Version Description
Download this release
Release Info
| Developer | cyberlord92 |
| Plugin |  Google Authenticator – WordPress Two Factor Authentication (2FA) |
| Version | 5.4.31 |
| Comparing to | |
| See all releases | |
Code changes from version 5.4.30 to 5.4.31
- api/Mo2f_OnPremRedirect.php +10 -4
- api/class-customer-onprem-setup.php +1 -1
- controllers/request_christmas_offer.php +48 -0
- controllers/twofa/two_factor_ajax.php +87 -65
- database/database_functions.php +2 -2
- handler/twofa/setup_twofa.php +2 -1
- handler/twofa/two_fa_settings.php +678 -712
- handler/twofa/two_fa_utility.php +3 -0
- includes/images/christmas_offer.PNG +0 -0
- includes/images/santa-gif.gif +0 -0
- miniorange_2_factor_settings.php +2 -2
- readme.txt +11 -1
- views/request_christmas_offer.php +36 -0
- views/twofa/test/test_twofa_email_verification.php +2 -0
api/Mo2f_OnPremRedirect.php
CHANGED
|
@@ -59,6 +59,7 @@ class Mo2f_OnPremRedirect {
|
|
| 59 |
}
|
| 60 |
|
| 61 |
function OnpremSendRedirect($useremail,$authType,$currentuser){
|
|
|
|
| 62 |
switch($authType){
|
| 63 |
|
| 64 |
case "Email Verification":
|
|
@@ -122,11 +123,11 @@ class Mo2f_OnPremRedirect {
|
|
| 122 |
|
| 123 |
if(is_null($email) or empty($email) or $email == '' or !isset($email) )
|
| 124 |
{
|
| 125 |
-
$email
|
|
|
|
| 126 |
if($email == '' or empty($email))
|
| 127 |
{
|
| 128 |
-
$email
|
| 129 |
-
|
| 130 |
}
|
| 131 |
|
| 132 |
}
|
|
@@ -257,9 +258,14 @@ class Mo2f_OnPremRedirect {
|
|
| 257 |
|
| 258 |
function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
|
| 259 |
{
|
|
|
|
| 260 |
global $Mo2fdbQueries;
|
| 261 |
|
| 262 |
-
$email
|
|
|
|
|
|
|
|
|
|
|
|
|
| 263 |
|
| 264 |
$subject = "2-Factor Authentication(Email verification)";
|
| 265 |
$headers = array('Content-Type: text/html; charset=UTF-8');
|
| 59 |
}
|
| 60 |
|
| 61 |
function OnpremSendRedirect($useremail,$authType,$currentuser){
|
| 62 |
+
|
| 63 |
switch($authType){
|
| 64 |
|
| 65 |
case "Email Verification":
|
| 123 |
|
| 124 |
if(is_null($email) or empty($email) or $email == '' or !isset($email) )
|
| 125 |
{
|
| 126 |
+
$email = get_user_meta($current_user->ID,'tempEmail',true);
|
| 127 |
+
|
| 128 |
if($email == '' or empty($email))
|
| 129 |
{
|
| 130 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
|
|
|
|
| 131 |
}
|
| 132 |
|
| 133 |
}
|
| 258 |
|
| 259 |
function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
|
| 260 |
{
|
| 261 |
+
|
| 262 |
global $Mo2fdbQueries;
|
| 263 |
|
| 264 |
+
$email = get_user_meta($current_user->ID,'tempEmail',true);
|
| 265 |
+
|
| 266 |
+
|
| 267 |
+
if(empty($email))
|
| 268 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
|
| 269 |
|
| 270 |
$subject = "2-Factor Authentication(Email verification)";
|
| 271 |
$headers = array('Content-Type: text/html; charset=UTF-8');
|
api/class-customer-onprem-setup.php
CHANGED
|
@@ -30,7 +30,7 @@ class Customer_Setup extends Customer_Cloud_Setup {
|
|
| 30 |
|
| 31 |
|
| 32 |
function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
|
| 33 |
-
|
| 34 |
$cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
|
| 35 |
if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
|
| 36 |
include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
|
| 30 |
|
| 31 |
|
| 32 |
function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
|
| 33 |
+
|
| 34 |
$cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
|
| 35 |
if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
|
| 36 |
include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
|
controllers/request_christmas_offer.php
ADDED
|
@@ -0,0 +1,48 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
<?php
|
| 2 |
+
|
| 3 |
+
|
| 4 |
+
if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
|
| 5 |
+
{
|
| 6 |
+
switch($_POST['option'])
|
| 7 |
+
{
|
| 8 |
+
case "mo_2FA_christmas_request_form":
|
| 9 |
+
wpns_handle_christmas_request_form($_POST); break;
|
| 10 |
+
}
|
| 11 |
+
}
|
| 12 |
+
|
| 13 |
+
include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
|
| 14 |
+
|
| 15 |
+
function wpns_handle_christmas_request_form($post){
|
| 16 |
+
$nonce = isset($post['nonce'])?$post['nonce']:NULL;
|
| 17 |
+
$usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
|
| 18 |
+
$email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
|
| 19 |
+
if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
|
| 20 |
+
return;
|
| 21 |
+
}
|
| 22 |
+
if(empty($usecase) || empty($email) )
|
| 23 |
+
{
|
| 24 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
|
| 25 |
+
return;
|
| 26 |
+
}
|
| 27 |
+
else{
|
| 28 |
+
|
| 29 |
+
$usecase = sanitize_text_field( $usecase );
|
| 30 |
+
$email = sanitize_text_field( $email );
|
| 31 |
+
$query = 'REQUEST FOR CHRISTMAS OFFERS';
|
| 32 |
+
$query .= ' =>';
|
| 33 |
+
$query .= ' : ';
|
| 34 |
+
$query .= $usecase;
|
| 35 |
+
$contact_us = new MocURL();
|
| 36 |
+
$submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
|
| 37 |
+
|
| 38 |
+
if(json_last_error() == JSON_ERROR_NONE && $submited)
|
| 39 |
+
{
|
| 40 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
|
| 41 |
+
return;
|
| 42 |
+
}
|
| 43 |
+
else{
|
| 44 |
+
do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
|
| 45 |
+
}
|
| 46 |
+
}
|
| 47 |
+
}
|
| 48 |
+
?>
|
controllers/twofa/two_factor_ajax.php
CHANGED
|
@@ -342,86 +342,108 @@ function mo2f_shift_to_onprem(){
|
|
| 342 |
}
|
| 343 |
}
|
| 344 |
}
|
| 345 |
-
|
| 346 |
-
{
|
| 347 |
|
|
|
|
|
|
|
|
|
|
| 348 |
if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
|
| 349 |
{
|
| 350 |
-
|
| 351 |
-
|
| 352 |
}
|
| 353 |
else
|
| 354 |
{
|
| 355 |
-
|
| 356 |
-
|
| 357 |
-
|
| 358 |
|
| 359 |
-
|
| 360 |
-
|
| 361 |
-
|
| 362 |
-
|
|
|
|
|
|
|
|
|
|
| 363 |
|
| 364 |
-
if(MO2F_IS_ONPREM){
|
| 365 |
$customer_key = get_site_option( 'mo2f_customerKey' );
|
| 366 |
$api_key = get_site_option( 'mo2f_api_key' );
|
| 367 |
-
$email = sanitize_text_field($_POST['email']);
|
| 368 |
-
$enduser = new Customer_Setup();
|
| 369 |
-
$content = $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key, get_user_by('id',$user_id));
|
| 370 |
-
|
| 371 |
-
$response = json_decode($content,true);
|
| 372 |
-
}else{
|
| 373 |
-
$response['status'] = 'SUCCESS';
|
| 374 |
-
}
|
| 375 |
-
if($response['status'] == 'FAILED'){
|
| 376 |
-
|
| 377 |
-
|
| 378 |
-
echo "smtpnotset";
|
| 379 |
-
exit;
|
| 380 |
-
|
| 381 |
-
}else if ($response['status'] == 'SUCCESS'){
|
| 382 |
-
|
| 383 |
-
$email = sanitize_text_field($_POST['email']);
|
| 384 |
-
$currentMethod = sanitize_text_field($_POST['current_method']);
|
| 385 |
-
$error = false;
|
| 386 |
-
|
| 387 |
-
}
|
| 388 |
-
|
| 389 |
-
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
|
| 390 |
-
{
|
| 391 |
-
$error = true;
|
| 392 |
-
}
|
| 393 |
-
if($email!='' && !$error)
|
| 394 |
-
{
|
| 395 |
-
global $Mo2fdbQueries;
|
| 396 |
-
if($currentMethod == 'EmailVerification')
|
| 397 |
-
{
|
| 398 |
-
$Mo2fdbQueries->update_user_details(get_current_user_id(),array(
|
| 399 |
-
'mo2f_EmailVerification_config_status'=>true,
|
| 400 |
-
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
|
| 401 |
-
'mo2f_configured_2FA_method'=>"Email Verification",
|
| 402 |
-
'mo2f_user_email' => $email
|
| 403 |
-
));
|
| 404 |
-
}
|
| 405 |
-
else
|
| 406 |
-
{
|
| 407 |
-
$Mo2fdbQueries->update_user_details(get_current_user_id(),array(
|
| 408 |
-
'mo2f_EmailVerification_config_status'=>true,
|
| 409 |
-
'mo2f_user_email' => $email
|
| 410 |
-
));
|
| 411 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 412 |
}
|
| 413 |
-
|
| 414 |
-
|
| 415 |
-
|
| 416 |
-
|
| 417 |
-
|
| 418 |
-
|
| 419 |
-
|
| 420 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 421 |
}
|
| 422 |
-
|
|
|
|
|
|
|
| 423 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 424 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 425 |
|
| 426 |
function CheckEVStatus()
|
| 427 |
{
|
| 342 |
}
|
| 343 |
}
|
| 344 |
}
|
| 345 |
+
|
|
|
|
| 346 |
|
| 347 |
+
function mo2f_save_email_verification()
|
| 348 |
+
{
|
| 349 |
+
|
| 350 |
if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
|
| 351 |
{
|
| 352 |
+
echo "NonceDidNotMatch";
|
| 353 |
+
exit;
|
| 354 |
}
|
| 355 |
else
|
| 356 |
{
|
| 357 |
+
$user_id = get_current_user_id();
|
| 358 |
+
$twofactor_transactions = new Mo2fDB;
|
| 359 |
+
$exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
|
| 360 |
|
| 361 |
+
if($exceeded){
|
| 362 |
+
echo "USER_LIMIT_EXCEEDED";
|
| 363 |
+
exit;
|
| 364 |
+
}
|
| 365 |
+
$email = sanitize_email($_POST['email']);
|
| 366 |
+
$currentMethod = sanitize_text_field($_POST['current_method']);
|
| 367 |
+
$error = false;
|
| 368 |
|
|
|
|
| 369 |
$customer_key = get_site_option( 'mo2f_customerKey' );
|
| 370 |
$api_key = get_site_option( 'mo2f_api_key' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 371 |
|
| 372 |
+
|
| 373 |
+
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
|
| 374 |
+
{
|
| 375 |
+
$error = true;
|
| 376 |
}
|
| 377 |
+
if($email!='' && !$error)
|
| 378 |
+
{
|
| 379 |
+
global $Mo2fdbQueries;
|
| 380 |
+
if($currentMethod == 'EmailVerification')
|
| 381 |
+
{
|
| 382 |
+
|
| 383 |
+
|
| 384 |
+
|
| 385 |
+
if(MO2F_IS_ONPREM){
|
| 386 |
+
|
| 387 |
+
update_user_meta($user_id,'tempEmail',$email);
|
| 388 |
+
$enduser = new Customer_Setup();
|
| 389 |
+
$content = $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key);
|
| 390 |
+
$decoded = json_decode($content,true);
|
| 391 |
+
if($decoded['status'] == 'FAILED'){
|
| 392 |
+
echo "smtpnotset";
|
| 393 |
+
exit;
|
| 394 |
+
}
|
| 395 |
+
|
| 396 |
+
update_user_meta($user_id,'Mo2fTxid',$decoded['txId']);
|
| 397 |
+
$otpToken = '';
|
| 398 |
+
$otpToken .= rand(0,9);
|
| 399 |
+
update_user_meta($user_id,'Mo2fOtpToken',$otpToken);
|
| 400 |
+
|
| 401 |
+
}
|
| 402 |
+
|
| 403 |
+
|
| 404 |
+
|
| 405 |
+
//for cloud
|
| 406 |
+
if(! MO2F_IS_ONPREM){
|
| 407 |
+
$enduser = new Two_Factor_Setup();
|
| 408 |
+
$enduser->mo2f_update_userinfo($email, "OUT OF BAND EMAIL",null,null,null);
|
| 409 |
+
}
|
| 410 |
+
// }
|
| 411 |
+
|
| 412 |
+
echo "settingsSaved";
|
| 413 |
+
exit;
|
| 414 |
+
}
|
| 415 |
+
elseif ($currentMethod == 'OTPOverEmail')
|
| 416 |
+
{
|
| 417 |
+
update_user_meta($user_id,'tempEmail',$email);
|
| 418 |
+
$enduser = new Customer_Setup();
|
| 419 |
+
$content = $enduser->send_otp_token($email,"OTP Over Email",$customer_key,$api_key);
|
| 420 |
+
|
| 421 |
+
$decoded = json_decode($content,true);
|
| 422 |
+
if($decoded['status'] == 'FAILED'){
|
| 423 |
+
|
| 424 |
+
|
| 425 |
+
echo "smtpnotset";
|
| 426 |
+
exit;
|
| 427 |
+
|
| 428 |
}
|
| 429 |
+
update_user_meta( $user_id, 'configure_2FA', 1 );
|
| 430 |
+
update_user_meta($user_id,'Mo2fOtpOverEmailtxId',$decoded['txId']);
|
| 431 |
+
|
| 432 |
|
| 433 |
+
}
|
| 434 |
+
update_user_meta($user_id,'tempRegEmail',$email);
|
| 435 |
+
echo "settingsSaved";
|
| 436 |
+
exit;
|
| 437 |
}
|
| 438 |
+
else
|
| 439 |
+
{
|
| 440 |
+
echo "invalidEmail";
|
| 441 |
+
exit;
|
| 442 |
+
}
|
| 443 |
+
|
| 444 |
+
}
|
| 445 |
+
|
| 446 |
+
}
|
| 447 |
|
| 448 |
function CheckEVStatus()
|
| 449 |
{
|
database/database_functions.php
CHANGED
|
@@ -22,7 +22,7 @@
|
|
| 22 |
$this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
|
| 23 |
$this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
|
| 24 |
$this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
|
| 25 |
-
$this->attackLogs
|
| 26 |
$this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
|
| 27 |
$this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
|
| 28 |
$this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
|
|
@@ -194,7 +194,7 @@
|
|
| 194 |
$sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
|
| 195 |
$resluts = $wpdb->query($sql1);
|
| 196 |
}
|
| 197 |
-
$result= $wpdb->get_results("SHOW COLUMNS FROM
|
| 198 |
if(empty($result)){
|
| 199 |
$sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
|
| 200 |
$results1 = $wpdb->query($sql);
|
| 22 |
$this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
|
| 23 |
$this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
|
| 24 |
$this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
|
| 25 |
+
$this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
|
| 26 |
$this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
|
| 27 |
$this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
|
| 28 |
$this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
|
| 194 |
$sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
|
| 195 |
$resluts = $wpdb->query($sql1);
|
| 196 |
}
|
| 197 |
+
$result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
|
| 198 |
if(empty($result)){
|
| 199 |
$sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
|
| 200 |
$results1 = $wpdb->query($sql);
|
handler/twofa/setup_twofa.php
CHANGED
|
@@ -378,7 +378,7 @@
|
|
| 378 |
</div>
|
| 379 |
</div>
|
| 380 |
</div>';
|
| 381 |
-
|
| 382 |
if ( $is_auth_method_av && $category == 'free_plan' ) {
|
| 383 |
$is_auth_method_configured = 0;
|
| 384 |
$is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
|
|
@@ -677,6 +677,7 @@ function mo2f_show_registration_screen($user){
|
|
| 677 |
|
| 678 |
function mo2f_show_2FA_configuration_screen( $user, $selected2FAmethod ) {
|
| 679 |
global $mo2f_dirName;
|
|
|
|
| 680 |
switch ( $selected2FAmethod ) {
|
| 681 |
case "Google Authenticator":
|
| 682 |
if(MO2F_IS_ONPREM){
|
| 378 |
</div>
|
| 379 |
</div>
|
| 380 |
</div>';
|
| 381 |
+
|
| 382 |
if ( $is_auth_method_av && $category == 'free_plan' ) {
|
| 383 |
$is_auth_method_configured = 0;
|
| 384 |
$is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
|
| 677 |
|
| 678 |
function mo2f_show_2FA_configuration_screen( $user, $selected2FAmethod ) {
|
| 679 |
global $mo2f_dirName;
|
| 680 |
+
|
| 681 |
switch ( $selected2FAmethod ) {
|
| 682 |
case "Google Authenticator":
|
| 683 |
if(MO2F_IS_ONPREM){
|
handler/twofa/two_fa_settings.php
CHANGED
|
@@ -25,10 +25,10 @@ class Miniorange_Authentication {
|
|
| 25 |
add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
|
| 26 |
//for shortcode addon
|
| 27 |
$mo2f_ns_config = new MoWpnsUtility();
|
| 28 |
-
|
| 29 |
//strong password file
|
| 30 |
$mo2f_strong_password = new class_miniorange_2fa_strong_password();
|
| 31 |
-
|
| 32 |
if($mo2f_ns_config->hasLoginCookie())
|
| 33 |
{
|
| 34 |
add_action('user_profile_update_errors', array( $mo2f_strong_password, 'validatePassword'), 0, 3 );
|
|
@@ -70,17 +70,17 @@ class Miniorange_Authentication {
|
|
| 70 |
) );
|
| 71 |
|
| 72 |
if(get_site_option('mo2f_woocommerce_login_prompt')){
|
| 73 |
-
|
| 74 |
-
|
| 75 |
-
|
| 76 |
-
|
| 77 |
-
|
| 78 |
-
|
| 79 |
-
|
| 80 |
-
|
| 81 |
-
|
| 82 |
-
|
| 83 |
-
|
| 84 |
add_action( 'wp_enqueue_scripts', array(
|
| 85 |
$pass2fa_login,
|
| 86 |
'mo_2_factor_enable_jquery_default_login'
|
|
@@ -128,8 +128,8 @@ class Miniorange_Authentication {
|
|
| 128 |
$userid = wp_get_current_user()->ID;
|
| 129 |
add_option('mo2f_onprem_admin' , $userid );
|
| 130 |
if(is_multisite()){
|
| 131 |
-
|
| 132 |
-
|
| 133 |
// Deciding on On-Premise solution
|
| 134 |
$is_NC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
| 135 |
$is_NNC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
|
|
@@ -153,10 +153,10 @@ class Miniorange_Authentication {
|
|
| 153 |
}
|
| 154 |
if(get_option('mo2f_encryption_key',"not_exits")=="not_exits"){
|
| 155 |
$get_encryption_key = MO2f_Utility::random_str(16);
|
| 156 |
-
|
| 157 |
-
|
| 158 |
}
|
| 159 |
-
|
| 160 |
$user_id = get_option( 'mo2f_miniorange_admin' );
|
| 161 |
$current_db_version = get_option( 'mo2f_dbversion' );
|
| 162 |
|
|
@@ -167,11 +167,11 @@ class Miniorange_Authentication {
|
|
| 167 |
}
|
| 168 |
if(MO2F_IS_ONPREM){
|
| 169 |
$twofactordb = new Mo2fDB;
|
| 170 |
-
|
| 171 |
-
|
| 172 |
-
|
| 173 |
-
|
| 174 |
-
|
| 175 |
}
|
| 176 |
|
| 177 |
if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
|
|
@@ -230,7 +230,7 @@ class Miniorange_Authentication {
|
|
| 230 |
}
|
| 231 |
|
| 232 |
$mo2f_external_app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true ) == 'AUTHY 2-FACTOR AUTHENTICATION' ?
|
| 233 |
-
|
| 234 |
|
| 235 |
update_user_meta( $user_id, 'mo2f_external_app_type', $mo2f_external_app_type );
|
| 236 |
|
|
@@ -315,8 +315,8 @@ class Miniorange_Authentication {
|
|
| 315 |
if ( $selected_2_Factor_method == 'NONE' ) {
|
| 316 |
if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option') || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
|
| 317 |
echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
|
| 318 |
-
|
| 319 |
-
|
| 320 |
}
|
| 321 |
}
|
| 322 |
}
|
|
@@ -324,24 +324,24 @@ class Miniorange_Authentication {
|
|
| 324 |
|
| 325 |
function mo_auth_success_message() {
|
| 326 |
$message = get_option( 'mo2f_message' ); ?>
|
| 327 |
-
|
| 328 |
-
|
| 329 |
-
|
| 330 |
-
|
| 331 |
-
|
| 332 |
-
|
| 333 |
<?php
|
| 334 |
}
|
| 335 |
|
| 336 |
function mo_auth_error_message() {
|
| 337 |
$message = get_option( 'mo2f_message' ); ?>
|
| 338 |
|
| 339 |
-
|
| 340 |
-
|
| 341 |
-
|
| 342 |
-
|
| 343 |
-
|
| 344 |
-
|
| 345 |
<?php
|
| 346 |
|
| 347 |
}
|
|
@@ -357,7 +357,7 @@ class Miniorange_Authentication {
|
|
| 357 |
$is_2fa_enabled_for_users = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option');
|
| 358 |
$can_current_user_manage_options = current_user_can( 'manage_options' );
|
| 359 |
$admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
|
| 360 |
-
|
| 361 |
|
| 362 |
if(MO2F_IS_ONPREM)
|
| 363 |
{
|
|
@@ -378,9 +378,9 @@ class Miniorange_Authentication {
|
|
| 378 |
function hookpages() {
|
| 379 |
$url = explode('handler',plugin_dir_url(__FILE__));
|
| 380 |
if(get_site_option('mo2f_enable_custom_icon')!=1)
|
| 381 |
-
|
| 382 |
-
|
| 383 |
-
|
| 384 |
$menu_slug = 'miniOrange_2_factor_settings';
|
| 385 |
add_menu_page( 'miniOrange 2 Factor Auth', MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
|
| 386 |
}
|
|
@@ -393,7 +393,7 @@ class Miniorange_Authentication {
|
|
| 393 |
}
|
| 394 |
|
| 395 |
function mo_2_factor_enable_frontend_style() {
|
| 396 |
-
|
| 397 |
wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
|
| 398 |
wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
|
| 399 |
wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
|
|
@@ -434,7 +434,7 @@ class Miniorange_Authentication {
|
|
| 434 |
}
|
| 435 |
if ( array_key_exists( 'page', $_REQUEST ) && $_REQUEST['page'] == 'mo_2fa_two_fa' ) {
|
| 436 |
if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
|
| 437 |
-
|
| 438 |
}
|
| 439 |
}
|
| 440 |
|
|
@@ -476,24 +476,24 @@ class Miniorange_Authentication {
|
|
| 476 |
}
|
| 477 |
}else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_skiplogin'){
|
| 478 |
$nonce = $_POST['mo2f_skiplogin_nonce'];
|
| 479 |
-
|
| 480 |
$error = new WP_Error();
|
| 481 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 482 |
return $error;
|
| 483 |
} else {
|
| 484 |
-
|
| 485 |
}
|
| 486 |
}else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_userlogout'){
|
| 487 |
-
|
| 488 |
-
|
| 489 |
$error = new WP_Error();
|
| 490 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 491 |
return $error;
|
| 492 |
} else {
|
| 493 |
-
|
| 494 |
-
|
| 495 |
-
|
| 496 |
-
|
| 497 |
}else if(isset($_POST['option']) and $_POST['option'] == 'restart_plugin_tour'){
|
| 498 |
$nonce = $_POST['_wpnonce'];
|
| 499 |
if ( ! wp_verify_nonce( $nonce, 'restart_plugin_tour' ) ) {
|
|
@@ -501,44 +501,44 @@ class Miniorange_Authentication {
|
|
| 501 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 502 |
return $error;
|
| 503 |
} else {
|
| 504 |
-
|
| 505 |
-
|
| 506 |
-
|
| 507 |
-
|
| 508 |
-
|
| 509 |
-
|
| 510 |
-
|
| 511 |
-
|
| 512 |
-
|
| 513 |
-
|
| 514 |
update_option('mo2f_two_factor_tour',1);
|
| 515 |
break;
|
| 516 |
-
|
| 517 |
update_option('mo2f_tour_firewall',1);
|
| 518 |
break;
|
| 519 |
-
|
| 520 |
update_option('mo2f_tour_loginSpam',1);
|
| 521 |
break;
|
| 522 |
-
|
| 523 |
update_option('mo2f_tour_backup',1);
|
| 524 |
break;
|
| 525 |
-
|
| 526 |
update_option('mo2f_tour_malware_scan',1);
|
| 527 |
break;
|
| 528 |
-
|
| 529 |
update_option('mo2f_tour_advance_blocking',1);
|
| 530 |
break;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 531 |
}
|
| 532 |
-
if($page != '')
|
| 533 |
-
{
|
| 534 |
-
$url = get_option('siteurl').'/wp-admin/admin.php?page='.$page;
|
| 535 |
-
wp_redirect($url);
|
| 536 |
-
exit;
|
| 537 |
-
}
|
| 538 |
-
$redirect=explode('&',htmlentities($_SERVER['REQUEST_URI']))[0];
|
| 539 |
-
header("Location: ".$redirect);
|
| 540 |
-
return;
|
| 541 |
-
}
|
| 542 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_save_proxy_settings" ) {
|
| 543 |
$nonce = $_POST['mo2f_save_proxy_settings_nonce'];
|
| 544 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-save-proxy-settings-nonce' ) ) {
|
|
@@ -672,21 +672,21 @@ class Miniorange_Authentication {
|
|
| 672 |
}
|
| 673 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_verify_customer" ) { //register the admin to miniOrange if already exist
|
| 674 |
|
| 675 |
-
|
| 676 |
-
|
| 677 |
if ( ! wp_verify_nonce( $nonce, 'miniorange-verify-customer-nonce' ) ) {
|
| 678 |
$error = new WP_Error();
|
| 679 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 680 |
|
| 681 |
return $error;
|
| 682 |
} else {
|
| 683 |
-
|
| 684 |
//validation and sanitization
|
| 685 |
$email = '';
|
| 686 |
$password = '';
|
| 687 |
$Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
|
| 688 |
|
| 689 |
-
|
| 690 |
if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) ) {
|
| 691 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
|
| 692 |
$this->mo_auth_show_error_message();
|
|
@@ -702,7 +702,7 @@ class Miniorange_Authentication {
|
|
| 702 |
$customer = new Customer_Setup();
|
| 703 |
$content = $customer->get_customer_key();
|
| 704 |
$customerKey = json_decode( $content, true );
|
| 705 |
-
|
| 706 |
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 707 |
if ( is_array( $customerKey ) && array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
|
| 708 |
update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
|
|
@@ -773,7 +773,7 @@ class Miniorange_Authentication {
|
|
| 773 |
$mo2f_message .= ' ' . '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
|
| 774 |
|
| 775 |
delete_user_meta( $user->ID, 'register_account_popup' );
|
| 776 |
-
|
| 777 |
$mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
|
| 778 |
if ( ! empty( $mo2f_customer_selected_plan ) ) {
|
| 779 |
delete_option( 'mo2f_customer_selected_plan' );
|
|
@@ -833,9 +833,9 @@ class Miniorange_Authentication {
|
|
| 833 |
}
|
| 834 |
|
| 835 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_resend_otp" ) { //resend OTP over email for admin
|
| 836 |
-
|
| 837 |
$nonce = $_POST['mo_2factor_resend_otp_nonce'];
|
| 838 |
-
|
| 839 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-otp-nonce' ) ) {
|
| 840 |
$error = new WP_Error();
|
| 841 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -869,8 +869,8 @@ class Miniorange_Authentication {
|
|
| 869 |
update_option( 'mo2f_bug_fix_done', 1 );
|
| 870 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_validate_otp" ) { //validate OTP over email for admin
|
| 871 |
|
| 872 |
-
|
| 873 |
-
|
| 874 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-otp-nonce' ) ) {
|
| 875 |
$error = new WP_Error();
|
| 876 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -915,7 +915,7 @@ class Miniorange_Authentication {
|
|
| 915 |
|
| 916 |
//validation and sanitization
|
| 917 |
$nonce = $_POST['mo_2factor_validate_user_otp_nonce'];
|
| 918 |
-
|
| 919 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-user-otp-nonce' ) ) {
|
| 920 |
$error = new WP_Error();
|
| 921 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -956,14 +956,14 @@ class Miniorange_Authentication {
|
|
| 956 |
}
|
| 957 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_send_query" ) { //Help me or support
|
| 958 |
$nonce = $_POST['mo_2factor_send_query_nonce'];
|
| 959 |
-
|
| 960 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-send-query-nonce' ) ) {
|
| 961 |
$error = new WP_Error();
|
| 962 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 963 |
|
| 964 |
return $error;
|
| 965 |
} else {
|
| 966 |
-
|
| 967 |
$query = '';
|
| 968 |
if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['EMAIL_MANDATORY'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['query'] ) ) {
|
| 969 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_MANDATORY" ) );
|
|
@@ -1079,40 +1079,40 @@ class Miniorange_Authentication {
|
|
| 1079 |
if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_fix_database_error' ) {
|
| 1080 |
$nonce = $_POST['mo2f_fix_database_error_nonce'];
|
| 1081 |
|
| 1082 |
-
|
| 1083 |
-
|
| 1084 |
-
|
| 1085 |
|
| 1086 |
-
|
| 1087 |
-
|
| 1088 |
-
|
| 1089 |
|
| 1090 |
-
|
| 1091 |
|
| 1092 |
-
|
| 1093 |
-
|
| 1094 |
|
| 1095 |
$nonce = $_POST['mo2f_skip_feedback_nonce'];
|
| 1096 |
|
| 1097 |
-
|
| 1098 |
-
|
| 1099 |
-
|
| 1100 |
|
| 1101 |
-
|
| 1102 |
-
|
| 1103 |
-
|
| 1104 |
-
|
| 1105 |
|
| 1106 |
}else if ( isset( $_POST['mo2f_feedback'] ) and $_POST['mo2f_feedback'] == 'mo2f_feedback' ) {
|
| 1107 |
|
| 1108 |
$nonce = $_POST['mo2f_feedback_nonce'];
|
| 1109 |
|
| 1110 |
-
|
| 1111 |
-
|
| 1112 |
-
|
| 1113 |
|
| 1114 |
-
|
| 1115 |
-
|
| 1116 |
$reasons_not_to_worry_about = array( "Upgrading to Standard / Premium", "Temporary deactivation - Testing" );
|
| 1117 |
|
| 1118 |
$message = 'Plugin Deactivated:';
|
|
@@ -1179,114 +1179,114 @@ class Miniorange_Authentication {
|
|
| 1179 |
|
| 1180 |
$nonce = $_POST['mo_2factor_resend_user_otp_nonce'];
|
| 1181 |
|
| 1182 |
-
|
| 1183 |
-
|
| 1184 |
-
|
| 1185 |
|
| 1186 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1187 |
} else {
|
| 1188 |
-
|
| 1189 |
-
$
|
| 1190 |
-
|
| 1191 |
-
|
| 1192 |
-
update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
|
| 1193 |
-
$mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
|
| 1194 |
-
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
|
| 1195 |
-
$this->mo_auth_show_success_message();
|
| 1196 |
-
} else {
|
| 1197 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
|
| 1198 |
-
$mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
|
| 1199 |
-
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
|
| 1200 |
-
$this->mo_auth_show_error_message();
|
| 1201 |
|
| 1202 |
-
}
|
| 1203 |
}
|
|
|
|
| 1204 |
|
| 1205 |
}else if ( isset( $_POST['option'] ) and ( $_POST['option'] == "mo2f_configure_miniorange_authenticator_validate" || $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete' ) ) { //mobile registration successfully complete for all users
|
| 1206 |
|
| 1207 |
$nonce = $_POST['mo2f_configure_miniorange_authenticator_validate_nonce'];
|
| 1208 |
|
| 1209 |
-
|
| 1210 |
-
|
| 1211 |
-
|
| 1212 |
|
| 1213 |
-
|
| 1214 |
-
|
| 1215 |
-
|
| 1216 |
-
|
| 1217 |
-
|
| 1218 |
|
| 1219 |
-
|
| 1220 |
-
|
| 1221 |
-
|
| 1222 |
-
|
| 1223 |
|
| 1224 |
-
|
| 1225 |
|
| 1226 |
-
|
| 1227 |
-
|
| 1228 |
-
|
| 1229 |
|
| 1230 |
-
|
| 1231 |
|
| 1232 |
|
| 1233 |
-
|
| 1234 |
|
| 1235 |
-
|
| 1236 |
|
| 1237 |
-
|
| 1238 |
|
| 1239 |
|
| 1240 |
-
|
| 1241 |
-
|
| 1242 |
-
|
| 1243 |
-
|
| 1244 |
-
|
| 1245 |
-
|
| 1246 |
-
|
| 1247 |
-
|
| 1248 |
-
|
| 1249 |
|
| 1250 |
-
|
| 1251 |
//update_user_meta( $user->ID, 'currentMethod' , $selectedMethod);
|
| 1252 |
-
|
| 1253 |
-
|
| 1254 |
-
} else {
|
| 1255 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
|
| 1256 |
-
$this->mo_auth_show_error_message();
|
| 1257 |
-
}
|
| 1258 |
|
| 1259 |
} else {
|
| 1260 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "
|
| 1261 |
$this->mo_auth_show_error_message();
|
| 1262 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1263 |
}
|
|
|
|
| 1264 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_success' ) { // mobile registration for all users(common)
|
| 1265 |
|
| 1266 |
$nonce = $_POST['mo2f_mobile_authenticate_success_nonce'];
|
| 1267 |
-
|
| 1268 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-success-nonce' ) ) {
|
| 1269 |
$error = new WP_Error();
|
| 1270 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1271 |
|
| 1272 |
return $error;
|
| 1273 |
} else {
|
| 1274 |
-
|
| 1275 |
if ( current_user_can( 'manage_options' ) ) {
|
| 1276 |
-
|
| 1277 |
-
|
| 1278 |
-
|
| 1279 |
-
|
| 1280 |
|
| 1281 |
-
|
| 1282 |
-
|
| 1283 |
|
| 1284 |
-
|
| 1285 |
-
|
| 1286 |
}
|
| 1287 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_error' ) { //mobile registration failed for all users(common)
|
| 1288 |
$nonce = $_POST['mo2f_mobile_authenticate_error_nonce'];
|
| 1289 |
-
|
| 1290 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-error-nonce' ) ) {
|
| 1291 |
$error = new WP_Error();
|
| 1292 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1306,7 +1306,7 @@ class Miniorange_Authentication {
|
|
| 1306 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_refresh_mobile_qrcode" ) { // refrsh Qrcode for all users
|
| 1307 |
|
| 1308 |
$nonce = $_POST['mo_auth_refresh_mobile_qrcode_nonce'];
|
| 1309 |
-
|
| 1310 |
if ( ! wp_verify_nonce( $nonce, 'mo-auth-refresh-mobile-qrcode-nonce' ) ) {
|
| 1311 |
$error = new WP_Error();
|
| 1312 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1410,7 +1410,7 @@ class Miniorange_Authentication {
|
|
| 1410 |
}
|
| 1411 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_backto_user_registration' ) { //back to registration page for additional admin and non-admin
|
| 1412 |
$nonce = $_POST['mo_2factor_backto_user_registration_nonce'];
|
| 1413 |
-
|
| 1414 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-backto-user-registration-nonce' ) ) {
|
| 1415 |
$error = new WP_Error();
|
| 1416 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1426,8 +1426,8 @@ class Miniorange_Authentication {
|
|
| 1426 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_soft_token' ) { // validate Soft Token during test for all users
|
| 1427 |
|
| 1428 |
$nonce = $_POST['mo2f_validate_soft_token_nonce'];
|
| 1429 |
-
|
| 1430 |
-
|
| 1431 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-soft-token-nonce' ) ) {
|
| 1432 |
$error = new WP_Error();
|
| 1433 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1468,7 +1468,7 @@ class Miniorange_Authentication {
|
|
| 1468 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_Whatsapp' ) { //validate otp over Telegram
|
| 1469 |
|
| 1470 |
$nonce = $_POST['mo2f_validate_otp_over_Whatsapp_nonce'];
|
| 1471 |
-
|
| 1472 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-Whatsapp-nonce' ) ) {
|
| 1473 |
$error = new WP_Error();
|
| 1474 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1478,7 +1478,7 @@ class Miniorange_Authentication {
|
|
| 1478 |
|
| 1479 |
$otp = sanitize_text_field($_POST['otp_token']);
|
| 1480 |
$otpToken = get_user_meta($user->ID,'mo2f_otp_token_wa',true);
|
| 1481 |
-
|
| 1482 |
$time = get_user_meta($user->ID,'mo2f_whatsapp_time',true);
|
| 1483 |
$accepted_time = time()-600;
|
| 1484 |
$time = (int)$time;
|
|
@@ -1505,14 +1505,14 @@ class Miniorange_Authentication {
|
|
| 1505 |
{
|
| 1506 |
update_option( 'mo2f_message', 'Wrong OTP Please try again.' );
|
| 1507 |
$this->mo_auth_show_error_message();
|
| 1508 |
-
|
| 1509 |
}
|
| 1510 |
}
|
| 1511 |
}
|
| 1512 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_Telegram' ) { //validate otp over Telegram
|
| 1513 |
|
| 1514 |
$nonce = $_POST['mo2f_validate_otp_over_Telegram_nonce'];
|
| 1515 |
-
|
| 1516 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-Telegram-nonce' ) ) {
|
| 1517 |
$error = new WP_Error();
|
| 1518 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1522,7 +1522,7 @@ class Miniorange_Authentication {
|
|
| 1522 |
|
| 1523 |
$otp = sanitize_text_field($_POST['otp_token']);
|
| 1524 |
$otpToken = get_user_meta($user->ID,'mo2f_otp_token',true);
|
| 1525 |
-
|
| 1526 |
$time = get_user_meta($user->ID,'mo2f_telegram_time',true);
|
| 1527 |
$accepted_time = time()-300;
|
| 1528 |
$time = (int)$time;
|
|
@@ -1549,14 +1549,14 @@ class Miniorange_Authentication {
|
|
| 1549 |
{
|
| 1550 |
update_option( 'mo2f_message', 'Wrong OTP Please try again.' );
|
| 1551 |
$this->mo_auth_show_error_message();
|
| 1552 |
-
|
| 1553 |
}
|
| 1554 |
}
|
| 1555 |
}
|
| 1556 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_sms' ) { //validate otp over sms and phone call during test for all users
|
| 1557 |
|
| 1558 |
$nonce = $_POST['mo2f_validate_otp_over_sms_nonce'];
|
| 1559 |
-
|
| 1560 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-sms-nonce' ) ) {
|
| 1561 |
$error = new WP_Error();
|
| 1562 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1576,7 +1576,7 @@ class Miniorange_Authentication {
|
|
| 1576 |
//if the php session folder has insufficient permissions, temporary options to be used
|
| 1577 |
$mo2f_transactionId = isset( $_SESSION['mo2f_transactionId'] ) && ! empty( $_SESSION['mo2f_transactionId'] ) ? $_SESSION['mo2f_transactionId'] : get_option( 'mo2f_transactionId' );
|
| 1578 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1579 |
-
|
| 1580 |
$customer = new Customer_Setup();
|
| 1581 |
$content = json_decode( $customer->validate_otp_token($selected_2_2factor_method , $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
| 1582 |
|
|
@@ -1603,7 +1603,7 @@ class Miniorange_Authentication {
|
|
| 1603 |
}
|
| 1604 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_out_of_band_success' ) {
|
| 1605 |
$nonce = $_POST['mo2f_out_of_band_success_nonce'];
|
| 1606 |
-
|
| 1607 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-success-nonce' ) ) {
|
| 1608 |
$error = new WP_Error();
|
| 1609 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1619,10 +1619,10 @@ class Miniorange_Authentication {
|
|
| 1619 |
{
|
| 1620 |
if($status != 1)
|
| 1621 |
{
|
| 1622 |
-
|
| 1623 |
-
|
| 1624 |
-
|
| 1625 |
-
|
| 1626 |
}
|
| 1627 |
}
|
| 1628 |
}
|
|
@@ -1649,13 +1649,13 @@ class Miniorange_Authentication {
|
|
| 1649 |
'mo2f_EmailVerification_config_status' => true
|
| 1650 |
) );
|
| 1651 |
if($show)
|
| 1652 |
-
|
| 1653 |
}
|
| 1654 |
|
| 1655 |
|
| 1656 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_out_of_band_error' ) { //push and out of band email denied
|
| 1657 |
-
|
| 1658 |
-
|
| 1659 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-error-nonce' ) ) {
|
| 1660 |
$error = new WP_Error();
|
| 1661 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1674,7 +1674,7 @@ class Miniorange_Authentication {
|
|
| 1674 |
}else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_google_authy_test' ) {
|
| 1675 |
|
| 1676 |
$nonce = sanitize_text_field($_POST['mo2f_validate_google_authy_test_nonce']);
|
| 1677 |
-
|
| 1678 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-google-authy-test-nonce' ) ) {
|
| 1679 |
$error = new WP_Error();
|
| 1680 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1692,9 +1692,9 @@ class Miniorange_Authentication {
|
|
| 1692 |
}
|
| 1693 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1694 |
|
| 1695 |
-
|
| 1696 |
-
|
| 1697 |
-
|
| 1698 |
|
| 1699 |
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
|
| 1700 |
|
|
@@ -1717,11 +1717,11 @@ class Miniorange_Authentication {
|
|
| 1717 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
|
| 1718 |
$this->mo_auth_show_error_message();
|
| 1719 |
|
| 1720 |
-
|
| 1721 |
}
|
| 1722 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_email' ) {
|
| 1723 |
$nonce = $_POST['mo2f_validate_otp_over_email_test_nonce'];
|
| 1724 |
-
|
| 1725 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-email-test-nonce' ) ) {
|
| 1726 |
$error = new WP_Error();
|
| 1727 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1739,16 +1739,20 @@ class Miniorange_Authentication {
|
|
| 1739 |
}
|
| 1740 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1741 |
|
| 1742 |
-
|
| 1743 |
-
|
| 1744 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1745 |
|
| 1746 |
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
|
| 1747 |
|
| 1748 |
if ( current_user_can( 'manage_options' ) ) {
|
| 1749 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
|
| 1750 |
delete_user_meta( $user->ID, 'configure_2FA');
|
| 1751 |
-
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Email' ) );
|
| 1752 |
} else {
|
| 1753 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
|
| 1754 |
}
|
|
@@ -1766,11 +1770,11 @@ class Miniorange_Authentication {
|
|
| 1766 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
|
| 1767 |
$this->mo_auth_show_error_message();
|
| 1768 |
|
| 1769 |
-
|
| 1770 |
}
|
| 1771 |
}else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_google_appname' ) {
|
| 1772 |
$nonce = sanitize_text_field($_POST['mo2f_google_appname_nonce']);
|
| 1773 |
-
|
| 1774 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-google-appname-nonce' ) ) {
|
| 1775 |
$error = new WP_Error();
|
| 1776 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1778,12 +1782,12 @@ class Miniorange_Authentication {
|
|
| 1778 |
return $error;
|
| 1779 |
} else {
|
| 1780 |
|
| 1781 |
-
|
| 1782 |
}
|
| 1783 |
|
| 1784 |
-
|
| 1785 |
$nonce = sanitize_text_field($_POST['mo2f_configure_google_authenticator_validate_nonce']);
|
| 1786 |
-
|
| 1787 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-google-authenticator-validate-nonce' ) ) {
|
| 1788 |
$error = new WP_Error();
|
| 1789 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1795,62 +1799,62 @@ class Miniorange_Authentication {
|
|
| 1795 |
|
| 1796 |
if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
|
| 1797 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1798 |
-
|
| 1799 |
-
|
| 1800 |
|
| 1801 |
-
|
| 1802 |
-
|
| 1803 |
-
|
| 1804 |
-
|
| 1805 |
-
|
| 1806 |
-
|
| 1807 |
-
|
| 1808 |
|
| 1809 |
-
|
| 1810 |
-
|
| 1811 |
-
|
| 1812 |
-
|
| 1813 |
-
|
| 1814 |
|
| 1815 |
-
|
| 1816 |
|
| 1817 |
-
|
| 1818 |
|
| 1819 |
-
|
| 1820 |
|
| 1821 |
-
|
| 1822 |
-
|
| 1823 |
-
|
| 1824 |
-
|
| 1825 |
-
|
| 1826 |
-
|
| 1827 |
-
|
| 1828 |
|
| 1829 |
-
|
| 1830 |
-
|
| 1831 |
// unset($_SESSION['secret_ga']);
|
| 1832 |
-
|
| 1833 |
-
|
| 1834 |
-
} else {
|
| 1835 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
|
| 1836 |
-
$this->mo_auth_show_error_message();
|
| 1837 |
|
| 1838 |
-
}
|
| 1839 |
} else {
|
| 1840 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
|
| 1841 |
$this->mo_auth_show_error_message();
|
| 1842 |
|
| 1843 |
}
|
| 1844 |
} else {
|
| 1845 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "
|
| 1846 |
$this->mo_auth_show_error_message();
|
| 1847 |
|
| 1848 |
}
|
| 1849 |
} else {
|
| 1850 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "
|
| 1851 |
$this->mo_auth_show_error_message();
|
| 1852 |
|
| 1853 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1854 |
} else {
|
| 1855 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
|
| 1856 |
$this->mo_auth_show_error_message();
|
|
@@ -1859,7 +1863,7 @@ class Miniorange_Authentication {
|
|
| 1859 |
}
|
| 1860 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator' ) {
|
| 1861 |
$nonce = $_POST['mo2f_configure_authy_authenticator_nonce'];
|
| 1862 |
-
|
| 1863 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-nonce' ) ) {
|
| 1864 |
$error = new WP_Error();
|
| 1865 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1886,7 +1890,7 @@ class Miniorange_Authentication {
|
|
| 1886 |
}
|
| 1887 |
}else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator_validate' ) {
|
| 1888 |
$nonce = $_POST['mo2f_configure_authy_authenticator_validate_nonce'];
|
| 1889 |
-
|
| 1890 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-validate-nonce' ) ) {
|
| 1891 |
$error = new WP_Error();
|
| 1892 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -1957,96 +1961,96 @@ class Miniorange_Authentication {
|
|
| 1957 |
return;
|
| 1958 |
}
|
| 1959 |
|
| 1960 |
-
|
| 1961 |
-
|
| 1962 |
-
|
| 1963 |
-
|
| 1964 |
-
|
| 1965 |
-
|
| 1966 |
|
| 1967 |
if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
|
| 1968 |
-
|
| 1969 |
-
|
| 1970 |
-
|
| 1971 |
-
|
| 1972 |
-
|
| 1973 |
-
if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
|
| 1974 |
-
update_option( 'mo2f_message', 'The questions you select must be unique.' );
|
| 1975 |
-
$this->mo_auth_show_error_message();
|
| 1976 |
-
return;
|
| 1977 |
-
}
|
| 1978 |
-
$kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
|
| 1979 |
-
$kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
|
| 1980 |
-
$kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
|
| 1981 |
-
|
| 1982 |
-
$kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
|
| 1983 |
-
$kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
|
| 1984 |
-
$kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
|
| 1985 |
|
| 1986 |
-
|
| 1987 |
-
|
| 1988 |
-
|
| 1989 |
-
|
| 1990 |
-
|
| 1991 |
-
|
| 1992 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1993 |
|
| 1994 |
-
|
| 1995 |
-
|
| 1996 |
|
| 1997 |
-
|
| 1998 |
-
|
| 1999 |
-
|
| 2000 |
|
| 2001 |
-
|
| 2002 |
-
|
| 2003 |
-
|
| 2004 |
-
|
| 2005 |
-
|
| 2006 |
-
|
| 2007 |
-
|
| 2008 |
|
| 2009 |
-
|
| 2010 |
-
|
| 2011 |
|
| 2012 |
-
|
| 2013 |
-
|
| 2014 |
-
|
| 2015 |
-
|
| 2016 |
-
|
| 2017 |
// $this->mo_auth_show_success_message();
|
| 2018 |
-
|
| 2019 |
|
| 2020 |
-
|
| 2021 |
-
|
| 2022 |
-
|
| 2023 |
-
|
| 2024 |
-
}
|
| 2025 |
-
} else {
|
| 2026 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
|
| 2027 |
-
$this->mo_auth_show_error_message();
|
| 2028 |
|
| 2029 |
-
}
|
| 2030 |
}
|
| 2031 |
} else {
|
| 2032 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "
|
| 2033 |
$this->mo_auth_show_error_message();
|
| 2034 |
|
| 2035 |
-
|
| 2036 |
-
return;
|
| 2037 |
}
|
| 2038 |
-
}
|
| 2039 |
-
|
| 2040 |
-
|
|
|
|
| 2041 |
|
| 2042 |
|
| 2043 |
-
|
| 2044 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2045 |
|
| 2046 |
|
| 2047 |
}else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_kba_details' ) {
|
| 2048 |
$nonce = sanitize_text_field($_POST['mo2f_validate_kba_details_nonce']);
|
| 2049 |
-
|
| 2050 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-kba-details-nonce' ) ) {
|
| 2051 |
$error = new WP_Error();
|
| 2052 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2070,10 +2074,10 @@ class Miniorange_Authentication {
|
|
| 2070 |
|
| 2071 |
$kbaAns = array();
|
| 2072 |
if(!MO2F_IS_ONPREM){
|
| 2073 |
-
|
| 2074 |
-
|
| 2075 |
-
|
| 2076 |
-
|
| 2077 |
}
|
| 2078 |
//if the php session folder has insufficient permissions, temporary options to be used
|
| 2079 |
// $mo2f_transactionId = isset( $_SESSION['mo2f_transactionId'] ) && ! empty( $_SESSION['mo2f_transactionId'] ) ? $_SESSION['mo2f_transactionId'] : get_option( 'mo2f_transactionId' );
|
|
@@ -2100,7 +2104,7 @@ class Miniorange_Authentication {
|
|
| 2100 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Whatsapp_send_otp' ) { // sendin otp for configuring OTP over Whatsapp
|
| 2101 |
|
| 2102 |
$nonce = $_POST['mo2f_configure_otp_over_Whatsapp_send_otp_nonce'];
|
| 2103 |
-
|
| 2104 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Whatsapp-send-otp-nonce' ) ) {
|
| 2105 |
$error = new WP_Error();
|
| 2106 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2145,7 +2149,7 @@ class Miniorange_Authentication {
|
|
| 2145 |
update_user_meta($user->ID,'mo2f_otp_token_wa',$otpToken);
|
| 2146 |
update_user_meta($user->ID,'mo2f_whatsapp_time',time());
|
| 2147 |
$url = 'https://api.callmebot.com/whatsapp.php?phone='.$verify_whatsappNum.'&text=Please+find+your+one+time+passcode:+'.$otpToken.'&apikey='.$verify_whatsappID;
|
| 2148 |
-
|
| 2149 |
$data = file_get_contents($url);
|
| 2150 |
if(strpos($data, 'Message queued') !== false)
|
| 2151 |
{
|
|
@@ -2157,7 +2161,7 @@ class Miniorange_Authentication {
|
|
| 2157 |
{
|
| 2158 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your phone number and API key.');
|
| 2159 |
$this->mo_auth_show_error_message();
|
| 2160 |
-
|
| 2161 |
}
|
| 2162 |
}
|
| 2163 |
}
|
|
@@ -2165,7 +2169,7 @@ class Miniorange_Authentication {
|
|
| 2165 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_send_otp' ) { // sendin otp for configuring OTP over Telegram
|
| 2166 |
|
| 2167 |
$nonce = $_POST['mo2f_configure_otp_over_Telegram_send_otp_nonce'];
|
| 2168 |
-
|
| 2169 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-send-otp-nonce' ) ) {
|
| 2170 |
$error = new WP_Error();
|
| 2171 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2195,7 +2199,7 @@ class Miniorange_Authentication {
|
|
| 2195 |
}
|
| 2196 |
update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
|
| 2197 |
update_user_meta($user->ID,'mo2f_telegram_time',time());
|
| 2198 |
-
|
| 2199 |
$url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
|
| 2200 |
$postdata = array( 'mo2f_otp_token' => $otpToken,
|
| 2201 |
'mo2f_chatid' => $chatID
|
|
@@ -2204,14 +2208,14 @@ class Miniorange_Authentication {
|
|
| 2204 |
$handle = curl_init();
|
| 2205 |
|
| 2206 |
curl_setopt_array($handle,
|
| 2207 |
-
|
| 2208 |
-
|
| 2209 |
-
|
| 2210 |
-
|
| 2211 |
-
|
| 2212 |
-
|
| 2213 |
-
|
| 2214 |
-
|
| 2215 |
);
|
| 2216 |
|
| 2217 |
$data = curl_exec($handle);
|
|
@@ -2227,7 +2231,7 @@ class Miniorange_Authentication {
|
|
| 2227 |
{
|
| 2228 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
|
| 2229 |
$this->mo_auth_show_error_message();
|
| 2230 |
-
|
| 2231 |
}
|
| 2232 |
|
| 2233 |
}
|
|
@@ -2235,7 +2239,7 @@ class Miniorange_Authentication {
|
|
| 2235 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_send_otp' ) { // sendin otp for configuring OTP over SMS
|
| 2236 |
|
| 2237 |
$nonce = $_POST['mo2f_configure_otp_over_sms_send_otp_nonce'];
|
| 2238 |
-
|
| 2239 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-send-otp-nonce' ) ) {
|
| 2240 |
$error = new WP_Error();
|
| 2241 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2258,7 +2262,7 @@ class Miniorange_Authentication {
|
|
| 2258 |
$currentMethod = "SMS";
|
| 2259 |
|
| 2260 |
$content = json_decode( $customer->send_otp_token( $phone, $currentMethod, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
| 2261 |
-
|
| 2262 |
if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate otp token */
|
| 2263 |
if ( $content['status'] == 'ERROR' ) {
|
| 2264 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
|
|
@@ -2270,8 +2274,8 @@ class Miniorange_Authentication {
|
|
| 2270 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
| 2271 |
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
| 2272 |
if($mo2f_sms>0)
|
| 2273 |
-
|
| 2274 |
-
|
| 2275 |
$this->mo_auth_show_success_message();
|
| 2276 |
} else {
|
| 2277 |
update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
|
|
@@ -2286,7 +2290,7 @@ class Miniorange_Authentication {
|
|
| 2286 |
}
|
| 2287 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Whatsapp_validate' ) {
|
| 2288 |
$nonce = $_POST['mo2f_configure_otp_over_Whatsapp_validate_nonce'];
|
| 2289 |
-
|
| 2290 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Whatsapp-validate-nonce' ) ) {
|
| 2291 |
$error = new WP_Error();
|
| 2292 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2322,48 +2326,48 @@ class Miniorange_Authentication {
|
|
| 2322 |
if($accepted_time<$time){
|
| 2323 |
if(MO2F_IS_ONPREM)
|
| 2324 |
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Whatsapp',
|
| 2325 |
-
|
| 2326 |
-
|
| 2327 |
-
|
| 2328 |
else
|
| 2329 |
-
|
| 2330 |
-
|
| 2331 |
-
|
| 2332 |
-
|
| 2333 |
-
|
| 2334 |
-
|
| 2335 |
-
}
|
| 2336 |
-
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 2337 |
-
update_user_meta( $user->ID, 'mo2f_whatsapp_id',get_user_meta($user->ID,'mo2f_temp_whatsappID',true));
|
| 2338 |
-
update_user_meta( $user->ID, 'mo2f_whatsapp_num',get_user_meta($user->ID,'mo2f_temp_whatsapp_num',true));
|
| 2339 |
-
|
| 2340 |
-
delete_user_meta( $user->ID, 'mo2f_temp_whatsappID' );
|
| 2341 |
-
delete_user_meta( $user->ID, 'mo2f_temp_whatsapp_num' );
|
| 2342 |
-
|
| 2343 |
-
delete_user_meta( $user->ID, 'mo2f_otp_token_wa');
|
| 2344 |
-
delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
|
| 2345 |
-
mo2f_display_test_2fa_notification($user);
|
| 2346 |
-
update_option( 'mo2f_message','OTP Over Whatsapp is set as the second-factor. Enjoy the unlimited service.');
|
| 2347 |
-
$this->mo_auth_show_success_message();
|
| 2348 |
-
delete_user_meta($user->ID,'mo2f_whatsapp_time');
|
| 2349 |
-
}
|
| 2350 |
-
else
|
| 2351 |
-
{
|
| 2352 |
-
update_option( 'mo2f_message','OTP has been expired please reinitiate another transaction.');
|
| 2353 |
-
$this->mo_auth_show_error_message();
|
| 2354 |
-
delete_user_meta($user->ID,'mo2f_whatsapp_time');
|
| 2355 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2356 |
}
|
| 2357 |
else
|
| 2358 |
-
{
|
| 2359 |
-
update_option( 'mo2f_message','
|
| 2360 |
$this->mo_auth_show_error_message();
|
|
|
|
| 2361 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2362 |
|
| 2363 |
}}
|
| 2364 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_validate' ) {
|
| 2365 |
$nonce = $_POST['mo2f_configure_otp_over_Telegram_validate_nonce'];
|
| 2366 |
-
|
| 2367 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-validate-nonce' ) ) {
|
| 2368 |
$error = new WP_Error();
|
| 2369 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2399,46 +2403,46 @@ class Miniorange_Authentication {
|
|
| 2399 |
if($accepted_time<$time){
|
| 2400 |
if(MO2F_IS_ONPREM)
|
| 2401 |
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
|
| 2402 |
-
|
| 2403 |
-
|
| 2404 |
-
|
| 2405 |
else
|
| 2406 |
-
|
| 2407 |
-
|
| 2408 |
-
|
| 2409 |
-
|
| 2410 |
-
|
| 2411 |
-
|
| 2412 |
-
}
|
| 2413 |
-
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 2414 |
-
update_user_meta( $user->ID, 'mo2f_chat_id',get_user_meta($user->ID,'mo2f_temp_chatID',true));
|
| 2415 |
-
|
| 2416 |
-
delete_user_meta( $user->ID, 'mo2f_temp_chatID' );
|
| 2417 |
-
|
| 2418 |
-
delete_user_meta( $user->ID, 'mo2f_otp_token');
|
| 2419 |
-
delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
|
| 2420 |
-
mo2f_display_test_2fa_notification($user);
|
| 2421 |
-
update_option( 'mo2f_message','OTP Over Telegram is set as the second-factor. Enjoy the unlimited service.');
|
| 2422 |
-
$this->mo_auth_show_success_message();
|
| 2423 |
-
delete_user_meta($user->ID,'mo2f_telegram_time');
|
| 2424 |
-
}
|
| 2425 |
-
else
|
| 2426 |
-
{
|
| 2427 |
-
update_option( 'mo2f_message','OTP has been expired please reinitiate another transaction.');
|
| 2428 |
-
$this->mo_auth_show_error_message();
|
| 2429 |
-
delete_user_meta($user->ID,'mo2f_telegram_time');
|
| 2430 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2431 |
}
|
| 2432 |
else
|
| 2433 |
-
{
|
| 2434 |
-
update_option( 'mo2f_message','
|
| 2435 |
$this->mo_auth_show_error_message();
|
|
|
|
| 2436 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2437 |
|
| 2438 |
}}
|
| 2439 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_validate' ) {
|
| 2440 |
$nonce = $_POST['mo2f_configure_otp_over_sms_validate_nonce'];
|
| 2441 |
-
|
| 2442 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-validate-nonce' ) ) {
|
| 2443 |
$error = new WP_Error();
|
| 2444 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2549,191 +2553,153 @@ class Miniorange_Authentication {
|
|
| 2549 |
}
|
| 2550 |
|
| 2551 |
}else if ( ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_free_plan_auth_methods' ) ) {// user clicks on Set 2-Factor method
|
| 2552 |
-
|
|
|
|
| 2553 |
if ( ! wp_verify_nonce( $nonce, 'miniorange-save-form-auth-methods-nonce' ) ) {
|
| 2554 |
$error = new WP_Error();
|
| 2555 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2556 |
return $error;
|
| 2557 |
} else {
|
| 2558 |
-
|
| 2559 |
-
|
| 2560 |
|
| 2561 |
-
|
| 2562 |
|
| 2563 |
if($configuredMethod == 'OTPOverSMS')
|
| 2564 |
$configuredMethod = 'OTP Over SMS';
|
| 2565 |
|
| 2566 |
//limit exceed check
|
| 2567 |
-
|
| 2568 |
-
|
| 2569 |
-
|
| 2570 |
-
|
| 2571 |
-
|
| 2572 |
-
|
| 2573 |
-
|
| 2574 |
-
|
| 2575 |
-
|
| 2576 |
-
|
| 2577 |
-
|
| 2578 |
-
|
| 2579 |
-
|
| 2580 |
-
|
| 2581 |
-
|
| 2582 |
-
|
| 2583 |
-
|
| 2584 |
-
|
| 2585 |
-
|
| 2586 |
-
|
| 2587 |
-
|
| 2588 |
-
|
| 2589 |
-
|
| 2590 |
-
|
| 2591 |
-
|
| 2592 |
-
|
| 2593 |
-
|
| 2594 |
-
|
| 2595 |
-
|
| 2596 |
-
|
| 2597 |
-
|
| 2598 |
-
|
| 2599 |
$allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
|
| 2600 |
|
| 2601 |
if($is_customer_registered && !$is_end_user_registered and !$allowed){
|
| 2602 |
-
|
| 2603 |
-
|
| 2604 |
-
|
| 2605 |
-
|
| 2606 |
-
|
| 2607 |
-
|
| 2608 |
-
|
| 2609 |
-
|
| 2610 |
-
|
| 2611 |
-
|
| 2612 |
-
$Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 2613 |
-
'user_registration_with_miniorange' =>'SUCCESS',
|
| 2614 |
-
'mo2f_user_email' =>$email
|
| 2615 |
-
) );
|
| 2616 |
-
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
| 2617 |
-
|
| 2618 |
-
}
|
| 2619 |
-
else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
|
| 2620 |
-
|
| 2621 |
-
$content = json_decode($enduser->mo_create_user($user,$email), true);
|
| 2622 |
-
if(json_last_error() == JSON_ERROR_NONE) {
|
| 2623 |
-
if(strcasecmp($content['status'], 'SUCCESS') == 0) {
|
| 2624 |
-
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
| 2625 |
-
$Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 2626 |
-
'user_registration_with_miniorange' =>'SUCCESS',
|
| 2627 |
-
'mo2f_user_email' =>$email
|
| 2628 |
-
) );
|
| 2629 |
-
|
| 2630 |
-
}
|
| 2631 |
-
}
|
| 2632 |
-
|
| 2633 |
-
|
| 2634 |
-
}
|
| 2635 |
-
else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
|
| 2636 |
-
$mo2fa_login_message = __('The email associated with your account is already registered in miniOrange. Please Choose another email or contact miniOrange.','miniorange-2-factor-authentication');
|
| 2637 |
-
update_option('mo2f_message',$mo2fa_login_message);
|
| 2638 |
-
$this->mo_auth_show_error_message();
|
| 2639 |
-
}
|
| 2640 |
-
|
| 2641 |
-
}
|
| 2642 |
-
|
| 2643 |
-
}
|
| 2644 |
-
|
| 2645 |
-
update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
|
| 2646 |
-
if(MO2F_IS_ONPREM)
|
| 2647 |
-
{
|
| 2648 |
-
if($selected_2FA_method == 'EmailVerification')
|
| 2649 |
-
$selected_2FA_method = 'Email Verification';
|
| 2650 |
-
if($selected_2FA_method == 'OTPOverEmail')
|
| 2651 |
-
$selected_2FA_method = 'OTP Over Email';
|
| 2652 |
-
if($selected_2FA_method == 'OTPOverSMS')
|
| 2653 |
-
$selected_2FA_method = 'OTP Over SMS';
|
| 2654 |
-
if($selected_2FA_method == 'OTPOverTelegram')
|
| 2655 |
-
$selected_2FA_method = 'OTP Over Telegram';
|
| 2656 |
-
if($selected_2FA_method == 'OTPOverWhatsapp')
|
| 2657 |
-
$selected_2FA_method = 'OTP Over Whatsapp';
|
| 2658 |
-
}
|
| 2659 |
-
|
| 2660 |
-
if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification' or $selected_2FA_method == 'OTP Over Whatsapp' or $selected_2FA_method == 'OTP Over Telegram'))
|
| 2661 |
-
$is_customer_registered = 1;
|
| 2662 |
-
|
| 2663 |
-
if ( $is_customer_registered ) {
|
| 2664 |
-
$selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
|
| 2665 |
-
$selected_2FA_method = sanitize_text_field($selected_2FA_method);
|
| 2666 |
-
$selected_action = isset( $_POST['mo2f_selected_action_free_plan'] ) ? $_POST['mo2f_selected_action_free_plan'] : $_POST['mo2f_selected_action_standard_plan'];
|
| 2667 |
-
$selected_action = sanitize_text_field($selected_action);
|
| 2668 |
-
$user_phone = '';
|
| 2669 |
-
if ( isset( $_SESSION['user_phone'] ) ) {
|
| 2670 |
-
$user_phone = $_SESSION['user_phone'] != 'false' ? $_SESSION['user_phone'] : $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
|
| 2671 |
-
}
|
| 2672 |
|
| 2673 |
-
|
| 2674 |
-
|
| 2675 |
-
|
| 2676 |
-
|
| 2677 |
-
|
| 2678 |
-
$selected_2FA_method = 'OTP Over Whatsapp';
|
| 2679 |
-
if ( $selected_action == "select2factor" ) {
|
| 2680 |
-
|
| 2681 |
-
if ( $selected_2FA_method == 'OTP Over SMS' && $user_phone == 'false' ) {
|
| 2682 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PHONE_NOT_CONFIGURED" ) );
|
| 2683 |
-
$this->mo_auth_show_error_message();
|
| 2684 |
-
} else {
|
| 2685 |
-
// update in the Wordpress DB
|
| 2686 |
-
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 2687 |
-
$customer_key = get_option( 'mo2f_customerKey' );
|
| 2688 |
-
$api_key = get_option( 'mo2f_api_key' );
|
| 2689 |
-
$customer = new Customer_Setup();
|
| 2690 |
-
$cloud_method1 = array('miniOrange QR Code Authentication','miniOrange Push Notification','miniOrange Soft Token');
|
| 2691 |
-
if(($selected_2FA_method == "OTP Over Email") and MO2F_IS_ONPREM)
|
| 2692 |
-
{
|
| 2693 |
-
$check = 1;
|
| 2694 |
-
if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
|
| 2695 |
-
{
|
| 2696 |
-
update_site_option("bGltaXRSZWFjaGVk",1);
|
| 2697 |
-
$check = 0;
|
| 2698 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2699 |
}
|
| 2700 |
|
| 2701 |
|
| 2702 |
-
|
| 2703 |
-
|
| 2704 |
-
|
| 2705 |
-
|
| 2706 |
-
|
| 2707 |
-
|
| 2708 |
-
if($cmVtYWluaW5nT1RQ>0)
|
| 2709 |
-
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
| 2710 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
| 2711 |
-
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
| 2712 |
|
| 2713 |
-
|
| 2714 |
-
update_option( 'mo2f_transactionId', $response['txId'] );
|
| 2715 |
-
$this->mo_auth_show_success_message();
|
| 2716 |
|
| 2717 |
-
|
| 2718 |
-
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_ONPREM" ) );
|
| 2719 |
-
$this->mo_auth_show_error_message();
|
| 2720 |
|
| 2721 |
-
|
| 2722 |
-
|
| 2723 |
-
|
| 2724 |
-
|
| 2725 |
-
|
| 2726 |
-
|
| 2727 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2728 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2729 |
|
| 2730 |
-
if($selected_2FA_method != 'OTP Over Email')
|
| 2731 |
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
|
| 2732 |
|
| 2733 |
// update the server
|
| 2734 |
-
|
| 2735 |
-
|
| 2736 |
-
|
| 2737 |
"miniOrange QR Code Authentication",
|
| 2738 |
"miniOrange Soft Token",
|
| 2739 |
"miniOrange Push Notification",
|
|
@@ -2746,29 +2712,29 @@ class Miniorange_Authentication {
|
|
| 2746 |
"OTP Over SMS and Email",
|
| 2747 |
"Hardware Token"
|
| 2748 |
) ) ) {
|
| 2749 |
-
|
| 2750 |
-
} else {
|
| 2751 |
-
update_site_option('mo2f_enable_2fa_prompt_on_login_page', 0 );
|
| 2752 |
-
}
|
| 2753 |
|
| 2754 |
-
|
| 2755 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2756 |
|
| 2757 |
//show configuration form of respective Two Factor method
|
| 2758 |
-
|
| 2759 |
-
|
| 2760 |
-
|
| 2761 |
|
| 2762 |
-
|
| 2763 |
-
|
| 2764 |
-
|
| 2765 |
-
|
| 2766 |
|
| 2767 |
-
|
| 2768 |
}
|
| 2769 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_for_users_option' ) {
|
| 2770 |
$nonce = $_POST['mo2f_enable_2FA_for_users_option_nonce'];
|
| 2771 |
-
|
| 2772 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-for-users-option-nonce' ) ) {
|
| 2773 |
$error = new WP_Error();
|
| 2774 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2779,7 +2745,7 @@ class Miniorange_Authentication {
|
|
| 2779 |
}
|
| 2780 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_disable_proxy_setup_option' ) {
|
| 2781 |
$nonce = $_POST['mo2f_disable_proxy_setup_option_nonce'];
|
| 2782 |
-
|
| 2783 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-disable-proxy-setup-option-nonce' ) ) {
|
| 2784 |
$error = new WP_Error();
|
| 2785 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2795,7 +2761,7 @@ class Miniorange_Authentication {
|
|
| 2795 |
}
|
| 2796 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_option' ) {
|
| 2797 |
$nonce = $_POST['mo2f_enable_2FA_option_nonce'];
|
| 2798 |
-
|
| 2799 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-option-nonce' ) ) {
|
| 2800 |
$error = new WP_Error();
|
| 2801 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2806,7 +2772,7 @@ class Miniorange_Authentication {
|
|
| 2806 |
}
|
| 2807 |
// }else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_on_login_page_option' ) {
|
| 2808 |
// $nonce = $_POST['mo2f_enable_2FA_on_login_page_option_nonce'];
|
| 2809 |
-
|
| 2810 |
// if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-on-login-page-option-nonce' ) ) {
|
| 2811 |
// $error = new WP_Error();
|
| 2812 |
// $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -2839,33 +2805,33 @@ class Miniorange_Authentication {
|
|
| 2839 |
if ( $selected_2FA_method == 'Security Questions' ) {
|
| 2840 |
|
| 2841 |
|
| 2842 |
-
|
| 2843 |
|
| 2844 |
-
|
| 2845 |
-
|
| 2846 |
-
|
| 2847 |
-
|
| 2848 |
-
|
| 2849 |
|
| 2850 |
-
|
| 2851 |
-
|
| 2852 |
// $_SESSION['mo_2_factor_kba_questions'] = $questions;
|
| 2853 |
-
|
| 2854 |
// update_option( 'kba_questions', $questions );
|
| 2855 |
-
|
| 2856 |
-
|
| 2857 |
-
|
| 2858 |
-
|
| 2859 |
-
|
| 2860 |
-
|
| 2861 |
-
|
| 2862 |
-
|
| 2863 |
-
|
| 2864 |
-
|
| 2865 |
-
|
| 2866 |
-
|
| 2867 |
-
|
| 2868 |
-
|
| 2869 |
|
| 2870 |
|
| 2871 |
} else if ( $selected_2FA_method == 'miniOrange Push Notification' ) {
|
|
@@ -2925,7 +2891,7 @@ class Miniorange_Authentication {
|
|
| 2925 |
update_user_meta($user->ID,'mo2f_whatsapp_time',time());
|
| 2926 |
|
| 2927 |
$url = 'https://api.callmebot.com/whatsapp.php?phone='.$whatsappNum.'&text=Please+find+your+one+time+passcode:+'.$otpToken.'&apikey='.$whatsappID;
|
| 2928 |
-
|
| 2929 |
$data = file_get_contents($url);
|
| 2930 |
if(strpos($data, 'Message queued') !== false)
|
| 2931 |
{
|
|
@@ -2937,7 +2903,7 @@ class Miniorange_Authentication {
|
|
| 2937 |
{
|
| 2938 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your configuration.');
|
| 2939 |
$this->mo_auth_show_error_message();
|
| 2940 |
-
|
| 2941 |
}
|
| 2942 |
}
|
| 2943 |
}
|
|
@@ -2954,7 +2920,7 @@ class Miniorange_Authentication {
|
|
| 2954 |
|
| 2955 |
update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
|
| 2956 |
update_user_meta($user->ID,'mo2f_telegram_time',time());
|
| 2957 |
-
|
| 2958 |
$url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
|
| 2959 |
$postdata = array( 'mo2f_otp_token' => $otpToken,
|
| 2960 |
'mo2f_chatid' => $chatID
|
|
@@ -2963,15 +2929,15 @@ class Miniorange_Authentication {
|
|
| 2963 |
$handle = curl_init();
|
| 2964 |
|
| 2965 |
curl_setopt_array($handle,
|
| 2966 |
-
|
| 2967 |
-
|
| 2968 |
-
|
| 2969 |
-
|
| 2970 |
-
|
| 2971 |
-
|
| 2972 |
-
|
| 2973 |
-
|
| 2974 |
-
|
| 2975 |
);
|
| 2976 |
|
| 2977 |
$data = curl_exec($handle);
|
|
@@ -2985,10 +2951,10 @@ class Miniorange_Authentication {
|
|
| 2985 |
{
|
| 2986 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
|
| 2987 |
$this->mo_auth_show_error_message();
|
| 2988 |
-
|
| 2989 |
}
|
| 2990 |
}
|
| 2991 |
-
|
| 2992 |
|
| 2993 |
$phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
|
| 2994 |
$check = 1;
|
|
@@ -3013,14 +2979,14 @@ class Miniorange_Authentication {
|
|
| 3013 |
{
|
| 3014 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
| 3015 |
if($cmVtYWluaW5nT1RQ>0)
|
| 3016 |
-
|
| 3017 |
}
|
| 3018 |
else if($selected_2FA_method == 'OTP Over SMS')
|
| 3019 |
{
|
| 3020 |
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
| 3021 |
if($mo2f_sms>0)
|
| 3022 |
-
|
| 3023 |
-
|
| 3024 |
}
|
| 3025 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
| 3026 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
|
@@ -3034,7 +3000,7 @@ class Miniorange_Authentication {
|
|
| 3034 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP" ) );
|
| 3035 |
else
|
| 3036 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_ONPREM" ) );
|
| 3037 |
-
|
| 3038 |
$this->mo_auth_show_error_message();
|
| 3039 |
|
| 3040 |
}
|
|
@@ -3079,7 +3045,7 @@ class Miniorange_Authentication {
|
|
| 3079 |
|
| 3080 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_go_back' ) {
|
| 3081 |
$nonce = $_POST['mo2f_go_back_nonce'];
|
| 3082 |
-
|
| 3083 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-go-back-nonce' ) ) {
|
| 3084 |
$error = new WP_Error();
|
| 3085 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
|
@@ -3130,7 +3096,7 @@ class Miniorange_Authentication {
|
|
| 3130 |
if ( $mo2f_register_with_another_email || $is_EC || $is_NNC ) {
|
| 3131 |
update_option( 'mo2f_register_with_another_email', 0 );
|
| 3132 |
$users = get_users( array() );
|
| 3133 |
-
|
| 3134 |
$url = admin_url( 'plugins.php' );
|
| 3135 |
wp_redirect( $url );
|
| 3136 |
}
|
|
@@ -3153,33 +3119,33 @@ class Miniorange_Authentication {
|
|
| 3153 |
function mo2f_show_email_page($email )
|
| 3154 |
{
|
| 3155 |
?>
|
| 3156 |
-
|
| 3157 |
-
|
| 3158 |
-
|
| 3159 |
-
|
| 3160 |
-
|
| 3161 |
-
|
| 3162 |
-
|
| 3163 |
-
|
| 3164 |
-
|
| 3165 |
-
|
| 3166 |
-
|
| 3167 |
-
|
| 3168 |
-
|
| 3169 |
-
|
| 3170 |
-
|
| 3171 |
-
|
| 3172 |
-
|
| 3173 |
-
|
| 3174 |
-
|
| 3175 |
-
|
| 3176 |
-
|
| 3177 |
-
|
| 3178 |
-
|
| 3179 |
-
|
| 3180 |
-
|
| 3181 |
-
|
| 3182 |
-
|
| 3183 |
|
| 3184 |
<?php
|
| 3185 |
|
|
@@ -3318,7 +3284,7 @@ class Miniorange_Authentication {
|
|
| 3318 |
if ( ! empty( $mo2f_customer_selected_plan ) ) {
|
| 3319 |
delete_option( 'mo2f_customer_selected_plan' );
|
| 3320 |
header( 'Location: admin.php?page=mo_2fa_upgrade' );
|
| 3321 |
-
|
| 3322 |
header( 'Location: admin.php?page=mo_2fa_two_fa' );
|
| 3323 |
}
|
| 3324 |
|
|
@@ -3335,29 +3301,29 @@ class Miniorange_Authentication {
|
|
| 3335 |
}
|
| 3336 |
|
| 3337 |
public static function mo2f_get_GA_parameters($user){
|
| 3338 |
-
|
| 3339 |
-
|
| 3340 |
-
|
| 3341 |
$gauth_name= get_option('mo2f_google_appname');
|
| 3342 |
$gauth_name = $gauth_name ? $gauth_name : 'miniOrangeAu';
|
| 3343 |
-
|
| 3344 |
-
|
| 3345 |
-
|
| 3346 |
-
|
| 3347 |
-
|
| 3348 |
-
|
| 3349 |
// $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
|
| 3350 |
-
|
| 3351 |
-
|
| 3352 |
-
|
| 3353 |
-
|
| 3354 |
-
|
| 3355 |
-
|
| 3356 |
-
|
| 3357 |
-
|
| 3358 |
-
|
| 3359 |
-
|
| 3360 |
-
|
| 3361 |
|
| 3362 |
function mo_auth_show_error_message() {
|
| 3363 |
do_action('wpns_show_message', get_option( 'mo2f_message' ), 'ERROR');
|
|
@@ -3513,9 +3479,9 @@ class Miniorange_Authentication {
|
|
| 3513 |
|
| 3514 |
function miniorange_email_verification_call( $current_user ) {
|
| 3515 |
global $Mo2fdbQueries;
|
| 3516 |
-
|
| 3517 |
|
| 3518 |
-
|
| 3519 |
{
|
| 3520 |
|
| 3521 |
$challengeMobile = new Customer_Setup();
|
|
@@ -3571,7 +3537,7 @@ class Miniorange_Authentication {
|
|
| 3571 |
</tr>
|
| 3572 |
</tbody>
|
| 3573 |
</table>';
|
| 3574 |
-
|
| 3575 |
if($result){
|
| 3576 |
$time = "time".$txid;
|
| 3577 |
$currentTimeInMillis = round(microtime(true) * 1000);
|
|
@@ -3582,7 +3548,7 @@ class Miniorange_Authentication {
|
|
| 3582 |
update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
|
| 3583 |
$this->mo_auth_show_error_message();
|
| 3584 |
}
|
| 3585 |
-
|
| 3586 |
}
|
| 3587 |
else
|
| 3588 |
{
|
|
@@ -3615,23 +3581,23 @@ class Miniorange_Authentication {
|
|
| 3615 |
}
|
| 3616 |
static function low_otp_alert( $auth_type) {
|
| 3617 |
global $Mo2fdbQueries;
|
| 3618 |
-
|
| 3619 |
-
|
| 3620 |
{
|
| 3621 |
$count=0;
|
| 3622 |
if($auth_type =="email"){
|
| 3623 |
$subject = 'Two Factor Authentication(Low Email Alert)';
|
| 3624 |
-
$count = get_site_option('cmVtYWluaW5nT1RQ')-1;
|
| 3625 |
-
$string = 'Email';
|
| 3626 |
}
|
| 3627 |
else if($auth_type =="sms"){
|
| 3628 |
-
$subject
|
| 3629 |
-
$count = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1;
|
| 3630 |
$string = 'SMS';
|
| 3631 |
}
|
| 3632 |
$admin_url = network_site_url();
|
| 3633 |
-
$url = explode('/wp-admin/admin.php?page=mo_2fa_upgrade', $admin_url);
|
| 3634 |
-
$headers
|
| 3635 |
$headers[] = 'Cc: 2fasupport <2fasupport@xecurify.com>';
|
| 3636 |
$message = '<table cellpadding="25" style="margin:0px auto">
|
| 3637 |
<tbody>
|
|
@@ -3663,57 +3629,57 @@ class Miniorange_Authentication {
|
|
| 3663 |
</tr>
|
| 3664 |
</tbody>
|
| 3665 |
</table>';
|
| 3666 |
-
|
| 3667 |
if($result){
|
| 3668 |
$currentTimeInMillis = round(microtime(true) * 1000);
|
| 3669 |
update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
|
| 3670 |
-
|
| 3671 |
}
|
| 3672 |
-
|
| 3673 |
}
|
| 3674 |
|
| 3675 |
}
|
| 3676 |
-
|
| 3677 |
-
|
| 3678 |
|
| 3679 |
-
|
| 3680 |
-
|
| 3681 |
-
|
| 3682 |
-
if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
|
| 3683 |
-
update_option( 'mo2f_is_NC', 0 );
|
| 3684 |
-
} else {
|
| 3685 |
-
update_option( 'mo2f_is_NC', 1 );
|
| 3686 |
-
update_option( 'mo2f_is_NNC', 1 );
|
| 3687 |
-
}
|
| 3688 |
|
| 3689 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3690 |
|
| 3691 |
-
|
| 3692 |
-
update_option('mo2f_data_storage',null);
|
| 3693 |
-
global $Mo2fdbQueries;
|
| 3694 |
-
$Mo2fdbQueries->mo_plugin_activate();
|
| 3695 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3696 |
|
| 3697 |
-
}
|
| 3698 |
|
| 3699 |
-
|
| 3700 |
-
if ( ! is_user_logged_in() && mo2f_is_customer_registered() ) {
|
| 3701 |
-
$mo2f_shorcode = new MO2F_ShortCode();
|
| 3702 |
-
$html = $mo2f_shorcode->mo2FAFormShortCode( $atts );
|
| 3703 |
|
| 3704 |
-
|
| 3705 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3706 |
}
|
|
|
|
| 3707 |
|
| 3708 |
-
|
| 3709 |
-
|
| 3710 |
-
|
| 3711 |
-
|
| 3712 |
|
| 3713 |
-
|
| 3714 |
-
}
|
| 3715 |
}
|
| 3716 |
}
|
|
|
|
| 3717 |
|
| 3718 |
function mo2f_is_customer_registered() {
|
| 3719 |
$email = get_option( 'mo2f_email' );
|
| 25 |
add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
|
| 26 |
//for shortcode addon
|
| 27 |
$mo2f_ns_config = new MoWpnsUtility();
|
| 28 |
+
|
| 29 |
//strong password file
|
| 30 |
$mo2f_strong_password = new class_miniorange_2fa_strong_password();
|
| 31 |
+
|
| 32 |
if($mo2f_ns_config->hasLoginCookie())
|
| 33 |
{
|
| 34 |
add_action('user_profile_update_errors', array( $mo2f_strong_password, 'validatePassword'), 0, 3 );
|
| 70 |
) );
|
| 71 |
|
| 72 |
if(get_site_option('mo2f_woocommerce_login_prompt')){
|
| 73 |
+
add_action( 'woocommerce_login_form', array(
|
| 74 |
+
$pass2fa_login,
|
| 75 |
+
'mo_2_factor_pass2login_show_wp_login_form'
|
| 76 |
+
) );
|
| 77 |
+
}
|
| 78 |
+
else if(!get_site_option('mo2f_woocommerce_login_prompt') && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option') ) {
|
| 79 |
+
add_action('woocommerce_login_form_end' ,array(
|
| 80 |
+
$pass2fa_login,
|
| 81 |
+
'mo_2_factor_pass2login_woocommerce'
|
| 82 |
+
) );
|
| 83 |
+
}
|
| 84 |
add_action( 'wp_enqueue_scripts', array(
|
| 85 |
$pass2fa_login,
|
| 86 |
'mo_2_factor_enable_jquery_default_login'
|
| 128 |
$userid = wp_get_current_user()->ID;
|
| 129 |
add_option('mo2f_onprem_admin' , $userid );
|
| 130 |
if(is_multisite()){
|
| 131 |
+
add_site_option('mo2fa_superadmin',1);
|
| 132 |
+
}
|
| 133 |
// Deciding on On-Premise solution
|
| 134 |
$is_NC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
|
| 135 |
$is_NNC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
|
| 153 |
}
|
| 154 |
if(get_option('mo2f_encryption_key',"not_exits")=="not_exits"){
|
| 155 |
$get_encryption_key = MO2f_Utility::random_str(16);
|
| 156 |
+
update_option('mo2f_encryption_key',$get_encryption_key);
|
| 157 |
+
|
| 158 |
}
|
| 159 |
+
global $Mo2fdbQueries;
|
| 160 |
$user_id = get_option( 'mo2f_miniorange_admin' );
|
| 161 |
$current_db_version = get_option( 'mo2f_dbversion' );
|
| 162 |
|
| 167 |
}
|
| 168 |
if(MO2F_IS_ONPREM){
|
| 169 |
$twofactordb = new Mo2fDB;
|
| 170 |
+
$userSync = get_site_option('mo2f_user_sync');
|
| 171 |
+
if($userSync<1){
|
| 172 |
+
update_site_option('mo2f_user_sync',1);
|
| 173 |
+
$twofactordb->get_all_onprem_userids();
|
| 174 |
+
}
|
| 175 |
}
|
| 176 |
|
| 177 |
if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
|
| 230 |
}
|
| 231 |
|
| 232 |
$mo2f_external_app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true ) == 'AUTHY 2-FACTOR AUTHENTICATION' ?
|
| 233 |
+
'Authy Authenticator' : 'Google Authenticator';
|
| 234 |
|
| 235 |
update_user_meta( $user_id, 'mo2f_external_app_type', $mo2f_external_app_type );
|
| 236 |
|
| 315 |
if ( $selected_2_Factor_method == 'NONE' ) {
|
| 316 |
if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option') || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
|
| 317 |
echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
|
| 318 |
+
'<a href="admin.php?page=mo_2fa_two_fa">' . mo2f_lt( ' Click here' ) . '</a>' . mo2f_lt( ' to set it up.' ) .
|
| 319 |
+
'<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
|
| 320 |
}
|
| 321 |
}
|
| 322 |
}
|
| 324 |
|
| 325 |
function mo_auth_success_message() {
|
| 326 |
$message = get_option( 'mo2f_message' ); ?>
|
| 327 |
+
<script>
|
| 328 |
+
jQuery(document).ready(function () {
|
| 329 |
+
var message = "<?php echo $message; ?>";
|
| 330 |
+
jQuery('#messages').append("<div style='padding:5px;'><div class='error notice is-dismissible mo2f_error_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 99999;background-color: bisque;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
|
| 331 |
+
});
|
| 332 |
+
</script>
|
| 333 |
<?php
|
| 334 |
}
|
| 335 |
|
| 336 |
function mo_auth_error_message() {
|
| 337 |
$message = get_option( 'mo2f_message' ); ?>
|
| 338 |
|
| 339 |
+
<script>
|
| 340 |
+
jQuery(document).ready(function () {
|
| 341 |
+
var message = "<?php echo $message; ?>";
|
| 342 |
+
jQuery('#messages').append("<div style='padding:5px;'><div class='updated notice is-dismissible mo2f_success_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 9999;background-color: #bcffb4;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
|
| 343 |
+
});
|
| 344 |
+
</script>
|
| 345 |
<?php
|
| 346 |
|
| 347 |
}
|
| 357 |
$is_2fa_enabled_for_users = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option');
|
| 358 |
$can_current_user_manage_options = current_user_can( 'manage_options' );
|
| 359 |
$admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
|
| 360 |
+
? true : false;
|
| 361 |
|
| 362 |
if(MO2F_IS_ONPREM)
|
| 363 |
{
|
| 378 |
function hookpages() {
|
| 379 |
$url = explode('handler',plugin_dir_url(__FILE__));
|
| 380 |
if(get_site_option('mo2f_enable_custom_icon')!=1)
|
| 381 |
+
$iconurl = $url[0] . '/includes/images/miniorange_icon.png';
|
| 382 |
+
else
|
| 383 |
+
$iconurl = site_url(). '/wp-content/uploads/miniorange/plugin_icon.png';
|
| 384 |
$menu_slug = 'miniOrange_2_factor_settings';
|
| 385 |
add_menu_page( 'miniOrange 2 Factor Auth', MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
|
| 386 |
}
|
| 393 |
}
|
| 394 |
|
| 395 |
function mo_2_factor_enable_frontend_style() {
|
| 396 |
+
wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url( 'includes/css/front_end_login.css?version='.MO2F_VERSION.'', __FILE__ ) );
|
| 397 |
wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
|
| 398 |
wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
|
| 399 |
wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
|
| 434 |
}
|
| 435 |
if ( array_key_exists( 'page', $_REQUEST ) && $_REQUEST['page'] == 'mo_2fa_two_fa' ) {
|
| 436 |
if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
|
| 437 |
+
session_start();
|
| 438 |
}
|
| 439 |
}
|
| 440 |
|
| 476 |
}
|
| 477 |
}else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_skiplogin'){
|
| 478 |
$nonce = $_POST['mo2f_skiplogin_nonce'];
|
| 479 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skiplogin-failed-nonce' ) ) {
|
| 480 |
$error = new WP_Error();
|
| 481 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 482 |
return $error;
|
| 483 |
} else {
|
| 484 |
+
update_option('mo2f_tour_started',2);
|
| 485 |
}
|
| 486 |
}else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_userlogout'){
|
| 487 |
+
$nonce = $_POST['mo2f_userlogout_nonce'];
|
| 488 |
+
if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-userlogout-failed-nonce' ) ) {
|
| 489 |
$error = new WP_Error();
|
| 490 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 491 |
return $error;
|
| 492 |
} else {
|
| 493 |
+
update_option('mo2f_tour_started',2);
|
| 494 |
+
wp_logout();
|
| 495 |
+
wp_redirect(admin_url());
|
| 496 |
+
}
|
| 497 |
}else if(isset($_POST['option']) and $_POST['option'] == 'restart_plugin_tour'){
|
| 498 |
$nonce = $_POST['_wpnonce'];
|
| 499 |
if ( ! wp_verify_nonce( $nonce, 'restart_plugin_tour' ) ) {
|
| 501 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 502 |
return $error;
|
| 503 |
} else {
|
| 504 |
+
$page = isset($_POST['page'])? $_POST['page'] : '';
|
| 505 |
+
$page = sanitize_text_field($page);
|
| 506 |
+
update_option('mo2f_two_factor_tour',0);
|
| 507 |
+
update_option('mo2f_tour_firewall',0);
|
| 508 |
+
update_option('mo2f_tour_loginSpam',0);
|
| 509 |
+
update_option('mo2f_tour_backup',0);
|
| 510 |
+
update_option('mo2f_tour_malware_scan',0);
|
| 511 |
+
update_option('mo2f_tour_advance_blocking',0);
|
| 512 |
+
switch ($_REQUEST['page']) {
|
| 513 |
+
case 'mo_2fa_two_fa':
|
| 514 |
update_option('mo2f_two_factor_tour',1);
|
| 515 |
break;
|
| 516 |
+
case 'mo_2fa_waf':
|
| 517 |
update_option('mo2f_tour_firewall',1);
|
| 518 |
break;
|
| 519 |
+
case 'mo_2fa_login_and_spam':
|
| 520 |
update_option('mo2f_tour_loginSpam',1);
|
| 521 |
break;
|
| 522 |
+
case 'mo_2fa_backup':
|
| 523 |
update_option('mo2f_tour_backup',1);
|
| 524 |
break;
|
| 525 |
+
case 'mo_2fa_malwarescan':
|
| 526 |
update_option('mo2f_tour_malware_scan',1);
|
| 527 |
break;
|
| 528 |
+
case 'mo_2fa_advancedblocking':
|
| 529 |
update_option('mo2f_tour_advance_blocking',1);
|
| 530 |
break;
|
| 531 |
+
}
|
| 532 |
+
if($page != '')
|
| 533 |
+
{
|
| 534 |
+
$url = get_option('siteurl').'/wp-admin/admin.php?page='.$page;
|
| 535 |
+
wp_redirect($url);
|
| 536 |
+
exit;
|
| 537 |
+
}
|
| 538 |
+
$redirect=explode('&',htmlentities($_SERVER['REQUEST_URI']))[0];
|
| 539 |
+
header("Location: ".$redirect);
|
| 540 |
+
return;
|
| 541 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 542 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_save_proxy_settings" ) {
|
| 543 |
$nonce = $_POST['mo2f_save_proxy_settings_nonce'];
|
| 544 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-save-proxy-settings-nonce' ) ) {
|
| 672 |
}
|
| 673 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_verify_customer" ) { //register the admin to miniOrange if already exist
|
| 674 |
|
| 675 |
+
$nonce = $_POST['miniorange_verify_customer_nonce'];
|
| 676 |
+
|
| 677 |
if ( ! wp_verify_nonce( $nonce, 'miniorange-verify-customer-nonce' ) ) {
|
| 678 |
$error = new WP_Error();
|
| 679 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 680 |
|
| 681 |
return $error;
|
| 682 |
} else {
|
| 683 |
+
|
| 684 |
//validation and sanitization
|
| 685 |
$email = '';
|
| 686 |
$password = '';
|
| 687 |
$Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
|
| 688 |
|
| 689 |
+
|
| 690 |
if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) ) {
|
| 691 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
|
| 692 |
$this->mo_auth_show_error_message();
|
| 702 |
$customer = new Customer_Setup();
|
| 703 |
$content = $customer->get_customer_key();
|
| 704 |
$customerKey = json_decode( $content, true );
|
| 705 |
+
|
| 706 |
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 707 |
if ( is_array( $customerKey ) && array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
|
| 708 |
update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
|
| 773 |
$mo2f_message .= ' ' . '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
|
| 774 |
|
| 775 |
delete_user_meta( $user->ID, 'register_account_popup' );
|
| 776 |
+
|
| 777 |
$mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
|
| 778 |
if ( ! empty( $mo2f_customer_selected_plan ) ) {
|
| 779 |
delete_option( 'mo2f_customer_selected_plan' );
|
| 833 |
}
|
| 834 |
|
| 835 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_resend_otp" ) { //resend OTP over email for admin
|
| 836 |
+
|
| 837 |
$nonce = $_POST['mo_2factor_resend_otp_nonce'];
|
| 838 |
+
|
| 839 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-otp-nonce' ) ) {
|
| 840 |
$error = new WP_Error();
|
| 841 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 869 |
update_option( 'mo2f_bug_fix_done', 1 );
|
| 870 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_validate_otp" ) { //validate OTP over email for admin
|
| 871 |
|
| 872 |
+
$nonce = $_POST['mo_2factor_validate_otp_nonce'];
|
| 873 |
+
|
| 874 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-otp-nonce' ) ) {
|
| 875 |
$error = new WP_Error();
|
| 876 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 915 |
|
| 916 |
//validation and sanitization
|
| 917 |
$nonce = $_POST['mo_2factor_validate_user_otp_nonce'];
|
| 918 |
+
|
| 919 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-user-otp-nonce' ) ) {
|
| 920 |
$error = new WP_Error();
|
| 921 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 956 |
}
|
| 957 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_send_query" ) { //Help me or support
|
| 958 |
$nonce = $_POST['mo_2factor_send_query_nonce'];
|
| 959 |
+
|
| 960 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-send-query-nonce' ) ) {
|
| 961 |
$error = new WP_Error();
|
| 962 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 963 |
|
| 964 |
return $error;
|
| 965 |
} else {
|
| 966 |
+
|
| 967 |
$query = '';
|
| 968 |
if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['EMAIL_MANDATORY'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['query'] ) ) {
|
| 969 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_MANDATORY" ) );
|
| 1079 |
if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_fix_database_error' ) {
|
| 1080 |
$nonce = $_POST['mo2f_fix_database_error_nonce'];
|
| 1081 |
|
| 1082 |
+
if ( ! wp_verify_nonce( $nonce, 'mo2f-fix-database-error-nonce' ) ) {
|
| 1083 |
+
$error = new WP_Error();
|
| 1084 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1085 |
|
| 1086 |
+
return $error;
|
| 1087 |
+
} else {
|
| 1088 |
+
global $Mo2fdbQueries;
|
| 1089 |
|
| 1090 |
+
$Mo2fdbQueries->database_table_issue();
|
| 1091 |
|
| 1092 |
+
}
|
| 1093 |
+
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_skip_feedback' ) {
|
| 1094 |
|
| 1095 |
$nonce = $_POST['mo2f_skip_feedback_nonce'];
|
| 1096 |
|
| 1097 |
+
if ( ! wp_verify_nonce( $nonce, 'mo2f-skip-feedback-nonce' ) ) {
|
| 1098 |
+
$error = new WP_Error();
|
| 1099 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1100 |
|
| 1101 |
+
return $error;
|
| 1102 |
+
} else {
|
| 1103 |
+
deactivate_plugins( '/miniorange-2-factor-authentication/miniorange_2_factor_settings.php' );
|
| 1104 |
+
}
|
| 1105 |
|
| 1106 |
}else if ( isset( $_POST['mo2f_feedback'] ) and $_POST['mo2f_feedback'] == 'mo2f_feedback' ) {
|
| 1107 |
|
| 1108 |
$nonce = $_POST['mo2f_feedback_nonce'];
|
| 1109 |
|
| 1110 |
+
if ( ! wp_verify_nonce( $nonce, 'mo2f-feedback-nonce' ) ) {
|
| 1111 |
+
$error = new WP_Error();
|
| 1112 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1113 |
|
| 1114 |
+
return $error;
|
| 1115 |
+
} else {
|
| 1116 |
$reasons_not_to_worry_about = array( "Upgrading to Standard / Premium", "Temporary deactivation - Testing" );
|
| 1117 |
|
| 1118 |
$message = 'Plugin Deactivated:';
|
| 1179 |
|
| 1180 |
$nonce = $_POST['mo_2factor_resend_user_otp_nonce'];
|
| 1181 |
|
| 1182 |
+
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-user-otp-nonce' ) ) {
|
| 1183 |
+
$error = new WP_Error();
|
| 1184 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1185 |
|
| 1186 |
+
return $error;
|
| 1187 |
+
} else {
|
| 1188 |
+
$customer = new Customer_Setup();
|
| 1189 |
+
$content = json_decode( $customer->send_otp_token( get_user_meta( $user->ID, 'user_email', true ), 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
| 1190 |
+
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
|
| 1191 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( get_user_meta( $user->ID, 'user_email', true ) ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
| 1192 |
+
update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
|
| 1193 |
+
$mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
|
| 1194 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
|
| 1195 |
+
$this->mo_auth_show_success_message();
|
| 1196 |
} else {
|
| 1197 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
|
| 1198 |
+
$mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
|
| 1199 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
|
| 1200 |
+
$this->mo_auth_show_error_message();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1201 |
|
|
|
|
| 1202 |
}
|
| 1203 |
+
}
|
| 1204 |
|
| 1205 |
}else if ( isset( $_POST['option'] ) and ( $_POST['option'] == "mo2f_configure_miniorange_authenticator_validate" || $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete' ) ) { //mobile registration successfully complete for all users
|
| 1206 |
|
| 1207 |
$nonce = $_POST['mo2f_configure_miniorange_authenticator_validate_nonce'];
|
| 1208 |
|
| 1209 |
+
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-miniorange-authenticator-validate-nonce' ) ) {
|
| 1210 |
+
$error = new WP_Error();
|
| 1211 |
+
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1212 |
|
| 1213 |
+
return $error;
|
| 1214 |
+
} else {
|
| 1215 |
+
delete_option( 'mo2f_transactionId' );
|
| 1216 |
+
$session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
|
| 1217 |
+
MO2f_Utility::unset_session_variables( $session_variables );
|
| 1218 |
|
| 1219 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1220 |
+
$TwoFA_method_to_configure = get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', true );
|
| 1221 |
+
$enduser = new Two_Factor_Setup();
|
| 1222 |
+
$current_method = MO2f_Utility::mo2f_decode_2_factor( $TwoFA_method_to_configure, "server" );
|
| 1223 |
|
| 1224 |
+
$response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, null, null, null ), true );
|
| 1225 |
|
| 1226 |
+
if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
|
| 1227 |
+
if ( $response['status'] == 'ERROR' ) {
|
| 1228 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
|
| 1229 |
|
| 1230 |
+
$this->mo_auth_show_error_message();
|
| 1231 |
|
| 1232 |
|
| 1233 |
+
} else if ( $response['status'] == 'SUCCESS' ) {
|
| 1234 |
|
| 1235 |
+
$selectedMethod = $TwoFA_method_to_configure;
|
| 1236 |
|
| 1237 |
+
delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
|
| 1238 |
|
| 1239 |
|
| 1240 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 1241 |
+
'mo2f_configured_2FA_method' => $selectedMethod,
|
| 1242 |
+
'mobile_registration_status' => true,
|
| 1243 |
+
'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
|
| 1244 |
+
'mo2f_miniOrangeSoftToken_config_status' => true,
|
| 1245 |
+
'mo2f_miniOrangePushNotification_config_status' => true,
|
| 1246 |
+
'user_registration_with_miniorange' => 'SUCCESS',
|
| 1247 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
|
| 1248 |
+
) );
|
| 1249 |
|
| 1250 |
+
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 1251 |
//update_user_meta( $user->ID, 'currentMethod' , $selectedMethod);
|
| 1252 |
+
mo2f_display_test_2fa_notification($user);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1253 |
|
| 1254 |
} else {
|
| 1255 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
|
| 1256 |
$this->mo_auth_show_error_message();
|
| 1257 |
}
|
| 1258 |
+
|
| 1259 |
+
} else {
|
| 1260 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
|
| 1261 |
+
$this->mo_auth_show_error_message();
|
| 1262 |
}
|
| 1263 |
+
}
|
| 1264 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_success' ) { // mobile registration for all users(common)
|
| 1265 |
|
| 1266 |
$nonce = $_POST['mo2f_mobile_authenticate_success_nonce'];
|
| 1267 |
+
|
| 1268 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-success-nonce' ) ) {
|
| 1269 |
$error = new WP_Error();
|
| 1270 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1271 |
|
| 1272 |
return $error;
|
| 1273 |
} else {
|
| 1274 |
+
|
| 1275 |
if ( current_user_can( 'manage_options' ) ) {
|
| 1276 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
|
| 1277 |
+
} else {
|
| 1278 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
|
| 1279 |
+
}
|
| 1280 |
|
| 1281 |
+
$session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
|
| 1282 |
+
MO2f_Utility::unset_session_variables( $session_variables );
|
| 1283 |
|
| 1284 |
+
delete_user_meta( $user->ID, 'test_2FA' );
|
| 1285 |
+
$this->mo_auth_show_success_message();
|
| 1286 |
}
|
| 1287 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_error' ) { //mobile registration failed for all users(common)
|
| 1288 |
$nonce = $_POST['mo2f_mobile_authenticate_error_nonce'];
|
| 1289 |
+
|
| 1290 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-error-nonce' ) ) {
|
| 1291 |
$error = new WP_Error();
|
| 1292 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1306 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_refresh_mobile_qrcode" ) { // refrsh Qrcode for all users
|
| 1307 |
|
| 1308 |
$nonce = $_POST['mo_auth_refresh_mobile_qrcode_nonce'];
|
| 1309 |
+
|
| 1310 |
if ( ! wp_verify_nonce( $nonce, 'mo-auth-refresh-mobile-qrcode-nonce' ) ) {
|
| 1311 |
$error = new WP_Error();
|
| 1312 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1410 |
}
|
| 1411 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_backto_user_registration' ) { //back to registration page for additional admin and non-admin
|
| 1412 |
$nonce = $_POST['mo_2factor_backto_user_registration_nonce'];
|
| 1413 |
+
|
| 1414 |
if ( ! wp_verify_nonce( $nonce, 'mo-2factor-backto-user-registration-nonce' ) ) {
|
| 1415 |
$error = new WP_Error();
|
| 1416 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1426 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_soft_token' ) { // validate Soft Token during test for all users
|
| 1427 |
|
| 1428 |
$nonce = $_POST['mo2f_validate_soft_token_nonce'];
|
| 1429 |
+
|
| 1430 |
+
|
| 1431 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-soft-token-nonce' ) ) {
|
| 1432 |
$error = new WP_Error();
|
| 1433 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1468 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_Whatsapp' ) { //validate otp over Telegram
|
| 1469 |
|
| 1470 |
$nonce = $_POST['mo2f_validate_otp_over_Whatsapp_nonce'];
|
| 1471 |
+
|
| 1472 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-Whatsapp-nonce' ) ) {
|
| 1473 |
$error = new WP_Error();
|
| 1474 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1478 |
|
| 1479 |
$otp = sanitize_text_field($_POST['otp_token']);
|
| 1480 |
$otpToken = get_user_meta($user->ID,'mo2f_otp_token_wa',true);
|
| 1481 |
+
|
| 1482 |
$time = get_user_meta($user->ID,'mo2f_whatsapp_time',true);
|
| 1483 |
$accepted_time = time()-600;
|
| 1484 |
$time = (int)$time;
|
| 1505 |
{
|
| 1506 |
update_option( 'mo2f_message', 'Wrong OTP Please try again.' );
|
| 1507 |
$this->mo_auth_show_error_message();
|
| 1508 |
+
|
| 1509 |
}
|
| 1510 |
}
|
| 1511 |
}
|
| 1512 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_Telegram' ) { //validate otp over Telegram
|
| 1513 |
|
| 1514 |
$nonce = $_POST['mo2f_validate_otp_over_Telegram_nonce'];
|
| 1515 |
+
|
| 1516 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-Telegram-nonce' ) ) {
|
| 1517 |
$error = new WP_Error();
|
| 1518 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1522 |
|
| 1523 |
$otp = sanitize_text_field($_POST['otp_token']);
|
| 1524 |
$otpToken = get_user_meta($user->ID,'mo2f_otp_token',true);
|
| 1525 |
+
|
| 1526 |
$time = get_user_meta($user->ID,'mo2f_telegram_time',true);
|
| 1527 |
$accepted_time = time()-300;
|
| 1528 |
$time = (int)$time;
|
| 1549 |
{
|
| 1550 |
update_option( 'mo2f_message', 'Wrong OTP Please try again.' );
|
| 1551 |
$this->mo_auth_show_error_message();
|
| 1552 |
+
|
| 1553 |
}
|
| 1554 |
}
|
| 1555 |
}
|
| 1556 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_sms' ) { //validate otp over sms and phone call during test for all users
|
| 1557 |
|
| 1558 |
$nonce = $_POST['mo2f_validate_otp_over_sms_nonce'];
|
| 1559 |
+
|
| 1560 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-sms-nonce' ) ) {
|
| 1561 |
$error = new WP_Error();
|
| 1562 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1576 |
//if the php session folder has insufficient permissions, temporary options to be used
|
| 1577 |
$mo2f_transactionId = isset( $_SESSION['mo2f_transactionId'] ) && ! empty( $_SESSION['mo2f_transactionId'] ) ? $_SESSION['mo2f_transactionId'] : get_option( 'mo2f_transactionId' );
|
| 1578 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1579 |
+
$selected_2_2factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
|
| 1580 |
$customer = new Customer_Setup();
|
| 1581 |
$content = json_decode( $customer->validate_otp_token($selected_2_2factor_method , $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
| 1582 |
|
| 1603 |
}
|
| 1604 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_out_of_band_success' ) {
|
| 1605 |
$nonce = $_POST['mo2f_out_of_band_success_nonce'];
|
| 1606 |
+
|
| 1607 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-success-nonce' ) ) {
|
| 1608 |
$error = new WP_Error();
|
| 1609 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1619 |
{
|
| 1620 |
if($status != 1)
|
| 1621 |
{
|
| 1622 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_VER_REQ" ));
|
| 1623 |
+
$show = 0;
|
| 1624 |
+
$this->mo_auth_show_error_message();
|
| 1625 |
+
|
| 1626 |
}
|
| 1627 |
}
|
| 1628 |
}
|
| 1649 |
'mo2f_EmailVerification_config_status' => true
|
| 1650 |
) );
|
| 1651 |
if($show)
|
| 1652 |
+
$this->mo_auth_show_success_message();
|
| 1653 |
}
|
| 1654 |
|
| 1655 |
|
| 1656 |
}else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_out_of_band_error' ) { //push and out of band email denied
|
| 1657 |
+
$nonce = $_POST['mo2f_out_of_band_error_nonce'];
|
| 1658 |
+
|
| 1659 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-error-nonce' ) ) {
|
| 1660 |
$error = new WP_Error();
|
| 1661 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1674 |
}else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_google_authy_test' ) {
|
| 1675 |
|
| 1676 |
$nonce = sanitize_text_field($_POST['mo2f_validate_google_authy_test_nonce']);
|
| 1677 |
+
|
| 1678 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-google-authy-test-nonce' ) ) {
|
| 1679 |
$error = new WP_Error();
|
| 1680 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1692 |
}
|
| 1693 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1694 |
|
| 1695 |
+
$customer = new Customer_Setup();
|
| 1696 |
+
$content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $email, null, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
| 1697 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 1698 |
|
| 1699 |
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
|
| 1700 |
|
| 1717 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
|
| 1718 |
$this->mo_auth_show_error_message();
|
| 1719 |
|
| 1720 |
+
}
|
| 1721 |
}
|
| 1722 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_email' ) {
|
| 1723 |
$nonce = $_POST['mo2f_validate_otp_over_email_test_nonce'];
|
| 1724 |
+
|
| 1725 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-email-test-nonce' ) ) {
|
| 1726 |
$error = new WP_Error();
|
| 1727 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1739 |
}
|
| 1740 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1741 |
|
| 1742 |
+
$customer = new Customer_Setup();
|
| 1743 |
+
$txId = get_user_meta($user->ID,'Mo2fOtpOverEmailtxId');
|
| 1744 |
+
if($txId == '' or empty($txId))
|
| 1745 |
+
$txId = $_SESSION['mo2f_transactionId'];
|
| 1746 |
+
|
| 1747 |
+
$content = json_decode( $customer->validate_otp_token( 'OTP_OVER_EMAIL', $email, $txId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
| 1748 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 1749 |
|
| 1750 |
if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
|
| 1751 |
|
| 1752 |
if ( current_user_can( 'manage_options' ) ) {
|
| 1753 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
|
| 1754 |
delete_user_meta( $user->ID, 'configure_2FA');
|
| 1755 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Email','mo2f_OTPOverEmail_config_status'=>true ) );
|
| 1756 |
} else {
|
| 1757 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
|
| 1758 |
}
|
| 1770 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
|
| 1771 |
$this->mo_auth_show_error_message();
|
| 1772 |
|
| 1773 |
+
}
|
| 1774 |
}
|
| 1775 |
}else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_google_appname' ) {
|
| 1776 |
$nonce = sanitize_text_field($_POST['mo2f_google_appname_nonce']);
|
| 1777 |
+
|
| 1778 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-google-appname-nonce' ) ) {
|
| 1779 |
$error = new WP_Error();
|
| 1780 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1782 |
return $error;
|
| 1783 |
} else {
|
| 1784 |
|
| 1785 |
+
update_option('mo2f_google_appname',((isset($_POST['mo2f_google_auth_appname']) && $_POST['mo2f_google_auth_appname']!='') ? sanitize_text_field($_POST['mo2f_google_auth_appname']) : 'miniOrangeAu'));
|
| 1786 |
}
|
| 1787 |
|
| 1788 |
+
}else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_configure_google_authenticator_validate' ) {
|
| 1789 |
$nonce = sanitize_text_field($_POST['mo2f_configure_google_authenticator_validate_nonce']);
|
| 1790 |
+
|
| 1791 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-google-authenticator-validate-nonce' ) ) {
|
| 1792 |
$error = new WP_Error();
|
| 1793 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1799 |
|
| 1800 |
if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
|
| 1801 |
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1802 |
+
$twofactor_transactions = new Mo2fDB;
|
| 1803 |
+
$exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
|
| 1804 |
|
| 1805 |
+
if($exceeded){
|
| 1806 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
|
| 1807 |
+
$this->mo_auth_show_error_message();
|
| 1808 |
+
return;
|
| 1809 |
+
}
|
| 1810 |
+
$google_auth = new Miniorange_Rba_Attributes();
|
| 1811 |
+
$google_response = json_decode( $google_auth->mo2f_validate_google_auth( $email, $otpToken, $ga_secret ), true );
|
| 1812 |
|
| 1813 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 1814 |
+
if ( $google_response['status'] == 'SUCCESS' ) {
|
| 1815 |
+
$enduser = new Two_Factor_Setup();
|
| 1816 |
+
$response = json_decode( $enduser->mo2f_update_userinfo( $email, "GOOGLE AUTHENTICATOR", null, null, null ), true );
|
| 1817 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 1818 |
|
| 1819 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
| 1820 |
|
| 1821 |
+
delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
|
| 1822 |
|
| 1823 |
+
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 1824 |
|
| 1825 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 1826 |
+
'mo2f_GoogleAuthenticator_config_status' => true,
|
| 1827 |
+
'mo2f_AuthyAuthenticator_config_status' => false,
|
| 1828 |
+
'mo2f_configured_2FA_method' => "Google Authenticator",
|
| 1829 |
+
'user_registration_with_miniorange' => 'SUCCESS',
|
| 1830 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
|
| 1831 |
+
) );
|
| 1832 |
|
| 1833 |
+
update_user_meta( $user->ID, 'mo2f_external_app_type', "Google Authenticator" );
|
| 1834 |
+
mo2f_display_test_2fa_notification($user);
|
| 1835 |
// unset($_SESSION['secret_ga']);
|
| 1836 |
+
delete_user_meta($user->ID, 'mo2f_google_auth');
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1837 |
|
|
|
|
| 1838 |
} else {
|
| 1839 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
|
| 1840 |
$this->mo_auth_show_error_message();
|
| 1841 |
|
| 1842 |
}
|
| 1843 |
} else {
|
| 1844 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
|
| 1845 |
$this->mo_auth_show_error_message();
|
| 1846 |
|
| 1847 |
}
|
| 1848 |
} else {
|
| 1849 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) . '<br>3.' . Mo2fConstants::langTranslate( "SERVER_TIME_SYNC" ));
|
| 1850 |
$this->mo_auth_show_error_message();
|
| 1851 |
|
| 1852 |
}
|
| 1853 |
+
} else {
|
| 1854 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_USER" ) );
|
| 1855 |
+
$this->mo_auth_show_error_message();
|
| 1856 |
+
|
| 1857 |
+
}
|
| 1858 |
} else {
|
| 1859 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
|
| 1860 |
$this->mo_auth_show_error_message();
|
| 1863 |
}
|
| 1864 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator' ) {
|
| 1865 |
$nonce = $_POST['mo2f_configure_authy_authenticator_nonce'];
|
| 1866 |
+
|
| 1867 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-nonce' ) ) {
|
| 1868 |
$error = new WP_Error();
|
| 1869 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1890 |
}
|
| 1891 |
}else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator_validate' ) {
|
| 1892 |
$nonce = $_POST['mo2f_configure_authy_authenticator_validate_nonce'];
|
| 1893 |
+
|
| 1894 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-validate-nonce' ) ) {
|
| 1895 |
$error = new WP_Error();
|
| 1896 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 1961 |
return;
|
| 1962 |
}
|
| 1963 |
|
| 1964 |
+
$kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
|
| 1965 |
+
$kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
|
| 1966 |
+
$kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
|
| 1967 |
+
$kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
|
| 1968 |
+
$kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
|
| 1969 |
+
$kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
|
| 1970 |
|
| 1971 |
if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
|
| 1972 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
|
| 1973 |
+
$this->mo_auth_show_error_message();
|
| 1974 |
+
return;
|
| 1975 |
+
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1976 |
|
| 1977 |
+
if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
|
| 1978 |
+
update_option( 'mo2f_message', 'The questions you select must be unique.' );
|
| 1979 |
+
$this->mo_auth_show_error_message();
|
| 1980 |
+
return;
|
| 1981 |
+
}
|
| 1982 |
+
$kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
|
| 1983 |
+
$kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
|
| 1984 |
+
$kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
|
| 1985 |
+
|
| 1986 |
+
$kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
|
| 1987 |
+
$kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
|
| 1988 |
+
$kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
|
| 1989 |
+
|
| 1990 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 1991 |
+
$kba_registration = new Two_Factor_Setup();
|
| 1992 |
+
$kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
|
| 1993 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 1994 |
+
if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
|
| 1995 |
+
if ( isset( $_POST['mobile_kba_option'] ) && $_POST['mobile_kba_option'] == 'mo2f_request_for_kba_as_emailbackup' ) {
|
| 1996 |
+
MO2f_Utility::unset_session_variables( 'mo2f_mobile_support' );
|
| 1997 |
|
| 1998 |
+
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 1999 |
+
delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
|
| 2000 |
|
| 2001 |
+
$message = mo2f_lt( 'Your KBA as alternate 2 factor is configured successfully.' );
|
| 2002 |
+
update_option( 'mo2f_message', $message );
|
| 2003 |
+
$this->mo_auth_show_success_message();
|
| 2004 |
|
| 2005 |
+
} else {
|
| 2006 |
+
$enduser = new Two_Factor_Setup();
|
| 2007 |
+
$response = json_decode( $enduser->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
|
| 2008 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 2009 |
+
if ( $response['status'] == 'ERROR' ) {
|
| 2010 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
|
| 2011 |
+
$this->mo_auth_show_error_message();
|
| 2012 |
|
| 2013 |
+
} else if ( $response['status'] == 'SUCCESS' ) {
|
| 2014 |
+
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 2015 |
|
| 2016 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 2017 |
+
'mo2f_SecurityQuestions_config_status' => true,
|
| 2018 |
+
'mo2f_configured_2FA_method' => "Security Questions",
|
| 2019 |
+
'mo_2factor_user_registration_status' => "MO_2_FACTOR_PLUGIN_SETTINGS"
|
| 2020 |
+
) );
|
| 2021 |
// $this->mo_auth_show_success_message();
|
| 2022 |
+
mo2f_display_test_2fa_notification($user);
|
| 2023 |
|
| 2024 |
+
}else {
|
| 2025 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
|
| 2026 |
+
$this->mo_auth_show_error_message();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2027 |
|
|
|
|
| 2028 |
}
|
| 2029 |
} else {
|
| 2030 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
|
| 2031 |
$this->mo_auth_show_error_message();
|
| 2032 |
|
|
|
|
|
|
|
| 2033 |
}
|
| 2034 |
+
}
|
| 2035 |
+
} else {
|
| 2036 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
|
| 2037 |
+
$this->mo_auth_show_error_message();
|
| 2038 |
|
| 2039 |
|
| 2040 |
+
return;
|
| 2041 |
+
}
|
| 2042 |
+
} else {
|
| 2043 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
|
| 2044 |
+
$this->mo_auth_show_error_message();
|
| 2045 |
+
|
| 2046 |
+
|
| 2047 |
+
return;
|
| 2048 |
+
}
|
| 2049 |
|
| 2050 |
|
| 2051 |
}else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_kba_details' ) {
|
| 2052 |
$nonce = sanitize_text_field($_POST['mo2f_validate_kba_details_nonce']);
|
| 2053 |
+
|
| 2054 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-kba-details-nonce' ) ) {
|
| 2055 |
$error = new WP_Error();
|
| 2056 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2074 |
|
| 2075 |
$kbaAns = array();
|
| 2076 |
if(!MO2F_IS_ONPREM){
|
| 2077 |
+
$kbaAns[0] = $kba_questions[0]['question'];
|
| 2078 |
+
$kbaAns[1] = $kba_ans_1;
|
| 2079 |
+
$kbaAns[2] = $kba_questions[1]['question'];
|
| 2080 |
+
$kbaAns[3] = $kba_ans_2;
|
| 2081 |
}
|
| 2082 |
//if the php session folder has insufficient permissions, temporary options to be used
|
| 2083 |
// $mo2f_transactionId = isset( $_SESSION['mo2f_transactionId'] ) && ! empty( $_SESSION['mo2f_transactionId'] ) ? $_SESSION['mo2f_transactionId'] : get_option( 'mo2f_transactionId' );
|
| 2104 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Whatsapp_send_otp' ) { // sendin otp for configuring OTP over Whatsapp
|
| 2105 |
|
| 2106 |
$nonce = $_POST['mo2f_configure_otp_over_Whatsapp_send_otp_nonce'];
|
| 2107 |
+
|
| 2108 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Whatsapp-send-otp-nonce' ) ) {
|
| 2109 |
$error = new WP_Error();
|
| 2110 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2149 |
update_user_meta($user->ID,'mo2f_otp_token_wa',$otpToken);
|
| 2150 |
update_user_meta($user->ID,'mo2f_whatsapp_time',time());
|
| 2151 |
$url = 'https://api.callmebot.com/whatsapp.php?phone='.$verify_whatsappNum.'&text=Please+find+your+one+time+passcode:+'.$otpToken.'&apikey='.$verify_whatsappID;
|
| 2152 |
+
|
| 2153 |
$data = file_get_contents($url);
|
| 2154 |
if(strpos($data, 'Message queued') !== false)
|
| 2155 |
{
|
| 2161 |
{
|
| 2162 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your phone number and API key.');
|
| 2163 |
$this->mo_auth_show_error_message();
|
| 2164 |
+
|
| 2165 |
}
|
| 2166 |
}
|
| 2167 |
}
|
| 2169 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_send_otp' ) { // sendin otp for configuring OTP over Telegram
|
| 2170 |
|
| 2171 |
$nonce = $_POST['mo2f_configure_otp_over_Telegram_send_otp_nonce'];
|
| 2172 |
+
|
| 2173 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-send-otp-nonce' ) ) {
|
| 2174 |
$error = new WP_Error();
|
| 2175 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2199 |
}
|
| 2200 |
update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
|
| 2201 |
update_user_meta($user->ID,'mo2f_telegram_time',time());
|
| 2202 |
+
|
| 2203 |
$url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
|
| 2204 |
$postdata = array( 'mo2f_otp_token' => $otpToken,
|
| 2205 |
'mo2f_chatid' => $chatID
|
| 2208 |
$handle = curl_init();
|
| 2209 |
|
| 2210 |
curl_setopt_array($handle,
|
| 2211 |
+
array(
|
| 2212 |
+
CURLOPT_URL => $url,
|
| 2213 |
+
CURLOPT_POST => true,
|
| 2214 |
+
CURLOPT_POSTFIELDS => $postdata,
|
| 2215 |
+
CURLOPT_RETURNTRANSFER => true,
|
| 2216 |
+
CURLOPT_SSL_VERIFYHOST => FALSE,
|
| 2217 |
+
CURLOPT_SSL_VERIFYPEER => FALSE,
|
| 2218 |
+
)
|
| 2219 |
);
|
| 2220 |
|
| 2221 |
$data = curl_exec($handle);
|
| 2231 |
{
|
| 2232 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
|
| 2233 |
$this->mo_auth_show_error_message();
|
| 2234 |
+
|
| 2235 |
}
|
| 2236 |
|
| 2237 |
}
|
| 2239 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_send_otp' ) { // sendin otp for configuring OTP over SMS
|
| 2240 |
|
| 2241 |
$nonce = $_POST['mo2f_configure_otp_over_sms_send_otp_nonce'];
|
| 2242 |
+
|
| 2243 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-send-otp-nonce' ) ) {
|
| 2244 |
$error = new WP_Error();
|
| 2245 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2262 |
$currentMethod = "SMS";
|
| 2263 |
|
| 2264 |
$content = json_decode( $customer->send_otp_token( $phone, $currentMethod, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
|
| 2265 |
+
|
| 2266 |
if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate otp token */
|
| 2267 |
if ( $content['status'] == 'ERROR' ) {
|
| 2268 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
|
| 2274 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
| 2275 |
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
| 2276 |
if($mo2f_sms>0)
|
| 2277 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
|
| 2278 |
+
|
| 2279 |
$this->mo_auth_show_success_message();
|
| 2280 |
} else {
|
| 2281 |
update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
|
| 2290 |
}
|
| 2291 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Whatsapp_validate' ) {
|
| 2292 |
$nonce = $_POST['mo2f_configure_otp_over_Whatsapp_validate_nonce'];
|
| 2293 |
+
|
| 2294 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Whatsapp-validate-nonce' ) ) {
|
| 2295 |
$error = new WP_Error();
|
| 2296 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2326 |
if($accepted_time<$time){
|
| 2327 |
if(MO2F_IS_ONPREM)
|
| 2328 |
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Whatsapp',
|
| 2329 |
+
'mo2f_OTPOverWhatsapp_config_status' => true,
|
| 2330 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
|
| 2331 |
+
) );
|
| 2332 |
else
|
| 2333 |
+
{ $Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 2334 |
+
'mo2f_configured_2FA_method' => 'OTP Over Whatsapp',
|
| 2335 |
+
'user_registration_with_miniorange' => 'SUCCESS',
|
| 2336 |
+
'mo2f_OTPOverWhatsapp_config_status' => true,
|
| 2337 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
|
| 2338 |
+
) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2339 |
}
|
| 2340 |
+
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 2341 |
+
update_user_meta( $user->ID, 'mo2f_whatsapp_id',get_user_meta($user->ID,'mo2f_temp_whatsappID',true));
|
| 2342 |
+
update_user_meta( $user->ID, 'mo2f_whatsapp_num',get_user_meta($user->ID,'mo2f_temp_whatsapp_num',true));
|
| 2343 |
+
|
| 2344 |
+
delete_user_meta( $user->ID, 'mo2f_temp_whatsappID' );
|
| 2345 |
+
delete_user_meta( $user->ID, 'mo2f_temp_whatsapp_num' );
|
| 2346 |
+
|
| 2347 |
+
delete_user_meta( $user->ID, 'mo2f_otp_token_wa');
|
| 2348 |
+
delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
|
| 2349 |
+
mo2f_display_test_2fa_notification($user);
|
| 2350 |
+
update_option( 'mo2f_message','OTP Over Whatsapp is set as the second-factor. Enjoy the unlimited service.');
|
| 2351 |
+
$this->mo_auth_show_success_message();
|
| 2352 |
+
delete_user_meta($user->ID,'mo2f_whatsapp_time');
|
| 2353 |
}
|
| 2354 |
else
|
| 2355 |
+
{
|
| 2356 |
+
update_option( 'mo2f_message','OTP has been expired please reinitiate another transaction.');
|
| 2357 |
$this->mo_auth_show_error_message();
|
| 2358 |
+
delete_user_meta($user->ID,'mo2f_whatsapp_time');
|
| 2359 |
}
|
| 2360 |
+
}
|
| 2361 |
+
else
|
| 2362 |
+
{
|
| 2363 |
+
update_option( 'mo2f_message','Invalid OTP. Please try again.');
|
| 2364 |
+
$this->mo_auth_show_error_message();
|
| 2365 |
+
}
|
| 2366 |
|
| 2367 |
}}
|
| 2368 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_validate' ) {
|
| 2369 |
$nonce = $_POST['mo2f_configure_otp_over_Telegram_validate_nonce'];
|
| 2370 |
+
|
| 2371 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-validate-nonce' ) ) {
|
| 2372 |
$error = new WP_Error();
|
| 2373 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2403 |
if($accepted_time<$time){
|
| 2404 |
if(MO2F_IS_ONPREM)
|
| 2405 |
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
|
| 2406 |
+
'mo2f_OTPOverTelegram_config_status' => true,
|
| 2407 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
|
| 2408 |
+
) );
|
| 2409 |
else
|
| 2410 |
+
{ $Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 2411 |
+
'mo2f_configured_2FA_method' => 'OTP Over Telegram',
|
| 2412 |
+
'mo2f_OTPOverTelegram_config_status' => true,
|
| 2413 |
+
'user_registration_with_miniorange' => 'SUCCESS',
|
| 2414 |
+
'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
|
| 2415 |
+
) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2416 |
}
|
| 2417 |
+
delete_user_meta( $user->ID, 'configure_2FA' );
|
| 2418 |
+
update_user_meta( $user->ID, 'mo2f_chat_id',get_user_meta($user->ID,'mo2f_temp_chatID',true));
|
| 2419 |
+
|
| 2420 |
+
delete_user_meta( $user->ID, 'mo2f_temp_chatID' );
|
| 2421 |
+
|
| 2422 |
+
delete_user_meta( $user->ID, 'mo2f_otp_token');
|
| 2423 |
+
delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
|
| 2424 |
+
mo2f_display_test_2fa_notification($user);
|
| 2425 |
+
update_option( 'mo2f_message','OTP Over Telegram is set as the second-factor. Enjoy the unlimited service.');
|
| 2426 |
+
$this->mo_auth_show_success_message();
|
| 2427 |
+
delete_user_meta($user->ID,'mo2f_telegram_time');
|
| 2428 |
}
|
| 2429 |
else
|
| 2430 |
+
{
|
| 2431 |
+
update_option( 'mo2f_message','OTP has been expired please reinitiate another transaction.');
|
| 2432 |
$this->mo_auth_show_error_message();
|
| 2433 |
+
delete_user_meta($user->ID,'mo2f_telegram_time');
|
| 2434 |
}
|
| 2435 |
+
}
|
| 2436 |
+
else
|
| 2437 |
+
{
|
| 2438 |
+
update_option( 'mo2f_message','Invalid OTP. Please try again.');
|
| 2439 |
+
$this->mo_auth_show_error_message();
|
| 2440 |
+
}
|
| 2441 |
|
| 2442 |
}}
|
| 2443 |
else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_validate' ) {
|
| 2444 |
$nonce = $_POST['mo2f_configure_otp_over_sms_validate_nonce'];
|
| 2445 |
+
|
| 2446 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-validate-nonce' ) ) {
|
| 2447 |
$error = new WP_Error();
|
| 2448 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2553 |
}
|
| 2554 |
|
| 2555 |
}else if ( ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_free_plan_auth_methods' ) ) {// user clicks on Set 2-Factor method
|
| 2556 |
+
|
| 2557 |
+
$nonce = sanitize_text_field($_POST['miniorange_save_form_auth_methods_nonce']);
|
| 2558 |
if ( ! wp_verify_nonce( $nonce, 'miniorange-save-form-auth-methods-nonce' ) ) {
|
| 2559 |
$error = new WP_Error();
|
| 2560 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2561 |
return $error;
|
| 2562 |
} else {
|
| 2563 |
+
$configuredMethod = sanitize_text_field($_POST['mo2f_configured_2FA_method_free_plan']);
|
| 2564 |
+
$selectedAction = sanitize_text_field($_POST['mo2f_selected_action_free_plan']);
|
| 2565 |
|
| 2566 |
+
$cloud_methods = array('OTPOverSMS','miniOrangeQRCodeAuthentication','miniOrangePushNotification','miniOrangeSoftToken');
|
| 2567 |
|
| 2568 |
if($configuredMethod == 'OTPOverSMS')
|
| 2569 |
$configuredMethod = 'OTP Over SMS';
|
| 2570 |
|
| 2571 |
//limit exceed check
|
| 2572 |
+
$exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($user_id);
|
| 2573 |
+
|
| 2574 |
+
if($exceeded){
|
| 2575 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
|
| 2576 |
+
$this->mo_auth_show_error_message();
|
| 2577 |
+
return;
|
| 2578 |
+
}
|
| 2579 |
+
$selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
|
| 2580 |
+
$selected_2FA_method = sanitize_text_field($selected_2FA_method);
|
| 2581 |
+
$onprem_methods = array('Google Authenticator','Security Questions','OTP Over Telegram','OTP Over Whatsapp');
|
| 2582 |
+
$Mo2fdbQueries->insert_user( $user->ID );
|
| 2583 |
+
if(MO2F_IS_ONPREM && ! in_array($selected_2FA_method, $onprem_methods) ){
|
| 2584 |
+
foreach ($cloud_methods as $cloud_method) {
|
| 2585 |
+
$is_end_user_registered = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $cloud_method. '_config_status', $user->ID );
|
| 2586 |
+
if(!is_null($is_end_user_registered) && $is_end_user_registered == 1)
|
| 2587 |
+
break;
|
| 2588 |
+
}
|
| 2589 |
+
}else{
|
| 2590 |
+
$is_end_user_registered = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange', $user->ID ) ;
|
| 2591 |
+
}
|
| 2592 |
+
$is_customer_registered= false;
|
| 2593 |
+
|
| 2594 |
+
if(!MO2F_IS_ONPREM or $configuredMethod == 'miniOrangeSoftToken' or $configuredMethod == 'miniOrangeQRCodeAuthentication' or $configuredMethod == 'miniOrangePushNotification' or $configuredMethod == 'OTPOverSMS' or $configuredMethod == 'OTP Over SMS')
|
| 2595 |
+
$is_customer_registered = get_option('mo2f_api_key') ? true : false;
|
| 2596 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 2597 |
+
if(!isset($email) or is_null($email) or $email == '')
|
| 2598 |
+
{
|
| 2599 |
+
$email = $user->user_email;
|
| 2600 |
+
}
|
| 2601 |
+
$is_end_user_registered = $is_end_user_registered ? $is_end_user_registered : false;
|
| 2602 |
+
$allowed = false;
|
| 2603 |
+
if(get_option('mo2f_miniorange_admin'))
|
| 2604 |
$allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
|
| 2605 |
|
| 2606 |
if($is_customer_registered && !$is_end_user_registered and !$allowed){
|
| 2607 |
+
$enduser = new Two_Factor_Setup();
|
| 2608 |
+
$check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
|
| 2609 |
+
if(json_last_error() == JSON_ERROR_NONE){
|
| 2610 |
+
if($check_user['status'] == 'ERROR'){
|
| 2611 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
|
| 2612 |
+
$this->mo_auth_show_error_message();
|
| 2613 |
+
return;
|
| 2614 |
+
}
|
| 2615 |
+
else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2616 |
|
| 2617 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 2618 |
+
'user_registration_with_miniorange' =>'SUCCESS',
|
| 2619 |
+
'mo2f_user_email' =>$email
|
| 2620 |
+
) );
|
| 2621 |
+
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2622 |
|
| 2623 |
+
}
|
| 2624 |
+
else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
|
| 2625 |
+
|
| 2626 |
+
$content = json_decode($enduser->mo_create_user($user,$email), true);
|
| 2627 |
+
if(json_last_error() == JSON_ERROR_NONE) {
|
| 2628 |
+
if(strcasecmp($content['status'], 'SUCCESS') == 0) {
|
| 2629 |
+
update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
|
| 2630 |
+
$Mo2fdbQueries->update_user_details( $user->ID, array(
|
| 2631 |
+
'user_registration_with_miniorange' =>'SUCCESS',
|
| 2632 |
+
'mo2f_user_email' =>$email
|
| 2633 |
+
) );
|
| 2634 |
+
|
| 2635 |
+
}
|
| 2636 |
}
|
| 2637 |
|
| 2638 |
|
| 2639 |
+
}
|
| 2640 |
+
else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
|
| 2641 |
+
$mo2fa_login_message = __('The email associated with your account is already registered in miniOrange. Please Choose another email or contact miniOrange.','miniorange-2-factor-authentication');
|
| 2642 |
+
update_option('mo2f_message',$mo2fa_login_message);
|
| 2643 |
+
$this->mo_auth_show_error_message();
|
| 2644 |
+
}
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2645 |
|
| 2646 |
+
}
|
|
|
|
|
|
|
| 2647 |
|
| 2648 |
+
}
|
|
|
|
|
|
|
| 2649 |
|
| 2650 |
+
update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
|
| 2651 |
+
if(MO2F_IS_ONPREM)
|
| 2652 |
+
{
|
| 2653 |
+
if($selected_2FA_method == 'EmailVerification')
|
| 2654 |
+
$selected_2FA_method = 'Email Verification';
|
| 2655 |
+
if($selected_2FA_method == 'OTPOverEmail')
|
| 2656 |
+
$selected_2FA_method = 'OTP Over Email';
|
| 2657 |
+
if($selected_2FA_method == 'OTPOverSMS')
|
| 2658 |
+
$selected_2FA_method = 'OTP Over SMS';
|
| 2659 |
+
if($selected_2FA_method == 'OTPOverTelegram')
|
| 2660 |
+
$selected_2FA_method = 'OTP Over Telegram';
|
| 2661 |
+
if($selected_2FA_method == 'OTPOverWhatsapp')
|
| 2662 |
+
$selected_2FA_method = 'OTP Over Whatsapp';
|
| 2663 |
+
}
|
| 2664 |
+
|
| 2665 |
+
if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification' or $selected_2FA_method == 'OTP Over Whatsapp' or $selected_2FA_method == 'OTP Over Telegram'))
|
| 2666 |
+
$is_customer_registered = 1;
|
| 2667 |
+
|
| 2668 |
+
if ( $is_customer_registered ) {
|
| 2669 |
+
$selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
|
| 2670 |
+
$selected_2FA_method = sanitize_text_field($selected_2FA_method);
|
| 2671 |
+
$selected_action = isset( $_POST['mo2f_selected_action_free_plan'] ) ? $_POST['mo2f_selected_action_free_plan'] : $_POST['mo2f_selected_action_standard_plan'];
|
| 2672 |
+
$selected_action = sanitize_text_field($selected_action);
|
| 2673 |
+
$user_phone = '';
|
| 2674 |
+
if ( isset( $_SESSION['user_phone'] ) ) {
|
| 2675 |
+
$user_phone = $_SESSION['user_phone'] != 'false' ? $_SESSION['user_phone'] : $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
|
| 2676 |
+
}
|
| 2677 |
|
| 2678 |
+
// set it as his 2-factor in the WP database and server
|
| 2679 |
+
$enduser = new Customer_Setup();
|
| 2680 |
+
if($selected_2FA_method == 'OTPOverTelegram')
|
| 2681 |
+
$selected_2FA_method = 'OTP Over Telegram';
|
| 2682 |
+
if($selected_2FA_method == 'OTPOverWhatsapp')
|
| 2683 |
+
$selected_2FA_method = 'OTP Over Whatsapp';
|
| 2684 |
+
if ( $selected_action == "select2factor" ) {
|
| 2685 |
+
|
| 2686 |
+
if ( $selected_2FA_method == 'OTP Over SMS' && $user_phone == 'false' ) {
|
| 2687 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PHONE_NOT_CONFIGURED" ) );
|
| 2688 |
+
$this->mo_auth_show_error_message();
|
| 2689 |
+
} else {
|
| 2690 |
+
// update in the Wordpress DB
|
| 2691 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 2692 |
+
$customer_key = get_option( 'mo2f_customerKey' );
|
| 2693 |
+
$api_key = get_option( 'mo2f_api_key' );
|
| 2694 |
+
$customer = new Customer_Setup();
|
| 2695 |
+
$cloud_method1 = array('miniOrange QR Code Authentication','miniOrange Push Notification','miniOrange Soft Token');
|
| 2696 |
|
|
|
|
| 2697 |
$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
|
| 2698 |
|
| 2699 |
// update the server
|
| 2700 |
+
if(!MO2F_IS_ONPREM)
|
| 2701 |
+
$this->mo2f_save_2_factor_method( $user, $selected_2FA_method );
|
| 2702 |
+
if ( in_array( $selected_2FA_method, array(
|
| 2703 |
"miniOrange QR Code Authentication",
|
| 2704 |
"miniOrange Soft Token",
|
| 2705 |
"miniOrange Push Notification",
|
| 2712 |
"OTP Over SMS and Email",
|
| 2713 |
"Hardware Token"
|
| 2714 |
) ) ) {
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2715 |
|
| 2716 |
+
} else {
|
| 2717 |
+
update_site_option('mo2f_enable_2fa_prompt_on_login_page', 0 );
|
| 2718 |
+
}
|
| 2719 |
+
|
| 2720 |
+
}
|
| 2721 |
+
} else if ( $selected_action == "configure2factor" ) {
|
| 2722 |
|
| 2723 |
//show configuration form of respective Two Factor method
|
| 2724 |
+
update_user_meta( $user->ID, 'configure_2FA', 1 );
|
| 2725 |
+
update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
|
| 2726 |
+
}
|
| 2727 |
|
| 2728 |
+
} else {
|
| 2729 |
+
update_option("mo_2factor_user_registration_status","REGISTRATION_STARTED" );
|
| 2730 |
+
update_user_meta( $user->ID, 'register_account_popup', 1 );
|
| 2731 |
+
update_option( 'mo2f_message', '' );
|
| 2732 |
|
| 2733 |
+
}
|
| 2734 |
}
|
| 2735 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_for_users_option' ) {
|
| 2736 |
$nonce = $_POST['mo2f_enable_2FA_for_users_option_nonce'];
|
| 2737 |
+
|
| 2738 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-for-users-option-nonce' ) ) {
|
| 2739 |
$error = new WP_Error();
|
| 2740 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2745 |
}
|
| 2746 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_disable_proxy_setup_option' ) {
|
| 2747 |
$nonce = $_POST['mo2f_disable_proxy_setup_option_nonce'];
|
| 2748 |
+
|
| 2749 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-disable-proxy-setup-option-nonce' ) ) {
|
| 2750 |
$error = new WP_Error();
|
| 2751 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2761 |
}
|
| 2762 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_option' ) {
|
| 2763 |
$nonce = $_POST['mo2f_enable_2FA_option_nonce'];
|
| 2764 |
+
|
| 2765 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-option-nonce' ) ) {
|
| 2766 |
$error = new WP_Error();
|
| 2767 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2772 |
}
|
| 2773 |
// }else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_on_login_page_option' ) {
|
| 2774 |
// $nonce = $_POST['mo2f_enable_2FA_on_login_page_option_nonce'];
|
| 2775 |
+
|
| 2776 |
// if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-on-login-page-option-nonce' ) ) {
|
| 2777 |
// $error = new WP_Error();
|
| 2778 |
// $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 2805 |
if ( $selected_2FA_method == 'Security Questions' ) {
|
| 2806 |
|
| 2807 |
|
| 2808 |
+
$response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method_server, $customer_key, $api_key ), true );
|
| 2809 |
|
| 2810 |
+
if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate KBA Questions*/
|
| 2811 |
+
if ( $response['status'] == 'SUCCESS' ) {
|
| 2812 |
+
$_SESSION['mo2f_transactionId'] = $response['txId'];
|
| 2813 |
+
update_option( 'mo2f_transactionId', $response['txId'] );
|
| 2814 |
+
$questions = array();
|
| 2815 |
|
| 2816 |
+
$questions[0] = $response['questions'][0];
|
| 2817 |
+
$questions[1] = $response['questions'][1];
|
| 2818 |
// $_SESSION['mo_2_factor_kba_questions'] = $questions;
|
| 2819 |
+
update_user_meta($user->ID, 'mo_2_factor_kba_questions', $questions);
|
| 2820 |
// update_option( 'kba_questions', $questions );
|
| 2821 |
+
|
| 2822 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ANSWER_SECURITY_QUESTIONS" ) );
|
| 2823 |
+
$this->mo_auth_show_success_message();
|
| 2824 |
+
|
| 2825 |
+
} else if ( $response['status'] == 'ERROR' ) {
|
| 2826 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_FETCHING_QUESTIONS" ) );
|
| 2827 |
+
$this->mo_auth_show_error_message();
|
| 2828 |
+
|
| 2829 |
+
}
|
| 2830 |
+
} else {
|
| 2831 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_FETCHING_QUESTIONS" ) );
|
| 2832 |
+
$this->mo_auth_show_error_message();
|
| 2833 |
+
|
| 2834 |
+
}
|
| 2835 |
|
| 2836 |
|
| 2837 |
} else if ( $selected_2FA_method == 'miniOrange Push Notification' ) {
|
| 2891 |
update_user_meta($user->ID,'mo2f_whatsapp_time',time());
|
| 2892 |
|
| 2893 |
$url = 'https://api.callmebot.com/whatsapp.php?phone='.$whatsappNum.'&text=Please+find+your+one+time+passcode:+'.$otpToken.'&apikey='.$whatsappID;
|
| 2894 |
+
|
| 2895 |
$data = file_get_contents($url);
|
| 2896 |
if(strpos($data, 'Message queued') !== false)
|
| 2897 |
{
|
| 2903 |
{
|
| 2904 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your configuration.');
|
| 2905 |
$this->mo_auth_show_error_message();
|
| 2906 |
+
|
| 2907 |
}
|
| 2908 |
}
|
| 2909 |
}
|
| 2920 |
|
| 2921 |
update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
|
| 2922 |
update_user_meta($user->ID,'mo2f_telegram_time',time());
|
| 2923 |
+
|
| 2924 |
$url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
|
| 2925 |
$postdata = array( 'mo2f_otp_token' => $otpToken,
|
| 2926 |
'mo2f_chatid' => $chatID
|
| 2929 |
$handle = curl_init();
|
| 2930 |
|
| 2931 |
curl_setopt_array($handle,
|
| 2932 |
+
array(
|
| 2933 |
+
CURLOPT_URL => $url,
|
| 2934 |
+
CURLOPT_POST => true,
|
| 2935 |
+
CURLOPT_POSTFIELDS => $postdata,
|
| 2936 |
+
CURLOPT_RETURNTRANSFER => true,
|
| 2937 |
+
CURLOPT_SSL_VERIFYHOST => FALSE,
|
| 2938 |
+
CURLOPT_SSL_VERIFYPEER => FALSE,
|
| 2939 |
+
|
| 2940 |
+
)
|
| 2941 |
);
|
| 2942 |
|
| 2943 |
$data = curl_exec($handle);
|
| 2951 |
{
|
| 2952 |
update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
|
| 2953 |
$this->mo_auth_show_error_message();
|
| 2954 |
+
|
| 2955 |
}
|
| 2956 |
}
|
| 2957 |
+
else if ( $selected_2FA_method == 'OTP Over SMS' || $selected_2FA_method == 'OTP Over Email') {
|
| 2958 |
|
| 2959 |
$phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
|
| 2960 |
$check = 1;
|
| 2979 |
{
|
| 2980 |
$cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
|
| 2981 |
if($cmVtYWluaW5nT1RQ>0)
|
| 2982 |
+
update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
|
| 2983 |
}
|
| 2984 |
else if($selected_2FA_method == 'OTP Over SMS')
|
| 2985 |
{
|
| 2986 |
$mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
|
| 2987 |
if($mo2f_sms>0)
|
| 2988 |
+
update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
|
| 2989 |
+
|
| 2990 |
}
|
| 2991 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
|
| 2992 |
update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
|
| 3000 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP" ) );
|
| 3001 |
else
|
| 3002 |
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_ONPREM" ) );
|
| 3003 |
+
|
| 3004 |
$this->mo_auth_show_error_message();
|
| 3005 |
|
| 3006 |
}
|
| 3045 |
|
| 3046 |
}else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_go_back' ) {
|
| 3047 |
$nonce = $_POST['mo2f_go_back_nonce'];
|
| 3048 |
+
|
| 3049 |
if ( ! wp_verify_nonce( $nonce, 'mo2f-go-back-nonce' ) ) {
|
| 3050 |
$error = new WP_Error();
|
| 3051 |
$error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
|
| 3096 |
if ( $mo2f_register_with_another_email || $is_EC || $is_NNC ) {
|
| 3097 |
update_option( 'mo2f_register_with_another_email', 0 );
|
| 3098 |
$users = get_users( array() );
|
| 3099 |
+
$this->mo2f_delete_user_details( $users );
|
| 3100 |
$url = admin_url( 'plugins.php' );
|
| 3101 |
wp_redirect( $url );
|
| 3102 |
}
|
| 3119 |
function mo2f_show_email_page($email )
|
| 3120 |
{
|
| 3121 |
?>
|
| 3122 |
+
<div id="EnterEmailCloudVerification" class="modal">
|
| 3123 |
+
<!-- Modal content -->
|
| 3124 |
+
<div class="modal-content">
|
| 3125 |
+
<div class="modal-header">
|
| 3126 |
+
<h3 class="modal-title" style="text-align: center; font-size: 20px; color: #20b2aa">Email Address for miniOrange</h3><span id="closeEnterEmailCloud" class="modal-span-close">X</span>
|
| 3127 |
+
</div>
|
| 3128 |
+
<div class="modal-body" style="height: auto">
|
| 3129 |
+
<h2><i>Enter your Email: <input type ='email' id='emailEnteredCloud' name='emailEnteredCloud' size= '40' required value="<?php echo $email;?>"/></i></h2>
|
| 3130 |
+
</div>
|
| 3131 |
+
<div class="modal-footer">
|
| 3132 |
+
<button type="button" class="mo_wpns_button mo_wpns_button1 modal-button" id="save_entered_email_cloud">Save</button>
|
| 3133 |
+
</div>
|
| 3134 |
+
</div>
|
| 3135 |
+
</div>
|
| 3136 |
+
|
| 3137 |
+
|
| 3138 |
+
<script type="text/javascript">
|
| 3139 |
+
|
| 3140 |
+
jQuery('#EnterEmailCloudVerification').css('display', 'block');
|
| 3141 |
+
|
| 3142 |
+
jQuery('#closeEnterEmailCloud').click(function(){
|
| 3143 |
+
jQuery('#EnterEmailCloudVerification').css('display', 'none');
|
| 3144 |
+
|
| 3145 |
+
});
|
| 3146 |
+
|
| 3147 |
+
|
| 3148 |
+
</script>
|
| 3149 |
|
| 3150 |
<?php
|
| 3151 |
|
| 3284 |
if ( ! empty( $mo2f_customer_selected_plan ) ) {
|
| 3285 |
delete_option( 'mo2f_customer_selected_plan' );
|
| 3286 |
header( 'Location: admin.php?page=mo_2fa_upgrade' );
|
| 3287 |
+
} else {
|
| 3288 |
header( 'Location: admin.php?page=mo_2fa_two_fa' );
|
| 3289 |
}
|
| 3290 |
|
| 3301 |
}
|
| 3302 |
|
| 3303 |
public static function mo2f_get_GA_parameters($user){
|
| 3304 |
+
global $Mo2fdbQueries;
|
| 3305 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
|
| 3306 |
+
$google_auth = new Miniorange_Rba_Attributes();
|
| 3307 |
$gauth_name= get_option('mo2f_google_appname');
|
| 3308 |
$gauth_name = $gauth_name ? $gauth_name : 'miniOrangeAu';
|
| 3309 |
+
$google_response = json_decode( $google_auth->mo2f_google_auth_service( $email,$gauth_name ), true );
|
| 3310 |
+
if ( json_last_error() == JSON_ERROR_NONE ) {
|
| 3311 |
+
if ( $google_response['status'] == 'SUCCESS' ) {
|
| 3312 |
+
$mo2f_google_auth = array();
|
| 3313 |
+
$mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
|
| 3314 |
+
$mo2f_google_auth['ga_secret'] = $google_response['secret'];
|
| 3315 |
// $_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
|
| 3316 |
+
update_user_meta($user->ID, 'mo2f_google_auth', $mo2f_google_auth);
|
| 3317 |
+
}else {
|
| 3318 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
|
| 3319 |
+
do_action('mo_auth_show_error_message');
|
| 3320 |
+
}
|
| 3321 |
+
}else {
|
| 3322 |
+
update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
|
| 3323 |
+
do_action('mo_auth_show_error_message');
|
| 3324 |
+
|
| 3325 |
+
}
|
| 3326 |
+
}
|
| 3327 |
|
| 3328 |
function mo_auth_show_error_message() {
|
| 3329 |
do_action('wpns_show_message', get_option( 'mo2f_message' ), 'ERROR');
|
| 3479 |
|
| 3480 |
function miniorange_email_verification_call( $current_user ) {
|
| 3481 |
global $Mo2fdbQueries;
|
| 3482 |
+
$email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
|
| 3483 |
|
| 3484 |
+
if(MO2F_IS_ONPREM)
|
| 3485 |
{
|
| 3486 |
|
| 3487 |
$challengeMobile = new Customer_Setup();
|
| 3537 |
</tr>
|
| 3538 |
</tbody>
|
| 3539 |
</table>';
|
| 3540 |
+
$result = wp_mail($email,$subject,$message,$headers);
|
| 3541 |
if($result){
|
| 3542 |
$time = "time".$txid;
|
| 3543 |
$currentTimeInMillis = round(microtime(true) * 1000);
|
| 3548 |
update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
|
| 3549 |
$this->mo_auth_show_error_message();
|
| 3550 |
}
|
| 3551 |
+
|
| 3552 |
}
|
| 3553 |
else
|
| 3554 |
{
|
| 3581 |
}
|
| 3582 |
static function low_otp_alert( $auth_type) {
|
| 3583 |
global $Mo2fdbQueries;
|
| 3584 |
+
$email = get_option('mo2f_email')?get_option('mo2f_email'):get_option('admin_email');
|
| 3585 |
+
if(MO2F_IS_ONPREM)
|
| 3586 |
{
|
| 3587 |
$count=0;
|
| 3588 |
if($auth_type =="email"){
|
| 3589 |
$subject = 'Two Factor Authentication(Low Email Alert)';
|
| 3590 |
+
$count = get_site_option('cmVtYWluaW5nT1RQ')-1; //database value is updated after function call
|
| 3591 |
+
$string = 'Email';
|
| 3592 |
}
|
| 3593 |
else if($auth_type =="sms"){
|
| 3594 |
+
$subject = 'Two Factor Authentication(Low SMS Alert)';
|
| 3595 |
+
$count = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1; //database value is updated after function call
|
| 3596 |
$string = 'SMS';
|
| 3597 |
}
|
| 3598 |
$admin_url = network_site_url();
|
| 3599 |
+
$url = explode('/wp-admin/admin.php?page=mo_2fa_upgrade', $admin_url);
|
| 3600 |
+
$headers = array('Content-Type: text/html; charset=UTF-8');
|
| 3601 |
$headers[] = 'Cc: 2fasupport <2fasupport@xecurify.com>';
|
| 3602 |
$message = '<table cellpadding="25" style="margin:0px auto">
|
| 3603 |
<tbody>
|
| 3629 |
</tr>
|
| 3630 |
</tbody>
|
| 3631 |
</table>';
|
| 3632 |
+
$result = wp_mail($email,$subject,$message,$headers);
|
| 3633 |
if($result){
|
| 3634 |
$currentTimeInMillis = round(microtime(true) * 1000);
|
| 3635 |
update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
|
| 3636 |
+
|
| 3637 |
}
|
| 3638 |
+
|
| 3639 |
}
|
| 3640 |
|
| 3641 |
}
|
| 3642 |
+
function mo_auth_activate() {
|
| 3643 |
+
error_log(' miniOrange Two Factor Plugin Activated');
|
| 3644 |
|
| 3645 |
+
$get_encryption_key = MO2f_Utility::random_str(16);
|
| 3646 |
+
update_option('mo2f_encryption_key',$get_encryption_key);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3647 |
|
| 3648 |
+
if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
|
| 3649 |
+
update_option( 'mo2f_is_NC', 0 );
|
| 3650 |
+
} else {
|
| 3651 |
+
update_option( 'mo2f_is_NC', 1 );
|
| 3652 |
+
update_option( 'mo2f_is_NNC', 1 );
|
| 3653 |
+
}
|
| 3654 |
|
| 3655 |
+
do_action('mo2f_network_create_db');
|
|
|
|
|
|
|
|
|
|
| 3656 |
|
| 3657 |
+
update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
|
| 3658 |
+
update_option('mo2f_data_storage',null);
|
| 3659 |
+
global $Mo2fdbQueries;
|
| 3660 |
+
$Mo2fdbQueries->mo_plugin_activate();
|
| 3661 |
|
|
|
|
| 3662 |
|
| 3663 |
+
}
|
|
|
|
|
|
|
|
|
|
| 3664 |
|
| 3665 |
+
function mo_get_2fa_shorcode( $atts ) {
|
| 3666 |
+
if ( ! is_user_logged_in() && mo2f_is_customer_registered() ) {
|
| 3667 |
+
$mo2f_shorcode = new MO2F_ShortCode();
|
| 3668 |
+
$html = $mo2f_shorcode->mo2FAFormShortCode( $atts );
|
| 3669 |
+
|
| 3670 |
+
return $html;
|
| 3671 |
}
|
| 3672 |
+
}
|
| 3673 |
|
| 3674 |
+
function mo_get_login_form_shortcode( $atts ) {
|
| 3675 |
+
if ( ! is_user_logged_in() && mo2f_is_customer_registered() ) {
|
| 3676 |
+
$mo2f_shorcode = new MO2F_ShortCode();
|
| 3677 |
+
$html = $mo2f_shorcode->mo2FALoginFormShortCode( $atts );
|
| 3678 |
|
| 3679 |
+
return $html;
|
|
|
|
| 3680 |
}
|
| 3681 |
}
|
| 3682 |
+
}
|
| 3683 |
|
| 3684 |
function mo2f_is_customer_registered() {
|
| 3685 |
$email = get_option( 'mo2f_email' );
|
handler/twofa/two_fa_utility.php
CHANGED
|
@@ -668,6 +668,9 @@ class MO2f_Utility {
|
|
| 668 |
exit;
|
| 669 |
}
|
| 670 |
|
|
|
|
|
|
|
|
|
|
| 671 |
public static function mo2f_mail_and_download_codes(){
|
| 672 |
global $Mo2fdbQueries;
|
| 673 |
$codes=MO2f_Utility::mo_2f_generate_backup_codes();
|
| 668 |
exit;
|
| 669 |
}
|
| 670 |
|
| 671 |
+
|
| 672 |
+
|
| 673 |
+
|
| 674 |
public static function mo2f_mail_and_download_codes(){
|
| 675 |
global $Mo2fdbQueries;
|
| 676 |
$codes=MO2f_Utility::mo_2f_generate_backup_codes();
|
includes/images/christmas_offer.PNG
ADDED
|
Binary file
|
includes/images/santa-gif.gif
ADDED
|
Binary file
|
miniorange_2_factor_settings.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: miniOrange 2 Factor Authentication
|
| 4 |
* Plugin URI: https://miniorange.com
|
| 5 |
* Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
|
| 6 |
-
* Version: 5.4.
|
| 7 |
* Author: miniOrange
|
| 8 |
* Author URI: https://miniorange.com
|
| 9 |
* Text Domain: miniorange-2-factor-authentication
|
|
@@ -15,7 +15,7 @@
|
|
| 15 |
|
| 16 |
define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
|
| 17 |
|
| 18 |
-
define( 'MO2F_VERSION', '5.4.
|
| 19 |
define('MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
|
| 20 |
define( 'MO2F_TEST_MODE', false );
|
| 21 |
define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
|
| 3 |
* Plugin Name: miniOrange 2 Factor Authentication
|
| 4 |
* Plugin URI: https://miniorange.com
|
| 5 |
* Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
|
| 6 |
+
* Version: 5.4.31
|
| 7 |
* Author: miniOrange
|
| 8 |
* Author URI: https://miniorange.com
|
| 9 |
* Text Domain: miniorange-2-factor-authentication
|
| 15 |
|
| 16 |
define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
|
| 17 |
|
| 18 |
+
define( 'MO2F_VERSION', '5.4.31' );
|
| 19 |
define('MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
|
| 20 |
define( 'MO2F_TEST_MODE', false );
|
| 21 |
define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
|
readme.txt
CHANGED
|
@@ -6,7 +6,7 @@ Donate link: https://miniorange.com/
|
|
| 6 |
Requires at least: 3.0.1
|
| 7 |
Tested up to: 5.6
|
| 8 |
Requires PHP: 5.3.0
|
| 9 |
-
Stable tag: 5.4.
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
|
@@ -389,6 +389,11 @@ miniOrange authentication service has 15+ authentication methods.One time passco
|
|
| 389 |
|
| 390 |
== Changelog ==
|
| 391 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 392 |
= 5.4.30=
|
| 393 |
* Google Authenticator - Two Factor Authentication (2FA, OTP) :
|
| 394 |
* Feedback changes
|
|
@@ -986,6 +991,11 @@ More descriptive setup messages and UI changes.
|
|
| 986 |
|
| 987 |
== Upgrade Notice ==
|
| 988 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 989 |
= 5.4.30=
|
| 990 |
* Google Authenticator - Two Factor Authentication (2FA, OTP) :
|
| 991 |
* Feedback changes
|
| 6 |
Requires at least: 3.0.1
|
| 7 |
Tested up to: 5.6
|
| 8 |
Requires PHP: 5.3.0
|
| 9 |
+
Stable tag: 5.4.31
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
| 389 |
|
| 390 |
== Changelog ==
|
| 391 |
|
| 392 |
+
= 5.4.31=
|
| 393 |
+
* Google Authenticator - Two Factor Authentication (2FA, OTP) :
|
| 394 |
+
* OTP over Email as two factor fix
|
| 395 |
+
* Low Email transaction alert fix
|
| 396 |
+
|
| 397 |
= 5.4.30=
|
| 398 |
* Google Authenticator - Two Factor Authentication (2FA, OTP) :
|
| 399 |
* Feedback changes
|
| 991 |
|
| 992 |
== Upgrade Notice ==
|
| 993 |
|
| 994 |
+
= 5.4.31=
|
| 995 |
+
* Google Authenticator - Two Factor Authentication (2FA, OTP) :
|
| 996 |
+
* OTP over Email as two factor fix
|
| 997 |
+
* Low Email transaction alert fix
|
| 998 |
+
|
| 999 |
= 5.4.30=
|
| 1000 |
* Google Authenticator - Two Factor Authentication (2FA, OTP) :
|
| 1001 |
* Feedback changes
|
views/request_christmas_offer.php
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
<div class="mo_wpns_divided_layout">
|
| 2 |
+
<div class="mo_wpns_setting_layout mo2f_christmas_contact_us_layout">
|
| 3 |
+
<h3> Request For Christmas Offer : <div style="float: right;">
|
| 4 |
+
<?php
|
| 5 |
+
echo '<a class="mo_wpns_button mo_wpns_button1 mo2f_christmas_contact_us_button" href="'.$two_fa.'">Back</a>';
|
| 6 |
+
?>
|
| 7 |
+
</div></h3>
|
| 8 |
+
<form method="post">
|
| 9 |
+
<input type="hidden" name="option" value="mo_2FA_christmas_request_form" />
|
| 10 |
+
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce('mo2f-Request-christmas')?>">
|
| 11 |
+
<table cellpadding="4" cellspacing="4">
|
| 12 |
+
<tr>
|
| 13 |
+
<td><strong>Usecase : </strong></td>
|
| 14 |
+
<td>
|
| 15 |
+
<textarea type="text" name="mo_2FA_christmas_usecase" style="resize: vertical; width:350px; height:100px;" rows="4" placeholder="Write us about your usecase" required value=""></textarea>
|
| 16 |
+
</td>
|
| 17 |
+
|
| 18 |
+
|
| 19 |
+
</tr>
|
| 20 |
+
<tr>
|
| 21 |
+
<td>
|
| 22 |
+
</td>
|
| 23 |
+
|
| 24 |
+
</tr>
|
| 25 |
+
<tr>
|
| 26 |
+
<td><strong>Email ID : </strong></td>
|
| 27 |
+
<td><input required type="email" name="mo_2FA_christmas_email" placeholder="Email id" value="" /></td>
|
| 28 |
+
</tr>
|
| 29 |
+
|
| 30 |
+
</table>
|
| 31 |
+
<div style="padding-top: 10px;">
|
| 32 |
+
<input type="submit" name="submit" value="Submit Request" class="mo_wpns_button mo_wpns_button1 mo2f_christmas_contact_us_button" />
|
| 33 |
+
</div>
|
| 34 |
+
</form>
|
| 35 |
+
</div>
|
| 36 |
+
</div>
|
views/twofa/test/test_twofa_email_verification.php
CHANGED
|
@@ -54,6 +54,8 @@
|
|
| 54 |
{
|
| 55 |
$otpToken = isset($_SESSION['otpToken']) ? $_SESSION['otpToken'] : '';
|
| 56 |
$txid = isset($_SESSION["txid"]) ? $_SESSION["txid"] : '';
|
|
|
|
|
|
|
| 57 |
?>
|
| 58 |
<script type="text/javascript">
|
| 59 |
var timeout;
|
| 54 |
{
|
| 55 |
$otpToken = isset($_SESSION['otpToken']) ? $_SESSION['otpToken'] : '';
|
| 56 |
$txid = isset($_SESSION["txid"]) ? $_SESSION["txid"] : '';
|
| 57 |
+
|
| 58 |
+
|
| 59 |
?>
|
| 60 |
<script type="text/javascript">
|
| 61 |
var timeout;
|
