Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.37

Version Description

Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.37
Comparing to
See all releases

Code changes from version 5.4.36 to 5.4.37

Files changed (36) hide show
  1. api/Mo2f_OnPremRedirect.php +3 -3
  2. api/class-customer-common-setup.php +0 -1
  3. controllers/main_controller.php +3 -3
  4. controllers/twofa/mo2fa_common_login.php +4 -1
  5. controllers/twofa/mo2fa_inline_registration.php +31 -0
  6. controllers/twofa/two_factor_ajax.php +702 -12
  7. controllers/wpns-loginsecurity-ajax.php +22 -1
  8. handler/login.php +16 -5
  9. handler/twofa/class_miniorange_2fa_strong_password.php +1 -1
  10. handler/twofa/gaonprem.php +9 -1
  11. handler/twofa/setup_twofa.php +10 -8
  12. handler/twofa/two_fa_login.php +11 -8
  13. handler/twofa/two_fa_pass2login.php +45 -7
  14. handler/twofa/two_fa_settings.php +1077 -64
  15. handler/twofa/two_fa_utility.php +13 -4
  16. handler/user-profile-2fa-update.php +217 -0
  17. handler/user-profile-2fa.php +275 -0
  18. includes/css/hide-login-form.css +3 -0
  19. includes/css/style_settings.css +2 -4
  20. includes/css/upgrade.css +1 -1
  21. includes/css/user-profile.css +179 -0
  22. includes/js/mo2fa_elementor.js +122 -0
  23. includes/js/setup-wizard-2fa.js +7 -9
  24. includes/js/user-profile-twofa.js +191 -0
  25. miniorange_2_factor_settings.php +21 -3
  26. readme.txt +127 -71
  27. uninstall.php +6 -4
  28. views/twofa/setup/setup_duo_authenticator.php +3 -1
  29. views/twofa/setup/setup_google_authenticator.php +1 -0
  30. views/twofa/setup/setup_google_authenticator_onpremise.php +94 -1
  31. views/twofa/setup/setup_kba_questions.php +12 -10
  32. views/twofa/setup/setup_miniorange_authenticator.php +1 -1
  33. views/twofa/setup_twofa.php +2 -0
  34. views/twofa/two_fa.php +3 -2
  35. views/twofa/two_fa_login_option.php +117 -86
  36. views/twofa/two_fa_premium_feature.php +1 -1
api/Mo2f_OnPremRedirect.php CHANGED
@@ -68,7 +68,7 @@ class Mo2f_OnPremRedirect {
68
  return $content;
69
  case "EMAIL":
70
 
71
- case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser);
72
  return $content;
73
  case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
  return $content;
@@ -104,9 +104,9 @@ class Mo2f_OnPremRedirect {
104
  $content=$gauth_obj->verifyCode($secret, $otpToken);
105
  return $content;
106
  }
107
- function OnpremOTPOverEMail($current_user)
108
  {
109
- return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
110
  }
111
  function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
  {
68
  return $content;
69
  case "EMAIL":
70
 
71
+ case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
  return $content;
73
  case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
  return $content;
104
  $content=$gauth_obj->verifyCode($secret, $otpToken);
105
  return $content;
106
  }
107
+ function OnpremOTPOverEMail($current_user,$useremail=false)
108
  {
109
+ return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
  }
111
  function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
  {
api/class-customer-common-setup.php CHANGED
@@ -361,7 +361,6 @@ class Customer_Cloud_Setup {
361
 
362
 
363
  $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
364
-
365
  return $content;
366
  }
367
 
361
 
362
 
363
  $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
 
364
  return $content;
365
  }
366
 
controllers/main_controller.php CHANGED
@@ -8,9 +8,9 @@ include $controller . 'navbar.php';
8
  if(current_user_can('administrator'))
9
  {
10
 
11
- include $controller . 'newtork_security_features.php';
12
-
13
-
14
  if( isset( $_GET[ 'page' ]))
15
  {
16
  switch($_GET['page'])
8
  if(current_user_can('administrator'))
9
  {
10
 
11
+ include $controller . 'newtork_security_features.php';
12
+
13
+
14
  if( isset( $_GET[ 'page' ]))
15
  {
16
  switch($_GET['page'])
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -1107,7 +1107,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1107
  <?php
1108
  }
1109
 
1110
- function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ) {
1111
  global $Mo2fdbQueries,$moWpnsUtility;
1112
  $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1113
  $mo_wpns_config = new MoWpnsHandler();
@@ -1182,6 +1182,9 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1182
  <input type="hidden" name="option" value="miniorange_soft_token">
1183
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1184
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
 
 
 
1185
  </form>
1186
  <?php
1187
  $Kbaset = get_user_meta( $user_id ,'Security Questions' );
1107
  <?php
1108
  }
1109
 
1110
+ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ,$mo2fa_transaction_id = null ) {
1111
  global $Mo2fdbQueries,$moWpnsUtility;
1112
  $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1113
  $mo_wpns_config = new MoWpnsHandler();
1182
  <input type="hidden" name="option" value="miniorange_soft_token">
1183
  <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1184
  <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1185
+ <?php if($mo2fa_transaction_id!=null){ ?>
1186
+ <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1187
+ <?php }?>
1188
  </form>
1189
  <?php
1190
  $Kbaset = get_user_meta( $user_id ,'Security Questions' );
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -139,6 +139,13 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
139
  </label>
140
  <br>
141
  </span>
 
 
 
 
 
 
 
142
  <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
143
  <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
144
  <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
@@ -611,7 +618,31 @@ function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status
611
  function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
612
  $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
613
  $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
614
 
 
 
615
  ?>
616
  <html>
617
  <head> <meta charset="utf-8"/>
139
  </label>
140
  <br>
141
  </span>
142
+ <span class="<?php if( !(in_array("OTP OVER WHATSAPP", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
143
+ <label title="<?php echo __('You will get an OTP on your WHATSAPP app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
144
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER WHATSAPP" />
145
+ <?php echo __('OTP Over WHATSAPP', 'miniorange-2-factor-authentication'); ?>
146
+ </label>
147
+ <br>
148
+ </span>
149
  <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
150
  <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
151
  <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
618
  function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
619
  $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
620
  $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
621
+ global $Mo2fdbQueries;
622
+ if(empty($data)){
623
+ $user = get_user_by('ID',$current_user_id);
624
+ if(!MO2F_IS_ONPREM){
625
+ if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
626
+ Miniorange_Authentication::mo2f_get_GA_parameters($user);
627
+ }
628
+ $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
629
+ $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
630
+ $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
631
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $mo2f_google_auth['ga_secret']);
632
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
633
+ }else{
634
+ include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR . 'handler'.DIRECTORY_SEPARATOR . 'twofa'. DIRECTORY_SEPARATOR . 'gaonprem.php';
635
+ $gauth_obj = new Google_auth_onpremise();
636
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user->ID);
637
+ $onpremise_secret = $gauth_obj->createSecret();
638
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
639
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
640
+ $data = $url;
641
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $onpremise_secret);
642
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $url);
643
 
644
+ }
645
+ }
646
  ?>
647
  <html>
648
  <head> <meta charset="utf-8"/>
controllers/twofa/two_factor_ajax.php CHANGED
@@ -12,7 +12,6 @@ class mo_2f_ajax
12
  }
13
 
14
  function mo_two_factor_ajax(){
15
-
16
  $GLOBALS['mo2f_is_ajax_request'] = true;
17
  switch ($_POST['mo_2f_two_factor_ajax']) {
18
  case 'mo2f_ajax_login_redirect':
@@ -46,12 +45,630 @@ class mo_2f_ajax
46
  case 'mo2f_delete_log_file':
47
  $this->mo2f_delete_log_file();
48
  break;
49
- case 'select_method_setup_wizard':
50
- $this->select_method_setup_wizard();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
51
  break;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
52
  }
53
  }
54
- function select_method_setup_wizard()
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
55
  {
56
  global $Mo2fdbQueries;
57
  if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-select-method-setup-wizard'))
@@ -92,17 +709,90 @@ class mo_2f_ajax
92
  update_user_meta( $current_user->ID, 'configure_2FA', 1);
93
  wp_send_json("SUCCESS");
94
  }
95
- function mo2f_ajax_login_redirect()
96
- {
97
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
98
- {
99
- wp_send_json("ERROR");
 
100
  exit;
101
  }
102
- $username = sanitize_text_field($_POST['username']);
103
- $password = $_POST['password'];
104
- apply_filters( 'authenticate', null, $username, $password );
 
 
 
 
 
 
 
 
 
105
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
106
  function mo2f_save_custom_form_settings()
107
  {
108
 
12
  }
13
 
14
  function mo_two_factor_ajax(){
 
15
  $GLOBALS['mo2f_is_ajax_request'] = true;
16
  switch ($_POST['mo_2f_two_factor_ajax']) {
17
  case 'mo2f_ajax_login_redirect':
45
  case 'mo2f_delete_log_file':
46
  $this->mo2f_delete_log_file();
47
  break;
48
+ case 'select_method_setup_wizard':
49
+ $this->mo2f_select_method_setup_wizard();
50
+ break;
51
+ case 'mo_wpns_register_verify_customer':
52
+ $this->mo_wpns_register_verify_customer();
53
+ break;
54
+ case 'mo_2fa_configure_GA_setup_wizard':
55
+ $this->mo_2fa_configure_GA_setup_wizard();
56
+ break;
57
+ case 'mo_2fa_verify_GA_setup_wizard':
58
+ $this->mo_2fa_verify_GA_setup_wizard();
59
+ break;
60
+ case 'mo_2fa_configure_OTPOverSMS_setup_wizard':
61
+ $this->mo_2fa_configure_OTPOverSMS_setup_wizard();
62
+ break;
63
+ case 'mo_2fa_configure_OTPOverEmail_setup_wizard':
64
+ $this->mo_2fa_configure_OTPOverEmail_setup_wizard();
65
+ break;
66
+ case 'mo_2fa_verify_OTPOverEmail_setup_wizard':
67
+ $this->mo_2fa_verify_OTPOverEmail_setup_wizard();
68
+ break;
69
+ case 'mo_2fa_verify_OTPOverSMS_setup_wizard':
70
+ $this->mo_2fa_verify_OTPOverSMS_setup_wizard();
71
+ break;
72
+ case 'mo_2fa_configure_KBA_setup_wizard':
73
+ $this->mo_2fa_configure_KBA_setup_wizard();
74
+ break;
75
+ case 'mo_2fa_verify_KBA_setup_wizard':
76
+ $this->mo_2fa_verify_KBA_setup_wizard();
77
+ break;
78
+ case 'mo_2fa_send_otp_token':
79
+ $this->mo_2fa_send_otp_token();
80
+ break;
81
+ case "mo2f_set_otp_over_sms":
82
+ $this->mo2f_set_otp_over_sms(); break;
83
+ case "mo2f_set_miniorange_methods":
84
+ $this->mo2f_set_miniorange_methods(); break;
85
+ case "mo2f_set_GA":
86
+ $this->mo2f_set_GA(); break;
87
+ }
88
+ }
89
+ function mo_2fa_verify_KBA_setup_wizard()
90
+ {
91
+ global $Mo2fdbQueries;
92
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
93
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
94
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
95
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
96
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
97
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
98
+ $user = wp_get_current_user();
99
+ $this->mo2f_check_and_create_user($user->ID);
100
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
101
+ echo "Invalid Questions or Answers";
102
+ exit;
103
+ }
104
+ if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
105
+ echo "The questions you select must be unique.";
106
+ exit;
107
+ }
108
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
109
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
110
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
111
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
112
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
113
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
114
+ $email = $user->user_email;
115
+ $kba_registration = new Two_Factor_Setup();
116
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
117
+ 'mo2f_SecurityQuestions_config_status' => true,
118
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
119
+ 'mo2f_user_email' => $email
120
+ ));
121
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
122
+
123
+ if($kba_reg_reponse['status']=='SUCCESS')
124
+ {
125
+ echo "SUCCESS";
126
+ exit;
127
+ }
128
+ else
129
+ {
130
+ echo "An error has occured while saving KBA details. Please try again.";
131
+ exit;
132
+ }
133
+ }
134
+ function mo_2fa_send_otp_token()
135
+ {
136
+ $enduser = new Customer_Setup();
137
+ $email = sanitize_text_field($_POST['phone']);
138
+ $customer_key = get_site_option('mo2f_customerKey');
139
+ $api_key = get_site_option('mo2f_api_key');
140
+ $selected_2FA_method = sanitize_text_field($_POST['selected_2FA_method']);
141
+ $user_id = wp_get_current_user()->ID;
142
+
143
+ if($selected_2FA_method == 'OTP Over Email')
144
+ {
145
+ update_user_meta($user_id,'tempRegEmail',$email);
146
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
147
+ $emailErr = "Invalid email format";
148
+ echo $emailErr;
149
+ exit;
150
+ }
151
+ }
152
+ else if($selected_2FA_method == 'OTP Over SMS')
153
+ {
154
+
155
+ }
156
+ $content = $enduser->send_otp_token($email,$selected_2FA_method,$customer_key,$api_key);
157
+ $content = json_decode($content);
158
+
159
+ if($content->status =='SUCCESS')
160
+ {
161
+ echo 'SUCCESS';
162
+ update_user_meta($user_id,'txId',$content->txId);
163
+ update_user_meta($user_id,'tempRegPhone',$email);
164
+ exit;
165
+ }
166
+ else
167
+ echo "An error has occured while sending the OTP.";
168
+ exit;
169
+ }
170
+ function mo2f_check_and_create_user($user_id)
171
+ {
172
+ global $Mo2fdbQueries;
173
+ $twofactor_transactions = new Mo2fDB;
174
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
175
+ if($exceeded){
176
+ echo 'User Limit has been exceeded';
177
+ exit;
178
+ }
179
+ $Mo2fdbQueries->insert_user( $user_id );
180
+ }
181
+ function mo_2fa_verify_OTPOverSMS_setup_wizard()
182
+ {
183
+ global $Mo2fdbQueries;
184
+ $enduser = new Customer_Setup();
185
+ $current_user = wp_get_current_user();
186
+ $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
187
+ $user_id = wp_get_current_user()->ID;
188
+ $email = get_user_meta($user_id,'tempRegPhone',true);
189
+ $content = json_decode($enduser->validate_otp_token( 'SMS', null, get_user_meta($user_id,'txId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
190
+
191
+ if($content['status'] == 'SUCCESS')
192
+ {
193
+ $this->mo2f_check_and_create_user($user_id);
194
+ $Mo2fdbQueries->update_user_details( $user_id, array(
195
+ 'mo2f_OTPOverSMS_config_status' => true,
196
+ 'mo2f_configured_2FA_method' => "OTP Over SMS",
197
+ 'mo2f_user_phone' => $email,
198
+ 'user_registration_with_miniorange' => 'SUCCESS',
199
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
200
+ ) );
201
+ echo "SUCCESS";
202
+ }
203
+ else
204
+ {
205
+ echo "Invalid OTP";
206
+ }
207
+ exit;
208
+
209
+ }
210
+ function mo_2fa_verify_OTPOverEmail_setup_wizard()
211
+ {
212
+ global $Mo2fdbQueries;
213
+ $enduser = new Customer_Setup();
214
+ $current_user = wp_get_current_user();
215
+ $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
216
+ $user_id = wp_get_current_user()->ID;
217
+ $email = get_user_meta($user_id,'tempRegEmail',true);
218
+ $content = json_decode($enduser->validate_otp_token( 'OTP_OVER_EMAIL', null, get_user_meta($current_user->ID,'mo2f_transactionId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
219
+
220
+ if($content['status'] == 'SUCCESS')
221
+ {
222
+ $this->mo2f_check_and_create_user($user_id);
223
+ $Mo2fdbQueries->update_user_details( $user_id, array(
224
+ 'mo2f_OTPOverEmail_config_status' => true,
225
+ 'mo2f_configured_2FA_method' => "OTP Over Email",
226
+ 'mo2f_user_email' => $email,
227
+ 'user_registration_with_miniorange' => 'SUCCESS',
228
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
229
+ ) );
230
+ echo "SUCCESS";
231
+ }
232
+ else
233
+ {
234
+ echo "Invalid OTP";
235
+ }
236
+ exit;
237
+ }
238
+ function mo_2fa_verify_GA_setup_wizard()
239
+ {
240
+ global $Mo2fdbQueries;
241
+ $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
242
+ include_once $path;
243
+ $obj_google_auth = new Google_auth_onpremise();
244
+ $user_id = wp_get_current_user()->ID;
245
+ $otpToken = sanitize_text_field($_POST['mo2f_google_auth_code']);
246
+ $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
247
+ $secret= $obj_google_auth->mo_GAuth_get_secret($user_id);
248
+ if($session_id_encrypt){
249
+ $secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
250
+ }
251
+ $content = $obj_google_auth->verifyCode($secret, $otpToken);
252
+ $content = json_decode($content);
253
+ if($content->status== 'false')
254
+ echo "Invalid One time Passcode. Please enter again";
255
+ else
256
+ {
257
+ $obj_google_auth->mo_GAuth_set_secret($user_id,$secret);
258
+ $this->mo2f_check_and_create_user($user_id);
259
+ $Mo2fdbQueries->update_user_details( $user_id, array(
260
+ 'mo2f_GoogleAuthenticator_config_status' => true,
261
+ 'mo2f_AuthyAuthenticator_config_status' => false,
262
+ 'mo2f_configured_2FA_method' => "Google Authenticator",
263
+ 'user_registration_with_miniorange' => 'SUCCESS',
264
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
265
+ ) );
266
+
267
+ echo 'SUCCESS';
268
+ }
269
+ exit;
270
+ }
271
+ function mo_2fa_configure_GA_setup_wizard()
272
+ {
273
+ $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
274
+ include_once $path;
275
+ $obj_google_auth = new Google_auth_onpremise();
276
+ update_option('mo2f_google_appname',$_SERVER['SERVER_NAME']);
277
+ $res = $obj_google_auth->mo_GAuth_get_details(true);
278
+ return $res;
279
+ }
280
+ function mo_2fa_configure_OTPOverSMS_setup_wizard()
281
+ {
282
+ global $Mo2fdbQueries;
283
+ $user = wp_get_current_user();
284
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
285
+ $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
286
+ $session_id_encrypt = MO2f_Utility::random_str(20);
287
+
288
+ ?>
289
+ <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');?> </b></h4>
290
+ <form name="f" method="post" action="" id="mo2f_verifyphone_form">
291
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
292
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
293
+ <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
294
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
295
+
296
+ <div style="display:inline;">
297
+ <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px;" type="text" name="phone" id="phone"
298
+ value="<?php echo $user_phone ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
299
+ title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/><br>
300
+ <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
301
+ value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
302
+ </div>
303
+ </form>
304
+ <br>
305
+ <form name="f" method="post" action="" id="mo2f_validateotp_form">
306
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
307
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
308
+ <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
309
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
310
+ <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
311
+ <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px" autofocus="true" type="text" name="mo2f_otp_token" id="mo2f_otp_token"
312
+ placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
313
+ <br><br>
314
+ </form><br>
315
+
316
+ <?php
317
+ exit;
318
+ }
319
+ function mo_2fa_configure_OTPOverEmail_setup_wizard()
320
+ {
321
+ $session_id_encrypt = MO2f_Utility::random_str(20);
322
+ $user_email = wp_get_current_user()->user_email;
323
+ ?>
324
+ <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQ');?> </b></h4>
325
+ <form name="f" method="post" action="" id="mo2f_verifyemail_form">
326
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
327
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
328
+ <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
329
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" ) ?>"/>
330
+
331
+ <div style="display:inline;">
332
+ <b>Email Address: </b>
333
+ <input class="mo2f_table_textbox" style="width:280px;height: 30px;" type="email" name="verify_phone" id="phone"
334
+ value="<?php echo $user_email ?>"
335
+ title="<?php echo mo2f_lt( 'Enter your email address without any space or dashes' ); ?>"/><br><br>
336
+ <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
337
+ value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
338
+ </div>
339
+ </form>
340
+ <br><br>
341
+ <form name="f" method="post" action="" id="mo2f_validateotp_form">
342
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
343
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
344
+ <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
345
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" ) ?>"/>
346
+ <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
347
+ <input class="mo2f_table_textbox" style="width:200px;height: 30px;" autofocus="true" type="text" name="mo2f_otp_token" id ="mo2f_otp_token"
348
+ placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/></b>
349
+ <br><br>
350
+ </form><br>
351
+
352
+ <?php
353
+ exit;
354
+ }
355
+ function mo_2fa_configure_KBA_setup_wizard()
356
+ {
357
+ ?>
358
+ <div class="mo2f_kba_header"><?php echo mo2f_lt( 'Please choose 3 questions' ); ?></div>
359
+ <br>
360
+ <table cellspacing="10">
361
+ <tr class="mo2f_kba_header">
362
+ <th style="width: 10%;">
363
+ <?php echo mo2f_lt( 'Sr. No.' ); ?>
364
+ </th>
365
+ <th class="mo2f_kba_tb_data">
366
+ <?php echo mo2f_lt( 'Questions' ); ?>
367
+ </th>
368
+ <th>
369
+ <?php echo mo2f_lt( 'Answers' ); ?>
370
+ </th>
371
+ </tr>
372
+ <tr class="mo2f_kba_body">
373
+ <td>
374
+ <center>1.</center>
375
+ </td>
376
+ <td class="mo2f_kba_tb_data">
377
+ <select name="mo2f_kbaquestion_1" id="mo2f_kbaquestion_1" class="mo2f_kba_ques" required="true"
378
+ >
379
+ <option value="" selected="selected">
380
+ -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
381
+ -------------------------
382
+ </option>
383
+ <option id="mq1_1"
384
+ value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
385
+ <option id="mq2_1"
386
+ value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
387
+ <option id="mq3_1"
388
+ value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
389
+ <option id="mq4_1"
390
+ value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
391
+ <option id="mq5_1"
392
+ value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
393
+ <option id="mq6_1"
394
+ value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
395
+ <option id="mq7_1"
396
+ value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
397
+ <option id="mq8_1"
398
+ value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
399
+ <option id="mq9_1"
400
+ value="What is your grandmother's maiden name?"><?php echo mo2f_lt( "What is your grandmother's maiden name?" ); ?></option>
401
+ <option id="mq10_1"
402
+ value="What was your first vehicle's registration number?"><?php echo mo2f_lt( "What was your first vehicle's registration number?" ); ?></option>
403
+ </select>
404
+ </td>
405
+ <td style="text-align: end;">
406
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans1" id="mo2f_kba_ans1"
407
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
408
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true" autofocus="true"
409
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
410
+ </td>
411
+ </tr>
412
+ <tr class="mo2f_kba_body">
413
+ <td>
414
+ <center>2.</center>
415
+ </td>
416
+ <td class="mo2f_kba_tb_data">
417
+ <select name="mo2f_kbaquestion_2" id="mo2f_kbaquestion_2" class="mo2f_kba_ques" required="true"
418
+ >
419
+ <option value="" selected="selected">
420
+ -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
421
+ -------------------------
422
+ </option>
423
+ <option id="mq1_2"
424
+ value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
425
+ <option id="mq2_2"
426
+ value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
427
+ <option id="mq3_2"
428
+ value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
429
+ <option id="mq4_2"
430
+ value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
431
+ <option id="mq5_2"
432
+ value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
433
+ <option id="mq6_2"
434
+ value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
435
+ <option id="mq7_2"
436
+ value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
437
+ <option id="mq8_2"
438
+ value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
439
+ <option id="mq9_2"
440
+ value="What is your grandmother's maiden name?"><?php echo mo2f_lt( 'What is your grandmother\'s maiden name?' ); ?></option>
441
+ <option id="mq10_2"
442
+ value="What was your first vehicle's registration number?"><?php echo mo2f_lt( 'What was your first vehicle\'s registration number?' ); ?></option>
443
+ </select>
444
+ </td>
445
+ <td style="text-align: end;">
446
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans2" id="mo2f_kba_ans2"
447
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
448
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
449
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
450
+ </td>
451
+ </tr>
452
+ <tr class="mo2f_kba_body">
453
+ <td>
454
+ <center>3.</center>
455
+ </td>
456
+ <td class="mo2f_kba_tb_data">
457
+ <input class="mo2f_kba_ques" type="text" style="width: 100%;"name="mo2f_kbaquestion_3" id="mo2f_kbaquestion_3"
458
+ required="true"
459
+ placeholder="<?php echo mo2f_lt( 'Enter your custom question here' ); ?>"/>
460
+ </td>
461
+ <td style="text-align: end;">
462
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans3" id="mo2f_kba_ans3"
463
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
464
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
465
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
466
+ </td>
467
+ </tr>
468
+ </table>
469
+ <script type="text/javascript">
470
+ var mo_option_to_hide1;
471
+ //hidden element in dropdown list 2
472
+ var mo_option_to_hide2;
473
+
474
+ function mo_option_hide(list) {
475
+ //grab the team selected by the user in the dropdown list
476
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
477
+ //if an element is currently hidden, unhide it
478
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
479
+ mo_option_to_hide1.style.display = 'block';
480
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
481
+ mo_option_to_hide2.style.display = 'block';
482
+ }
483
+ //select the element to hide and then hide it
484
+ if (list == 1) {
485
+ if (list_selected != 0) {
486
+ mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
487
+ mo_option_to_hide2.style.display = 'none';
488
+ }
489
+ }
490
+ if (list == 2) {
491
+ if (list_selected != 0) {
492
+ mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
493
+ mo_option_to_hide1.style.display = 'none';
494
+ }
495
+ }
496
+ }
497
+
498
+
499
+ </script>
500
+
501
+ <?php
502
+ exit;
503
+ }
504
+
505
+ function mo2f_register_customer($post)
506
+ {
507
+ //validate and sanitize
508
+ global $moWpnsUtility, $Mo2fdbQueries;
509
+ $user = wp_get_current_user();
510
+ $email = sanitize_email($post['email']);
511
+ $company = $_SERVER["SERVER_NAME"];
512
+
513
+ $password = $post['password'];
514
+ $confirmPassword = $post['confirmPassword'];
515
+
516
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
517
+ {
518
+ return "Password length is less then expected";
519
+ }
520
+
521
+ if( $password != $confirmPassword )
522
+ {
523
+ return "Password and confirm Password does not match.";
524
+ }
525
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
526
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
527
+ {
528
+ return "Unknown Error has occured.";
529
+ }
530
+
531
+ update_option( 'mo2f_email', $email );
532
+
533
+ update_option( 'mo_wpns_company' , $company );
534
+
535
+ update_option( 'mo_wpns_password' , $password );
536
+
537
+ $customer = new MocURL();
538
+ $content = json_decode($customer->check_customer($email), true);
539
+ $Mo2fdbQueries->insert_user( $user->ID );
540
+
541
+ switch ($content['status'])
542
+ {
543
+ case 'CUSTOMER_NOT_FOUND':
544
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
545
+
546
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
547
+ {
548
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
549
+ update_option( 'mo2f_email', $email );
550
+ $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
551
+ $this->_get_current_customer($email,$password);
552
+ return "SUCCESS";
553
+ }
554
+
555
  break;
556
+ default:
557
+ $res = $this->_get_current_customer($email,$password);
558
+ if($res == "SUCCESS")
559
+ return $res;
560
+ return "Email is already registered in miniOrange. Please try to login to your account.";
561
+
562
+ }
563
+
564
+ }
565
+ function _verify_customer($post)
566
+ {
567
+ global $moWpnsUtility;
568
+ $email = sanitize_email( $post['email'] );
569
+ $password = sanitize_text_field( $post['password'] );
570
+
571
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
572
+ {
573
+ return "Username or Password is missing.";
574
+ }
575
+ return $this->_get_current_customer($email,$password);
576
+ }
577
+ function _get_current_customer($email,$password)
578
+ {
579
+ global $Mo2fdbQueries;
580
+ $user = wp_get_current_user();
581
+ $customer = new MocURL();
582
+ $content = $customer->get_customer_key($email, $password);
583
+ $customerKey = json_decode($content, true);
584
+ if(json_last_error() == JSON_ERROR_NONE)
585
+ {
586
+ if(isset($customerKey['phone'])){
587
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
588
+ }
589
+ update_option('mo2f_email',$email);
590
+
591
+ $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
592
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
593
+ $customerT = new Customer_Cloud_Setup();
594
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
595
+ if($content['status'] == 'SUCCESS')
596
+ {
597
+ update_site_option('mo2f_license_type','PREMIUM');
598
+ }
599
+ else
600
+ {
601
+ update_site_option('mo2f_license_type','DEMO');
602
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
603
+ }
604
+ if(isset($content['smsRemaining']))
605
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
606
+ else if($content['status'] =='SUCCESS')
607
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
608
+
609
+ if(isset($content['emailRemaining']))
610
+ {
611
+ if($content['emailRemaining']>30)
612
+ {
613
+ $currentTransaction = $content['emailRemaining'];
614
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
615
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
616
+ }
617
+ else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
618
+ {
619
+ update_site_option('cmVtYWluaW5nT1RQ',30);
620
+ }
621
+ }
622
+ return "SUCCESS";
623
+ }
624
+ else
625
+ {
626
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
627
+ update_option('mo_wpns_verify_customer', 'true');
628
+ delete_option('mo_wpns_new_registration');
629
+ return "Invalid Username or Password";
630
  }
631
  }
632
+
633
+
634
+ function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
635
+ {
636
+ global $Mo2fdbQueries;
637
+
638
+ $user = wp_get_current_user();
639
+ update_option( 'mo2f_customerKey' , $id );
640
+ update_option( 'mo2f_api_key' , $apiKey );
641
+ update_option( 'mo2f_customer_token' , $token );
642
+ update_option( 'mo2f_app_secret' , $appSecret );
643
+ update_option( 'mo_wpns_enable_log_requests' , true );
644
+ update_option( 'mo2f_miniorange_admin', $user->ID );
645
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
646
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
647
+
648
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
649
+ 'mo2f_user_email' => $email,
650
+ 'user_registration_with_miniorange' => 'SUCCESS'
651
+ ) );
652
+ $enduser = new Two_Factor_Setup();
653
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
654
+
655
+
656
+ delete_option( 'mo_wpns_verify_customer' );
657
+ delete_option( 'mo_wpns_registration_status' );
658
+ delete_option( 'mo_wpns_password' );
659
+ }
660
+
661
+ function mo_wpns_register_verify_customer()
662
+ {
663
+ $res ="";
664
+ if(isset($_POST['Login_and_Continue']) && $_POST['Login_and_Continue'] =='Login and Continue')
665
+ $res = $this->_verify_customer($_POST);
666
+
667
+ else
668
+ $res = $this->mo2f_register_customer($_POST);
669
+ wp_send_json($res);
670
+ }
671
+ function mo2f_select_method_setup_wizard()
672
  {
673
  global $Mo2fdbQueries;
674
  if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-select-method-setup-wizard'))
709
  update_user_meta( $current_user->ID, 'configure_2FA', 1);
710
  wp_send_json("SUCCESS");
711
  }
712
+ function mo2f_set_miniorange_methods(){
713
+ $nonce = sanitize_text_field($_POST['nonce']);
714
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
715
+ $error = new WP_Error();
716
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
717
+ wp_send_json_error($error);
718
  exit;
719
  }
720
+ global $Mo2fdbQueries;
721
+ $transient_id=sanitize_text_field($_POST['transient_id']);
722
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
723
+ if(empty($user_id)){
724
+ wp_send_json('UserIdNotFound');
725
+ }
726
+ $user = get_user_by('id',$user_id);
727
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
728
+ $otpToken=sanitize_text_field($_POST['code']);
729
+ $customer = new Customer_Setup();
730
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
731
+ wp_send_json($content);
732
  }
733
+ function mo2f_set_otp_over_sms(){
734
+ $nonce = sanitize_text_field($_POST['nonce']);
735
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
736
+ $error = new WP_Error();
737
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
738
+ wp_send_json_error($error);
739
+ exit;
740
+ }
741
+ global $Mo2fdbQueries;
742
+ $transient_id=sanitize_text_field($_POST['transient_id']);
743
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
744
+ if(empty($user_id)){
745
+ wp_send_json('UserIdNotFound');
746
+ }
747
+ $user = get_user_by('id',$user_id);
748
+ $new_phone = sanitize_text_field($_POST['phone']);
749
+ $new_phone = str_replace(' ','',$new_phone);
750
+ $Mo2fdbQueries->update_user_details($user_id, array("mo2f_user_phone" => $new_phone) );
751
+ $user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user_id );
752
+ wp_send_json($user_phone);
753
+ }
754
+ function mo2f_set_GA(){
755
+ $nonce = sanitize_text_field($_POST['nonce']);
756
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
757
+ $error = new WP_Error();
758
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
759
+ wp_send_json_error($error);
760
+ exit;
761
+ }
762
+ include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR.'handler'. DIRECTORY_SEPARATOR.'twofa'. DIRECTORY_SEPARATOR. 'gaonprem.php';
763
+ global $Mo2fdbQueries;
764
+ $transient_id=sanitize_text_field($_POST['transient_id']);
765
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
766
+ if(empty($user_id)){
767
+ wp_send_json('UserIdNotFound');
768
+ }
769
+ $google_auth = new Miniorange_Rba_Attributes();
770
+ $user = get_user_by('id',$user_id);
771
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
772
+ $otpToken = sanitize_text_field($_POST['code']);
773
+ $ga_secret = sanitize_text_field($_POST['ga_secret']);
774
+ if(MO2F_IS_ONPREM){
775
+ $gauth_obj = new Google_auth_onpremise();
776
+ $gauth_obj->mo_GAuth_set_secret($user_id, $ga_secret);
777
+ }else{
778
+
779
+ $google_auth = new Miniorange_Rba_Attributes();
780
+ $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, 'miniOrangeAu' ), true );
781
+ }
782
+ $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
783
+ wp_send_json($google_response['status']);
784
+ }
785
+ function mo2f_ajax_login_redirect()
786
+ {
787
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
788
+ {
789
+ wp_send_json("ERROR");
790
+ exit;
791
+ }
792
+ $username = sanitize_text_field($_POST['username']);
793
+ $password = $_POST['password'];
794
+ apply_filters( 'authenticate', null, $username, $password );
795
+ }
796
  function mo2f_save_custom_form_settings()
797
  {
798
 
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -4,7 +4,7 @@ class wpns_ajax
4
  function __construct(){
5
  //add comment here
6
  add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
-
8
  }
9
 
10
  function mo_login_security_ajax(){
@@ -25,6 +25,27 @@ class wpns_ajax
25
  $this->mo2f_ajax_otp(); break;
26
  }
27
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  function wpns_login_security(){
29
  switch($_POST['wpns_loginsecurity_ajax'])
30
  {
4
  function __construct(){
5
  //add comment here
6
  add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
+ add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
  }
9
 
10
  function mo_login_security_ajax(){
25
  $this->mo2f_ajax_otp(); break;
26
  }
27
  }
28
+ function mo2fa_elementor_ajax_fun()
29
+ {
30
+
31
+ if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
+ $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
+ wp_send_json('ERROR');
35
+ }
36
+ if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
+ {
38
+ $info = array();
39
+ $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
+ $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
+ $info['remember'] = false;
42
+ $user_signon = wp_signon($info, false);
43
+ if (is_wp_error($user_signon)) {
44
+ wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
+ }
46
+ }
47
+ }
48
+ }
49
  function wpns_login_security(){
50
  switch($_POST['wpns_loginsecurity_ajax'])
51
  {
handler/login.php CHANGED
@@ -35,7 +35,10 @@ class LoginHandler
35
 
36
  function mo_wpns_init()
37
  {
38
-
 
 
 
39
  global $moWpnsUtility,$mo2f_dirName;
40
  $WAFEnabled = get_option('WAFEnabled');
41
  $WAFLevel = get_option('WAF');
@@ -51,10 +54,6 @@ class LoginHandler
51
  {
52
  if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
53
  include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
54
- else
55
- {
56
- //UNable to find file. Please reconfigure.
57
- }
58
  }
59
  }
60
 
@@ -113,6 +112,18 @@ class LoginHandler
113
  }
114
 
115
  }
 
 
 
 
 
 
 
 
 
 
 
 
116
 
117
  function mo2f_IP_email_send()
118
  {
35
 
36
  function mo_wpns_init()
37
  {
38
+ add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
+ add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
+ add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
+ add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
  global $moWpnsUtility,$mo2f_dirName;
43
  $WAFEnabled = get_option('WAFEnabled');
44
  $WAFLevel = get_option('WAF');
54
  {
55
  if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
  include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
 
 
 
 
57
  }
58
  }
59
 
112
  }
113
 
114
  }
115
+ function twofa_on_user_profile( $user ) {
116
+ global $mo2f_dirName;
117
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
118
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
119
+ }
120
+ }
121
+ function user_two_factor_options_update( $user ) {
122
+ global $mo2f_dirName;
123
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
124
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
125
+ }
126
+ }
127
 
128
  function mo2f_IP_email_send()
129
  {
handler/twofa/class_miniorange_2fa_strong_password.php CHANGED
@@ -20,7 +20,7 @@ class class_miniorange_2fa_strong_password {
20
  }
21
  public static function validatePassword($errors, $update, $userData){
22
  $Users = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option');
23
- $UserRole = $_POST['role'];
24
  if(is_null($UserRole) and $Users == 'user')
25
  {
26
  return true;
20
  }
21
  public static function validatePassword($errors, $update, $userData){
22
  $Users = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option');
23
+ $UserRole = isset($_POST['role'])?sanitize_text_field($_POST['role']):NULL;
24
  if(is_null($UserRole) and $Users == 'user')
25
  {
26
  return true;
handler/twofa/gaonprem.php CHANGED
@@ -6,7 +6,7 @@ class Google_auth_onpremise{
6
 
7
  }
8
 
9
- function mo_GAuth_get_details()
10
  {
11
 
12
  $user=wp_get_current_user();
@@ -28,9 +28,17 @@ class Google_auth_onpremise{
28
  $email=$user->user_email;
29
  $otpcode=$this->getCode($secret_ga);
30
  $url=$this->geturl($secret_ga ,$issuer,$email);
 
 
31
  echo '<div class="mo2f_table_layout">';
32
  mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
33
  echo '</div>';
 
 
 
 
 
 
34
 
35
  }
36
 
6
 
7
  }
8
 
9
+ function mo_GAuth_get_details($setupWizard = false)
10
  {
11
 
12
  $user=wp_get_current_user();
28
  $email=$user->user_email;
29
  $otpcode=$this->getCode($secret_ga);
30
  $url=$this->geturl($secret_ga ,$issuer,$email);
31
+ if(!$setupWizard)
32
+ {
33
  echo '<div class="mo2f_table_layout">';
34
  mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
35
  echo '</div>';
36
+ }
37
+ else
38
+ {
39
+ mo2f_configure_google_authenticator_setupWizard($secret_ga ,$url,$otpcode, $session_id_encrypt);
40
+ }
41
+ exit;
42
 
43
  }
44
 
handler/twofa/setup_twofa.php CHANGED
@@ -81,10 +81,11 @@
81
 
82
  function mo2f_create_2fa_form( $user, $category, $auth_methods, $can_display_admin_features='' ) {
83
  global $Mo2fdbQueries;
 
84
  $miniorange_authenticator = array(
85
- "miniOrange QR Code Authentication",
86
- "miniOrange Soft Token",
87
- "miniOrange Push Notification",
88
  );
89
  $all_two_factor_methods = array(
90
  "miniOrange Authenticator",
@@ -385,7 +386,7 @@
385
  if($auth_method_abr == 'miniOrangeAuthenticator'){
386
  $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_miniOrangeSoftToken_config_status', $user->ID );
387
  }else{
388
- $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
389
  }
390
  if(($auth_method == 'OUT OF BAND EMAIL' or $auth_method == 'OTP Over Email') and !MO2F_IS_ONPREM )
391
  $is_auth_method_configured = 1;
@@ -449,15 +450,15 @@
449
  $form .= $can_user_configure_2fa_method ? "" : " disabled ";
450
  $form .= $show==1 ? "" : " disabled ";
451
  if($show == 1 and $is_auth_method_configured and $iscurrentMethod == 0){
452
- $form .= '>Set as 2-factor</button>
453
- </div>';
454
  }else{
455
  $form .= '
456
  </button>
457
  </div>';
 
458
  }
459
- }
460
-
461
  }
462
  else
463
  {
@@ -499,6 +500,7 @@
499
  <option value="miniOrangePushNotification">Push Notification</option>
500
  </select></div>
501
  <br><br>
 
502
  ';
503
  }
504
  $form .= '</div>';
81
 
82
  function mo2f_create_2fa_form( $user, $category, $auth_methods, $can_display_admin_features='' ) {
83
  global $Mo2fdbQueries;
84
+
85
  $miniorange_authenticator = array(
86
+ "miniOrange QR Code Authentication",
87
+ "miniOrange Soft Token",
88
+ "miniOrange Push Notification",
89
  );
90
  $all_two_factor_methods = array(
91
  "miniOrange Authenticator",
386
  if($auth_method_abr == 'miniOrangeAuthenticator'){
387
  $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_miniOrangeSoftToken_config_status', $user->ID );
388
  }else{
389
+ $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
390
  }
391
  if(($auth_method == 'OUT OF BAND EMAIL' or $auth_method == 'OTP Over Email') and !MO2F_IS_ONPREM )
392
  $is_auth_method_configured = 1;
450
  $form .= $can_user_configure_2fa_method ? "" : " disabled ";
451
  $form .= $show==1 ? "" : " disabled ";
452
  if($show == 1 and $is_auth_method_configured and $iscurrentMethod == 0){
453
+ $form .= '>Set as 2-factor</button>
454
+ </div>';
455
  }else{
456
  $form .= '
457
  </button>
458
  </div>';
459
+ }
460
  }
461
+
 
462
  }
463
  else
464
  {
500
  <option value="miniOrangePushNotification">Push Notification</option>
501
  </select></div>
502
  <br><br>
503
+
504
  ';
505
  }
506
  $form .= '</div>';
handler/twofa/two_fa_login.php CHANGED
@@ -338,20 +338,22 @@ class Miniorange_Mobile_Login {
338
  function mouserloginsubmit() {
339
  var username = jQuery('#mo2fa_usernamekey').val();
340
  var recap = jQuery('#g-recaptcha-response').val();
341
-
342
- document.getElementById("mo2f_show_qrcode_loginform").elements[0].value = username;
343
- document.getElementById("mo2f_show_qrcode_loginform").elements[1].value = recap;
344
 
345
- jQuery('#mo2f_show_qrcode_loginform').submit();
346
-
347
  }
348
 
349
  jQuery('#mo2fa_usernamekey').keypress(function (e) {
350
  if (e.which == 13) {//Enter key pressed
351
  e.preventDefault();
352
  var username = jQuery('#mo2fa_usernamekey').val();
353
- document.getElementById("mo2f_show_qrcode_loginform").elements[0].value = username;
354
- jQuery('#mo2f_show_qrcode_loginform').submit();
 
 
355
  }
356
 
357
  });
@@ -375,7 +377,7 @@ class Miniorange_Mobile_Login {
375
  <input type="hidden" id="sessids" name="session_id"
376
  value="<?php echo $session_id_encrypt; ?>"/>
377
  </form>
378
- <form name="f" id="mo2f_show_qrcode_loginform" method="post" action="" hidden>
379
  <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
380
  <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
381
  <input type="hidden" name="miniorange_login_nonce"
@@ -388,6 +390,7 @@ class Miniorange_Mobile_Login {
388
  var session_ids="<?php echo $session_id_encrypt; ?>";
389
  if (document.getElementById('loginform') != null) {
390
  jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
 
391
 
392
  }
393
  });
338
  function mouserloginsubmit() {
339
  var username = jQuery('#mo2fa_usernamekey').val();
340
  var recap = jQuery('#g-recaptcha-response').val();
341
+ if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
342
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
343
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[1].value = recap;
344
 
345
+ jQuery('#mo2fa-g-recaptcha-response-form').submit();
346
+ }
347
  }
348
 
349
  jQuery('#mo2fa_usernamekey').keypress(function (e) {
350
  if (e.which == 13) {//Enter key pressed
351
  e.preventDefault();
352
  var username = jQuery('#mo2fa_usernamekey').val();
353
+ if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
354
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
355
+ jQuery('#mo2fa-g-recaptcha-response-form').submit();
356
+ }
357
  }
358
 
359
  });
377
  <input type="hidden" id="sessids" name="session_id"
378
  value="<?php echo $session_id_encrypt; ?>"/>
379
  </form>
380
+ <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
  <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
  <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
  <input type="hidden" name="miniorange_login_nonce"
390
  var session_ids="<?php echo $session_id_encrypt; ?>";
391
  if (document.getElementById('loginform') != null) {
392
  jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
+ jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
 
395
  }
396
  });
handler/twofa/two_fa_pass2login.php CHANGED
@@ -906,8 +906,21 @@ class Miniorange_Password_2Factor_Login {
906
  }
907
  update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
908
  $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
 
 
 
 
 
 
 
 
 
 
 
 
 
909
  }else{
910
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
911
  }
912
  }else{
913
  $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
@@ -1723,6 +1736,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
1723
  $current_user = get_userdata($user_id);
1724
  //if the php session folder has insufficient permissions, cookies to be used
1725
  $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
 
1726
  MO2f_Utility::mo2f_debug_file('Transaction_id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1727
  if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1728
  $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
@@ -1816,7 +1830,6 @@ function check_miniorange_duo_push_validation_failed($POSTED){
1816
  $this->remove_current_activity($session_id_encrypt);
1817
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1818
  }
1819
-
1820
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1821
  update_option('mo2f_attempts_before_redirect', 3);
1822
  if ( get_option( 'mo2f_remember_device' ) ) {
@@ -1824,6 +1837,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
1824
  MO2f_Utility::mo2f_debug_file('Remember device flow'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1825
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1826
  } else {
 
1827
  if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1828
  {
1829
  $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS', 'mo2f_OTPOverEmail_config_status' => 1) );
@@ -1885,7 +1899,6 @@ function check_miniorange_duo_push_validation_failed($POSTED){
1885
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1886
  }
1887
  function miniorange_pass2login_redirect() {
1888
-
1889
  do_action('mo2f_network_init');
1890
  global $Mo2fdbQueries;
1891
 
@@ -2016,6 +2029,30 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2016
  }
2017
 
2018
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2019
  if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
2020
  {
2021
  $userIDGet = sanitize_text_field($_GET['userID']);
@@ -2325,7 +2362,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2325
  $session_path = ini_get('session.save_path');
2326
  if( is_writable($session_path) && is_readable($session_path) ) {
2327
  if(session_status() != PHP_SESSION_DISABLED )
2328
- session_start();
2329
  }
2330
  }
2331
  }
@@ -2386,7 +2423,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2386
  }
2387
  }
2388
 
2389
- function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt=null,$show_back_button =null ) {
2390
 
2391
  $login_status = $mo2fa_login_status;
2392
  $login_message = $mo2fa_login_message;
@@ -2406,7 +2443,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2406
  case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
2407
  $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2408
 
2409
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button );
2410
  exit;
2411
  break;
2412
  case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM':
@@ -3249,7 +3286,8 @@ function check_miniorange_duo_push_validation_failed($POSTED){
3249
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
3250
  $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
3251
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
3252
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 );
 
3253
  }
3254
  else
3255
  {
906
  }
907
  update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
908
  $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
909
+
910
+ //When user sets method of another admin from USers section.
911
+ if(!empty(get_user_meta($current_user->ID,'mo2fa_set_Authy_inline'))){
912
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
913
+ 'mo2f_GoogleAuthenticator_config_status' => false,
914
+ 'mo2f_AuthyAuthenticator_config_status' => true,
915
+ 'mo2f_configured_2FA_method' => "Authy Authenticator",
916
+ 'user_registration_with_miniorange' => 'SUCCESS',
917
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
918
+ ) );
919
+ update_user_meta( $current_user->ID, 'mo2f_external_app_type', "Authy Authenticator" );
920
+ delete_user_meta($current_user->ID ,'mo2fa_set_Authy_inline');
921
+ }
922
  }else{
923
+ $mo2fa_login_message = __('An error occured while setting up Google/Authy Authenticator. Please Try again.','miniorange-2-factor-authentication');
924
  }
925
  }else{
926
  $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
1736
  $current_user = get_userdata($user_id);
1737
  //if the php session folder has insufficient permissions, cookies to be used
1738
  $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1739
+ $mo2f_login_transaction_id = isset($_POST['mo2fa_transaction_id'])?sanitize_text_field($_POST['mo2fa_transaction_id']):MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1740
  MO2f_Utility::mo2f_debug_file('Transaction_id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1741
  if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1742
  $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1830
  $this->remove_current_activity($session_id_encrypt);
1831
  return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1832
  }
 
1833
  if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1834
  update_option('mo2f_attempts_before_redirect', 3);
1835
  if ( get_option( 'mo2f_remember_device' ) ) {
1837
  MO2f_Utility::mo2f_debug_file('Remember device flow'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1838
  $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1839
  } else {
1840
+ var_dump($mo2fa_login_status);
1841
  if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1842
  {
1843
  $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS', 'mo2f_OTPOverEmail_config_status' => 1) );
1899
  $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1900
  }
1901
  function miniorange_pass2login_redirect() {
 
1902
  do_action('mo2f_network_init');
1903
  global $Mo2fdbQueries;
1904
 
2029
  }
2030
 
2031
  }
2032
+ if(isset($_GET['reconfigureMethod'])){
2033
+ $userIDGet = isset($_GET['user_id'])?sanitize_text_field($_GET['user_id']):'';
2034
+ $txidGet = isset($_GET['transactionId'])?sanitize_text_field($_GET['transactionId']):'';
2035
+ $methodGet = isset($_GET['reconfigureMethod'])?sanitize_text_field($_GET['reconfigureMethod']):'';
2036
+ if(get_site_option($txidGet) && get_site_option($userIDGet)){
2037
+ $user_id = get_site_option($userIDGet);
2038
+ $method = get_site_option($methodGet);
2039
+ $Mo2fdbQueries->update_user_details( $user_id, array(
2040
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS',
2041
+ 'mo2f_configured_2FA_method' => $method
2042
+ ) );
2043
+ $is_Authy_configured = $Mo2fdbQueries->get_user_detail('mo2f_AuthyAuthenticator_config_status',$user_id);
2044
+ if($method == 'Google Authenticator' || $is_Authy_configured){
2045
+ update_user_meta($user_id,'mo2fa_set_Authy_inline',true);
2046
+ }
2047
+ }else{
2048
+ $head = "You are not authorized to perform this action";
2049
+ $body = "Please contact to your admin";
2050
+ $this->display_email_verification($head,$body,'red');
2051
+ exit();
2052
+ }
2053
+ delete_site_option($userIDGet);
2054
+ delete_site_option($txidGet);
2055
+ }
2056
  if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
2057
  {
2058
  $userIDGet = sanitize_text_field($_GET['userID']);
2362
  $session_path = ini_get('session.save_path');
2363
  if( is_writable($session_path) && is_readable($session_path) ) {
2364
  if(session_status() != PHP_SESSION_DISABLED )
2365
+ session_start();
2366
  }
2367
  }
2368
  }
2423
  }
2424
  }
2425
 
2426
+ function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt=null,$show_back_button =null ,$mo2fa_transaction_id =false ) {
2427
 
2428
  $login_status = $mo2fa_login_status;
2429
  $login_message = $mo2fa_login_message;
2443
  case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
2444
  $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2445
 
2446
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button ,$mo2fa_transaction_id );
2447
  exit;
2448
  break;
2449
  case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM':
3286
  update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
3287
  $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
3288
  $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
3289
+ $mo2fa_transaction_id = isset($response['txId'])?$response['txId']:null;
3290
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 ,$mo2fa_transaction_id);
3291
  }
3292
  else
3293
  {
handler/twofa/two_fa_settings.php CHANGED
@@ -469,6 +469,19 @@ class Miniorange_Authentication {
469
  private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $footer = '' ) {
470
 
471
  $contact_url = 'https://wordpress.org/plugins/miniorange-2-factor-authentication/';
 
 
 
 
 
 
 
 
 
 
 
 
 
472
  ?>
473
  <style type="text/css">
474
  #mo2f-setup-wizard-settings-area {
@@ -502,6 +515,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
502
  padding: 0 10px;
503
  }
504
 
 
505
  #mo2f-setup-wizard-settings-area .mo2f-setup-logo img {
506
  width: 100%;
507
  height: 100%;
@@ -519,7 +533,54 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
519
  box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
520
  padding: 20px 30px;
521
  }
522
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
523
  #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
524
  text-align: center;
525
  margin-top: 20px;
@@ -549,6 +610,40 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
549
  #mo2f-setup-error-js ul.info {
550
  margin: -10px 0 20px;
551
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
552
 
553
  #mo2f-setup-error-js a.button {
554
  display: inline-block;
@@ -582,7 +677,13 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
582
  font-weight: 300;
583
  text-align: left;
584
  }
585
-
 
 
 
 
 
 
586
  @media (min-width: 782px) {
587
  #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
588
  margin-top: 50px;
@@ -594,6 +695,36 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
594
  margin-top: 40px;
595
  padding: 52px 67px 49px;
596
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
597
 
598
  #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
599
  margin-top: 50px;
@@ -612,6 +743,9 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
612
  font-size: 18px;
613
  padding: 19px 39px;
614
  }
 
 
 
615
  .mo2f-setup-button.mo2f-setup-button-main:hover {
616
  background-color: #c45e1b;
617
  }
@@ -620,6 +754,305 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
620
  color: #fff;
621
  font-weight: 500;
622
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
623
  }
624
  </style>
625
  <!--[if IE]>
@@ -630,7 +1063,9 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
630
  </style>
631
 
632
  <![endif]-->
633
- <div id="mo2f-setup-wizard-settings-area" class="mo2f-setup-wizard-settings-area wpms-container">
 
 
634
  <header class="mo2f-setup-wizard-header">
635
  <h1 >
636
  <div>
@@ -643,7 +1078,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
643
  <div id="mo2f-setup-settings-error-loading-area">
644
  <div>
645
  <div id="mo2f-setup-error-js">
646
- <h3 style="text-align:center;"> Welcome to the 2FA Setup Wizard! </h3>
647
  <br>
648
  <p class="subtitle" style="text-align:center;" > This setup guide will take you through all the steps you need to follow to enable the two-factor authentication for your website.</p>
649
 
@@ -664,64 +1099,262 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
664
  </div>
665
  </div>
666
  <div id = "mo2f_methods_setup_wizard">
667
- <div id="mo2f-setup-settings-error-loading-area" style="width: 900px">
668
-
669
- <h3 style="text-align:center;"> Select the Authentication method you want to configure </h3>
670
- <br>
671
- <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
672
- <input type="radio" name="mo2f_selected_2factor_method" value="Google Authenticator" />
673
- <?php echo __('Google / Authy / Microsoft Authenticator (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
674
  </label>
675
- <br><br>
676
-
677
  <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
678
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP Over SMS" />
 
679
  <?php echo __('OTP Over SMS (Registration required)', 'miniorange-2-factor-authentication'); ?>
680
- </label>
681
- <br><br>
682
-
 
 
 
683
  <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
684
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP Over Email" />
 
685
  <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
 
686
  </label>
687
- <br><br>
688
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
689
  <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
690
- <input type="radio" name="mo2f_selected_2factor_method" value="Google Authenticator" />
 
691
  <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
 
692
  </label>
693
- <br><br>
694
-
 
695
  <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
696
- <input type="radio" name="mo2f_selected_2factor_method" value="Duo Authenticator" />
 
697
  <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
 
698
  </label>
699
- <br><br>
700
-
701
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
702
- <input type="radio" name="mo2f_selected_2factor_method" value="Security Questions" />
703
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
704
- </label>
705
- <br><br>
706
-
707
  <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
708
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP Over Telegram" />
 
709
  <?php echo __('OTP Over Telegram', 'miniorange-2-factor-authentication'); ?>
 
710
  </label>
711
- <br><br>
712
-
 
713
 
714
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>>>
715
  <br />
716
 
717
 
718
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
719
  </div>
720
  </div>
721
 
722
 
723
 
724
  <script type="text/javascript">
 
 
 
 
 
 
 
 
725
  jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
726
  jQuery("#mo2f_get_started").click(function(e){
727
  jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'none');
@@ -729,21 +1362,413 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
729
 
730
  });
731
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
732
  jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
 
 
733
  localStorage.setItem("last_tab", 'setup_2fa');
734
  var selectedMethod = jQuery(this).val();
735
  var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
736
  var nonce = "<?php echo wp_create_nonce( 'miniorange-select-method-setup-wizard' ); ?>";
737
 
738
- var data= { 'action':'mo_two_factor_ajax',
739
- 'mo_2f_two_factor_ajax' : 'select_method_setup_wizard',
740
- 'mo2f_method': selectedMethod,
741
- 'nonce': nonce };
742
-
743
- jQuery.post(ajax_url, data, function(response){
744
- window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
745
- });
746
-
 
 
 
747
  });
748
 
749
  jQuery('a[href="#skiptwofactor"]').click(function(e){
@@ -3148,18 +4173,6 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
3148
  } else {
3149
  update_option( 'mo2f_enable_2fa', isset( $_POST['mo2f_enable_2fa'] ) ? $_POST['mo2f_enable_2fa'] : 0 );
3150
  }
3151
- // }else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_on_login_page_option' ) {
3152
- // $nonce = $_POST['mo2f_enable_2FA_on_login_page_option_nonce'];
3153
-
3154
- // if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-on-login-page-option-nonce' ) ) {
3155
- // $error = new WP_Error();
3156
- // $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3157
-
3158
- // return $error;
3159
- // } else {
3160
- // if(!class_exists("UM_functions"))
3161
- // update_site_option('mo2f_enable_2fa_prompt_on_login_page', isset( $_POST['mo2f_enable_2fa_prompt_on_login_page'] ) ? $_POST['mo2f_enable_2fa_prompt_on_login_page'] : 0 );
3162
- // }
3163
  }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo_2factor_test_authentication_method' ) {
3164
  //network security feature
3165
  $nonce = $_POST['mo_2factor_test_authentication_method_nonce'];
@@ -3863,18 +4876,18 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
3863
  $url = get_site_option('siteurl').'/wp-login.php?'; //login page can change
3864
  $message = '<table cellpadding="25" style="margin:0px auto">
3865
  <tbody>
3866
- <tr>
3867
  <td>
3868
  <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
3869
  <tbody>
3870
- <tr>
3871
  <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
3872
  </tr>
3873
  </tbody>
3874
  </table>
3875
  <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
3876
  <tbody>
3877
- <tr>
3878
  <td>
3879
  <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
3880
  <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
@@ -3955,18 +4968,18 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
3955
  $headers[] = 'Cc: 2fasupport <2fasupport@xecurify.com>';
3956
  $message = '<table cellpadding="25" style="margin:0px auto">
3957
  <tbody>
3958
- <tr>
3959
  <td>
3960
  <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
3961
  <tbody>
3962
- <tr>
3963
  <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
3964
  </tr>
3965
  </tbody>
3966
  </table>
3967
  <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
3968
  <tbody>
3969
- <tr>
3970
  <td>
3971
  <p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
3972
  <p style="margin-top:0;margin-bottom:20px"> You are going to exhaust all your '.$string.'. You have only <b>'.$count.'</b> '.$string.' remaining. You can recharge or add '.$string.' to your account: <a href='.MoWpnsConstants::rechargeLink.'>Recharge</a></p>
469
  private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $footer = '' ) {
470
 
471
  $contact_url = 'https://wordpress.org/plugins/miniorange-2-factor-authentication/';
472
+ echo '<head>';
473
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
474
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
475
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/js/phone.js", dirname(dirname(__FILE__ ))).'"></script>';
476
+
477
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
478
+ // echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/twofa_style_settings.css', dirname(dirname(__FILE__))). '" />';
479
+ // echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
480
+
481
+
482
+ echo '</head>';
483
+
484
+
485
  ?>
486
  <style type="text/css">
487
  #mo2f-setup-wizard-settings-area {
515
  padding: 0 10px;
516
  }
517
 
518
+
519
  #mo2f-setup-wizard-settings-area .mo2f-setup-logo img {
520
  width: 100%;
521
  height: 100%;
533
  box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
534
  padding: 20px 30px;
535
  }
536
+ #mo2f-setup-settings-error-loading-area2 {
537
+ box-sizing: border-box;
538
+ max-width: 90%;
539
+ width: auto;
540
+ margin: 0 auto;
541
+ background: #fff;
542
+ border: 1px solid #DDDDDD;
543
+ border-radius: 6px;
544
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
545
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
546
+ padding: 20px 30px;
547
+ }
548
+ #mo2f-setup-settings-error-loading-area3 {
549
+ box-sizing: border-box;
550
+ max-width: 90%;
551
+ width: auto;
552
+ margin: 0 auto;
553
+ background: #fff;
554
+ border: 1px solid #DDDDDD;
555
+ border-radius: 6px;
556
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
557
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
558
+ padding: 20px 30px;
559
+ }
560
+ #mo2f-setup-settings-error-loading-area4 {
561
+ box-sizing: border-box;
562
+ max-width: 90%;
563
+ width: auto;
564
+ margin: 0 auto;
565
+ background: #fff;
566
+ border: 1px solid #DDDDDD;
567
+ border-radius: 6px;
568
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
569
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
570
+ padding: 20px 30px;
571
+ }
572
+ #mo2f-setup-settings-error-loading-area1 {
573
+ box-sizing: border-box;
574
+ max-width: 90%;
575
+ width: auto;
576
+ margin: 0 auto;
577
+ background: #fff;
578
+ border: 1px solid #DDDDDD;
579
+ border-radius: 6px;
580
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
581
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
582
+ padding: 20px 30px;
583
+ }
584
  #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
585
  text-align: center;
586
  margin-top: 20px;
610
  #mo2f-setup-error-js ul.info {
611
  margin: -10px 0 20px;
612
  }
613
+ .mo2f-input-radios-with-icons label {
614
+ width: 90%;
615
+ height: 40px;
616
+ color: #444;
617
+ border: 1px solid #ddd;
618
+ background: #fff;
619
+ border-radius: 3px;
620
+ font-size: 16px;
621
+ display: block;
622
+ margin-bottom: 20px;
623
+ padding: 24px 9px 9px 9px;
624
+ cursor: pointer
625
+ }
626
+
627
+ .mo2f-input-radios-with-icons label:hover {
628
+ border: 1px solid #999;
629
+ -webkit-box-shadow: 0 0 0 1px #999;
630
+ box-shadow: 0 0 0 1px #999
631
+ }
632
+
633
+ .mo2f-styled-radio {
634
+ width: 32px;
635
+ height: 32px;
636
+ position: relative;
637
+ display: inline-block;
638
+ border-radius: 50%;
639
+ background-color: #e6e6e6
640
+ float: left;
641
+ margin-top: -4px;
642
+ }
643
+ .mo_wpns_table_textbox {
644
+ width:100%;
645
+ height:30px;
646
+ }
647
 
648
  #mo2f-setup-error-js a.button {
649
  display: inline-block;
677
  font-weight: 300;
678
  text-align: left;
679
  }
680
+ table {
681
+ table-layout: fixed ;
682
+ width: 100% ;
683
+ }
684
+ td {
685
+ width: 48% ;
686
+ }
687
  @media (min-width: 782px) {
688
  #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
689
  margin-top: 50px;
695
  margin-top: 40px;
696
  padding: 52px 67px 49px;
697
  }
698
+ #mo2f-setup-settings-error-loading-area1 {
699
+ width: 650px;
700
+ margin-top: 40px;
701
+ padding: 52px 67px 49px;
702
+ }
703
+ #mo2f-setup-settings-error-loading-area2 {
704
+ width: 650px;
705
+ margin-top: 40px;
706
+ padding: 52px 67px 49px;
707
+ }
708
+ #mo2f-setup-settings-error-loading-area3 {
709
+ width: 650px;
710
+ margin-top: 40px;
711
+ padding: 52px 67px 49px;
712
+ }
713
+ #mo2f-setup-settings-error-loading-area4 {
714
+ width: 650px;
715
+ margin-top: 40px;
716
+ padding: 52px 67px 49px;
717
+ }
718
+ .mo2f-styled-radio {
719
+ width: 32px;
720
+ height: 32px;
721
+ position: relative;
722
+ display: inline-block;
723
+ border-radius: 50%;
724
+ background-color: #e6e6e6;
725
+ float: left;
726
+ margin-top: -4px;
727
+ }
728
 
729
  #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
730
  margin-top: 50px;
743
  font-size: 18px;
744
  padding: 19px 39px;
745
  }
746
+ .mo2f-styled-radio-text {
747
+ margin-left: 10px
748
+ }
749
  .mo2f-setup-button.mo2f-setup-button-main:hover {
750
  background-color: #c45e1b;
751
  }
754
  color: #fff;
755
  font-weight: 500;
756
  }
757
+ .mo2f-setup-wizard-timeline {
758
+ -webkit-box-align: center;
759
+ -ms-flex-align: center;
760
+ align-items: center;
761
+ display: -webkit-box;
762
+ display: -ms-flexbox;
763
+ display: flex;
764
+ margin: 41px auto 0;
765
+ max-width: 650px;
766
+ padding: 0 20px
767
+ }
768
+
769
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line {
770
+ background: #ddd;
771
+ height: 2px;
772
+ margin: 0 6px;
773
+ width: 100%
774
+ }
775
+
776
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line.mo2f-setup-wizard-timeline-line-active {
777
+ background: #6aa08b
778
+ }
779
+
780
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step {
781
+ border: none;
782
+ background-color: #b6b6b6;
783
+ border-radius: 50%;
784
+ -ms-flex-negative: 0;
785
+ flex-shrink: 0;
786
+ height: 16px;
787
+ width: 16px
788
+ }
789
+
790
+ .mo2f-setup-wizard-step-footer {
791
+ display: block;
792
+ text-align: center;
793
+ min-height: 110px;
794
+ padding: 0 20px;
795
+ margin-top: 30px
796
+ }
797
+ .popup_text
798
+ {
799
+ color:black;
800
+ margin-top: 2%;
801
+ font-weight: 600;
802
+ font-size: 12px !important;
803
+ }
804
+ .overlay{
805
+ position: fixed;
806
+ top: 0;
807
+ left: 0;
808
+ right: 0;
809
+ bottom: 0;
810
+ width: 100%;
811
+ height: 100%;
812
+ background: #000;
813
+ opacity: .5;
814
+ z-index: 0;
815
+ }
816
+ .overlay_success {
817
+ width: min-content;
818
+ height: 40px;
819
+ float: left;
820
+ z-index: 1;
821
+ top: 0;
822
+ right: 0;
823
+ text-align: center;
824
+ margin-bottom: 4%
825
+ background-color:#bcffb4 !important ;
826
+ /* overflow-x: hidden; */
827
+ background: #b1ffb1;
828
+ border-left: 4px solid #46b450;
829
+ }
830
+ .overlay_error {
831
+ width: min-content;
832
+ height: min-content;
833
+ padding-bottom: 1%;
834
+ float: left;
835
+ z-index: 1;
836
+ top: 0;
837
+ right: 0;
838
+ margin-bottom: 4%;
839
+ text-align: center;
840
+ background-color:bisque !important ;
841
+ /* overflow-x: hidden; */
842
+ border-left: 4px solid red;
843
+ }
844
+
845
+ .mo2f-setup-wizard-step-footer a {
846
+ font-size: 14px;
847
+ display: block;
848
+ color: #999;
849
+ margin: 20px 0
850
+ }
851
+
852
+ .mo2f-setup-wizard-step-footer a:active,
853
+ .mo2f-setup-wizard-step-footer a:hover {
854
+ color: #777;
855
+ text-decoration: underline
856
+ }
857
+
858
+
859
+ .mo2f-button.mo2f-button-main {
860
+ background-color: #e27730;
861
+ color: #fff;
862
+ font-weight: 500;
863
+ -webkit-box-flex: 11;
864
+ -ms-flex: 11;
865
+ flex: 11;
866
+ padding: 12px 25px;
867
+ font-size: 16px;
868
+ }
869
+
870
+ .mo2f-button.mo2f-button-main:focus,
871
+ .mo2f-button.mo2f-button-main:hover {
872
+ background-color: #c45e1b
873
+ }
874
+
875
+ .mo2f-button.mo2f-button-main:disabled {
876
+ opacity: .65;
877
+ cursor: not-allowed;
878
+ background-color: #e27730;
879
+ -webkit-box-flex: 11;
880
+ -ms-flex: 11;
881
+ flex: 11;
882
+ margin-right: 30px
883
+ }
884
+
885
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step .icon {
886
+ display: none
887
+ }
888
+
889
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-active,
890
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed {
891
+ background-color: #6aa08b;
892
+ position: relative
893
+ }
894
+
895
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed {
896
+ background-color: #d83638;
897
+ position: relative
898
+ }
899
+
900
+ .mo2f-step-show{
901
+ margin: 0 0 16px;
902
+ font-size: 14px;
903
+ line-height: 18px;
904
+ color: #b6b6b6;
905
+ }
906
+ .mo2f_table_textbox {
907
+ width: 200px;
908
+ height: 20px !important;
909
+ font-size: 14px !important;
910
+ }
911
+ .mo2f_table_textbox_phone {
912
+ width: 200px;
913
+ height: 40px !important;
914
+ font-size: 14px !important;
915
+ }
916
+ .mo2f_kba_ques {
917
+ width: 394px !important;
918
+ border-radius: 4px !important;
919
+ height: 40px !important;
920
+ font-size: 14px !important;
921
+ }
922
+
923
+ .mo2f_kba_tb_data {
924
+ padding-left: 15px;
925
+ }
926
+
927
+ .mo2f_kba_table {
928
+ padding: 0 10px;
929
+ width: 100%;
930
+ }
931
+ .mo2f_kba_body {
932
+ border: hidden !important;
933
+ }
934
+
935
+
936
+ .mo2f_table_textbox_KBA {
937
+ width: 200px;
938
+ height: 40px !important;
939
+ font-size: 14px !important;
940
+ }
941
+
942
+
943
+ .mo2f_kba_header {
944
+ font-weight: bold;
945
+ }
946
+
947
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed .icon-success,
948
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed .icon-failed {
949
+ color: #fff;
950
+ display: block;
951
+ position: absolute;
952
+ left: 3px;
953
+ top: 3px
954
+ }
955
+ .mo2f-setup-wizard-step-footer {
956
+ display: -webkit-box;
957
+ display: -ms-flexbox;
958
+ display: flex;
959
+ -webkit-box-pack: justify;
960
+ -ms-flex-pack: justify;
961
+ justify-content: space-between;
962
+ -webkit-box-align: center;
963
+ -ms-flex-align: center;
964
+ align-items: center;
965
+ padding: 0;
966
+ margin-top: 0
967
+ }
968
+ .mo2f_blur {
969
+ filter: blur(5px);
970
+ -webkit-filter: blur(5px);
971
+ -moz-filter: blur(5px);
972
+ -o-filter: blur(5px);
973
+ -ms-filter: blur(5px);
974
+ }
975
+ .mo2f_loader {
976
+ border: 16px solid #b9acac;
977
+ border-radius: 50%;
978
+ border-top: 16px solid #fb540b;
979
+ width: 50px;
980
+ height: 50px;
981
+ -webkit-animation: spin 2s linear infinite; /* Safari */
982
+ animation: spin 2s linear infinite;
983
+ position: fixed;
984
+ left: 50%;
985
+ top: 50%;
986
+ z-index: 100;
987
+ }
988
+
989
+ /* Safari */
990
+ @-webkit-keyframes spin {
991
+ 0% { -webkit-transform: rotate(0deg); }
992
+ 100% { -webkit-transform: rotate(360deg); }
993
+ }
994
+
995
+ @keyframes spin {
996
+ 0% { transform: rotate(0deg); }
997
+ 100% { transform: rotate(360deg); }
998
+ }
999
+ .mo2f-setup-wizard-step-footer-buttons {
1000
+ margin-bottom: 0;
1001
+ }
1002
+ .mo2f-setup-wizard-step-footer-buttons button {
1003
+ margin-bottom: 0;
1004
+ margin-right: 15px;
1005
+ width: inherit
1006
+ }
1007
+ .miniorange_button
1008
+ {
1009
+ background:#00A0D2!important;
1010
+ border-color:#0073AA!important;
1011
+ box-shadow:0 1px 0 rgba(120,200,230,.5) inset,0 1px 0 rgba(0,0,0,.15)!important;
1012
+ color:#FFF!important;
1013
+ text-decoration:none!important;
1014
+ cursor:pointer!important;
1015
+ border-width:1px!important;
1016
+ border-style:solid!important;
1017
+ border-radius:3px!important;
1018
+ white-space:nowrap!important;
1019
+ box-sizing:border-box!important;
1020
+ line-height:28px!important;
1021
+ padding:0 12px!important;
1022
+ font-size:13px!important;
1023
+ }
1024
+
1025
+
1026
+ .mo2f_IR_phone_OTP{
1027
+ font-size:15px;
1028
+ width:150px !important;
1029
+ color:#212F3C;
1030
+ border:none;
1031
+ display:block;
1032
+ border-bottom-style: solid;
1033
+ border-width: 2px;
1034
+ border-color:#D0D3D4;
1035
+ border-radius:0px;
1036
+ outline:none;
1037
+ padding:5px;
1038
+
1039
+ }
1040
+ .mo2f-setup-wizard-step-footer-buttons button:last-child {
1041
+ margin-right: 0
1042
+ }
1043
+ a .text-with-arrow-left .icon {
1044
+ margin-right: 10px
1045
+ }
1046
+
1047
+ a .text-with-arrow {
1048
+ display: -webkit-box;
1049
+ display: -ms-flexbox;
1050
+ display: flex;
1051
+ -webkit-box-pack: center;
1052
+ -ms-flex-pack: center;
1053
+ justify-content: center
1054
+ }
1055
+
1056
  }
1057
  </style>
1058
  <!--[if IE]>
1063
  </style>
1064
 
1065
  <![endif]-->
1066
+ <div class="mo2f_loader" id="mo2f_loader" style="display: none;"></div>
1067
+
1068
+ <div id="mo2f-setup-wizard-settings-area" class="mo2f-setup-wizard-settings-area wpms-container">
1069
  <header class="mo2f-setup-wizard-header">
1070
  <h1 >
1071
  <div>
1078
  <div id="mo2f-setup-settings-error-loading-area">
1079
  <div>
1080
  <div id="mo2f-setup-error-js">
1081
+ <h3 style="text-align:center;font-size:xx-large;"> Welcome to the 2FA Setup Wizard! </h3>
1082
  <br>
1083
  <p class="subtitle" style="text-align:center;" > This setup guide will take you through all the steps you need to follow to enable the two-factor authentication for your website.</p>
1084
 
1099
  </div>
1100
  </div>
1101
  <div id = "mo2f_methods_setup_wizard">
1102
+ <div class="mo2f-setup-wizard-timeline">
1103
+
1104
+ <div class="mo2f-setup-wizard-timeline-step mo2f-setup-wizard-timeline-step-active" id="mo2f-setup-wizard-step1"></div>
1105
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line1"></div>
1106
+ <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step2"> </div>
1107
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line2"></div>
1108
+ <div class="mo2f-setup-wizard-timeline-step"id="mo2f-setup-wizard-step3"> </div>
1109
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line3"></div>
1110
+ <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step4"> </div>
1111
+
1112
+ </div>
1113
+ <div id="mo2f-setup-settings-error-loading-area1" style="width: 900px">
1114
+
1115
+ <p class="mo2f-step-show"> Step 1 of 4</p>
1116
+ <h3 style="text-align:center;font-size:xx-large;"> Select the Authentication method you want to configure </h3>
1117
+ <br>
1118
+ <div class="mo2f-input-radios-with-icons">
1119
+ <table>
1120
+ <tr>
1121
+ <td>
1122
+ <label title="<?php echo __('You have to enter 6 digits code generated by google Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1123
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1124
+ <span class="mo2f-styled-radio-text"> Google Authenticator</span>
1125
  </label>
1126
+ </td>
1127
+ <td>
1128
  <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
1129
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over SMS" />
1130
+ <span class="mo2f-styled-radio-text">
1131
  <?php echo __('OTP Over SMS (Registration required)', 'miniorange-2-factor-authentication'); ?>
1132
+ </span>
1133
+ </label></td>
1134
+ </tr>
1135
+ <tr>
1136
+ <td>
1137
+
1138
  <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
1139
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Email" />
1140
+ <span class="mo2f-styled-radio-text">
1141
  <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
1142
+ </span>
1143
  </label>
1144
+ </td>
1145
+
1146
+ <td>
1147
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
1148
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Security Questions" />
1149
+ <span class="mo2f-styled-radio-text">
1150
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
1151
+ </span>
1152
+ </label>
1153
+ </td>
1154
+ </tr>
1155
+ <tr>
1156
+ <td>
1157
+
1158
+ <label title="<?php echo __('You have to enter 6 digits code generated by Microsoft Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1159
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1160
+ <span class="mo2f-styled-radio-text">
1161
+ <?php echo __('Microsoft Authenticator', 'miniorange-2-factor-authentication'); ?>
1162
+ </span>
1163
+ </label>
1164
+ </td>
1165
+ <td>
1166
  <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1167
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1168
+ <span class="mo2f-styled-radio-text">
1169
  <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
1170
+ </span>
1171
  </label>
1172
+ </td></tr>
1173
+ <tr><td>
1174
+
1175
  <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1176
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Duo Authenticator" />
1177
+ <span class="mo2f-styled-radio-text">
1178
  <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
1179
+ </span>
1180
  </label>
1181
+ </td>
1182
+ <td>
 
 
 
 
 
 
1183
  <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
1184
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Telegram" />
1185
+ <span class="mo2f-styled-radio-text">
1186
  <?php echo __('OTP Over Telegram', 'miniorange-2-factor-authentication'); ?>
1187
+ </span>
1188
  </label>
1189
+ </td>
1190
+ </table>
1191
+ </div>
1192
 
1193
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>>>
1194
  <br />
1195
 
1196
 
1197
+ <div class="mo2f-setup-wizard-step-footer">
1198
+ <a href="#previousStep1"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1199
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1200
+ <input type="button" name="mo2f_next_step1" id="mo2f_next_step1" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1201
+
1202
+ </div>
1203
+ </div>
1204
+ </div>
1205
+
1206
+
1207
+
1208
+
1209
+
1210
+ <div id="mo2f-setup-settings-error-loading-area2" style="width: 900px; display: none;">
1211
+ <p class="mo2f-step-show"> Step 2 of 4</p>
1212
+
1213
+ <h3 style="text-align:center;font-size: xx-large;"> Register with miniOrange </h3>
1214
+
1215
+ <form name="f" id="mo2f_registration_form" method="post" action="">
1216
+ <input type="hidden" name="option" value="mo_wpns_register_customer" />
1217
+ <div class="mo2f_table_layout">
1218
+ <div style="margin-bottom:30px;">
1219
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1220
+ <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Seems like email is already registered. Please click on already login buton</p></div>
1221
+ <p> Please enter a valid email id that you have access to and password of your choice.</p>
1222
+ <table class="mo_wpns_settings_table">
1223
+ <tr>
1224
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1225
+ <td><input class="mo_wpns_table_textbox" type="email" id="mo2f_email" name="email"
1226
+ required placeholder="person@example.com" /></td>
1227
+ </tr>
1228
+
1229
+ <tr>
1230
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1231
+ <td><input class="mo_wpns_table_textbox" required id= "mo2f_password" type="password"
1232
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
1233
+ </tr>
1234
+ <tr>
1235
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1236
+ <td><input class="mo_wpns_table_textbox" id= "mo2f_confirmPassword" required type="password"
1237
+ name="confirmPassword" placeholder="Confirm your password" /></td>
1238
+ </tr>
1239
+ <tr>
1240
+ <td>&nbsp;</td>
1241
+ <td><br>
1242
+ <a href="#mo2f_account_exist">Already have an account?</a>
1243
+
1244
+ </tr>
1245
+ </table>
1246
+ </div>
1247
+ </div>
1248
+ </form>
1249
+ <form name="f" id="mo2f_login_form" style="display: none;" method="post" action="">
1250
+ <input type="hidden" name="option" value="mo_wpns_verify_customer" />
1251
+ <div class="mo2f_table_layout">
1252
+ <div style="margin-bottom:30px;">
1253
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1254
+ <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Invalid Credentials</p></div>
1255
+
1256
+ <p>Please enter your miniOrange email and password.<a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1257
+ <table class="mo_wpns_settings_table">
1258
+ <tr>
1259
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1260
+ <td><input class="mo_wpns_table_textbox" type="email" id="mo2f_email_login" name="email"
1261
+ required placeholder="person@example.com" /></td>
1262
+ </tr>
1263
+ <tr>
1264
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1265
+ <td><input class="mo_wpns_table_textbox" required id= "mo2f_password_login" type="password"
1266
+ name="password" placeholder="Enter your miniOrange password" /></td>
1267
+ </tr>
1268
+ <tr>
1269
+ <td>&nbsp;</td>
1270
+ <td><br>
1271
+ <a href="#mo2f_register_new_account">Go Back to Registration Page</a>
1272
+
1273
+ </tr>
1274
+
1275
+ </table>
1276
+ </div>
1277
+ </div>
1278
+ </form>
1279
+
1280
+
1281
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>>>
1282
+ <br/>
1283
+
1284
+
1285
+ <div class="mo2f-setup-wizard-step-footer">
1286
+ <a href="#previousStep2"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1287
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1288
+ <input type="button" name="mo2f_next_step2" id="mo2f_next_step2" class="mo2f-button mo2f-button-main" value="Create Account and continue" />
1289
+
1290
+ </div>
1291
+ </div>
1292
+
1293
+
1294
+ </div>
1295
+
1296
+ <div id="mo2f-setup-settings-error-loading-area3" style="width: 900px; display: none;">
1297
+ <p class="mo2f-step-show"> Step 3 of 4</p>
1298
+
1299
+ <h3 style="text-align:center;font-size: xx-large;"> Configure 2-factor authentication </h3>
1300
+ <br>
1301
+
1302
+ <div class="overlay_success" style="width:760px; display: none;" id= "mo2f_success_block_configuration">
1303
+ <p class ="popup_text" id="mo2f_configure_success_message" >An OTP has been sent to the below email.</p>
1304
+ <br><br></div>
1305
+
1306
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block_configuration">
1307
+ <p class ="popup_text" id="mo2f_configure_Error_message" style="color: red;" >Invalid OTP</p>
1308
+ </div>
1309
+ <br><br>
1310
+
1311
+ <div id="mo2f_main_content"> </div>
1312
+
1313
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>>>
1314
+ <br/>
1315
+
1316
+
1317
+
1318
+ <div class="mo2f-setup-wizard-step-footer">
1319
+ <a href="#previousStep3"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1320
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1321
+ <input type="button" name="mo2f_next_step3" id="mo2f_next_step3" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1322
+
1323
+ </div>
1324
+ </div>
1325
+
1326
+
1327
+ </div>
1328
+
1329
+ <div id="mo2f-setup-settings-error-loading-area4" style="width: 900px; display: none;">
1330
+ <p class="mo2f-step-show"> Step 4 of 4</p>
1331
+ <div style="text-align: center;">
1332
+ <h3 style="text-align:center;font-size: xx-large;"> Congratulations! </h3>
1333
+ <br>
1334
+ You have successfully configured the two-factor authentication.
1335
+ <br><br><br>
1336
+ <input type="button" name="mo2f_next_step4" id="mo2f_next_step4" class="mo2f-button mo2f-button-main" value="Advance Settings" />
1337
+
1338
+ </div>
1339
+ </div>
1340
+
1341
+ </div>
1342
+
1343
+
1344
  </div>
1345
  </div>
1346
 
1347
 
1348
 
1349
  <script type="text/javascript">
1350
+
1351
+ jQuery('#mo2f_next_step4').click(function(e){
1352
+ localStorage.setItem("last_tab", 'unlimittedUser_2fa');
1353
+ window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1354
+
1355
+ });
1356
+
1357
+
1358
  jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1359
  jQuery("#mo2f_get_started").click(function(e){
1360
  jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'none');
1362
 
1363
  });
1364
 
1365
+ jQuery('a[href="#previousStep3"]').click(function(e){
1366
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1367
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1368
+
1369
+ var selected_2FA_method = '';
1370
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1371
+ for(i = 0; i < ele.length; i++) {
1372
+ if(ele[i].checked)
1373
+ selected_2FA_method = ele[i].value;
1374
+ }
1375
+ if(selected_2FA_method =='OTP Over SMS')
1376
+ {
1377
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1378
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "block";
1379
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1380
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1381
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1382
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1383
+ }
1384
+ else
1385
+ {
1386
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1387
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1388
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1389
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1390
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1391
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1392
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1393
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1394
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1395
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1396
+
1397
+ }
1398
+ });
1399
+
1400
+ jQuery('a[href="#previousStep2"]').click(function(e){
1401
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1402
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1403
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1404
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1405
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1406
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1407
+
1408
+ });
1409
+
1410
+ jQuery('a[href="#previousStep1"]').click(function(e){
1411
+ jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'block');
1412
+ jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1413
+
1414
+ });
1415
+
1416
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1417
+ document.getElementById('mo2f_registration_form').style.display = "none";
1418
+ document.getElementById('mo2f_login_form').style.display = "block";
1419
+ document.getElementById('mo2f_next_step2').value = 'Login and Continue';
1420
+ });
1421
+
1422
+ jQuery('a[href=\"#mo2f_register_new_account\"]').click(function (e) {
1423
+ document.getElementById('mo2f_registration_form').style.display = "block";
1424
+ document.getElementById('mo2f_login_form').style.display = "none";
1425
+ document.getElementById('mo2f_next_step2').value = 'Create Account and Continue';
1426
+ });
1427
+
1428
+ jQuery('#mo2f_next_step3').click(function(e){
1429
+ document.getElementById('mo2f_loader').style.display = "block";
1430
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1431
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1432
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1433
+
1434
+ var selected_2FA_method = '';
1435
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1436
+ for(i = 0; i < ele.length; i++) {
1437
+ if(ele[i].checked)
1438
+ selected_2FA_method = ele[i].value;
1439
+ }
1440
+ var data ='';
1441
+ if(selected_2FA_method == 'Google Authenticator')
1442
+ {
1443
+ data= { 'action':'mo_two_factor_ajax',
1444
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_GA_setup_wizard',
1445
+ 'mo2f_google_auth_code' : jQuery('#mo2f_google_auth_code').val(),
1446
+ 'mo2f_session_id' : jQuery('#mo2f_session_id').val()
1447
+ };
1448
+
1449
+ }
1450
+ else if (selected_2FA_method =='OTP Over SMS')
1451
+ {
1452
+ data= { 'action':'mo_two_factor_ajax',
1453
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverSMS_setup_wizard',
1454
+ 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1455
+ };
1456
+
1457
+ }
1458
+ else if(selected_2FA_method == 'OTP Over Email')
1459
+ {
1460
+ data= { 'action':'mo_two_factor_ajax',
1461
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverEmail_setup_wizard',
1462
+ 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1463
+ };
1464
+
1465
+ }
1466
+ else if(selected_2FA_method == 'Security Questions')
1467
+ {
1468
+ data= { 'action':'mo_two_factor_ajax',
1469
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_KBA_setup_wizard',
1470
+ 'mo2f_kbaquestion_1' : jQuery('#mo2f_kbaquestion_1').val(),
1471
+ 'mo2f_kbaquestion_2' : jQuery('#mo2f_kbaquestion_2').val(),
1472
+ 'mo2f_kbaquestion_3' : jQuery('#mo2f_kbaquestion_3').val(),
1473
+ 'mo2f_kba_ans1' : jQuery('#mo2f_kba_ans1').val(),
1474
+ 'mo2f_kba_ans2' : jQuery('#mo2f_kba_ans2').val(),
1475
+ 'mo2f_kba_ans3' : jQuery('#mo2f_kba_ans3').val()
1476
+ };
1477
+
1478
+ }
1479
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1480
+ jQuery.post(ajax_url, data, function(response){
1481
+ document.getElementById('mo2f_loader').style.display = "none";
1482
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1483
+
1484
+ if(response =='SUCCESS')
1485
+ {
1486
+ var lineElement = document.getElementById("mo2f-setup-wizard-line3");
1487
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1488
+ var stepElement = document.getElementById("mo2f-setup-wizard-step4");
1489
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1490
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1491
+ jQuery('#mo2f-setup-settings-error-loading-area4').css('display','block');
1492
+
1493
+ }
1494
+ else
1495
+ {
1496
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1497
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1498
+ }
1499
+ });
1500
+
1501
+ });
1502
+
1503
+ jQuery("#mo2f_next_step2").click(function(e){
1504
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1505
+ document.getElementById('mo2f_loader').style.display = "block";
1506
+ document.getElementById('mo2f_Error_block').style.display = "none";
1507
+ document.getElementById('mo2f_next_step2').disabled = true;
1508
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1509
+ var email = jQuery("#mo2f_email").val();
1510
+ var password = jQuery("#mo2f_password").val();
1511
+ if(jQuery("#mo2f_next_step2").val() == 'Login and Continue')
1512
+ {
1513
+ email = jQuery("#mo2f_email_login").val();
1514
+ password = jQuery("#mo2f_password_login").val();
1515
+ }
1516
+ var data= { 'action':'mo_two_factor_ajax',
1517
+ 'mo_2f_two_factor_ajax' : 'mo_wpns_register_verify_customer',
1518
+ 'email': email,
1519
+ 'password':password,
1520
+ 'confirmPassword' : jQuery("#mo2f_confirmPassword").val(),
1521
+ 'Login and Continue' : jQuery("#mo2f_next_step2").val()
1522
+ };
1523
+
1524
+ jQuery.post(ajax_url, data, function(response){
1525
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1526
+
1527
+ document.getElementById('mo2f_next_step2').disabled = false;
1528
+ if(response == 'SUCCESS')
1529
+ {
1530
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1531
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1532
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1533
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1534
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1535
+ jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1536
+
1537
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1538
+ var data= { 'action':'mo_two_factor_ajax',
1539
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_configure_OTPOverSMS_setup_wizard'
1540
+ };
1541
+ jQuery.post(ajax_url, data, function(response){
1542
+
1543
+ document.getElementById('mo2f_loader').style.display = "none";
1544
+ document.getElementById('mo2f_main_content').innerHTML = response;
1545
+ jQuery("#phone").intlTelInput();
1546
+
1547
+ jQuery('#mo2f_send_otp').click(function(e){
1548
+ document.getElementById('mo2f_loader').style.display = "block";
1549
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1550
+
1551
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1552
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1553
+
1554
+ var data = { 'action':'mo_two_factor_ajax',
1555
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1556
+ 'phone' : jQuery('#phone').val(),
1557
+ 'selected_2FA_method' : 'SMS'
1558
+ };
1559
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1560
+ jQuery.post(ajax_url, data, function(response){
1561
+ document.getElementById('mo2f_loader').style.display = "none";
1562
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1563
+
1564
+ if(response == 'SUCCESS')
1565
+ {
1566
+ $message = 'An OTP has been sent to the below phone number. Please enter the OTP to set the 2FA';
1567
+ document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1568
+ document.getElementById('mo2f_success_block_configuration').style.display = "block";
1569
+
1570
+ }
1571
+ else
1572
+ {
1573
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1574
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1575
+
1576
+ }
1577
+ });
1578
+
1579
+ });
1580
+
1581
+ });
1582
+ }
1583
+ else
1584
+ {
1585
+ document.getElementById('mo2f_loader').style.display = "none";
1586
+ document.getElementById('mo2f_Error_message').innerHTML = response;
1587
+ document.getElementById('mo2f_Error_block').style.display = "block";
1588
+ }
1589
+
1590
+ });
1591
+
1592
+ });
1593
+
1594
+ jQuery("#mo2f_next_step1").click(function(e){
1595
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1596
+ var selected_2FA_method = '';
1597
+ for(i = 0; i < ele.length; i++) {
1598
+ if(ele[i].checked)
1599
+ selected_2FA_method = ele[i].value;
1600
+ }
1601
+
1602
+ if(selected_2FA_method == '')
1603
+ {
1604
+ return '';
1605
+ }
1606
+
1607
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "none";
1608
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1609
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1610
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1611
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1612
+
1613
+ if(selected_2FA_method !="OTP Over SMS" && selected_2FA_method != '')
1614
+ {
1615
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1616
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1617
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1618
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1619
+ jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1620
+
1621
+ document.getElementById('mo2f_loader').style.display = "block";
1622
+
1623
+ var mo2f_setup_call = "";
1624
+ if(selected_2FA_method == "Google Authenticator")
1625
+ {
1626
+ mo2f_setup_call = "mo_2fa_configure_GA_setup_wizard";
1627
+ }
1628
+ else if(selected_2FA_method =="OTP Over Email")
1629
+ {
1630
+ mo2f_setup_call ="mo_2fa_configure_OTPOverEmail_setup_wizard";
1631
+ }
1632
+ else if (selected_2FA_method == "Security Questions")
1633
+ {
1634
+ mo2f_setup_call = "mo_2fa_configure_KBA_setup_wizard";
1635
+ }
1636
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1637
+ var data= { 'action':'mo_two_factor_ajax',
1638
+ 'mo_2f_two_factor_ajax' : mo2f_setup_call
1639
+ };
1640
+ jQuery.post(ajax_url, data, function(response){
1641
+ document.getElementById('mo2f_loader').style.display = "none";
1642
+ document.getElementById('mo2f_main_content').innerHTML = response;
1643
+
1644
+ if(selected_2FA_method == 'Google Authenticator')
1645
+ {
1646
+ jQuery('.mo2f_gauth').qrcode({
1647
+ 'render': 'image',
1648
+ size: 175,
1649
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
1650
+ });
1651
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(e){
1652
+ var element = document.getElementById('mo2f_scanbarcode_a');
1653
+ if(element.style.display === 'none')
1654
+ element.style.display = 'block';
1655
+
1656
+ else
1657
+ element.style.display = "none";
1658
+ });
1659
+
1660
+ }
1661
+ else if(selected_2FA_method =='OTP Over Email')
1662
+ {
1663
+ jQuery('#mo2f_send_otp').click(function(e){
1664
+ document.getElementById('mo2f_loader').style.display = "block";
1665
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1666
+
1667
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1668
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1669
+
1670
+ var data = { 'action':'mo_two_factor_ajax',
1671
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1672
+ 'phone' : jQuery('#phone').val(),
1673
+ 'mo2f_session_id' : jQuery('#mo2f_session_id').val(),
1674
+ 'selected_2FA_method' : 'OTP Over Email'
1675
+ };
1676
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1677
+ jQuery.post(ajax_url, data, function(response){
1678
+ document.getElementById('mo2f_loader').style.display = "none";
1679
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1680
+
1681
+ if(response == 'SUCCESS')
1682
+ {
1683
+ $message = 'An OTP has been sent to the below email please enter the OTP to set the 2FA';
1684
+ document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1685
+ document.getElementById('mo2f_success_block_configuration').style.display = "block";
1686
+
1687
+ }
1688
+ else
1689
+ {
1690
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1691
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1692
+
1693
+ }
1694
+ });
1695
+
1696
+ });
1697
+ }
1698
+ else if (selected_2FA_method =='Security Questions')
1699
+ {
1700
+
1701
+ var mo_option_to_hide1;
1702
+ //hidden element in dropdown list 2
1703
+ var mo_option_to_hide2;
1704
+
1705
+ jQuery('#mo2f_kbaquestion_1').change(function(){
1706
+ list = 1;
1707
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1708
+ //if an element is currently hidden, unhide it
1709
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1710
+ mo_option_to_hide1.style.display = 'block';
1711
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1712
+ mo_option_to_hide2.style.display = 'block';
1713
+ }
1714
+ //select the element to hide and then hide it
1715
+ if (list == 1) {
1716
+ if (list_selected != 0) {
1717
+ mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
1718
+ mo_option_to_hide2.style.display = 'none';
1719
+ }
1720
+ }
1721
+ });
1722
+ jQuery('#mo2f_kbaquestion_2').change(function(){
1723
+ list = 2;
1724
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1725
+ //if an element is currently hidden, unhide it
1726
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1727
+ mo_option_to_hide1.style.display = 'block';
1728
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1729
+ mo_option_to_hide2.style.display = 'block';
1730
+ }
1731
+ //select the element to hide and then hide it
1732
+ if (list == 2) {
1733
+ if (list_selected != 0) {
1734
+ mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
1735
+ mo_option_to_hide1.style.display = 'none';
1736
+ }
1737
+ }
1738
+ });
1739
+
1740
+ }
1741
+ });
1742
+
1743
+
1744
+ }
1745
+ else if(selected_2FA_method == 'OTP Over SMS')
1746
+ {
1747
+ jQuery('#mo2f-setup-settings-error-loading-area2').css('display','block');
1748
+ }
1749
+
1750
+
1751
+ });
1752
  jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
1753
+
1754
+
1755
  localStorage.setItem("last_tab", 'setup_2fa');
1756
  var selectedMethod = jQuery(this).val();
1757
  var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1758
  var nonce = "<?php echo wp_create_nonce( 'miniorange-select-method-setup-wizard' ); ?>";
1759
 
1760
+ if(selectedMethod == 'Duo Authenticator' || selectedMethod =='OTP Over Telegram')
1761
+ {
1762
+ var data= { 'action':'mo_two_factor_ajax',
1763
+ 'mo_2f_two_factor_ajax' : 'select_method_setup_wizard',
1764
+ 'mo2f_method': selectedMethod,
1765
+ 'nonce': nonce };
1766
+
1767
+ jQuery.post(ajax_url, data, function(response){
1768
+ window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1769
+ });
1770
+ }
1771
+
1772
  });
1773
 
1774
  jQuery('a[href="#skiptwofactor"]').click(function(e){
4173
  } else {
4174
  update_option( 'mo2f_enable_2fa', isset( $_POST['mo2f_enable_2fa'] ) ? $_POST['mo2f_enable_2fa'] : 0 );
4175
  }
 
 
 
 
 
 
 
 
 
 
 
 
4176
  }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo_2factor_test_authentication_method' ) {
4177
  //network security feature
4178
  $nonce = $_POST['mo_2factor_test_authentication_method_nonce'];
4876
  $url = get_site_option('siteurl').'/wp-login.php?'; //login page can change
4877
  $message = '<table cellpadding="25" style="margin:0px auto">
4878
  <tbody>
4879
+ <td>
4880
  <td>
4881
  <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
4882
  <tbody>
4883
+ <td>
4884
  <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
4885
  </tr>
4886
  </tbody>
4887
  </table>
4888
  <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
4889
  <tbody>
4890
+ <td>
4891
  <td>
4892
  <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
4893
  <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
4968
  $headers[] = 'Cc: 2fasupport <2fasupport@xecurify.com>';
4969
  $message = '<table cellpadding="25" style="margin:0px auto">
4970
  <tbody>
4971
+ <td>
4972
  <td>
4973
  <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
4974
  <tbody>
4975
+ <td>
4976
  <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
4977
  </tr>
4978
  </tbody>
4979
  </table>
4980
  <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
4981
  <tbody>
4982
+ <td>
4983
  <td>
4984
  <p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
4985
  <p style="margin-top:0;margin-bottom:20px"> You are going to exhaust all your '.$string.'. You have only <b>'.$count.'</b> '.$string.' remaining. You can recharge or add '.$string.' to your account: <a href='.MoWpnsConstants::rechargeLink.'>Recharge</a></p>
handler/twofa/two_fa_utility.php CHANGED
@@ -248,7 +248,6 @@ class MO2f_Utility {
248
 
249
  if(isset($_SESSION[$session_id])){
250
  $transient_array = $_SESSION[$session_id];
251
-
252
  $transient_value = isset($transient_array[$key]) ? $transient_array[$key] : null;
253
  return $transient_value;
254
  }else if(isset($_COOKIE[base64_decode($session_id)])){
@@ -273,9 +272,9 @@ class MO2f_Utility {
273
  public static function mo2f_start_session() {
274
  if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
275
  $session_path = ini_get('session.save_path');
276
- if( is_writable($session_path) && is_readable($session_path) ) {
277
  if(session_status() != PHP_SESSION_DISABLED )
278
- session_start();
279
  }
280
  }
281
  }
@@ -398,7 +397,12 @@ class MO2f_Utility {
398
  $decrypted_data_array = explode( '&', $decrypted_data );
399
 
400
  $cookie_value = $decrypted_data_array[0];
401
- $cookie_creation_time = new DateTime( $decrypted_data_array[1] );
 
 
 
 
 
402
  $current_time = new DateTime( 'now' );
403
 
404
  $interval = $cookie_creation_time->diff( $current_time );
@@ -590,6 +594,11 @@ class MO2f_Utility {
590
  return $methodname;
591
 
592
  }
 
 
 
 
 
593
 
594
  public static function get_plugin_name_by_identifier( $plugin_identitifier ){
595
  $all_plugins = get_plugins();
248
 
249
  if(isset($_SESSION[$session_id])){
250
  $transient_array = $_SESSION[$session_id];
 
251
  $transient_value = isset($transient_array[$key]) ? $transient_array[$key] : null;
252
  return $transient_value;
253
  }else if(isset($_COOKIE[base64_decode($session_id)])){
272
  public static function mo2f_start_session() {
273
  if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
274
  $session_path = ini_get('session.save_path');
275
+ if( is_writable($session_path) && is_readable($session_path) && !headers_sent() ) {
276
  if(session_status() != PHP_SESSION_DISABLED )
277
+ session_start();
278
  }
279
  }
280
  }
397
  $decrypted_data_array = explode( '&', $decrypted_data );
398
 
399
  $cookie_value = $decrypted_data_array[0];
400
+ if(sizeof($decrypted_data_array) == 2 ){
401
+ $cookie_creation_time = new DateTime( $decrypted_data_array[1] );
402
+ }else{
403
+ $cookie_creation_time = new DateTime( array_pop($decrypted_data_array) );
404
+ $cookie_value = implode('&', $decrypted_data_array);
405
+ }
406
  $current_time = new DateTime( 'now' );
407
 
408
  $interval = $cookie_creation_time->diff( $current_time );
594
  return $methodname;
595
 
596
  }
597
+ public static function is_same_method($method,$current_method){
598
+ if($method == $current_method || $method == MO2f_Utility::mo2f_decode_2_factor($current_method,'wpdb') || $method == MO2f_Utility::mo2f_decode_2_factor($current_method,'') || MO2f_Utility::mo2f_decode_2_factor($current_method,'server') == $method)
599
+ return true;
600
+ return false;
601
+ }
602
 
603
  public static function get_plugin_name_by_identifier( $plugin_identitifier ){
604
  $all_plugins = get_plugins();
handler/user-profile-2fa-update.php ADDED
@@ -0,0 +1,217 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if(isset($_POST['method']))
3
+ $method = sanitize_text_field($_POST['method']);
4
+ else
5
+ return;
6
+ global $Mo2fdbQueries;
7
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user);
8
+ $method = MO2f_Utility::mo2f_decode_2_factor($method,'wpdb');
9
+ $email = ($email=='')?filter_var($_POST['email'], FILTER_SANITIZE_EMAIL):$email;
10
+ $enduser = new Two_Factor_Setup();
11
+ if(isset($_POST['verify_phone']))
12
+ $phone = strlen($_POST['verify_phone']>4)?sanitize_text_field($_POST['verify_phone']):null;
13
+ else
14
+ $phone = null;
15
+ $response = json_decode( $enduser->mo2f_update_userinfo( $email,MO2f_Utility::mo2f_decode_2_factor($method,'server') , $phone, null, null ), true );
16
+ if($response['status']!= 'SUCCESS')
17
+ return;
18
+ $id = get_current_user_id();
19
+ $method = MO2f_Utility::mo2f_decode_2_factor($method,'wpdb');
20
+ switch ($method) {
21
+ case "miniOrange QR Code Authentication":
22
+ case "miniOrange Push Notification":
23
+ case "miniOrange Soft Token":
24
+ if($id != $user){
25
+ send_reconfiguration_on_email($email,$user,$method);
26
+ }else if($_POST['mo2f_configuration_status']!='SUCCESS')
27
+ return;
28
+ delete_user_meta( $user, 'configure_2FA' );
29
+ update_user_meta($user,'mo2f_2FA_method_to_configure',$method);
30
+ $Mo2fdbQueries->update_user_details($user, array(
31
+ 'mobile_registration_status' =>true,
32
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
33
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
34
+ 'mo2f_miniOrangePushNotification_config_status' => true,
35
+ "mo2f_configured_2FA_method" => $method,
36
+ 'user_registration_with_miniorange' => 'SUCCESS',
37
+ 'mo2f_2factor_enable_2fa_byusers'=> '1',
38
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
39
+ ) );
40
+ break;
41
+ case "Google Authenticator":
42
+ if($id!= $user){
43
+ send_reconfiguration_on_email($email,$user,$method);
44
+ }else if($_POST['mo2f_configuration_status']!='SUCCESS')
45
+ return;
46
+ $Mo2fdbQueries->update_user_details( $user, array(
47
+ 'mo2f_GoogleAuthenticator_config_status' => true,
48
+ 'mo2f_configured_2FA_method' => 'Google Authenticator',
49
+ 'mo2f_AuthyAuthenticator_config_status' => false,
50
+ 'user_registration_with_miniorange' => 'SUCCESS',
51
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
52
+ 'mo2f_2factor_enable_2fa_byusers' => 1,
53
+ 'mo2f_user_email' => $email
54
+ ) );
55
+ if(!MO2F_IS_ONPREM){
56
+ update_user_meta( $user ,'mo2f_external_app_type', "Google Authenticator" );
57
+ }
58
+ break;
59
+ case "Authy Authenticator":
60
+ if($id!= $user){
61
+ send_reconfiguration_on_email($email,$user,$method);
62
+ }else if($_POST['mo2f_configuration_status']!='SUCCESS')
63
+ return;
64
+ $Mo2fdbQueries->update_user_details( $user, array(
65
+ 'mo2f_GoogleAuthenticator_config_status' => false,
66
+ 'mo2f_configured_2FA_method' => 'Authy Authenticator',
67
+ 'mo2f_AuthyAuthenticator_config_status' => true,
68
+ 'user_registration_with_miniorange' => 'SUCCESS',
69
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
70
+ 'mo2f_2factor_enable_2fa_byusers' => 1,
71
+ 'mo2f_user_email' => $email
72
+ ) );
73
+ if(!MO2F_IS_ONPREM){
74
+ update_user_meta( $user ,'mo2f_external_app_type', "Authy Authenticator" );
75
+ }
76
+ break;
77
+ case "OTP Over SMS":
78
+ $Mo2fdbQueries->update_user_details($user, array(
79
+ "mo2f_configured_2FA_method" => 'OTP Over SMS',
80
+ 'mo2f_OTPOverSMS_config_status' => true,
81
+ 'user_registration_with_miniorange' => 'SUCCESS',
82
+ 'mo2f_2factor_enable_2fa_byusers'=> '1',
83
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
84
+ ) );
85
+ break;
86
+ case "Security Questions":
87
+ $obj = new Miniorange_Authentication();
88
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
89
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
90
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
91
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
92
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
93
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
94
+
95
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
96
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
97
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
98
+
99
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
100
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
101
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
102
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
103
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
104
+ return;
105
+ }
106
+
107
+ if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
108
+ update_option( 'mo2f_message', 'The questions you select must be unique.' );
109
+ return;
110
+ }
111
+ $kba_registration = new Two_Factor_Setup();
112
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user ), true );
113
+
114
+ if ( json_last_error() == JSON_ERROR_NONE ) {
115
+ if ( $response['status'] == 'SUCCESS' ) {
116
+ $Mo2fdbQueries->update_user_details( $user, array(
117
+ 'mo2f_configured_2FA_method' => 'Security Questions' ,
118
+ 'user_registration_with_miniorange' => 'SUCCESS',
119
+ 'mo2f_SecurityQuestions_config_status' => true,
120
+ 'mo2f_2factor_enable_2fa_byusers'=> '1',
121
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
122
+ ), true);
123
+
124
+ }else {
125
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
126
+ $obj->mo_auth_show_error_message();
127
+
128
+ }
129
+ }
130
+
131
+ break;
132
+ case "OTP Over Email":
133
+ $Mo2fdbQueries->update_user_details($user, array(
134
+ "mo2f_configured_2FA_method" => 'OTP Over Email',
135
+ 'mo2f_OTPOverEmail_config_status' => true,
136
+ 'mo2f_user_email' => $email,
137
+ 'mo2f_2factor_enable_2fa_byusers'=> '1',
138
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
139
+ 'user_registration_with_miniorange' => 'SUCCESS',
140
+ ) );
141
+ delete_user_meta( $user, 'configure_2FA');
142
+ delete_user_meta( $user, 'test_2FA');
143
+ break;
144
+ case "Email Verification":
145
+ $Mo2fdbQueries->update_user_details($user, array(
146
+ "mo2f_configured_2FA_method" => 'Email Verification',
147
+ 'mo2f_user_email' => $email,
148
+ 'user_registration_with_miniorange' => 'SUCCESS',
149
+ 'mo2f_2factor_enable_2fa_byusers'=> '1',
150
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
151
+ 'mo2f_EmailVerification_config_status' => true
152
+ ) );
153
+ break;
154
+ }
155
+ update_option('mo2fa_userProfile_method',$method);
156
+ function send_reconfiguration_on_email($email,$user,$method){
157
+ global $mo2f_dirName;
158
+ $method = MO2f_Utility::mo2f_decode_2_factor($method,'server');
159
+ $user_id = hash('sha512',$user);
160
+ $reconfiguraion_method = hash('sha512',$method);
161
+ update_site_option($user_id,$user);
162
+ update_site_option($reconfiguraion_method,$method);
163
+ $txid = '';
164
+ for($i=1;$i<7;$i++){
165
+ $txid .= rand(100,999);
166
+ }
167
+ update_site_option($txid,true);
168
+ update_user_meta($user,'mo2f_EV_txid',$txid);
169
+ $subject = '2fa-reconfiguration : Scan QR';
170
+ $headers = array('Content-Type: text/html; charset=UTF-8');
171
+ update_option('mo2fa_reconfiguration_via_email',json_encode(array($user,$email,$method)));
172
+ $path = plugins_url(DIRECTORY_SEPARATOR. 'views'.DIRECTORY_SEPARATOR. 'qr_over_email.php',dirname( __FILE__ )).'?email='.$email.'&amp;user_id='.$user_id;
173
+ $url = get_site_option('siteurl').'/wp-login.php?';
174
+ $path = $url.'&amp;user_id='.$user_id.'&amp;reconfigureMethod='.$reconfiguraion_method.'&amp;transactionId='.$txid;
175
+ $message = '
176
+ <table>
177
+ <tbody>
178
+ <tr>
179
+ <td>
180
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
181
+ <tbody>
182
+ <tr>
183
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
184
+ </tr>
185
+ </tbody>
186
+ </table>
187
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
188
+ <tbody>
189
+ <tr>
190
+ <td>
191
+ <input type="hidden" name="user_id" id="user_id" value="'.$user_id.'">
192
+ <input type="hidden" name="email" id="email" value="'.$email.'">
193
+ <p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
194
+ <p style="margin-top:0;margin-bottom:10px">Please scan the QR code from given link to set <b>2FA method</b>:</p>
195
+ <p><a href="'.$path.'" > Click to reconfigure 2nd factor</a></p>
196
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
197
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
198
+ </div></div></td>
199
+ </tr>
200
+ </tbody>
201
+ </table>
202
+ </td>
203
+ </tr>
204
+ </tbody>
205
+ </table>';
206
+ $result = wp_mail($email,$subject,$message,$headers);
207
+ if($result){
208
+ update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
209
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
210
+
211
+ }else{
212
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
213
+ update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
214
+ }
215
+ $content = json_encode($arr);
216
+ }
217
+ ?>
handler/user-profile-2fa.php ADDED
@@ -0,0 +1,275 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ $is_registered = empty(get_option('mo2f_customerkey'))?false:true;
3
+ $role = $user->roles;
4
+ $roles = ( array ) $user->roles;
5
+ $flag = 0;
6
+ foreach ( $roles as $role ) {
7
+ if(get_option('mo2fa_'.$role)=='1')
8
+ $flag=1;
9
+ }
10
+ if(!current_user_can( 'administrator', $user->ID) || (!MO2F_IS_ONPREM && !$is_registered) || $flag==0)
11
+ return;
12
+ else if(!MO2F_IS_ONPREM && !$is_registered)
13
+ return;
14
+ $cloud_methods = array("miniOrange QR Code Authentication", "miniOrange Soft Token","miniOrange Push Notification","OTP Over SMS");
15
+ $id = get_current_user_id();
16
+ $available_methods = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option')?get_site_option('mo2fa_free_plan_new_user_methods'):get_site_option('mo2fa_free_plan_existing_user_methods');
17
+ if(!$available_methods)
18
+ return;
19
+ $transient_id = MO2f_Utility::random_str(20);
20
+
21
+ MO2f_Utility::mo2f_set_transient($transient_id, 'mo2f_user_id', $user->ID);
22
+ $same_user = $user->ID == $id?true:false;
23
+ global $Mo2fdbQueries;
24
+ $current_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user->ID);
25
+ if($current_method == "miniOrange QR Code Authentication" || $current_method == "miniOrange Soft Token" || $current_method == "miniOrange Push Notification")
26
+ $current_method = "miniOrange Authenticator";
27
+ $twofactor_transactions = new Mo2fDB;
28
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user->ID);
29
+ if($exceeded){
30
+ return;
31
+ }
32
+ $user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user->ID );
33
+ $email=$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
34
+ if($email == ''){
35
+ $Mo2fdbQueries->update_user_details($user->ID,array('mo2f_user_email'=>$user->user_email));
36
+ }
37
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID ):$user->user_email;
38
+ $pass_2fa_login_session = new Miniorange_Password_2Factor_Login();
39
+ if(!$user_column_exists){
40
+ $Mo2fdbQueries->insert_user( $user->ID );
41
+ $content = $pass_2fa_login_session->create_user_in_miniOrange($user->ID,$email,'SOFT TOKEN');
42
+ }
43
+ $registerMobile = new Two_Factor_Setup();
44
+ $content = $registerMobile->register_mobile($email);
45
+ update_user_meta($user->ID,'registered_mobile',$content);
46
+ $two_factor_methods_descriptions = array(
47
+ "miniOrange QR Code Authentication" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
48
+ "miniOrange Authenticator" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
49
+ "miniOrange Soft Token" => "Enter the soft token from the account in your miniOrange Authenticator App to login.",
50
+ "miniOrange Push Notification" => "Accept a push notification in your miniOrange Authenticator App to login.",
51
+ "Google Authenticator" => "Enter the soft token from the account in your Google Authenticator App to login.",
52
+ "Security Questions" => "Answer the three security questions you had set, to login.",
53
+ "OTP Over SMS" => "Enter the One Time Passcode sent to your phone to login.",
54
+ "Authy Authenticator" => "Enter the soft token from the account in your Authy Authenticator App to login.",
55
+ "OTP Over Email" => "Enter the One Time Passcode sent to your email to login.",
56
+ "Email Verification" => "Accept the verification link sent to your email to login.",
57
+ "OTP Over SMS and Email" => "Enter the One Time Passcode sent to your phone and email to login.",
58
+ "Hardware Token" => "Enter the One Time Passcode on your Hardware Token to login."
59
+ );
60
+ global $mainDir;
61
+ wp_enqueue_style( 'mo2f_user-profile_style', $mainDir.'/includes/css/user-profile.css');
62
+ ?>
63
+ <h3><?php esc_html_e( 'Set 2-Factor Authentication', 'miniorange 2-factor-authentication' ); ?></h3>
64
+ <table class="form-table" id="mo2fa_form-table-user-profile">
65
+ <tr>
66
+ <th style="text-align: left;">
67
+ <?php echo mo2f_lt( '2-Factor Options' ); ?>
68
+ </th>
69
+ <td>
70
+ <form name="f" method="post" action="" id="mo2f_update_2fa">
71
+ <div class="mo2fa_tab">
72
+ <?php foreach ( $two_factor_methods_descriptions as $method => $description ){
73
+ if(in_array($method, $available_methods)){
74
+ $trimmed_method = str_replace(' ','',$method);?>
75
+ <button class="mo2fa_tablinks" type="button"
76
+ <?php if((!empty($current_method) && MO2f_Utility::is_same_method($method,$current_method)) || (empty($current_method) && MO2f_Utility::is_same_method($method,'miniOrange Authenticator')) ){?>
77
+ id="defaultOpen"
78
+ <?php }?>
79
+ onclick='mo2fa_viewMethod(event, "<?php echo esc_attr( $trimmed_method );?>")'><?php echo esc_attr( $method );?>
80
+ </button>
81
+ <?php }}?>
82
+ </div>
83
+ </form>
84
+ <?php foreach ( $two_factor_methods_descriptions as $method => $description ){
85
+ if(in_array($method, $available_methods)){
86
+ $trimmed_method = str_replace(' ','',$method);?>
87
+ <div id="<?php echo esc_attr( $trimmed_method );?>" class="mo2fa_tabcontent">
88
+ <p><?php echo esc_attr( $description );?></p>
89
+ <p><?php methods_on_user_profile($method,$user,$transient_id);?></p>
90
+ </div>
91
+ <?php }}?>
92
+ </td>
93
+ </tr>
94
+ </table>
95
+ <div id="wpns_nav_message"></div>
96
+ <input type="hidden" name="MO2F_IS_ONPREM" value="<?php echo MO2F_IS_ONPREM;?>">
97
+ <input type="hidden" name="same_user" value="<?php echo $same_user;?>">
98
+ <input type="hidden" name="is_registered" value="<?php echo $is_registered;?>">
99
+ <input type="hidden" name="mo2f-update-mobile-nonce" value="<?php echo wp_create_nonce("mo2f-update-mobile-nonce");?>">
100
+ <input type="hidden" name="transient_id" value="<?php echo $transient_id;?>">
101
+ <input type="hidden" name='method' id="method" value="NONE">
102
+ <input type="hidden" name='mo2f_configuration_status' id="mo2f_configuration_status" value="Configuration">
103
+ <?php
104
+ wp_enqueue_script( 'user-profile-2fa-script', $mainDir.'/includes/js/user-profile-twofa.js');
105
+
106
+ function methods_on_user_profile($method,$user,$transient_id){
107
+ global $Mo2fdbQueries,$mainDir;
108
+ $email=$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
109
+ $pass_2fa_login_session = new Miniorange_Password_2Factor_Login();
110
+ $trimmed_method = str_replace(' ','',$method);
111
+ $is_registered = get_option('mo2f_customerkey');
112
+ $id = get_current_user_id();
113
+ if($email == ''){
114
+ $Mo2fdbQueries->update_user_details($user->ID,array('mo2f_user_email'=>$user->user_email));
115
+ }
116
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID ):$user->user_email;
117
+ switch($method){
118
+ case "miniOrange Authenticator":
119
+ if(!$is_registered){
120
+ $message = "Please register with miniOrange for using this method.";
121
+ echo mo2f_lt( $message );
122
+ }
123
+ else{
124
+ ?>
125
+ <div id="mo2fa_display_mo_methods">
126
+ <h4 class="mo2fa_select_method">
127
+ Select Authentication method :
128
+ </h4>
129
+ <input type="button" name="mo2f_method" id="miniOrangeSoftTokenButton" class="mo2f_miniAuthApp" value="Soft Token" />
130
+ <input type="button" name="mo2f_method" id="miniOrangeQRCodeAuthenticationButton" class="mo2f_miniAuthApp" value="QR Code Authentication" />
131
+ <input type="button" name="mo2f_method" id="miniOrangePushNotificationButton" class="mo2f_miniAuthApp" value="Push Notification" />
132
+ </div>
133
+ <?php
134
+ if($id == $user->ID)
135
+ {
136
+ $content = get_user_meta($user->ID,'registered_mobile',true);
137
+ $response = json_decode($content, true);
138
+ $message = '';
139
+
140
+ if(json_last_error() == JSON_ERROR_NONE) {
141
+ if($response['status'] == 'ERROR'){
142
+ $mo_qr_details['message'] = Mo2fConstants::langTranslate($response['message']);
143
+ delete_user_meta( $user->ID, 'miniorageqr' );
144
+ }else{
145
+ if($response['status'] == 'IN_PROGRESS'){
146
+
147
+ $mo_qr_details['message'] = '';
148
+ $mo_qr_details['mo2f-login-qrCode']=$response['qrCode'];
149
+ update_user_meta($user->ID,'miniorageqr',$mo_qr_details);
150
+ }else{
151
+ $mo_qr_details['message'] = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
152
+ delete_user_meta( $user->ID, 'miniorageqr' );
153
+ }
154
+ }
155
+ }
156
+ ?>
157
+
158
+ <div class="mcol-2" id='mo2f_qrcode'>
159
+ <table class="mo2f_settings_table">
160
+ <br><?php
161
+ echo (isset($mo_qr_details['mo2f-login-qrCode'])?'<img style="width:165px;" src="data:image/jpg;base64,' .$mo_qr_details['mo2f-login-qrCode']. '" />':'Please register with miniOrange for using this method') ;
162
+ ?>
163
+ </table>
164
+ <?php
165
+ if(isset($mo_qr_details['mo2f-login-qrCode'])){
166
+ ?>
167
+ <form name="f" method="post" action="" id="<?php echo 'mo2f_verify_form-'.mo2f_lt($trimmed_method); ?>">
168
+
169
+ <table id="mo2f_setup_mo_methods">
170
+ <td class="bg-none"><?php echo mo2f_lt( 'Enter Code:' )?></td>
171
+ <td><input type="tel" class="mo2f_table_textbox" style="margin-left: 1%; margin-right: 1%; width:200px;" name="mo_qr_auth_code" id="<?php echo 'textbox-'.mo2f_lt($trimmed_method); ?>" value="" pattern="[0-9]{4,8}" title="<?php echo mo2f_lt('Enter OTP:'); ?>"/></td>
172
+ <td><a id="<?php echo 'save-'.mo2f_lt($trimmed_method); ?>" name="save_qr" class="button button1" ><?php echo mo2f_lt( 'Verify and Save' ); ?></a></td>
173
+ </table>
174
+
175
+ </form>
176
+ <?php } ?>
177
+ </div>
178
+
179
+ <?php
180
+ }
181
+ else{
182
+ $message= "Link to reconfigure 2nd factor will be sent to ".$email;
183
+ echo mo2f_lt( $message );
184
+ }
185
+ }
186
+ break;
187
+ case "Authy Authenticator":
188
+ case "Google Authenticator":
189
+ if($user->ID == $id){
190
+ if(MO2F_IS_ONPREM){
191
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'twofa'. DIRECTORY_SEPARATOR. 'gaonprem.php';
192
+ $gauth_obj= new Google_auth_onpremise();
193
+
194
+ $ga_secret = $gauth_obj->createSecret();
195
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
196
+ $url = $gauth_obj->geturl( $ga_secret, $issuer, $email );
197
+ $mo2f_google_auth = array('ga_qrCode'=> $url,'ga_secret'=>$ga_secret);
198
+ update_user_meta( $user->ID, 'mo2f_google_auth', json_encode( $mo2f_google_auth ) );
199
+ $otpcode = $gauth_obj->getCode($ga_secret);
200
+ $data = isset($mo2f_google_auth) ? $mo2f_google_auth['ga_qrCode'] : null;
201
+ wp_enqueue_script( 'mo_wpns_qrcode_script', $mainDir.'/includes/jquery-qrcode/jquery-qrcode.js' );
202
+ wp_enqueue_script( 'mo_wpns_min_qrcode_script', $mainDir.'/includes/jquery-qrcode/jquery-qrcode.min.js');
203
+ echo '<div class="mo2f_gauth_column mo2f_gauth_left" >';
204
+ echo '<div class="mo2f_gauth" data-qrcode='.$data.'></div>';
205
+ echo '</div>';
206
+ }else{
207
+ if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
208
+ Miniorange_Authentication::mo2f_get_GA_parameters($user);
209
+ }
210
+ $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
211
+ $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
212
+ $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
213
+ echo '<br><div id="displayQrCode">
214
+ <img id="mo2f_gauth" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />
215
+ </div>';
216
+ }
217
+ ?>
218
+
219
+ <div class="mcol-2">
220
+ <br>
221
+ <form name="f" method="post" action="" id="<?php echo 'mo2f_verify_form-'.mo2f_lt($trimmed_method); ?>">
222
+
223
+ <table id="mo2f_setup_ga">
224
+ <td class="bg-none"><?php echo mo2f_lt( 'Enter Code:' )?></td>
225
+ <td><input type="tel" class="mo2f_table_textbox" style="margin-left: 1%; margin-right: 1%; width:200px;" name="google_auth_code" id="<?php echo 'textbox-'.mo2f_lt($trimmed_method); ?>" value="" pattern="[0-9]{4,8}" title="<?php echo mo2f_lt('Enter OTP:'); ?>"/></td>
226
+ <td><a id="<?php echo 'save-'.mo2f_lt($trimmed_method); ?>" name="save_GA" class="button button1" ><?php echo mo2f_lt( 'Verify and Save' ); ?></a></td>
227
+ </table>
228
+
229
+ <input type="hidden" name="ga_secret" value="<?php echo $ga_secret;?>">
230
+ </form>
231
+
232
+ </div>
233
+ <?php
234
+ }else{
235
+ $message= "Link to reconfigure 2nd factor will be sent to ".$email;
236
+ echo mo2f_lt( $message );
237
+ }
238
+ break;
239
+ case "OTP Over SMS":
240
+ if(!$is_registered){
241
+ $message = "Please register with miniOrange for using this method.";
242
+ echo mo2f_lt( $message );
243
+ }
244
+ else{
245
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
246
+ $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
247
+ ?>
248
+ <form name="f" method="post" action="" id="<?php echo 'mo2f_verify_form-'.mo2f_lt($trimmed_method); ?>">
249
+
250
+ <table id="mo2f_setup_sms">
251
+ <td class="bg-none"><?php echo mo2f_lt( 'Authentication codes will be sent to ' )?></td>
252
+ <td><input type="text" class="mo2f_table_textbox" style="margin-left: 1%; margin-right: 1%; width:200px;" name="verify_phone" id="<?php echo 'textbox-'.mo2f_lt($trimmed_method); ?>" value="<?php echo $user_phone ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/></td>
253
+ <td><a id="<?php echo 'save-'.mo2f_lt($trimmed_method); ?>" name="save" class="button button1" ><?php echo mo2f_lt( 'Save' ); ?></a></td>
254
+ </table>
255
+
256
+ </form>
257
+ <?php
258
+ }
259
+ break;
260
+ case "Security Questions":
261
+ mo2f_configure_kba_questions($user);
262
+ break;
263
+ case "OTP Over Email":
264
+ case "Email Verification":
265
+ if(!$Mo2fdbQueries->check_if_user_column_exists($user->ID)){
266
+ $content = $pass_2fa_login_session->create_user_in_miniOrange($user->ID,$email,$method);
267
+ }
268
+ $email = ($email=='')?$user->user_email:$email;
269
+ $message = "Authentication codes will be sent to ".$email;
270
+ echo mo2f_lt( $message );
271
+ break;
272
+ $Mo2fdbQueries->delete_user_login_sessions($user->ID);
273
+ }
274
+ }
275
+ ?>
includes/css/hide-login-form.css CHANGED
@@ -1,3 +1,6 @@
 
 
 
1
  body.login div#login {
2
  display: block;
3
  }
1
+ .mo2fa_visible{
2
+ top: 20px !important;
3
+ }
4
  body.login div#login {
5
  display: block;
6
  }
includes/css/style_settings.css CHANGED
@@ -209,10 +209,6 @@
209
  padding: 0px;
210
  }
211
 
212
- #wpfooter
213
- {
214
- position: relative !important;
215
- }
216
  .mo-2fa-mail-button
217
  {
218
  bottom: 2.5%;
@@ -3161,9 +3157,11 @@ a.mo2f_thumbnail:hover, a.mo2f_thumbnail:focus, a.mo2f_thumbnail.active {
3161
  color: #1a5a97!important;
3162
  font-weight: 600!important;
3163
  }
 
3164
  .mo2f_kba_ques : hover{
3165
  color: #1a5a97!important;
3166
  font-weight: 600!important;
 
3167
  }
3168
 
3169
  .mo2f_kba_table {
209
  padding: 0px;
210
  }
211
 
 
 
 
 
212
  .mo-2fa-mail-button
213
  {
214
  bottom: 2.5%;
3157
  color: #1a5a97!important;
3158
  font-weight: 600!important;
3159
  }
3160
+
3161
  .mo2f_kba_ques : hover{
3162
  color: #1a5a97!important;
3163
  font-weight: 600!important;
3164
+
3165
  }
3166
 
3167
  .mo2f_kba_table {
includes/css/upgrade.css CHANGED
@@ -365,11 +365,11 @@ table.mo2fa_table_features tr:last-child
365
  visibility: visible;
366
  }
367
 
 
368
  .mo2fa_tooltip_methodlist {
369
  position: relative;
370
  display: inline-block;
371
  }
372
-
373
  .mo2fa_tooltip_methodlist .methodlist {
374
  visibility: hidden;
375
  width: 14em;
365
  visibility: visible;
366
  }
367
 
368
+
369
  .mo2fa_tooltip_methodlist {
370
  position: relative;
371
  display: inline-block;
372
  }
 
373
  .mo2fa_tooltip_methodlist .methodlist {
374
  visibility: hidden;
375
  width: 14em;
includes/css/user-profile.css ADDED
@@ -0,0 +1,179 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ #mo2fa_form-table-user-profile th{
2
+ padding:0px 0px 0px 0px !important;
3
+ text-align: center;
4
+
5
+ }
6
+ .mo2fa_form-table td{
7
+ padding:6px 10px;
8
+ }
9
+ .miniOrange-2FA-methods-table {
10
+ background-color: #fff;
11
+ border: 1px solid #e5e5e5;
12
+ border-spacing: 0;
13
+ }
14
+
15
+ .miniOrange-2FA-methods-table thead,
16
+ .miniOrange-2FA-methods-table tfoot {
17
+ background: #fff;
18
+ }
19
+
20
+ .miniOrange-2FA-methods-table thead th {
21
+ padding: 0.5em;
22
+ }
23
+
24
+ .miniOrange-2FA-methods-table .col-primary,
25
+ .miniOrange-2FA-methods-table .col-enabled {
26
+ width: 5%;
27
+ }
28
+
29
+ .miniOrange-2FA-methods-table .col-name {
30
+ width: 90%;
31
+ }
32
+ .miniOrange-2FA-methods-
33
+ .miniOrange-2FA-methods-table tbody th {
34
+ text-align: center;
35
+ }
36
+
37
+ .miniOrange-2FA-methods-table tbody th,
38
+ .miniOrange-2FA-methods-table tbody td {
39
+ vertical-align: top;
40
+ }
41
+
42
+ .miniOrange-2FA-methods-table tbody tr:nth-child(odd) {
43
+ background-color: #f9f9f9;
44
+
45
+ /*background-color: nome;*/
46
+ }
47
+ #mo2f_configure_kba{
48
+ border:1px solid;
49
+ text-align: center;
50
+ border: 1px solid #52523b;
51
+ }
52
+ .mo2f_kba_header thead th{
53
+ border-bottom: 1px solid black;
54
+ }
55
+ .miniOrange-2FA-methods-table tbody th, .miniOrange-2FA-methods-table tbody td{
56
+ /*text-align: center;*/
57
+ }
58
+ #mo2f_setup_sms{
59
+ /*margin:0 auto;*/
60
+ }
61
+ #mo2f_setup_sms tr{
62
+ background-color: transparent;
63
+ }
64
+ .mo2f_qr{
65
+ margin-left: 5%;
66
+ }
67
+ .mcol-2{
68
+ margin-left: 2%;
69
+ }
70
+ .mo2fa_popup_text
71
+ {
72
+ color:black;
73
+ margin-top: 2%;
74
+ font-weight: 600;
75
+ font-size: 12px !important;;
76
+
77
+ }
78
+ .mo2fa_overlay_success {
79
+ width: min-content;
80
+ height: 40px;
81
+ position: fixed;
82
+ float: right;
83
+ z-index: 1;
84
+ top: 0;
85
+ right: 0;
86
+ margin-top: 7%;
87
+ background-color:#bcffb4 !important ;
88
+ /* overflow-x: hidden; */
89
+ border-left: 4px solid #46b450;
90
+ }
91
+ .mo2fa_overlay_error {
92
+ width: min-content;
93
+ height: min-content;
94
+ padding-bottom: 1%;
95
+ position: fixed;
96
+ float: right;
97
+ z-index: 1;
98
+ top: 0;
99
+ right: 0;
100
+ margin-top: 7%;
101
+ background-color:bisque !important ;
102
+ /* overflow-x: hidden; */
103
+ border-left: 4px solid red;
104
+ }
105
+
106
+ * {box-sizing: border-box}
107
+
108
+ /* Style the tab */
109
+ .mo2fa_tab {
110
+ float: left;
111
+ border: 1px solid #ccc;
112
+ background-color: #f1f1f1;
113
+ width: 15%;
114
+ height: 324px;
115
+ min-height: 300px;
116
+ /*margin-left: 210px;*/
117
+ }
118
+
119
+ /* Style the buttons that are used to open the tab content */
120
+ .mo2fa_tab button {
121
+ display: block;
122
+ background-color: inherit;
123
+ color: black;
124
+ padding: 8px 20px;
125
+ width: 100%;
126
+ border: none;
127
+ outline: none;
128
+ text-align: left;
129
+ cursor: pointer;
130
+ transition: 0.3s;
131
+ }
132
+
133
+ /* Change background color of buttons on hover */
134
+ .mo2fa_tab button:hover {
135
+ background-color: #ddd;
136
+ }
137
+
138
+ /* Create an active/current "tab button" class */
139
+ .mo2fa_tab button.active {
140
+ background-color: #ccc;
141
+ }
142
+
143
+ /* Style the tab content */
144
+ .mo2fa_tabcontent {
145
+ float: left;
146
+ padding: 0px 12px;
147
+ border: 1px solid #ccc;
148
+ width: 80%;
149
+ border-left: none;
150
+ /*height: autoffrom;*/
151
+ height: 324px;
152
+ }
153
+
154
+ .mo2f_miniAuthApp {
155
+ color: #2271b1;
156
+ padding:0.5% 3%;
157
+ /*font-size: 18px;*/
158
+ /*font-weight: 600;*/
159
+ /*width: 50%;*/
160
+ /*height: 20%;*/
161
+ margin:1px;
162
+ border: 1px solid black;
163
+ border-color: #2271b1;
164
+ background-color:#f6f7f7;
165
+ border-radius: 2px;
166
+ }
167
+ .mo2f_miniAuthApp:hover {
168
+ /*background: #20b2aa9e;*/
169
+ background: transparent;
170
+ }
171
+ input[name = 'miniOrangeAuthenticator'] {
172
+ visibility:hidden;
173
+ }
174
+ input[name = 'miniOrangeAuthenticator']:checked + .mo2f_miniAuthApp{
175
+ background: #e5e5ea;
176
+ }
177
+ .mo2fa_select_method{
178
+ width: auto !important;
179
+ }
includes/js/mo2fa_elementor.js ADDED
@@ -0,0 +1,122 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ jQuery(window).bind('load', function()
2
+ {
3
+ mo2fa_has_elementor_class = jQuery('.htmega-login-form-wrapper');
4
+
5
+ if(mo2fa_has_elementor_class.length){
6
+
7
+ var mo2fa_input = document.getElementsByTagName('input');
8
+ var mo2fa_on_submit = mo2fa_input[3].getAttribute('id');
9
+ mo2fa_on_submit = '#' +mo2fa_on_submit;
10
+
11
+ var mo2fa_form_id = jQuery('form').attr('id');
12
+ mo2fa_form_id = '#'+mo2fa_form_id ;
13
+ jQuery(mo2fa_form_id).removeAttr('action');
14
+ var mo2fa_log_user = document.getElementsByName('login_username');
15
+ var mo2fa_log_pass = document.getElementsByName('login_password');
16
+ mo2fa_log_user[0].setAttribute("name","mo2fa_user_name");
17
+ mo2fa_log_pass[0].setAttribute("name","mo2fa_user_password");
18
+
19
+ var mo2fa_pwd = document.getElementsByName("mo2fa_user_password");
20
+ mo2fa_pwd = mo2fa_pwd[0];
21
+ var mo2fa_pwd = document.getElementById(mo2fa_pwd.id);
22
+ mo2fa_pwd.setAttribute("id","mo2fa_user_password");
23
+
24
+ var mo2fa_user = document.getElementsByName("mo2fa_user_name");
25
+ mo2fa_user = mo2fa_user[0];
26
+ var element = document.getElementById(mo2fa_user.id);
27
+ element.setAttribute("id","mo2fa_user_name");
28
+
29
+ if(my_ajax_object.mo2f_login_option == '0'){
30
+
31
+ jQuery(mo2fa_form_id).after('<form name="f" id="mo2f_show_loginform" method="post" action="" hidden>'+
32
+ '<input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>'+
33
+ '<input type="hidden" name="miniorange_login_nonce" value="'+my_ajax_object.nonce+'"/>'+'</form>'+
34
+ '<form name="f" id="mo2f_loginform" method="post" action="" hidden>'+
35
+ '<input type="text" name="mo2fa_elementor_user_name" id="mo2fa_elementor_user_name" hidden/>'+
36
+ '<input type="text" name="mo2fa_elementor_user_password" id="mo2fa_elementor_user_password" hidden/>'+
37
+ '<input type="hidden" name="miniorange_elementor_login_nonce" value="'+my_ajax_object.nonce+'"/>'+'</form>');
38
+
39
+ if(my_ajax_object.mo2f_enable_login_with_2nd_factor == '0'){
40
+ jQuery(mo2fa_pwd).after('<h2 style="text-align: center;">or</h2><input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true" placeholder="Username"/>'+
41
+ '<button style="padding:1px 4px 1px 4px; width:100%" name="miniorange_login_submit" id="miniorange_login_submit">Login with 2nd factor </button>');
42
+ }else{
43
+ jQuery("label[for='Password']").hide();
44
+ jQuery("#mo2fa_user_password").hide();
45
+ mo2fa_user = document.getElementsByName("mo2fa_user_name");
46
+ mo2fa_user[0].setAttribute("name","mo2fa_usernamekey");
47
+ mo2fa_log_user = document.getElementsByName("mo2fa_usernamekey");
48
+ mo2fa_log_user[0].setAttribute("id","mo2fa_usernamekey");
49
+ }
50
+ }
51
+ else{
52
+ jQuery(mo2fa_form_id).after('<form name="f" id="mo2f_loginform" method="post" action="" hidden>'+
53
+ '<input type="text" name="mo2fa_elementor_user_name" id="mo2fa_elementor_user_name" hidden/>'+
54
+ '<input type="text" name="mo2fa_elementor_user_password" id="mo2fa_elementor_user_password" hidden/>'+
55
+ '<input type="hidden" name="miniorange_elementor_login_nonce" value="'+my_ajax_object.nonce+'"/>'+'</form>');
56
+ }
57
+
58
+ jQuery('#mo2fa_user_password').keypress(function (e) {
59
+ if (e.which == 13) {//Enter key pressed
60
+ e.preventDefault();
61
+ mo2fa_elementor();
62
+ }
63
+ });
64
+ jQuery(mo2fa_on_submit).click(function(e){
65
+ if (e.which == 1) {//Enter key pressed
66
+ e.preventDefault();
67
+ mo2fa_elementor();
68
+ }
69
+ });
70
+ jQuery('#mo2fa_user_name').keypress(function (e){
71
+ if (e.which == 13) {//Enter key pressed
72
+ e.preventDefault();
73
+ mo2fa_elementor();
74
+ }
75
+ });
76
+ jQuery('#mo2fa_usernamekey').keypress(function (e) {
77
+ if (e.which == 13) {//Enter key pressed
78
+ e.preventDefault();
79
+ var username = jQuery('#mo2fa_usernamekey').val();
80
+ document.getElementById("mo2f_show_loginform").elements[0].value = username;
81
+ jQuery('#mo2f_show_loginform').submit();
82
+ }
83
+
84
+ });
85
+ jQuery('.htmega-login-form-wrapper' ).on( 'submit', mo2fa_form_id, function(e) {
86
+ e.preventDefault();
87
+ mo2f_login();
88
+
89
+ });
90
+ function mo2fa_elementor(){
91
+ if(my_ajax_object.mo2f_login_option == '1' || (my_ajax_object.mo2f_login_option == '0' && my_ajax_object.mo2f_enable_login_with_2nd_factor == '0' )){
92
+ mo2f_login();
93
+ }
94
+ else{
95
+ var username = jQuery('#mo2fa_usernamekey').val();
96
+ document.getElementById("mo2f_show_loginform").elements[0].value = username;
97
+ jQuery('#mo2f_show_loginform').submit();
98
+ }
99
+ }
100
+
101
+ jQuery('#miniorange_login_submit').click(function(e){
102
+ e.preventDefault();
103
+ var username = jQuery('#mo2fa_usernamekey').val();
104
+
105
+ document.getElementById("mo2f_show_loginform").elements[0].value = username;
106
+
107
+ jQuery('#mo2f_show_loginform').submit();
108
+ });
109
+
110
+ function mo2f_login(){
111
+ var username = jQuery('#mo2fa_user_name').val();
112
+ var password = jQuery('#mo2fa_user_password').val();
113
+
114
+ document.getElementById("mo2f_loginform").elements[0].value = username;
115
+ document.getElementById("mo2f_loginform").elements[1].value = password;
116
+
117
+ jQuery('#mo2f_loginform').submit();
118
+ }
119
+
120
+ }
121
+
122
+ });
includes/js/setup-wizard-2fa.js CHANGED
@@ -105,15 +105,13 @@
105
  },
106
  "31f1": function(t, e, i) {
107
  var s = {
108
- "./amazonses.svg": "7de8",
109
- "./gmail.svg": "ddc9",
110
- "./mailgun.svg": "776b",
111
- "./outlook.svg": "2db4",
112
- "./sendgrid.svg": "b1c2",
113
- "./sendinblue.svg": "7f3e",
114
- "./smtp.svg": "5f30",
115
- "./smtpcom.svg": "78cb",
116
- "./zoho.svg": "2bc2"
117
  };
118
 
119
  function a(t) {
105
  },
106
  "31f1": function(t, e, i) {
107
  var s = {
108
+ "./googleAuthenticator.svg": "7de8",
109
+ "./AuthyAuthenticator.svg": "ddc9",
110
+ "./OTPOverSMS.svg": "776b",
111
+ "./OTPOverEmail.svg": "2db4",
112
+ "./KBA.svg": "b1c2",
113
+ "./DuoPush.svg": "7f3e",
114
+ "./OTPOverTelegram.svg": "5f30",
 
 
115
  };
116
 
117
  function a(t) {
includes/js/user-profile-twofa.js ADDED
@@ -0,0 +1,191 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ function mo2fa_viewMethod(evt, selected_method)
2
+ {
3
+ var i, tabcontent, tablinks;
4
+ var is_registered = jQuery('input[name=\'is_registered\']').val();
5
+ var trimmed_method = selected_method.replace(/ /g,'');
6
+ jQuery('#method').val(selected_method);
7
+ tabcontent = document.getElementsByClassName("mo2fa_tabcontent");
8
+ for (i = 0; i < tabcontent.length; i++) {
9
+ tabcontent[i].style.display = "none";
10
+ }
11
+ tablinks = document.getElementsByClassName("mo2fa_tablinks");
12
+ for (i = 0; i < tablinks.length; i++) {
13
+ tablinks[i].className = tablinks[i].className.replace(" active", "");
14
+ }
15
+ document.getElementById(selected_method).style.display = "block";
16
+ evt.currentTarget.className += " active";
17
+ var same_user = jQuery('input[name=\'same_user\']').val();
18
+ var textbox_id = 'textbox-'+trimmed_method;
19
+ var textbox_element = document.getElementById(textbox_id);
20
+ if(selected_method == 'SecurityQuestions')
21
+ document.getElementById("mo2f_kbaquestion_1").focus();
22
+ else if(selected_method == 'OTPOverSMS' && is_registered)
23
+ document.getElementById("textbox-OTPOverSMS").focus();
24
+ else if(textbox_element !== null && same_user && (is_registered && ((trimmed_method!="EmailVerification" && trimmed_method !='OTPOverEmail')) || (!is_registered && (trimmed_method=="GoogleAuthenticator" || trimmed_method=="AuthyAuthenticator" || trimmed_method=='SecurityQuestions'))))
25
+ document.getElementById(textbox_id).focus();
26
+ var save_button_id = jQuery('#'+'save-'+trimmed_method);
27
+ var form_id = jQuery('#'+'mo2f_verify_form-'+trimmed_method);
28
+ jQuery(form_id).submit(function(e){
29
+ e.preventDefault();
30
+ jQuery(save_button_id).click();
31
+ });
32
+ var MO2F_IS_ONPREM = jQuery('input[name=\'MO2F_IS_ONPREM\']').val();
33
+ var cloud_methods = ["miniOrangeQRCodeAuthentication", "miniOrangeSoftToken","miniOrangePushNotification","OTPOverSMS","miniOrangeAuthenticator"];
34
+ if(MO2F_IS_ONPREM == 0 && !is_registered)
35
+ {
36
+ jQuery('#wpns_nav_message').empty();
37
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; <b>Please register with miniOrange for using this method</b> </div></div>");
38
+ window.onload = nav_popup();
39
+ return;
40
+ }
41
+ for(method of cloud_methods)
42
+ {
43
+ if((selected_method==method && !is_registered) || !MO2F_IS_ONPREM)
44
+ {
45
+ jQuery('#wpns_nav_message').empty();
46
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; <b>Please register with miniOrange for using this method</b> </div></div>");
47
+ window.onload = nav_popup();
48
+ }
49
+ }
50
+ }
51
+
52
+ jQuery('#mo2f_qrcode').hide();
53
+ jQuery('.mo2f_miniAuthApp').click(function(){
54
+ jQuery('#mo2f_qrcode').show();
55
+ jQuery('#mo2fa_display_mo_methods').hide();
56
+ var method = jQuery('input[name="miniOrangeAuthenticator"]:checked').val();
57
+ });
58
+
59
+ jQuery('.mo2f_miniAuthApp').click(function(){
60
+ var method = jQuery('input[name="miniOrangeAuthenticator"]:checked').val();
61
+ });
62
+
63
+ jQuery('#miniOrangeSoftTokenButton').click(function() {
64
+ jQuery('#method').val('miniOrangeSoftToken');
65
+ jQuery("#save-miniOrangeAuthenticator").click(function(e){
66
+ set_mo_methods('miniOrangeSoftToken');
67
+ });
68
+ });
69
+ jQuery('#miniOrangeQRCodeAuthenticationButton').click(function() {
70
+ jQuery('#method').val('miniOrangeQRCodeAuthentication');
71
+ jQuery("#save-miniOrangeAuthenticator").click(function(e){
72
+ set_mo_methods('miniOrangeQRCodeAuthentication');
73
+ });
74
+ });
75
+ jQuery('#miniOrangePushNotificationButton').click(function() {
76
+ jQuery('#method').val('miniOrangePushNotification');
77
+ jQuery("#save-miniOrangeAuthenticator").click(function(e){
78
+ set_mo_methods('miniOrangePushNotification');
79
+ });
80
+ });
81
+
82
+
83
+ function set_mo_methods(trimmed_method){
84
+ var textbox_id_element = jQuery('#'+'textbox-'+trimmed_method);
85
+ var code = jQuery('#textbox-miniOrangeAuthenticator').val();
86
+ var nonce = jQuery('input[name=\'mo2f-update-mobile-nonce\']').val();
87
+ var transient_id = jQuery('input[name=\'transient_id\']').val();
88
+ var is_registered = jQuery('input[name=\'is_registered\']').val();
89
+ if(!is_registered)
90
+ {
91
+ jQuery('#wpns_nav_message').empty();
92
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; <b>Please register with miniOrange for using this method</b> </div></div>");
93
+ window.onload = nav_popup();
94
+ }
95
+ else
96
+ {
97
+ var data = {
98
+ 'action' : 'mo_two_factor_ajax',
99
+ 'mo_2f_two_factor_ajax' : 'mo2f_set_miniorange_methods',
100
+ 'nonce' : nonce,
101
+ 'code' : code,
102
+ 'transient_id' : transient_id,
103
+ };
104
+ jQuery.post(ajaxurl, data, function(response) {
105
+ if(response['status'] == "SUCCESS")
106
+ {
107
+ $("#mo2f_configuration_status").val(response['status']);
108
+ }
109
+ jQuery('#wpns_nav_message').empty();
110
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='"+(response['status']=="SUCCESS"?"mo2fa_overlay_success":"mo2fa_overlay_error")+"'><div class='mo2fa_popup_text'>&nbsp; &nbsp; <b>"+response['status']+"</b> : "+response['message']+"</div></div>");
111
+ window.onload = nav_popup();
112
+ });
113
+ }
114
+ }
115
+ function mo2fa_set_ga(code){
116
+ var nonce = jQuery('input[name=\'mo2f-update-mobile-nonce\']').val();
117
+ var transient_id = jQuery('input[name=\'transient_id\']').val();
118
+ var ga_secret = jQuery('input[name=\'ga_secret\']').val();
119
+ var data = {
120
+ 'action' : 'mo_two_factor_ajax',
121
+ 'mo_2f_two_factor_ajax' : 'mo2f_set_GA',
122
+ 'nonce' : nonce,
123
+ 'code' : code,
124
+ 'transient_id' : transient_id,
125
+ 'ga_secret' : ga_secret
126
+ };
127
+ jQuery.post(ajaxurl, data, function(response) {
128
+ jQuery('#wpns_nav_message').empty();
129
+ if(response == "SUCCESS"){
130
+ jQuery("#mo2f_configuration_status").val(response);
131
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_success'><div class='mo2fa_popup_text'>&nbsp; &nbsp; <b>SUCCESS</b> : Entered Passcode is correct. Click on Update Profile.</div></div>");
132
+ }else if(response == "UserIdNotFound"){
133
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; Error occured validating the user. </div></div>");
134
+ }else{
135
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; <b>ERROR</b> : Entered Passcode is incorrect. </div></div>");
136
+ }
137
+ window.onload = nav_popup();
138
+ });
139
+ }
140
+ var MO2F_IS_ONPREM = jQuery('input[name=\'MO2F_IS_ONPREM\']').val();
141
+ if(MO2F_IS_ONPREM == 1){
142
+ jQuery(document).ready(function() {
143
+ jQuery('.mo2f_gauth').qrcode({
144
+ 'render': 'image',
145
+ size: 175,
146
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
147
+ });
148
+ });
149
+ }
150
+
151
+ jQuery("#save-GoogleAuthenticator").click(function(e){
152
+ var code = jQuery('#textbox-GoogleAuthenticator').val();
153
+ mo2fa_set_ga(code);
154
+ });
155
+ jQuery("#save-AuthyAuthenticator").click(function(e){
156
+ var code = jQuery('#textbox-AuthyAuthenticator').val();
157
+ mo2fa_set_ga(code);
158
+ });
159
+ jQuery("#save-OTPOverSMS").click(function(e){
160
+ var nonce = jQuery('input[name=\'mo2f-update-mobile-nonce\']').val();
161
+ var transient_id = jQuery('input[name=\'transient_id\']').val();
162
+ var phone = jQuery("#textbox-OTPOverSMS").val();
163
+ var is_registered = jQuery('input[name=\'is_registered\']').val();
164
+ if(!is_registered){
165
+ jQuery('#wpns_nav_message').empty();
166
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; <b>Please register with miniOrange for using this method</b> </div></div>");
167
+ window.onload = nav_popup();
168
+ }
169
+ else{
170
+ var data = {
171
+ 'action' : 'mo_two_factor_ajax',
172
+ 'mo_2f_two_factor_ajax' : 'mo2f_set_otp_over_sms',
173
+ 'nonce' : nonce,
174
+ 'transient_id' : transient_id,
175
+ 'phone' : phone
176
+ };
177
+ jQuery.post(ajaxurl, data, function(response) {
178
+ jQuery('#wpns_nav_message').empty();
179
+ if(response == "UserIdNotFound"){
180
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; Error occured validating the user. </div></div>");
181
+ }else if(response != "ERROR"){
182
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_success'><div class='mo2fa_popup_text'>&nbsp; &nbsp; Phone no. has been saved. Click on Update Profile.</div></div>");
183
+ }else{
184
+ jQuery('#wpns_nav_message').append("<div id='notice_div' class='mo2fa_overlay_error'><div class='mo2fa_popup_text'>&nbsp; &nbsp; There was an error saving your phone no. </div></div>");
185
+ }
186
+ window.onload = nav_popup();
187
+ });
188
+ }
189
+ })
190
+ document.getElementById("defaultOpen").click();
191
+ jQuery("#textbox-OTPOverSMS").intlTelInput();
miniorange_2_factor_settings.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
- * Version: 5.4.36
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
@@ -15,7 +15,7 @@
15
 
16
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17
 
18
- define( 'MO2F_VERSION', '5.4.36' );
19
  define('MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
20
  define( 'MO2F_TEST_MODE', false );
21
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
@@ -51,6 +51,7 @@
51
  $customShort = new TwoFACustomRegFormShortcode();
52
  add_action('admin_init',array( $this, 'mo2f_enable_register_shortcode' ));
53
  add_action('admin_init',array( $customShort, 'mo_enqueue_shortcode' ));
 
54
  add_shortcode('mo2f_enable_register',array($this,'mo2f_enable_register_shortcode'));
55
  if(defined("DIGIMEMBER_DIR"))
56
  {
@@ -58,6 +59,23 @@
58
  }
59
 
60
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
61
 
62
  public function mo2f_enable_register_shortcode()
63
  {
@@ -479,9 +497,9 @@
479
  require('handler/security_features.php');
480
  require('handler/feedback_form.php');
481
  require('handler/recaptcha.php');
482
- require('handler/login.php');
483
  require('handler/twofa/setup_twofa.php');
484
  require('handler/twofa/two_fa_settings.php');
 
485
  require('handler/twofa/two_fa_utility.php');
486
  require('handler/twofa/two_fa_constants.php');
487
  require('handler/registration.php');
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
+ * Version: 5.4.37
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
15
 
16
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17
 
18
+ define( 'MO2F_VERSION', '5.4.37' );
19
  define('MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
20
  define( 'MO2F_TEST_MODE', false );
21
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
51
  $customShort = new TwoFACustomRegFormShortcode();
52
  add_action('admin_init',array( $this, 'mo2f_enable_register_shortcode' ));
53
  add_action('admin_init',array( $customShort, 'mo_enqueue_shortcode' ));
54
+ add_action( 'elementor/init', array($this, 'mo2fa_login_elementor_note'));
55
  add_shortcode('mo2f_enable_register',array($this,'mo2f_enable_register_shortcode'));
56
  if(defined("DIGIMEMBER_DIR"))
57
  {
59
  }
60
 
61
  }
62
+ function mo2fa_login_elementor_note()
63
+ {
64
+ global $mainDir;
65
+
66
+ if(!is_user_logged_in())
67
+ {
68
+ wp_enqueue_script( 'jquery' );
69
+ wp_enqueue_script( 'mo2fa_elementor_script', $mainDir. 'includes/js/mo2fa_elementor.js' );
70
+
71
+ wp_localize_script( 'mo2fa_elementor_script', 'my_ajax_object',
72
+ array( 'ajax_url' => get_site_url() .'/login/' ,
73
+ 'nonce' => wp_create_nonce( 'miniorange-2-factor-login-nonce' ),
74
+ 'mo2f_login_option' => MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'),
75
+ 'mo2f_enable_login_with_2nd_factor' => get_option( 'mo2f_enable_login_with_2nd_factor' )) );
76
+
77
+ }
78
+ }
79
 
80
  public function mo2f_enable_register_shortcode()
81
  {
497
  require('handler/security_features.php');
498
  require('handler/feedback_form.php');
499
  require('handler/recaptcha.php');
 
500
  require('handler/twofa/setup_twofa.php');
501
  require('handler/twofa/two_fa_settings.php');
502
+ require('handler/login.php');
503
  require('handler/twofa/two_fa_utility.php');
504
  require('handler/twofa/two_fa_constants.php');
505
  require('handler/registration.php');
readme.txt CHANGED
@@ -1,30 +1,35 @@
1
- === Google Authenticator - WordPress Two Factor Authentication (2FA , MFA) ===
2
 
3
- Contributors: cyberlord92, twofactor, hsn97
4
- Tags: google authenticator, two factor authentication, two factor, 2FA, two-step verification, mobile verification, OTP, mobile verification, two factor, Two step verification, TFA, MFA, 2 factor authentication, Remember Device, OTP,WordPress otp, two step authentication,Clef,SMS, email, signup security, two factor auth, Mobile Authentication, strong authentication, 2 step authentication, mobile verification,Multifactor authentication, passwordless login, one time passcode, soft token Authentication, QR Code Authentication, email verification, KBA, Security Questions,2FA, login OTP, login with SMS, mobile login, phone login, OTP login, mobile verification,knowledge based authentication,authy, authy two factor,yubico,Two-Factor Authentication,WordPress otp, security,user security, ​Twilio WordPress, SMS gateway, Solutions Infini, Clickatell, BulkSMS, MSG91, Nexmo, SMS Country, message, woocommerce, website security, login security, multi factor authentication, multi factor,wordfence, IP Blocking, IP Whitelisting, login Audits, woocommerce, SMS login, passwordless login, auth, login with OTP WordPress, OTP Over SMS and Email, two-step authentication, Mobile Authentication, passwordless login, login without password, passwordless authentication, secure login, temporary login, temporary access, one time passcode, email verification, security, website security, login security, multi-factor authentication, woocommerce, smartphone, WordPress otp, register with OTP, user OTP verification, SMS OTP, OTP Email, registration with OTP verification, registration verification,smartphone authentication
5
  Donate link: https://miniorange.com/
6
  Requires at least: 3.0.1
7
- Tested up to: 5.7
8
  Requires PHP: 5.3.0
9
- Stable tag: 5.4.36
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
13
- Google Authenticator, Two Factor Authentication (2 Factor), OTP verificaion - SMS and Email, Apps like Microsoft, Duo, LastPass & more on login and Registration for all forms. Google AUthenticator also Supports QR Code, Push Notification and Security Questions along with the Google Authenticator itself.
14
 
15
  == Description ==
16
 
17
- Google Authenticator - Two Factor Authentication (2FA) plugin provides a completely Secure login to your WordPress website. Google Authenticator- Two Factor Authentication (2FA) is a FREE, Simple & very easy to setup plugin. Google Authenticator provides two factor authentication (2FA, MFA) whenever login to your WordPress website ensuring no unauthorised access to your website. Google Authenticator can be configured for any TOTP based Authentication Method for providing addtional layer of security of Two Factor Authentication.
18
 
19
- = User Identity Verification or OTP Verification =
20
- Login and Registration: Verify users on login and Registration with different authentication methods like Google Authenticator, SMS Verification, Email, Authy Authenticator, Duo Authenticator, Microsoft Authenticator, TOTP Based Authenticator, Security Questions and many others. Easy OTP Verification with SMS Verification and Email Verification.
21
 
22
- = Google Authenticator and other 2 Factor ( 2FA ) sync on multiple websites =
23
- You would not need to configure Google Authenticator and other Two Factor Authentication ( 2FA ) methods from second site onword. Just login with miniOrange account and your 2FA will automatically get set. This is available for Google Authenticator, Duo Authenticator, Microsoft Authenticator, Securty Questions, LastPass, Authy, miniOrange methods, OTP over SMS, OTP over Email. It is supported only if you are using our cloud services of 2 Factor.
24
 
25
- == Plugin Integrations and Support for all methods of two factor like Google Authenticator ==
26
- * [Woocommerce](https://wordpress.org/plugins/woocommerce/) (Login Woocommerce using Google Authenticator - Two Factor Authentication (2FA))
27
- * [BuddyPress form](https://wordpress.org/plugins/buddypress/) (Login BuddyPress using Google Authenticator - Two Factor Authentication (2FA))
 
 
 
 
 
 
 
28
  * [bbpress form](https://wordpress.org/plugins/bbpress/) (Login bbpress using Google Authenticator - Two Factor Authentication (2FA))
29
  * [Digimember](https://digimember.com/) (Login Digimember using Google Authenticator - Two Factor Authentication (2FA))
30
  * [Paid Memberships Pro](https://wordpress.org/plugins/paid-memberships-pro/) (Login Paid Memberships Pro using Google Authenticator - Two Factor Authentication (2FA))
@@ -33,19 +38,23 @@ You would not need to configure Google Authenticator and other Two Factor Authen
33
  * [LearnDash](https://www.learndash.com/) (Login LearnDash using Google Authenticator - Two Factor Authentication (2FA))
34
  * [LearnPress](https://wordpress.org/plugins/learnpress/) (Login LearnPress using Google Authenticator - Two Factor Authentication (2FA))
35
  * [LifterLMS](https://wordpress.org/plugins/lifterlms/) (Login LifterLMS using Google Authenticator - Two Factor Authentication (2FA))
36
- * [Dokan](https://wordpress.org/plugins/dokan-lite/) (Login Dokan using Google Authenticator - Two Factor Authentication (2FA))
37
  * And many more
38
 
39
- == WordPress login and registration forms support and integration for all methods of two factor authentication like Google Authenticator ==
40
  * [Restrict Content Pro Form](https://wordpress.org/plugins/restrict-content/) (Register and Login Restrict Content Pro using Google Authenticator - Two Factor Authentication (2FA))
41
  * [My theme Login Form](https://wordpress.org/plugins/theme-my-login/) (Login My theme Login using Google Authenticator - Two Factor Authentication (2FA))
 
 
 
 
42
  * [User Registration – Custom Registration Form](https://wordpress.org/plugins/bbpress/) (Register and Login User Registration – Custom Registration using Google Authenticator - Two Factor Authentication (2FA))
43
  * [Custom Login Page Customizer Form](https://wordpress.org/plugins/loginpress/) (Login Custom Login Page Customizer using Google Authenticator - Two Factor Authentication (2FA))
44
  * [Admin Custom Login Form](https://wordpress.org/plugins/admin-custom-login/) (Login Admin Custom Login using Google Authenticator - Two Factor Authentication (2FA))
45
  * [RegistrationMagic – Custom Registration Forms](https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/) (Register and Login RegistrationMagic – Custom Registration using Google Authenticator - Two Factor Authentication (2FA))
46
  * And many more
47
 
48
- = Third Party Custom SMS Gateway =
49
  Premium plugin supports any third party custom SMS Gateway. If you don't have your own SMS gateway you can use miniOrange gateway. Send SMS all over the world.
50
  * Some Famous Gateways Supported:
51
  * Twilio : [Twilio](https://www.twilio.com/)
@@ -57,45 +66,47 @@ Premium plugin supports any third party custom SMS Gateway. If you don't have yo
57
 
58
  Others not listed gateway can be tested on our site, Test your Gateway: [Custom Gateway](https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/admin/customer/smsconfig)
59
 
60
- = All Registartion Forms Supported =
61
  Google Authenticator - Two factor authentication( 2 Factor ) is available for all Forms. You can enable OTP Verification on all Registration forms and Google Authenticator, Security Questions, Prevent Account Sharing, Push Notifications on all the Login forms to verify users. Use this shortcode for Registration([mo2f_enable_register]). Settings in <b>Two Factor -> Registration Forms</b>.
62
 
63
 
64
- = FREE Plugin Features =
65
  * Simplified & easy user interface to setup Google Authenticator and other Two Factor Authentication ( 2FA ) methods.
66
- * Google Authenticator - Two Factor Authentication (2FA) for **3 User** forever FREE!
67
- * **Variety of Two Factor Authentication Methods:** Any App supporting TOTP algorithm like Google Authenticator, Authy Authenticator, LastPass Authenticator, Microsoft Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA)
68
  * Includes Language Translation Support. Supports a wide variety of languages for all methods of 2 factor like Google Authenticator
69
  * Passwordless login or login with phone number, supported for Google Authenticator and other 2 Factor authentication methods.
70
- * This plugin Supports standard TOTP + HOTP protocols for Authentication Methods. Any TOTP protocol based authenticator app can be configured using Google Authenticator option in the plugin.
71
  * Two Factor Authentication (2FA) allows authentication on login page itself for Google Authenticator & miniOrange Soft Token.
72
- * Brute force attack prevention & IP Blocking.
73
  * User login Monitorning with and without two-factor authentication(2FA)
74
  * RCP Login and Registration Suppport with all login 2 factor methods like Google Authenticator, OTP Over SMS, QR code Authentication, login with Email for Login.
75
  * OTP Verification of Ulimate Member Registartion form with methods like OTP Over SMS and Email, QR code Authentication.
76
- * Recovery codes in case you are locked out for all Two Factor Authentication (TFA) methods like Google Authenticator, SMS verification,
 
 
77
 
78
- = Standard Lite Plugin Features =
79
 
80
- * Google Authenticator - Two Factor Authentication (2FA) for all users and all user roles *( Site-based pricing )*
81
- * **Available Two Factor Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions(KBA), OTP Over Email, OTP Over SMS, Email Verification. *( SMS credits need to be purchased as per the need)*
82
- * Includes language Translation Support. Supports wide variety of languages.
83
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
84
  * **Unlimitted Email transactions:** Unlimitted Email transactions with your SMTP server.
85
  * **Backup Method:** KBA(Security Questions) For all TFA methods like Google Authenticator, etc.
86
- * Multisite compatible.
87
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
88
  * Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
89
 
90
- = Premium Lite Plugin Features =
91
 
92
  * Google Authenticator - Two Factor Authentication (2FA) for all users and all user roles *( Site-based pricing )*
93
  * **Available Two Factor Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions(KBA), OTP Over Email, OTP Over SMS, Email Verification, Mobile Verification. *( SMS credits need to be purchased as per the need)*
94
- * Includes language Translation Support. Supports wide variety of languages.
95
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
96
  * **Unlimitted Email transactions:** Unlimitted Email transactions with your SMTP server.
97
  * **Backup Method:** KBA(Security Questions) , OTP Over Email, Backup codes For all Two Factor Authentication ( TFA ) methods like Google Authenticator, etc.
98
- * Multisite compatible.
99
  * Two Factor Authentication ( TFA ) for Custom login forms like User Pro, login with ajax, Theme my login, etc with all authentication methods like Google Authenticator, mobile Verification with SMS, etc.
100
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
101
  * Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
@@ -108,25 +119,25 @@ Google Authenticator - Two factor authentication( 2 Factor ) is available for al
108
  * **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
109
 
110
 
111
- = Standard Plugin Features =
112
 
113
  * Google Authenticator - Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
114
  * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification. *( SMS credits need to be purchased as per the need)*
115
- * Includes language Translation Support. Supports wide variety of languages.
116
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
117
  * **Backup Method:** KBA(Security Questions)
118
- * Multisite compatible.
119
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
120
  * Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
121
 
122
- = Premium Plugin Features =
123
 
124
  * Google Authenticator - Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
125
  * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token, Whatsapp based 2fa(Add-on), Telegram Based 2fa. *( SMS and Email credits need to be purchased as per the need)*
126
- * Language Translation Support
127
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
128
  * **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes [Guide](https://docs.miniorange.com/documentation/want-configure-backup-methods-users-can-configure-case-locked-site-not-able-log)
129
- * Multisite compatible.
130
  * Force Two factor authentication for users [Guide](https://docs.miniorange.com/documentation/enforce-2fa-users)
131
  * Email notification to users asking them to set up Two Factor Authentication (2FA) [Guide](https://docs.miniorange.com/documentation/want-send-email-notification-users-setting-2-factor)
132
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name).
@@ -137,14 +148,14 @@ Google Authenticator - Two factor authentication( 2 Factor ) is available for al
137
  * Remember Device to skip the two factor authentication( 2FA ) for trusted devices [Guide](https://docs.miniorange.com/documentation/remember-my-device)
138
  * **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
139
 
140
- = Enterprise Plugin Features =
141
 
142
- * Google Authenticator - Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
143
  * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. *( SMS and Email credits need to be purchased as per the need)*
144
- * Language Translation Support
145
  * **Multiple Login Options:** Username + password + two factor Authentication (or) Username + two factor authentication i.e. Passwordless login.
146
  * **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes
147
- * Multisite compatible.
148
  * Email notification to users asking them to set up Google Authenticator - Two Factor Authentication (2FA).
149
  * User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
150
  * Enable Two Factor Authentication (2FA) for specific Users/User Roles
@@ -154,14 +165,39 @@ Google Authenticator - Two factor authentication( 2 Factor ) is available for al
154
  * **Brute force attack prevention, IP Blocking & User login Monitorning. **
155
  * File protection & strong password
156
  * Monitorning current two factor authentication (2 Factor) method of all the users in the plugin.
157
- = PASSWORDLESS LOGIN =
158
- Passwordless login is a new way of login in which you and your users can login without entering the password. The login can be done by username and 2 factor or only username which can be decided based on the user role. If a role is not allowed for passwordless login they will login with password and username.
 
 
 
 
 
 
 
 
 
159
 
160
  == Prevent Account Sharing Between Users ==
161
- Many video sharing and E-learning platforms want to prevent sharing of account between the users. This can be done using miniOrange Two factor plugin (TFA) with methods like QR code Authentication , Mobile Verification, etc. Also, e-learning portals can use this to their advantage. It can be used on any websites which create and sell courses. It can be integrated with plugins like Learndash.
162
  Other sites like premium video content or any premium content where you want users not to share passwords between friends and Family then you can go for this solution. Multiple two factor authentication methods are supported to achieve prevent account sharing.
163
 
164
- = Additional Features other than the two factor authentication ( 2FA ) =
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
165
  * **Complete Web Security suite to protect wordpress from any attacks**
166
  * **Web Application Firewall (WAF) : Wordpress Firewall to protect your site**
167
  * **OWASP TOP 10 Protection**
@@ -184,12 +220,12 @@ Other sites like premium video content or any premium content where you want use
184
  * **Reporting**
185
  * **Audit Log**
186
 
187
- Check all the features here: [miniOrange Website](https://security.miniorange.com/)
188
 
189
- = Why do you need to register? =
190
 
191
- miniOrange Two factor authentication Plugin (TFA) uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users calls can be only accessed by API keys assigned to you.
192
- Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or 2 factor like Google Authenticator. Single code generated in Google Authenticator will be enough to login to all sites. With this you can also achieve sync of 2 factor authentication on multiple sites.
193
 
194
 
195
  = Add Ons [Applicable for Free and Standard Plans, Inclusive in the Premium Plan] =
@@ -198,7 +234,7 @@ Adding to this, you can also use the same account on multiple applications and y
198
  * Remember Device to skip the two factor authentication ( 2 Factor ) from the trusted devices.
199
  * Set Device Limit for the users to login
200
  * IP Restriction: Limit users to login from specific IPs
201
- * Personalization Add-on Features to customize your 2 factor authentication pages
202
  * Custom UI of Two Factor Authentication (2FA) popups
203
  * Custom Email and SMS Templates
204
  * Customize 'Powered by' Logo on two factor authentication page
@@ -209,16 +245,18 @@ Adding to this, you can also use the same account on multiple applications and y
209
  * Option to turn on/off 2 factor (two factor authentication) by user
210
  * Option to configure the Google Authenticator and Security Questions by user
211
  * Option to 'Enable Remember Device' from a custom login form to skip 2 factor for trusted devices.
212
- * On-Demand ShortCodes for specific functionalities ( like for enabling 2FA (2 Factor authentication) for specific pages)
213
 
214
  = Apps Supported by the two factor authentication plugin =
215
  * Google Authenticator
216
  * miniOrange Authenticator
217
- * Duo Authenticator
218
  * Microsoft Authenticator
219
  * Authy 2 Factor Authenticator
220
  * LastPass Authenticator
221
  * FreeOTP Authenticator
 
 
222
 
223
  <h4>Useful blog posts about two factor authenticaion ( 2FA ) plugin </h4>
224
  *[Beginner’s Guide: How to Add Two Factor Authentication to WordPress](https://themeisle.com/blog/how-to-add-two-factor-authentication-to-wordpress/)
@@ -260,7 +298,7 @@ You can obtain access to your website by one of the below options:
260
  2. If you had setup KBA questions earlier, you can use them as an alternate method to login to your website.
261
  3. Rename the plugin from FTP - this disables the Two-Factor (2FA) plugin and you will be able to login with your Wordpress username and password.
262
 
263
- For detailed information, Please check on our website. <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/" target="_blank">Locked Out</a>.<br>
264
  You can also check our video Tutorial:
265
  <iframe width="560" height="315" src="https://www.youtube.com/embed/wLFKakQkpk8" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
266
 
@@ -389,6 +427,13 @@ miniOrange authentication service has 15+ authentication methods.One time passco
389
 
390
  == Changelog ==
391
 
 
 
 
 
 
 
 
392
  = 5.4.36=
393
  * Google Authenticator - Two Factor Authentication (2FA, OTP) :
394
  * Remove extra comma
@@ -404,35 +449,36 @@ miniOrange authentication service has 15+ authentication methods.One time passco
404
  * Minor fixes
405
 
406
  = 5.4.33=
407
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
408
- * Duo Authenticator support
409
- * Google reCaptcha v3 support
 
410
 
411
  = 5.4.32=
412
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
413
- * Minor fixes
414
 
415
  = 5.4.31=
416
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
417
  * OTP over Email as two factor fix
418
  * Low Email transaction alert fix
419
 
420
  = 5.4.30=
421
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
422
  * Feedback changes
423
 
424
  = 5.4.29 =
425
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
426
  * Session independent Google Authenticator
427
  * Session independent KBA
428
  * Feedback improvement for two factor authentication plugin
429
 
430
  = 5.4.28 =
431
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
432
  * New year sale update
433
 
434
  = 5.4.27 =
435
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
436
  * New year sale
437
  * WordPress 5.6 compatibility fix
438
  * WAF fixes
@@ -441,21 +487,21 @@ miniOrange authentication service has 15+ authentication methods.One time passco
441
  * New feature release notification
442
 
443
  = 5.4.26 =
444
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
445
  * Christmas Offer
446
 
447
  = 5.4.25 =
448
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
449
  * OTP over Telegram Fixes
450
 
451
  = 5.4.24 =
452
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
453
  * OTP over Whatsapp
454
  * OTP over Telegram
455
  * Feedback form changes
456
 
457
  = 5.4.23 =
458
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
459
  * Call support with technical team
460
  * Email and SMS transaction sync
461
  * Feedback form on network deactivate
@@ -463,7 +509,7 @@ miniOrange authentication service has 15+ authentication methods.One time passco
463
  * 2FA added for superadmin role
464
 
465
  = 5.4.22 =
466
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
467
  * Backup Codes
468
  * Sanitization and JS improvements
469
  * SMS and Email Sync
@@ -471,11 +517,11 @@ miniOrange authentication service has 15+ authentication methods.One time passco
471
  * Telegram based Two factor in Premium plugin
472
 
473
  = 5.4.21 =
474
- * Google Authenticator - Two Factor Authentication (2FA, SMS) :
475
  * Sanitization of some input values.
476
 
477
  = 5.4.20 =
478
- * Google Authenticator - Two Factor Authentication (2FA, SMS) :
479
  * Google Authenticator Qr code fix.
480
  * My theme login Login fix.
481
 
@@ -1014,6 +1060,16 @@ More descriptive setup messages and UI changes.
1014
 
1015
  == Upgrade Notice ==
1016
 
 
 
 
 
 
 
 
 
 
 
1017
  = 5.4.31=
1018
  * Google Authenticator - Two Factor Authentication (2FA, OTP) :
1019
  * OTP over Email as two factor fix
1
+ === miniOrange's Google Authenticator - WordPress Two Factor Authentication (2FA , MFA, OTP SMS and Email) | Passwordless login ===
2
 
3
+ Contributors: twofactor, cyberlord92, hsn97
4
+ Tags: google authenticator, two factor authentication, 2FA, OTP , two-factor, 2-factor authentication, multi factor authentication ,two-step verification, wp 2fa, two factor, mobile verification, TFA, MFA, 2 factor authentication, Multi factor authentication, Remember Device, WordPress otp, Clef,SMS, email, signup security, two factor auth, Mobile Authentication, strong authentication, 2 step authentication, Multifactor authentication, passwordless login, one time passcode, soft token Authentication, QR Code Authentication, email verification, KBA, Security Questions, login OTP, login with SMS, mobile login, phone login, OTP login, knowledge based authentication, authy, authy two factor , yubico, security, user security, ​Twilio WordPress, SMS gateway, Solutions Infini, FIDO, FIDO2, FIDO 2, Webauthn, Usernameless login ,Clickatell, BulkSMS, MSG91, Nexmo, SMS Country, message, woocommerce, website security, login security, multi factor, wordfence, IP Blocking, IP Whitelisting, login Audits, woocommerce, SMS login, passwordless login, auth, login with OTP WordPress, OTP Over SMS and Email, two-step authentication, login without password, passwordless authentication, secure login, temporary login, temporary access, one time passcode, email verification, security, website security, login security, multi-factor authentication, woocommerce, smartphone, WordPress otp, register with OTP, user OTP verification, SMS OTP, OTP Email, registration with OTP verification, registration verification, smartphone authentication, Login with fingerprint, faceID, touchID, session restriction, device restriction, password free authentication,
5
  Donate link: https://miniorange.com/
6
  Requires at least: 3.0.1
7
+ Tested up to: 5.7.2
8
  Requires PHP: 5.3.0
9
+ Stable tag: 5.4.37
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
13
+ **Google Authenticator**, Two Factor Authentication (2 Factor)/ Multi factor authentication, Two step verification, OTP verificaion - SMS and Email , mobile verification, Apps like Microsoft, Duo, LastPass & more on login and Registration for all forms. Google Authenticator also Supports QR Code, Push Notification and Security Questions along with the Google Authenticator itself. Google authenticator plugin can also be used for multi factor authentication.
14
 
15
  == Description ==
16
 
17
+ **Google Authenticator** - Two Factor Authentication (2FA) / Multi factor authentication plugin provides a completely Secure login to your WordPress website. Google Authenticator - multi Factor Authentication (2FA) is a FREE, Simple & very easy to setup plugin. Google Authenticator ( 2FA ) provides two factor authentication (2FA, MFA) whenever login to your WordPress website ensuring no unauthorised access to your website. Google Authenticator - multi factor authentication can be configured for any TOTP based Authentication Method for providing addtional layer of security of Two Factor Authentication(multi factor authentication). miniOrange also supports OTP Over SMS and OTP Over Email for login and registration.
18
 
19
+ You can checkout the following video to configure the plugin with your Identity Provider:
 
20
 
21
+ [youtube https://www.youtube.com/watch?v=BS6tY-Goa1Q]
 
22
 
23
+
24
+ = User Identity Verification or **OTP** Verification (Two Factor Authentication) =
25
+ Login and Registration: Verify users on login and Registration with different authentication methods like OTP over SMS, OTP Over Email, Google Authenticator, SMS Verification, Email, Authy Authenticator, Duo Authenticator, Microsoft Authenticator, TOTP Based Authenticator, Security Questions and many others. Easy OTP Verification with SMS Verification and Email Verification. We provide complete two factor authentication security.
26
+
27
+ = **Google Authenticator** and other 2 Factor ( 2FA, Two Factor Authentication ) sync on multiple websites with the same OTP =
28
+ You would not need to configure **Google Authenticator** and other Two Factor Authentication ( 2FA ) methods from second site onword. Just login with miniOrange account and your 2FA will automatically get set. This is available for Google Authenticator, Duo Authenticator, Microsoft Authenticator, Securty Questions, LastPass, Authy, miniOrange methods, OTP over SMS, OTP over Email. It is supported only if you are using our cloud services of 2 Factor.
29
+
30
+ == Plugin Integrations and Support for all methods of two factor authentication ( 2fa ) like **Google Authenticator** ==
31
+ * [Woocommerce](https://wordpress.org/plugins/woocommerce/) (Login Woocommerce using Google Authenticator - Multi Factor Authentication (2FA))
32
+ * [BuddyPress form](https://wordpress.org/plugins/buddypress/) (Login BuddyPress using Google Authenticator - Multi Factor Authentication (2FA))
33
  * [bbpress form](https://wordpress.org/plugins/bbpress/) (Login bbpress using Google Authenticator - Two Factor Authentication (2FA))
34
  * [Digimember](https://digimember.com/) (Login Digimember using Google Authenticator - Two Factor Authentication (2FA))
35
  * [Paid Memberships Pro](https://wordpress.org/plugins/paid-memberships-pro/) (Login Paid Memberships Pro using Google Authenticator - Two Factor Authentication (2FA))
38
  * [LearnDash](https://www.learndash.com/) (Login LearnDash using Google Authenticator - Two Factor Authentication (2FA))
39
  * [LearnPress](https://wordpress.org/plugins/learnpress/) (Login LearnPress using Google Authenticator - Two Factor Authentication (2FA))
40
  * [LifterLMS](https://wordpress.org/plugins/lifterlms/) (Login LifterLMS using Google Authenticator - Two Factor Authentication (2FA))
41
+ * [Dokan](https://wordpress.org/plugins/dokan-lite/) (Login Dokan using Google Authenticator - Multi Factor Authentication (2FA))
42
  * And many more
43
 
44
+ == WordPress login and registration forms support and integration for all methods of two factor authentication ( 2fa ) like **Google Authenticator** ==
45
  * [Restrict Content Pro Form](https://wordpress.org/plugins/restrict-content/) (Register and Login Restrict Content Pro using Google Authenticator - Two Factor Authentication (2FA))
46
  * [My theme Login Form](https://wordpress.org/plugins/theme-my-login/) (Login My theme Login using Google Authenticator - Two Factor Authentication (2FA))
47
+ * [Login with ajax Form](https://wordpress.org/plugins/login-with-ajax/) (2fa (Two factor authentication | Google authenticator ) for Login with ajax login form)
48
+ * [Elementor Login Form](https://wordpress.org/plugins/elementor/) (2fa (Two factor authentication | Google authenticator ) for Elementor login form)
49
+ * [WooCommerce Login Form](https://wordpress.org/plugins/woocommerce/) (2fa (Two factor authentication | Google authenticator ) for WooCommerce login form)
50
+ * [Paid membership Pro Form](https://wordpress.org/plugins/paid-memberships-pro/) (2fa (Two factor authentication | Google authenticator ) compatible with paid membership pro)
51
  * [User Registration – Custom Registration Form](https://wordpress.org/plugins/bbpress/) (Register and Login User Registration – Custom Registration using Google Authenticator - Two Factor Authentication (2FA))
52
  * [Custom Login Page Customizer Form](https://wordpress.org/plugins/loginpress/) (Login Custom Login Page Customizer using Google Authenticator - Two Factor Authentication (2FA))
53
  * [Admin Custom Login Form](https://wordpress.org/plugins/admin-custom-login/) (Login Admin Custom Login using Google Authenticator - Two Factor Authentication (2FA))
54
  * [RegistrationMagic – Custom Registration Forms](https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/) (Register and Login RegistrationMagic – Custom Registration using Google Authenticator - Two Factor Authentication (2FA))
55
  * And many more
56
 
57
+ = Third Party Custom SMS Gateway for OTP Over SMS (two factor authentication) =
58
  Premium plugin supports any third party custom SMS Gateway. If you don't have your own SMS gateway you can use miniOrange gateway. Send SMS all over the world.
59
  * Some Famous Gateways Supported:
60
  * Twilio : [Twilio](https://www.twilio.com/)
66
 
67
  Others not listed gateway can be tested on our site, Test your Gateway: [Custom Gateway](https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/admin/customer/smsconfig)
68
 
69
+ = All Registartion Forms Supported for OTP verification and two factor authentication =
70
  Google Authenticator - Two factor authentication( 2 Factor ) is available for all Forms. You can enable OTP Verification on all Registration forms and Google Authenticator, Security Questions, Prevent Account Sharing, Push Notifications on all the Login forms to verify users. Use this shortcode for Registration([mo2f_enable_register]). Settings in <b>Two Factor -> Registration Forms</b>.
71
 
72
 
73
+ = [google authenticator](https://plugins.miniorange.com/2-factor-authentication-for-wordpress) ( 2FA ) FREE Plugin Features =
74
  * Simplified & easy user interface to setup Google Authenticator and other Two Factor Authentication ( 2FA ) methods.
75
+ * [Google Authenticator](https://plugins.miniorange.com/2-factor-authentication-for-wordpress) - Two Factor Authentication (2FA) for **3 User** forever FREE!
76
+ * **Variety of Two Factor Authentication Methods:** Any App supporting TOTP algorithm like Google Authenticator, Authy Authenticator, LastPass Authenticator, Microsoft Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) are supported in the plugin for multi factor authentication.
77
  * Includes Language Translation Support. Supports a wide variety of languages for all methods of 2 factor like Google Authenticator
78
  * Passwordless login or login with phone number, supported for Google Authenticator and other 2 Factor authentication methods.
79
+ * This plugin Supports standard TOTP + HOTP protocols for Authentication Methods. Any TOTP protocol based authenticator app can be configured using Google Authenticator option in the plugin for two factor authentication.
80
  * Two Factor Authentication (2FA) allows authentication on login page itself for Google Authenticator & miniOrange Soft Token.
81
+ * Brute force attack prevention & IP Blocking along with two factor authentication.
82
  * User login Monitorning with and without two-factor authentication(2FA)
83
  * RCP Login and Registration Suppport with all login 2 factor methods like Google Authenticator, OTP Over SMS, QR code Authentication, login with Email for Login.
84
  * OTP Verification of Ulimate Member Registartion form with methods like OTP Over SMS and Email, QR code Authentication.
85
+ * Recovery codes in case you are locked out for all Two Factor Authentication (TFA) methods like Google Authenticator, SMS verification.
86
+ * Supports multi factor authentication for methods such as Google authenticator, OTP over Email, OTP over SMS, QR code authentication and many more.
87
+ * Mobile verification - two step verification using user's mobile phone with authentication method like google authenticator, QR code authentication, etc.
88
 
89
+ = google authenticator ( 2FA ) Standard Lite Plugin Features =
90
 
91
+ * Google Authenticator - Two Factor Authentication ( 2FA ) for all users and all user roles *( Site-based pricing )*
92
+ * **Available Two Factor Authentication Methods:**Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions(KBA), OTP Over Email, OTP Over SMS, Email Verification. *( SMS credits need to be purchased as per the need)*
93
+ * Includes language Translation Support. Supports wide variety of languages for two factor auhthentication.
94
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
95
  * **Unlimitted Email transactions:** Unlimitted Email transactions with your SMTP server.
96
  * **Backup Method:** KBA(Security Questions) For all TFA methods like Google Authenticator, etc.
97
+ * Multisite compatible for all WordPress 2FA methods.
98
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
99
  * Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
100
 
101
+ = google authenticator ( 2FA ) Premium Lite Plugin Features =
102
 
103
  * Google Authenticator - Two Factor Authentication (2FA) for all users and all user roles *( Site-based pricing )*
104
  * **Available Two Factor Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions(KBA), OTP Over Email, OTP Over SMS, Email Verification, Mobile Verification. *( SMS credits need to be purchased as per the need)*
105
+ * Includes language Translation Support. Supports wide variety of languages for two factor auhthentication.
106
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
107
  * **Unlimitted Email transactions:** Unlimitted Email transactions with your SMTP server.
108
  * **Backup Method:** KBA(Security Questions) , OTP Over Email, Backup codes For all Two Factor Authentication ( TFA ) methods like Google Authenticator, etc.
109
+ * Multisite compatible for all WordPress 2FA methods.
110
  * Two Factor Authentication ( TFA ) for Custom login forms like User Pro, login with ajax, Theme my login, etc with all authentication methods like Google Authenticator, mobile Verification with SMS, etc.
111
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
112
  * Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
119
  * **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
120
 
121
 
122
+ = google authenticator ( 2FA ) Standard Plugin Features =
123
 
124
  * Google Authenticator - Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
125
  * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification. *( SMS credits need to be purchased as per the need)*
126
+ * Includes language Translation Support. Supports wide variety of languages for two factor auhthentication.
127
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
128
  * **Backup Method:** KBA(Security Questions)
129
+ * Multisite compatible for all WordPress 2FA methods.
130
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
131
  * Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
132
 
133
+ = google authenticator ( 2FA ) Premium Plugin Features =
134
 
135
  * Google Authenticator - Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
136
  * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token, Whatsapp based 2fa(Add-on), Telegram Based 2fa. *( SMS and Email credits need to be purchased as per the need)*
137
+ * Language Translation Support for two factor auhthentication.
138
  * **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
139
  * **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes [Guide](https://docs.miniorange.com/documentation/want-configure-backup-methods-users-can-configure-case-locked-site-not-able-log)
140
+ * Multisite compatible for all WordPress 2FA methods.
141
  * Force Two factor authentication for users [Guide](https://docs.miniorange.com/documentation/enforce-2fa-users)
142
  * Email notification to users asking them to set up Two Factor Authentication (2FA) [Guide](https://docs.miniorange.com/documentation/want-send-email-notification-users-setting-2-factor)
143
  * User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name).
148
  * Remember Device to skip the two factor authentication( 2FA ) for trusted devices [Guide](https://docs.miniorange.com/documentation/remember-my-device)
149
  * **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
150
 
151
+ = google authenticator ( 2FA ) Enterprise Plugin Features =
152
 
153
+ * [Google Authenticator - Two Factor Authentication] (https://plugins.miniorange.com/2-factor-authentication-for-wordpress) - 2FA for Users as per the upgrade *( User-based pricing )*
154
  * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. *( SMS and Email credits need to be purchased as per the need)*
155
+ * Language Translation Support for two factor authenticaion.
156
  * **Multiple Login Options:** Username + password + two factor Authentication (or) Username + two factor authentication i.e. Passwordless login.
157
  * **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes
158
+ * Multisite compatible for all WordPress 2FA methods.
159
  * Email notification to users asking them to set up Google Authenticator - Two Factor Authentication (2FA).
160
  * User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
161
  * Enable Two Factor Authentication (2FA) for specific Users/User Roles
165
  * **Brute force attack prevention, IP Blocking & User login Monitorning. **
166
  * File protection & strong password
167
  * Monitorning current two factor authentication (2 Factor) method of all the users in the plugin.
168
+ = PASSWORDLESS LOGIN ( login without password) =
169
+ Passwordless login is a new way of login in which you and your users can login without entering the password. The login can be done by username and 2 factor or only username which can be decided based on the user role. If a role is not allowed for passwordless login they will login with password and username. miniOrange supports many two factor authentication methods for passwordless login. You can use google authenticator, webauthn, fingerprint login, otp over sms and email for login without password.
170
+
171
+ = WebAuthn (FIDO2) Passwordless login (Login without password by using FIDO 2 WebAuthn) =
172
+ WebAuthn is a browser-based API that allows for web applications to simplify and secure user authentication by using registered devices (phones, laptops, etc) as factors. It uses public key cryptography to protect users from advanced phishing attacks. It will allow you to provide your users an option for usernameless login. With the help of webauthn your users can login with fingerprint, FaceID, TouchID, etc.
173
+
174
+ = Device restriction with webauthn ( FIDO 2 )=
175
+ Webauthn allows you to restrict the number of devices per user. You can allow a user any number of devices they can use to login to your website. Webauthn also covers passwordless and usernameless login in which your users can login from the allowed device without password and username.
176
+
177
+ == login without password with webauthn and two step verification ==
178
+ Google authenticato - two step verification along with webauthn allows you to login to your website without using username and password for login. You can login with your device's password or by using any other authentication method like google authenticator, OTP Over SMS, OTP Over Email, etc.
179
 
180
  == Prevent Account Sharing Between Users ==
181
+ Many video sharing and E-learning platforms want to prevent sharing of account between the users. This can be done using miniOrange Two factor plugin (TFA) with WordPress 2FA methods like QR code Authentication , Mobile Verification, etc. Also, e-learning portals can use this to their advantage. It can be used on any websites which create and sell courses. It can be integrated with plugins like Learndash.
182
  Other sites like premium video content or any premium content where you want users not to share passwords between friends and Family then you can go for this solution. Multiple two factor authentication methods are supported to achieve prevent account sharing.
183
 
184
+ == ** Multi factor authentication ** ( MFA ) ==
185
+ You can configure multiple WordPress 2FA methods like google authenticator, OTP over Email, OTP over SMS, etc and choose which method do you want to login to your website from a list of configured methods. Multi factor authentication is helpful for cases such as when you do not have your phone and cannot access your TOTP app for login. You can then use other method like OTP over Email to login.
186
+
187
+ == ** Two Factor authentication ** ( 2FA ) for specific user and user roles ==
188
+ With google authenticator 2-factor authentication you can enable 2fa for specific user roles and specific users.
189
+
190
+ == Sync 2-factor authentication ( 2FA ) in multiple websites ==
191
+ Google authentication - Two factor authentication can be used for creating same 2-factor authentication code for the same users exists in multiple sites.
192
+
193
+
194
+ == Session Control with Two Factor authentication 2FA ==
195
+ You can control the number of sessions a user can have concurrently in your website.
196
+
197
+ == Customize two factor authentication screen as per your website ==
198
+ You can customize the 2fa screen as per your website's design.
199
+
200
+ = Additional Features other than the two factor authentication ( 2FA ) and multi factor authentication =
201
  * **Complete Web Security suite to protect wordpress from any attacks**
202
  * **Web Application Firewall (WAF) : Wordpress Firewall to protect your site**
203
  * **OWASP TOP 10 Protection**
220
  * **Reporting**
221
  * **Audit Log**
222
 
223
+ Check all the features other than two factor authentication here: [miniOrange Website](https://security.miniorange.com/)
224
 
225
+ = Why do you need to register for google authenticator? =
226
 
227
+ miniOrange's google authentiactor - Two factor authentication Plugin (TFA) uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users calls can be only accessed by API keys assigned to you.
228
+ Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or WordPress 2FA like Google Authenticator. Single code generated in Google Authenticator will be enough to login to all sites. With this you can also achieve sync of two factor authentication on multiple sites.
229
 
230
 
231
  = Add Ons [Applicable for Free and Standard Plans, Inclusive in the Premium Plan] =
234
  * Remember Device to skip the two factor authentication ( 2 Factor ) from the trusted devices.
235
  * Set Device Limit for the users to login
236
  * IP Restriction: Limit users to login from specific IPs
237
+ * Personalization Add-on Features to customize your two factor authentication pages
238
  * Custom UI of Two Factor Authentication (2FA) popups
239
  * Custom Email and SMS Templates
240
  * Customize 'Powered by' Logo on two factor authentication page
245
  * Option to turn on/off 2 factor (two factor authentication) by user
246
  * Option to configure the Google Authenticator and Security Questions by user
247
  * Option to 'Enable Remember Device' from a custom login form to skip 2 factor for trusted devices.
248
+ * On-Demand ShortCodes for specific functionalities ( like for enabling WordPress 2FA (Two Factor authentication) for specific pages)
249
 
250
  = Apps Supported by the two factor authentication plugin =
251
  * Google Authenticator
252
  * miniOrange Authenticator
253
+ * Duo Authenticator
254
  * Microsoft Authenticator
255
  * Authy 2 Factor Authenticator
256
  * LastPass Authenticator
257
  * FreeOTP Authenticator
258
+ * Duo Authenticator push notification
259
+ * Authy push notification
260
 
261
  <h4>Useful blog posts about two factor authenticaion ( 2FA ) plugin </h4>
262
  *[Beginner’s Guide: How to Add Two Factor Authentication to WordPress](https://themeisle.com/blog/how-to-add-two-factor-authentication-to-wordpress/)
298
  2. If you had setup KBA questions earlier, you can use them as an alternate method to login to your website.
299
  3. Rename the plugin from FTP - this disables the Two-Factor (2FA) plugin and you will be able to login with your Wordpress username and password.
300
 
301
+ For detailed information, Please check on our website. <a href="https://faq.miniorange.com/knowledgebase/gain-access-to-website-if-locked-out/" target="_blank">Locked Out</a>.<br>
302
  You can also check our video Tutorial:
303
  <iframe width="560" height="315" src="https://www.youtube.com/embed/wLFKakQkpk8" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
304
 
427
 
428
  == Changelog ==
429
 
430
+ = 5.4.37=
431
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
432
+ * Added 2FA setup using user profile option
433
+ * Setup Wizard for configuring 2FA
434
+ * 2FA Form support for login with ajax, Elementor Pro, UserPro login forms
435
+ * Minor bug fixes
436
+
437
  = 5.4.36=
438
  * Google Authenticator - Two Factor Authentication (2FA, OTP) :
439
  * Remove extra comma
449
  * Minor fixes
450
 
451
  = 5.4.33=
452
+ * Google Authenticator Two Factor Authentication (2FA, TFA) :
453
+ * New pricing page for two factor auhthentication
454
+ * Added Duo Authenticator push notification method.
455
+ * Woocommerce redirect issue fix.
456
 
457
  = 5.4.32=
458
+ * Google Authenticator Two Factor Authentication (2FA, TFA) :
459
+ * Replaced sessions with transient.
460
 
461
  = 5.4.31=
462
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
463
  * OTP over Email as two factor fix
464
  * Low Email transaction alert fix
465
 
466
  = 5.4.30=
467
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
468
  * Feedback changes
469
 
470
  = 5.4.29 =
471
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
472
  * Session independent Google Authenticator
473
  * Session independent KBA
474
  * Feedback improvement for two factor authentication plugin
475
 
476
  = 5.4.28 =
477
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
478
  * New year sale update
479
 
480
  = 5.4.27 =
481
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
482
  * New year sale
483
  * WordPress 5.6 compatibility fix
484
  * WAF fixes
487
  * New feature release notification
488
 
489
  = 5.4.26 =
490
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
491
  * Christmas Offer
492
 
493
  = 5.4.25 =
494
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
495
  * OTP over Telegram Fixes
496
 
497
  = 5.4.24 =
498
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
499
  * OTP over Whatsapp
500
  * OTP over Telegram
501
  * Feedback form changes
502
 
503
  = 5.4.23 =
504
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
505
  * Call support with technical team
506
  * Email and SMS transaction sync
507
  * Feedback form on network deactivate
509
  * 2FA added for superadmin role
510
 
511
  = 5.4.22 =
512
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
513
  * Backup Codes
514
  * Sanitization and JS improvements
515
  * SMS and Email Sync
517
  * Telegram based Two factor in Premium plugin
518
 
519
  = 5.4.21 =
520
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
521
  * Sanitization of some input values.
522
 
523
  = 5.4.20 =
524
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) :
525
  * Google Authenticator Qr code fix.
526
  * My theme login Login fix.
527
 
1060
 
1061
  == Upgrade Notice ==
1062
 
1063
+ = 5.4.33=
1064
+ * Google Authenticator – Two Factor Authentication (2FA, TFA) :
1065
+ * New pricing page for two factor auhthentication
1066
+ * Added Duo Authenticator push notification method.
1067
+ * Woocommerce redirect issue fix.
1068
+
1069
+ = 5.4.32=
1070
+ * Google Authenticator – Two Factor Authentication (2FA, TFA) :
1071
+ * Replaced sessions with transient.
1072
+
1073
  = 5.4.31=
1074
  * Google Authenticator - Two Factor Authentication (2FA, OTP) :
1075
  * OTP over Email as two factor fix
uninstall.php CHANGED
@@ -26,6 +26,10 @@
26
  delete_site_option('mo2f_added_ips_realtime');
27
  delete_site_option('mo2f_mail_notify_new_release');
28
  delete_site_option('mo2f_mail_notify');
 
 
 
 
29
  delete_site_option('mo2f_feature_vers');
30
  delete_site_option('mo2f_user_IP');
31
  delete_option('mo_wpns_enable_brute_force');
@@ -150,9 +154,8 @@
150
  delete_site_option('mo_file_manual_backup_plugins');
151
  delete_site_option('mo_file_manual_backup_themes');
152
  delete_site_option('mo_schedule_database_backup');
153
- delete_site_option('mo2f_enable_debug_log');
154
  delete_site_option('duo_credentials_save_successfully');
155
-
156
  delete_site_option('mo2f_d_integration_key');
157
  delete_site_option('mo2f_d_secret_key');
158
  delete_site_option('mo2f_d_api_hostname');
@@ -170,8 +173,7 @@
170
  delete_user_meta( $user->ID, 'kba_questions_user');
171
  delete_user_meta( $user->ID, 'Google Authenticator');
172
  delete_user_meta( $user->ID, 'mo2f_gauth_key');
173
- delete_user_meta( $user->ID, 'mo2f_get_auth_rnd_string');
174
-
175
  }
176
  }
177
 
26
  delete_site_option('mo2f_added_ips_realtime');
27
  delete_site_option('mo2f_mail_notify_new_release');
28
  delete_site_option('mo2f_mail_notify');
29
+ delete_site_option('mo2fa_free_plan_new_user_methods');
30
+ delete_site_option('mo2fa_free_plan_existing_user_methods');
31
+ delete_option('mo2fa_reconfiguration_via_email');
32
+ delete_option('mo2fa_userProfile_method');
33
  delete_site_option('mo2f_feature_vers');
34
  delete_site_option('mo2f_user_IP');
35
  delete_option('mo_wpns_enable_brute_force');
154
  delete_site_option('mo_file_manual_backup_plugins');
155
  delete_site_option('mo_file_manual_backup_themes');
156
  delete_site_option('mo_schedule_database_backup');
157
+ delete_site_option('mo2f_enable_debug_log');
158
  delete_site_option('duo_credentials_save_successfully');
 
159
  delete_site_option('mo2f_d_integration_key');
160
  delete_site_option('mo2f_d_secret_key');
161
  delete_site_option('mo2f_d_api_hostname');
173
  delete_user_meta( $user->ID, 'kba_questions_user');
174
  delete_user_meta( $user->ID, 'Google Authenticator');
175
  delete_user_meta( $user->ID, 'mo2f_gauth_key');
176
+ delete_user_meta( $user->ID, 'mo2f_get_auth_rnd_string');
 
177
  }
178
  }
179
 
views/twofa/setup/setup_duo_authenticator.php CHANGED
@@ -379,13 +379,15 @@ function mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registratio
379
  function mo2f_save_duo_configuration_credentials(){
380
 
381
  ?>
382
- <h3><?php echo mo2f_lt( 'Please enter required Details' ); ?>
383
  </h3>
384
  <p style = "font-size: 17px;">
385
  <?php echo mo2f_lt( '1. If you do not have an account in duo, please'); ?> <a href="https://signup.duo.com/" target="_blank">Click Here </a><?php echo mo2f_lt( 'to create an account.'); ?>
 
386
  </p>
387
  <p style = "font-size: 17px;">
388
  <?php echo mo2f_lt( '2. Follow these steps( ') ?> <a href=" https://duo.com/docs/authapi#first-steps" target="_blank">Click Here </a> <?php echo mo2f_lt( ') to create AUTH API application on duo side. After creating auth API, you will get the all credentials which you need to enter below.'); ?>
 
389
  </p>
390
  <br>
391
  <div>
379
  function mo2f_save_duo_configuration_credentials(){
380
 
381
  ?>
382
+ <h3><?php echo mo2f_lt( 'Please enter required details' ); ?>
383
  </h3>
384
  <p style = "font-size: 17px;">
385
  <?php echo mo2f_lt( '1. If you do not have an account in duo, please'); ?> <a href="https://signup.duo.com/" target="_blank">Click Here </a><?php echo mo2f_lt( 'to create an account.'); ?>
386
+
387
  </p>
388
  <p style = "font-size: 17px;">
389
  <?php echo mo2f_lt( '2. Follow these steps( ') ?> <a href=" https://duo.com/docs/authapi#first-steps" target="_blank">Click Here </a> <?php echo mo2f_lt( ') to create AUTH API application on duo side. After creating auth API, you will get the all credentials which you need to enter below.'); ?>
390
+
391
  </p>
392
  <br>
393
  <div>
views/twofa/setup/setup_google_authenticator.php CHANGED
@@ -8,6 +8,7 @@ function mo2f_configure_google_authenticator( $user ) {
8
  $gauth_name= get_option('mo2f_google_appname');
9
  $gauth_name = $gauth_name ? $gauth_name : 'miniOrangeAu';
10
  ?>
 
11
  <table>
12
  <tr>
13
  <td class="mo2f_google_authy_step2">
8
  $gauth_name= get_option('mo2f_google_appname');
9
  $gauth_name = $gauth_name ? $gauth_name : 'miniOrangeAu';
10
  ?>
11
+
12
  <table>
13
  <tr>
14
  <td class="mo2f_google_authy_step2">
views/twofa/setup/setup_google_authenticator_onpremise.php CHANGED
@@ -1,5 +1,98 @@
1
  <?php
2
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $session_id_encrypt ) {
4
  $h_size = 'h3';
5
  $gauth_name= get_option('mo2f_google_appname');
@@ -125,7 +218,7 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
125
  <form name="f" method="post" action="" id="mo2f_go_back_form">
126
  <input type="hidden" name="option" value="mo2f_go_back"/>
127
  <input style="margin-left: 5px;" type="submit" name="back" id="go_back" class="button button-primary button-large"
128
- value="<?php echo mo2f_lt( 'Back' ); ?>"/>
129
  <input type="hidden" name="mo2f_go_back_nonce"
130
  value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
131
  </form>
1
  <?php
2
 
3
+ function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode, $session_id_encrypt)
4
+ {
5
+ $gauth_name = $_SERVER['SERVER_NAME'];
6
+ echo "<b><h3>1. Please scan the QR code below</h3></b>";
7
+ ?>
8
+ <div style="margin-left:40px;">
9
+ <ol>
10
+ <li><?php echo mo2f_lt( 'In the app, tap on Menu and select "Set up account".' ); ?></li>
11
+ <li><?php echo mo2f_lt( 'Select "Scan a barcode".' ); ?></li>
12
+ <br><br>
13
+ <form name="f" id="login_settings_appname_form" method="post" action="">
14
+ <input type="hidden" name="option" value="mo2f_google_appname" />
15
+ <input type="hidden" name="mo2f_google_appname_nonce"
16
+ value="<?php echo wp_create_nonce( "mo2f-google-appname-nonce" ) ?>"/>
17
+ <div style="margin-left: 14%;">
18
+ <div class="mo2f_gauth_column mo2f_gauth_left" >
19
+
20
+ <div class="mo2f_gauth" style="background: white;" data-qrcode="<?php echo $url;?>" ></div>
21
+ </div>
22
+ </div>
23
+
24
+
25
+ </form>
26
+
27
+ </ol>
28
+
29
+ <div><a data-toggle="collapse" href="#mo2f_scanbarcode_a"
30
+ aria-expanded="false"><b><?php echo mo2f_lt( 'Can\'t scan the barcode? ' ); ?></b></a>
31
+ </div>
32
+ <div class="mo2f_collapse" id="mo2f_scanbarcode_a" style="background: white; display: none;">
33
+ <ol class="mo2f_ol">
34
+ <li><?php echo mo2f_lt( 'Tap on Menu and select' ); ?>
35
+ <b> <?php echo mo2f_lt( ' Set up account ' ); ?></b>.
36
+ </li>
37
+ <li><?php echo mo2f_lt( 'Select' ); ?>
38
+ <b> <?php echo mo2f_lt( ' Enter provided key ' ); ?></b>.
39
+ </li>
40
+ <li><?php echo mo2f_lt( 'For the' ); ?>
41
+ <b> <?php echo mo2f_lt( ' Enter account name ' ); ?></b>
42
+ <?php echo mo2f_lt( 'field, type your preferred account name' ); ?>.
43
+ </li>
44
+ <li><?php echo mo2f_lt( 'For the' ); ?>
45
+ <b> <?php echo mo2f_lt( ' Enter your key ' ); ?></b>
46
+ <?php echo mo2f_lt( 'field, type the below secret key' ); ?>:
47
+ </li>
48
+
49
+ <div class="mo2f_google_authy_secret_outer_div">
50
+ <div class="mo2f_google_authy_secret_inner_div">
51
+ <?php echo $secret; ?>
52
+ </div>
53
+ <div class="mo2f_google_authy_secret">
54
+ <?php echo mo2f_lt( 'Spaces do not matter' ); ?>.
55
+ </div>
56
+ </div>
57
+ <li><?php echo mo2f_lt( 'Key type: make sure' ); ?>
58
+ <b> <?php echo mo2f_lt( ' Time-based ' ); ?></b>
59
+ <?php echo mo2f_lt( ' is selected' ); ?>.
60
+ </li>
61
+
62
+ <li><?php echo mo2f_lt( 'Tap Add.' ); ?></li>
63
+ </ol>
64
+ </div>
65
+ <br>
66
+ </div>
67
+ <br>
68
+
69
+ <div id="mo2f_entergoogle_auth_code">
70
+
71
+ <b><h3>2. Enter the generated code: <input class ='mo2f_table_textbox' type="number" id="mo2f_google_auth_code" name="mo2f_google_auth_code" placeholder="Enter OTP" /> </h3></b>
72
+ <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo $session_id_encrypt ?>">
73
+
74
+ </div>
75
+ <script type="text/javascript">
76
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(e){
77
+
78
+ var element = document.getElementById('mo2f_scanbarcode_a');
79
+ if(element.style.display === 'none')
80
+ element.style.display = 'block';
81
+
82
+ else
83
+ element.style.display = "none";
84
+ });
85
+ jQuery(document).ready(function() {
86
+ jQuery('.mo2f_gauth').qrcode({
87
+ 'render': 'image',
88
+ size: 175,
89
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
90
+ });
91
+ });
92
+
93
+ </script>
94
+ <?php
95
+ }
96
  function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $session_id_encrypt ) {
97
  $h_size = 'h3';
98
  $gauth_name= get_option('mo2f_google_appname');
218
  <form name="f" method="post" action="" id="mo2f_go_back_form">
219
  <input type="hidden" name="option" value="mo2f_go_back"/>
220
  <input style="margin-left: 5px;" type="submit" name="back" id="go_back" class="button button-primary button-large"
221
+ value="<?php echo mo2f_lt( 'Back' ); ?>"/>
222
  <input type="hidden" name="mo2f_go_back_nonce"
223
  value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
224
  </form>
views/twofa/setup/setup_kba_questions.php CHANGED
@@ -5,18 +5,20 @@ function mo2f_configure_kba_questions() { ?>
5
 
6
  <div class="mo2f_kba_header"><?php echo mo2f_lt( 'Please choose 3 questions' ); ?></div>
7
  <br>
8
- <table cellspacing="10">
 
9
  <tr class="mo2f_kba_header">
10
- <td>
11
- <?php echo mo2f_lt( 'Sr. No.' ); ?>
12
- </td>
13
- <td class="mo2f_kba_tb_data">
14
- <?php echo mo2f_lt( 'Questions' ); ?>
15
- </td>
16
- <td>
17
- <?php echo mo2f_lt( 'Answers' ); ?>
18
- </td>
19
  </tr>
 
20
  <tr class="mo2f_kba_body">
21
  <td>
22
  <center>1.</center>
5
 
6
  <div class="mo2f_kba_header"><?php echo mo2f_lt( 'Please choose 3 questions' ); ?></div>
7
  <br>
8
+ <table id="mo2f_configure_kba" cellspacing="10">
9
+ <thead>
10
  <tr class="mo2f_kba_header">
11
+ <th>
12
+ <?php echo mo2f_lt( 'Sr. No.' ); ?>
13
+ </th>
14
+ <th class="mo2f_kba_tb_data">
15
+ <?php echo mo2f_lt( 'Questions' ); ?>
16
+ </th>
17
+ <th>
18
+ <?php echo mo2f_lt( 'Answers' ); ?>
19
+ </th>
20
  </tr>
21
+ </thead>
22
  <tr class="mo2f_kba_body">
23
  <td>
24
  <center>1.</center>
views/twofa/setup/setup_miniorange_authenticator.php CHANGED
@@ -281,4 +281,4 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
281
  }, 800);
282
  </script>
283
  <?php
284
- } ?>
281
  }, 800);
282
  </script>
283
  <?php
284
+ } ?>
views/twofa/setup_twofa.php CHANGED
@@ -156,6 +156,8 @@
156
  $free_plan_existing_user = $methods_of_users['existing_user'];
157
  $free_plan_new_user = $methods_of_users['new_user'];
158
  }
 
 
159
 
160
  $free_plan_methods_existing_user = array_chunk( $free_plan_existing_user, 3 );
161
  $free_plan_methods_new_user = array_chunk( $free_plan_new_user, 3 );
156
  $free_plan_existing_user = $methods_of_users['existing_user'];
157
  $free_plan_new_user = $methods_of_users['new_user'];
158
  }
159
+ update_site_option('mo2fa_free_plan_new_user_methods',$free_plan_new_user);
160
+ update_site_option('mo2fa_free_plan_existing_user_methods',$free_plan_existing_user);
161
 
162
  $free_plan_methods_existing_user = array_chunk( $free_plan_existing_user, 3 );
163
  $free_plan_methods_new_user = array_chunk( $free_plan_new_user, 3 );
views/twofa/two_fa.php CHANGED
@@ -121,7 +121,6 @@ else
121
  }
122
  }
123
  localStorage.setItem("last_tab", tabname);
124
-
125
  }
126
  var tour = '<?php echo MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option');?>';
127
 
@@ -147,7 +146,9 @@ else
147
  }
148
  else if(tab == "unlimittedUser_2fa")
149
  {
150
- document.getElementById("unlimittedUser_2fa").click();
 
 
151
  }
152
 
153
  else{
121
  }
122
  }
123
  localStorage.setItem("last_tab", tabname);
 
124
  }
125
  var tour = '<?php echo MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option');?>';
126
 
146
  }
147
  else if(tab == "unlimittedUser_2fa")
148
  {
149
+ if(document.getElementById("unlimittedUser_2fa") !== null){
150
+ document.getElementById("unlimittedUser_2fa").click();
151
+ }
152
  }
153
 
154
  else{
views/twofa/two_fa_login_option.php CHANGED
@@ -1,11 +1,7 @@
1
  <?php
2
  global $Mo2fdbQueries;
3
  $roles = get_editable_roles();
4
- $login_option_tooltip_array = array(
5
- 'By default 2nd Factor is enabled after password authentication. If you do not want to remember passwords anymore and just login with 2nd Factor, please select 2nd option.',
6
- 'Users have an option to Login with Username and password or Login with just username + One Time Passcode',
7
- 'This option will provide you an alternate way of logging in to your site in case you are unable to login with your primary authentication method.',
8
- 'Users will be able to login through external applications which support XML-RPC without authenticating from miniOrange');
9
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
10
  ?>
11
  <?php if ( !MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) { ?>
@@ -28,47 +24,101 @@ global $Mo2fdbQueries;
28
  <input type="hidden" name="mo_auth_login_settings_save_nonce"
29
  value="<?php echo wp_create_nonce( "mo-auth-login-settings-save-nonce" ) ?>"/>
30
  <div class="row">
31
- <h3>Select Login Screen Options
32
- <a href='<?php echo $two_factor_premium_doc['Select login screen option'];?>' target="_blank">
33
- <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#413c69;float: right;"></span>
34
- </a></h3>
35
-
36
- <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="1" checked="checked" disabled> Login with password + 2nd Factor <span style="color: red">(Recommended)</span>
37
- <?php echo mo2f_tooltip_array($login_option_tooltip_array[0]); ?>
38
-
39
- </br>
40
- </br>
41
- <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="0" disabled>
42
- Login with 2nd Factor only <span style="color: red">(No password required)
43
- <a
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
44
  data-toggle="collapse"
45
- id="showpreview1"
46
- href="#preview8"
47
  aria-expanded="false"><?php echo mo2f_lt( 'See preview' ); ?></a>
48
- <?php echo mo2f_tooltip_array($login_option_tooltip_array[1]); ?>
49
- <div class="mo2f_collapse" id="preview8" style="height:300px;">
50
  <center><br>
51
  <img style="height:300px;"
52
  src="https://login.xecurify.com/moas/images/help/login-help-1.png">
53
  </center>
54
  </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
55
  </div>
56
- <br>
57
- <hr>
58
- <br>
59
  <div>
60
- <h3 style="padding:10px;"><?php echo mo2f_lt( 'Backup Methods ' ); ?><span><a
61
- class="mo2fa_see_preview"
62
- data-toggle="collapse"
63
- id="showpreview2"
64
- href="#preview9"
65
- aria-expanded="false"><?php echo mo2f_lt( 'See preview' ); ?></a>
66
- <?php echo mo2f_tooltip_array($login_option_tooltip_array[2]); ?></span></h3>
67
- </div>
68
- <br>
69
  <hr>
70
  <br>
71
- <div style="margin-left: 2%" id='preview9' hidden>
72
  <input type="checkbox" id="mo2f_forgotphone" name="mo2f_forgotphone"
73
  value="1" <?php checked( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') == 1 );
74
  if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) {
@@ -84,16 +134,10 @@ global $Mo2fdbQueries;
84
 
85
  </div>
86
  <div>
87
- <h3 style="padding:10px;">XML-RPC <?php echo mo2f_lt( 'Settings' ); ?>
88
- <span><a
89
- class="mo2fa_see_preview"
90
- data-toggle="collapse"
91
- id="showpreview3"
92
- href="#preview10"
93
- aria-expanded="false"><?php echo mo2f_lt( 'See preview' ); ?></a>
94
- <?php echo mo2f_tooltip_array($login_option_tooltip_array[3]); ?></span></h3>
95
- </div>
96
- <div style="margin-left: 2%" id="preview10" hidden>
97
  <input type="checkbox" id="mo2f_enable_xmlrpc" name="mo2f_enable_xmlrpc"
98
  value="1" <?php checked( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_xmlrpc', 'get_option') == 1 );
99
  if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) {
@@ -148,42 +192,29 @@ global $Mo2fdbQueries;
148
  });
149
 
150
 
151
- jQuery('#preview9').hide();
152
- jQuery('#showpreview1').click(function(){
153
- jQuery('#preview8').slideToggle(700);
 
 
 
 
154
  });
155
-
156
- jQuery('#showpreview2').click(function(){
157
- jQuery('#preview9').slideToggle(700);
158
- });
159
- jQuery('#showpreview3').click(function(){
160
- jQuery('#preview10').slideToggle(700);
161
- });
162
- jQuery('#showpreview4').click(function(){
163
- jQuery('#preview11').slideToggle(700);
164
- });
165
- jQuery('#showpreview5').click(function(){
166
- jQuery('#preview12').slideToggle(700);
167
- });
168
- jQuery('#showpreview6').click(function(){
169
- jQuery('#preview13').slideToggle(700);
170
  });
171
- jQuery('#showpreview7').click(function(){
172
- jQuery('#preview14').slideToggle(700);
 
173
  });
174
- jQuery('#preview7').hide();
175
- jQuery('#showpreview7').click(function(){
176
- jQuery('#preview7').slideToggle(700);
177
- });
178
-
179
- jQuery('#preview6').hide();
180
- jQuery('#showpreview6').click(function(){
181
- jQuery('#preview6').slideToggle(700);
182
- });
183
-
184
- jQuery('#preview8').hide();
185
- jQuery('#showpreview8').click(function(){
186
- jQuery('#preview8').slideToggle(700);
187
  });
188
 
189
 
@@ -313,10 +344,10 @@ function get_standard_premium_options( $user ) {
313
  <div>
314
  <ul style="margin-left:4%" class="mo2f_ol">
315
  <li><?php echo mo2f_lt( 'Login with Wordpress username/password and 2nd Factor' ); ?> <a
316
- class="" data-toggle="collapse" id="showpreview4" href="#preview11"
317
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
318
  ]</a>
319
- <div class="mo2f_collapse" id="preview11" style="height:300px;">
320
  <center><br>
321
  <img style="height:300px;"
322
  src="https://login.xecurify.com/moas/images/help/login-help-1.png">
@@ -325,11 +356,11 @@ function get_standard_premium_options( $user ) {
325
 
326
  </li><br>
327
  <li><?php echo mo2f_lt( 'Login with Wordpress username and 2nd Factor only' ); ?> <a
328
- class="" data-toggle="collapse" id="showpreview5" href="#preview12"
329
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
330
  ]</a>
331
  <br>
332
- <div class="mo2f_collapse" id="preview12" style="height:300px;">
333
  <center><br>
334
  <img style="height:300px;"
335
  src="https://login.xecurify.com/moas/images/help/login-help-3.png">
@@ -386,10 +417,10 @@ function get_standard_premium_options( $user ) {
386
  <div>
387
  <ul style="margin-left:4%" class="mo2f_ol">
388
  <li><?php echo mo2f_lt( 'Login with Wordpress username/password and 2nd Factor' ); ?> <a
389
- data-toggle="collapse" id="showpreview6" href="#preview13"
390
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
391
  ]</a>
392
- <div class="mo2f_collapse" id="preview13" style="height:300px;">
393
  <center><br>
394
  <img style="height:300px;"
395
  src="https://login.xecurify.com/moas/images/help/login-help-1.png">
@@ -398,11 +429,11 @@ function get_standard_premium_options( $user ) {
398
  </div>
399
  <br></li>
400
  <li><?php echo mo2f_lt( 'Login with Wordpress username and 2nd Factor only' ); ?> <a
401
- data-toggle="collapse" id="showpreview7" href="#preview14"
402
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
403
  ]</a>
404
  <br>
405
- <div class="mo2f_collapse" id="preview14" style="height:300px;">
406
  <center><br>
407
  <img style="height:300px;"
408
  src="https://login.xecurify.com/moas/images/help/login-help-3.png">
1
  <?php
2
  global $Mo2fdbQueries;
3
  $roles = get_editable_roles();
4
+
 
 
 
 
5
  $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
6
  ?>
7
  <?php if ( !MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) { ?>
24
  <input type="hidden" name="mo_auth_login_settings_save_nonce"
25
  value="<?php echo wp_create_nonce( "mo-auth-login-settings-save-nonce" ) ?>"/>
26
  <div class="row">
27
+ <h3 style="padding:10px;"><?php echo mo2f_lt( 'Select Login Screen Options' ); ?>
28
+
29
+ </div>
30
+ <hr>
31
+ <br>
32
+
33
+
34
+ <div style="margin-left: 2%;">
35
+ <input type="radio" name="mo2f_login_option" value="1"
36
+ <?php checked( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') );
37
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM) {
38
+ } else {
39
+ echo 'disabled';
40
+ } ?> />
41
+ <?php echo mo2f_lt( 'Login with password + 2nd Factor ' ); ?>
42
+ <i>(<?php echo mo2f_lt( 'Default & Recommended' ); ?>)&nbsp;&nbsp;</i>
43
+
44
+ <br><br>
45
+
46
+ <div style="margin-left:6%;">
47
+ <input type="checkbox" id="mo2f_remember_device" name="mo2f_remember_device"
48
+ value="1" <?php checked( get_option( 'mo2f_remember_device' ) == 1 );
49
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' and MO2F_IS_ONPREM!=1) {
50
+ } else {
51
+ echo 'disabled';
52
+ } ?> />Enable
53
+ '<b><?php echo mo2f_lt( 'Remember device' ); ?></b>' <?php echo mo2f_lt( 'option ' ); ?><br>
54
+
55
+ <div class="mo2f_advanced_options_note"><p style="padding:5px;">
56
+ <i><?php echo mo2f_lt( ' Checking this option will display an option ' ); ?>
57
+ '<b><?php echo mo2f_lt( 'Remember this device' ); ?></b>'<?php echo mo2f_lt( 'on 2nd factor screen. In the next login from the same device, user will bypass 2nd factor, i.e. user will be logged in through username + password only.' ); ?>
58
+ </i></p></div>
59
+ </div>
60
+
61
+ <br>
62
+
63
+ <input type="radio" name="mo2f_login_option" value="0"
64
+ <?php checked( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') );
65
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM) {
66
+ } else {
67
+ echo 'disabled';
68
+ } ?> />
69
+ <?php echo mo2f_lt( 'Login with 2nd Factor only ' ); ?>
70
+ <i>(<?php echo mo2f_lt( 'No password required.' ); ?>)</i> &nbsp;<a
71
  data-toggle="collapse"
72
+ id="showLoginwith2ndFactoronly"
73
+ href="#Loginwith2ndFactoronly"
74
  aria-expanded="false"><?php echo mo2f_lt( 'See preview' ); ?></a>
75
+ <br>
76
+ <div class="mo2f_collapse" id="Loginwith2ndFactoronly" style="height:300px; ">
77
  <center><br>
78
  <img style="height:300px;"
79
  src="https://login.xecurify.com/moas/images/help/login-help-1.png">
80
  </center>
81
  </div>
82
+ <br>
83
+ <br>
84
+ <div class="mo2f_advanced_options_note"><p style="padding:5px;">
85
+ <i><?php echo mo2f_lt( 'Checking this option will add login with your phone button below default login form. Click above link to see the preview.' ); ?></i>
86
+ </p></div>
87
+ <div id="loginphonediv" hidden><br>
88
+ <input type="checkbox" id="mo2f_login_with_username_and_2factor"
89
+ name="mo2f_login_with_username_and_2factor"
90
+ value="1" <?php checked( get_option( 'mo2f_enable_login_with_2nd_factor' ) == 1 );
91
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM ){
92
+ } else {
93
+ echo 'disabled';
94
+ } ?> />
95
+ <?php echo mo2f_lt( ' I want to hide default login form.' ); ?> &nbsp;<a
96
+ class=""
97
+ data-toggle="collapse"
98
+ href="#hideDefaultLoginForm"
99
+ id = 'showhideDefaultLoginForm'
100
+ aria-expanded="false"><?php echo mo2f_lt( 'See preview' ); ?></a>
101
+ <br>
102
+ <div class="mo2f_collapse" id="showhideDefaultLoginForm" style="height:300px;">
103
+ <center><br>
104
+ <img style="height:300px;"
105
+ src="https://login.xecurify.com/moas/images/help/login-help-3.png">
106
+ </center>
107
+ </div>
108
+
109
+ <br>
110
+ <br>
111
+ <div class="mo2f_advanced_options_note"><p style="padding:5px;">
112
+ <i><?php echo mo2f_lt( 'Checking this option will hide default login form and just show login with your phone. Click above link to see the preview.' ); ?></i>
113
+ </p></div>
114
+ </div>
115
+ <br>
116
  </div>
 
 
 
117
  <div>
118
+ <h3 style="padding:10px;"><?php echo mo2f_lt( 'Backup Methods' ); ?></h3></div>
 
 
 
 
 
 
 
 
119
  <hr>
120
  <br>
121
+ <div style="margin-left: 2%">
122
  <input type="checkbox" id="mo2f_forgotphone" name="mo2f_forgotphone"
123
  value="1" <?php checked( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') == 1 );
124
  if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) {
134
 
135
  </div>
136
  <div>
137
+ <h3 style="padding:10px;">XML-RPC <?php echo mo2f_lt( 'Settings' ); ?></h3></div>
138
+ <hr>
139
+ <br>
140
+ <div style="margin-left: 2%">
 
 
 
 
 
 
141
  <input type="checkbox" id="mo2f_enable_xmlrpc" name="mo2f_enable_xmlrpc"
142
  value="1" <?php checked( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_xmlrpc', 'get_option') == 1 );
143
  if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) {
192
  });
193
 
194
 
195
+ jQuery('#Loginwith2ndFactoronly').hide();
196
+ jQuery('#showLoginwith2ndFactoronly').click(function(){
197
+ jQuery('#Loginwith2ndFactoronly').slideToggle(700);
198
+ });
199
+ jQuery('#Loginwith2ndFactoronlyStandard').hide();
200
+ jQuery('#showLoginwith2ndFactoronlyStandard').click(function(){
201
+ jQuery('#Loginwith2ndFactoronlyStandard').slideToggle(700);
202
  });
203
+ jQuery('#LoginWithUsernameOnlyStandard').hide();
204
+ jQuery('#showLoginWithUsernameOnlyStandard').click(function(){
205
+ jQuery('#LoginWithUsernameOnlyStandard').slideToggle(700);
 
 
 
 
 
 
 
 
 
 
 
 
206
  });
207
+ jQuery('#Loginwith2ndFactoronlyPremium').hide();
208
+ jQuery('#showLoginwith2ndFactoronlyPremium').click(function(){
209
+ jQuery('#Loginwith2ndFactoronlyPremium').slideToggle(700);
210
  });
211
+ jQuery('#LoginWithUsernameOnlyPremium').hide();
212
+ jQuery('#showLoginWithUsernameOnlyPremium').click(function(){
213
+ jQuery('#LoginWithUsernameOnlyPremium').slideToggle(700);
214
+ });
215
+ jQuery('#showhideDefaultLoginForm').hide();
216
+ jQuery('#showhideDefaultLoginForm').click(function(){
217
+ jQuery('#showhideDefaultLoginForm').slideToggle(700);
 
 
 
 
 
 
218
  });
219
 
220
 
344
  <div>
345
  <ul style="margin-left:4%" class="mo2f_ol">
346
  <li><?php echo mo2f_lt( 'Login with Wordpress username/password and 2nd Factor' ); ?> <a
347
+ class="" data-toggle="collapse" id="showLoginwith2ndFactoronlyStandard" href="#Loginwith2ndFactoronlyStandard"
348
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
349
  ]</a>
350
+ <div class="mo2f_collapse" id="Loginwith2ndFactoronlyStandard" style="height:300px;">
351
  <center><br>
352
  <img style="height:300px;"
353
  src="https://login.xecurify.com/moas/images/help/login-help-1.png">
356
 
357
  </li><br>
358
  <li><?php echo mo2f_lt( 'Login with Wordpress username and 2nd Factor only' ); ?> <a
359
+ class="" data-toggle="collapse" id="showLoginWithUsernameOnlyStandard" href="#LoginWithUsernameOnlyStandard"
360
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
361
  ]</a>
362
  <br>
363
+ <div class="mo2f_collapse" id="LoginWithUsernameOnlyStandard" style="height:300px;">
364
  <center><br>
365
  <img style="height:300px;"
366
  src="https://login.xecurify.com/moas/images/help/login-help-3.png">
417
  <div>
418
  <ul style="margin-left:4%" class="mo2f_ol">
419
  <li><?php echo mo2f_lt( 'Login with Wordpress username/password and 2nd Factor' ); ?> <a
420
+ data-toggle="collapse" id="showLoginwith2ndFactoronlyPremium" href="#Loginwith2ndFactoronlyPremium"
421
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
422
  ]</a>
423
+ <div class="mo2f_collapse" id="Loginwith2ndFactoronlyPremium" style="height:300px;">
424
  <center><br>
425
  <img style="height:300px;"
426
  src="https://login.xecurify.com/moas/images/help/login-help-1.png">
429
  </div>
430
  <br></li>
431
  <li><?php echo mo2f_lt( 'Login with Wordpress username and 2nd Factor only' ); ?> <a
432
+ data-toggle="collapse" id="showLoginWithUsernameOnlyPremium" href="#LoginWithUsernameOnlyPremium"
433
  aria-expanded="false">[ <?php echo mo2f_lt( 'See Preview' ); ?>
434
  ]</a>
435
  <br>
436
+ <div class="mo2f_collapse" id="LoginWithUsernameOnlyPremium" style="height:300px;">
437
  <center><br>
438
  <img style="height:300px;"
439
  src="https://login.xecurify.com/moas/images/help/login-help-3.png">
views/twofa/two_fa_premium_feature.php CHANGED
@@ -236,7 +236,7 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
236
 
237
  <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[6]); ?>
238
  <div id="mo2f_hide_login" style="display: none;">
239
- <?php
240
  echo '<div style="text-align:center;"><img style="margin-top:5px;" src="'.$hide_login_form_url.'"></div><br>';?>
241
  </div>
242
 
236
 
237
  <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[6]); ?>
238
  <div id="mo2f_hide_login" style="display: none;">
239
+ <?php
240
  echo '<div style="text-align:center;"><img style="margin-top:5px;" src="'.$hide_login_form_url.'"></div><br>';?>
241
  </div>
242