_login();
|
1584 |
+
}
|
1585 |
+
} else {
|
1586 |
+
MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
|
1587 |
+
$mobile_login->mo_auth_show_success_message('Please login into your account using password.');
|
1588 |
+
update_user_meta($user->ID,'userMessage','Please login into your account using password.');
|
1589 |
+
$mobile_login->mo2f_redirectto_wp_login();
|
1590 |
+
}
|
1591 |
+
} else {
|
1592 |
+
$mobile_login->remove_current_activity($session_id);
|
1593 |
+
MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
|
1594 |
+
$mobile_login->mo_auth_show_error_message('Invalid Username.');
|
1595 |
+
}
|
1596 |
+
}
|
1597 |
+
}
|
1598 |
+
|
1599 |
+
}
|
1600 |
+
if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
|
1601 |
+
{
|
1602 |
+
$userIDGet = sanitize_text_field($_GET['userID']);
|
1603 |
+
$txIdGet = sanitize_text_field($_GET['Txid']);
|
1604 |
+
$otpToken = get_site_option($userIDGet);
|
1605 |
+
$txidstatus = get_site_option($txIdGet);
|
1606 |
+
$userIDd = $userIDGet.'D';
|
1607 |
+
$otpTokenD = get_site_option($userIDd);
|
1608 |
+
$mo2f_dirName = dirname(__FILE__);
|
1609 |
+
$mo2f_dirName = explode('wp-content', $mo2f_dirName);
|
1610 |
+
$mo2f_dirName = explode('handler', $mo2f_dirName[1]);
|
1611 |
+
|
1612 |
+
$head = "You are not authorized to perform this action";
|
1613 |
+
$body = "Please contact to your admin";
|
1614 |
+
$color = "red";
|
1615 |
+
if(3 == $txidstatus)
|
1616 |
+
{
|
1617 |
+
$time = "time".$txIdGet;
|
1618 |
+
$currentTimeInMillis = round(microtime(true) * 1000);
|
1619 |
+
$generatedTimeINMillis = get_site_option($time);
|
1620 |
+
$difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
|
1621 |
+
if($difference <= 300)
|
1622 |
+
{
|
1623 |
+
$accessTokenGet = sanitize_text_field($_GET['accessToken']);
|
1624 |
+
if( $accessTokenGet == $otpToken)
|
1625 |
+
{
|
1626 |
+
update_site_option($txIdGet,1);
|
1627 |
+
$body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
|
1628 |
+
$head = "TRANSACTION SUCCESSFUL";
|
1629 |
+
$color = "green";
|
1630 |
+
}
|
1631 |
+
else if($accessTokenGet==$otpTokenD)
|
1632 |
+
{
|
1633 |
+
update_site_option($txIdGet,0);
|
1634 |
+
$body = "Transaction has been Canceled.<br><br>Please Try Again.";
|
1635 |
+
$head = "TRANSACTION DENIED";
|
1636 |
+
}
|
1637 |
+
}
|
1638 |
+
delete_site_option($userIDGet);
|
1639 |
+
delete_site_option($userIDd);
|
1640 |
+
delete_site_option($time);
|
1641 |
+
|
1642 |
+
}
|
1643 |
+
|
1644 |
+
$this->display_email_verification($head,$body,$color);
|
1645 |
+
exit;
|
1646 |
+
|
1647 |
+
}
|
1648 |
+
elseif (isset($_POST['emailInlineCloud'])) {
|
1649 |
+
$nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
|
1650 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
|
1651 |
+
$error = new WP_Error();
|
1652 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
1653 |
+
return $error;
|
1654 |
+
} else {
|
1655 |
+
$email = sanitize_text_field($_POST['emailInlineCloud']);
|
1656 |
+
$current_user_id = sanitize_text_field($_POST['current_user_id']);
|
1657 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
1658 |
+
$redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
|
1659 |
+
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
1660 |
+
global $Mo2fdbQueries;
|
1661 |
+
$Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
|
1662 |
+
prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','',$redirect_to,$session_id_encrypt,null);
|
1663 |
+
}
|
1664 |
+
}
|
1665 |
+
}
|
1666 |
+
else if(isset($_POST['txid']))
|
1667 |
+
{
|
1668 |
+
$txidpost = sanitize_text_field($_POST['txid']);
|
1669 |
+
$status = get_site_option($txidpost);
|
1670 |
+
update_option('optionVal1',$status); //??
|
1671 |
+
if($status ==1 || $status ==0)
|
1672 |
+
delete_site_option($txidpost);
|
1673 |
+
echo $status;
|
1674 |
+
exit();
|
1675 |
+
}
|
1676 |
+
|
1677 |
+
|
1678 |
+
|
1679 |
+
else{
|
1680 |
+
|
1681 |
+
$value=isset($_POST['option'])?sanitize_text_field($_POST['option']):false;
|
1682 |
+
|
1683 |
+
switch ($value) {
|
1684 |
+
case 'miniorange_rba_validate':
|
1685 |
+
$this->check_rba_validation($_POST);
|
1686 |
+
break;
|
1687 |
+
|
1688 |
+
case 'miniorange_rba_cancle':
|
1689 |
+
|
1690 |
+
$this->check_rba_cancalation($_POST);
|
1691 |
+
break;
|
1692 |
+
|
1693 |
+
case 'miniorange_forgotphone':
|
1694 |
+
$this->check_miniorange_challenge_forgotphone($_POST);
|
1695 |
+
break;
|
1696 |
+
|
1697 |
+
case 'miniorange2f_back_to_inline_registration':
|
1698 |
+
$this->miniorange2f_back_to_inline_registration($_POST);
|
1699 |
+
exit;
|
1700 |
+
|
1701 |
+
case 'miniorange_alternate_login_kba':
|
1702 |
+
|
1703 |
+
$this->check_miniorange_alternate_login_kba($_POST);
|
1704 |
+
break;
|
1705 |
+
|
1706 |
+
case 'miniorange_kba_validate':
|
1707 |
+
$this->check_kba_validation($_POST);
|
1708 |
+
|
1709 |
+
break;
|
1710 |
+
|
1711 |
+
case 'miniorange_mobile_validation':
|
1712 |
+
$this->check_miniorange_mobile_validation($_POST);
|
1713 |
+
break;
|
1714 |
+
|
1715 |
+
case 'miniorange_mobile_validation_failed':
|
1716 |
+
$this->check_miniorange_mobile_validation_failed($_POST);
|
1717 |
+
break;
|
1718 |
+
|
1719 |
+
case 'miniorange_softtoken':
|
1720 |
+
$this->check_miniorange_softtoken($_POST);
|
1721 |
+
|
1722 |
+
break;
|
1723 |
+
|
1724 |
+
|
1725 |
+
case 'miniorange_soft_token':
|
1726 |
+
|
1727 |
+
$this->check_miniorange_soft_token($_POST);
|
1728 |
+
break;
|
1729 |
+
|
1730 |
+
case 'miniorange_inline_skip_registration':
|
1731 |
+
$this->check_miniorange_inline_skip_registration($_POST);
|
1732 |
+
break;
|
1733 |
+
|
1734 |
+
case 'miniorange_attribute_collection':
|
1735 |
+
$this->check_miniorange_attribute_collection($_POST);
|
1736 |
+
break;
|
1737 |
+
|
1738 |
+
case 'miniorange_inline_save_2factor_method':
|
1739 |
+
$this->save_inline_2fa_method();
|
1740 |
+
break;
|
1741 |
+
|
1742 |
+
case 'mo2f_skip_2fa_setup':
|
1743 |
+
$this->mo2f_skip_2fa_setup();
|
1744 |
+
break;
|
1745 |
+
|
1746 |
+
case 'miniorange_back_inline':
|
1747 |
+
$this->back_to_select_2fa();
|
1748 |
+
break;
|
1749 |
+
|
1750 |
+
case 'miniorange_inline_ga_validate':
|
1751 |
+
$this->inline_validate_and_set_ga();
|
1752 |
+
break;
|
1753 |
+
|
1754 |
+
case 'miniorange_inline_show_mobile_config':
|
1755 |
+
$this->inline_mobile_configure();
|
1756 |
+
break;
|
1757 |
+
|
1758 |
+
case 'miniorange_inline_complete_mobile':
|
1759 |
+
$this->mo2f_inline_validate_mobile_authentication();
|
1760 |
+
break;
|
1761 |
+
|
1762 |
+
case 'mo2f_inline_kba_option':
|
1763 |
+
$this->mo2f_inline_validate_kba();
|
1764 |
+
break;
|
1765 |
+
|
1766 |
+
case 'miniorange_inline_complete_otp_over_sms':
|
1767 |
+
$this->mo2f_inline_send_otp();
|
1768 |
+
break;
|
1769 |
+
|
1770 |
+
case 'miniorange_inline_complete_otp':
|
1771 |
+
$this->mo2f_inline_validate_otp();
|
1772 |
+
break;
|
1773 |
+
|
1774 |
+
case 'miniorange_inline_login':
|
1775 |
+
$this->mo2f_inline_login();
|
1776 |
+
break;
|
1777 |
+
case 'miniorange_inline_register':
|
1778 |
+
$this->mo2f_inline_register();
|
1779 |
+
break;
|
1780 |
+
case 'mo2f_users_backup1':
|
1781 |
+
$this->mo2f_download_backup_codes_inline();
|
1782 |
+
break;
|
1783 |
+
case 'mo2f_goto_wp_dashboard':
|
1784 |
+
$this->mo2f_goto_wp_dashboard();
|
1785 |
+
break;
|
1786 |
+
case 'miniorange_backup_nonce':
|
1787 |
+
$this->mo2f_use_backup_codes($_POST);
|
1788 |
+
break;
|
1789 |
+
case 'miniorange_validate_backup_nonce':
|
1790 |
+
$this->check_backup_codes_validation($_POST);
|
1791 |
+
break;
|
1792 |
+
case 'miniorange_create_backup_codes':
|
1793 |
+
$this->mo2f_create_backup_codes();
|
1794 |
+
break;
|
1795 |
+
default:
|
1796 |
+
$error = new WP_Error();
|
1797 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
|
1798 |
+
|
1799 |
+
return $error;
|
1800 |
+
break;
|
1801 |
+
|
1802 |
+
|
1803 |
+
}
|
1804 |
+
}
|
1805 |
+
}
|
1806 |
+
|
1807 |
+
function deniedMessage($message)
|
1808 |
+
{
|
1809 |
+
if(empty($message) && get_option("deniedMessage") )
|
1810 |
+
{
|
1811 |
+
delete_option('deniedMessage');
|
1812 |
+
}
|
1813 |
+
else
|
1814 |
+
return $message;
|
1815 |
+
}
|
1816 |
+
function remove_current_activity($session_id) {
|
1817 |
+
global $Mo2fdbQueries;
|
1818 |
+
$session_variables = array(
|
1819 |
+
'mo2f_current_user_id',
|
1820 |
+
'mo2f_1stfactor_status',
|
1821 |
+
'mo_2factor_login_status',
|
1822 |
+
'mo2f-login-qrCode',
|
1823 |
+
'mo2f_transactionId',
|
1824 |
+
'mo2f_login_message',
|
1825 |
+
'mo2f_rba_status',
|
1826 |
+
'mo_2_factor_kba_questions',
|
1827 |
+
'mo2f_show_qr_code',
|
1828 |
+
'mo2f_google_auth',
|
1829 |
+
'mo2f_authy_keys'
|
1830 |
+
);
|
1831 |
+
|
1832 |
+
$cookie_variables = array(
|
1833 |
+
'mo2f_current_user_id',
|
1834 |
+
'mo2f_1stfactor_status',
|
1835 |
+
'mo_2factor_login_status',
|
1836 |
+
'mo2f-login-qrCode',
|
1837 |
+
'mo2f_transactionId',
|
1838 |
+
'mo2f_login_message',
|
1839 |
+
'mo2f_rba_status_status',
|
1840 |
+
'mo2f_rba_status_sessionUuid',
|
1841 |
+
'mo2f_rba_status_decision_flag',
|
1842 |
+
'kba_question1',
|
1843 |
+
'kba_question2',
|
1844 |
+
'mo2f_show_qr_code',
|
1845 |
+
'mo2f_google_auth',
|
1846 |
+
'mo2f_authy_keys'
|
1847 |
+
);
|
1848 |
+
|
1849 |
+
$temp_table_variables = array(
|
1850 |
+
'session_id',
|
1851 |
+
'mo2f_current_user_id',
|
1852 |
+
'mo2f_login_message',
|
1853 |
+
'mo2f_1stfactor_status',
|
1854 |
+
'mo2f_transactionId',
|
1855 |
+
'mo_2_factor_kba_questions',
|
1856 |
+
'mo2f_rba_status',
|
1857 |
+
'ts_created'
|
1858 |
+
);
|
1859 |
+
|
1860 |
+
MO2f_Utility::unset_session_variables( $session_variables );
|
1861 |
+
MO2f_Utility::unset_cookie_variables( $cookie_variables );
|
1862 |
+
$key = get_option( 'mo2f_encryption_key' );
|
1863 |
+
$session_id = MO2f_Utility::decrypt_data( $session_id, $key );
|
1864 |
+
$Mo2fdbQueries->save_user_login_details( $session_id, array(
|
1865 |
+
|
1866 |
+
'mo2f_current_user_id' => '',
|
1867 |
+
'mo2f_login_message' => '',
|
1868 |
+
'mo2f_1stfactor_status' => '',
|
1869 |
+
'mo2f_transactionId' => '',
|
1870 |
+
'mo_2_factor_kba_questions' => '',
|
1871 |
+
'mo2f_rba_status' => '',
|
1872 |
+
'ts_created' => ''
|
1873 |
+
) );
|
1874 |
+
|
1875 |
+
|
1876 |
+
}
|
1877 |
+
|
1878 |
+
public function miniorange_pass2login_start_session() {
|
1879 |
+
if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
|
1880 |
+
$session_path = ini_get('session.save_path');
|
1881 |
+
if( is_writable($session_path) && is_readable($session_path) ) {
|
1882 |
+
session_start();
|
1883 |
+
}
|
1884 |
+
}
|
1885 |
+
}
|
1886 |
+
|
1887 |
+
function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
|
1888 |
+
global $Mo2fdbQueries,$LoginuserID;
|
1889 |
+
$LoginuserID = $user_id;
|
1890 |
+
$user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
|
1891 |
+
if(is_null($session_id)) {
|
1892 |
+
$session_id=$this->create_session();
|
1893 |
+
}
|
1894 |
+
if(MO2F_IS_ONPREM){
|
1895 |
+
$question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
|
1896 |
+
$challenge_questions = array_keys($question_answers);
|
1897 |
+
$random_keys = array_rand($challenge_questions,2);
|
1898 |
+
$challenge_ques1 = $challenge_questions[$random_keys[0]];
|
1899 |
+
$challenge_ques2 = $challenge_questions[$random_keys[1]];
|
1900 |
+
$questions[0] = array('question'=>$challenge_ques1);
|
1901 |
+
$questions[1] = array('question'=>$challenge_ques2);
|
1902 |
+
update_user_meta( $user_id, 'kba_questions_user', $questions );
|
1903 |
+
$mo2fa_login_message = 'Please answer the following questions:';
|
1904 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
|
1905 |
+
$mo2f_kbaquestions = $questions;
|
1906 |
+
MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
|
1907 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
|
1908 |
+
}
|
1909 |
+
|
1910 |
+
else{
|
1911 |
+
$challengeKba = new Customer_Setup();
|
1912 |
+
$content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
|
1913 |
+
$response = json_decode( $content, true );
|
1914 |
+
if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
|
1915 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
1916 |
+
MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
|
1917 |
+
$this->mo2f_transactionid = $response['txId'];
|
1918 |
+
$questions = array();
|
1919 |
+
$questions[0] = $response['questions'][0];
|
1920 |
+
$questions[1] = $response['questions'][1];
|
1921 |
+
MO2f_Utility::set_user_values( $session_id, 'mo_2_factor_kba_questions', $questions );
|
1922 |
+
$this->mo2f_kbaquestions=$questions;
|
1923 |
+
$mo2fa_login_message = 'Please answer the following questions:';
|
1924 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
|
1925 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
|
1926 |
+
} else if ( $response['status'] == 'ERROR' ) {
|
1927 |
+
$this->remove_current_activity($session_id);
|
1928 |
+
$error = new WP_Error();
|
1929 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
|
1930 |
+
|
1931 |
+
return $error;
|
1932 |
+
}
|
1933 |
+
} else {
|
1934 |
+
$this->remove_current_activity($session_id);
|
1935 |
+
$error = new WP_Error();
|
1936 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
|
1937 |
+
|
1938 |
+
return $error;
|
1939 |
+
}
|
1940 |
+
}
|
1941 |
+
}
|
1942 |
+
|
1943 |
+
function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt=null,$show_back_button =null ) {
|
1944 |
+
|
1945 |
+
$login_status = $mo2fa_login_status;
|
1946 |
+
$login_message = $mo2fa_login_message;
|
1947 |
+
switch ($login_status) {
|
1948 |
+
case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
|
1949 |
+
$transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
|
1950 |
+
mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
|
1951 |
+
exit;
|
1952 |
+
break;
|
1953 |
+
case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
|
1954 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1955 |
+
mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
|
1956 |
+
exit;
|
1957 |
+
break;
|
1958 |
+
case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
|
1959 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1960 |
+
mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button );
|
1961 |
+
exit;
|
1962 |
+
break;
|
1963 |
+
case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
|
1964 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1965 |
+
mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
|
1966 |
+
exit;
|
1967 |
+
break;
|
1968 |
+
case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
|
1969 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1970 |
+
mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
|
1971 |
+
exit;
|
1972 |
+
break;
|
1973 |
+
case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
|
1974 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1975 |
+
mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
|
1976 |
+
exit;
|
1977 |
+
break;
|
1978 |
+
case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
|
1979 |
+
mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
|
1980 |
+
exit;
|
1981 |
+
break;
|
1982 |
+
|
1983 |
+
case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
|
1984 |
+
$transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
|
1985 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1986 |
+
mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
|
1987 |
+
exit;
|
1988 |
+
break;
|
1989 |
+
|
1990 |
+
case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
|
1991 |
+
$transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt );
|
1992 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1993 |
+
mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
|
1994 |
+
exit;
|
1995 |
+
break;
|
1996 |
+
|
1997 |
+
case 'MO_2_FACTOR_RECONFIG_GOOGLE':
|
1998 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
1999 |
+
$this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
|
2000 |
+
exit;
|
2001 |
+
break;
|
2002 |
+
|
2003 |
+
case 'MO_2_FACTOR_RECONFIG_KBA':
|
2004 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
2005 |
+
$this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
|
2006 |
+
exit;
|
2007 |
+
break;
|
2008 |
+
|
2009 |
+
case 'MO_2_FACTOR_SETUP_SUCCESS':
|
2010 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
2011 |
+
$this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
|
2012 |
+
break;
|
2013 |
+
|
2014 |
+
case 'MO_2_FACTOR_GENERATE_BACKUP_CODES':
|
2015 |
+
$current_user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
2016 |
+
mo2f_backup_codes_generate($current_user_id, $redirect_to, $session_id_encrypt);
|
2017 |
+
exit;
|
2018 |
+
|
2019 |
+
case 'MO_2_FACTOR_CHALLENGE_BACKUP':
|
2020 |
+
mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt);
|
2021 |
+
exit;
|
2022 |
+
|
2023 |
+
case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
|
2024 |
+
$kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2_factor_kba_questions',$session_id_encrypt );
|
2025 |
+
if(MO2F_IS_ONPREM){
|
2026 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
2027 |
+
$ques = get_user_meta( $user_id, 'kba_questions_user');
|
2028 |
+
mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
|
2029 |
+
}
|
2030 |
+
else{
|
2031 |
+
mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
|
2032 |
+
}
|
2033 |
+
exit;
|
2034 |
+
break;
|
2035 |
+
|
2036 |
+
case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
|
2037 |
+
mo2f_get_device_form( $redirect_to, $session_id_encrypt );
|
2038 |
+
exit;
|
2039 |
+
break;
|
2040 |
+
|
2041 |
+
case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
|
2042 |
+
$user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id',$session_id_encrypt );
|
2043 |
+
prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
|
2044 |
+
exit;
|
2045 |
+
break;
|
2046 |
+
|
2047 |
+
default:
|
2048 |
+
$this->mo_2_factor_pass2login_show_wp_login_form();
|
2049 |
+
|
2050 |
+
break;
|
2051 |
+
}
|
2052 |
+
}
|
2053 |
+
|
2054 |
+
function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
|
2055 |
+
if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
|
2056 |
+
return true;
|
2057 |
+
}
|
2058 |
+
|
2059 |
+
return false;
|
2060 |
+
}
|
2061 |
+
|
2062 |
+
function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
|
2063 |
+
if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
|
2064 |
+
return true;
|
2065 |
+
}
|
2066 |
+
|
2067 |
+
return false;
|
2068 |
+
}
|
2069 |
+
|
2070 |
+
function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
|
2071 |
+
if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
|
2072 |
+
return true;
|
2073 |
+
}
|
2074 |
+
|
2075 |
+
return false;
|
2076 |
+
}
|
2077 |
+
|
2078 |
+
function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
|
2079 |
+
if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
|
2080 |
+
return true;
|
2081 |
+
}
|
2082 |
+
|
2083 |
+
return false;
|
2084 |
+
}
|
2085 |
+
|
2086 |
+
function miniorange_pass2login_reconfig_google( $login_status ) {
|
2087 |
+
if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
|
2088 |
+
return true;
|
2089 |
+
}
|
2090 |
+
|
2091 |
+
return false;
|
2092 |
+
}
|
2093 |
+
|
2094 |
+
function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
|
2095 |
+
|
2096 |
+
do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
|
2097 |
+
|
2098 |
+
|
2099 |
+
}
|
2100 |
+
|
2101 |
+
function miniorange_pass2login_reconfig_kba( $login_status ) {
|
2102 |
+
if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
|
2103 |
+
return true;
|
2104 |
+
}
|
2105 |
+
|
2106 |
+
return false;
|
2107 |
+
}
|
2108 |
+
|
2109 |
+
function miniorange_pass2login_check_kba_status( $login_status ) {
|
2110 |
+
if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
|
2111 |
+
return true;
|
2112 |
+
}
|
2113 |
+
|
2114 |
+
return false;
|
2115 |
+
}
|
2116 |
+
|
2117 |
+
function miniorange_pass2login_check_trusted_device_status( $login_status ) {
|
2118 |
+
|
2119 |
+
if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
|
2120 |
+
return true;
|
2121 |
+
}
|
2122 |
+
|
2123 |
+
return false;
|
2124 |
+
}
|
2125 |
+
|
2126 |
+
function mo_2_factor_pass2login_woocommerce(){
|
2127 |
+
?>
|
2128 |
+
<input type="hidden" name="mo_woocommerce_login_prompt" value="1">
|
2129 |
+
<?php
|
2130 |
+
}
|
2131 |
+
function mo_2_factor_pass2login_show_wp_login_form() {
|
2132 |
+
|
2133 |
+
$session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
2134 |
+
if(is_null($session_id_encrypt)) {
|
2135 |
+
$session_id_encrypt=$this->create_session();
|
2136 |
+
}
|
2137 |
+
if(class_exists('Theme_My_Login'))
|
2138 |
+
{
|
2139 |
+
wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
|
2140 |
+
wp_localize_script( 'tmlajax_script', 'my_ajax_object',
|
2141 |
+
array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
|
2142 |
+
}
|
2143 |
+
?>
|
2144 |
+
<p><input type="hidden" name="miniorange_login_nonce"
|
2145 |
+
value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
|
2146 |
+
|
2147 |
+
<input type="hidden" id="sessid" name="session_id"
|
2148 |
+
value="<?php echo $session_id_encrypt; ?>"/>
|
2149 |
+
|
2150 |
+
</p>
|
2151 |
+
|
2152 |
+
<?php
|
2153 |
+
if ( get_option( 'mo2f_remember_device' ) ) {
|
2154 |
+
?>
|
2155 |
+
<p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
|
2156 |
+
<?php
|
2157 |
+
wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
|
2158 |
+
wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
|
2159 |
+
wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
|
2160 |
+
wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
|
2161 |
+
wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
|
2162 |
+
wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
|
2163 |
+
wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
|
2164 |
+
wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
|
2165 |
+
wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
|
2166 |
+
}else{
|
2167 |
+
|
2168 |
+
|
2169 |
+
if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option'))
|
2170 |
+
{
|
2171 |
+
echo "\t<p>\n";
|
2172 |
+
echo "\t\t<label class=\"mo2f_instuction1\" title=\"".__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator')."\">".__('2 Factor Authentication code*','google-authenticator')."<span id=\"google-auth-info\"></span><br />\n";
|
2173 |
+
echo "\t\t<input type=\"text\" placeholder=\"No soft Token ? Skip\" name=\"mo_softtoken\" id=\"mo2f_2fa_code\" class=\"mo2f_2fa_code\" value=\"\" size=\"20\" style=\"ime-mode: inactive;\" /></label>\n";
|
2174 |
+
echo "\t<p class=\"mo2f_instuction2\" style='color:red; font-size:12px;padding:5px'>* Skip the authentication code if it doesn't apply.</p>\n";
|
2175 |
+
echo "\t</p>\n";
|
2176 |
+
echo " \r\n";
|
2177 |
+
echo " \r\n";
|
2178 |
+
echo "\n";
|
2179 |
+
}
|
2180 |
+
}
|
2181 |
+
|
2182 |
+
}
|
2183 |
+
|
2184 |
+
function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
|
2185 |
+
global $Mo2fdbQueries;
|
2186 |
+
if (is_null($session_id_encrypt)){
|
2187 |
+
$session_id_encrypt=$this->create_session();
|
2188 |
+
}
|
2189 |
+
$user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
2190 |
+
$useragent = $_SERVER['HTTP_USER_AGENT'];
|
2191 |
+
if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
|
2192 |
+
$session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
|
2193 |
+
|
2194 |
+
MO2f_Utility::unset_session_variables( $session_cookie_variables );
|
2195 |
+
MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
|
2196 |
+
MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
|
2197 |
+
|
2198 |
+
$mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
|
2199 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
|
2200 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
|
2201 |
+
} else {
|
2202 |
+
$challengeMobile = new Customer_Setup();
|
2203 |
+
$content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
|
2204 |
+
$response = json_decode( $content, true );
|
2205 |
+
if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
|
2206 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
2207 |
+
$qrCode = $response['qrCode'];
|
2208 |
+
MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_transactionId', $response['txId'] );
|
2209 |
+
$this->mo2f_transactionid=$response['txId'];
|
2210 |
+
$mo2fa_login_message = '';
|
2211 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
|
2212 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
|
2213 |
+
} else if ( $response['status'] == 'ERROR' ) {
|
2214 |
+
$this->remove_current_activity($session_id_encrypt);
|
2215 |
+
$error = new WP_Error();
|
2216 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
|
2217 |
+
|
2218 |
+
return $error;
|
2219 |
+
}
|
2220 |
+
} else {
|
2221 |
+
$this->remove_current_activity($session_id_encrypt);
|
2222 |
+
$error = new WP_Error();
|
2223 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
|
2224 |
+
|
2225 |
+
return $error;
|
2226 |
+
}
|
2227 |
+
}
|
2228 |
+
|
2229 |
+
}
|
2230 |
+
|
2231 |
+
function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
|
2232 |
+
|
2233 |
+
global $Mo2fdbQueries;
|
2234 |
+
if(is_null($session_id)){
|
2235 |
+
$session_id=$this->create_session();
|
2236 |
+
}
|
2237 |
+
$challengeMobile = new Customer_Setup();
|
2238 |
+
$user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
|
2239 |
+
if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
|
2240 |
+
include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
|
2241 |
+
$mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
|
2242 |
+
$content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
|
2243 |
+
|
2244 |
+
}else {
|
2245 |
+
$content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
|
2246 |
+
}
|
2247 |
+
$response = json_decode( $content, true );
|
2248 |
+
if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
|
2249 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
2250 |
+
MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
|
2251 |
+
$this->mo2f_transactionid=$response['txId'];
|
2252 |
+
|
2253 |
+
$mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
|
2254 |
+
$mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
|
2255 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
|
2256 |
+
} else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
|
2257 |
+
MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
|
2258 |
+
$this->mo2f_transactionid=$response['txId'];
|
2259 |
+
$mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
|
2260 |
+
$mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
|
2261 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
|
2262 |
+
}
|
2263 |
+
} else {
|
2264 |
+
$this->remove_current_activity($session_id);
|
2265 |
+
$error = new WP_Error();
|
2266 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
|
2267 |
+
|
2268 |
+
return $error;
|
2269 |
+
}
|
2270 |
+
}
|
2271 |
+
|
2272 |
+
function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
|
2273 |
+
global $Mo2fdbQueries;
|
2274 |
+
if(is_null($session_id)){
|
2275 |
+
$session_id=$this->create_session();
|
2276 |
+
}
|
2277 |
+
$mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
|
2278 |
+
if($mo2f_second_factor == 'EMAIL')
|
2279 |
+
{
|
2280 |
+
$mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
2281 |
+
$wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
|
2282 |
+
if($wdewdeqdqq >get_site_option('EmailTransactionCurrent', 30) or get_site_option(base64_encode("limitReached")))
|
2283 |
+
{
|
2284 |
+
update_site_option(base64_encode("remainingOTP"),0);
|
2285 |
+
}
|
2286 |
+
}
|
2287 |
+
else
|
2288 |
+
$mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
|
2289 |
+
if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
|
2290 |
+
$mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
|
2291 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
|
2292 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
|
2293 |
+
} else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
|
2294 |
+
$mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
|
2295 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
|
2296 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
|
2297 |
+
} else {
|
2298 |
+
$challengeMobile = new Customer_Setup();
|
2299 |
+
$content = '';
|
2300 |
+
$response = [];
|
2301 |
+
$otpLIMiTE = 0;
|
2302 |
+
if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
|
2303 |
+
{
|
2304 |
+
if($mo2f_second_factor == 'OTP Over SMS')
|
2305 |
+
$mo2f_second_factor = 'SMS';
|
2306 |
+
$content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
|
2307 |
+
$response = json_decode( $content, true );
|
2308 |
+
|
2309 |
+
}
|
2310 |
+
else
|
2311 |
+
{
|
2312 |
+
$response['status'] = 'FAILED';
|
2313 |
+
$response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
|
2314 |
+
$otpLIMiTE = 1;
|
2315 |
+
}
|
2316 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
2317 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
2318 |
+
if($mo2f_second_factor == 'EMAIL')
|
2319 |
+
{
|
2320 |
+
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
2321 |
+
if($cmVtYWluaW5nT1RQ>0)
|
2322 |
+
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
2323 |
+
}
|
2324 |
+
elseif($mo2f_second_factor == 'SMS')
|
2325 |
+
{
|
2326 |
+
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
2327 |
+
if($mo2f_sms>0)
|
2328 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
|
2329 |
+
}
|
2330 |
+
if(!isset($response['phoneDelivery']['contact']))
|
2331 |
+
$response['phoneDelivery']['contact'] = '';
|
2332 |
+
$message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
|
2333 |
+
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
2334 |
+
MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
|
2335 |
+
$this->mo2f_transactionid=$response['txId'];
|
2336 |
+
$mo2fa_login_message = $message;
|
2337 |
+
$currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
|
2338 |
+
|
2339 |
+
if($currentMethod == 'OTP Over Email')
|
2340 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
|
2341 |
+
else
|
2342 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
|
2343 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
|
2344 |
+
} else {
|
2345 |
+
|
2346 |
+
|
2347 |
+
if($response['message'] == 'TEST FAILED.')
|
2348 |
+
$response['message'] = 'There is an error in sending the OTP.';
|
2349 |
+
|
2350 |
+
$last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
|
2351 |
+
|
2352 |
+
if($otpLIMiTE ==1)
|
2353 |
+
$last_message = 'or contact miniOrange';
|
2354 |
+
|
2355 |
+
else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
|
2356 |
+
$last_message = 'Or check your SMTP Server and remaining transacions.';
|
2357 |
+
else
|
2358 |
+
$last_message = 'Or check your remaining transacions';
|
2359 |
+
|
2360 |
+
$message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
|
2361 |
+
if(!isset($response['txId']))
|
2362 |
+
$response['txId'] = '';
|
2363 |
+
MO2f_Utility::set_user_values( $session_id, "mo2f_transactionId", $response['txId'] );
|
2364 |
+
$this->mo2f_transactionid=$response['txId'];
|
2365 |
+
$mo2fa_login_message = $message;
|
2366 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
|
2367 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
|
2368 |
+
}
|
2369 |
+
} else {
|
2370 |
+
$this->remove_current_activity($session_id);
|
2371 |
+
$error = new WP_Error();
|
2372 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
|
2373 |
+
return $error;
|
2374 |
+
}
|
2375 |
+
}
|
2376 |
+
}
|
2377 |
+
|
2378 |
+
function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
|
2379 |
+
global $Mo2fdbQueries;
|
2380 |
+
if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
|
2381 |
+
$user_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_current_user_id', $session_id_encrypted );
|
2382 |
+
$mo2f_1stfactor_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_1stfactor_status', $session_id_encrypted );
|
2383 |
+
} else {
|
2384 |
+
$user_id=$this->mo2f_userID;
|
2385 |
+
$mo2f_1stfactor_status=$this->fstfactor;
|
2386 |
+
}
|
2387 |
+
|
2388 |
+
if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
|
2389 |
+
$currentuser = get_user_by( 'id', $user_id );
|
2390 |
+
wp_set_current_user( $user_id, $currentuser->user_login );
|
2391 |
+
$mobile_login = new Miniorange_Mobile_Login();
|
2392 |
+
$mobile_login->remove_current_activity($session_id_encrypted);
|
2393 |
+
wp_set_auth_cookie( $user_id, true );
|
2394 |
+
do_action( 'wp_login', $currentuser->user_login, $currentuser );
|
2395 |
+
redirect_user_to( $currentuser, $redirect_to );
|
2396 |
+
exit;
|
2397 |
+
} else {
|
2398 |
+
$this->remove_current_activity($session_id_encrypted);
|
2399 |
+
}
|
2400 |
+
}
|
2401 |
+
|
2402 |
+
function create_session(){
|
2403 |
+
global $Mo2fdbQueries;
|
2404 |
+
$session_id = MO2f_Utility::random_str(20);
|
2405 |
+
$Mo2fdbQueries->insert_user_login_session($session_id);
|
2406 |
+
$key = get_option( 'mo2f_encryption_key' );
|
2407 |
+
$session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
|
2408 |
+
return $session_id_encrypt;
|
2409 |
+
}
|
2410 |
+
|
2411 |
+
function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
|
2412 |
+
|
2413 |
+
global $Mo2fdbQueries;
|
2414 |
+
$this->miniorange_pass2login_start_session();
|
2415 |
+
if(is_null($session_id_encrypt)) {
|
2416 |
+
$session_id_encrypt=$this->create_session();
|
2417 |
+
}
|
2418 |
+
|
2419 |
+
if(class_exists('UM_Functions'))
|
2420 |
+
{
|
2421 |
+
if(!isset($_POST['wp-submit']) and isset($_POST['um_request']))
|
2422 |
+
{
|
2423 |
+
$meta = get_option('um_role_'.$currentuser->roles[0].'_meta');
|
2424 |
+
if(isset($meta) and $meta != '')
|
2425 |
+
{
|
2426 |
+
if(isset($meta['_um_login_redirect_url']))
|
2427 |
+
$redirect_to = $meta['_um_login_redirect_url'];
|
2428 |
+
if($redirect_to == '')
|
2429 |
+
{
|
2430 |
+
$redirect_to = get_site_url();
|
2431 |
+
}
|
2432 |
+
}
|
2433 |
+
$login_form_url = '';
|
2434 |
+
if(isset($_POST['redirect_to']))
|
2435 |
+
$login_form_url = esc_url_raw($_POST['redirect_to']);
|
2436 |
+
|
2437 |
+
if($login_form_url != '' and !is_null($login_form_url))
|
2438 |
+
{
|
2439 |
+
$redirect_to = $login_form_url;
|
2440 |
+
}
|
2441 |
+
|
2442 |
+
}
|
2443 |
+
|
2444 |
+
}
|
2445 |
+
MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID);
|
2446 |
+
MO2f_Utility::set_user_values($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS');
|
2447 |
+
|
2448 |
+
$this->mo2f_userID=$currentuser->ID;
|
2449 |
+
$this->fstfactor='VALIDATE_SUCCESS';
|
2450 |
+
|
2451 |
+
$is_customer_admin = true;
|
2452 |
+
|
2453 |
+
$dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
|
2454 |
+
if($dG90YWxVc2Vyc0Nsb3Vk<3)
|
2455 |
+
$is_customer_admin = true;
|
2456 |
+
|
2457 |
+
$roles = ( array ) $currentuser->roles;
|
2458 |
+
$twofactor_enabled = 0;
|
2459 |
+
foreach ( $roles as $role ) {
|
2460 |
+
if(get_option('mo2fa_'.$role)=='1')
|
2461 |
+
$twofactor_enabled=1;
|
2462 |
+
}
|
2463 |
+
|
2464 |
+
if ( $is_customer_admin && $twofactor_enabled ) {
|
2465 |
+
$mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
|
2466 |
+
$kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
|
2467 |
+
|
2468 |
+
if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
|
2469 |
+
$mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
|
2470 |
+
}else{
|
2471 |
+
$mo2f_allwed_login_attempts= 'disabled';
|
2472 |
+
}
|
2473 |
+
update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
|
2474 |
+
|
2475 |
+
$twofactor_transactions = new Mo2fDB;
|
2476 |
+
$exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
|
2477 |
+
$tfa_enabled = $Mo2fdbQueries->get_user_detail( 'mo2f_2factor_enable_2fa_byusers', $currentuser->ID );
|
2478 |
+
if($tfa_enabled == 0 && ($mo_2factor_user_registration_status != 'MO_2_FACTOR_PLUGIN_SETTINGS') && $tfa_enabled != '')
|
2479 |
+
$exceeded =1;
|
2480 |
+
|
2481 |
+
if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
|
2482 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
|
2483 |
+
try {
|
2484 |
+
$mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
|
2485 |
+
MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
|
2486 |
+
$this->mo2f_rbastatus=$mo2f_rba_status;
|
2487 |
+
} catch ( Exception $e ) {
|
2488 |
+
echo $e->getMessage();
|
2489 |
+
}
|
2490 |
+
|
2491 |
+
if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
|
2492 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
2493 |
+
} else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
|
2494 |
+
|
2495 |
+
$this->mo2f_restrict_access( 'Access_denied' );
|
2496 |
+
exit;
|
2497 |
+
} else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
|
2498 |
+
$this->mo2f_restrict_access( 'Access_denied' );
|
2499 |
+
exit;
|
2500 |
+
} else {
|
2501 |
+
|
2502 |
+
$mo2f_second_factor = '';
|
2503 |
+
|
2504 |
+
if(MO2F_IS_ONPREM)
|
2505 |
+
$mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
|
2506 |
+
else
|
2507 |
+
$mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
|
2508 |
+
|
2509 |
+
if($mo2f_second_factor == 'miniOrange Soft Token')
|
2510 |
+
$mo2f_second_factor = "SOFT TOKEN";
|
2511 |
+
else if($mo2f_second_factor == "miniOrange Push Notification")
|
2512 |
+
$mo2f_second_factor = "PUSH NOTIFICATIONS";
|
2513 |
+
else if($mo2f_second_factor == "miniOrange QR Code Authentication")
|
2514 |
+
$mo2f_second_factor = "MOBILE AUTHENTICATION";
|
2515 |
+
else if($mo2f_second_factor == 'Security Questions')
|
2516 |
+
$mo2f_second_factor = 'KBA';
|
2517 |
+
else if($mo2f_second_factor == 'Google Authenticator')
|
2518 |
+
$mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
|
2519 |
+
else if($mo2f_second_factor == 'OTP Over SMS')
|
2520 |
+
$mo2f_second_factor = 'SMS';
|
2521 |
+
else if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
|
2522 |
+
$mo2f_second_factor = "EMAIL";
|
2523 |
+
|
2524 |
+
if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
|
2525 |
+
{
|
2526 |
+
update_site_option("bGltaXRSZWFjaGVk",1);
|
2527 |
+
|
2528 |
+
}
|
2529 |
+
}
|
2530 |
+
|
2531 |
+
|
2532 |
+
if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
|
2533 |
+
{
|
2534 |
+
$error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
|
2535 |
+
if(is_wp_error( $error))
|
2536 |
+
{
|
2537 |
+
return $error;
|
2538 |
+
}
|
2539 |
+
}
|
2540 |
+
else{
|
2541 |
+
|
2542 |
+
if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
|
2543 |
+
$this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
|
2544 |
+
} else {
|
2545 |
+
|
2546 |
+
if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
|
2547 |
+
$this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
|
2548 |
+
} else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification') {
|
2549 |
+
$this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
|
2550 |
+
} else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL') {
|
2551 |
+
$this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
|
2552 |
+
} else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
|
2553 |
+
$this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
|
2554 |
+
} else if ( $mo2f_second_factor == 'NONE' ) {
|
2555 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
|
2556 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
2557 |
+
else
|
2558 |
+
return $currentuser;
|
2559 |
+
} else {
|
2560 |
+
$this->remove_current_activity($session_id_encrypt);
|
2561 |
+
$error = new WP_Error();
|
2562 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
|
2563 |
+
$data = array('notice' => '<div style="border-left:3px solid #dc3232;"> Two Factor method has not been configured.', );
|
2564 |
+
wp_send_json_success($data);
|
2565 |
+
}
|
2566 |
+
else{
|
2567 |
+
$error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
|
2568 |
+
return $error;
|
2569 |
+
}
|
2570 |
+
}
|
2571 |
+
}
|
2572 |
+
}
|
2573 |
+
|
2574 |
+
}
|
2575 |
+
}else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
|
2576 |
+
$this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
|
2577 |
+
|
2578 |
+
} else {
|
2579 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
|
2580 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
2581 |
+
else
|
2582 |
+
return $currentuser;
|
2583 |
+
}
|
2584 |
+
|
2585 |
+
} else { //plugin is not activated for current role then logged him in without asking 2 factor
|
2586 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
|
2587 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
2588 |
+
else
|
2589 |
+
return $currentuser;
|
2590 |
+
}
|
2591 |
+
|
2592 |
+
}
|
2593 |
+
|
2594 |
+
function mo2fa_inline($currentuser,$redirect_to,$session_id){
|
2595 |
+
|
2596 |
+
global $Mo2fdbQueries;
|
2597 |
+
$currentUserId = $currentuser->ID;
|
2598 |
+
$email = $currentuser->user_email;
|
2599 |
+
$Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
|
2600 |
+
$Mo2fdbQueries->update_user_details( $currentUserId, array(
|
2601 |
+
'user_registration_with_miniorange' =>'SUCCESS',
|
2602 |
+
'mo2f_user_email' =>$email,
|
2603 |
+
'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
|
2604 |
+
) );
|
2605 |
+
|
2606 |
+
$mo2fa_login_message = '';
|
2607 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
2608 |
+
|
2609 |
+
$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
|
2610 |
+
//}
|
2611 |
+
}
|
2612 |
+
|
2613 |
+
function mo2f_validate_soft_token($currentuser, $redirect_to = null, $mo2f_second_factor, $softtoken,$session_id_encrypt){
|
2614 |
+
global $Mo2fdbQueries;
|
2615 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
|
2616 |
+
$customer = new Customer_Setup();
|
2617 |
+
$content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
2618 |
+
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
|
2619 |
+
if ( get_option( 'mo2f_remember_device' ) ) {
|
2620 |
+
$mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
|
2621 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
|
2622 |
+
} else {
|
2623 |
+
$this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
|
2624 |
+
}
|
2625 |
+
} else {
|
2626 |
+
if( MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
|
2627 |
+
$data = array('notice' => '<div style="border-left:3px solid #dc3232;"> Invalid One Time Passcode.', );
|
2628 |
+
wp_send_json_success($data);
|
2629 |
+
}
|
2630 |
+
else
|
2631 |
+
return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
|
2632 |
+
}
|
2633 |
+
}
|
2634 |
+
|
2635 |
+
function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
|
2636 |
+
{
|
2637 |
+
|
2638 |
+
$challengeMobile = new Customer_Setup();
|
2639 |
+
$content = '';
|
2640 |
+
$response = [];
|
2641 |
+
$otpLIMiTE = 0;
|
2642 |
+
if(get_site_option("cmVtYWluaW5nT1RQ")>0)
|
2643 |
+
{
|
2644 |
+
$content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
|
2645 |
+
$response = json_decode( $content, true );
|
2646 |
+
if(!MO2F_IS_ONPREM)
|
2647 |
+
{
|
2648 |
+
if(isset($response['txId']))
|
2649 |
+
MO2f_Utility::set_user_values( $session_id_encrypt, "mo2f_transactionId", $response['txId'] );
|
2650 |
+
}
|
2651 |
+
|
2652 |
+
}
|
2653 |
+
else
|
2654 |
+
{
|
2655 |
+
$response['status'] = 'FAILED';
|
2656 |
+
$response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
|
2657 |
+
$otpLIMiTE = 1;
|
2658 |
+
}
|
2659 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
2660 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
2661 |
+
$cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
|
2662 |
+
if($cmVtYWluaW5nT1RQ>0)
|
2663 |
+
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
2664 |
+
$mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
|
2665 |
+
$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
|
2666 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 );
|
2667 |
+
}
|
2668 |
+
else
|
2669 |
+
{
|
2670 |
+
$mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
|
2671 |
+
$mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
|
2672 |
+
$this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
|
2673 |
+
}
|
2674 |
+
}
|
2675 |
+
}
|
2676 |
+
function mo2f_restrict_access( $identity ) {
|
2677 |
+
apply_filters( 'mo2f_rba_addon', $identity );
|
2678 |
+
exit;
|
2679 |
+
}
|
2680 |
+
|
2681 |
+
function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
|
2682 |
+
$session_id=$this->create_session();
|
2683 |
+
if ( get_option( 'mo2f_remember_device' ) ) {
|
2684 |
+
$this->miniorange_pass2login_start_session();
|
2685 |
+
|
2686 |
+
|
2687 |
+
MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
|
2688 |
+
$this->mo2f_userID=$currentuser->ID;
|
2689 |
+
|
2690 |
+
mo2f_collect_device_attributes_handler( $redirect_to,$session_id );
|
2691 |
+
exit;
|
2692 |
+
} else {
|
2693 |
+
$this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to ,null ,$session_id );
|
2694 |
+
}
|
2695 |
+
}
|
2696 |
+
|
2697 |
+
function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
|
2698 |
+
if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
|
2699 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
|
2700 |
+
$data = array('notice' => '<div style="border-left:3px solid #dc3232;"> Invalid User Credentials', );
|
2701 |
+
wp_send_json_success($data);
|
2702 |
+
}
|
2703 |
+
else
|
2704 |
+
return $user;
|
2705 |
+
}
|
2706 |
+
if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
|
2707 |
+
return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
|
2708 |
+
}
|
2709 |
+
// if an app password is enabled, this is an XMLRPC / APP login ?
|
2710 |
+
if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
|
2711 |
+
|
2712 |
+
$currentuser = wp_authenticate_username_password( $user, $username, $password );
|
2713 |
+
if ( is_wp_error( $currentuser ) ) {
|
2714 |
+
$this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
|
2715 |
+
|
2716 |
+
return false;
|
2717 |
+
} else {
|
2718 |
+
return $currentuser;
|
2719 |
+
}
|
2720 |
+
|
2721 |
+
} else {
|
2722 |
+
$currentuser = wp_authenticate_username_password( $user, $username, $password );
|
2723 |
+
if ( is_wp_error( $currentuser ) ) {
|
2724 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
|
2725 |
+
$data = array('notice' => '<div style="border-left:3px solid #dc3232;"> Invalid User Credentials', );
|
2726 |
+
wp_send_json_success($data);
|
2727 |
+
}
|
2728 |
+
else{
|
2729 |
+
$currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
|
2730 |
+
return $currentuser;
|
2731 |
+
}
|
2732 |
+
} else {
|
2733 |
+
global $Mo2fdbQueries;
|
2734 |
+
|
2735 |
+
$session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
2736 |
+
|
2737 |
+
$redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to'] ): null;
|
2738 |
+
$mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
|
2739 |
+
$cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
|
2740 |
+
if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
|
2741 |
+
{
|
2742 |
+
$this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
|
2743 |
+
}
|
2744 |
+
else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
|
2745 |
+
{
|
2746 |
+
$this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
|
2747 |
+
}
|
2748 |
+
else
|
2749 |
+
{
|
2750 |
+
if ( empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')))
|
2751 |
+
{
|
2752 |
+
|
2753 |
+
|
2754 |
+
if(isset($_POST['mo_woocommerce_login_prompt'])){
|
2755 |
+
|
2756 |
+
$this->miniorange_initiate_2nd_factor( $currentuser, "", "","",$session_id);
|
2757 |
+
}
|
2758 |
+
if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
|
2759 |
+
$data = array('notice' => '<div style="border-left:3px solid #dc3232;"> Please enter the One Time Passcode', );
|
2760 |
+
wp_send_json_success($data);
|
2761 |
+
}
|
2762 |
+
else
|
2763 |
+
return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
|
2764 |
+
// Prevent PHP notices when using app password login
|
2765 |
+
|
2766 |
+
}
|
2767 |
+
else
|
2768 |
+
{
|
2769 |
+
$otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
|
2770 |
+
}
|
2771 |
+
$attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
|
2772 |
+
$session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
|
2773 |
+
|
2774 |
+
$redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
|
2775 |
+
|
2776 |
+
if(is_null($session_id)) {
|
2777 |
+
$session_id=$this->create_session();
|
2778 |
+
}
|
2779 |
+
|
2780 |
+
|
2781 |
+
$error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
|
2782 |
+
|
2783 |
+
|
2784 |
+
if(is_wp_error( $error)){
|
2785 |
+
return $error;
|
2786 |
+
}
|
2787 |
+
return $error;
|
2788 |
+
}
|
2789 |
+
}
|
2790 |
+
}
|
2791 |
+
|
2792 |
+
}
|
2793 |
+
|
2794 |
+
function display_email_verification($head,$body,$color)
|
2795 |
+
{
|
2796 |
+
echo "<div style='background-color: #d5e3d9; height:850px;' >
|
2797 |
+
<div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
|
2798 |
+
<div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
|
2799 |
+
<img alt='logo' style='margin-left:240px ;
|
2800 |
+
margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
|
2801 |
+
<div><hr></div>
|
2802 |
+
|
2803 |
+
<tbody>
|
2804 |
+
<tr>
|
2805 |
+
<td>
|
2806 |
+
|
2807 |
+
<p style='margin-top:0;margin-bottom:10px'>
|
2808 |
+
<p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".$head ."</h1></p>
|
2809 |
+
<p style='margin-top:0;margin-bottom:10px'>
|
2810 |
+
<p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".$body."</h2></p>
|
2811 |
+
<p style='margin-top:0;margin-bottom:0px;font-size:11px'>
|
2812 |
+
|
2813 |
+
</td>
|
2814 |
+
</tr>
|
2815 |
+
|
2816 |
+
</div>
|
2817 |
+
</div>
|
2818 |
+
</div>";
|
2819 |
+
}
|
2820 |
+
|
2821 |
+
function mo_2_factor_enable_jquery_default_login() {
|
2822 |
+
wp_enqueue_script( 'jquery' );
|
2823 |
+
}
|
2824 |
+
|
2825 |
+
function miniorange_pass2login_footer_form() {
|
2826 |
+
?>
|
2827 |
+
<script>
|
2828 |
+
jQuery(document).ready(function () {
|
2829 |
+
if (document.getElementById('loginform') != null) {
|
2830 |
+
jQuery('#loginform').on('submit', function (e) {
|
2831 |
+
jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
|
2832 |
+
});
|
2833 |
+
} else {
|
2834 |
+
if (document.getElementsByClassName('login') != null) {
|
2835 |
+
jQuery('.login').on('submit', function (e) {
|
2836 |
+
jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
|
2837 |
+
});
|
2838 |
+
}
|
2839 |
+
}
|
2840 |
+
});
|
2841 |
+
</script>
|
2842 |
+
<?php
|
2843 |
+
|
2844 |
+
}
|
2845 |
+
|
2846 |
+
|
2847 |
+
}
|
2848 |
+
|
2849 |
+
?>
|
handler/twofa/two_fa_settings.php
CHANGED
@@ -280,7 +280,7 @@ class Miniorange_Authentication {
|
|
280 |
if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
|
281 |
$customer = new Customer_Setup();
|
282 |
|
283 |
-
$content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
284 |
|
285 |
update_option( 'mo2f_set_transactions', 1 );
|
286 |
if ( ! array_key_exists( 'smsRemaining', $content ) ) {
|
@@ -1059,7 +1059,7 @@ class Miniorange_Authentication {
|
|
1059 |
}
|
1060 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
|
1061 |
$customer = new Customer_Setup();
|
1062 |
-
$content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
1063 |
if ( ! array_key_exists( 'smsRemaining', $content ) ) {
|
1064 |
$smsRemaining = 0;
|
1065 |
} else {
|
@@ -1863,19 +1863,20 @@ class Miniorange_Authentication {
|
|
1863 |
$this->mo_auth_show_error_message();
|
1864 |
return;
|
1865 |
}
|
1866 |
-
if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_2'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans2'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kbaquestion_3'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_kba_ans3'] ) ) {
|
1867 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
|
1868 |
-
$this->mo_auth_show_error_message();
|
1869 |
-
return;
|
1870 |
-
}
|
1871 |
|
1872 |
-
$kba_q1 = $_POST['mo2f_kbaquestion_1'];
|
1873 |
$kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
|
1874 |
-
$kba_q2 = $_POST['mo2f_kbaquestion_2'];
|
1875 |
$kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
|
1876 |
$kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
|
1877 |
$kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
|
1878 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1879 |
if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
|
1880 |
update_option( 'mo2f_message', 'The questions you select must be unique.' );
|
1881 |
$this->mo_auth_show_error_message();
|
@@ -2036,7 +2037,9 @@ class Miniorange_Authentication {
|
|
2036 |
update_option( 'mo2f_transactionId', $content['txId'] );
|
2037 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
2038 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
2039 |
-
|
|
|
|
|
2040 |
$this->mo_auth_show_success_message();
|
2041 |
} else {
|
2042 |
update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
|
@@ -2309,6 +2312,7 @@ class Miniorange_Authentication {
|
|
2309 |
$response['status'] = 'FAILED';
|
2310 |
if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0) {
|
2311 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
|
|
2312 |
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
2313 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
2314 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
@@ -2526,11 +2530,14 @@ class Miniorange_Authentication {
|
|
2526 |
if($selected_2FA_method == 'OTP Over Email')
|
2527 |
{
|
2528 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
|
|
2529 |
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
2530 |
}
|
2531 |
else if($selected_2FA_method == 'OTP Over SMS')
|
2532 |
{
|
2533 |
-
|
|
|
|
|
2534 |
}
|
2535 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
2536 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
@@ -2618,6 +2625,17 @@ class Miniorange_Authentication {
|
|
2618 |
}
|
2619 |
}
|
2620 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2621 |
}
|
2622 |
|
2623 |
function mo_auth_deactivate() {
|
280 |
if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
|
281 |
$customer = new Customer_Setup();
|
282 |
|
283 |
+
$content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
|
284 |
|
285 |
update_option( 'mo2f_set_transactions', 1 );
|
286 |
if ( ! array_key_exists( 'smsRemaining', $content ) ) {
|
1059 |
}
|
1060 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
|
1061 |
$customer = new Customer_Setup();
|
1062 |
+
$content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
|
1063 |
if ( ! array_key_exists( 'smsRemaining', $content ) ) {
|
1064 |
$smsRemaining = 0;
|
1065 |
} else {
|
1863 |
$this->mo_auth_show_error_message();
|
1864 |
return;
|
1865 |
}
|
|
|
|
|
|
|
|
|
|
|
1866 |
|
1867 |
+
$kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
|
1868 |
$kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
|
1869 |
+
$kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
|
1870 |
$kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
|
1871 |
$kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
|
1872 |
$kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
|
1873 |
|
1874 |
+
if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
|
1875 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
|
1876 |
+
$this->mo_auth_show_error_message();
|
1877 |
+
return;
|
1878 |
+
}
|
1879 |
+
|
1880 |
if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
|
1881 |
update_option( 'mo2f_message', 'The questions you select must be unique.' );
|
1882 |
$this->mo_auth_show_error_message();
|
2037 |
update_option( 'mo2f_transactionId', $content['txId'] );
|
2038 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
2039 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
2040 |
+
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
2041 |
+
if($mo2f_sms>0)
|
2042 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
|
2043 |
$this->mo_auth_show_success_message();
|
2044 |
} else {
|
2045 |
update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
|
2312 |
$response['status'] = 'FAILED';
|
2313 |
if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0) {
|
2314 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
2315 |
+
if($cmVtYWluaW5nT1RQ>0)
|
2316 |
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
2317 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
2318 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
2530 |
if($selected_2FA_method == 'OTP Over Email')
|
2531 |
{
|
2532 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
2533 |
+
if($cmVtYWluaW5nT1RQ>0)
|
2534 |
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
2535 |
}
|
2536 |
else if($selected_2FA_method == 'OTP Over SMS')
|
2537 |
{
|
2538 |
+
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
2539 |
+
if($mo2f_sms>0)
|
2540 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
|
2541 |
}
|
2542 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
2543 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
2625 |
}
|
2626 |
}
|
2627 |
|
2628 |
+
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_2factor_generate_backup_codes' ) {
|
2629 |
+
$nonce = sanitize_text_field($_POST['mo_2factor_generate_backup_codes_nonce']);
|
2630 |
+
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-generate-backup-codes-nonce' ) ) {
|
2631 |
+
$error = new WP_Error();
|
2632 |
+
$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
|
2633 |
+
return $error;
|
2634 |
+
}else {
|
2635 |
+
MO2f_Utility::mo2f_mail_and_download_codes();
|
2636 |
+
}
|
2637 |
+
}
|
2638 |
+
|
2639 |
}
|
2640 |
|
2641 |
function mo_auth_deactivate() {
|
handler/twofa/two_fa_short_call.php
CHANGED
@@ -1,44 +1,44 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
include_once('two_fa_short_gateway.php');
|
4 |
-
|
5 |
-
class TwoFACustomRegFormAPI
|
6 |
-
{
|
7 |
-
public function __construct()
|
8 |
-
{
|
9 |
-
|
10 |
-
}
|
11 |
-
|
12 |
-
public static function challenge($phone_number,$email,$authTypeSend)
|
13 |
-
{
|
14 |
-
|
15 |
-
|
16 |
-
if($authTypeSend == 'email')
|
17 |
-
{
|
18 |
-
$auierpyasdcRy = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
19 |
-
$cmVtYWluaW5nT1RQ = $auierpyasdcRy? $auierpyasdcRy : 0;
|
20 |
-
|
21 |
-
if($cmVtYWluaW5nT1RQ > 0)
|
22 |
-
{
|
23 |
-
$response = TwoFAMOGateway:: mo_send_otp_token('EMAIL', '', $email);
|
24 |
-
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
25 |
-
}
|
26 |
-
else
|
27 |
-
{
|
28 |
-
$response = ['status'=>'ERROR','message'=>'Email Transaction Limit Exceeded'];
|
29 |
-
wp_send_json($response);
|
30 |
-
}
|
31 |
-
}
|
32 |
-
else
|
33 |
-
{
|
34 |
-
$response = TwoFAMOGateway:: mo_send_otp_token('SMS', $phone_number, $email);
|
35 |
-
}
|
36 |
-
wp_send_json($response);
|
37 |
-
|
38 |
-
}
|
39 |
-
|
40 |
-
public static function validate($txId, $otp)
|
41 |
-
{
|
42 |
-
wp_send_json(TwoFAMOGateway :: mo_validate_otp_token('OTP',$txId, $otp));
|
43 |
-
}
|
44 |
}
|
1 |
+
<?php
|
2 |
+
|
3 |
+
include_once('two_fa_short_gateway.php');
|
4 |
+
|
5 |
+
class TwoFACustomRegFormAPI
|
6 |
+
{
|
7 |
+
public function __construct()
|
8 |
+
{
|
9 |
+
|
10 |
+
}
|
11 |
+
|
12 |
+
public static function challenge($phone_number,$email,$authTypeSend)
|
13 |
+
{
|
14 |
+
|
15 |
+
|
16 |
+
if($authTypeSend == 'email')
|
17 |
+
{
|
18 |
+
$auierpyasdcRy = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
19 |
+
$cmVtYWluaW5nT1RQ = $auierpyasdcRy? $auierpyasdcRy : 0;
|
20 |
+
|
21 |
+
if($cmVtYWluaW5nT1RQ > 0)
|
22 |
+
{
|
23 |
+
$response = TwoFAMOGateway:: mo_send_otp_token('EMAIL', '', $email);
|
24 |
+
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
25 |
+
}
|
26 |
+
else
|
27 |
+
{
|
28 |
+
$response = ['status'=>'ERROR','message'=>'Email Transaction Limit Exceeded'];
|
29 |
+
wp_send_json($response);
|
30 |
+
}
|
31 |
+
}
|
32 |
+
else
|
33 |
+
{
|
34 |
+
$response = TwoFAMOGateway:: mo_send_otp_token('SMS', $phone_number, $email);
|
35 |
+
}
|
36 |
+
wp_send_json($response);
|
37 |
+
|
38 |
+
}
|
39 |
+
|
40 |
+
public static function validate($txId, $otp)
|
41 |
+
{
|
42 |
+
wp_send_json(TwoFAMOGateway :: mo_validate_otp_token('OTP',$txId, $otp));
|
43 |
+
}
|
44 |
}
|
handler/twofa/two_fa_short_gateway.php
CHANGED
@@ -27,13 +27,16 @@ class TwoFAMOGateway
|
|
27 |
if($authType == 'EMAIL')
|
28 |
{
|
29 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
|
|
30 |
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
31 |
$content = (new Customer_Cloud_Setup)->send_otp_token($email,$authType,$customerKey,$apiKey);
|
32 |
}
|
33 |
|
34 |
else
|
35 |
{
|
36 |
-
|
|
|
|
|
37 |
$content = (new Customer_Cloud_Setup)->send_otp_token($phone,$authType,$customerKey,$apiKey);
|
38 |
}
|
39 |
return json_decode($content,TRUE);
|
27 |
if($authType == 'EMAIL')
|
28 |
{
|
29 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
30 |
+
if($cmVtYWluaW5nT1RQ>0)
|
31 |
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
32 |
$content = (new Customer_Cloud_Setup)->send_otp_token($email,$authType,$customerKey,$apiKey);
|
33 |
}
|
34 |
|
35 |
else
|
36 |
{
|
37 |
+
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
38 |
+
if($mo2f_sms>0)
|
39 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
|
40 |
$content = (new Customer_Cloud_Setup)->send_otp_token($phone,$authType,$customerKey,$apiKey);
|
41 |
}
|
42 |
return json_decode($content,TRUE);
|
handler/twofa/two_fa_utility.php
CHANGED
@@ -561,6 +561,130 @@ class MO2f_Utility {
|
|
561 |
}
|
562 |
}
|
563 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
564 |
|
565 |
}
|
566 |
|
561 |
}
|
562 |
}
|
563 |
|
564 |
+
public static function get_codes_email_content($codes){
|
565 |
+
$message = '<table cellpadding="25" style="margin:0px auto">
|
566 |
+
<tbody>
|
567 |
+
<tr>
|
568 |
+
<td>
|
569 |
+
<table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
|
570 |
+
<tbody>
|
571 |
+
<tr>
|
572 |
+
<td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
|
573 |
+
</tr>
|
574 |
+
</tbody>
|
575 |
+
</table>
|
576 |
+
<table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
|
577 |
+
<tbody>
|
578 |
+
<tr>
|
579 |
+
<td>
|
580 |
+
<p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
|
581 |
+
<p style="margin-top:0;margin-bottom:10px">You initiated a transaction from <b>WordPress 2 Factor Authentication Plugin</b>:</p>
|
582 |
+
<p style="margin-top:0;margin-bottom:10px">Your backup codes are:-
|
583 |
+
<table cellspacing="10">
|
584 |
+
<tr><td>'.$codes[0].'</td><td>'.$codes[1].'</td><td>'.$codes[2].'</td><td>'.$codes[3].'</td><td>'.$codes[4].'</td>
|
585 |
+
</table></p>
|
586 |
+
<p style="margin-top:0;margin-bottom:10px">Please use this carefully as each code can only be used once. Please do not share these codes with anyone.</p>
|
587 |
+
<p style="margin-top:0;margin-bottom:10px">Also, we would highly recommend you to reconfigure your two-factor after logging in.</p>
|
588 |
+
<p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
|
589 |
+
<p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
|
590 |
+
</div></div></td>
|
591 |
+
</tr>
|
592 |
+
</tbody>
|
593 |
+
</table>
|
594 |
+
</td>
|
595 |
+
</tr>
|
596 |
+
</tbody>
|
597 |
+
</table>';
|
598 |
+
return $message;
|
599 |
+
}
|
600 |
+
|
601 |
+
public static function get_codes_warning_email_content($codes_remaining){
|
602 |
+
$message = '<table cellpadding="25" style="margin:0px auto">
|
603 |
+
<tbody>
|
604 |
+
<tr>
|
605 |
+
<td>
|
606 |
+
<table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
|
607 |
+
<tbody>
|
608 |
+
<tr>
|
609 |
+
<td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
|
610 |
+
</tr>
|
611 |
+
</tbody>
|
612 |
+
</table>
|
613 |
+
<table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
|
614 |
+
<tbody>
|
615 |
+
<tr>
|
616 |
+
<td>
|
617 |
+
<p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
|
618 |
+
<p style="margin-top:0;margin-bottom:10px">You have '.$codes_remaining.' backup codes remaining. Kindly reconfigure your two-factor to avoid being locked out.</b></p>
|
619 |
+
<p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
|
620 |
+
<p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
|
621 |
+
</div></div></td>
|
622 |
+
</tr>
|
623 |
+
</tbody>
|
624 |
+
</table>
|
625 |
+
</td>
|
626 |
+
</tr>
|
627 |
+
</tbody>
|
628 |
+
</table>';
|
629 |
+
return $message;
|
630 |
+
}
|
631 |
+
|
632 |
+
public static function mo_2f_generate_backup_codes(){
|
633 |
+
$codes=array();
|
634 |
+
for ($x = 0; $x < 5; $x++) {
|
635 |
+
$str = MO2f_Utility::random_str(10);
|
636 |
+
array_push($codes,$str);
|
637 |
+
}
|
638 |
+
return $codes;
|
639 |
+
}
|
640 |
+
|
641 |
+
public static function mo2f_get_codes_hash($codes){
|
642 |
+
$codes_hash=array();
|
643 |
+
for ($x = 0; $x < 5; $x++) {
|
644 |
+
$str = $codes[$x];
|
645 |
+
array_push($codes_hash,md5($str));
|
646 |
+
}
|
647 |
+
return $codes_hash;
|
648 |
+
}
|
649 |
+
|
650 |
+
public static function mo2f_email_backup_codes($codes, $mo2f_user_email){
|
651 |
+
$subject = '2-Factor Authentication(Backup Codes)';
|
652 |
+
$headers = array('Content-Type: text/html; charset=UTF-8');
|
653 |
+
$message = MO2f_Utility::get_codes_email_content($codes);
|
654 |
+
$result = wp_mail($mo2f_user_email,$subject,$message,$headers);
|
655 |
+
return $result;
|
656 |
+
}
|
657 |
+
|
658 |
+
public static function mo2f_download_backup_codes($id, $codes){
|
659 |
+
update_user_meta($id, 'mo_backup_code_downloaded', 1);
|
660 |
+
header('Content-Disposition: attachment; filename=miniOrange2-factor-BackupCodes.txt');
|
661 |
+
echo "Two Factor Backup Codes:".PHP_EOL.PHP_EOL;
|
662 |
+
echo "These are the codes which can be used incase you lose your phone or cannot access your email. Please reconfigure you authentication method after login.".PHP_EOL."Please use this carefully as each code can only be used once. Please do not share these codes with anyone.".PHP_EOL.PHP_EOL;
|
663 |
+
for ($x = 0; $x < 5; $x++){
|
664 |
+
$str1= $codes[$x];
|
665 |
+
echo(($x+1).". ".$str1." ");
|
666 |
+
}
|
667 |
+
|
668 |
+
exit;
|
669 |
+
}
|
670 |
+
|
671 |
+
public static function mo2f_mail_and_download_codes(){
|
672 |
+
global $Mo2fdbQueries;
|
673 |
+
$codes=MO2f_Utility::mo_2f_generate_backup_codes();
|
674 |
+
$codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
|
675 |
+
$id = get_current_user_id();
|
676 |
+
$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
|
677 |
+
if(empty($mo2f_user_email)){
|
678 |
+
$currentuser = get_user_by( 'id', $id );
|
679 |
+
$mo2f_user_email = $currentuser->user_email;
|
680 |
+
}
|
681 |
+
$result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
|
682 |
+
update_user_meta($id, 'mo_backup_code_generated', 1);
|
683 |
+
update_user_meta($id, 'mo_backup_code_downloaded', 1);
|
684 |
+
update_user_meta($id,'mo2f_backup_codes', $codes_hash);
|
685 |
+
MO2f_Utility::mo2f_download_backup_codes($id, $codes);
|
686 |
+
}
|
687 |
+
|
688 |
|
689 |
}
|
690 |
|
helper/constants.php
CHANGED
@@ -11,7 +11,7 @@
|
|
11 |
const ERR_403 = "403";
|
12 |
const DEFAULT_CUSTOMER_KEY = "16555";
|
13 |
const DEFAULT_API_KEY = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
|
14 |
-
const DB_VERSION =
|
15 |
const SUPPORT_EMAIL = 'info@xecurify.com';
|
16 |
const IP_LOOKUP_TEMPLATE = '<span style="font-size:14px;font-weight:bold">GENERAL INFORMATION</span><table style="margin-left:2%;"><tr><td style="width:100px;">Response</td><td >:</td><td>{{status}}</td></tr><tr><td style="width:100px;">IP Address</td><td>:</td><td>{{ip}}</td></tr><tr><td>HostName</td><td>:</td><td>{{hostname}}</td></tr><tr><td>TimeZone</td><td>:</td><td>{{timezone}}</td></tr><tr><td>Time Difference</td><td>:</td><td>{{offset}}</td></tr></table><hr><span style="font-size:14px;font-weight:bold">LOCATION INFORMATION</span><table style="margin-left:2%;"><tr><td>Latitude</td><td>:</td><td>{{latitude}}</td></tr><tr><td>Longitude</td><td>:</td><td>{{longitude}}</td></tr><tr><td>Region</td><td>:</td><td>{{region}}</td></tr><tr><td>Country</td><td>:</td><td>{{country}}</td></tr><tr><td>City</td><td>:</td><td>{{city}}</td></tr><tr><td>Continent</td><td>:</td><td>{{continent}}</td></tr><tr><td>Curreny Code</td><td>:</td><td>{{curreny_code}}</td></tr><tr><td>Curreny Symbol</td><td>:</td><td>{{curreny_symbol}}</td></tr><tr><td>Per Dollar Value</td><td>:</td><td>{{per_dollar_value}}</td></tr></table>';
|
17 |
const CURRENT_BROWSER = '<span style="font-size:10px;color:red;">( Current Browser )</span>';
|
11 |
const ERR_403 = "403";
|
12 |
const DEFAULT_CUSTOMER_KEY = "16555";
|
13 |
const DEFAULT_API_KEY = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
|
14 |
+
const DB_VERSION = 151;
|
15 |
const SUPPORT_EMAIL = 'info@xecurify.com';
|
16 |
const IP_LOOKUP_TEMPLATE = '<span style="font-size:14px;font-weight:bold">GENERAL INFORMATION</span><table style="margin-left:2%;"><tr><td style="width:100px;">Response</td><td >:</td><td>{{status}}</td></tr><tr><td style="width:100px;">IP Address</td><td>:</td><td>{{ip}}</td></tr><tr><td>HostName</td><td>:</td><td>{{hostname}}</td></tr><tr><td>TimeZone</td><td>:</td><td>{{timezone}}</td></tr><tr><td>Time Difference</td><td>:</td><td>{{offset}}</td></tr></table><hr><span style="font-size:14px;font-weight:bold">LOCATION INFORMATION</span><table style="margin-left:2%;"><tr><td>Latitude</td><td>:</td><td>{{latitude}}</td></tr><tr><td>Longitude</td><td>:</td><td>{{longitude}}</td></tr><tr><td>Region</td><td>:</td><td>{{region}}</td></tr><tr><td>Country</td><td>:</td><td>{{country}}</td></tr><tr><td>City</td><td>:</td><td>{{city}}</td></tr><tr><td>Continent</td><td>:</td><td>{{continent}}</td></tr><tr><td>Curreny Code</td><td>:</td><td>{{curreny_code}}</td></tr><tr><td>Curreny Symbol</td><td>:</td><td>{{curreny_symbol}}</td></tr><tr><td>Per Dollar Value</td><td>:</td><td>{{per_dollar_value}}</td></tr></table>';
|
17 |
const CURRENT_BROWSER = '<span style="font-size:10px;color:red;">( Current Browser )</span>';
|
helper/messages.php
CHANGED
@@ -75,7 +75,8 @@
|
|
75 |
const REQUIRED_FIELDS = "Please enter all the required fields";
|
76 |
const RESET_PASS = "You password has been reset successfully and sent to your registered email. Please check your mailbox.";
|
77 |
const TEMPLATE_SAVED = "Email template saved.";
|
78 |
-
const
|
|
|
79 |
const WHITELIST_SELF = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>It looks like you have not whitelisted your IP. Whitelist your IP as you can get blocked from your site.</p><button class='whitelist_self notice-button'><i>WhiteList</i></button></p></div>";
|
80 |
|
81 |
const CLOUD2FA_SINGLEUSER = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>The current solution is cloud which supports 2-factor for only one user. Either upgrade your plan or contact your administrator.</p></p></div>";
|
@@ -123,15 +124,31 @@
|
|
123 |
const REPORT_DISABLE = 'Login and error reports are disabled.';
|
124 |
const NOTIF_ENABLE = 'Notification options are available. Configure it in the Notification tab.';
|
125 |
const NOTIF_DISABLE = 'Notifications are disabled.';
|
126 |
-
|
127 |
-
|
128 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
129 |
|
130 |
const LOW_SMS_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few SMS transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
|
131 |
|
132 |
const LOW_EMAIL_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few Email transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
|
133 |
|
134 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
135 |
public static function showMessage($message , $data=array())
|
136 |
{
|
137 |
$message = constant( "self::".$message );
|
75 |
const REQUIRED_FIELDS = "Please enter all the required fields";
|
76 |
const RESET_PASS = "You password has been reset successfully and sent to your registered email. Please check your mailbox.";
|
77 |
const TEMPLATE_SAVED = "Email template saved.";
|
78 |
+
const GET_BACKUP_CODES = "<div class='custom-notice notice notice-warning backupcodes-notice'><p><p class='notice-message'><b>Please download backup codes using the 'Get backup codes' button to avoid getting locked out. Backup codes will be emailed as well as downloaded.</b></p><button class='backup_codes_dismiss notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
|
79 |
+
|
80 |
const WHITELIST_SELF = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>It looks like you have not whitelisted your IP. Whitelist your IP as you can get blocked from your site.</p><button class='whitelist_self notice-button'><i>WhiteList</i></button></p></div>";
|
81 |
|
82 |
const CLOUD2FA_SINGLEUSER = "<div class='custom-notice notice notice-warning whitelistself-notice'><p><p class='notice-message'>The current solution is cloud which supports 2-factor for only one user. Either upgrade your plan or contact your administrator.</p></p></div>";
|
124 |
const REPORT_DISABLE = 'Login and error reports are disabled.';
|
125 |
const NOTIF_ENABLE = 'Notification options are available. Configure it in the Notification tab.';
|
126 |
const NOTIF_DISABLE = 'Notifications are disabled.';
|
127 |
+
|
128 |
+
const NEW_PLUGIN_THEME_CHECK = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>We detected a change in plugins/themes folder. Kindly scan for better security.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
|
129 |
+
|
130 |
+
const CREATE_BACKUP = "<div class='custom-notice notice notice-warning create_backup-notice'><p><p class='notice-message'>It looks like you have not created a single backup of your website. Make the backup and secure your site.</p><a class='notice-button' href='admin.php?page=mo_2fa_backup' style='margin-right: 15px;'>Take Backup</a><button class='dismiss_website_backup_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
|
131 |
+
|
132 |
+
const BRUTE_FORCE_NOTICE = "<div class='custom-notice notice notice-warning brute_force-notice'><p><p class='notice-message'>It looks like your login protection is too weak. Enable brute force feature and safe your website from brute force attacker</p><a class='notice-button' href='admin.php?page=mo_2fa_login_and_spam' style='margin-right: 15px;'>Brute Force</a><button class='dismiss_brute_force_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
|
133 |
+
|
134 |
+
const GOOGLE_RECAPTCHA_NOTICE = "<div class='custom-notice notice notice-warning google_recaptcha-notice'><p><p class='notice-message'>It looks like your login protection is too weak. Enable Google reCAPTCHA and increase your website login security</p><a class='notice-button' href='admin.php?page=mo_2fa_login_and_spam' style='margin-right: 15px;'>Google_reCAPTCHA</a><button class='dismiss_google_recaptcha_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
|
135 |
+
|
136 |
+
const WAF_NOTICE = "<div class='custom-notice notice notice-warning firewall-notice'><p><p class='notice-message'>Your website is on risk. Turn on firewall and make secure your website from crawler</p><a class='notice-button' href='admin.php?page=mo_2fa_waf' style='margin-right: 15px;'>Firewall</a><button class='dismiss_firewall_notice notice-button' style='margin-right: 15px;'><i>DISMISS</i></button></p></div>";
|
137 |
|
138 |
const LOW_SMS_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few SMS transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
|
139 |
|
140 |
const LOW_EMAIL_TRANSACTIONS = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>You have left very few Email transaction. Please upgrade to premium plan for non stop usage.</p><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
|
141 |
|
142 |
|
143 |
+
|
144 |
+
|
145 |
+
public static $notification_array = array('malware_notification_option' => MoWpnsMessages::NEW_PLUGIN_THEME_CHECK ,
|
146 |
+
'backup_notification_option' => MoWpnsMessages::CREATE_BACKUP,
|
147 |
+
'bruteforce_notification_option' => MoWpnsMessages::BRUTE_FORCE_NOTICE,
|
148 |
+
'recaptcha_notification_option' => MoWpnsMessages::GOOGLE_RECAPTCHA_NOTICE,
|
149 |
+
'waf_notification_option' => MoWpnsMessages::WAF_NOTICE
|
150 |
+
);
|
151 |
+
|
152 |
public static function showMessage($message , $data=array())
|
153 |
{
|
154 |
$message = constant( "self::".$message );
|
helper/plugins.php
CHANGED
@@ -1,103 +1,103 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
class FeaturePluginInterface
|
4 |
-
{
|
5 |
-
function __construct()
|
6 |
-
{
|
7 |
-
if ( ! function_exists( 'get_plugins' ) )
|
8 |
-
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
9 |
-
}
|
10 |
-
}
|
11 |
-
|
12 |
-
|
13 |
-
class TwoFAPlugin extends FeaturePluginInterface
|
14 |
-
{
|
15 |
-
|
16 |
-
function getstatus()
|
17 |
-
{
|
18 |
-
$all_plugins = get_plugins();
|
19 |
-
$status = 'NOT_INSTALLED';
|
20 |
-
if(isset($all_plugins[MoWpnsConstants::TWO_FACTOR_SETTINGS]))
|
21 |
-
$status = is_plugin_active(MoWpnsConstants::TWO_FACTOR_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
|
22 |
-
return $status;
|
23 |
-
}
|
24 |
-
|
25 |
-
|
26 |
-
function updatePluginConfiguration()
|
27 |
-
{
|
28 |
-
if(!get_option('mo_wpns_enable_2fa'))
|
29 |
-
return;
|
30 |
-
|
31 |
-
if(!get_option( 'mo2f_customerKey') || !get_option( 'mo2f_api_key') || !get_option( 'mo2f_customer_token') || !get_option( 'mo2f_app_secret'))
|
32 |
-
{
|
33 |
-
global $mo2f_dirName;
|
34 |
-
$current_user = wp_get_current_user();
|
35 |
-
$mo2fa = new Two_Factor_Setup();
|
36 |
-
update_option( 'mo2f_email' ,get_option( 'mo2f_email'));
|
37 |
-
update_option( 'mo2f_host_name' ,MoWpnsConstants::HOST_NAME);
|
38 |
-
update_option( 'mo2f_phone' ,get_option( 'mo_wpns_admin_phone'));
|
39 |
-
update_option( 'mo2f_customerKey' ,get_option( 'mo2f_customerKey'));
|
40 |
-
update_option( 'mo2f_api_key' ,get_option( 'mo2f_api_key'));
|
41 |
-
update_option( 'mo2f_customer_token' ,get_option( 'mo2f_customer_token'));
|
42 |
-
update_option( 'mo2f_app_secret' ,get_option( 'mo2f_app_secret'));
|
43 |
-
update_option( 'mo2f_miniorange_admin' ,$current_user->ID);
|
44 |
-
update_option( 'mo2f_new_customer' ,true);
|
45 |
-
|
46 |
-
update_option( 'mo_2factor_admin_registration_status','MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS');
|
47 |
-
update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
|
48 |
-
update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',get_option( 'mo2f_email'));
|
49 |
-
update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
|
50 |
-
$mo2fa->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,'API_2FA',true);
|
51 |
-
update_user_meta($current_user->ID,'mo2f_email_verification_status',true);
|
52 |
-
}
|
53 |
-
}
|
54 |
-
}
|
55 |
-
|
56 |
-
|
57 |
-
class OTPPlugin extends FeaturePluginInterface
|
58 |
-
{
|
59 |
-
function getstatus()
|
60 |
-
{
|
61 |
-
$all_plugins = get_plugins();
|
62 |
-
$status = 'NOT_INSTALLED';
|
63 |
-
if(isset($all_plugins[MoWpnsConstants::OTP_VERIFICATION_SETTINGS]))
|
64 |
-
$status = is_plugin_active(MoWpnsConstants::OTP_VERIFICATION_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
|
65 |
-
return $status;
|
66 |
-
}
|
67 |
-
|
68 |
-
function updatePluginConfiguration()
|
69 |
-
{
|
70 |
-
if(!get_option('mo_wpns_enable_advanced_user_verification'))
|
71 |
-
return;
|
72 |
-
|
73 |
-
if(!get_option( 'mo_customer_validation_admin_email') || !get_option( 'mo_customer_validation_admin_customer_key') || !get_option( 'mo_customer_validation_admin_api_key') || !get_option( 'mo_customer_validation_customer_token'))
|
74 |
-
{
|
75 |
-
update_option( 'mo_customer_validation_wp_default_enable' ,1);
|
76 |
-
update_option( 'mo_customer_validation_admin_email' ,get_option( 'mo2f_email'));
|
77 |
-
update_option( 'mo_customer_validation_admin_phone' ,get_option( 'mo_wpns_admin_phone'));
|
78 |
-
update_option( 'mo_customer_validation_admin_customer_key' ,get_option( 'mo2f_customerKey') );
|
79 |
-
update_option( 'mo_customer_validation_admin_api_key' ,get_option( 'mo2f_api_key') );
|
80 |
-
update_option( 'mo_customer_validation_customer_token' ,get_option( 'mo2f_customer_token') );
|
81 |
-
update_option( 'mo_customer_validation_admin_password' ,'');
|
82 |
-
update_option( 'mo_customer_validation_message' ,'Registration complete!');
|
83 |
-
update_option( 'mo_customer_validation_registration_status' ,'MO_CUSTOMER_VALIDATION_REGISTRATION_COMPLETE');
|
84 |
-
update_option( 'mo_customer_email_transactions_remaining' ,10);
|
85 |
-
update_option( 'mo_customer_phone_transactions_remaining' ,10);
|
86 |
-
update_option( 'mo_otp_plugin_version' ,1.8);
|
87 |
-
}
|
88 |
-
}
|
89 |
-
|
90 |
-
}
|
91 |
-
|
92 |
-
|
93 |
-
class SocialPlugin extends FeaturePluginInterface
|
94 |
-
{
|
95 |
-
function getstatus()
|
96 |
-
{
|
97 |
-
$all_plugins = get_plugins();
|
98 |
-
$status = 'NOT_INSTALLED';
|
99 |
-
if(isset($all_plugins[MoWpnsConstants::SOCIAL_LOGIN_SETTINGS]))
|
100 |
-
$status = is_plugin_active(MoWpnsConstants::SOCIAL_LOGIN_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
|
101 |
-
return $status;
|
102 |
-
}
|
103 |
}
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class FeaturePluginInterface
|
4 |
+
{
|
5 |
+
function __construct()
|
6 |
+
{
|
7 |
+
if ( ! function_exists( 'get_plugins' ) )
|
8 |
+
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
9 |
+
}
|
10 |
+
}
|
11 |
+
|
12 |
+
|
13 |
+
class TwoFAPlugin extends FeaturePluginInterface
|
14 |
+
{
|
15 |
+
|
16 |
+
function getstatus()
|
17 |
+
{
|
18 |
+
$all_plugins = get_plugins();
|
19 |
+
$status = 'NOT_INSTALLED';
|
20 |
+
if(isset($all_plugins[MoWpnsConstants::TWO_FACTOR_SETTINGS]))
|
21 |
+
$status = is_plugin_active(MoWpnsConstants::TWO_FACTOR_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
|
22 |
+
return $status;
|
23 |
+
}
|
24 |
+
|
25 |
+
|
26 |
+
function updatePluginConfiguration()
|
27 |
+
{
|
28 |
+
if(!get_option('mo_wpns_enable_2fa'))
|
29 |
+
return;
|
30 |
+
|
31 |
+
if(!get_option( 'mo2f_customerKey') || !get_option( 'mo2f_api_key') || !get_option( 'mo2f_customer_token') || !get_option( 'mo2f_app_secret'))
|
32 |
+
{
|
33 |
+
global $mo2f_dirName;
|
34 |
+
$current_user = wp_get_current_user();
|
35 |
+
$mo2fa = new Two_Factor_Setup();
|
36 |
+
update_option( 'mo2f_email' ,get_option( 'mo2f_email'));
|
37 |
+
update_option( 'mo2f_host_name' ,MoWpnsConstants::HOST_NAME);
|
38 |
+
update_option( 'mo2f_phone' ,get_option( 'mo_wpns_admin_phone'));
|
39 |
+
update_option( 'mo2f_customerKey' ,get_option( 'mo2f_customerKey'));
|
40 |
+
update_option( 'mo2f_api_key' ,get_option( 'mo2f_api_key'));
|
41 |
+
update_option( 'mo2f_customer_token' ,get_option( 'mo2f_customer_token'));
|
42 |
+
update_option( 'mo2f_app_secret' ,get_option( 'mo2f_app_secret'));
|
43 |
+
update_option( 'mo2f_miniorange_admin' ,$current_user->ID);
|
44 |
+
update_option( 'mo2f_new_customer' ,true);
|
45 |
+
|
46 |
+
update_option( 'mo_2factor_admin_registration_status','MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS');
|
47 |
+
update_user_meta($current_user->ID,'mo_2factor_user_registration_with_miniorange','SUCCESS');
|
48 |
+
update_user_meta($current_user->ID,'mo_2factor_map_id_with_email',get_option( 'mo2f_email'));
|
49 |
+
update_user_meta($current_user->ID,'mo_2factor_user_registration_status','MO_2_FACTOR_PLUGIN_SETTINGS');
|
50 |
+
$mo2fa->mo2f_update_userinfo(get_user_meta($current_user->ID,'mo_2factor_map_id_with_email',true), 'OUT OF BAND EMAIL',null,'API_2FA',true);
|
51 |
+
update_user_meta($current_user->ID,'mo2f_email_verification_status',true);
|
52 |
+
}
|
53 |
+
}
|
54 |
+
}
|
55 |
+
|
56 |
+
|
57 |
+
class OTPPlugin extends FeaturePluginInterface
|
58 |
+
{
|
59 |
+
function getstatus()
|
60 |
+
{
|
61 |
+
$all_plugins = get_plugins();
|
62 |
+
$status = 'NOT_INSTALLED';
|
63 |
+
if(isset($all_plugins[MoWpnsConstants::OTP_VERIFICATION_SETTINGS]))
|
64 |
+
$status = is_plugin_active(MoWpnsConstants::OTP_VERIFICATION_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
|
65 |
+
return $status;
|
66 |
+
}
|
67 |
+
|
68 |
+
function updatePluginConfiguration()
|
69 |
+
{
|
70 |
+
if(!get_option('mo_wpns_enable_advanced_user_verification'))
|
71 |
+
return;
|
72 |
+
|
73 |
+
if(!get_option( 'mo_customer_validation_admin_email') || !get_option( 'mo_customer_validation_admin_customer_key') || !get_option( 'mo_customer_validation_admin_api_key') || !get_option( 'mo_customer_validation_customer_token'))
|
74 |
+
{
|
75 |
+
update_option( 'mo_customer_validation_wp_default_enable' ,1);
|
76 |
+
update_option( 'mo_customer_validation_admin_email' ,get_option( 'mo2f_email'));
|
77 |
+
update_option( 'mo_customer_validation_admin_phone' ,get_option( 'mo_wpns_admin_phone'));
|
78 |
+
update_option( 'mo_customer_validation_admin_customer_key' ,get_option( 'mo2f_customerKey') );
|
79 |
+
update_option( 'mo_customer_validation_admin_api_key' ,get_option( 'mo2f_api_key') );
|
80 |
+
update_option( 'mo_customer_validation_customer_token' ,get_option( 'mo2f_customer_token') );
|
81 |
+
update_option( 'mo_customer_validation_admin_password' ,'');
|
82 |
+
update_option( 'mo_customer_validation_message' ,'Registration complete!');
|
83 |
+
update_option( 'mo_customer_validation_registration_status' ,'MO_CUSTOMER_VALIDATION_REGISTRATION_COMPLETE');
|
84 |
+
update_option( 'mo_customer_email_transactions_remaining' ,10);
|
85 |
+
update_option( 'mo_customer_phone_transactions_remaining' ,10);
|
86 |
+
update_option( 'mo_otp_plugin_version' ,1.8);
|
87 |
+
}
|
88 |
+
}
|
89 |
+
|
90 |
+
}
|
91 |
+
|
92 |
+
|
93 |
+
class SocialPlugin extends FeaturePluginInterface
|
94 |
+
{
|
95 |
+
function getstatus()
|
96 |
+
{
|
97 |
+
$all_plugins = get_plugins();
|
98 |
+
$status = 'NOT_INSTALLED';
|
99 |
+
if(isset($all_plugins[MoWpnsConstants::SOCIAL_LOGIN_SETTINGS]))
|
100 |
+
$status = is_plugin_active(MoWpnsConstants::SOCIAL_LOGIN_SETTINGS) ? 'ACTIVE' : 'INSTALLED';
|
101 |
+
return $status;
|
102 |
+
}
|
103 |
}
|
includes/css/jquery.dataTables.min.css
CHANGED
@@ -1 +1 @@
|
|
1 |
-
table.dataTable{width:100%;margin:0 auto;clear:both;border-collapse:separate;border-spacing:0}table.dataTable thead th,table.dataTable tfoot th{font-weight:bold}table.dataTable thead th,table.dataTable thead td{padding:10px 18px;border-bottom:1px solid #111}table.dataTable thead th:active,table.dataTable thead td:active{outline:none}table.dataTable tfoot th,table.dataTable tfoot td{padding:10px 18px 6px 18px;border-top:1px solid #111}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc{cursor:pointer;*cursor:hand}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc,table.dataTable thead .sorting_asc_disabled,table.dataTable thead .sorting_desc_disabled{background-repeat:no-repeat;background-position:center right}table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable tbody tr{background-color:#ffffff}table.dataTable tbody tr.selected{background-color:#B0BED9}table.dataTable tbody th,table.dataTable tbody td{padding:8px 10px}table.dataTable.row-border tbody th,table.dataTable.row-border tbody td,table.dataTable.display tbody th,table.dataTable.display tbody td{border-top:1px solid #ddd}table.dataTable.row-border tbody tr:first-child th,table.dataTable.row-border tbody tr:first-child td,table.dataTable.display tbody tr:first-child th,table.dataTable.display tbody tr:first-child td{border-top:none}table.dataTable.cell-border tbody th,table.dataTable.cell-border tbody td{border-top:1px solid #ddd;border-right:1px solid #ddd}table.dataTable.cell-border tbody tr th:first-child,table.dataTable.cell-border tbody tr td:first-child{border-left:1px solid #ddd}table.dataTable.cell-border tbody tr:first-child th,table.dataTable.cell-border tbody tr:first-child td{border-top:none}table.dataTable.stripe tbody tr.odd,table.dataTable.display tbody tr.odd{background-color:#f9f9f9}table.dataTable.stripe tbody tr.odd.selected,table.dataTable.display tbody tr.odd.selected{background-color:#acbad4}table.dataTable.hover tbody tr:hover,table.dataTable.display tbody tr:hover{background-color:#f6f6f6}table.dataTable.hover tbody tr:hover.selected,table.dataTable.display tbody tr:hover.selected{background-color:#aab7d1}table.dataTable.order-column tbody tr>.sorting_1,table.dataTable.order-column tbody tr>.sorting_2,table.dataTable.order-column tbody tr>.sorting_3,table.dataTable.display tbody tr>.sorting_1,table.dataTable.display tbody tr>.sorting_2,table.dataTable.display tbody tr>.sorting_3{background-color:#fafafa}table.dataTable.order-column tbody tr.selected>.sorting_1,table.dataTable.order-column tbody tr.selected>.sorting_2,table.dataTable.order-column tbody tr.selected>.sorting_3,table.dataTable.display tbody tr.selected>.sorting_1,table.dataTable.display tbody tr.selected>.sorting_2,table.dataTable.display tbody tr.selected>.sorting_3{background-color:#acbad5}table.dataTable.display tbody tr.odd>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd>.sorting_1{background-color:#f1f1f1}table.dataTable.display tbody tr.odd>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd>.sorting_2{background-color:#f3f3f3}table.dataTable.display tbody tr.odd>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd>.sorting_3{background-color:whitesmoke}table.dataTable.display tbody tr.odd.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_1{background-color:#a6b4cd}table.dataTable.display tbody tr.odd.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_2{background-color:#a8b5cf}table.dataTable.display tbody tr.odd.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_3{background-color:#a9b7d1}table.dataTable.display tbody tr.even>.sorting_1,table.dataTable.order-column.stripe tbody tr.even>.sorting_1{background-color:#fafafa}table.dataTable.display tbody tr.even>.sorting_2,table.dataTable.order-column.stripe tbody tr.even>.sorting_2{background-color:#fcfcfc}table.dataTable.display tbody tr.even>.sorting_3,table.dataTable.order-column.stripe tbody tr.even>.sorting_3{background-color:#fefefe}table.dataTable.display tbody tr.even.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_1{background-color:#acbad5}table.dataTable.display tbody tr.even.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_2{background-color:#aebcd6}table.dataTable.display tbody tr.even.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_3{background-color:#afbdd8}table.dataTable.display tbody tr:hover>.sorting_1,table.dataTable.order-column.hover tbody tr:hover>.sorting_1{background-color:#eaeaea}table.dataTable.display tbody tr:hover>.sorting_2,table.dataTable.order-column.hover tbody tr:hover>.sorting_2{background-color:#ececec}table.dataTable.display tbody tr:hover>.sorting_3,table.dataTable.order-column.hover tbody tr:hover>.sorting_3{background-color:#efefef}table.dataTable.display tbody tr:hover.selected>.sorting_1,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_1{background-color:#a2aec7}table.dataTable.display tbody tr:hover.selected>.sorting_2,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_2{background-color:#a3b0c9}table.dataTable.display tbody tr:hover.selected>.sorting_3,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_3{background-color:#a5b2cb}table.dataTable.no-footer{border-bottom:1px solid #111}table.dataTable.nowrap th,table.dataTable.nowrap td{white-space:nowrap}table.dataTable.compact thead th,table.dataTable.compact thead td{padding:4px 17px 4px 4px}table.dataTable.compact tfoot th,table.dataTable.compact tfoot td{padding:4px}table.dataTable.compact tbody th,table.dataTable.compact tbody td{padding:4px}table.dataTable th.dt-left,table.dataTable td.dt-left{text-align:left}table.dataTable th.dt-center,table.dataTable td.dt-center,table.dataTable td.dataTables_empty{text-align:center}table.dataTable th.dt-right,table.dataTable td.dt-right{text-align:right}table.dataTable th.dt-justify,table.dataTable td.dt-justify{text-align:justify}table.dataTable th.dt-nowrap,table.dataTable td.dt-nowrap{white-space:nowrap}table.dataTable thead th.dt-head-left,table.dataTable thead td.dt-head-left,table.dataTable tfoot th.dt-head-left,table.dataTable tfoot td.dt-head-left{text-align:left}table.dataTable thead th.dt-head-center,table.dataTable thead td.dt-head-center,table.dataTable tfoot th.dt-head-center,table.dataTable tfoot td.dt-head-center{text-align:center}table.dataTable thead th.dt-head-right,table.dataTable thead td.dt-head-right,table.dataTable tfoot th.dt-head-right,table.dataTable tfoot td.dt-head-right{text-align:right}table.dataTable thead th.dt-head-justify,table.dataTable thead td.dt-head-justify,table.dataTable tfoot th.dt-head-justify,table.dataTable tfoot td.dt-head-justify{text-align:justify}table.dataTable thead th.dt-head-nowrap,table.dataTable thead td.dt-head-nowrap,table.dataTable tfoot th.dt-head-nowrap,table.dataTable tfoot td.dt-head-nowrap{white-space:nowrap}table.dataTable tbody th.dt-body-left,table.dataTable tbody td.dt-body-left{text-align:left}table.dataTable tbody th.dt-body-center,table.dataTable tbody td.dt-body-center{text-align:center}table.dataTable tbody th.dt-body-right,table.dataTable tbody td.dt-body-right{text-align:right}table.dataTable tbody th.dt-body-justify,table.dataTable tbody td.dt-body-justify{text-align:justify}table.dataTable tbody th.dt-body-nowrap,table.dataTable tbody td.dt-body-nowrap{white-space:nowrap}table.dataTable,table.dataTable th,table.dataTable td{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}.dataTables_wrapper{position:relative;clear:both;*zoom:1;zoom:1}.dataTables_wrapper .dataTables_length{float:left}.dataTables_wrapper .dataTables_filter{float:right;text-align:right}.dataTables_wrapper .dataTables_filter input{margin-left:0.5em}.dataTables_wrapper .dataTables_info{clear:both;float:left;padding-top:0.755em}.dataTables_wrapper .dataTables_paginate{float:right;text-align:right;padding-top:0.25em}.dataTables_wrapper .dataTables_paginate .paginate_button{box-sizing:border-box;display:inline-block;min-width:1.5em;padding:0.5em 1em;margin-left:2px;text-align:center;text-decoration:none !important;cursor:pointer;*cursor:hand;color:#333 !important;border:1px solid transparent;border-radius:2px}.dataTables_wrapper .dataTables_paginate .paginate_button.current,.dataTables_wrapper .dataTables_paginate .paginate_button.current:hover{color:#333 !important;border:1px solid #979797;background-color:white;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #fff), color-stop(100%, #dcdcdc));background:-webkit-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-moz-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-ms-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-o-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:linear-gradient(to bottom, #fff 0%, #dcdcdc 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button.disabled,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:hover,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:active{cursor:default;color:#666 !important;border:1px solid transparent;background:transparent;box-shadow:none}.dataTables_wrapper .dataTables_paginate .paginate_button:hover{color:white !important;border:1px solid #111;background-color:#585858;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #585858), color-stop(100%, #111));background:-webkit-linear-gradient(top, #585858 0%, #111 100%);background:-moz-linear-gradient(top, #585858 0%, #111 100%);background:-ms-linear-gradient(top, #585858 0%, #111 100%);background:-o-linear-gradient(top, #585858 0%, #111 100%);background:linear-gradient(to bottom, #585858 0%, #111 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button:active{outline:none;background-color:#2b2b2b;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #2b2b2b), color-stop(100%, #0c0c0c));background:-webkit-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-moz-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-ms-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-o-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:linear-gradient(to bottom, #2b2b2b 0%, #0c0c0c 100%);box-shadow:inset 0 0 3px #111}.dataTables_wrapper .dataTables_paginate .ellipsis{padding:0 1em}.dataTables_wrapper .dataTables_processing{position:absolute;top:50%;left:50%;width:100%;height:40px;margin-left:-50%;margin-top:-25px;padding-top:20px;text-align:center;font-size:1.2em;background-color:white;background:-webkit-gradient(linear, left top, right top, color-stop(0%, rgba(255,255,255,0)), color-stop(25%, rgba(255,255,255,0.9)), color-stop(75%, rgba(255,255,255,0.9)), color-stop(100%, rgba(255,255,255,0)));background:-webkit-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-moz-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-ms-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-o-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:linear-gradient(to right, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%)}.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter,.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_processing,.dataTables_wrapper .dataTables_paginate{color:#333}.dataTables_wrapper .dataTables_scroll{clear:both}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody{*margin-top:-1px;-webkit-overflow-scrolling:touch}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td{vertical-align:middle}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th>div.dataTables_sizing,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td>div.dataTables_sizing{height:0;overflow:hidden;margin:0 !important;padding:0 !important}.dataTables_wrapper.no-footer .dataTables_scrollBody{border-bottom:1px solid #111}.dataTables_wrapper.no-footer div.dataTables_scrollHead table,.dataTables_wrapper.no-footer div.dataTables_scrollBody table{border-bottom:none}.dataTables_wrapper:after{visibility:hidden;display:block;content:"";clear:both;height:0}@media screen and (max-width: 767px){.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_paginate{float:none;text-align:center}.dataTables_wrapper .dataTables_paginate{margin-top:0.5em}}@media screen and (max-width: 640px){.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter{float:none;text-align:center}.dataTables_wrapper .dataTables_filter{margin-top:0.5em}}
|
1 |
+
table.dataTable{width:100%;margin:0 auto;clear:both;border-collapse:separate;border-spacing:0}table.dataTable thead th,table.dataTable tfoot th{font-weight:bold}table.dataTable thead th,table.dataTable thead td{padding:10px 18px;border-bottom:1px solid #111}table.dataTable thead th:active,table.dataTable thead td:active{outline:none}table.dataTable tfoot th,table.dataTable tfoot td{padding:10px 18px 6px 18px;border-top:1px solid #111}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc{cursor:pointer;*cursor:hand}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc,table.dataTable thead .sorting_asc_disabled,table.dataTable thead .sorting_desc_disabled{background-repeat:no-repeat;background-position:center right}table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable thead table.dataTable tbody tr{background-color:#ffffff}table.dataTable tbody tr.selected{background-color:#B0BED9}table.dataTable tbody th,table.dataTable tbody td{padding:8px 10px}table.dataTable.row-border tbody th,table.dataTable.row-border tbody td,table.dataTable.display tbody th,table.dataTable.display tbody td{border-top:1px solid #ddd}table.dataTable.row-border tbody tr:first-child th,table.dataTable.row-border tbody tr:first-child td,table.dataTable.display tbody tr:first-child th,table.dataTable.display tbody tr:first-child td{border-top:none}table.dataTable.cell-border tbody th,table.dataTable.cell-border tbody td{border-top:1px solid #ddd;border-right:1px solid #ddd}table.dataTable.cell-border tbody tr th:first-child,table.dataTable.cell-border tbody tr td:first-child{border-left:1px solid #ddd}table.dataTable.cell-border tbody tr:first-child th,table.dataTable.cell-border tbody tr:first-child td{border-top:none}table.dataTable.stripe tbody tr.odd,table.dataTable.display tbody tr.odd{background-color:#f9f9f9}table.dataTable.stripe tbody tr.odd.selected,table.dataTable.display tbody tr.odd.selected{background-color:#acbad4}table.dataTable.hover tbody tr:hover,table.dataTable.display tbody tr:hover{background-color:#f6f6f6}table.dataTable.hover tbody tr:hover.selected,table.dataTable.display tbody tr:hover.selected{background-color:#aab7d1}table.dataTable.order-column tbody tr>.sorting_1,table.dataTable.order-column tbody tr>.sorting_2,table.dataTable.order-column tbody tr>.sorting_3,table.dataTable.display tbody tr>.sorting_1,table.dataTable.display tbody tr>.sorting_2,table.dataTable.display tbody tr>.sorting_3{background-color:#fafafa}table.dataTable.order-column tbody tr.selected>.sorting_1,table.dataTable.order-column tbody tr.selected>.sorting_2,table.dataTable.order-column tbody tr.selected>.sorting_3,table.dataTable.display tbody tr.selected>.sorting_1,table.dataTable.display tbody tr.selected>.sorting_2,table.dataTable.display tbody tr.selected>.sorting_3{background-color:#acbad5}table.dataTable.display tbody tr.odd>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd>.sorting_1{background-color:#f1f1f1}table.dataTable.display tbody tr.odd>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd>.sorting_2{background-color:#f3f3f3}table.dataTable.display tbody tr.odd>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd>.sorting_3{background-color:whitesmoke}table.dataTable.display tbody tr.odd.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_1{background-color:#a6b4cd}table.dataTable.display tbody tr.odd.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_2{background-color:#a8b5cf}table.dataTable.display tbody tr.odd.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.odd.selected>.sorting_3{background-color:#a9b7d1}table.dataTable.display tbody tr.even>.sorting_1,table.dataTable.order-column.stripe tbody tr.even>.sorting_1{background-color:#fafafa}table.dataTable.display tbody tr.even>.sorting_2,table.dataTable.order-column.stripe tbody tr.even>.sorting_2{background-color:#fcfcfc}table.dataTable.display tbody tr.even>.sorting_3,table.dataTable.order-column.stripe tbody tr.even>.sorting_3{background-color:#fefefe}table.dataTable.display tbody tr.even.selected>.sorting_1,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_1{background-color:#acbad5}table.dataTable.display tbody tr.even.selected>.sorting_2,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_2{background-color:#aebcd6}table.dataTable.display tbody tr.even.selected>.sorting_3,table.dataTable.order-column.stripe tbody tr.even.selected>.sorting_3{background-color:#afbdd8}table.dataTable.display tbody tr:hover>.sorting_1,table.dataTable.order-column.hover tbody tr:hover>.sorting_1{background-color:#eaeaea}table.dataTable.display tbody tr:hover>.sorting_2,table.dataTable.order-column.hover tbody tr:hover>.sorting_2{background-color:#ececec}table.dataTable.display tbody tr:hover>.sorting_3,table.dataTable.order-column.hover tbody tr:hover>.sorting_3{background-color:#efefef}table.dataTable.display tbody tr:hover.selected>.sorting_1,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_1{background-color:#a2aec7}table.dataTable.display tbody tr:hover.selected>.sorting_2,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_2{background-color:#a3b0c9}table.dataTable.display tbody tr:hover.selected>.sorting_3,table.dataTable.order-column.hover tbody tr:hover.selected>.sorting_3{background-color:#a5b2cb}table.dataTable.no-footer{border-bottom:1px solid #111}table.dataTable.nowrap th,table.dataTable.nowrap td{white-space:nowrap}table.dataTable.compact thead th,table.dataTable.compact thead td{padding:4px 17px 4px 4px}table.dataTable.compact tfoot th,table.dataTable.compact tfoot td{padding:4px}table.dataTable.compact tbody th,table.dataTable.compact tbody td{padding:4px}table.dataTable th.dt-left,table.dataTable td.dt-left{text-align:left}table.dataTable th.dt-center,table.dataTable td.dt-center,table.dataTable td.dataTables_empty{text-align:center}table.dataTable th.dt-right,table.dataTable td.dt-right{text-align:right}table.dataTable th.dt-justify,table.dataTable td.dt-justify{text-align:justify}table.dataTable th.dt-nowrap,table.dataTable td.dt-nowrap{white-space:nowrap}table.dataTable thead th.dt-head-left,table.dataTable thead td.dt-head-left,table.dataTable tfoot th.dt-head-left,table.dataTable tfoot td.dt-head-left{text-align:left}table.dataTable thead th.dt-head-center,table.dataTable thead td.dt-head-center,table.dataTable tfoot th.dt-head-center,table.dataTable tfoot td.dt-head-center{text-align:center}table.dataTable thead th.dt-head-right,table.dataTable thead td.dt-head-right,table.dataTable tfoot th.dt-head-right,table.dataTable tfoot td.dt-head-right{text-align:right}table.dataTable thead th.dt-head-justify,table.dataTable thead td.dt-head-justify,table.dataTable tfoot th.dt-head-justify,table.dataTable tfoot td.dt-head-justify{text-align:justify}table.dataTable thead th.dt-head-nowrap,table.dataTable thead td.dt-head-nowrap,table.dataTable tfoot th.dt-head-nowrap,table.dataTable tfoot td.dt-head-nowrap{white-space:nowrap}table.dataTable tbody th.dt-body-left,table.dataTable tbody td.dt-body-left{text-align:left}table.dataTable tbody th.dt-body-center,table.dataTable tbody td.dt-body-center{text-align:center}table.dataTable tbody th.dt-body-right,table.dataTable tbody td.dt-body-right{text-align:right}table.dataTable tbody th.dt-body-justify,table.dataTable tbody td.dt-body-justify{text-align:justify}table.dataTable tbody th.dt-body-nowrap,table.dataTable tbody td.dt-body-nowrap{white-space:nowrap}table.dataTable,table.dataTable th,table.dataTable td{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}.dataTables_wrapper{position:relative;clear:both;*zoom:1;zoom:1}.dataTables_wrapper .dataTables_length{float:left}.dataTables_wrapper .dataTables_filter{float:right;text-align:right}.dataTables_wrapper .dataTables_filter input{margin-left:0.5em}.dataTables_wrapper .dataTables_info{clear:both;float:left;padding-top:0.755em}.dataTables_wrapper .dataTables_paginate{float:right;text-align:right;padding-top:0.25em}.dataTables_wrapper .dataTables_paginate .paginate_button{box-sizing:border-box;display:inline-block;min-width:1.5em;padding:0.5em 1em;margin-left:2px;text-align:center;text-decoration:none !important;cursor:pointer;*cursor:hand;color:#333 !important;border:1px solid transparent;border-radius:2px}.dataTables_wrapper .dataTables_paginate .paginate_button.current,.dataTables_wrapper .dataTables_paginate .paginate_button.current:hover{color:#333 !important;border:1px solid #979797;background-color:white;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #fff), color-stop(100%, #dcdcdc));background:-webkit-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-moz-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-ms-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:-o-linear-gradient(top, #fff 0%, #dcdcdc 100%);background:linear-gradient(to bottom, #fff 0%, #dcdcdc 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button.disabled,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:hover,.dataTables_wrapper .dataTables_paginate .paginate_button.disabled:active{cursor:default;color:#666 !important;border:1px solid transparent;background:transparent;box-shadow:none}.dataTables_wrapper .dataTables_paginate .paginate_button:hover{color:white !important;border:1px solid #111;background-color:#585858;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #585858), color-stop(100%, #111));background:-webkit-linear-gradient(top, #585858 0%, #111 100%);background:-moz-linear-gradient(top, #585858 0%, #111 100%);background:-ms-linear-gradient(top, #585858 0%, #111 100%);background:-o-linear-gradient(top, #585858 0%, #111 100%);background:linear-gradient(to bottom, #585858 0%, #111 100%)}.dataTables_wrapper .dataTables_paginate .paginate_button:active{outline:none;background-color:#2b2b2b;background:-webkit-gradient(linear, left top, left bottom, color-stop(0%, #2b2b2b), color-stop(100%, #0c0c0c));background:-webkit-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-moz-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-ms-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:-o-linear-gradient(top, #2b2b2b 0%, #0c0c0c 100%);background:linear-gradient(to bottom, #2b2b2b 0%, #0c0c0c 100%);box-shadow:inset 0 0 3px #111}.dataTables_wrapper .dataTables_paginate .ellipsis{padding:0 1em}.dataTables_wrapper .dataTables_processing{position:absolute;top:50%;left:50%;width:100%;height:40px;margin-left:-50%;margin-top:-25px;padding-top:20px;text-align:center;font-size:1.2em;background-color:white;background:-webkit-gradient(linear, left top, right top, color-stop(0%, rgba(255,255,255,0)), color-stop(25%, rgba(255,255,255,0.9)), color-stop(75%, rgba(255,255,255,0.9)), color-stop(100%, rgba(255,255,255,0)));background:-webkit-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-moz-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-ms-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:-o-linear-gradient(left, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%);background:linear-gradient(to right, rgba(255,255,255,0) 0%, rgba(255,255,255,0.9) 25%, rgba(255,255,255,0.9) 75%, rgba(255,255,255,0) 100%)}.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter,.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_processing,.dataTables_wrapper .dataTables_paginate{color:#333}.dataTables_wrapper .dataTables_scroll{clear:both}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody{*margin-top:-1px;-webkit-overflow-scrolling:touch}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td{vertical-align:middle}.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody th>div.dataTables_sizing,.dataTables_wrapper .dataTables_scroll div.dataTables_scrollBody td>div.dataTables_sizing{height:0;overflow:hidden;margin:0 !important;padding:0 !important}.dataTables_wrapper.no-footer .dataTables_scrollBody{border-bottom:1px solid #111}.dataTables_wrapper.no-footer div.dataTables_scrollHead table,.dataTables_wrapper.no-footer div.dataTables_scrollBody table{border-bottom:none}.dataTables_wrapper:after{visibility:hidden;display:block;content:"";clear:both;height:0}@media screen and (max-width: 767px){.dataTables_wrapper .dataTables_info,.dataTables_wrapper .dataTables_paginate{float:none;text-align:center}.dataTables_wrapper .dataTables_paginate{margin-top:0.5em}}@media screen and (max-width: 640px){.dataTables_wrapper .dataTables_length,.dataTables_wrapper .dataTables_filter{float:none;text-align:center}.dataTables_wrapper .dataTables_filter{margin-top:0.5em}}
|
includes/css/phone.css
CHANGED
@@ -21,6 +21,18 @@
|
|
21 |
padding:2px;
|
22 |
}
|
23 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
24 |
.mo2f_send_phoneotp_button {
|
25 |
position:absolute;
|
26 |
right: 0px;
|
@@ -31,7 +43,19 @@
|
|
31 |
outline:none;
|
32 |
text-align:center;
|
33 |
padding:2px;
|
34 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
35 |
|
36 |
.intl-number-input { position: inherit; }
|
37 |
.intl-number-input .hide { display: none; }
|
21 |
padding:2px;
|
22 |
}
|
23 |
|
24 |
+
.mo2ftimerEmail {
|
25 |
+
position:absolute;
|
26 |
+
right: 0px;
|
27 |
+
top: 0%;
|
28 |
+
border:none;
|
29 |
+
height:100%;
|
30 |
+
width:max-content;
|
31 |
+
outline:none;
|
32 |
+
text-align:center;
|
33 |
+
padding:14px;
|
34 |
+
}
|
35 |
+
|
36 |
.mo2f_send_phoneotp_button {
|
37 |
position:absolute;
|
38 |
right: 0px;
|
43 |
outline:none;
|
44 |
text-align:center;
|
45 |
padding:2px;
|
46 |
+
}
|
47 |
+
|
48 |
+
.mo2ftimerSMS {
|
49 |
+
position:absolute;
|
50 |
+
right: 0px;
|
51 |
+
top: 0%;
|
52 |
+
border:none;
|
53 |
+
height:100%;
|
54 |
+
width:max-content;
|
55 |
+
outline:none;
|
56 |
+
text-align:center;
|
57 |
+
padding:14px;
|
58 |
+
}
|
59 |
|
60 |
.intl-number-input { position: inherit; }
|
61 |
.intl-number-input .hide { display: none; }
|
includes/css/twofa_style_settings.css
CHANGED
@@ -1,975 +1,975 @@
|
|
1 |
-
.mo2f_modal-open {
|
2 |
-
overflow: hidden !important;
|
3 |
-
position: fixed !important;
|
4 |
-
width: 100% !important;
|
5 |
-
|
6 |
-
}
|
7 |
-
|
8 |
-
.mo2f_modal {
|
9 |
-
position: fixed !important;
|
10 |
-
top: 0;
|
11 |
-
right: 0;
|
12 |
-
bottom: 0;
|
13 |
-
left: 0;
|
14 |
-
z-index: 100000 !important;
|
15 |
-
|
16 |
-
overflow: hidden !important;
|
17 |
-
-webkit-overflow-scrolling: touch;
|
18 |
-
outline: 0;
|
19 |
-
|
20 |
-
}
|
21 |
-
|
22 |
-
.mo2f_modal_inner {
|
23 |
-
display: none;
|
24 |
-
}
|
25 |
-
|
26 |
-
.mo2f_modal.fade .mo2f_modal-dialog {
|
27 |
-
-webkit-transition: -webkit-transform .3s ease-out;
|
28 |
-
-o-transition: -o-transform .3s ease-out;
|
29 |
-
transition: transform .3s ease-out;
|
30 |
-
-webkit-transform: translate(0, -25%);
|
31 |
-
-ms-transform: translate(0, -25%);
|
32 |
-
-o-transform: translate(0, -25%);
|
33 |
-
transform: translate(0, -25%)
|
34 |
-
}
|
35 |
-
|
36 |
-
.mo2f_modal.in .mo2f_modal-dialog {
|
37 |
-
-webkit-transform: translate(0, 80px) !important;
|
38 |
-
-ms-transform: translate(0, 80px) !important;
|
39 |
-
-o-transform: translate(0, 80px) !important;
|
40 |
-
transform: translate(0, 80px) !important;
|
41 |
-
|
42 |
-
}
|
43 |
-
|
44 |
-
.mo2f_modal-open .mo2f_modal {
|
45 |
-
overflow-x: hidden;
|
46 |
-
overflow-y: hidden;
|
47 |
-
}
|
48 |
-
|
49 |
-
.mo2f_modal-dialog {
|
50 |
-
position: relative;
|
51 |
-
width: auto;
|
52 |
-
margin: 10px;
|
53 |
-
|
54 |
-
}
|
55 |
-
|
56 |
-
.login mo_customer_validation-modal-content {
|
57 |
-
position: relative !important;
|
58 |
-
background-color: #fff !important;
|
59 |
-
-webkit-background-clip: padding-box !important;
|
60 |
-
background-clip: padding-box !important;
|
61 |
-
border: 1px solid #999 !important;
|
62 |
-
border: 1px solid rgba(0, 0, 0, .2) !important;
|
63 |
-
border-radius: 6px !important;
|
64 |
-
outline: 0 !important;
|
65 |
-
|
66 |
-
-webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
|
67 |
-
box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
|
68 |
-
}
|
69 |
-
|
70 |
-
.mo2f-modal-backdrop {
|
71 |
-
position: absolute;
|
72 |
-
top: 0;
|
73 |
-
right: 0;
|
74 |
-
left: 0;
|
75 |
-
background-color: #f1f1f1 !important;
|
76 |
-
filter: alpha(opacity=50) !important;
|
77 |
-
opacity: 0.8 !important;
|
78 |
-
height: 100% !important;
|
79 |
-
}
|
80 |
-
|
81 |
-
#smsAlertModal {
|
82 |
-
background-color: black !important;
|
83 |
-
opacity: 0.8 !important;
|
84 |
-
font-family: Roboto;
|
85 |
-
}
|
86 |
-
|
87 |
-
#twoFAtestAlertModal {
|
88 |
-
background-color: black !important;
|
89 |
-
opacity: 0.8 !important;
|
90 |
-
filter: alpha(opacity=50) !important;
|
91 |
-
}
|
92 |
-
|
93 |
-
.mo2f_modal-header {
|
94 |
-
min-height: 14px;
|
95 |
-
padding: 10px;
|
96 |
-
border-bottom: 1px solid #e5e5e5
|
97 |
-
}
|
98 |
-
|
99 |
-
.mo2f_modal-title {
|
100 |
-
margin: 0 !important;
|
101 |
-
line-height: 1.0 !important;
|
102 |
-
font-size: 1rem;
|
103 |
-
}
|
104 |
-
|
105 |
-
.mo2f_modal-body {
|
106 |
-
/ / width: 96 % !important;
|
107 |
-
position: relative !important;
|
108 |
-
padding: 15px !important;
|
109 |
-
overflow-y: auto !important;
|
110 |
-
max-height: 550px !important;
|
111 |
-
}
|
112 |
-
|
113 |
-
.mo2f_modal-footer {
|
114 |
-
padding: 15px;
|
115 |
-
text-align: right;
|
116 |
-
border-top: 1px solid #e5e5e5
|
117 |
-
}
|
118 |
-
|
119 |
-
.mo2f_modal-footer .btn + .btn {
|
120 |
-
margin-bottom: 0;
|
121 |
-
margin-left: 5px
|
122 |
-
}
|
123 |
-
|
124 |
-
.mo2f_modal-footer .btn-group .btn + .btn {
|
125 |
-
margin-left: -1px
|
126 |
-
}
|
127 |
-
|
128 |
-
.mo2f_modal-footer .btn-block + .btn-block {
|
129 |
-
margin-left: 0
|
130 |
-
}
|
131 |
-
|
132 |
-
.mo2f_modal-scrollbar-measure {
|
133 |
-
position: absolute;
|
134 |
-
top: -9999px;
|
135 |
-
width: 50px;
|
136 |
-
height: 50px;
|
137 |
-
overflow: scroll
|
138 |
-
}
|
139 |
-
|
140 |
-
.mo2f_close {
|
141 |
-
float: right;
|
142 |
-
font-size: 21px;
|
143 |
-
font-weight: 700;
|
144 |
-
line-height: 1;
|
145 |
-
color: #000;
|
146 |
-
text-shadow: 0 1px 0 #fff;
|
147 |
-
filter: alpha(opacity=20);
|
148 |
-
opacity: .2
|
149 |
-
}
|
150 |
-
|
151 |
-
.mo2f_close:hover, .mo2f_close:focus {
|
152 |
-
color: #000;
|
153 |
-
text-decoration: none;
|
154 |
-
cursor: pointer;
|
155 |
-
filter: alpha(opacity=50);
|
156 |
-
opacity: .5
|
157 |
-
}
|
158 |
-
|
159 |
-
button.mo2f_close {
|
160 |
-
-webkit-appearance: none;
|
161 |
-
padding: 0;
|
162 |
-
cursor: pointer;
|
163 |
-
background: 0 0;
|
164 |
-
border: 0
|
165 |
-
}
|
166 |
-
|
167 |
-
@media ( min-width: 768px) {
|
168 |
-
.mo2f_modal-dialog {
|
169 |
-
width: 373px;
|
170 |
-
margin: 0px auto
|
171 |
-
}
|
172 |
-
|
173 |
-
.login mo_customer_validation-modal-content {
|
174 |
-
-webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
|
175 |
-
box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
|
176 |
-
}
|
177 |
-
|
178 |
-
.mo2f_modal-sm {
|
179 |
-
width: 300px
|
180 |
-
}
|
181 |
-
|
182 |
-
.mo2f_modal-md {
|
183 |
-
width: 550px
|
184 |
-
}
|
185 |
-
}
|
186 |
-
|
187 |
-
@media ( min-width: 992px) {
|
188 |
-
.mo2f_modal-lg {
|
189 |
-
width: 900px;
|
190 |
-
}
|
191 |
-
|
192 |
-
.mo2f_modal-md {
|
193 |
-
width: 550px
|
194 |
-
}
|
195 |
-
}
|
196 |
-
|
197 |
-
|
198 |
-
@media ( min-width: 768px) {
|
199 |
-
.mo2f_modal-dialog {
|
200 |
-
width: 373px;
|
201 |
-
margin: 0px auto
|
202 |
-
}
|
203 |
-
|
204 |
-
.login mo_customer_validation-modal-content {
|
205 |
-
-webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
|
206 |
-
box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
|
207 |
-
}
|
208 |
-
|
209 |
-
.mo2f_modal-sm {
|
210 |
-
width: 300px
|
211 |
-
}
|
212 |
-
|
213 |
-
.mo2f_modal-md {
|
214 |
-
width: 550px
|
215 |
-
}
|
216 |
-
}
|
217 |
-
|
218 |
-
@media ( min-width: 992px) {
|
219 |
-
.mo2f_modal-lg {
|
220 |
-
width: 900px;
|
221 |
-
}
|
222 |
-
|
223 |
-
.mo2f_modal-md {
|
224 |
-
width: 550px
|
225 |
-
}
|
226 |
-
}
|
227 |
-
|
228 |
-
.center{
|
229 |
-
|
230 |
-
text-align: center !important;
|
231 |
-
}
|
232 |
-
|
233 |
-
#otpMessage {
|
234 |
-
border-radius: 1px;
|
235 |
-
padding: 1px 5px;
|
236 |
-
background: #f1f1f1;
|
237 |
-
}
|
238 |
-
|
239 |
-
.mo2f_carousel-indicators {
|
240 |
-
position: absolute;
|
241 |
-
bottom: -20px;
|
242 |
-
z-index: 15;
|
243 |
-
width: 60%;
|
244 |
-
list-style: none;
|
245 |
-
text-align: center;
|
246 |
-
}
|
247 |
-
|
248 |
-
.miniorange_kba_validate:hover, .miniorange_validate_otp:hover, .miniorange_login_forgotphone:hover,
|
249 |
-
.miniorange_login_offline:hover, .miniorange_login_forgotphone:hover, .miniorange_otp_token_submit:hover {
|
250 |
-
background-color: #0073AA !important
|
251 |
-
}
|
252 |
-
|
253 |
-
.miniorange_kba_validate, .miniorange_validate_otp, .miniorange_login_forgotphone,
|
254 |
-
.miniorange_login_offline, .miniorange_login_forgotphone, .miniorange_otp_token_submit {
|
255 |
-
background: #00A0D2 !important;
|
256 |
-
border-color: #0073AA !important;
|
257 |
-
box-shadow: 0 1px 0 rgba(120, 200, 230, .5) inset, 0 1px 0 rgba(0, 0, 0, .15) !important;
|
258 |
-
color: #FFF !important;
|
259 |
-
text-decoration: none !important;
|
260 |
-
cursor: pointer !important;
|
261 |
-
border-width: 1px !important;
|
262 |
-
border-style: solid !important;
|
263 |
-
border-radius: 3px !important;
|
264 |
-
white-space: nowrap !important;
|
265 |
-
box-sizing: border-box !important;
|
266 |
-
line-height: 28px !important;
|
267 |
-
padding: 0 12px !important;
|
268 |
-
font-size: 13px !important
|
269 |
-
}
|
270 |
-
|
271 |
-
.mo_customer_validation-modal.fade .mo_customer_validation-modal-dialog {
|
272 |
-
-webkit-transition: -webkit-transform .3s ease-out;
|
273 |
-
-o-transition: -o-transform .3s ease-out;
|
274 |
-
transition: transform .3s ease-out;
|
275 |
-
-webkit-transform: translate(0, -25%);
|
276 |
-
-ms-transform: translate(0, -25%);
|
277 |
-
-o-transform: translate(0, -25%);
|
278 |
-
transform: translate(0, -25%)
|
279 |
-
}
|
280 |
-
|
281 |
-
.mo_customer_validation-modal.in .mo_customer_validation-modal-dialog {
|
282 |
-
-webkit-transform: translate(0, 80px) !important;
|
283 |
-
-ms-transform: translate(0, 80px) !important;
|
284 |
-
-o-transform: translate(0, 80px) !important;
|
285 |
-
transform: translate(0, 80px) !important
|
286 |
-
}
|
287 |
-
|
288 |
-
.mo_customer_validation-modal-open .mo_customer_validation-modal {
|
289 |
-
overflow-x: hidden;
|
290 |
-
overflow-y: hidden
|
291 |
-
}
|
292 |
-
|
293 |
-
.mo_customer_validation-modal-dialog {
|
294 |
-
position: relative;
|
295 |
-
width: auto;
|
296 |
-
margin: 10px
|
297 |
-
}
|
298 |
-
|
299 |
-
.mo_customer_validation-modal-content {
|
300 |
-
position: relative;
|
301 |
-
-webkit-background-clip: padding-box;
|
302 |
-
border: 1px solid #999;
|
303 |
-
border: 1px solid rgba(0, 0, 0, .2);
|
304 |
-
outline: 0;
|
305 |
-
margin-top: 8%;
|
306 |
-
margin-left: 0;
|
307 |
-
padding: 15px 20px 0;
|
308 |
-
font-family: "Open Sans", sans-serif;
|
309 |
-
font-size: 14px;
|
310 |
-
line-height: 1.4em;
|
311 |
-
background: #FFF;
|
312 |
-
box-shadow: 0 1px 3px rgba(0, 0, 0, .13)
|
313 |
-
}
|
314 |
-
|
315 |
-
.mo_customer_validation-modal-backdrop {
|
316 |
-
position: absolute;
|
317 |
-
top: 0;
|
318 |
-
right: 0;
|
319 |
-
left: 0;
|
320 |
-
background-color: #000 !important;
|
321 |
-
filter: alpha(opacity=50) !important;
|
322 |
-
opacity: .9 !important;
|
323 |
-
height: 100% !important
|
324 |
-
}
|
325 |
-
|
326 |
-
.mo_customer_validation-modal-header {
|
327 |
-
min-height: 14px;
|
328 |
-
padding: 10px 10px 20px;
|
329 |
-
border-bottom: 1px solid #e5e5e5
|
330 |
-
}
|
331 |
-
|
332 |
-
.mo_customer_validation-modal-title {
|
333 |
-
margin: 0 !important;
|
334 |
-
line-height: 1 !important
|
335 |
-
}
|
336 |
-
|
337 |
-
.mo_customer_validation-modal-body {
|
338 |
-
position: relative;
|
339 |
-
padding: 5%;
|
340 |
-
overflow: hidden !important;
|
341 |
-
max-height: 550px !important
|
342 |
-
}
|
343 |
-
|
344 |
-
.mo_customer_validation-modal-footer {
|
345 |
-
padding: 15px;
|
346 |
-
text-align: right;
|
347 |
-
border-top: 1px solid #e5e5e5
|
348 |
-
}
|
349 |
-
|
350 |
-
.mo_customer_validation-modal-footer .btn + .btn {
|
351 |
-
margin-bottom: 0;
|
352 |
-
margin-left: 5px
|
353 |
-
}
|
354 |
-
|
355 |
-
.mo_customer_validation-modal-footer .btn-group .btn + .btn {
|
356 |
-
margin-left: -1px
|
357 |
-
}
|
358 |
-
|
359 |
-
.mo_customer_validation-modal-footer .btn-block + .btn-block {
|
360 |
-
margin-left: 0
|
361 |
-
}
|
362 |
-
|
363 |
-
.mo_customer_validation-modal-scrollbar-measure {
|
364 |
-
position: absolute;
|
365 |
-
top: -9999px;
|
366 |
-
width: 50px;
|
367 |
-
height: 50px;
|
368 |
-
overflow: scroll
|
369 |
-
}
|
370 |
-
|
371 |
-
@media (min-width: 768px) {
|
372 |
-
.mo_customer_validation-modal-dialog {
|
373 |
-
width: auto;
|
374 |
-
margin: 0 auto
|
375 |
-
}
|
376 |
-
|
377 |
-
.mo_customer_validation-modal-content {
|
378 |
-
-webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
|
379 |
-
box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
|
380 |
-
}
|
381 |
-
|
382 |
-
.mo_customer_validation-modal-sm {
|
383 |
-
width: 300px
|
384 |
-
}
|
385 |
-
|
386 |
-
.mo_customer_validation-modal-md {
|
387 |
-
width: 532px
|
388 |
-
}
|
389 |
-
|
390 |
-
.mo_customer_validation-modal-lg {
|
391 |
-
width: 50%
|
392 |
-
}
|
393 |
-
}
|
394 |
-
|
395 |
-
@media (min-width: 992px) {
|
396 |
-
.mo_customer_validation-modal-dialog {
|
397 |
-
width: auto;
|
398 |
-
margin: 0 auto
|
399 |
-
}
|
400 |
-
|
401 |
-
.mo_customer_validation-modal-lg {
|
402 |
-
width: 490px
|
403 |
-
}
|
404 |
-
|
405 |
-
.mo_customer_validation-modal-md {
|
406 |
-
width: 532px
|
407 |
-
}
|
408 |
-
}
|
409 |
-
|
410 |
-
.mo_customer_validation-textbox {
|
411 |
-
background: #FBFBFB;
|
412 |
-
font-family: "Open Sans", sans-serif;
|
413 |
-
font-size: 24px;
|
414 |
-
width: 100%;
|
415 |
-
border: 1px solid #DDD;
|
416 |
-
padding: 3px;
|
417 |
-
margin: 2px 6px 16px 0
|
418 |
-
}
|
419 |
-
|
420 |
-
.mo_customer_validation-textbox:focus {
|
421 |
-
border-color: #5B9DD9;
|
422 |
-
box-shadow: 0 0 2px rgba(30, 140, 190, .8)
|
423 |
-
|
424 |
-
}
|
425 |
-
|
426 |
-
|
427 |
-
|
428 |
-
/*Hode login*/
|
429 |
-
|
430 |
-
body.login-action-login div#login {
|
431 |
-
display: none;
|
432 |
-
}
|
433 |
-
|
434 |
-
body.login-action-login div#login form#loginform input#user_login {
|
435 |
-
display: none;
|
436 |
-
}
|
437 |
-
|
438 |
-
body.login-action-login div#login form#loginform p.forgetmenot {
|
439 |
-
display: none;
|
440 |
-
}
|
441 |
-
|
442 |
-
body.login-action-login div#login form#loginform p.submit input#wp-submit {
|
443 |
-
display: none;
|
444 |
-
}
|
445 |
-
|
446 |
-
body.login-action-login div#login form#loginform p label {
|
447 |
-
display: none;
|
448 |
-
}
|
449 |
-
|
450 |
-
body.login-action-login div#login p#nav {
|
451 |
-
display: none;
|
452 |
-
}
|
453 |
-
|
454 |
-
body.login-action-login div#login form#loginform input#user_pass {
|
455 |
-
display: none;
|
456 |
-
}
|
457 |
-
|
458 |
-
body.login-action-login div#login div#login_error {
|
459 |
-
display: none;
|
460 |
-
}
|
461 |
-
|
462 |
-
body.login-action-login p.message {
|
463 |
-
display: none;
|
464 |
-
}
|
465 |
-
|
466 |
-
body.login-action-login div#login #loginform {
|
467 |
-
box-shadow: inherit;
|
468 |
-
}
|
469 |
-
|
470 |
-
body.login-action-login div#login div#login_error1 {
|
471 |
-
border-left: 4px solid #dd3d36;
|
472 |
-
margin-left: 0;
|
473 |
-
padding: 12px;
|
474 |
-
background: #fff;
|
475 |
-
-webkit-box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
|
476 |
-
box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
|
477 |
-
}
|
478 |
-
|
479 |
-
.mo2f_header {
|
480 |
-
font-size: 28px;
|
481 |
-
font-family: -webkit-body;
|
482 |
-
color: #777;
|
483 |
-
}
|
484 |
-
|
485 |
-
.mo2f_powered_by_miniorange {
|
486 |
-
width: 100px;
|
487 |
-
height: 25px;
|
488 |
-
-webkit-background-size: 100px 25px;
|
489 |
-
background-size: 100px 25px;
|
490 |
-
background-repeat: no-repeat;
|
491 |
-
display: inline-block;
|
492 |
-
vertical-align: middle;
|
493 |
-
}
|
494 |
-
|
495 |
-
.mo2f_powered_by_div {
|
496 |
-
text-align: right;
|
497 |
-
font-size: 9px;
|
498 |
-
padding-right: 2%;
|
499 |
-
background-color: #FFFFFF;
|
500 |
-
}
|
501 |
-
|
502 |
-
.button-green {
|
503 |
-
color: rgb(0, 160, 210);
|
504 |
-
background: none !important;
|
505 |
-
border: none;
|
506 |
-
padding: 0 !important;
|
507 |
-
font: inherit;
|
508 |
-
border-color: transparent !important;
|
509 |
-
/*border is optional*/
|
510 |
-
border-bottom: 1px solid #444;
|
511 |
-
cursor: pointer;
|
512 |
-
}
|
513 |
-
|
514 |
-
.mo2fa_display_message {
|
515 |
-
padding: 12px;
|
516 |
-
border-left: 4px solid #00a0d2;
|
517 |
-
background-color: #fff;
|
518 |
-
-webkit-box-shadow: 0 1px
|
519 |
-
box-shadow: 0 1px 1px 0 rgba(0, 0, 0, .1);
|
520 |
-
|
521 |
-
}
|
522 |
-
|
523 |
-
.mo2fa_messages_container {
|
524 |
-
width: 300px;
|
525 |
-
}
|
526 |
-
|
527 |
-
.mo2fa_otp_messages_container {
|
528 |
-
width: 400px;
|
529 |
-
}
|
530 |
-
|
531 |
-
.mo2fa_push_messages_container {
|
532 |
-
width: 300px;
|
533 |
-
}
|
534 |
-
|
535 |
-
.miniorange_mobile_auth, .miniorange_app_setup_page {
|
536 |
-
border: 1px none transparent;
|
537 |
-
padding: 10% 24px 10px 20px;
|
538 |
-
min-height: 360px;
|
539 |
-
background: transparent;
|
540 |
-
z-index: 99999;
|
541 |
-
}
|
542 |
-
|
543 |
-
.mo2f-textbox {
|
544 |
-
width: 160px;
|
545 |
-
margin: 15px 0px !important;
|
546 |
-
background-color: rgba(123, 110, 110, 0.06) !important;
|
547 |
-
border-radius: 4px !important;
|
548 |
-
padding: 3px !important;
|
549 |
-
}
|
550 |
-
|
551 |
-
.miniorange_kba_page {
|
552 |
-
border: 1px none transparent;
|
553 |
-
padding: 10% 24px 10px 20px;
|
554 |
-
min-height: 360px;
|
555 |
-
background: transparent;
|
556 |
-
z-index: 99999;
|
557 |
-
|
558 |
-
}
|
559 |
-
|
560 |
-
.miniorange_push_oobemail_auth, .miniorange_trust_device {
|
561 |
-
border: 1px none transparent;
|
562 |
-
padding: 10% 24px 10px 20px;
|
563 |
-
min-height: 360px;
|
564 |
-
background: transparent;
|
565 |
-
z-index: 99999;
|
566 |
-
}
|
567 |
-
|
568 |
-
.miniorange_soft_auth {
|
569 |
-
border: 1px none transparent;
|
570 |
-
padding: 10% 24px 10px 20px;
|
571 |
-
min-height: 360px;
|
572 |
-
background: transparent;
|
573 |
-
z-index: 99999;
|
574 |
-
}
|
575 |
-
|
576 |
-
.miniorange-inner-login-container {
|
577 |
-
background-color: #fff;
|
578 |
-
margin: 0px auto !important;
|
579 |
-
width: 400px;
|
580 |
-
border-radius: 5px;
|
581 |
-
border: 1px solid rgba(128, 128, 128, 0.06);
|
582 |
-
}
|
583 |
-
|
584 |
-
.miniorange-inner-kba-login-container {
|
585 |
-
background-color: #fff;
|
586 |
-
margin: 0px auto !important;
|
587 |
-
width: 500px;
|
588 |
-
border-radius: 5px;
|
589 |
-
z-index: 99999;
|
590 |
-
border: 1px solid rgba(128, 128, 128, 0.06);
|
591 |
-
}
|
592 |
-
|
593 |
-
.miniorange-inner-push-login-container {
|
594 |
-
background-color: #fff;
|
595 |
-
margin: 0px auto !important;
|
596 |
-
width: 300px;
|
597 |
-
border-radius: 5px;
|
598 |
-
|
599 |
-
z-index: 99999;
|
600 |
-
border: 1px solid rgba(128, 128, 128, 0.06);
|
601 |
-
}
|
602 |
-
|
603 |
-
.miniorange-button {
|
604 |
-
height: 30px;
|
605 |
-
display: inline-block;
|
606 |
-
font-size: 14px;
|
607 |
-
line-height: 28px;
|
608 |
-
padding: 0 12px 2px;
|
609 |
-
border-width: 1px;
|
610 |
-
vertical-align: baseline;
|
611 |
-
background: #00a0d2;
|
612 |
-
border-style: solid;
|
613 |
-
border-color: #0073aa;
|
614 |
-
-webkit-appearance: none;
|
615 |
-
-webkit-border-radius: 3px;
|
616 |
-
border-radius: 3px;
|
617 |
-
white-space: nowrap;
|
618 |
-
-webkit-box-sizing: border-box;
|
619 |
-
-moz-box-sizing: border-box;
|
620 |
-
box-sizing: border-box;
|
621 |
-
-webkit-box-shadow: inset 0 1px 0 rgba(120, 200, 230, .5), 0 1px 0 rgba(0, 0, 0, .15);
|
622 |
-
box-shadow: inset 0 1px 0 rgba(120, 200, 230, .5), 0 1px 0 rgba(0, 0, 0, .15);
|
623 |
-
color: #fff;
|
624 |
-
text-decoration: none;
|
625 |
-
cursor: pointer;
|
626 |
-
}
|
627 |
-
|
628 |
-
.mo_green {
|
629 |
-
background: #2ECC71;
|
630 |
-
border-color: #2ECC71;
|
631 |
-
width: 37%;
|
632 |
-
}
|
633 |
-
|
634 |
-
.mo_red {
|
635 |
-
background: #E74C3C;
|
636 |
-
border-color: #E74C3C;
|
637 |
-
width: 37%;
|
638 |
-
}
|
639 |
-
|
640 |
-
.showQRHelp, .showOTPHelp {
|
641 |
-
text-align: center !important;
|
642 |
-
}
|
643 |
-
|
644 |
-
.mo_email_textbox {
|
645 |
-
width: 48%;
|
646 |
-
text-align: center;
|
647 |
-
height: 40px;
|
648 |
-
font-size: 18px;
|
649 |
-
border-radius: 5px;
|
650 |
-
}
|
651 |
-
|
652 |
-
.mo_header_background {
|
653 |
-
padding: 5px !important;
|
654 |
-
background-color: beige !important;
|
655 |
-
}
|
656 |
-
|
657 |
-
.mo2f_textbox {
|
658 |
-
width: 60% !important;
|
659 |
-
border-radius: 4px !important;
|
660 |
-
height: 30px !important;
|
661 |
-
font-size: 14px !important;
|
662 |
-
}
|
663 |
-
|
664 |
-
.mo2f_kba_textbox {
|
665 |
-
width: 100% !important;
|
666 |
-
border-radius: 4px !important;
|
667 |
-
height: 30px !important;
|
668 |
-
font-size: 14px !important;
|
669 |
-
}
|
670 |
-
|
671 |
-
.mo_hr {
|
672 |
-
border-top: 1px solid rgba(220, 214, 214, 0.25) !important;
|
673 |
-
margin-top: 5px !important;
|
674 |
-
margin-right: 10px !important;
|
675 |
-
}
|
676 |
-
|
677 |
-
.mo_margin_left {
|
678 |
-
margin-left: 20px !important;
|
679 |
-
}
|
680 |
-
|
681 |
-
.miniorange-app-setup-container {
|
682 |
-
background-color: #fff;
|
683 |
-
margin: 0px auto !important;
|
684 |
-
width: 700px;
|
685 |
-
border-radius: 5px;
|
686 |
-
margin-top: -100px !important;
|
687 |
-
z-index: 99999;
|
688 |
-
border: 1px solid rgba(128, 128, 128, 0.06);
|
689 |
-
|
690 |
-
}
|
691 |
-
|
692 |
-
.miniorange-ga-setup-container {
|
693 |
-
background-color: #fff;
|
694 |
-
margin: 0px auto !important;
|
695 |
-
width: 900px;
|
696 |
-
border-radius: 5px;
|
697 |
-
margin-top: -50px !important;
|
698 |
-
z-index: 99999;
|
699 |
-
border: 1px solid rgba(128, 128, 128, 0.06);
|
700 |
-
}
|
701 |
-
|
702 |
-
.mo_app_link {
|
703 |
-
text-decoration: none !important;
|
704 |
-
color: #000 !important;
|
705 |
-
}
|
706 |
-
|
707 |
-
.mo2fa_app_setup_messages {
|
708 |
-
width: 700px;
|
709 |
-
}
|
710 |
-
|
711 |
-
.mo2f_td_show {
|
712 |
-
display: grid !important;
|
713 |
-
}
|
714 |
-
|
715 |
-
.mo2f_td_hide {
|
716 |
-
display: none !important;
|
717 |
-
}
|
718 |
-
|
719 |
-
.mo2f_kba_ques {
|
720 |
-
width: 370px !important;
|
721 |
-
border-radius: 4px !important;
|
722 |
-
height: 30px !important;
|
723 |
-
font-size: 14px !important;
|
724 |
-
}
|
725 |
-
|
726 |
-
.mo2f_kba_table {
|
727 |
-
padding: 0 10px;
|
728 |
-
width: 100%;
|
729 |
-
}
|
730 |
-
|
731 |
-
.mo2f_kba_tb_data {
|
732 |
-
padding-left: 15px;
|
733 |
-
}
|
734 |
-
|
735 |
-
.mo2f_table_textbox {
|
736 |
-
width: 150px;
|
737 |
-
height: 30px !important;
|
738 |
-
font-size: 14px !important;
|
739 |
-
|
740 |
-
}
|
741 |
-
|
742 |
-
.mo2f_kba_header {
|
743 |
-
font-weight: bold;
|
744 |
-
}
|
745 |
-
|
746 |
-
.mo2f_separator {
|
747 |
-
border-left: 1px solid #EBECEC;
|
748 |
-
padding: 5px;
|
749 |
-
}
|
750 |
-
|
751 |
-
.mo2f_inline_padding {
|
752 |
-
padding-left: 20px;
|
753 |
-
padding-right: 20px;
|
754 |
-
}
|
755 |
-
|
756 |
-
|
757 |
-
|
758 |
-
|
759 |
-
|
760 |
-
|
761 |
-
|
762 |
-
.mo2f_powered_by_miniorange {
|
763 |
-
width: 100px;
|
764 |
-
height: 30px;
|
765 |
-
-webkit-background-size: 100px 25px;
|
766 |
-
background-size: 100px 25px;
|
767 |
-
background-repeat: no-repeat;
|
768 |
-
display: inline-block;
|
769 |
-
vertical-align: middle;
|
770 |
-
}
|
771 |
-
|
772 |
-
.mo2f_powered_by_div {
|
773 |
-
text-align: right;
|
774 |
-
font-size: 9px;
|
775 |
-
padding-right: 5px;
|
776 |
-
background-color: #FFFFFF;
|
777 |
-
width: 92%;
|
778 |
-
border-radius: 6px;
|
779 |
-
}
|
780 |
-
|
781 |
-
.mo2f-login-container {
|
782 |
-
display: inline-block !important;
|
783 |
-
display: -moz-inline-stack !important;
|
784 |
-
text-align: center !important;
|
785 |
-
width: 100%;
|
786 |
-
|
787 |
-
}
|
788 |
-
|
789 |
-
.mo2f-button {
|
790 |
-
width: 100% !important;
|
791 |
-
color: #fff !important;
|
792 |
-
line-height: normal;
|
793 |
-
height: 30px !important;
|
794 |
-
margin: 0px !important;
|
795 |
-
font-size: 14px !important;
|
796 |
-
padding: 7px !important;
|
797 |
-
background-color: #f0ad4e !important;
|
798 |
-
border-color: #eea236 !important;
|
799 |
-
-webkit-appearance: none;
|
800 |
-
-webkit-border-radius: 3px !important;
|
801 |
-
border-radius: 3px !important;
|
802 |
-
|
803 |
-
}
|
804 |
-
|
805 |
-
.mo2fa_display_message_login {
|
806 |
-
text-align: left !important;
|
807 |
-
font-size: 13px !important;
|
808 |
-
}
|
809 |
-
|
810 |
-
.mo2f-link {
|
811 |
-
color: #0191BF !important;
|
812 |
-
font-size: 14px !important;
|
813 |
-
font-weight: bold !important;
|
814 |
-
cursor: pointer !important;
|
815 |
-
}
|
816 |
-
|
817 |
-
.mo_green {
|
818 |
-
background: #2ECC71 !important;
|
819 |
-
border-color: #2ECC71 !important;
|
820 |
-
width: 26% !important;
|
821 |
-
border-width: 1px;
|
822 |
-
vertical-align: middle !important;
|
823 |
-
border-radius: 3px !important;
|
824 |
-
color: white;
|
825 |
-
height: 30px;
|
826 |
-
cursor: pointer;
|
827 |
-
}
|
828 |
-
|
829 |
-
.mo_red {
|
830 |
-
background: #E74C3C !important;
|
831 |
-
border-color: #E74C3C !important;
|
832 |
-
width: 26% !important;
|
833 |
-
border-width: 1px;
|
834 |
-
vertical-align: middle !important;
|
835 |
-
border-radius: 3px !important;
|
836 |
-
color: white;
|
837 |
-
height: 30px;
|
838 |
-
cursor: pointer;
|
839 |
-
}
|
840 |
-
|
841 |
-
.mo_otp_token {
|
842 |
-
font-size: 15px;
|
843 |
-
color: #212F3C;
|
844 |
-
border: none;
|
845 |
-
display: block;
|
846 |
-
border-bottom-style: solid;
|
847 |
-
border-width: 2px;
|
848 |
-
border-color: #D0D3D4;
|
849 |
-
border-radius: 0px;
|
850 |
-
outline: none;
|
851 |
-
width: 140px;
|
852 |
-
text-align: center;
|
853 |
-
}
|
854 |
-
|
855 |
-
.showQRHelp, .showOTPHelp {
|
856 |
-
text-align: center !important;
|
857 |
-
|
858 |
-
}
|
859 |
-
|
860 |
-
.mo2f_device {
|
861 |
-
padding-left: 200px !important;
|
862 |
-
vertical-align: -webkit-baseline-middle !important;
|
863 |
-
line-height: 3 !important;
|
864 |
-
}
|
865 |
-
|
866 |
-
.miniorange-button {
|
867 |
-
height: 30px;
|
868 |
-
font-size: 14px !important;
|
869 |
-
line-height: 5px !important;
|
870 |
-
padding: 16px !important;
|
871 |
-
border-width: 1px;
|
872 |
-
vertical-align: middle !important;
|
873 |
-
background-color: #f0ad4e !important;
|
874 |
-
border-color: #eea236 !important;
|
875 |
-
-webkit-appearance: none;
|
876 |
-
border-style: solid;
|
877 |
-
-webkit-border-radius: 3px !important;
|
878 |
-
border-radius: 3px !important;
|
879 |
-
white-space: nowrap;
|
880 |
-
-webkit-box-sizing: border-box;
|
881 |
-
-moz-box-sizing: border-box;
|
882 |
-
box-sizing: border-box;
|
883 |
-
color: #fff;
|
884 |
-
text-decoration: none;
|
885 |
-
cursor: pointer;
|
886 |
-
}
|
887 |
-
|
888 |
-
.mo_hr {
|
889 |
-
border-top: 1px solid rgba(220, 214, 214, 0.25) !important;
|
890 |
-
margin-top: 5px !important;
|
891 |
-
margin-right: 10px !important;
|
892 |
-
}
|
893 |
-
|
894 |
-
.mo_margin_left {
|
895 |
-
margin-left: 20px !important;
|
896 |
-
}
|
897 |
-
|
898 |
-
.mo_app_link {
|
899 |
-
text-decoration: none !important;
|
900 |
-
color: #000 !important;
|
901 |
-
}
|
902 |
-
|
903 |
-
.mo2f_td_show {
|
904 |
-
display: grid !important;
|
905 |
-
}
|
906 |
-
|
907 |
-
.mo2f_td_hide {
|
908 |
-
display: none !important;
|
909 |
-
}
|
910 |
-
|
911 |
-
.mo2f_label {
|
912 |
-
font-weight: 100 !important;
|
913 |
-
margin-left: 10px !important;
|
914 |
-
|
915 |
-
}
|
916 |
-
|
917 |
-
.mo2f_kba_ques {
|
918 |
-
width: 394px !important;
|
919 |
-
border-radius: 4px !important;
|
920 |
-
height: 40px !important;
|
921 |
-
font-size: 14px !important;
|
922 |
-
}
|
923 |
-
|
924 |
-
.mo2f_kba_table {
|
925 |
-
padding: 0 10px;
|
926 |
-
width: 100%;
|
927 |
-
border: hidden !important;
|
928 |
-
}
|
929 |
-
|
930 |
-
.mo2f_kba_tb_data {
|
931 |
-
padding-left: 15px;
|
932 |
-
}
|
933 |
-
|
934 |
-
.mo2f_table_textbox_1 {
|
935 |
-
width: 150px;
|
936 |
-
height: 30px !important;
|
937 |
-
font-size: 14px !important;
|
938 |
-
}
|
939 |
-
|
940 |
-
.mo2f_table_textbox {
|
941 |
-
width: 200px;
|
942 |
-
height: 40px !important;
|
943 |
-
font-size: 14px !important;
|
944 |
-
|
945 |
-
}
|
946 |
-
|
947 |
-
.mo2f_kba_header {
|
948 |
-
font-weight: bold;
|
949 |
-
border: hidden !important;
|
950 |
-
}
|
951 |
-
|
952 |
-
.mo2f_kba_body {
|
953 |
-
border: hidden !important;
|
954 |
-
}
|
955 |
-
|
956 |
-
.mo2f_separator {
|
957 |
-
border-left: 1px solid #EBECEC;
|
958 |
-
padding: 5px;
|
959 |
-
}
|
960 |
-
|
961 |
-
.mo2f_authn_header {
|
962 |
-
font-size: 14px !important;
|
963 |
-
}
|
964 |
-
|
965 |
-
#mo2f_inline_table {
|
966 |
-
border: hidden !important;
|
967 |
-
}
|
968 |
-
|
969 |
-
.mo2f_ordered_list {
|
970 |
-
margin: 0 0 0 1em !important;
|
971 |
-
}
|
972 |
-
|
973 |
-
.mo2f_list {
|
974 |
-
font-size: 14px !important;
|
1 |
+
.mo2f_modal-open {
|
2 |
+
overflow: hidden !important;
|
3 |
+
position: fixed !important;
|
4 |
+
width: 100% !important;
|
5 |
+
|
6 |
+
}
|
7 |
+
|
8 |
+
.mo2f_modal {
|
9 |
+
position: fixed !important;
|
10 |
+
top: 0;
|
11 |
+
right: 0;
|
12 |
+
bottom: 0;
|
13 |
+
left: 0;
|
14 |
+
z-index: 100000 !important;
|
15 |
+
|
16 |
+
overflow: hidden !important;
|
17 |
+
-webkit-overflow-scrolling: touch;
|
18 |
+
outline: 0;
|
19 |
+
|
20 |
+
}
|
21 |
+
|
22 |
+
.mo2f_modal_inner {
|
23 |
+
display: none;
|
24 |
+
}
|
25 |
+
|
26 |
+
.mo2f_modal.fade .mo2f_modal-dialog {
|
27 |
+
-webkit-transition: -webkit-transform .3s ease-out;
|
28 |
+
-o-transition: -o-transform .3s ease-out;
|
29 |
+
transition: transform .3s ease-out;
|
30 |
+
-webkit-transform: translate(0, -25%);
|
31 |
+
-ms-transform: translate(0, -25%);
|
32 |
+
-o-transform: translate(0, -25%);
|
33 |
+
transform: translate(0, -25%)
|
34 |
+
}
|
35 |
+
|
36 |
+
.mo2f_modal.in .mo2f_modal-dialog {
|
37 |
+
-webkit-transform: translate(0, 80px) !important;
|
38 |
+
-ms-transform: translate(0, 80px) !important;
|
39 |
+
-o-transform: translate(0, 80px) !important;
|
40 |
+
transform: translate(0, 80px) !important;
|
41 |
+
|
42 |
+
}
|
43 |
+
|
44 |
+
.mo2f_modal-open .mo2f_modal {
|
45 |
+
overflow-x: hidden;
|
46 |
+
overflow-y: hidden;
|
47 |
+
}
|
48 |
+
|
49 |
+
.mo2f_modal-dialog {
|
50 |
+
position: relative;
|
51 |
+
width: auto;
|
52 |
+
margin: 10px;
|
53 |
+
|
54 |
+
}
|
55 |
+
|
56 |
+
.login mo_customer_validation-modal-content {
|
57 |
+
position: relative !important;
|
58 |
+
background-color: #fff !important;
|
59 |
+
-webkit-background-clip: padding-box !important;
|
60 |
+
background-clip: padding-box !important;
|
61 |
+
border: 1px solid #999 !important;
|
62 |
+
border: 1px solid rgba(0, 0, 0, .2) !important;
|
63 |
+
border-radius: 6px !important;
|
64 |
+
outline: 0 !important;
|
65 |
+
|
66 |
+
-webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
|
67 |
+
box-shadow: 0 3px 9px rgba(0, 0, 0, .5) !important;
|
68 |
+
}
|
69 |
+
|
70 |
+
.mo2f-modal-backdrop {
|
71 |
+
position: absolute;
|
72 |
+
top: 0;
|
73 |
+
right: 0;
|
74 |
+
left: 0;
|
75 |
+
background-color: #f1f1f1 !important;
|
76 |
+
filter: alpha(opacity=50) !important;
|
77 |
+
opacity: 0.8 !important;
|
78 |
+
height: 100% !important;
|
79 |
+
}
|
80 |
+
|
81 |
+
#smsAlertModal {
|
82 |
+
background-color: black !important;
|
83 |
+
opacity: 0.8 !important;
|
84 |
+
font-family: Roboto;
|
85 |
+
}
|
86 |
+
|
87 |
+
#twoFAtestAlertModal {
|
88 |
+
background-color: black !important;
|
89 |
+
opacity: 0.8 !important;
|
90 |
+
filter: alpha(opacity=50) !important;
|
91 |
+
}
|
92 |
+
|
93 |
+
.mo2f_modal-header {
|
94 |
+
min-height: 14px;
|
95 |
+
padding: 10px;
|
96 |
+
border-bottom: 1px solid #e5e5e5
|
97 |
+
}
|
98 |
+
|
99 |
+
.mo2f_modal-title {
|
100 |
+
margin: 0 !important;
|
101 |
+
line-height: 1.0 !important;
|
102 |
+
font-size: 1rem;
|
103 |
+
}
|
104 |
+
|
105 |
+
.mo2f_modal-body {
|
106 |
+
/ / width: 96 % !important;
|
107 |
+
position: relative !important;
|
108 |
+
padding: 15px !important;
|
109 |
+
overflow-y: auto !important;
|
110 |
+
max-height: 550px !important;
|
111 |
+
}
|
112 |
+
|
113 |
+
.mo2f_modal-footer {
|
114 |
+
padding: 15px;
|
115 |
+
text-align: right;
|
116 |
+
border-top: 1px solid #e5e5e5
|
117 |
+
}
|
118 |
+
|
119 |
+
.mo2f_modal-footer .btn + .btn {
|
120 |
+
margin-bottom: 0;
|
121 |
+
margin-left: 5px
|
122 |
+
}
|
123 |
+
|
124 |
+
.mo2f_modal-footer .btn-group .btn + .btn {
|
125 |
+
margin-left: -1px
|
126 |
+
}
|
127 |
+
|
128 |
+
.mo2f_modal-footer .btn-block + .btn-block {
|
129 |
+
margin-left: 0
|
130 |
+
}
|
131 |
+
|
132 |
+
.mo2f_modal-scrollbar-measure {
|
133 |
+
position: absolute;
|
134 |
+
top: -9999px;
|
135 |
+
width: 50px;
|
136 |
+
height: 50px;
|
137 |
+
overflow: scroll
|
138 |
+
}
|
139 |
+
|
140 |
+
.mo2f_close {
|
141 |
+
float: right;
|
142 |
+
font-size: 21px;
|
143 |
+
font-weight: 700;
|
144 |
+
line-height: 1;
|
145 |
+
color: #000;
|
146 |
+
text-shadow: 0 1px 0 #fff;
|
147 |
+
filter: alpha(opacity=20);
|
148 |
+
opacity: .2
|
149 |
+
}
|
150 |
+
|
151 |
+
.mo2f_close:hover, .mo2f_close:focus {
|
152 |
+
color: #000;
|
153 |
+
text-decoration: none;
|
154 |
+
cursor: pointer;
|
155 |
+
filter: alpha(opacity=50);
|
156 |
+
opacity: .5
|
157 |
+
}
|
158 |
+
|
159 |
+
button.mo2f_close {
|
160 |
+
-webkit-appearance: none;
|
161 |
+
padding: 0;
|
162 |
+
cursor: pointer;
|
163 |
+
background: 0 0;
|
164 |
+
border: 0
|
165 |
+
}
|
166 |
+
|
167 |
+
@media ( min-width: 768px) {
|
168 |
+
.mo2f_modal-dialog {
|
169 |
+
width: 373px;
|
170 |
+
margin: 0px auto
|
171 |
+
}
|
172 |
+
|
173 |
+
.login mo_customer_validation-modal-content {
|
174 |
+
-webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
|
175 |
+
box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
|
176 |
+
}
|
177 |
+
|
178 |
+
.mo2f_modal-sm {
|
179 |
+
width: 300px
|
180 |
+
}
|
181 |
+
|
182 |
+
.mo2f_modal-md {
|
183 |
+
width: 550px
|
184 |
+
}
|
185 |
+
}
|
186 |
+
|
187 |
+
@media ( min-width: 992px) {
|
188 |
+
.mo2f_modal-lg {
|
189 |
+
width: 900px;
|
190 |
+
}
|
191 |
+
|
192 |
+
.mo2f_modal-md {
|
193 |
+
width: 550px
|
194 |
+
}
|
195 |
+
}
|
196 |
+
|
197 |
+
|
198 |
+
@media ( min-width: 768px) {
|
199 |
+
.mo2f_modal-dialog {
|
200 |
+
width: 373px;
|
201 |
+
margin: 0px auto
|
202 |
+
}
|
203 |
+
|
204 |
+
.login mo_customer_validation-modal-content {
|
205 |
+
-webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
|
206 |
+
box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
|
207 |
+
}
|
208 |
+
|
209 |
+
.mo2f_modal-sm {
|
210 |
+
width: 300px
|
211 |
+
}
|
212 |
+
|
213 |
+
.mo2f_modal-md {
|
214 |
+
width: 550px
|
215 |
+
}
|
216 |
+
}
|
217 |
+
|
218 |
+
@media ( min-width: 992px) {
|
219 |
+
.mo2f_modal-lg {
|
220 |
+
width: 900px;
|
221 |
+
}
|
222 |
+
|
223 |
+
.mo2f_modal-md {
|
224 |
+
width: 550px
|
225 |
+
}
|
226 |
+
}
|
227 |
+
|
228 |
+
.center{
|
229 |
+
|
230 |
+
text-align: center !important;
|
231 |
+
}
|
232 |
+
|
233 |
+
#otpMessage {
|
234 |
+
border-radius: 1px;
|
235 |
+
padding: 1px 5px;
|
236 |
+
background: #f1f1f1;
|
237 |
+
}
|
238 |
+
|
239 |
+
.mo2f_carousel-indicators {
|
240 |
+
position: absolute;
|
241 |
+
bottom: -20px;
|
242 |
+
z-index: 15;
|
243 |
+
width: 60%;
|
244 |
+
list-style: none;
|
245 |
+
text-align: center;
|
246 |
+
}
|
247 |
+
|
248 |
+
.miniorange_kba_validate:hover, .miniorange_validate_otp:hover, .miniorange_login_forgotphone:hover,
|
249 |
+
.miniorange_login_offline:hover, .miniorange_login_forgotphone:hover, .miniorange_otp_token_submit:hover {
|
250 |
+
background-color: #0073AA !important
|
251 |
+
}
|
252 |
+
|
253 |
+
.miniorange_kba_validate, .miniorange_validate_otp, .miniorange_login_forgotphone,
|
254 |
+
.miniorange_login_offline, .miniorange_login_forgotphone, .miniorange_otp_token_submit {
|
255 |
+
background: #00A0D2 !important;
|
256 |
+
border-color: #0073AA !important;
|
257 |
+
box-shadow: 0 1px 0 rgba(120, 200, 230, .5) inset, 0 1px 0 rgba(0, 0, 0, .15) !important;
|
258 |
+
color: #FFF !important;
|
259 |
+
text-decoration: none !important;
|
260 |
+
cursor: pointer !important;
|
261 |
+
border-width: 1px !important;
|
262 |
+
border-style: solid !important;
|
263 |
+
border-radius: 3px !important;
|
264 |
+
white-space: nowrap !important;
|
265 |
+
box-sizing: border-box !important;
|
266 |
+
line-height: 28px !important;
|
267 |
+
padding: 0 12px !important;
|
268 |
+
font-size: 13px !important
|
269 |
+
}
|
270 |
+
|
271 |
+
.mo_customer_validation-modal.fade .mo_customer_validation-modal-dialog {
|
272 |
+
-webkit-transition: -webkit-transform .3s ease-out;
|
273 |
+
-o-transition: -o-transform .3s ease-out;
|
274 |
+
transition: transform .3s ease-out;
|
275 |
+
-webkit-transform: translate(0, -25%);
|
276 |
+
-ms-transform: translate(0, -25%);
|
277 |
+
-o-transform: translate(0, -25%);
|
278 |
+
transform: translate(0, -25%)
|
279 |
+
}
|
280 |
+
|
281 |
+
.mo_customer_validation-modal.in .mo_customer_validation-modal-dialog {
|
282 |
+
-webkit-transform: translate(0, 80px) !important;
|
283 |
+
-ms-transform: translate(0, 80px) !important;
|
284 |
+
-o-transform: translate(0, 80px) !important;
|
285 |
+
transform: translate(0, 80px) !important
|
286 |
+
}
|
287 |
+
|
288 |
+
.mo_customer_validation-modal-open .mo_customer_validation-modal {
|
289 |
+
overflow-x: hidden;
|
290 |
+
overflow-y: hidden
|
291 |
+
}
|
292 |
+
|
293 |
+
.mo_customer_validation-modal-dialog {
|
294 |
+
position: relative;
|
295 |
+
width: auto;
|
296 |
+
margin: 10px
|
297 |
+
}
|
298 |
+
|
299 |
+
.mo_customer_validation-modal-content {
|
300 |
+
position: relative;
|
301 |
+
-webkit-background-clip: padding-box;
|
302 |
+
border: 1px solid #999;
|
303 |
+
border: 1px solid rgba(0, 0, 0, .2);
|
304 |
+
outline: 0;
|
305 |
+
margin-top: 8%;
|
306 |
+
margin-left: 0;
|
307 |
+
padding: 15px 20px 0;
|
308 |
+
font-family: "Open Sans", sans-serif;
|
309 |
+
font-size: 14px;
|
310 |
+
line-height: 1.4em;
|
311 |
+
background: #FFF;
|
312 |
+
box-shadow: 0 1px 3px rgba(0, 0, 0, .13)
|
313 |
+
}
|
314 |
+
|
315 |
+
.mo_customer_validation-modal-backdrop {
|
316 |
+
position: absolute;
|
317 |
+
top: 0;
|
318 |
+
right: 0;
|
319 |
+
left: 0;
|
320 |
+
background-color: #000 !important;
|
321 |
+
filter: alpha(opacity=50) !important;
|
322 |
+
opacity: .9 !important;
|
323 |
+
height: 100% !important
|
324 |
+
}
|
325 |
+
|
326 |
+
.mo_customer_validation-modal-header {
|
327 |
+
min-height: 14px;
|
328 |
+
padding: 10px 10px 20px;
|
329 |
+
border-bottom: 1px solid #e5e5e5
|
330 |
+
}
|
331 |
+
|
332 |
+
.mo_customer_validation-modal-title {
|
333 |
+
margin: 0 !important;
|
334 |
+
line-height: 1 !important
|
335 |
+
}
|
336 |
+
|
337 |
+
.mo_customer_validation-modal-body {
|
338 |
+
position: relative;
|
339 |
+
padding: 5%;
|
340 |
+
overflow: hidden !important;
|
341 |
+
max-height: 550px !important
|
342 |
+
}
|
343 |
+
|
344 |
+
.mo_customer_validation-modal-footer {
|
345 |
+
padding: 15px;
|
346 |
+
text-align: right;
|
347 |
+
border-top: 1px solid #e5e5e5
|
348 |
+
}
|
349 |
+
|
350 |
+
.mo_customer_validation-modal-footer .btn + .btn {
|
351 |
+
margin-bottom: 0;
|
352 |
+
margin-left: 5px
|
353 |
+
}
|
354 |
+
|
355 |
+
.mo_customer_validation-modal-footer .btn-group .btn + .btn {
|
356 |
+
margin-left: -1px
|
357 |
+
}
|
358 |
+
|
359 |
+
.mo_customer_validation-modal-footer .btn-block + .btn-block {
|
360 |
+
margin-left: 0
|
361 |
+
}
|
362 |
+
|
363 |
+
.mo_customer_validation-modal-scrollbar-measure {
|
364 |
+
position: absolute;
|
365 |
+
top: -9999px;
|
366 |
+
width: 50px;
|
367 |
+
height: 50px;
|
368 |
+
overflow: scroll
|
369 |
+
}
|
370 |
+
|
371 |
+
@media (min-width: 768px) {
|
372 |
+
.mo_customer_validation-modal-dialog {
|
373 |
+
width: auto;
|
374 |
+
margin: 0 auto
|
375 |
+
}
|
376 |
+
|
377 |
+
.mo_customer_validation-modal-content {
|
378 |
+
-webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, .5);
|
379 |
+
box-shadow: 0 5px 15px rgba(0, 0, 0, .5)
|
380 |
+
}
|
381 |
+
|
382 |
+
.mo_customer_validation-modal-sm {
|
383 |
+
width: 300px
|
384 |
+
}
|
385 |
+
|
386 |
+
.mo_customer_validation-modal-md {
|
387 |
+
width: 532px
|
388 |
+
}
|
389 |
+
|
390 |
+
.mo_customer_validation-modal-lg {
|
391 |
+
width: 50%
|
392 |
+
}
|
393 |
+
}
|
394 |
+
|
395 |
+
@media (min-width: 992px) {
|
396 |
+
.mo_customer_validation-modal-dialog {
|
397 |
+
width: auto;
|
398 |
+
margin: 0 auto
|
399 |
+
}
|
400 |
+
|
401 |
+
.mo_customer_validation-modal-lg {
|
402 |
+
width: 490px
|
403 |
+
}
|
404 |
+
|
405 |
+
.mo_customer_validation-modal-md {
|
406 |
+
width: 532px
|
407 |
+
}
|
408 |
+
}
|
409 |
+
|
410 |
+
.mo_customer_validation-textbox {
|
411 |
+
background: #FBFBFB;
|
412 |
+
font-family: "Open Sans", sans-serif;
|
413 |
+
font-size: 24px;
|
414 |
+
width: 100%;
|
415 |
+
border: 1px solid #DDD;
|
416 |
+
padding: 3px;
|
417 |
+
margin: 2px 6px 16px 0
|
418 |
+
}
|
419 |
+
|
420 |
+
.mo_customer_validation-textbox:focus {
|
421 |
+
border-color: #5B9DD9;
|
422 |
+
box-shadow: 0 0 2px rgba(30, 140, 190, .8)
|
423 |
+
|
424 |
+
}
|
425 |
+
|
426 |
+
|
427 |
+
|
428 |
+
/*Hode login*/
|
429 |
+
|
430 |
+
body.login-action-login div#login {
|
431 |
+
display: none;
|
432 |
+
}
|
433 |
+
|
434 |
+
body.login-action-login div#login form#loginform input#user_login {
|
435 |
+
display: none;
|
436 |
+
}
|
437 |
+
|
438 |
+
body.login-action-login div#login form#loginform p.forgetmenot {
|
439 |
+
display: none;
|
440 |
+
}
|
441 |
+
|
442 |
+
body.login-action-login div#login form#loginform p.submit input#wp-submit {
|
443 |
+
display: none;
|
444 |
+
}
|
445 |
+
|
446 |
+
body.login-action-login div#login form#loginform p label {
|
447 |
+
display: none;
|
448 |
+
}
|
449 |
+
|
450 |
+
body.login-action-login div#login p#nav {
|
451 |
+
display: none;
|
452 |
+
}
|
453 |
+
|
454 |
+
body.login-action-login div#login form#loginform input#user_pass {
|
455 |
+
display: none;
|
456 |
+
}
|
457 |
+
|
458 |
+
body.login-action-login div#login div#login_error {
|
459 |
+
display: none;
|
460 |
+
}
|
461 |
+
|
462 |
+
body.login-action-login p.message {
|
463 |
+
display: none;
|
464 |
+
}
|
465 |
+
|
466 |
+
body.login-action-login div#login #loginform {
|
467 |
+
box-shadow: inherit;
|
468 |
+
}
|
469 |
+
|
470 |
+
body.login-action-login div#login div#login_error1 {
|
471 |
+
border-left: 4px solid #dd3d36;
|
472 |
+
margin-left: 0;
|
473 |
+
padding: 12px;
|
474 |
+
background: #fff;
|
475 |
+
-webkit-box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
|
476 |
+
box-shadow: 0 1px 1px 0 rgba(0, 0, 0, 0.1);
|
477 |
+
}
|
478 |
+
|
479 |
+
.mo2f_header {
|
480 |
+
font-size: 28px;
|
481 |
+
font-family: -webkit-body;
|
482 |
+
color: #777;
|
483 |
+
}
|
484 |
+
|
485 |
+
.mo2f_powered_by_miniorange {
|
486 |
+
width: 100px;
|
487 |
+
height: 25px;
|
488 |
+
-webkit-background-size: 100px 25px;
|
489 |
+
background-size: 100px 25px;
|
490 |
+
background-repeat: no-repeat;
|
491 |
+
display: inline-block;
|
492 |
+
vertical-align: middle;
|
493 |
+
}
|
494 |
+
|
495 |
+
.mo2f_powered_by_div {
|
496 |
+
text-align: right;
|
497 |
+
font-size: 9px;
|
498 |
+
padding-right: 2%;
|
499 |
+
background-color: #FFFFFF;
|
500 |
+
}
|
501 |
+
|
502 |
+
.button-green {
|
503 |
+
color: rgb(0, 160, 210);
|
504 |
+
background: none !important;
|
505 |
+
border: none;
|
506 |
+
padding: 0 !important;
|
507 |
+
font: inherit;
|
508 |
+
border-color: transparent !important;
|
509 |
+
/*border is optional*/
|
510 |
+
border-bottom: 1px solid #444;
|
511 |
+
cursor: pointer;
|
512 |
+
}
|
513 |
+
|
514 |
+
.mo2fa_display_message {
|
515 |
+
padding: 12px;
|
516 |
+
border-left: 4px solid #00a0d2;
|
517 |
+
background-color: #fff;
|
518 |
+
-webkit-box-shadow: 0 1px
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|