Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.38

Version Description

  • Minor bug fixes
Download this release

Release Info

Developer twofactorauthentication
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.38
Comparing to
See all releases

Code changes from version 5.4.37 to 5.4.38

Files changed (62) hide show
  1. api/Mo2f_OnPremRedirect.php +343 -343
  2. api/class-customer-common-setup.php +412 -412
  3. api/class-customer-onprem-setup.php +72 -72
  4. api/class-customer-setup.php +33 -33
  5. api/class-rba-attributes.php +183 -183
  6. controllers/PointersManager.php +53 -53
  7. controllers/addons.php +4 -4
  8. controllers/backup/backup.php +1 -1
  9. controllers/backup/backup_controller.php +1 -1
  10. controllers/backup/backup_created_report.php +1 -1
  11. controllers/content-protection.php +94 -94
  12. controllers/dashboard_ajax.php +210 -210
  13. controllers/duo_authenticator/duo_authenticator_ajax.php +74 -74
  14. controllers/feedback_footer.php +78 -78
  15. controllers/ip-blocking.php +256 -256
  16. controllers/malware_scanner/scan_malware.php +9 -9
  17. controllers/navbar.php +94 -94
  18. controllers/notification-settings.php +100 -100
  19. controllers/pointers.php +581 -581
  20. controllers/reports.php +24 -24
  21. controllers/request_christmas_offer.php +48 -0
  22. controllers/request_demo.php +51 -0
  23. controllers/request_offer.php +45 -45
  24. controllers/support.php +77 -77
  25. controllers/tour-model.php +334 -0
  26. controllers/tour/tour_ajax.php +146 -0
  27. controllers/troubleshooting.php +4 -4
  28. controllers/twofa/two_fa.php +3 -3
  29. controllers/twofa/two_fa_addon.php +5 -5
  30. controllers/twofa/two_fa_custom_form.php +8 -8
  31. controllers/twofa/two_fa_login_option.php +1 -1
  32. controllers/twofa/two_fa_premium_feature.php +2 -2
  33. controllers/twofa/two_fa_session_control.php +2 -2
  34. controllers/twofa/two_fa_video_guide.php +3 -3
  35. controllers/upgrade.php +3 -3
  36. controllers/wpns-loginsecurity-ajax.php +1398 -1398
  37. database/database_functions.php +872 -872
  38. database/database_functions_2fa.php +403 -403
  39. handler/WAF/database/mo-waf-db-common.php +24 -24
  40. handler/WAF/database/mo-waf-db.php +248 -248
  41. handler/WAF/database/mo-waf-plugin-db.php +90 -90
  42. handler/WAF/mo-waf-plugin.php +211 -211
  43. handler/WAF/mo-waf.php +206 -206
  44. handler/WAF/waf-include.php +91 -91
  45. handler/ajax.php +175 -175
  46. handler/backup.php +321 -321
  47. handler/feedback_form.php +210 -210
  48. handler/login.php +414 -414
  49. handler/malware_scanner.php +668 -668
  50. handler/mo-block.html +9 -9
  51. handler/mo-error.html +10 -10
  52. handler/mo-waf-plugin.php +409 -409
  53. handler/realtime_ip_block_free.php +51 -51
  54. handler/recaptcha.php +156 -156
  55. handler/security_features.php +47 -47
  56. handler/signature/APLFI.php +4 -4
  57. handler/signature/APSQLI.php +10 -10
  58. handler/twofa/encryption.php +45 -45
  59. handler/twofa/gaonprem.php +252 -252
  60. handler/twofa/two_fa_constants.php +441 -441
  61. handler/twofa/two_fa_get_details.php +23 -23
  62. handler/twofa/two_fa_login.php +66 -402
api/Mo2f_OnPremRedirect.php CHANGED
@@ -1,343 +1,343 @@
1
- <?php
2
- class Mo2f_OnPremRedirect {
3
-
4
- function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
- switch($authType){
6
-
7
- case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
- return $content;
9
- break;
10
- case "KBA": $content = $this->mo2f_kba_onpremise();
11
- return $content;
12
- break;
13
- case "OUT OF BAND EMAIL":
14
- break;
15
- case "EMAIL":
16
- case "OTP OVER EMAIL":
17
- case "OTP_OVER_EMAIL":
18
- return $this->mo2f_otp_over_email($otpToken,$current_user);
19
-
20
-
21
- }
22
-
23
- }
24
-
25
- function mo2f_kba_onpremise(){
26
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
- if(isset($_POST['validate'])){
28
- $user_id = wp_get_current_user()->ID;
29
- }
30
- else{
31
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
- }
33
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
- $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
- $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
- $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
- $questions_challenged = $questions_challenged[0];
38
- $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
- $all_ques_ans = $all_ques_ans[0];
40
- $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
- $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
-
45
- $pass2fa = new Miniorange_Password_2Factor_Login;
46
- $twofa_Settings = new Miniorange_Authentication;
47
- if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
- $content = json_encode($arr);
50
- delete_user_meta( $user_id, 'test_2FA' );
51
- return $content;
52
- }
53
- else {
54
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
- $content = json_encode($arr);
56
- return $content;
57
- }
58
-
59
- }
60
-
61
- function OnpremSendRedirect($useremail,$authType,$currentuser){
62
-
63
- switch($authType){
64
-
65
- case "Email Verification":
66
- case "OUT OF BAND EMAIL":
67
- $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
- return $content;
69
- case "EMAIL":
70
-
71
- case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
- return $content;
73
- case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
- return $content;
75
-
76
- }
77
-
78
- }
79
-
80
- function OnpremSecurityQuestions($user){
81
- $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
- $challenge_questions = array_keys($question_answers[0]);
83
- $random_keys = array_rand($challenge_questions,2);
84
- $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
- $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
- $questions = array($challenge_ques1,$challenge_ques2);
87
- update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
- $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
- return $response;
90
-
91
- }
92
-
93
- function mo2f_google_authenticator_onpremise($otpToken){
94
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
- $gauth_obj= new Google_auth_onpremise();
96
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
- if(is_user_logged_in()){
98
- $user = wp_get_current_user();
99
- $user_id = $user->ID;
100
- }else{
101
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
- }
103
- $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
- $content=$gauth_obj->verifyCode($secret, $otpToken);
105
- return $content;
106
- }
107
- function OnpremOTPOverEMail($current_user,$useremail=false)
108
- {
109
- return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
- }
111
- function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
- {
113
- $count_threshold = 5;
114
- global $Mo2fdbQueries;
115
- if(!isset($current_user) or is_null($current_user))
116
- {
117
- if(is_user_logged_in()){
118
- $current_user = wp_get_current_user();
119
- }else{
120
- $current_user = unserialize($_SESSION['mo2f_current_user']);
121
- }
122
- }
123
-
124
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
- {
126
- $email = get_user_meta($current_user->ID,'tempEmail',true);
127
-
128
- if($email == '' or empty($email))
129
- {
130
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
- }
132
-
133
- }
134
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
- $email = $current_user->user_email;
136
-
137
- delete_user_meta($current_user->ID,'tempEmail');
138
- $subject = '2-Factor Authentication';
139
- $headers = array('Content-Type: text/html; charset=UTF-8');
140
- $otpToken = '';
141
- for($i=1;$i<7;$i++)
142
- {
143
- $otpToken .= rand(0,9);
144
- }
145
- update_user_meta($current_user->ID,$tokenName,$otpToken);
146
- update_user_meta($current_user->ID,$timeName,time());
147
- update_user_meta($current_user->ID,'tempRegEmail',$email);
148
- $message = '<table cellpadding="25" style="margin:0px auto">
149
- <tbody>
150
- <tr>
151
- <td>
152
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
- <tbody>
154
- <tr>
155
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
- </tr>
157
- </tbody>
158
- </table>
159
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
- <tbody>
161
- <tr>
162
- <td>
163
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
- <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
- </div></div></td>
169
- </tr>
170
- </tbody>
171
- </table>
172
- </td>
173
- </tr>
174
- </tbody>
175
- </table>';
176
-
177
- $result = wp_mail($email,$subject,$message,$headers);
178
- if($result){
179
- if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
- Miniorange_Authentication::low_otp_alert("email");
181
- update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
-
184
- }else{
185
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
- }
188
- $content = json_encode($arr);
189
- return $content;
190
-
191
- }
192
-
193
- function mo2f_otp_over_email($otpToken,$current_user)
194
- {
195
- return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
- }
197
- function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
- {
199
- global $Mo2fdbQueries;
200
- if(is_null($current_user))
201
- {
202
- $current_user = wp_get_current_user();
203
- }
204
-
205
- if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
- {
207
- $user_id = $current_user->ID;
208
-
209
-
210
-
211
-
212
- $valid_token = get_user_meta($user_id,$dtoken,true);
213
-
214
-
215
- $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
-
217
-
218
- $time = get_user_meta($user_id,$dtime,true);
219
- $accepted_time = time()-300;
220
-
221
-
222
- if($accepted_time>$time)
223
- {
224
-
225
- delete_user_meta( $user_id, $dtoken );
226
- delete_user_meta( $user_id, $dtime );
227
- delete_user_meta( $user_id,'tempRegEmail');
228
-
229
- $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
- }
231
-
232
- else if($valid_token == $otpToken)
233
- {
234
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
- delete_user_meta( $user_id, $dtoken );
236
- if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
- {
238
- $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
- if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
- $Mo2fdbQueries->update_user_details($user_id,array(
241
- 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
- 'mo2f_user_email'=> $tempRegEmail));
244
- }
245
- delete_user_meta( $user_id,'tempRegEmail');
246
- }
247
- else
248
- {
249
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
- }
251
-
252
- $content = json_encode($arr);
253
- return $content;
254
-
255
- }
256
- }
257
-
258
-
259
- function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
- {
261
-
262
- global $Mo2fdbQueries;
263
-
264
- $email = get_user_meta($current_user->ID,'tempEmail',true);
265
-
266
-
267
- if(empty($email))
268
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
-
270
- $subject = "2-Factor Authentication(Email verification)";
271
- $headers = array('Content-Type: text/html; charset=UTF-8');
272
- $txid = '';
273
- $otpToken = '';
274
- $otpTokenD = '';
275
- for($i=1;$i<7;$i++)
276
- {
277
- $otpToken .= rand(0,9);
278
- $txid .= rand(100,999);
279
- $otpTokenD .= rand(0,9);
280
- }
281
- $otpTokenH = hash('sha512',$otpToken);
282
- $otpTokenDH = hash('sha512', $otpTokenD);
283
- update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
- $userID = hash('sha512',$current_user->ID);
285
- update_site_option($userID,$otpTokenH);
286
- update_site_option($txid,3);
287
- $userIDd = $userID . 'D';
288
- update_site_option($userIDd,$otpTokenDH);
289
-
290
- $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
- $result = wp_mail($email,$subject,$message,$headers);
292
-
293
- $response=array("txId"=>$txid);
294
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
- if($result)
296
- {
297
- $response['status']='SUCCESS';
298
- $time = "time".$txid;
299
- $currentTimeInMillis = round(microtime(true) * 1000);
300
- update_site_option($time,$currentTimeInMillis);
301
- }
302
- else
303
- {
304
- $response['status']='FAILED';
305
- }
306
-
307
- return json_encode($response);
308
- }
309
-
310
- function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
- $url = get_site_option('siteurl').'/wp-login.php?';
312
- $message = '<table cellpadding="25" style="margin:0px auto">
313
- <tbody>
314
- <tr>
315
- <td>
316
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
- <tbody>
318
- <tr>
319
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
- </tr>
321
- </tbody>
322
- </table>
323
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
- <tbody>
325
- <tr>
326
- <td>
327
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
- <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
- <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
- </div></div></td>
334
- </tr>
335
- </tbody>
336
- </table>
337
- </td>
338
- </tr>
339
- </tbody>
340
- </table>';
341
- return $message;
342
- }
343
- }
1
+ <?php
2
+ class Mo2f_OnPremRedirect {
3
+
4
+ function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
+ switch($authType){
6
+
7
+ case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
+ return $content;
9
+ break;
10
+ case "KBA": $content = $this->mo2f_kba_onpremise();
11
+ return $content;
12
+ break;
13
+ case "OUT OF BAND EMAIL":
14
+ break;
15
+ case "EMAIL":
16
+ case "OTP OVER EMAIL":
17
+ case "OTP_OVER_EMAIL":
18
+ return $this->mo2f_otp_over_email($otpToken,$current_user);
19
+
20
+
21
+ }
22
+
23
+ }
24
+
25
+ function mo2f_kba_onpremise(){
26
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
+ if(isset($_POST['validate'])){
28
+ $user_id = wp_get_current_user()->ID;
29
+ }
30
+ else{
31
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
+ }
33
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
+ $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
+ $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
+ $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
+ $questions_challenged = $questions_challenged[0];
38
+ $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
+ $all_ques_ans = $all_ques_ans[0];
40
+ $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
+ $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
+
45
+ $pass2fa = new Miniorange_Password_2Factor_Login;
46
+ $twofa_Settings = new Miniorange_Authentication;
47
+ if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
+ $content = json_encode($arr);
50
+ delete_user_meta( $user_id, 'test_2FA' );
51
+ return $content;
52
+ }
53
+ else {
54
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
+ $content = json_encode($arr);
56
+ return $content;
57
+ }
58
+
59
+ }
60
+
61
+ function OnpremSendRedirect($useremail,$authType,$currentuser){
62
+
63
+ switch($authType){
64
+
65
+ case "Email Verification":
66
+ case "OUT OF BAND EMAIL":
67
+ $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
+ return $content;
69
+ case "EMAIL":
70
+
71
+ case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
+ return $content;
73
+ case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
+ return $content;
75
+
76
+ }
77
+
78
+ }
79
+
80
+ function OnpremSecurityQuestions($user){
81
+ $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
+ $challenge_questions = array_keys($question_answers[0]);
83
+ $random_keys = array_rand($challenge_questions,2);
84
+ $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
+ $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
+ $questions = array($challenge_ques1,$challenge_ques2);
87
+ update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
+ $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
+ return $response;
90
+
91
+ }
92
+
93
+ function mo2f_google_authenticator_onpremise($otpToken){
94
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
+ $gauth_obj= new Google_auth_onpremise();
96
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
+ if(is_user_logged_in()){
98
+ $user = wp_get_current_user();
99
+ $user_id = $user->ID;
100
+ }else{
101
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
+ }
103
+ $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
+ $content=$gauth_obj->verifyCode($secret, $otpToken);
105
+ return $content;
106
+ }
107
+ function OnpremOTPOverEMail($current_user,$useremail=false)
108
+ {
109
+ return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
+ }
111
+ function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
+ {
113
+ $count_threshold = 5;
114
+ global $Mo2fdbQueries;
115
+ if(!isset($current_user) or is_null($current_user))
116
+ {
117
+ if(is_user_logged_in()){
118
+ $current_user = wp_get_current_user();
119
+ }else{
120
+ $current_user = unserialize($_SESSION['mo2f_current_user']);
121
+ }
122
+ }
123
+
124
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
+ {
126
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
127
+
128
+ if($email == '' or empty($email))
129
+ {
130
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
+ }
132
+
133
+ }
134
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
+ $email = $current_user->user_email;
136
+
137
+ delete_user_meta($current_user->ID,'tempEmail');
138
+ $subject = '2-Factor Authentication';
139
+ $headers = array('Content-Type: text/html; charset=UTF-8');
140
+ $otpToken = '';
141
+ for($i=1;$i<7;$i++)
142
+ {
143
+ $otpToken .= rand(0,9);
144
+ }
145
+ update_user_meta($current_user->ID,$tokenName,$otpToken);
146
+ update_user_meta($current_user->ID,$timeName,time());
147
+ update_user_meta($current_user->ID,'tempRegEmail',$email);
148
+ $message = '<table cellpadding="25" style="margin:0px auto">
149
+ <tbody>
150
+ <tr>
151
+ <td>
152
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
+ <tbody>
154
+ <tr>
155
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
+ </tr>
157
+ </tbody>
158
+ </table>
159
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
+ <tbody>
161
+ <tr>
162
+ <td>
163
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
+ <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
+ </div></div></td>
169
+ </tr>
170
+ </tbody>
171
+ </table>
172
+ </td>
173
+ </tr>
174
+ </tbody>
175
+ </table>';
176
+
177
+ $result = wp_mail($email,$subject,$message,$headers);
178
+ if($result){
179
+ if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
+ Miniorange_Authentication::low_otp_alert("email");
181
+ update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
+
184
+ }else{
185
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
+ update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
+ }
188
+ $content = json_encode($arr);
189
+ return $content;
190
+
191
+ }
192
+
193
+ function mo2f_otp_over_email($otpToken,$current_user)
194
+ {
195
+ return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
+ }
197
+ function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
+ {
199
+ global $Mo2fdbQueries;
200
+ if(is_null($current_user))
201
+ {
202
+ $current_user = wp_get_current_user();
203
+ }
204
+
205
+ if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
+ {
207
+ $user_id = $current_user->ID;
208
+
209
+
210
+
211
+
212
+ $valid_token = get_user_meta($user_id,$dtoken,true);
213
+
214
+
215
+ $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
+
217
+
218
+ $time = get_user_meta($user_id,$dtime,true);
219
+ $accepted_time = time()-300;
220
+
221
+
222
+ if($accepted_time>$time)
223
+ {
224
+
225
+ delete_user_meta( $user_id, $dtoken );
226
+ delete_user_meta( $user_id, $dtime );
227
+ delete_user_meta( $user_id,'tempRegEmail');
228
+
229
+ $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
+ }
231
+
232
+ else if($valid_token == $otpToken)
233
+ {
234
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
+ delete_user_meta( $user_id, $dtoken );
236
+ if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
+ {
238
+ $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
+ if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
+ $Mo2fdbQueries->update_user_details($user_id,array(
241
+ 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
+ 'mo2f_user_email'=> $tempRegEmail));
244
+ }
245
+ delete_user_meta( $user_id,'tempRegEmail');
246
+ }
247
+ else
248
+ {
249
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
+ }
251
+
252
+ $content = json_encode($arr);
253
+ return $content;
254
+
255
+ }
256
+ }
257
+
258
+
259
+ function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
+ {
261
+
262
+ global $Mo2fdbQueries;
263
+
264
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
265
+
266
+
267
+ if(empty($email))
268
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
+
270
+ $subject = "2-Factor Authentication(Email verification)";
271
+ $headers = array('Content-Type: text/html; charset=UTF-8');
272
+ $txid = '';
273
+ $otpToken = '';
274
+ $otpTokenD = '';
275
+ for($i=1;$i<7;$i++)
276
+ {
277
+ $otpToken .= rand(0,9);
278
+ $txid .= rand(100,999);
279
+ $otpTokenD .= rand(0,9);
280
+ }
281
+ $otpTokenH = hash('sha512',$otpToken);
282
+ $otpTokenDH = hash('sha512', $otpTokenD);
283
+ update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
+ $userID = hash('sha512',$current_user->ID);
285
+ update_site_option($userID,$otpTokenH);
286
+ update_site_option($txid,3);
287
+ $userIDd = $userID . 'D';
288
+ update_site_option($userIDd,$otpTokenDH);
289
+
290
+ $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
+ $result = wp_mail($email,$subject,$message,$headers);
292
+
293
+ $response=array("txId"=>$txid);
294
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
+ if($result)
296
+ {
297
+ $response['status']='SUCCESS';
298
+ $time = "time".$txid;
299
+ $currentTimeInMillis = round(microtime(true) * 1000);
300
+ update_site_option($time,$currentTimeInMillis);
301
+ }
302
+ else
303
+ {
304
+ $response['status']='FAILED';
305
+ }
306
+
307
+ return json_encode($response);
308
+ }
309
+
310
+ function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
+ $url = get_site_option('siteurl').'/wp-login.php?';
312
+ $message = '<table cellpadding="25" style="margin:0px auto">
313
+ <tbody>
314
+ <tr>
315
+ <td>
316
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
+ <tbody>
318
+ <tr>
319
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
+ </tr>
321
+ </tbody>
322
+ </table>
323
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
+ <tbody>
325
+ <tr>
326
+ <td>
327
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
+ <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
+ <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
+ </div></div></td>
334
+ </tr>
335
+ </tbody>
336
+ </table>
337
+ </td>
338
+ </tr>
339
+ </tbody>
340
+ </table>';
341
+ return $message;
342
+ }
343
+ }
api/class-customer-common-setup.php CHANGED
@@ -1,412 +1,412 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Cloud_Setup {
29
-
30
- public $email;
31
- public $phone;
32
- public $customerKey;
33
- public $transactionId;
34
-
35
- private $auth_mode = 2; // miniorange test or not
36
- private $https_mode = false; // website http or https
37
-
38
-
39
- function check_customer() {
40
- $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
- $email = get_option( "mo2f_email" );
42
- $mo2fApi= new Mo2f_Api();
43
- $fields = array (
44
- 'email' => $email
45
- );
46
- $field_string = json_encode ( $fields );
47
-
48
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
-
50
- $response = $mo2fApi->make_curl_call( $url, $field_string );
51
- return $response;
52
-
53
- }
54
-
55
- function guest_audit() {
56
- $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
- $email = get_option( "mo2f_email" );
58
-
59
- $user = wp_get_current_user();
60
-
61
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
- if (empty($email))
63
- $email = $user->user_email;
64
- }
65
-
66
- $mo2fApi= new Mo2f_Api();
67
- $MoWpnsUtility = new MoWpnsUtility();
68
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
- $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
- $fields = array (
71
- 'emailAddress' => $email,
72
- 'companyName'=>$company,
73
- 'cmsName'=>"WP",
74
- 'applicationType'=>'Two Factor Upgrade',
75
- 'applicationName'=>$applicationName,
76
- 'pluginVersion'=>MO2F_VERSION,
77
- 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
- );
79
-
80
-
81
-
82
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
-
84
- $field_string = json_encode ( $fields );
85
-
86
- $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
- return $response;
88
-
89
- }
90
-
91
- function send_email_alert( $email, $phone, $message ) {
92
-
93
- $url = MO_HOST_NAME . '/moas/api/notify/send';
94
-
95
- $mo2fApi= new Mo2f_Api();
96
- $customerKey = "16555";
97
- $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
-
99
- $currentTimeInMillis = $mo2fApi->get_timestamp();
100
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
- $hashValue = hash( "sha512", $stringToHash );
102
- $fromEmail = $email;
103
- $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
-
105
- global $user;
106
- $user = wp_get_current_user();
107
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
-
110
-
111
- $customer_feature = "";
112
-
113
- if ( $is_ec_with_1_user ) {
114
- $customer_feature = "V1";
115
- }else if ( $is_nc_with_1_user ) {
116
- $customer_feature = "V3";
117
- }
118
-
119
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
-
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
-
123
- $fields = array(
124
- 'customerKey' => $customerKey,
125
- 'sendEmail' => true,
126
- 'email' => array(
127
- 'customerKey' => $customerKey,
128
- 'fromEmail' => $fromEmail,
129
- 'fromName' => 'Xecurify',
130
- 'toEmail' => '2fasupport@xecurify.com',
131
- 'toName' => '2fasupport@xecurify.com',
132
- 'subject' => $subject,
133
- 'content' => $content
134
- ),
135
- );
136
- $field_string = json_encode( $fields );
137
-
138
- $headers = $mo2fApi->get_http_header_array();
139
-
140
- $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
- return $response;
142
-
143
-
144
- }
145
-
146
- function create_customer() {
147
- global $Mo2fdbQueries;
148
- if ( ! MO2f_Utility::is_curl_installed() ) {
149
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
-
151
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
- }
153
-
154
- $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
- $mo2fApi= new Mo2f_Api();
156
- global $user;
157
- $user = wp_get_current_user();
158
- $this->email = get_option( 'mo2f_email' );
159
- $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
- $password = get_option( 'mo2f_password' );
161
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
-
163
- $fields = array(
164
- 'companyName' => $company,
165
- 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
- 'productInterest' => 'API_2FA',
167
- 'email' => $this->email,
168
- 'phone' => $this->phone,
169
- 'password' => $password
170
- );
171
- $field_string = json_encode( $fields );
172
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
-
174
- $content = $mo2fApi->make_curl_call( $url, $field_string );
175
-
176
- return $content;
177
- }
178
-
179
-
180
- function get_customer_key() {
181
- if ( ! MO2f_Utility::is_curl_installed() ) {
182
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
-
184
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
- }
186
-
187
- $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
-
189
- $email = get_option( "mo2f_email" );
190
- $password = get_option( "mo2f_password" );
191
- $mo2fApi= new Mo2f_Api();
192
- $fields = array(
193
- 'email' => $email,
194
- 'password' => $password
195
- );
196
- $field_string = json_encode( $fields );
197
-
198
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
-
200
- $content = $mo2fApi->make_curl_call( $url, $field_string );
201
-
202
- return $content;
203
- }
204
-
205
-
206
- function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
-
208
- if ( ! MO2f_Utility::is_curl_installed()) {
209
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
-
211
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
- }
213
-
214
- $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
- $mo2fApi = new Mo2f_Api();
216
- /* The customer Key provided to you */
217
- $customerKey = $cKey;
218
-
219
- /* The customer API Key provided to you */
220
- $apiKey = $apiKey;
221
-
222
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
- $currentTimeInMillis = $mo2fApi->get_timestamp();
224
-
225
- /* Creating the Hash using SHA-512 algorithm */
226
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
- $hashValue = hash( "sha512", $stringToHash );
228
-
229
- $headers = $mo2fApi->get_http_header_array();
230
-
231
- $fields = '';
232
- if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
- $fields = array(
234
- 'customerKey' => $customerKey,
235
- 'email' => $uKey,
236
- 'authType' => $authType,
237
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
- );
239
- } else if ( $authType == 'SMS' ) {
240
- $authType = "SMS";
241
- $fields = array(
242
- 'customerKey' => $customerKey,
243
- 'phone' => $uKey,
244
- 'authType' => $authType
245
- );
246
- } else {
247
- $fields = array(
248
- 'customerKey' => $customerKey,
249
- 'username' => $uKey,
250
- 'authType' => $authType,
251
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
- );
253
- }
254
-
255
- $field_string = json_encode( $fields );
256
-
257
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
-
259
- $content1 = json_decode($content,true);
260
-
261
- if ( $content1['status'] == "SUCCESS" ) {
262
- if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
- Miniorange_Authentication::low_otp_alert("sms");
264
- }
265
- if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
- Miniorange_Authentication::low_otp_alert("email");
267
- }
268
- }
269
-
270
- return $content;
271
- }
272
-
273
-
274
-
275
-
276
- function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
-
278
- $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
-
280
- $customerKey = $cKey;
281
- $apiKey = $apiKey;
282
- $mo2fApi= new Mo2f_Api();
283
- $currentTimeInMillis = $mo2fApi->get_timestamp();
284
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
- $hashValue = hash( "sha512", $stringToHash );
286
-
287
- $fields = '';
288
- $fields = array(
289
- 'customerId' => $customerKey,
290
- 'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
291
- 'licenseType' => $license_type
292
- );
293
-
294
- $field_string = json_encode( $fields );
295
-
296
- $headers = $mo2fApi->get_http_header_array();
297
-
298
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
299
-
300
-
301
- return $content;
302
- }
303
-
304
-
305
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
306
- $content='';
307
- if ( ! MO2f_Utility::is_curl_installed() ) {
308
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
309
-
310
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
311
- }
312
-
313
- $url = MO_HOST_NAME . '/moas/api/auth/validate';
314
- $mo2fApi= new Mo2f_Api();
315
- /* The customer Key provided to you */
316
- $customerKey = $cKey;
317
-
318
- /* The customer API Key provided to you */
319
- $apiKey = $customerApiKey;
320
-
321
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
322
- $currentTimeInMillis = $mo2fApi->get_timestamp();
323
-
324
- /* Creating the Hash using SHA-512 algorithm */
325
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
326
- $hashValue = hash( "sha512", $stringToHash );
327
-
328
- $headers = $mo2fApi->get_http_header_array();
329
- $fields = '';
330
- if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
331
- /*check for soft token*/
332
- $fields = array(
333
- 'customerKey' => $customerKey,
334
- 'username' => $username,
335
- 'token' => $otpToken,
336
- 'authType' => $authType
337
- );
338
- } else if ( $authType == 'KBA' ) {
339
- $fields = array(
340
- 'txId' => $transactionId,
341
- 'answers' => array(
342
- array(
343
- 'question' => $otpToken[0],
344
- 'answer' => $otpToken[1]
345
- ),
346
- array(
347
- 'question' => $otpToken[2],
348
- 'answer' => $otpToken[3]
349
- )
350
- )
351
- );
352
-
353
- } else {
354
- //*check for otp over sms/email
355
- $fields = array(
356
- 'txId' => $transactionId,
357
- 'token' => $otpToken
358
- );
359
- }
360
- $field_string = json_encode( $fields );
361
-
362
-
363
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
364
- return $content;
365
- }
366
-
367
- function submit_contact_us( $q_email, $q_phone, $query ) {
368
- if ( ! MO2f_Utility::is_curl_installed() ) {
369
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
370
-
371
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
372
- }
373
-
374
- $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
375
- global $user;
376
- $user = wp_get_current_user();
377
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
378
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
379
-
380
- $mo2fApi= new Mo2f_Api();
381
- $customer_feature = "";
382
-
383
- if ( $is_ec_with_1_user ) {
384
- $customer_feature = "V1";
385
- } else if ( $is_nc_with_1_user ) {
386
- $customer_feature = "V3";
387
- }
388
- global $moWpnsUtility;
389
-
390
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
391
- $fields = array(
392
- 'firstName' => $user->user_firstname,
393
- 'lastName' => $user->user_lastname,
394
- 'company' => $_SERVER['SERVER_NAME'],
395
- 'email' => $q_email,
396
- 'ccEmail' => '2fasupport@xecurify.com',
397
- 'phone' => $q_phone,
398
- 'query' => $query
399
- );
400
- $field_string = json_encode( $fields );
401
-
402
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
403
-
404
- $content = $mo2fApi->make_curl_call( $url, $field_string );
405
-
406
- return true;
407
- }
408
-
409
- }
410
-
411
-
412
- ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Cloud_Setup {
29
+
30
+ public $email;
31
+ public $phone;
32
+ public $customerKey;
33
+ public $transactionId;
34
+
35
+ private $auth_mode = 2; // miniorange test or not
36
+ private $https_mode = false; // website http or https
37
+
38
+
39
+ function check_customer() {
40
+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
+ $email = get_option( "mo2f_email" );
42
+ $mo2fApi= new Mo2f_Api();
43
+ $fields = array (
44
+ 'email' => $email
45
+ );
46
+ $field_string = json_encode ( $fields );
47
+
48
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
+
50
+ $response = $mo2fApi->make_curl_call( $url, $field_string );
51
+ return $response;
52
+
53
+ }
54
+
55
+ function guest_audit() {
56
+ $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
+ $email = get_option( "mo2f_email" );
58
+
59
+ $user = wp_get_current_user();
60
+
61
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
+ if (empty($email))
63
+ $email = $user->user_email;
64
+ }
65
+
66
+ $mo2fApi= new Mo2f_Api();
67
+ $MoWpnsUtility = new MoWpnsUtility();
68
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
+ $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
+ $fields = array (
71
+ 'emailAddress' => $email,
72
+ 'companyName'=>$company,
73
+ 'cmsName'=>"WP",
74
+ 'applicationType'=>'Two Factor Upgrade',
75
+ 'applicationName'=>$applicationName,
76
+ 'pluginVersion'=>MO2F_VERSION,
77
+ 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
+ );
79
+
80
+
81
+
82
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
+
84
+ $field_string = json_encode ( $fields );
85
+
86
+ $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
+ return $response;
88
+
89
+ }
90
+
91
+ function send_email_alert( $email, $phone, $message ) {
92
+
93
+ $url = MO_HOST_NAME . '/moas/api/notify/send';
94
+
95
+ $mo2fApi= new Mo2f_Api();
96
+ $customerKey = "16555";
97
+ $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
+
99
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
100
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
+ $hashValue = hash( "sha512", $stringToHash );
102
+ $fromEmail = $email;
103
+ $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
+
105
+ global $user;
106
+ $user = wp_get_current_user();
107
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
+
110
+
111
+ $customer_feature = "";
112
+
113
+ if ( $is_ec_with_1_user ) {
114
+ $customer_feature = "V1";
115
+ }else if ( $is_nc_with_1_user ) {
116
+ $customer_feature = "V3";
117
+ }
118
+
119
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
+
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
+
123
+ $fields = array(
124
+ 'customerKey' => $customerKey,
125
+ 'sendEmail' => true,
126
+ 'email' => array(
127
+ 'customerKey' => $customerKey,
128
+ 'fromEmail' => $fromEmail,
129
+ 'fromName' => 'Xecurify',
130
+ 'toEmail' => '2fasupport@xecurify.com',
131
+ 'toName' => '2fasupport@xecurify.com',
132
+ 'subject' => $subject,
133
+ 'content' => $content
134
+ ),
135
+ );
136
+ $field_string = json_encode( $fields );
137
+
138
+ $headers = $mo2fApi->get_http_header_array();
139
+
140
+ $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
+ return $response;
142
+
143
+
144
+ }
145
+
146
+ function create_customer() {
147
+ global $Mo2fdbQueries;
148
+ if ( ! MO2f_Utility::is_curl_installed() ) {
149
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
+
151
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
+ }
153
+
154
+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
+ $mo2fApi= new Mo2f_Api();
156
+ global $user;
157
+ $user = wp_get_current_user();
158
+ $this->email = get_option( 'mo2f_email' );
159
+ $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
+ $password = get_option( 'mo2f_password' );
161
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
+
163
+ $fields = array(
164
+ 'companyName' => $company,
165
+ 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
+ 'productInterest' => 'API_2FA',
167
+ 'email' => $this->email,
168
+ 'phone' => $this->phone,
169
+ 'password' => $password
170
+ );
171
+ $field_string = json_encode( $fields );
172
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
+
174
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
175
+
176
+ return $content;
177
+ }
178
+
179
+
180
+ function get_customer_key() {
181
+ if ( ! MO2f_Utility::is_curl_installed() ) {
182
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
+
184
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
+ }
186
+
187
+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
+
189
+ $email = get_option( "mo2f_email" );
190
+ $password = get_option( "mo2f_password" );
191
+ $mo2fApi= new Mo2f_Api();
192
+ $fields = array(
193
+ 'email' => $email,
194
+ 'password' => $password
195
+ );
196
+ $field_string = json_encode( $fields );
197
+
198
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
+
200
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
201
+
202
+ return $content;
203
+ }
204
+
205
+
206
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
+
208
+ if ( ! MO2f_Utility::is_curl_installed()) {
209
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
+
211
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
+ }
213
+
214
+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
+ $mo2fApi = new Mo2f_Api();
216
+ /* The customer Key provided to you */
217
+ $customerKey = $cKey;
218
+
219
+ /* The customer API Key provided to you */
220
+ $apiKey = $apiKey;
221
+
222
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
224
+
225
+ /* Creating the Hash using SHA-512 algorithm */
226
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
+ $hashValue = hash( "sha512", $stringToHash );
228
+
229
+ $headers = $mo2fApi->get_http_header_array();
230
+
231
+ $fields = '';
232
+ if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
+ $fields = array(
234
+ 'customerKey' => $customerKey,
235
+ 'email' => $uKey,
236
+ 'authType' => $authType,
237
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
+ );
239
+ } else if ( $authType == 'SMS' ) {
240
+ $authType = "SMS";
241
+ $fields = array(
242
+ 'customerKey' => $customerKey,
243
+ 'phone' => $uKey,
244
+ 'authType' => $authType
245
+ );
246
+ } else {
247
+ $fields = array(
248
+ 'customerKey' => $customerKey,
249
+ 'username' => $uKey,
250
+ 'authType' => $authType,
251
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
+ );
253
+ }
254
+
255
+ $field_string = json_encode( $fields );
256
+
257
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
+
259
+ $content1 = json_decode($content,true);
260
+
261
+ if ( $content1['status'] == "SUCCESS" ) {
262
+ if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
+ Miniorange_Authentication::low_otp_alert("sms");
264
+ }
265
+ if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
+ Miniorange_Authentication::low_otp_alert("email");
267
+ }
268
+ }
269
+
270
+ return $content;
271
+ }
272
+
273
+
274
+
275
+
276
+ function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
+
278
+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
+
280
+ $customerKey = $cKey;
281
+ $apiKey = $apiKey;
282
+ $mo2fApi= new Mo2f_Api();
283
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
284
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
+ $hashValue = hash( "sha512", $stringToHash );
286
+
287
+ $fields = '';
288
+ $fields = array(
289
+ 'customerId' => $customerKey,
290
+ 'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
291
+ 'licenseType' => $license_type
292
+ );
293
+
294
+ $field_string = json_encode( $fields );
295
+
296
+ $headers = $mo2fApi->get_http_header_array();
297
+
298
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
299
+
300
+
301
+ return $content;
302
+ }
303
+
304
+
305
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
306
+ $content='';
307
+ if ( ! MO2f_Utility::is_curl_installed() ) {
308
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
309
+
310
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
311
+ }
312
+
313
+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
314
+ $mo2fApi= new Mo2f_Api();
315
+ /* The customer Key provided to you */
316
+ $customerKey = $cKey;
317
+
318
+ /* The customer API Key provided to you */
319
+ $apiKey = $customerApiKey;
320
+
321
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
322
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
323
+
324
+ /* Creating the Hash using SHA-512 algorithm */
325
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
326
+ $hashValue = hash( "sha512", $stringToHash );
327
+
328
+ $headers = $mo2fApi->get_http_header_array();
329
+ $fields = '';
330
+ if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
331
+ /*check for soft token*/
332
+ $fields = array(
333
+ 'customerKey' => $customerKey,
334
+ 'username' => $username,
335
+ 'token' => $otpToken,
336
+ 'authType' => $authType
337
+ );
338
+ } else if ( $authType == 'KBA' ) {
339
+ $fields = array(
340
+ 'txId' => $transactionId,
341
+ 'answers' => array(
342
+ array(
343
+ 'question' => $otpToken[0],
344
+ 'answer' => $otpToken[1]
345
+ ),
346
+ array(
347
+ 'question' => $otpToken[2],
348
+ 'answer' => $otpToken[3]
349
+ )
350
+ )
351
+ );
352
+
353
+ } else {
354
+ //*check for otp over sms/email
355
+ $fields = array(
356
+ 'txId' => $transactionId,
357
+ 'token' => $otpToken
358
+ );
359
+ }
360
+ $field_string = json_encode( $fields );
361
+
362
+
363
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
364
+ return $content;
365
+ }
366
+
367
+ function submit_contact_us( $q_email, $q_phone, $query ) {
368
+ if ( ! MO2f_Utility::is_curl_installed() ) {
369
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
370
+
371
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
372
+ }
373
+
374
+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
375
+ global $user;
376
+ $user = wp_get_current_user();
377
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
378
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
379
+
380
+ $mo2fApi= new Mo2f_Api();
381
+ $customer_feature = "";
382
+
383
+ if ( $is_ec_with_1_user ) {
384
+ $customer_feature = "V1";
385
+ } else if ( $is_nc_with_1_user ) {
386
+ $customer_feature = "V3";
387
+ }
388
+ global $moWpnsUtility;
389
+
390
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
391
+ $fields = array(
392
+ 'firstName' => $user->user_firstname,
393
+ 'lastName' => $user->user_lastname,
394
+ 'company' => $_SERVER['SERVER_NAME'],
395
+ 'email' => $q_email,
396
+ 'ccEmail' => '2fasupport@xecurify.com',
397
+ 'phone' => $q_phone,
398
+ 'query' => $query
399
+ );
400
+ $field_string = json_encode( $fields );
401
+
402
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
403
+
404
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
405
+
406
+ return true;
407
+ }
408
+
409
+ }
410
+
411
+
412
+ ?>
api/class-customer-onprem-setup.php CHANGED
@@ -1,73 +1,73 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
-
31
-
32
- function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
33
-
34
- $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
- if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
- if(is_null($currentuser) or !isset($currentuser))
39
- $currentuser = wp_get_current_user();
40
- $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
-
42
- }else {
43
-
44
- $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey, $currentuser=null);
45
-
46
- }
47
-
48
- return $content;
49
- }
50
-
51
-
52
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
- $content='';
54
- if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
- if(!isset($current_user) or is_null($current_user) )
58
- $current_user = wp_get_current_user();
59
- $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
- //change parameters as per your requirement but make sure other methods are not affected.
61
-
62
- }else{
63
-
64
- $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
-
66
- }
67
- return $content;
68
- }
69
-
70
-
71
- }
72
-
73
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+
31
+
32
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
33
+
34
+ $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
+ if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
+ if(is_null($currentuser) or !isset($currentuser))
39
+ $currentuser = wp_get_current_user();
40
+ $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
+
42
+ }else {
43
+
44
+ $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey, $currentuser=null);
45
+
46
+ }
47
+
48
+ return $content;
49
+ }
50
+
51
+
52
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
+ $content='';
54
+ if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
+ if(!isset($current_user) or is_null($current_user) )
58
+ $current_user = wp_get_current_user();
59
+ $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
+ //change parameters as per your requirement but make sure other methods are not affected.
61
+
62
+ }else{
63
+
64
+ $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
+
66
+ }
67
+ return $content;
68
+ }
69
+
70
+
71
+ }
72
+
73
  ?>
api/class-customer-setup.php CHANGED
@@ -1,34 +1,34 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
- //all parent methods
31
- }
32
-
33
-
34
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+ //all parent methods
31
+ }
32
+
33
+
34
  ?>
api/class-rba-attributes.php CHANGED
@@ -1,184 +1,184 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Miniorange_Rba_Attributes {
29
-
30
- private $auth_mode = 2; // miniorange test or not
31
- private $https_mode = false; // website http or https
32
-
33
- function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
-
35
- if ( ! MO2f_Utility::is_curl_installed() ) {
36
- return $this->get_curl_error_message();
37
- }
38
-
39
- $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
- $customerKey = get_option( 'mo2f_customerKey' );
41
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
- $mo2fApi= new Mo2f_Api();
43
- $http_header_array = $mo2fApi->get_http_header_array();
44
-
45
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
- }
47
-
48
- function get_curl_error_message() {
49
- $message = mo2f_lt( 'Please enable curl extension.' ) .
50
- ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
- mo2f_lt( 'Click here' ) .
52
- ' </a> ' .
53
- mo2f_lt( 'for the steps to enable curl.' );
54
-
55
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
- }
57
-
58
- function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
-
60
- if ( ! MO2f_Utility::is_curl_installed() ) {
61
- return $this->get_curl_error_message();
62
- }
63
-
64
- $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
- $customerKey = get_option( 'mo2f_customerKey' );
66
- $field_string = array(
67
- 'customerKey' => $customerKey,
68
- 'appSecret' => get_option( 'mo2f_app_secret' ),
69
- 'userKey' => $useremail,
70
- 'sessionUuid' => $sessionUuid
71
- );
72
- $mo2fApi= new Mo2f_Api();
73
-
74
- $http_header_array = $mo2fApi->get_http_header_array();
75
-
76
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
- }
78
-
79
- function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
-
81
- if ( ! MO2f_Utility::is_curl_installed() ) {
82
- return $this->get_curl_error_message();
83
- }
84
-
85
- $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
- $customerKey = get_option( 'mo2f_customerKey' );
87
- $field_string = array(
88
- 'customerKey' => $customerKey,
89
- 'userKey' => $useremail,
90
- 'sessionUuid' => $sessionUuid
91
- );
92
- $mo2fApi= new Mo2f_Api();
93
- $http_header_array = $mo2fApi->get_http_header_array();
94
-
95
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
- }
97
-
98
- function mo2f_get_app_secret() {
99
-
100
- if ( ! MO2f_Utility::is_curl_installed() ) {
101
- return $this->get_curl_error_message();
102
- }
103
-
104
- $mo2fApi= new Mo2f_Api();
105
-
106
- $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
- $customerKey = get_option( 'mo2f_customerKey' );
108
- $field_string = array(
109
- 'customerId' => $customerKey
110
- );
111
-
112
- $http_header_array = $mo2fApi->get_http_header_array();
113
-
114
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
- }
116
-
117
- function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
-
119
- if ( ! MO2f_Utility::is_curl_installed() ) {
120
- return $this->get_curl_error_message();
121
- }
122
- $mo2fApi= new Mo2f_Api();
123
- $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
- $customerKey = get_option( 'mo2f_customerKey' );
125
- $field_string = array(
126
- 'customerKey' => $customerKey,
127
- 'username' => $useremail,
128
- 'googleAuthenticatorName' => $googleAuthenticatorName
129
- );
130
-
131
- $http_header_array = $mo2fApi->get_http_header_array();
132
-
133
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
- }
135
-
136
- function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
- if(MO2F_IS_ONPREM){
138
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
- $gauth_obj= new Google_auth_onpremise();
140
- $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
- if($session_id_encrypt){
142
- $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
- }else{
144
- $secret_ga = $secret;
145
- }
146
- $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
- $value = json_decode($content,true);
148
- if($value['status'] == 'SUCCESS'){
149
- $user = wp_get_current_user();
150
- $user_id = $user->ID;
151
- $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
- update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
- update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
- global $Mo2fdbQueries;//might not need this
155
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
- }
157
- }else{
158
- if ( ! MO2f_Utility::is_curl_installed() ) {
159
- return $this->get_curl_error_message();
160
- }
161
-
162
-
163
- $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
- $mo2fApi= new Mo2f_Api();
165
-
166
- $customerKey = get_option( 'mo2f_customerKey' );
167
- $field_string = array(
168
- 'customerKey' => $customerKey,
169
- 'username' => $useremail,
170
- 'secret' => $secret,
171
- 'otpToken' => $otptoken,
172
- 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
- );
174
-
175
- $http_header_array = $mo2fApi->get_http_header_array();
176
- $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
- }
178
-
179
- return $content;
180
- }
181
-
182
- }
183
-
184
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Miniorange_Rba_Attributes {
29
+
30
+ private $auth_mode = 2; // miniorange test or not
31
+ private $https_mode = false; // website http or https
32
+
33
+ function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
+ $customerKey = get_option( 'mo2f_customerKey' );
41
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
+ $mo2fApi= new Mo2f_Api();
43
+ $http_header_array = $mo2fApi->get_http_header_array();
44
+
45
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
+ }
47
+
48
+ function get_curl_error_message() {
49
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
50
+ ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
+ mo2f_lt( 'Click here' ) .
52
+ ' </a> ' .
53
+ mo2f_lt( 'for the steps to enable curl.' );
54
+
55
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
+ }
57
+
58
+ function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
+
60
+ if ( ! MO2f_Utility::is_curl_installed() ) {
61
+ return $this->get_curl_error_message();
62
+ }
63
+
64
+ $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
+ $customerKey = get_option( 'mo2f_customerKey' );
66
+ $field_string = array(
67
+ 'customerKey' => $customerKey,
68
+ 'appSecret' => get_option( 'mo2f_app_secret' ),
69
+ 'userKey' => $useremail,
70
+ 'sessionUuid' => $sessionUuid
71
+ );
72
+ $mo2fApi= new Mo2f_Api();
73
+
74
+ $http_header_array = $mo2fApi->get_http_header_array();
75
+
76
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
+ }
78
+
79
+ function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
+
81
+ if ( ! MO2f_Utility::is_curl_installed() ) {
82
+ return $this->get_curl_error_message();
83
+ }
84
+
85
+ $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
+ $customerKey = get_option( 'mo2f_customerKey' );
87
+ $field_string = array(
88
+ 'customerKey' => $customerKey,
89
+ 'userKey' => $useremail,
90
+ 'sessionUuid' => $sessionUuid
91
+ );
92
+ $mo2fApi= new Mo2f_Api();
93
+ $http_header_array = $mo2fApi->get_http_header_array();
94
+
95
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
+ }
97
+
98
+ function mo2f_get_app_secret() {
99
+
100
+ if ( ! MO2f_Utility::is_curl_installed() ) {
101
+ return $this->get_curl_error_message();
102
+ }
103
+
104
+ $mo2fApi= new Mo2f_Api();
105
+
106
+ $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
+ $customerKey = get_option( 'mo2f_customerKey' );
108
+ $field_string = array(
109
+ 'customerId' => $customerKey
110
+ );
111
+
112
+ $http_header_array = $mo2fApi->get_http_header_array();
113
+
114
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
+ }
116
+
117
+ function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
+
119
+ if ( ! MO2f_Utility::is_curl_installed() ) {
120
+ return $this->get_curl_error_message();
121
+ }
122
+ $mo2fApi= new Mo2f_Api();
123
+ $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
+ $customerKey = get_option( 'mo2f_customerKey' );
125
+ $field_string = array(
126
+ 'customerKey' => $customerKey,
127
+ 'username' => $useremail,
128
+ 'googleAuthenticatorName' => $googleAuthenticatorName
129
+ );
130
+
131
+ $http_header_array = $mo2fApi->get_http_header_array();
132
+
133
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
+ }
135
+
136
+ function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
+ if(MO2F_IS_ONPREM){
138
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
+ $gauth_obj= new Google_auth_onpremise();
140
+ $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
+ if($session_id_encrypt){
142
+ $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
+ }else{
144
+ $secret_ga = $secret;
145
+ }
146
+ $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
+ $value = json_decode($content,true);
148
+ if($value['status'] == 'SUCCESS'){
149
+ $user = wp_get_current_user();
150
+ $user_id = $user->ID;
151
+ $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
+ update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
+ update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
+ global $Mo2fdbQueries;//might not need this
155
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
+ }
157
+ }else{
158
+ if ( ! MO2f_Utility::is_curl_installed() ) {
159
+ return $this->get_curl_error_message();
160
+ }
161
+
162
+
163
+ $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
+ $mo2fApi= new Mo2f_Api();
165
+
166
+ $customerKey = get_option( 'mo2f_customerKey' );
167
+ $field_string = array(
168
+ 'customerKey' => $customerKey,
169
+ 'username' => $useremail,
170
+ 'secret' => $secret,
171
+ 'otpToken' => $otptoken,
172
+ 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
+ );
174
+
175
+ $http_header_array = $mo2fApi->get_http_header_array();
176
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
+ }
178
+
179
+ return $content;
180
+ }
181
+
182
+ }
183
+
184
  ?>
controllers/PointersManager.php CHANGED
@@ -1,54 +1,54 @@
1
- <?php
2
-
3
- class Mo2FAPointersManager {
4
-
5
- private $pfile;
6
- private $version;
7
- private $prefix;
8
- private $pointers = array();
9
-
10
- public function __construct( $file, $version, $prefix ) {
11
- $this->pfile = file_exists( $file ) ? $file : FALSE;
12
- $this->version = str_replace( '.', '_', $version );
13
- $this->prefix = $prefix;
14
- }
15
-
16
- public function parse() {
17
- if ( empty( $this->pfile ) ) return;
18
- $pointers = (array) require_once $this->pfile;
19
- if ( empty($pointers) ) return;
20
- foreach ( $pointers as $i => $pointer ) {
21
- if(is_array($pointer)){
22
- $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
- $this->pointers[$pointer['id']] = (object) $pointer;
24
- }
25
- }
26
- }
27
-
28
- public function filter( $page ) {
29
- if ( empty( $this->pointers ) ) return array();
30
- $uid = get_current_user_id();
31
- $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
-
33
- $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
-
35
-
36
- $good = array();
37
-
38
- foreach( $this->pointers as $i => $pointer ) {
39
- if (
40
- in_array( $i, $active_ids, TRUE ) // is active
41
- && isset( $pointer->where ) // has where
42
- && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
- ) {
44
- $good[] = $pointer;
45
- }
46
- }
47
- $count = count( $good );
48
- if ( $good === 0 ) return array();
49
- foreach( array_values( $good ) as $i => $pointer ) {
50
- $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
- }
52
- return $good;
53
- }
54
  }
1
+ <?php
2
+
3
+ class Mo2FAPointersManager {
4
+
5
+ private $pfile;
6
+ private $version;
7
+ private $prefix;
8
+ private $pointers = array();
9
+
10
+ public function __construct( $file, $version, $prefix ) {
11
+ $this->pfile = file_exists( $file ) ? $file : FALSE;
12
+ $this->version = str_replace( '.', '_', $version );
13
+ $this->prefix = $prefix;
14
+ }
15
+
16
+ public function parse() {
17
+ if ( empty( $this->pfile ) ) return;
18
+ $pointers = (array) require_once $this->pfile;
19
+ if ( empty($pointers) ) return;
20
+ foreach ( $pointers as $i => $pointer ) {
21
+ if(is_array($pointer)){
22
+ $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
+ $this->pointers[$pointer['id']] = (object) $pointer;
24
+ }
25
+ }
26
+ }
27
+
28
+ public function filter( $page ) {
29
+ if ( empty( $this->pointers ) ) return array();
30
+ $uid = get_current_user_id();
31
+ $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
+
33
+ $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
+
35
+
36
+ $good = array();
37
+
38
+ foreach( $this->pointers as $i => $pointer ) {
39
+ if (
40
+ in_array( $i, $active_ids, TRUE ) // is active
41
+ && isset( $pointer->where ) // has where
42
+ && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
+ ) {
44
+ $good[] = $pointer;
45
+ }
46
+ }
47
+ $count = count( $good );
48
+ if ( $good === 0 ) return array();
49
+ foreach( array_values( $good ) as $i => $pointer ) {
50
+ $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
+ }
52
+ return $good;
53
+ }
54
  }
controllers/addons.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'addons.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'addons.php';
controllers/backup/backup.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include $mo2f_dirName. 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup.php';
1
+ <?php
2
  include $mo2f_dirName. 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup.php';
controllers/backup/backup_controller.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_setting_view.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_setting_view.php';
controllers/backup/backup_created_report.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
controllers/content-protection.php CHANGED
@@ -1,95 +1,95 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_wpns_content_protection":
9
- wpns_handle_content_protection($_POST); break;
10
- case "mo_wpns_enable_comment_spam_blocking":
11
- wpns_handle_comment_spam_blocking($_POST); break;
12
- case "mo_wpns_enable_comment_recaptcha":
13
- wpns_handle_comment_recaptcha($_POST); break;
14
- case "mo_wpns_comment_recaptcha_settings":
15
- wpns_save_comment_recaptcha($_POST); break;
16
- }
17
- }
18
-
19
-
20
- $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
- $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
- $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
- $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
- $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
- $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
- $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
- $test_recaptcha_url = "";
28
- $test_recaptcha_url_v3 = "";
29
- $wp_config = site_url().'/wp-config.php';
30
- $wp_uploads = get_site_url().'/wp-content/uploads';
31
- $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
32
- $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
33
- $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
- if($enable_recaptcha)
35
- {
36
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
37
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
- }
40
-
41
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
42
-
43
- /* CONTENT PROTECTION FUNCTIONS */
44
-
45
- //Function to save content protection settings
46
- function wpns_handle_content_protection()
47
- {
48
- isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
49
- isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
50
- isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
51
- isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
52
- if(isset($_POST['restrictAPI'])){
53
- update_site_option('mo2f_restrict_restAPI', 1);
54
- }
55
- else{
56
- update_site_option('mo2f_restrict_restAPI',0);
57
- }
58
-
59
-
60
-
61
-
62
- $mo_wpns_htaccess_handler = new MoWpnsHandler();
63
- $mo_wpns_htaccess_handler->update_htaccess_configuration();
64
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
65
- }
66
-
67
-
68
- //Function to handle comment spam blocking
69
- function wpns_handle_comment_spam_blocking($postvalue)
70
- {
71
- $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
72
- update_option('mo_wpns_enable_comment_spam_blocking', $enable);
73
- if($enable)
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
75
- else
76
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
77
- }
78
-
79
-
80
- //Function to handle reCAPTCHA for comments
81
- function wpns_handle_comment_recaptcha($postvalue)
82
- {
83
- $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
84
- update_option('mo_wpns_enable_comment_recaptcha', $enable);
85
- if($enable)
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
87
- else
88
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
89
- }
90
-
91
- function wpns_save_comment_recaptcha($postvalue){
92
- update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
93
- update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
94
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
95
  }
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_wpns_content_protection":
9
+ wpns_handle_content_protection($_POST); break;
10
+ case "mo_wpns_enable_comment_spam_blocking":
11
+ wpns_handle_comment_spam_blocking($_POST); break;
12
+ case "mo_wpns_enable_comment_recaptcha":
13
+ wpns_handle_comment_recaptcha($_POST); break;
14
+ case "mo_wpns_comment_recaptcha_settings":
15
+ wpns_save_comment_recaptcha($_POST); break;
16
+ }
17
+ }
18
+
19
+
20
+ $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
+ $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
+ $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
+ $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
+ $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
+ $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
+ $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
+ $test_recaptcha_url = "";
28
+ $test_recaptcha_url_v3 = "";
29
+ $wp_config = site_url().'/wp-config.php';
30
+ $wp_uploads = get_site_url().'/wp-content/uploads';
31
+ $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
32
+ $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
33
+ $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
+ if($enable_recaptcha)
35
+ {
36
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
37
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
+ }
40
+
41
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
42
+
43
+ /* CONTENT PROTECTION FUNCTIONS */
44
+
45
+ //Function to save content protection settings
46
+ function wpns_handle_content_protection()
47
+ {
48
+ isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
49
+ isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
50
+ isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
51
+ isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
52
+ if(isset($_POST['restrictAPI'])){
53
+ update_site_option('mo2f_restrict_restAPI', 1);
54
+ }
55
+ else{
56
+ update_site_option('mo2f_restrict_restAPI',0);
57
+ }
58
+
59
+
60
+
61
+
62
+ $mo_wpns_htaccess_handler = new MoWpnsHandler();
63
+ $mo_wpns_htaccess_handler->update_htaccess_configuration();
64
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
65
+ }
66
+
67
+
68
+ //Function to handle comment spam blocking
69
+ function wpns_handle_comment_spam_blocking($postvalue)
70
+ {
71
+ $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
72
+ update_option('mo_wpns_enable_comment_spam_blocking', $enable);
73
+ if($enable)
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
75
+ else
76
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
77
+ }
78
+
79
+
80
+ //Function to handle reCAPTCHA for comments
81
+ function wpns_handle_comment_recaptcha($postvalue)
82
+ {
83
+ $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
84
+ update_option('mo_wpns_enable_comment_recaptcha', $enable);
85
+ if($enable)
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
87
+ else
88
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
89
+ }
90
+
91
+ function wpns_save_comment_recaptcha($postvalue){
92
+ update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
93
+ update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
94
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
95
  }
controllers/dashboard_ajax.php CHANGED
@@ -1,211 +1,211 @@
1
- <?php
2
- class Mo2f_ajax_dashboard
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
- }
7
-
8
- public function mo2f_switch_functions(){
9
- if(isset($_POST) && isset($_POST['option'])){
10
- $tab_count= get_site_option('mo2f_tab_count', 0);
11
- if($tab_count == 5)
12
- update_site_option('mo_2f_switch_all', 1);
13
- else if($tab_count == 0)
14
- update_site_option('mo_2f_switch_all', 0);
15
- $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
- switch(sanitize_text_field($_POST['option']))
17
- {
18
- case "tab_all_switch":
19
- $this->mo2f_handle_all_enable($santizied_post);
20
- break;
21
- case "tab_2fa_switch":
22
- $this->mo2f_handle_2fa_enable($santizied_post);
23
- break;
24
- case "tab_waf_switch":
25
- $this->mo2f_handle_waf_enable($santizied_post);
26
- break;
27
- case "tab_login_switch":
28
- $this->mo2f_handle_login_enable($santizied_post);
29
- break;
30
- case "tab_backup_switch":
31
- $this->mo2f_handle_backup_enable($santizied_post);
32
- break;
33
- case "tab_malware_switch":
34
- $this->mo2f_handle_malware_enable($santizied_post);
35
- break;
36
- case "tab_block_switch":
37
- $this->mo2f_handle_block_enable($santizied_post);
38
- break;
39
-
40
- }
41
- }
42
- }
43
-
44
- public function mo2f_handle_all_enable($POSTED){
45
- $this->mo2f_handle_waf_enable($POSTED);
46
- $this->mo2f_handle_login_enable($POSTED);
47
- $this->mo2f_handle_backup_enable($POSTED);
48
- $this->mo2f_handle_malware_enable($POSTED);
49
- $this->mo2f_handle_block_enable($POSTED);
50
- if($POSTED){
51
- update_option('mo_2f_switch_all',1);
52
- update_site_option('mo2f_tab_count', 5);
53
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
- }
55
- else{
56
- update_option('mo_2f_switch_all', 0);
57
- update_site_option('mo2f_tab_count', 0);
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
- }
60
- }
61
-
62
- public function mo2f_handle_2fa_enable($POSTED){
63
- global $Mo2fdbQueries;
64
- $user= wp_get_current_user();
65
- $user_id= $user->user_ID;
66
- if($POSTED){
67
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
- if(sanitize_text_field($_POST['tab_2fa_switch']))
69
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
- }
71
- else{
72
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
- if(sanitize_text_field($_POST['tab_2fa_switch']))
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
- }
76
- }
77
-
78
- public function mo2f_handle_waf_enable($POSTED){
79
- if($POSTED){
80
- update_site_option('mo_2f_switch_waf', 1);
81
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
- if (isset($_POST['option'] ))
83
- {
84
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
- {
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
- }
88
- }
89
- }
90
- else{
91
- update_site_option('mo_2f_switch_waf', 0);
92
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
- update_option('WAFEnabled', 0);
94
- update_option('WAF','wafDisable');
95
- update_site_option('Rate_limiting', 0);
96
- $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
- $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
- $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
- $filePath = str_replace('\\', '/', $filePath);
100
- $file = file_get_contents($dir_name1);
101
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
- $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
- $cont .= '# END miniOrange WAF'.PHP_EOL;
104
- $file =str_replace($cont,'',$file);
105
- file_put_contents($dir_name1, $file);
106
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
- }
109
- }
110
-
111
- public function mo2f_handle_login_enable($POSTED){
112
- if($POSTED){
113
- update_site_option('mo_2f_switch_loginspam', 1);
114
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
- if (isset($_POST['option'] ))
116
- {
117
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
- }
120
- }
121
- else{
122
- update_site_option('mo_2f_switch_loginspam', 0);
123
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
- update_site_option('mo2f_enable_brute_force', false);
125
- update_site_option('mo_wpns_activate_recaptcha', false);
126
- update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
- update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
- update_site_option('mo2f_enforce_strong_passswords', 0);
131
- update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
- update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
- update_site_option('mo_wpns_enable_social_integration', false);
134
- update_site_option('mo2f_protect_wp_config', 0);
135
- update_site_option('mo2f_prevent_directory_browsing', 0);
136
- update_site_option('mo2f_disable_file_editing', 0);
137
- update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
- update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
- update_site_option('mo2f_htaccess_file', 0);
140
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
- }
143
- }
144
-
145
- public function mo2f_handle_backup_enable($POSTED){
146
- if($POSTED){
147
- update_site_option('mo_2f_switch_backup', 1);
148
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
- if (isset($_POST['option'] ))
150
- {
151
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
- }
154
- }
155
- else{
156
- update_site_option('mo_2f_switch_backup', 0);
157
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
- $handler_obj = new MoBackupSite;
159
- $handler_obj->bl_deactivate();
160
- update_site_option('mo2f_enable_cron_backup', 0);
161
- $handler_obj->file_backup_deactivate();
162
- update_site_option('mo2f_enable_cron_file_backup', 0);
163
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
- }
166
- }
167
-
168
- public function mo2f_handle_malware_enable($POSTED){
169
- if($POSTED){
170
- update_site_option('mo_2f_switch_malware', 1);
171
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
- if (isset($_POST['option'] ))
173
- {
174
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
- }
177
- }else{
178
- update_site_option('mo_2f_switch_malware', 0);
179
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
- }
183
- }
184
-
185
- public function mo2f_handle_block_enable($POSTED){
186
- if($POSTED){
187
- update_site_option('mo_2f_switch_adv_block', 1);
188
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
- if (isset($_POST['option'] ))
190
- {
191
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
- }
194
- }
195
- else{
196
- update_site_option('mo_2f_switch_adv_block', 0);
197
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
- update_site_option('mo_wpns_iprange_count', 0);
199
- update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
- update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
- update_site_option('mo_wpns_referrers', false);
202
- update_site_option('mo_wpns_countrycodes', false);
203
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
- }
206
- }
207
-
208
-
209
- }
210
- new Mo2f_ajax_dashboard();
211
  ?>
1
+ <?php
2
+ class Mo2f_ajax_dashboard
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
+ }
7
+
8
+ public function mo2f_switch_functions(){
9
+ if(isset($_POST) && isset($_POST['option'])){
10
+ $tab_count= get_site_option('mo2f_tab_count', 0);
11
+ if($tab_count == 5)
12
+ update_site_option('mo_2f_switch_all', 1);
13
+ else if($tab_count == 0)
14
+ update_site_option('mo_2f_switch_all', 0);
15
+ $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
+ switch(sanitize_text_field($_POST['option']))
17
+ {
18
+ case "tab_all_switch":
19
+ $this->mo2f_handle_all_enable($santizied_post);
20
+ break;
21
+ case "tab_2fa_switch":
22
+ $this->mo2f_handle_2fa_enable($santizied_post);
23
+ break;
24
+ case "tab_waf_switch":
25
+ $this->mo2f_handle_waf_enable($santizied_post);
26
+ break;
27
+ case "tab_login_switch":
28
+ $this->mo2f_handle_login_enable($santizied_post);
29
+ break;
30
+ case "tab_backup_switch":
31
+ $this->mo2f_handle_backup_enable($santizied_post);
32
+ break;
33
+ case "tab_malware_switch":
34
+ $this->mo2f_handle_malware_enable($santizied_post);
35
+ break;
36
+ case "tab_block_switch":
37
+ $this->mo2f_handle_block_enable($santizied_post);
38
+ break;
39
+
40
+ }
41
+ }
42
+ }
43
+
44
+ public function mo2f_handle_all_enable($POSTED){
45
+ $this->mo2f_handle_waf_enable($POSTED);
46
+ $this->mo2f_handle_login_enable($POSTED);
47
+ $this->mo2f_handle_backup_enable($POSTED);
48
+ $this->mo2f_handle_malware_enable($POSTED);
49
+ $this->mo2f_handle_block_enable($POSTED);
50
+ if($POSTED){
51
+ update_option('mo_2f_switch_all',1);
52
+ update_site_option('mo2f_tab_count', 5);
53
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
+ }
55
+ else{
56
+ update_option('mo_2f_switch_all', 0);
57
+ update_site_option('mo2f_tab_count', 0);
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
+ }
60
+ }
61
+
62
+ public function mo2f_handle_2fa_enable($POSTED){
63
+ global $Mo2fdbQueries;
64
+ $user= wp_get_current_user();
65
+ $user_id= $user->user_ID;
66
+ if($POSTED){
67
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
69
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
+ }
71
+ else{
72
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
+ }
76
+ }
77
+
78
+ public function mo2f_handle_waf_enable($POSTED){
79
+ if($POSTED){
80
+ update_site_option('mo_2f_switch_waf', 1);
81
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
+ if (isset($_POST['option'] ))
83
+ {
84
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
+ {
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
+ }
88
+ }
89
+ }
90
+ else{
91
+ update_site_option('mo_2f_switch_waf', 0);
92
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
+ update_option('WAFEnabled', 0);
94
+ update_option('WAF','wafDisable');
95
+ update_site_option('Rate_limiting', 0);
96
+ $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
+ $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
+ $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
+ $filePath = str_replace('\\', '/', $filePath);
100
+ $file = file_get_contents($dir_name1);
101
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
+ $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
104
+ $file =str_replace($cont,'',$file);
105
+ file_put_contents($dir_name1, $file);
106
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
+ }
109
+ }
110
+
111
+ public function mo2f_handle_login_enable($POSTED){
112
+ if($POSTED){
113
+ update_site_option('mo_2f_switch_loginspam', 1);
114
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
+ if (isset($_POST['option'] ))
116
+ {
117
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
+ }
120
+ }
121
+ else{
122
+ update_site_option('mo_2f_switch_loginspam', 0);
123
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
+ update_site_option('mo2f_enable_brute_force', false);
125
+ update_site_option('mo_wpns_activate_recaptcha', false);
126
+ update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
+ update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
+ update_site_option('mo2f_enforce_strong_passswords', 0);
131
+ update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
+ update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
+ update_site_option('mo_wpns_enable_social_integration', false);
134
+ update_site_option('mo2f_protect_wp_config', 0);
135
+ update_site_option('mo2f_prevent_directory_browsing', 0);
136
+ update_site_option('mo2f_disable_file_editing', 0);
137
+ update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
+ update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
+ update_site_option('mo2f_htaccess_file', 0);
140
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
+ }
143
+ }
144
+
145
+ public function mo2f_handle_backup_enable($POSTED){
146
+ if($POSTED){
147
+ update_site_option('mo_2f_switch_backup', 1);
148
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
+ if (isset($_POST['option'] ))
150
+ {
151
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
+ }
154
+ }
155
+ else{
156
+ update_site_option('mo_2f_switch_backup', 0);
157
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
+ $handler_obj = new MoBackupSite;
159
+ $handler_obj->bl_deactivate();
160
+ update_site_option('mo2f_enable_cron_backup', 0);
161
+ $handler_obj->file_backup_deactivate();
162
+ update_site_option('mo2f_enable_cron_file_backup', 0);
163
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
+ }
166
+ }
167
+
168
+ public function mo2f_handle_malware_enable($POSTED){
169
+ if($POSTED){
170
+ update_site_option('mo_2f_switch_malware', 1);
171
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
+ if (isset($_POST['option'] ))
173
+ {
174
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
+ }
177
+ }else{
178
+ update_site_option('mo_2f_switch_malware', 0);
179
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
+ }
183
+ }
184
+
185
+ public function mo2f_handle_block_enable($POSTED){
186
+ if($POSTED){
187
+ update_site_option('mo_2f_switch_adv_block', 1);
188
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
+ if (isset($_POST['option'] ))
190
+ {
191
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
+ }
194
+ }
195
+ else{
196
+ update_site_option('mo_2f_switch_adv_block', 0);
197
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
+ update_site_option('mo_wpns_iprange_count', 0);
199
+ update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
+ update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
+ update_site_option('mo_wpns_referrers', false);
202
+ update_site_option('mo_wpns_countrycodes', false);
203
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
+ }
206
+ }
207
+
208
+
209
+ }
210
+ new Mo2f_ajax_dashboard();
211
  ?>
controllers/duo_authenticator/duo_authenticator_ajax.php CHANGED
@@ -1,74 +1,74 @@
1
- <?php
2
- class Mo_2f_duo_authenticator
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
-
7
- }
8
-
9
- public function mo2f_duo_authenticator_functions(){
10
- add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
- add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
- }
13
-
14
- public function mo2f_duo_ajax_request(){
15
-
16
- switch ($_POST['call_type']) {
17
- case "check_duo_push_auth_status":
18
- $this->mo2f_check_duo_push_auth_status();
19
- break;
20
- }
21
- }
22
-
23
- public function mo2f_duo_authenticator_ajax(){
24
- switch($_POST['call_type'])
25
- {
26
-
27
- case "check_duo_push_auth_status":
28
- $this->mo2f_check_duo_push_auth_status();
29
- break;
30
- }
31
- }
32
-
33
-
34
- function mo2f_check_duo_push_auth_status(){
35
-
36
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
- {
38
- wp_send_json("ERROR");
39
- exit;
40
- }else{
41
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
- $ikey = get_site_option('mo2f_d_integration_key');
43
- $skey = get_site_option('mo2f_d_secret_key');
44
- $host = get_site_option('mo2f_d_api_hostname');
45
- $current_user = wp_get_current_user();
46
-
47
- $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
- $user_email = get_user_meta($user_id,'current_user_email');
50
- $user_email = isset($user_email[0])? $user_email[0]:'';
51
-
52
- if($user_email == '' || empty($user_email))
53
- $user_email = $current_user->user_email;
54
-
55
- $device['device'] = 'auto';
56
-
57
- $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
-
59
-
60
- if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
-
62
- wp_send_json('SUCCESS');
63
- }else{
64
-
65
- wp_send_json('ERROR');
66
- }
67
- }
68
-
69
-
70
- }
71
-
72
- }
73
- new Mo_2f_duo_authenticator();
74
- ?>
1
+ <?php
2
+ class Mo_2f_duo_authenticator
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
+
7
+ }
8
+
9
+ public function mo2f_duo_authenticator_functions(){
10
+ add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
+ add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
+ }
13
+
14
+ public function mo2f_duo_ajax_request(){
15
+
16
+ switch ($_POST['call_type']) {
17
+ case "check_duo_push_auth_status":
18
+ $this->mo2f_check_duo_push_auth_status();
19
+ break;
20
+ }
21
+ }
22
+
23
+ public function mo2f_duo_authenticator_ajax(){
24
+ switch($_POST['call_type'])
25
+ {
26
+
27
+ case "check_duo_push_auth_status":
28
+ $this->mo2f_check_duo_push_auth_status();
29
+ break;
30
+ }
31
+ }
32
+
33
+
34
+ function mo2f_check_duo_push_auth_status(){
35
+
36
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
+ {
38
+ wp_send_json("ERROR");
39
+ exit;
40
+ }else{
41
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
+ $ikey = get_site_option('mo2f_d_integration_key');
43
+ $skey = get_site_option('mo2f_d_secret_key');
44
+ $host = get_site_option('mo2f_d_api_hostname');
45
+ $current_user = wp_get_current_user();
46
+
47
+ $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
+ $user_email = get_user_meta($user_id,'current_user_email');
50
+ $user_email = isset($user_email[0])? $user_email[0]:'';
51
+
52
+ if($user_email == '' || empty($user_email))
53
+ $user_email = $current_user->user_email;
54
+
55
+ $device['device'] = 'auto';
56
+
57
+ $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
+
59
+
60
+ if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
+
62
+ wp_send_json('SUCCESS');
63
+ }else{
64
+
65
+ wp_send_json('ERROR');
66
+ }
67
+ }
68
+
69
+
70
+ }
71
+
72
+ }
73
+ new Mo_2f_duo_authenticator();
74
+ ?>
controllers/feedback_footer.php CHANGED
@@ -1,79 +1,79 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
- break;
12
- }
13
- }
14
-
15
- $current_user = wp_get_current_user();
16
- $email = get_option("mo2f_email");
17
- $phone = get_option("mo_wpns_admin_phone");
18
-
19
-
20
- /* SUPPORT FORM RELATED FUNCTIONS */
21
-
22
- //Function to handle support form submit
23
-
24
- if(empty($email))
25
- $email = $current_user->user_email;
26
-
27
- function wpns_handle_support_form_new($email,$query,$phone)
28
- {
29
- $call_setup = false;
30
- if(array_key_exists('2fa_setup_call',$_POST)===true){
31
- $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
32
- $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
33
- $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
34
- $call_setup = true;
35
- }
36
- $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
37
-
38
- if(empty($email) || empty($query)){
39
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
40
- return;
41
- }
42
-
43
- $query = sanitize_text_field( $query );
44
- $email = sanitize_text_field( $email );
45
- $phone = sanitize_text_field( $phone );
46
- $contact_us = new MocURL();
47
-
48
- if($send_configuration)
49
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
50
- else
51
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
52
-
53
- if($call_setup == false) {
54
- $query = $query.'<br><br>';
55
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
56
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
57
- } else {
58
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
59
- }
60
- } else {
61
-
62
- $local_timezone='Asia/Kolkata';
63
- $call_datetime=$call_date.$call_time;
64
- $convert_datetime = strtotime ( $call_datetime );
65
- $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
66
- $ist_date->setTimezone(new DateTimeZone($local_timezone));
67
-
68
-
69
- $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
70
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
71
-
72
- }
73
- if(json_last_error() == JSON_ERROR_NONE && $submited){
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
75
- }else{
76
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
77
- }
78
- }
79
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
+ break;
12
+ }
13
+ }
14
+
15
+ $current_user = wp_get_current_user();
16
+ $email = get_option("mo2f_email");
17
+ $phone = get_option("mo_wpns_admin_phone");
18
+
19
+
20
+ /* SUPPORT FORM RELATED FUNCTIONS */
21
+
22
+ //Function to handle support form submit
23
+
24
+ if(empty($email))
25
+ $email = $current_user->user_email;
26
+
27
+ function wpns_handle_support_form_new($email,$query,$phone)
28
+ {
29
+ $call_setup = false;
30
+ if(array_key_exists('2fa_setup_call',$_POST)===true){
31
+ $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
32
+ $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
33
+ $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
34
+ $call_setup = true;
35
+ }
36
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
37
+
38
+ if(empty($email) || empty($query)){
39
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
40
+ return;
41
+ }
42
+
43
+ $query = sanitize_text_field( $query );
44
+ $email = sanitize_text_field( $email );
45
+ $phone = sanitize_text_field( $phone );
46
+ $contact_us = new MocURL();
47
+
48
+ if($send_configuration)
49
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
50
+ else
51
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
52
+
53
+ if($call_setup == false) {
54
+ $query = $query.'<br><br>';
55
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
56
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
57
+ } else {
58
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
59
+ }
60
+ } else {
61
+
62
+ $local_timezone='Asia/Kolkata';
63
+ $call_datetime=$call_date.$call_time;
64
+ $convert_datetime = strtotime ( $call_datetime );
65
+ $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
66
+ $ist_date->setTimezone(new DateTimeZone($local_timezone));
67
+
68
+
69
+ $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
70
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
71
+
72
+ }
73
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
75
+ }else{
76
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
77
+ }
78
+ }
79
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
controllers/ip-blocking.php CHANGED
@@ -1,257 +1,257 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- $mo_wpns_handler = new MoWpnsHandler();
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch($_POST['option'])
9
- {
10
- case "mo_wpns_manual_block_ip":
11
- wpns_handle_manual_block_ip($_POST['IP']); break;
12
- case "mo_wpns_unblock_ip":
13
- wpns_handle_unblock_ip($_POST['id']); break;
14
- case "mo_wpns_whitelist_ip":
15
- wpns_handle_whitelist_ip($_POST['IP']); break;
16
- case "mo_wpns_remove_whitelist":
17
- wpns_handle_remove_whitelist($_POST['id'] ); break;
18
- }
19
- }
20
-
21
- $blockedips = $mo_wpns_handler->get_blocked_ips();
22
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
- $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
- $path = explode('plugins', $path);
25
- $img_loader_url = plugins_url().$path[1];
26
-
27
- $page_url = "";
28
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
-
30
-
31
- /** IP BLOCKING RELATED FUNCTIONS **/
32
-
33
- // Function to handle Manual Block IP form submit
34
- function wpns_handle_manual_block_ip($ip)
35
- {
36
-
37
- global $moWpnsUtility;
38
-
39
- if( $moWpnsUtility->check_empty_or_null( $ip) )
40
- {
41
- //Improper message
42
- echo("empty IP");
43
- exit;
44
- }
45
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
- {
47
- echo("INVALID_IP_FORMAT");
48
- exit;
49
- }
50
- else
51
- {
52
- $ipAddress = sanitize_text_field( $ip );
53
- $mo_wpns_config = new MoWpnsHandler();
54
- $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
- if(!$isWhitelisted)
56
- {
57
- if($mo_wpns_config->mo_wpns_is_ip_blocked($ipAddress)){
58
- //Change message
59
- echo("already blocked");
60
- exit;
61
- } else{
62
- $mo_wpns_config->mo_wpns_block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
- //not in structures
64
- ?>
65
- <table id="blockedips_table1" class="display">
66
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
- <tbody>
68
- <?php
69
- $mo_wpns_handler = new MoWpnsHandler();
70
- $blockedips = $mo_wpns_handler->get_blocked_ips();
71
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
- global $mo2f_dirName;
73
- foreach($blockedips as $blockedip)
74
- {
75
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
- if(empty($blockedip->blocked_for_time))
77
- echo "<span class=redtext>Permanently</span>";
78
- else
79
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
- }
82
- ?>
83
- </tbody>
84
- </table>
85
- <script type="text/javascript">
86
- jQuery("#blockedips_table1").DataTable({
87
- "order": [[ 3, "desc" ]]
88
- });
89
- </script>
90
- <?php
91
- exit;
92
- }
93
- }
94
- else
95
- {
96
- // Change message
97
- echo("IP_IN_WHITELISTED");
98
- exit;
99
- }
100
- }
101
- }
102
-
103
-
104
- // Function to handle Manual Block IP form submit
105
- function wpns_handle_unblock_ip($entryID)
106
- {
107
- global $moWpnsUtility;
108
-
109
- if( $moWpnsUtility->check_empty_or_null($entryID))
110
- {
111
- // Change message
112
- echo("UNKNOWN_ERROR");
113
- exit;
114
- }
115
- else
116
- {
117
- $entryid = sanitize_text_field($entryID);
118
- $mo_wpns_config = new MoWpnsHandler();
119
- $mo_wpns_config->unblock_ip_entry($entryid);
120
- //not is structure
121
- ?>
122
- <table id="blockedips_table1" class="display">
123
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
- <tbody>
125
- <?php
126
- $mo_wpns_handler = new MoWpnsHandler();
127
- $blockedips = $mo_wpns_handler->get_blocked_ips();
128
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
- global $mo2f_dirName;
130
- foreach($blockedips as $blockedip)
131
- {
132
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
- if(empty($blockedip->blocked_for_time))
134
- echo "<span class=redtext>Permanently</span>";
135
- else
136
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
- }
139
- ?>
140
- </tbody>
141
- </table>
142
- <script type="text/javascript">
143
- jQuery("#blockedips_table1").DataTable({
144
- "order": [[ 3, "desc" ]]
145
- });
146
- </script>
147
- <?php
148
-
149
- exit;
150
- }
151
- }
152
-
153
-
154
- // Function to handle Whitelist IP form submit
155
- function wpns_handle_whitelist_ip($ip)
156
- {
157
- global $moWpnsUtility;
158
- if( $moWpnsUtility->check_empty_or_null($ip))
159
- {
160
- //change message
161
- echo("EMPTY IP");
162
- exit;
163
- }
164
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
- { //change message
166
- echo("INVALID_IP");
167
- exit;
168
- }
169
- else
170
- {
171
- $ipAddress = sanitize_text_field($ip);
172
- $mo_wpns_config = new MoWpnsHandler();
173
- if($mo_wpns_config->is_whitelisted($ipAddress))
174
- {
175
- //change message
176
- echo("IP_ALREADY_WHITELISTED");
177
- exit;
178
- }
179
- else
180
- {
181
- $mo_wpns_config->whitelist_ip($ip);
182
- //Structures issues
183
- $mo_wpns_handler = new MoWpnsHandler();
184
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
-
186
- ?>
187
- <table id="whitelistedips_table1" class="display">
188
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
- <tbody>
190
- <?php
191
- foreach($whitelisted_ips as $whitelisted_ip)
192
- {
193
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
- }
195
-
196
-
197
- ?>
198
- </tbody>
199
- </table>
200
- <script type="text/javascript">
201
- jQuery("#whitelistedips_table1").DataTable({
202
- "order": [[ 1, "desc" ]]
203
- });
204
- </script>
205
-
206
- <?php
207
- exit;
208
- }
209
- }
210
- }
211
-
212
-
213
- // Function to handle remove whitelisted IP form submit
214
- function wpns_handle_remove_whitelist($entryID)
215
- {
216
- global $moWpnsUtility;
217
- if( $moWpnsUtility->check_empty_or_null($entryID))
218
- {
219
- //change Message
220
- echo("UNKNOWN_ERROR");
221
- exit;
222
- }
223
- else
224
- {
225
- $entryid = sanitize_text_field($entryID);
226
- $mo_wpns_config = new MoWpnsHandler();
227
- $mo_wpns_config->remove_whitelist_entry($entryid);
228
- //structures
229
- $mo_wpns_handler = new MoWpnsHandler();
230
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
-
232
- ?>
233
- <table id="whitelistedips_table1" class="display">
234
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
- <tbody>
236
- <?php
237
- foreach($whitelisted_ips as $whitelisted_ip)
238
- {
239
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
- }
241
-
242
-
243
- ?>
244
- </tbody>
245
- </table>
246
- <script type="text/javascript">
247
- jQuery("#whitelistedips_table1").DataTable({
248
- "order": [[ 1, "desc" ]]
249
- });
250
- </script>
251
-
252
- <?php
253
- exit;
254
- }
255
- }
256
-
257
 
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ $mo_wpns_handler = new MoWpnsHandler();
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch($_POST['option'])
9
+ {
10
+ case "mo_wpns_manual_block_ip":
11
+ wpns_handle_manual_block_ip($_POST['IP']); break;
12
+ case "mo_wpns_unblock_ip":
13
+ wpns_handle_unblock_ip($_POST['id']); break;
14
+ case "mo_wpns_whitelist_ip":
15
+ wpns_handle_whitelist_ip($_POST['IP']); break;
16
+ case "mo_wpns_remove_whitelist":
17
+ wpns_handle_remove_whitelist($_POST['id'] ); break;
18
+ }
19
+ }
20
+
21
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
22
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
+ $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
+ $path = explode('plugins', $path);
25
+ $img_loader_url = plugins_url().$path[1];
26
+
27
+ $page_url = "";
28
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
+
30
+
31
+ /** IP BLOCKING RELATED FUNCTIONS **/
32
+
33
+ // Function to handle Manual Block IP form submit
34
+ function wpns_handle_manual_block_ip($ip)
35
+ {
36
+
37
+ global $moWpnsUtility;
38
+
39
+ if( $moWpnsUtility->check_empty_or_null( $ip) )
40
+ {
41
+ //Improper message
42
+ echo("empty IP");
43
+ exit;
44
+ }
45
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
+ {
47
+ echo("INVALID_IP_FORMAT");
48
+ exit;
49
+ }
50
+ else
51
+ {
52
+ $ipAddress = sanitize_text_field( $ip );
53
+ $mo_wpns_config = new MoWpnsHandler();
54
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
+ if(!$isWhitelisted)
56
+ {
57
+ if($mo_wpns_config->mo_wpns_is_ip_blocked($ipAddress)){
58
+ //Change message
59
+ echo("already blocked");
60
+ exit;
61
+ } else{
62
+ $mo_wpns_config->mo_wpns_block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
+ //not in structures
64
+ ?>
65
+ <table id="blockedips_table1" class="display">
66
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
+ <tbody>
68
+ <?php
69
+ $mo_wpns_handler = new MoWpnsHandler();
70
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
71
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
+ global $mo2f_dirName;
73
+ foreach($blockedips as $blockedip)
74
+ {
75
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
+ if(empty($blockedip->blocked_for_time))
77
+ echo "<span class=redtext>Permanently</span>";
78
+ else
79
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
+ }
82
+ ?>
83
+ </tbody>
84
+ </table>
85
+ <script type="text/javascript">
86
+ jQuery("#blockedips_table1").DataTable({
87
+ "order": [[ 3, "desc" ]]
88
+ });
89
+ </script>
90
+ <?php
91
+ exit;
92
+ }
93
+ }
94
+ else
95
+ {
96
+ // Change message
97
+ echo("IP_IN_WHITELISTED");
98
+ exit;
99
+ }
100
+ }
101
+ }
102
+
103
+
104
+ // Function to handle Manual Block IP form submit
105
+ function wpns_handle_unblock_ip($entryID)
106
+ {
107
+ global $moWpnsUtility;
108
+
109
+ if( $moWpnsUtility->check_empty_or_null($entryID))
110
+ {
111
+ // Change message
112
+ echo("UNKNOWN_ERROR");
113
+ exit;
114
+ }
115
+ else
116
+ {
117
+ $entryid = sanitize_text_field($entryID);
118
+ $mo_wpns_config = new MoWpnsHandler();
119
+ $mo_wpns_config->unblock_ip_entry($entryid);
120
+ //not is structure
121
+ ?>
122
+ <table id="blockedips_table1" class="display">
123
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
+ <tbody>
125
+ <?php
126
+ $mo_wpns_handler = new MoWpnsHandler();
127
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
128
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
+ global $mo2f_dirName;
130
+ foreach($blockedips as $blockedip)
131
+ {
132
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
+ if(empty($blockedip->blocked_for_time))
134
+ echo "<span class=redtext>Permanently</span>";
135
+ else
136
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
+ }
139
+ ?>
140
+ </tbody>
141
+ </table>
142
+ <script type="text/javascript">
143
+ jQuery("#blockedips_table1").DataTable({
144
+ "order": [[ 3, "desc" ]]
145
+ });
146
+ </script>
147
+ <?php
148
+
149
+ exit;
150
+ }
151
+ }
152
+
153
+
154
+ // Function to handle Whitelist IP form submit
155
+ function wpns_handle_whitelist_ip($ip)
156
+ {
157
+ global $moWpnsUtility;
158
+ if( $moWpnsUtility->check_empty_or_null($ip))
159
+ {
160
+ //change message
161
+ echo("EMPTY IP");
162
+ exit;
163
+ }
164
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
+ { //change message
166
+ echo("INVALID_IP");
167
+ exit;
168
+ }
169
+ else
170
+ {
171
+ $ipAddress = sanitize_text_field($ip);
172
+ $mo_wpns_config = new MoWpnsHandler();
173
+ if($mo_wpns_config->is_whitelisted($ipAddress))
174
+ {
175
+ //change message
176
+ echo("IP_ALREADY_WHITELISTED");
177
+ exit;
178
+ }
179
+ else
180
+ {
181
+ $mo_wpns_config->whitelist_ip($ip);
182
+ //Structures issues
183
+ $mo_wpns_handler = new MoWpnsHandler();
184
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
+
186
+ ?>
187
+ <table id="whitelistedips_table1" class="display">
188
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
+ <tbody>
190
+ <?php
191
+ foreach($whitelisted_ips as $whitelisted_ip)
192
+ {
193
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
+ }
195
+
196
+
197
+ ?>
198
+ </tbody>
199
+ </table>
200
+ <script type="text/javascript">
201
+ jQuery("#whitelistedips_table1").DataTable({
202
+ "order": [[ 1, "desc" ]]
203
+ });
204
+ </script>
205
+
206
+ <?php
207
+ exit;
208
+ }
209
+ }
210
+ }
211
+
212
+
213
+ // Function to handle remove whitelisted IP form submit
214
+ function wpns_handle_remove_whitelist($entryID)
215
+ {
216
+ global $moWpnsUtility;
217
+ if( $moWpnsUtility->check_empty_or_null($entryID))
218
+ {
219
+ //change Message
220
+ echo("UNKNOWN_ERROR");
221
+ exit;
222
+ }
223
+ else
224
+ {
225
+ $entryid = sanitize_text_field($entryID);
226
+ $mo_wpns_config = new MoWpnsHandler();
227
+ $mo_wpns_config->remove_whitelist_entry($entryid);
228
+ //structures
229
+ $mo_wpns_handler = new MoWpnsHandler();
230
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
+
232
+ ?>
233
+ <table id="whitelistedips_table1" class="display">
234
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
+ <tbody>
236
+ <?php
237
+ foreach($whitelisted_ips as $whitelisted_ip)
238
+ {
239
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
+ }
241
+
242
+
243
+ ?>
244
+ </tbody>
245
+ </table>
246
+ <script type="text/javascript">
247
+ jQuery("#whitelistedips_table1").DataTable({
248
+ "order": [[ 1, "desc" ]]
249
+ });
250
+ </script>
251
+
252
+ <?php
253
+ exit;
254
+ }
255
+ }
256
+
257
 
controllers/malware_scanner/scan_malware.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- update_site_option('mo2f_visit_malware',true);
6
-
7
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
- ?>
9
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ update_site_option('mo2f_visit_malware',true);
6
+
7
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
+ ?>
9
+
controllers/navbar.php CHANGED
@@ -1,94 +1,94 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
- {
8
- case "mo_wpns_2fa_with_network_security":
9
- $security_features = new Mo_2fa_security_features();
10
- $security_features->wpns_2fa_with_network_security($_POST); break;
11
- }
12
- }
13
- $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
-
15
- if( isset( $_GET[ 'page' ])){
16
- $tab_count= get_site_option('mo2f_tab_count', 0);
17
- if($tab_count == 5)
18
- update_site_option('mo_2f_switch_all', 1);
19
- else
20
- update_site_option('mo_2f_switch_all', 0);
21
- switch($_GET['page'])
22
- {
23
- case 'mo_2fa_login_and_spam':
24
- update_option('mo_2f_switch_loginspam', 1);
25
- if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
- break;
28
- case 'mo_2fa_backup':
29
- update_option('mo_2f_switch_backup', 1);
30
- if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
- break;
33
- case 'mo_2fa_waf':
34
- update_option('mo_2f_switch_waf', 1);
35
- if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
- break;
38
- case 'mo_2fa_advancedblocking':
39
- update_option('mo_2f_switch_adv_block', 1);
40
- if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
- break;
43
-
44
- case 'mo_2fa_malwarescan':
45
- update_option('mo_2f_switch_malware', 1);
46
- if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
- break;
49
- }
50
- }
51
- $profile_url = add_query_arg( array('page' => 'mo_2fa_account' ), $_SERVER['REQUEST_URI'] );
52
- $login_security = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
53
- $waf = add_query_arg( array('page' => 'mo_2fa_waf' ), $_SERVER['REQUEST_URI'] );
54
- $login_and_spam = add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), $_SERVER['REQUEST_URI'] );
55
- $register_url = add_query_arg( array('page' => 'registration' ), $_SERVER['REQUEST_URI'] );
56
- $blocked_ips = add_query_arg( array('page' => 'mo_2fa_blockedips' ), $_SERVER['REQUEST_URI'] );
57
- $advance_block = add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), $_SERVER['REQUEST_URI'] );
58
- $notif_url = add_query_arg( array('page' => 'mo_2fa_notifications' ), $_SERVER['REQUEST_URI'] );
59
- $reports_url = add_query_arg( array('page' => 'mo_2fa_reports' ), $_SERVER['REQUEST_URI'] );
60
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI'] );
61
- $help_url = add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), $_SERVER['REQUEST_URI'] );
62
- $addons_url = add_query_arg( array('page' => 'mo_2fa_addons' ), $_SERVER['REQUEST_URI'] );
63
- $content_protect= add_query_arg( array('page' => 'content_protect' ), $_SERVER['REQUEST_URI'] );
64
- $backup = add_query_arg( array('page' => 'mo_2fa_backup' ), $_SERVER['REQUEST_URI'] );
65
- $scan_url = add_query_arg( array('page' => 'mo_2fa_malwarescan' ), $_SERVER['REQUEST_URI'] );
66
- $two_fa = add_query_arg( array('page' => 'mo_2fa_two_fa' ), $_SERVER['REQUEST_URI'] );
67
- //Added for new design
68
- $dashboard_url = add_query_arg(array('page' => 'mo_2fa_dashboard' ), $_SERVER['REQUEST_URI']);
69
- $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
70
- $request_demo_url = add_query_arg(array('page' => 'mo_2fa_request_demo' ), $_SERVER['REQUEST_URI']);
71
- $request_offer_url = add_query_arg(array('page' => 'mo_2fa_request_offer' ), $_SERVER['REQUEST_URI']);
72
-
73
- //dynamic
74
- $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
75
- $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-password-and-2fa.png';
76
- $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_login_form.png';
77
- $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
78
- $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
79
-
80
- $moPluginHandler= new MoWpnsHandler();
81
- $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
82
-
83
- $active_tab = $_GET['page'];
84
-
85
- $user_id = get_current_user_id();
86
- $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
87
- $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
88
- if(is_array($backup_codes_remaining)){
89
- $backup_codes_remaining = sizeof($backup_codes_remaining);
90
- }else{
91
- $backup_codes_remaining = 0;
92
- }
93
-
94
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
+ {
8
+ case "mo_wpns_2fa_with_network_security":
9
+ $security_features = new Mo_2fa_security_features();
10
+ $security_features->wpns_2fa_with_network_security($_POST); break;
11
+ }
12
+ }
13
+ $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
+
15
+ if( isset( $_GET[ 'page' ])){
16
+ $tab_count= get_site_option('mo2f_tab_count', 0);
17
+ if($tab_count == 5)
18
+ update_site_option('mo_2f_switch_all', 1);
19
+ else
20
+ update_site_option('mo_2f_switch_all', 0);
21
+ switch($_GET['page'])
22
+ {
23
+ case 'mo_2fa_login_and_spam':
24
+ update_option('mo_2f_switch_loginspam', 1);
25
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
+ break;
28
+ case 'mo_2fa_backup':
29
+ update_option('mo_2f_switch_backup', 1);
30
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
+ break;
33
+ case 'mo_2fa_waf':
34
+ update_option('mo_2f_switch_waf', 1);
35
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
+ break;
38
+ case 'mo_2fa_advancedblocking':
39
+ update_option('mo_2f_switch_adv_block', 1);
40
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
+ break;
43
+
44
+ case 'mo_2fa_malwarescan':
45
+ update_option('mo_2f_switch_malware', 1);
46
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
+ break;
49
+ }
50
+ }
51
+ $profile_url = add_query_arg( array('page' => 'mo_2fa_account' ), $_SERVER['REQUEST_URI'] );
52
+ $login_security = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
53
+ $waf = add_query_arg( array('page' => 'mo_2fa_waf' ), $_SERVER['REQUEST_URI'] );
54
+ $login_and_spam = add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), $_SERVER['REQUEST_URI'] );
55
+ $register_url = add_query_arg( array('page' => 'registration' ), $_SERVER['REQUEST_URI'] );
56
+ $blocked_ips = add_query_arg( array('page' => 'mo_2fa_blockedips' ), $_SERVER['REQUEST_URI'] );
57
+ $advance_block = add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), $_SERVER['REQUEST_URI'] );
58
+ $notif_url = add_query_arg( array('page' => 'mo_2fa_notifications' ), $_SERVER['REQUEST_URI'] );
59
+ $reports_url = add_query_arg( array('page' => 'mo_2fa_reports' ), $_SERVER['REQUEST_URI'] );
60
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI'] );
61
+ $help_url = add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), $_SERVER['REQUEST_URI'] );
62
+ $addons_url = add_query_arg( array('page' => 'mo_2fa_addons' ), $_SERVER['REQUEST_URI'] );
63
+ $content_protect= add_query_arg( array('page' => 'content_protect' ), $_SERVER['REQUEST_URI'] );
64
+ $backup = add_query_arg( array('page' => 'mo_2fa_backup' ), $_SERVER['REQUEST_URI'] );
65
+ $scan_url = add_query_arg( array('page' => 'mo_2fa_malwarescan' ), $_SERVER['REQUEST_URI'] );
66
+ $two_fa = add_query_arg( array('page' => 'mo_2fa_two_fa' ), $_SERVER['REQUEST_URI'] );
67
+ //Added for new design
68
+ $dashboard_url = add_query_arg(array('page' => 'mo_2fa_dashboard' ), $_SERVER['REQUEST_URI']);
69
+ $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
70
+ $request_demo_url = add_query_arg(array('page' => 'mo_2fa_request_demo' ), $_SERVER['REQUEST_URI']);
71
+ $request_offer_url = add_query_arg(array('page' => 'mo_2fa_request_offer' ), $_SERVER['REQUEST_URI']);
72
+
73
+ //dynamic
74
+ $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
75
+ $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-password-and-2fa.png';
76
+ $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_login_form.png';
77
+ $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
78
+ $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
79
+
80
+ $moPluginHandler= new MoWpnsHandler();
81
+ $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
82
+
83
+ $active_tab = $_GET['page'];
84
+
85
+ $user_id = get_current_user_id();
86
+ $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
87
+ $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
88
+ if(is_array($backup_codes_remaining)){
89
+ $backup_codes_remaining = sizeof($backup_codes_remaining);
90
+ }else{
91
+ $backup_codes_remaining = 0;
92
+ }
93
+
94
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
controllers/notification-settings.php CHANGED
@@ -1,101 +1,101 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
- $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
-
8
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
- {
10
- switch($_POST['option'])
11
- {
12
- case "mo_wpns_enable_ip_blocked_email_to_admin":
13
- wpns_handle_notify_admin_on_ip_block($_POST); break;
14
- case "mo_wpns_enable_unusual_activity_email_to_user":
15
- wpns_handle_notify_unusual_activity($_POST); break;
16
- case "custom_user_template":
17
- wpns_handle_custom_template($_POST['custom_user_template']); break;
18
- case "mo_wpns_get_manual_email" :
19
- wpns_handle_admin_email($_POST); break;
20
- case "custom_admin_template":
21
- wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
- }
23
- }
24
- if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
- update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
- $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "" : "unchacked";
27
- }
28
- $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "checked" : "";
29
- $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
-
31
- $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
- $template_type1 = 'custom_admin_template';
33
- $ip_blocking_template = array(
34
- 'textarea_name' => 'custom_admin_template',
35
- 'wpautop' => false
36
- );
37
- $fromEmail = get_option('mo2f_email');
38
- $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
- $template_type2 = 'custom_user_template';
40
- $user_activity_template = array(
41
- 'textarea_name' => 'custom_user_template',
42
- 'wpautop' => false
43
- );
44
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
-
46
-
47
-
48
- /* ADMIN NOTIFICATION SETTINGS */
49
- function wpns_handle_admin_email($postValue)
50
- {
51
- $email = sanitize_email($_POST['admin_email_address']);
52
- if(validate_email($email)){
53
- $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
54
- update_option('admin_email_address',$email);
55
- update_option( 'admin_email_address_status', $admin_email_address_status);
56
- do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
57
- }else{
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
59
- }
60
- }
61
- function validate_email($str) {
62
- return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
63
- }
64
-
65
- //Function to handle enabling and disabling of admin notification on ip blocking
66
- function wpns_handle_notify_admin_on_ip_block($postValue)
67
- {
68
- $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
69
- update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
70
-
71
- if($enable_ip_blocked_email_to_admin)
72
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
73
- else
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
75
- }
76
-
77
-
78
- //Function to handle enabling and disabling of admin notification on unusual activity
79
- function wpns_handle_notify_unusual_activity($postValue)
80
- {
81
- $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
82
- update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
83
-
84
- if($enable_unusual_activity_email_to_user)
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
86
- else
87
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
88
- }
89
-
90
-
91
- //Function to save unusual activity email template
92
- function wpns_handle_custom_template($template1,$template2=null)
93
- {
94
- if(!is_null($template1))
95
- update_option('custom_user_template', stripslashes($template1));
96
-
97
- if(!is_null($template2))
98
- update_option('custom_admin_template', stripslashes($template2));
99
-
100
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
101
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
+ $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
+
8
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
+ {
10
+ switch($_POST['option'])
11
+ {
12
+ case "mo_wpns_enable_ip_blocked_email_to_admin":
13
+ wpns_handle_notify_admin_on_ip_block($_POST); break;
14
+ case "mo_wpns_enable_unusual_activity_email_to_user":
15
+ wpns_handle_notify_unusual_activity($_POST); break;
16
+ case "custom_user_template":
17
+ wpns_handle_custom_template($_POST['custom_user_template']); break;
18
+ case "mo_wpns_get_manual_email" :
19
+ wpns_handle_admin_email($_POST); break;
20
+ case "custom_admin_template":
21
+ wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
+ }
23
+ }
24
+ if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
+ update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "" : "unchacked";
27
+ }
28
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "checked" : "";
29
+ $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
+
31
+ $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
+ $template_type1 = 'custom_admin_template';
33
+ $ip_blocking_template = array(
34
+ 'textarea_name' => 'custom_admin_template',
35
+ 'wpautop' => false
36
+ );
37
+ $fromEmail = get_option('mo2f_email');
38
+ $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
+ $template_type2 = 'custom_user_template';
40
+ $user_activity_template = array(
41
+ 'textarea_name' => 'custom_user_template',
42
+ 'wpautop' => false
43
+ );
44
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
+
46
+
47
+
48
+ /* ADMIN NOTIFICATION SETTINGS */
49
+ function wpns_handle_admin_email($postValue)
50
+ {
51
+ $email = sanitize_email($_POST['admin_email_address']);
52
+ if(validate_email($email)){
53
+ $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
54
+ update_option('admin_email_address',$email);
55
+ update_option( 'admin_email_address_status', $admin_email_address_status);
56
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
57
+ }else{
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
59
+ }
60
+ }
61
+ function validate_email($str) {
62
+ return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
63
+ }
64
+
65
+ //Function to handle enabling and disabling of admin notification on ip blocking
66
+ function wpns_handle_notify_admin_on_ip_block($postValue)
67
+ {
68
+ $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
69
+ update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
70
+
71
+ if($enable_ip_blocked_email_to_admin)
72
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
73
+ else
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
75
+ }
76
+
77
+
78
+ //Function to handle enabling and disabling of admin notification on unusual activity
79
+ function wpns_handle_notify_unusual_activity($postValue)
80
+ {
81
+ $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
82
+ update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
83
+
84
+ if($enable_unusual_activity_email_to_user)
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
86
+ else
87
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
88
+ }
89
+
90
+
91
+ //Function to save unusual activity email template
92
+ function wpns_handle_custom_template($template1,$template2=null)
93
+ {
94
+ if(!is_null($template1))
95
+ update_option('custom_user_template', stripslashes($template1));
96
+
97
+ if(!is_null($template2))
98
+ update_option('custom_admin_template', stripslashes($template2));
99
+
100
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
101
  }
controllers/pointers.php CHANGED
@@ -1,581 +1,581 @@
1
- <?php
2
-
3
- $pointers = array();
4
- $tab= 'default';
5
- if(array_key_exists('tab',$_GET))
6
- $tab = $_GET['tab'];
7
-
8
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
-
10
- {
11
- $pointers['default-miniorange-2fa-select-authentication'] = array(
12
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
- 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
- 'isdefault' => 'yes',
16
- 'edge' => 'bottom',
17
- 'align' => 'middle',
18
- 'index' => 'default-miniorange-2fa-select-authentication',
19
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
- );
21
- $pointers['default-miniorange-2fa-configure'] = array(
22
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
- 'anchor_id' => '#GoogleAuthenticator_configuration',
25
- 'isdefault' => 'yes',
26
- 'edge' => 'top',
27
- 'align' => 'left',
28
- 'index' => 'default-miniorange-2fa-configure',
29
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
- );
31
-
32
- $pointers['default-miniorange-2fa-choose_app'] = array(
33
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
- 'anchor_id' => '#mo2f_choose_app_tour',
36
- 'isdefault' => 'yes',
37
- 'edge' => 'left',
38
- 'align' => 'left',
39
- 'index' => 'default-miniorange-2fa-choose_app1',
40
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
- );
42
-
43
- $pointers['default-miniorange-2fa-download_app'] = array(
44
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
- 'anchor_id' => '#links_to_apps_tour',
47
- 'isdefault' => 'yes',
48
- 'edge' => 'left',
49
- 'align' => 'left',
50
- 'index' => 'default-miniorange-2fa-download_app1',
51
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
- );
53
-
54
-
55
- $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
- 'anchor_id' => '#displayGAQrCodeTour',
59
- 'isdefault' => 'yes',
60
- 'edge' => 'left',
61
- 'align' => 'left',
62
- 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
- );
65
- $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
- 'anchor_id' => '#mo2f_change_app_name',
69
- 'isdefault' => 'yes',
70
- 'edge' => 'left',
71
- 'align' => 'left',
72
- 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
- );
75
-
76
- $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
- 'anchor_id' => '#mo2f_scanbarcode_a',
80
- 'isdefault' => 'yes',
81
- 'edge' => 'left',
82
- 'align' => 'left',
83
- 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
- );
86
-
87
- $pointers['default-miniorange-2fa-enter-otp'] = array(
88
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
- 'anchor_id' => '#EnterOTPGATour',
91
- 'isdefault' => 'yes',
92
- 'edge' => 'right',
93
- 'align' => 'left',
94
- 'index' => 'default-miniorange-2fa-enter-otp1',
95
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
- );
97
- $pointers['default-miniorange-2fa-save-otp'] = array(
98
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
- 'anchor_id' => '#SaveOTPGATour',
101
- 'isdefault' => 'yes',
102
- 'edge' => 'right',
103
- 'align' => 'left',
104
- 'index' => 'default-miniorange-2fa-save-otp1',
105
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
- );
107
- $pointers['default-miniorange-2fa-test'] = array(
108
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
- 'anchor_id' => '#test',
111
- 'isdefault' => 'yes',
112
- 'edge' => 'right',
113
- 'align' => 'left',
114
- 'index' => 'default-miniorange-2fa-test',
115
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
- );
117
-
118
- $pointers['default-miniorange-2fa-customizations'] = array(
119
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
- 'anchor_id' => '#disable_two_factor_tour',
122
- 'isdefault' => 'yes',
123
- 'edge' => 'top',
124
- 'align' => 'left',
125
- 'index' => 'default-miniorange-2fa-customizations',
126
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
- );
128
- $pointers['default-miniorange-2fa-inline-registration'] = array(
129
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
- 'anchor_id' => '#mo2f_inline_registration_tour',
132
- 'isdefault' => 'yes',
133
- 'edge' => 'top',
134
- 'align' => 'left',
135
- 'index' => 'default-miniorange-2fa-inline-registration',
136
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
- );
138
- $pointers['default-minorange-2fa-integration'] = array(
139
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
- 'anchor_id' => '#custom_form_2fa_div',
142
- 'isdefault' => 'yes',
143
- 'edge' => 'bottom',
144
- 'align' => 'middle',
145
- 'index' => 'default-minorange-2fa-integration',
146
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
- );
148
- $pointers['default-minorange-2fa-premium-features'] = array(
149
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
- 'anchor_id' => '#custom_login_2fa',
152
- 'isdefault' => 'yes',
153
- 'edge' => 'left',
154
- 'align' => 'left',
155
- 'index' => 'default-minorange-2fa-premium-features',
156
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
- );
158
-
159
- $pointers['default-miniorange-2fa-upgrade'] = array(
160
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
- 'anchor_id' => '#mo_2fa_upgrade_tour',
163
- 'isdefault' => 'yes',
164
- 'edge' => 'top',
165
- 'align' => 'left',
166
- 'index' => 'default-miniorange-2fa-upgrade',
167
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
- );
169
- $pointers['default-miniorange-2fa-support_open'] = array(
170
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
- 'anchor_id' => '#mo_wpns_support_layout_tour',
173
- 'isdefault' => 'yes',
174
- 'edge' => 'bottom',
175
- 'align' => 'right',
176
- 'index' => 'default-miniorange-2fa-support_open',
177
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
- );
179
-
180
-
181
- }
182
- if(get_option('mo2f_tour_firewall') == 1 ){
183
- $pointers['default-miniorange-firewall-level'] = array(
184
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
- 'anchor_id' => '#mo_waf_options_tour',
187
- 'isfirewall'=> 'yes',
188
- 'edge' => 'top',
189
- 'align' => 'left',
190
- 'index' => 'default-miniorange-firewall-level',
191
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
- );
193
- $pointers['default-miniorange-firewall-attacks'] = array(
194
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
- 'anchor_id' => '#mo2f_AttackTypes',
197
- 'isfirewall'=> 'yes',
198
- 'edge' => 'bottom',
199
- 'align' => 'left',
200
- 'index' => 'default-miniorange-firewall-attacks',
201
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
- );
203
- $pointers['default-miniorange-firewall-attack-limit'] = array(
204
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
- 'anchor_id' => '#mo2f_waf_block_after',
207
- 'isfirewall'=> 'yes',
208
- 'edge' => 'bottom',
209
- 'align' => 'left',
210
- 'index' => 'default-miniorange-firewall-attack-limit',
211
- 'align' => 'left',
212
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
- );
214
-
215
- $pointers['default-miniorange-firewall-rate-limit'] = array(
216
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
- 'anchor_id' => '#mo2f_ratelimiting',
219
- 'isfirewall'=> 'yes',
220
- 'edge' => 'top',
221
- 'align' => 'left',
222
- 'index' => 'default-miniorange-firewall-rate-limit',
223
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
- );
225
- $pointers['default-miniorange-firewall-check-attacks'] = array(
226
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
- 'anchor_id' => '#mo2f_firewall_attack_dash',
229
- 'isfirewall'=> 'yes',
230
- 'edge' => 'top',
231
- 'align' => 'left',
232
- 'index' => 'default-miniorange-firewall-check-attacks',
233
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
- );
235
- $pointers['default-miniorange-2fa-upgrade'] = array(
236
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
- 'anchor_id' => '#mo_2fa_upgrade_tour',
239
- 'isfirewall' => 'yes',
240
- 'edge' => 'top',
241
- 'align' => 'left',
242
- 'index' => 'default-miniorange-2fa-upgrade',
243
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
- );
245
-
246
- $pointers['default-miniorange-firewall-support'] = array(
247
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
- 'anchor_id' => '#mo_wpns_support_layout_tour',
250
- 'isfirewall' => 'yes',
251
- 'edge' => 'bottom',
252
- 'align' => 'left',
253
- 'index' => 'default-miniorange-firewall-support',
254
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
- );
256
-
257
- }
258
-
259
- if(get_option('mo2f_tour_malware_scan') ==1){
260
- $pointers['default-miniorange-malware-scan-modes'] = array(
261
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
- 'anchor_id' => '#scan_status_table',
264
- 'ismalware' => 'yes',
265
- 'edge' => 'bottom',
266
- 'align' => 'left',
267
- 'index' => 'default-miniorange-malware-scan-modes',
268
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
- );
270
- $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
- 'anchor_id' => '#mo2f_select_scanning_files',
274
- 'ismalware' => 'yes',
275
- 'edge' => 'bottom',
276
- 'align' => 'left',
277
- 'index' => 'default-miniorange-malware-custom-scan-files',
278
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
- );
280
- $pointers['default-miniorange-malware-scan-reports'] = array(
281
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
- 'anchor_id' => '#scan_report_table',
284
- 'ismalware' => 'yes',
285
- 'edge' => 'top',
286
- 'align' => 'left',
287
- 'index' => 'default-miniorange-malware-scan-reports',
288
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
- );
290
-
291
- $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
- 'anchor_id' => '#mo2f_scan_dash',
295
- 'ismalware' => 'yes',
296
- 'edge' => 'top',
297
- 'align' => 'left',
298
- 'index' => 'default-miniorange-malware-scan-dashboard',
299
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
- );
301
- $pointers['default-miniorange-2fa-upgrade'] = array(
302
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
- 'anchor_id' => '#mo_2fa_upgrade_tour',
305
- 'ismalware' => 'yes',
306
- 'edge' => 'top',
307
- 'align' => 'left',
308
- 'index' => 'default-miniorange-2fa-upgrade',
309
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
- );
311
-
312
- $pointers['default-miniorange-malware-support'] = array(
313
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
- 'anchor_id' => '#mo_wpns_support_layout_tour',
316
- 'ismalware' => 'yes',
317
- 'edge' => 'bottom',
318
- 'align' => 'left',
319
- 'index' => 'default-miniorange-malware-support',
320
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
- );
322
-
323
- }
324
-
325
- if(get_option('mo2f_tour_advance_blocking') ==1){
326
- $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
- 'anchor_id' => '#mo2f_manual_ip_blocking',
330
- 'advcblock' => 'yes',
331
- 'edge' => 'top',
332
- 'align' => 'left',
333
- 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
- );
336
- $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
- 'anchor_id' => '#mo2f_ip_whitelisting',
340
- 'advcblock' => 'yes',
341
- 'edge' => 'top',
342
- 'align' => 'left',
343
- 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
- );
346
-
347
- $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
- 'anchor_id' => '#mo2f_ip_lookup',
351
- 'advcblock' => 'yes',
352
- 'edge' => 'bottom',
353
- 'align' => 'left',
354
- 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
- );
357
-
358
-
359
- $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
- 'anchor_id' => '#mo2f_ip_range_blocking',
363
- 'advcblock' => 'yes',
364
- 'edge' => 'top',
365
- 'align' => 'left',
366
- 'index' => 'default-miniorange-advance-blocking-IP-range',
367
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
- );
369
- $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
- 'anchor_id' => '#mo2f_htaccess_blocking',
373
- 'advcblock' => 'yes',
374
- 'edge' => 'top',
375
- 'align' => 'left',
376
- 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
- );
379
- $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
- 'anchor_id' => '#mo2f_browser_blocking',
383
- 'advcblock' => 'yes',
384
- 'edge' => 'top',
385
- 'align' => 'left',
386
- 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
- );
389
- $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
- 'anchor_id' => '#mo2f_country_blocking',
393
- 'advcblock' => 'yes',
394
- 'edge' => 'bottom',
395
- 'align' => 'left',
396
- 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
- );
399
-
400
- $pointers['default-miniorange-2fa-upgrade'] = array(
401
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
- 'anchor_id' => '#mo_2fa_upgrade_tour',
404
- 'advcblock' => 'yes',
405
- 'edge' => 'top',
406
- 'align' => 'left',
407
- 'index' => 'default-miniorange-2fa-upgrade',
408
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
- );
410
- $pointers['default-miniorange-advance-blocking-support'] = array(
411
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
- 'anchor_id' => '#mo_wpns_support_layout_tour',
414
- 'advcblock' => 'yes',
415
- 'edge' => 'bottom',
416
- 'align' => 'left',
417
- 'index' => 'default-miniorange-advance-blocking-support',
418
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
- );
420
-
421
- }
422
-
423
-
424
- if(get_option('mo2f_tour_backup') == 1 ){
425
- $pointers['default-miniorange-backup-manual-db'] = array(
426
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
- 'anchor_id' => '#mo2f_select_files_backup',
429
- 'isBackup'=> 'yes',
430
- 'edge' => 'top',
431
- 'align' => 'left',
432
- 'index' => 'default-miniorange-backup-manual-db',
433
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
- );
435
- $pointers['default-miniorange-backup-auto-db'] = array(
436
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
- 'anchor_id' => '#mo2f_auto_dbbackup',
439
- 'isBackup'=> 'yes',
440
- 'edge' => 'bottom',
441
- 'align' => 'left',
442
- 'index' => 'default-miniorange-backup-auto-db',
443
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
- );
445
- $pointers['default-miniorange-backup-file'] = array(
446
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
- 'anchor_id' => '#mo2f_schedule_backup_status',
449
- 'isBackup'=> 'yes',
450
- 'edge' => 'top',
451
- 'align' => 'left',
452
- 'index' => 'default-miniorange-backup-file',
453
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
- );
455
- $pointers['default-miniorange-backup-report'] = array(
456
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
- 'anchor_id' => '#backup_report_table',
459
- 'isBackup'=> 'yes',
460
- 'edge' => 'bottom',
461
- 'align' => 'left',
462
- 'index' => 'default-miniorange-backup-report',
463
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
- );
465
-
466
- $pointers['default-miniorange-2fa-upgrade'] = array(
467
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
- 'anchor_id' => '#mo_2fa_upgrade_tour',
470
- 'isBackup' => 'yes',
471
- 'edge' => 'top',
472
- 'align' => 'left',
473
- 'index' => 'default-miniorange-2fa-upgrade',
474
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
- );
476
- $pointers['default-miniorange-backup-support'] = array(
477
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
- 'anchor_id' => '#mo_wpns_support_layout_tour',
480
- 'isBackup' => 'yes',
481
- 'edge' => 'bottom',
482
- 'align' => 'left',
483
- 'index' => 'default-miniorange-backup-support',
484
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
- );
486
-
487
- }
488
-
489
- if(get_option('mo2f_tour_loginSpam') == 1){
490
- $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
- 'anchor_id' => '#mo2f_bruteforce',
494
- 'loginSpam' => 'yes',
495
- 'edge' => 'top',
496
- 'align' => 'left',
497
- 'index' => 'default-miniorange-login-spam-bruteforce',
498
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
- );
500
- $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
- 'anchor_id' => '#mo2f_google_recaptcha',
504
- 'loginSpam' => 'yes',
505
- 'edge' => 'top',
506
- 'align' => 'left',
507
- 'index' => 'default-miniorange-login-spam-recaptcha',
508
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
- );
510
- $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
- 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
- 'loginSpam' => 'yes',
515
- 'edge' => 'bottom',
516
- 'align' => 'left',
517
- 'index' => 'default-miniorange-login-spam-strong-pass',
518
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
- );
520
-
521
- $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
- 'anchor_id' => '#mo2f_block_registration',
525
- 'loginSpam' => 'yes',
526
- 'edge' => 'top',
527
- 'align' => 'left',
528
- 'index' => 'default-miniorange-login-spam-fake-registration',
529
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
- );
531
- $pointers['default-miniorange-login-spam-content'] = array(
532
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
- 'anchor_id' => '#mo2f_content_protection',
535
- 'loginSpam' => 'yes',
536
- 'edge' => 'bottom',
537
- 'align' => 'left',
538
- 'index' => 'default-miniorange-login-spam-content',
539
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
- );
541
- $pointers['default-miniorange-login-spam-block-spam'] = array(
542
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
- 'anchor_id' => '#mo2f_comment_protection',
545
- 'loginSpam' => 'yes',
546
- 'edge' => 'bottom',
547
- 'align' => 'left',
548
- 'index' => 'default-miniorange-login-spam-block-spam',
549
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
- );
551
- $pointers['default-miniorange-2fa-upgrade'] = array(
552
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
- 'anchor_id' => '#mo_2fa_upgrade_tour',
555
- 'loginSpam' => 'yes',
556
- 'edge' => 'top',
557
- 'align' => 'left',
558
- 'index' => 'default-miniorange-2fa-upgrade',
559
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
- );
561
-
562
- $pointers['default-miniorange-login-spam-support'] = array(
563
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
- 'anchor_id' => '#mo_wpns_support_layout_tour',
566
- 'loginSpam' => 'yes',
567
- 'edge' => 'bottom',
568
- 'align' => 'left',
569
- 'index' => 'default-miniorange-login-spam-support',
570
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
- );
572
-
573
-
574
- }
575
-
576
-
577
-
578
-
579
-
580
-
581
- return $pointers;
1
+ <?php
2
+
3
+ $pointers = array();
4
+ $tab= 'default';
5
+ if(array_key_exists('tab',$_GET))
6
+ $tab = $_GET['tab'];
7
+
8
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
+
10
+ {
11
+ $pointers['default-miniorange-2fa-select-authentication'] = array(
12
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
+ 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
+ 'isdefault' => 'yes',
16
+ 'edge' => 'bottom',
17
+ 'align' => 'middle',
18
+ 'index' => 'default-miniorange-2fa-select-authentication',
19
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
+ );
21
+ $pointers['default-miniorange-2fa-configure'] = array(
22
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
+ 'anchor_id' => '#GoogleAuthenticator_configuration',
25
+ 'isdefault' => 'yes',
26
+ 'edge' => 'top',
27
+ 'align' => 'left',
28
+ 'index' => 'default-miniorange-2fa-configure',
29
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
+ );
31
+
32
+ $pointers['default-miniorange-2fa-choose_app'] = array(
33
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
+ 'anchor_id' => '#mo2f_choose_app_tour',
36
+ 'isdefault' => 'yes',
37
+ 'edge' => 'left',
38
+ 'align' => 'left',
39
+ 'index' => 'default-miniorange-2fa-choose_app1',
40
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
+ );
42
+
43
+ $pointers['default-miniorange-2fa-download_app'] = array(
44
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
+ 'anchor_id' => '#links_to_apps_tour',
47
+ 'isdefault' => 'yes',
48
+ 'edge' => 'left',
49
+ 'align' => 'left',
50
+ 'index' => 'default-miniorange-2fa-download_app1',
51
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
+ );
53
+
54
+
55
+ $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
+ 'anchor_id' => '#displayGAQrCodeTour',
59
+ 'isdefault' => 'yes',
60
+ 'edge' => 'left',
61
+ 'align' => 'left',
62
+ 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
+ );
65
+ $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
+ 'anchor_id' => '#mo2f_change_app_name',
69
+ 'isdefault' => 'yes',
70
+ 'edge' => 'left',
71
+ 'align' => 'left',
72
+ 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
+ );
75
+
76
+ $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
+ 'anchor_id' => '#mo2f_scanbarcode_a',
80
+ 'isdefault' => 'yes',
81
+ 'edge' => 'left',
82
+ 'align' => 'left',
83
+ 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
+ );
86
+
87
+ $pointers['default-miniorange-2fa-enter-otp'] = array(
88
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
+ 'anchor_id' => '#EnterOTPGATour',
91
+ 'isdefault' => 'yes',
92
+ 'edge' => 'right',
93
+ 'align' => 'left',
94
+ 'index' => 'default-miniorange-2fa-enter-otp1',
95
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
+ );
97
+ $pointers['default-miniorange-2fa-save-otp'] = array(
98
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
+ 'anchor_id' => '#SaveOTPGATour',
101
+ 'isdefault' => 'yes',
102
+ 'edge' => 'right',
103
+ 'align' => 'left',
104
+ 'index' => 'default-miniorange-2fa-save-otp1',
105
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
+ );
107
+ $pointers['default-miniorange-2fa-test'] = array(
108
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
+ 'anchor_id' => '#test',
111
+ 'isdefault' => 'yes',
112
+ 'edge' => 'right',
113
+ 'align' => 'left',
114
+ 'index' => 'default-miniorange-2fa-test',
115
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
+ );
117
+
118
+ $pointers['default-miniorange-2fa-customizations'] = array(
119
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
+ 'anchor_id' => '#disable_two_factor_tour',
122
+ 'isdefault' => 'yes',
123
+ 'edge' => 'top',
124
+ 'align' => 'left',
125
+ 'index' => 'default-miniorange-2fa-customizations',
126
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
+ );
128
+ $pointers['default-miniorange-2fa-inline-registration'] = array(
129
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
+ 'anchor_id' => '#mo2f_inline_registration_tour',
132
+ 'isdefault' => 'yes',
133
+ 'edge' => 'top',
134
+ 'align' => 'left',
135
+ 'index' => 'default-miniorange-2fa-inline-registration',
136
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
+ );
138
+ $pointers['default-minorange-2fa-integration'] = array(
139
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
+ 'anchor_id' => '#custom_form_2fa_div',
142
+ 'isdefault' => 'yes',
143
+ 'edge' => 'bottom',
144
+ 'align' => 'middle',
145
+ 'index' => 'default-minorange-2fa-integration',
146
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
+ );
148
+ $pointers['default-minorange-2fa-premium-features'] = array(
149
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
+ 'anchor_id' => '#custom_login_2fa',
152
+ 'isdefault' => 'yes',
153
+ 'edge' => 'left',
154
+ 'align' => 'left',
155
+ 'index' => 'default-minorange-2fa-premium-features',
156
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
+ );
158
+
159
+ $pointers['default-miniorange-2fa-upgrade'] = array(
160
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
163
+ 'isdefault' => 'yes',
164
+ 'edge' => 'top',
165
+ 'align' => 'left',
166
+ 'index' => 'default-miniorange-2fa-upgrade',
167
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
+ );
169
+ $pointers['default-miniorange-2fa-support_open'] = array(
170
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
173
+ 'isdefault' => 'yes',
174
+ 'edge' => 'bottom',
175
+ 'align' => 'right',
176
+ 'index' => 'default-miniorange-2fa-support_open',
177
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
+ );
179
+
180
+
181
+ }
182
+ if(get_option('mo2f_tour_firewall') == 1 ){
183
+ $pointers['default-miniorange-firewall-level'] = array(
184
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
+ 'anchor_id' => '#mo_waf_options_tour',
187
+ 'isfirewall'=> 'yes',
188
+ 'edge' => 'top',
189
+ 'align' => 'left',
190
+ 'index' => 'default-miniorange-firewall-level',
191
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
+ );
193
+ $pointers['default-miniorange-firewall-attacks'] = array(
194
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
+ 'anchor_id' => '#mo2f_AttackTypes',
197
+ 'isfirewall'=> 'yes',
198
+ 'edge' => 'bottom',
199
+ 'align' => 'left',
200
+ 'index' => 'default-miniorange-firewall-attacks',
201
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
+ );
203
+ $pointers['default-miniorange-firewall-attack-limit'] = array(
204
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
+ 'anchor_id' => '#mo2f_waf_block_after',
207
+ 'isfirewall'=> 'yes',
208
+ 'edge' => 'bottom',
209
+ 'align' => 'left',
210
+ 'index' => 'default-miniorange-firewall-attack-limit',
211
+ 'align' => 'left',
212
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
+ );
214
+
215
+ $pointers['default-miniorange-firewall-rate-limit'] = array(
216
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
+ 'anchor_id' => '#mo2f_ratelimiting',
219
+ 'isfirewall'=> 'yes',
220
+ 'edge' => 'top',
221
+ 'align' => 'left',
222
+ 'index' => 'default-miniorange-firewall-rate-limit',
223
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
+ );
225
+ $pointers['default-miniorange-firewall-check-attacks'] = array(
226
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
+ 'anchor_id' => '#mo2f_firewall_attack_dash',
229
+ 'isfirewall'=> 'yes',
230
+ 'edge' => 'top',
231
+ 'align' => 'left',
232
+ 'index' => 'default-miniorange-firewall-check-attacks',
233
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
+ );
235
+ $pointers['default-miniorange-2fa-upgrade'] = array(
236
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
239
+ 'isfirewall' => 'yes',
240
+ 'edge' => 'top',
241
+ 'align' => 'left',
242
+ 'index' => 'default-miniorange-2fa-upgrade',
243
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
+ );
245
+
246
+ $pointers['default-miniorange-firewall-support'] = array(
247
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
250
+ 'isfirewall' => 'yes',
251
+ 'edge' => 'bottom',
252
+ 'align' => 'left',
253
+ 'index' => 'default-miniorange-firewall-support',
254
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
+ );
256
+
257
+ }
258
+
259
+ if(get_option('mo2f_tour_malware_scan') ==1){
260
+ $pointers['default-miniorange-malware-scan-modes'] = array(
261
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
+ 'anchor_id' => '#scan_status_table',
264
+ 'ismalware' => 'yes',
265
+ 'edge' => 'bottom',
266
+ 'align' => 'left',
267
+ 'index' => 'default-miniorange-malware-scan-modes',
268
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
+ );
270
+ $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
+ 'anchor_id' => '#mo2f_select_scanning_files',
274
+ 'ismalware' => 'yes',
275
+ 'edge' => 'bottom',
276
+ 'align' => 'left',
277
+ 'index' => 'default-miniorange-malware-custom-scan-files',
278
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
+ );
280
+ $pointers['default-miniorange-malware-scan-reports'] = array(
281
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
+ 'anchor_id' => '#scan_report_table',
284
+ 'ismalware' => 'yes',
285
+ 'edge' => 'top',
286
+ 'align' => 'left',
287
+ 'index' => 'default-miniorange-malware-scan-reports',
288
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
+ );
290
+
291
+ $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
+ 'anchor_id' => '#mo2f_scan_dash',
295
+ 'ismalware' => 'yes',
296
+ 'edge' => 'top',
297
+ 'align' => 'left',
298
+ 'index' => 'default-miniorange-malware-scan-dashboard',
299
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
+ );
301
+ $pointers['default-miniorange-2fa-upgrade'] = array(
302
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
305
+ 'ismalware' => 'yes',
306
+ 'edge' => 'top',
307
+ 'align' => 'left',
308
+ 'index' => 'default-miniorange-2fa-upgrade',
309
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
+ );
311
+
312
+ $pointers['default-miniorange-malware-support'] = array(
313
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
316
+ 'ismalware' => 'yes',
317
+ 'edge' => 'bottom',
318
+ 'align' => 'left',
319
+ 'index' => 'default-miniorange-malware-support',
320
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
+ );
322
+
323
+ }
324
+
325
+ if(get_option('mo2f_tour_advance_blocking') ==1){
326
+ $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
+ 'anchor_id' => '#mo2f_manual_ip_blocking',
330
+ 'advcblock' => 'yes',
331
+ 'edge' => 'top',
332
+ 'align' => 'left',
333
+ 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
+ );
336
+ $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
+ 'anchor_id' => '#mo2f_ip_whitelisting',
340
+ 'advcblock' => 'yes',
341
+ 'edge' => 'top',
342
+ 'align' => 'left',
343
+ 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
+ );
346
+
347
+ $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
+ 'anchor_id' => '#mo2f_ip_lookup',
351
+ 'advcblock' => 'yes',
352
+ 'edge' => 'bottom',
353
+ 'align' => 'left',
354
+ 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
+ );
357
+
358
+
359
+ $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
+ 'anchor_id' => '#mo2f_ip_range_blocking',
363
+ 'advcblock' => 'yes',
364
+ 'edge' => 'top',
365
+ 'align' => 'left',
366
+ 'index' => 'default-miniorange-advance-blocking-IP-range',
367
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
+ );
369
+ $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
+ 'anchor_id' => '#mo2f_htaccess_blocking',
373
+ 'advcblock' => 'yes',
374
+ 'edge' => 'top',
375
+ 'align' => 'left',
376
+ 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
+ );
379
+ $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
+ 'anchor_id' => '#mo2f_browser_blocking',
383
+ 'advcblock' => 'yes',
384
+ 'edge' => 'top',
385
+ 'align' => 'left',
386
+ 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
+ );
389
+ $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
+ 'anchor_id' => '#mo2f_country_blocking',
393
+ 'advcblock' => 'yes',
394
+ 'edge' => 'bottom',
395
+ 'align' => 'left',
396
+ 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
+ );
399
+
400
+ $pointers['default-miniorange-2fa-upgrade'] = array(
401
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
404
+ 'advcblock' => 'yes',
405
+ 'edge' => 'top',
406
+ 'align' => 'left',
407
+ 'index' => 'default-miniorange-2fa-upgrade',
408
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
+ );
410
+ $pointers['default-miniorange-advance-blocking-support'] = array(
411
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
414
+ 'advcblock' => 'yes',
415
+ 'edge' => 'bottom',
416
+ 'align' => 'left',
417
+ 'index' => 'default-miniorange-advance-blocking-support',
418
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
+ );
420
+
421
+ }
422
+
423
+
424
+ if(get_option('mo2f_tour_backup') == 1 ){
425
+ $pointers['default-miniorange-backup-manual-db'] = array(
426
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
+ 'anchor_id' => '#mo2f_select_files_backup',
429
+ 'isBackup'=> 'yes',
430
+ 'edge' => 'top',
431
+ 'align' => 'left',
432
+ 'index' => 'default-miniorange-backup-manual-db',
433
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
+ );
435
+ $pointers['default-miniorange-backup-auto-db'] = array(
436
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
+ 'anchor_id' => '#mo2f_auto_dbbackup',
439
+ 'isBackup'=> 'yes',
440
+ 'edge' => 'bottom',
441
+ 'align' => 'left',
442
+ 'index' => 'default-miniorange-backup-auto-db',
443
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
+ );
445
+ $pointers['default-miniorange-backup-file'] = array(
446
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
+ 'anchor_id' => '#mo2f_schedule_backup_status',
449
+ 'isBackup'=> 'yes',
450
+ 'edge' => 'top',
451
+ 'align' => 'left',
452
+ 'index' => 'default-miniorange-backup-file',
453
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
+ );
455
+ $pointers['default-miniorange-backup-report'] = array(
456
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
+ 'anchor_id' => '#backup_report_table',
459
+ 'isBackup'=> 'yes',
460
+ 'edge' => 'bottom',
461
+ 'align' => 'left',
462
+ 'index' => 'default-miniorange-backup-report',
463
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
+ );
465
+
466
+ $pointers['default-miniorange-2fa-upgrade'] = array(
467
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
470
+ 'isBackup' => 'yes',
471
+ 'edge' => 'top',
472
+ 'align' => 'left',
473
+ 'index' => 'default-miniorange-2fa-upgrade',
474
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
+ );
476
+ $pointers['default-miniorange-backup-support'] = array(
477
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
480
+ 'isBackup' => 'yes',
481
+ 'edge' => 'bottom',
482
+ 'align' => 'left',
483
+ 'index' => 'default-miniorange-backup-support',
484
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
+ );
486
+
487
+ }
488
+
489
+ if(get_option('mo2f_tour_loginSpam') == 1){
490
+ $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
+ 'anchor_id' => '#mo2f_bruteforce',
494
+ 'loginSpam' => 'yes',
495
+ 'edge' => 'top',
496
+ 'align' => 'left',
497
+ 'index' => 'default-miniorange-login-spam-bruteforce',
498
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
+ );
500
+ $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
+ 'anchor_id' => '#mo2f_google_recaptcha',
504
+ 'loginSpam' => 'yes',
505
+ 'edge' => 'top',
506
+ 'align' => 'left',
507
+ 'index' => 'default-miniorange-login-spam-recaptcha',
508
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
+ );
510
+ $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
+ 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
+ 'loginSpam' => 'yes',
515
+ 'edge' => 'bottom',
516
+ 'align' => 'left',
517
+ 'index' => 'default-miniorange-login-spam-strong-pass',
518
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
+ );
520
+
521
+ $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
+ 'anchor_id' => '#mo2f_block_registration',
525
+ 'loginSpam' => 'yes',
526
+ 'edge' => 'top',
527
+ 'align' => 'left',
528
+ 'index' => 'default-miniorange-login-spam-fake-registration',
529
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
+ );
531
+ $pointers['default-miniorange-login-spam-content'] = array(
532
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
+ 'anchor_id' => '#mo2f_content_protection',
535
+ 'loginSpam' => 'yes',
536
+ 'edge' => 'bottom',
537
+ 'align' => 'left',
538
+ 'index' => 'default-miniorange-login-spam-content',
539
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
+ );
541
+ $pointers['default-miniorange-login-spam-block-spam'] = array(
542
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
+ 'anchor_id' => '#mo2f_comment_protection',
545
+ 'loginSpam' => 'yes',
546
+ 'edge' => 'bottom',
547
+ 'align' => 'left',
548
+ 'index' => 'default-miniorange-login-spam-block-spam',
549
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
+ );
551
+ $pointers['default-miniorange-2fa-upgrade'] = array(
552
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
555
+ 'loginSpam' => 'yes',
556
+ 'edge' => 'top',
557
+ 'align' => 'left',
558
+ 'index' => 'default-miniorange-2fa-upgrade',
559
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
+ );
561
+
562
+ $pointers['default-miniorange-login-spam-support'] = array(
563
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
566
+ 'loginSpam' => 'yes',
567
+ 'edge' => 'bottom',
568
+ 'align' => 'left',
569
+ 'index' => 'default-miniorange-login-spam-support',
570
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
+ );
572
+
573
+
574
+ }
575
+
576
+
577
+
578
+
579
+
580
+
581
+ return $pointers;
controllers/reports.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
- global $wpdb;
7
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
-
9
- }
10
-
11
-
12
-
13
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
- global $wpdb;
15
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
-
17
- }
18
-
19
- $mo_wpns_handler = new MoWpnsHandler();
20
- $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
- $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
-
23
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
-
25
  ?>
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
+ global $wpdb;
7
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
+
9
+ }
10
+
11
+
12
+
13
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
+ global $wpdb;
15
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
+
17
+ }
18
+
19
+ $mo_wpns_handler = new MoWpnsHandler();
20
+ $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
+ $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
+
23
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
+
25
  ?>
controllers/request_christmas_offer.php ADDED
@@ -0,0 +1,48 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_christmas_request_form":
9
+ wpns_handle_christmas_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
+
15
+ function wpns_handle_christmas_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $usecase = sanitize_text_field( $usecase );
30
+ $email = sanitize_text_field( $email );
31
+ $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
+ $query .= ' =>';
33
+ $query .= ' : ';
34
+ $query .= $usecase;
35
+ $contact_us = new MocURL();
36
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
+
38
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
39
+ {
40
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
+ return;
42
+ }
43
+ else{
44
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
+ }
46
+ }
47
+ }
48
+ ?>
controllers/request_demo.php ADDED
@@ -0,0 +1,51 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_demo_request_form":
9
+ wpns_handle_demo_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
+
15
+ function wpns_handle_demo_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
+ $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
+ return;
22
+ }
23
+ if(empty($usecase) || empty($email) || empty($demo_plan) )
24
+ {
25
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
+ return;
27
+ }
28
+ else{
29
+
30
+ $usecase = sanitize_text_field( $usecase );
31
+ $email = sanitize_text_field( $email );
32
+ $demo_plan = sanitize_text_field($demo_plan);
33
+ $query = 'REQUEST FOR DEMO';
34
+ $query .= ' =>';
35
+ $query .= $demo_plan;
36
+ $query .= ' : ';
37
+ $query .= $usecase;
38
+ $contact_us = new MocURL();
39
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
+
41
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
42
+ {
43
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
+ return;
45
+ }
46
+ else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ }
49
+ }
50
+ }
51
+ ?>
controllers/request_offer.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_offer_request_form":
9
- wpns_handle_offer_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
-
15
- function wpns_handle_offer_request_form($post){
16
- $nonce = sanitize_text_field($post['nonce']);
17
- $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
- $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $query = 'REQUEST FOR NEW YEAR OFFERS';
30
- $query .= ' =>';
31
- $query .= ' : ';
32
- $query .= $usecase;
33
- $contact_us = new MocURL();
34
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
-
36
- if(json_last_error() == JSON_ERROR_NONE && $submited)
37
- {
38
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
- return;
40
- }
41
- else{
42
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
- }
44
- }
45
- }
46
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_offer_request_form":
9
+ wpns_handle_offer_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
+
15
+ function wpns_handle_offer_request_form($post){
16
+ $nonce = sanitize_text_field($post['nonce']);
17
+ $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
+ $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $query = 'REQUEST FOR NEW YEAR OFFERS';
30
+ $query .= ' =>';
31
+ $query .= ' : ';
32
+ $query .= $usecase;
33
+ $contact_us = new MocURL();
34
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
+
36
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
37
+ {
38
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
+ return;
40
+ }
41
+ else{
42
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
+ }
44
+ }
45
+ }
46
  ?>
controllers/support.php CHANGED
@@ -1,77 +1,77 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
11
- }
12
- }
13
-
14
- $current_user = wp_get_current_user();
15
- $email = get_option("mo2f_email");
16
- $phone = get_option("mo_wpns_admin_phone");
17
-
18
-
19
- if(empty($email))
20
- $email = $current_user->user_email;
21
-
22
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
23
-
24
-
25
- /* SUPPORT FORM RELATED FUNCTIONS */
26
-
27
- //Function to handle support form submit
28
- function wpns_handle_support_form($email,$query,$phone)
29
- {
30
- $call_setup = false;
31
- if(array_key_exists('2fa_setup_call',$_POST)===true){
32
- $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
33
- $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
34
- $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
35
- $call_setup = true;
36
- }
37
- $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
38
- if(empty($email) || empty($query)){
39
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
40
- return;
41
- }
42
- $query = sanitize_text_field( $query );
43
- $email = sanitize_text_field( $email );
44
- $phone = sanitize_text_field( $phone );
45
- $contact_us = new MocURL();
46
-
47
- if($send_configuration)
48
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
49
- else
50
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
51
-
52
- if($call_setup == false) {
53
- $query = $query.'<br><br>';
54
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
55
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
56
- } else {
57
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
58
- }
59
- } else {
60
-
61
- $local_timezone='Asia/Kolkata';
62
- $call_datetime=$call_date.$call_time;
63
- $convert_datetime = strtotime ( $call_datetime );
64
- $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
65
- $ist_date->setTimezone(new DateTimeZone($local_timezone));
66
-
67
-
68
- $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
69
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
70
-
71
- }
72
- if(json_last_error() == JSON_ERROR_NONE && $submited){
73
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
74
- }else{
75
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
76
- }
77
- }
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
11
+ }
12
+ }
13
+
14
+ $current_user = wp_get_current_user();
15
+ $email = get_option("mo2f_email");
16
+ $phone = get_option("mo_wpns_admin_phone");
17
+
18
+
19
+ if(empty($email))
20
+ $email = $current_user->user_email;
21
+
22
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
23
+
24
+
25
+ /* SUPPORT FORM RELATED FUNCTIONS */
26
+
27
+ //Function to handle support form submit
28
+ function wpns_handle_support_form($email,$query,$phone)
29
+ {
30
+ $call_setup = false;
31
+ if(array_key_exists('2fa_setup_call',$_POST)===true){
32
+ $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
33
+ $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
34
+ $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
35
+ $call_setup = true;
36
+ }
37
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
38
+ if(empty($email) || empty($query)){
39
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
40
+ return;
41
+ }
42
+ $query = sanitize_text_field( $query );
43
+ $email = sanitize_text_field( $email );
44
+ $phone = sanitize_text_field( $phone );
45
+ $contact_us = new MocURL();
46
+
47
+ if($send_configuration)
48
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
49
+ else
50
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
51
+
52
+ if($call_setup == false) {
53
+ $query = $query.'<br><br>';
54
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
55
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
56
+ } else {
57
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
58
+ }
59
+ } else {
60
+
61
+ $local_timezone='Asia/Kolkata';
62
+ $call_datetime=$call_date.$call_time;
63
+ $convert_datetime = strtotime ( $call_datetime );
64
+ $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
65
+ $ist_date->setTimezone(new DateTimeZone($local_timezone));
66
+
67
+
68
+ $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
69
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
70
+
71
+ }
72
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
73
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
74
+ }else{
75
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
76
+ }
77
+ }
controllers/tour-model.php ADDED
@@ -0,0 +1,334 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+ $current_user = wp_get_current_user();
5
+ $email = get_option("mo2f_email");
6
+ $phone = get_option("mo_wpns_admin_phone");
7
+ $display = get_option('mo2f_tour_started') == 2?'block':'none';
8
+ $networkSEnable = MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option');
9
+ if(empty($email))
10
+ $email = $current_user->user_email;
11
+ $counter = 0;
12
+ $enableTour = $networkSEnable == 1 ? '' : 'disabled';
13
+ $tour_body = '<p class="modal-body-para">Hey, Thank you for installing <b style="color: #E85700">miniOrange 2-Factor plugin</b>.</p>
14
+ <p class="modal-body-para">Two-factor will provide extra layer of security to your users account which will help to protect your users accounts from any outside attack.</p>';
15
+ if($networkSEnable != 1)
16
+ {
17
+ $tour_body .= '<div style="margin-left:37.5%;margin-right:37.5%;">';
18
+ }
19
+
20
+ $tour_body .= '<table style="width: 100%; text-align: center; table-layout: fixed; font-size: medium;">
21
+ <div class="mo2f_hiddenradio">
22
+ <tr>
23
+
24
+ <td style="border: 1px solid black;" id="2fa">
25
+ <label>
26
+ <input type="radio" name="mo2f_two_factor" value="2fa" checked style="display:none">
27
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/google-authenticator.png">
28
+ </label>
29
+ </td>';
30
+ if($networkSEnable == 1)
31
+ {
32
+ $tour_body .= '<td style="border: 1px solid black;" id="waf">
33
+ <label >
34
+ <input type="radio" name="mo2f_two_factor" value="waf" style="display:none" '.$enableTour.'>
35
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/mo-waf-logo.png">
36
+ </label>
37
+ </td>
38
+
39
+ <td style="border: 1px solid black;" id="login">
40
+ <label >
41
+ <input type="radio" name="mo2f_two_factor" value="login" style="display:none"'.$enableTour.'>
42
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-protection-logo.png">
43
+ </label>
44
+ </td>
45
+
46
+ <td style="border: 1px solid black;" id="backup">
47
+ <label>
48
+ <input type="radio" name="mo2f_two_factor" value="backup" style="display:none"'.$enableTour.'>
49
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/database-backup-logo.png">
50
+ </label>
51
+ </td>
52
+
53
+ <td style="border: 1px solid black;" id="malware">
54
+ <label >
55
+ <input type="radio" name="mo2f_two_factor" value="malware" style="display:none"'.$enableTour.'>
56
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/malware-scanner-logo.png">
57
+ </label>
58
+ </td>';
59
+ }
60
+ $tour_body .= '</tr>
61
+ <tr>
62
+ <th>
63
+ Two-factor authentication
64
+ </th>';
65
+
66
+ if($networkSEnable == 1)
67
+ {
68
+
69
+ $tour_body .= '<th>
70
+ Web Application Firewall(WAF)
71
+ </th>
72
+
73
+ <th>
74
+ Login Protection
75
+ </th>
76
+
77
+ <th>
78
+ Database Backup
79
+ </th>
80
+
81
+ <th>
82
+ Malware scanner
83
+ </th>';
84
+ }
85
+
86
+ $tour_body .= '</tr>
87
+ </div>
88
+ </table>';
89
+ if($networkSEnable != 1)
90
+ {
91
+ $tour_body .= '</div>';
92
+ }
93
+
94
+ $waf_arr_ecc = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It includes very sensitive data such as user details, credit/debit card or bank details. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping, price scraping are also some scraping techniques which are used to degrade/destroy media files and change the price of products.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business. <div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
95
+
96
+ $waf_arr_busi = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It may include company privileged data, admin users data which will affect on the business. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Price scraping is part of web scraping which is used to change prices of the products which affects a lot on business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
97
+
98
+ $waf_arr_blog = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation. The data may include user details, privileged data, privileged blogs, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping can be done in the blog/news site which alter, degrade or destroy media files.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations. Content modification may mislead to blog/news site subscriber. It can be used to spread fake/malicious imformation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
99
+
100
+ $waf_arr_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business. </div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
101
+
102
+ $waf_body_ecommerce = '<div class="modal-body-div">
103
+ <p class="modal-body-para" style="margin: 0;">Ecommerce sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
104
+ $waf_body_business = '<div class="modal-body-div">
105
+ <p class="modal-body-para" style="margin: 0;">Business sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
106
+ $waf_body_blog = '<div class="modal-body-div">
107
+ <p class="modal-body-para" style="margin: 0;">Blogs/News sites are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
108
+ $waf_body_other = '<div class="modal-body-div">
109
+ <p class="modal-body-para" style="margin: 0;">Other sites such as employment, portfolio, multilingual, etc are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
110
+
111
+ $waf_body = '<div style="width:100%; display:inline-flex; margin-left: 20px;">
112
+ <div style="width:50%;font-size: medium;">1: <b>Data theft and manipulation</b></div>
113
+ <div style="width:50%;font-size: medium;">2: <b>Web Scraping</b></div></div>
114
+ <div style="width:100%; display:inline-flex; margin-left: 20px;">
115
+ <div style="width:50%;font-size: medium;">3: <b>File manipulation</b></div>
116
+ <div style="width:50%;font-size: medium;">4: <b>Content modification</b></div></div>
117
+ </div>';
118
+
119
+ $registration_security_ecommerce = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Ecommerce sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
120
+ $registration_security_business = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Business sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
121
+
122
+ $registration_security_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> The sites such as employment, social networking, etc. need to prevent fake user registrations. The user will spam other users and share private data of others.';
123
+
124
+ $registration_security = '<div style="margin:1em;"><ul>
125
+ <li>
126
+ <p class="modal-body-para" style="margin: 0;">1. Temporary/Fake email ban</p>
127
+ </li>
128
+ <li>
129
+ <p class="modal-body-para" style="margin: 0;">2. OTP Verification during registrations</p>
130
+ </li>
131
+ <li>
132
+ <p class="modal-body-para" style="margin: 0;">3. Social login</p>
133
+ </li>
134
+ </ul>
135
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-13" onclick="open_hide(this);">+</a></div></div>';
136
+
137
+ $login_security_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites should have strong login security to prevent unauthorised access.</p></div>';
138
+ $login_security_business = '<div class="modal-body-div"><p class="modal-body-para">Business sites should have strong login security to prevent unauthorised access.</p></div>';
139
+ $login_security_blog = '<div class="modal-body-div"><p class="modal-body-para">Blogs/News sites should have strong login security to prevent unauthorised access.</p></div>';
140
+ $login_security_other = '<div class="modal-body-div"><p class="modal-body-para">Other sites such as employment, portfolio, etc. should have strong login security to prevent unauthorised access.</p></div>';
141
+
142
+ $login_security_body = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-10" style="width: 98%; overflow:; height: ;line-height: 1.5;"><b><u>Limit Login:</u></b> Password guessing/Brute force attack can be controlled/prevented by limiting the login attempts. Paasword guessing can be protected by:
143
+ <div style="margin:1em;">
144
+ <ul>
145
+ <li>
146
+ <p class="modal-body-para">1. Limit Login attempts: 10 (<b>Recommended</b>)</p>
147
+ </li>
148
+ <li>
149
+ <p class="modal-body-para">2. Enforce Strong passwords</p>
150
+ </li>
151
+ </ul>
152
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-10" onclick="open_hide(this);">-</a></div></div>
153
+
154
+ <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-11" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>2-Factor:</u></b> 2-factor authentication is important to prevent unauthorised login. 2-factor authentication can be enabled on top of login credentials at the time of login. Google authenticator, Authy authenticator, Lastpass authenticator applications can be used to configure 2FA. miniOrange supports 15+ 2FA methods, it includes OTP over SMS, Email, Security Questions, QR code authentication, push notification, Hardware Token, etc. 2FA can enabled to:
155
+ <div style="margin:1em;">
156
+ <ul>
157
+ <li>
158
+ <p class="modal-body-para">1. Enable 2FA for employees (<b>Recommended</b>)</p>
159
+ </li>
160
+ <li>
161
+ <p class="modal-body-para">2. Enable 2FA for users</p>
162
+ </li>
163
+ <li>
164
+ <p class="modal-body-para">3. Backup methods in case of emergency login</p>
165
+ </li>
166
+ </ul>
167
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-11" onclick="open_hide(this);">+</a></div></div>
168
+ <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-12" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Remember device:</u></b> Remember device allows user to login from trusted devices. It keeps safe from unauthorised users who tries to gain access. It improves your login security by allowing you to login from limited and trusted deivces.
169
+ <div style="margin:1em;">
170
+ <ul>
171
+ <li>
172
+ <p class="modal-body-para">1. Allows multiple trusted devices</p>
173
+ </li>
174
+ <li>
175
+ <p class="modal-body-para">2. Limit no. of trusted devices</p>
176
+ </li>
177
+ <li>
178
+ <p class="modal-body-para">3. Block IP\'s of unauthorised users</p>
179
+ </li>
180
+ </ul>
181
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-12" onclick="open_hide(this);">+</a></div></div>';
182
+
183
+
184
+ $media_body = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites are often attacked to degrade and destroy media files such as images of product, audios and videos about products. You need to secure your media data. Media protection is important because the users of ecommerce site buy product by viewing the media of products. The broad word media scraping can be used for these types attacks.</p>
185
+ <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
186
+ <div class="modal-body-div">The Media protection prevents media files listed below:</div>
187
+ </div>
188
+ <div style="margin:1em;">
189
+ <ul>
190
+ <li>
191
+ <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
192
+ </li>
193
+ <li>
194
+ <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
195
+ </li>
196
+ </ul>
197
+ </div>';
198
+
199
+ $media_body_1 = '<div class="modal-body-div"><p class="modal-body-para">Some sites such as Photo Gallery or other site which contains media files are often attacked to degrade and destroy media files. You need to secure your media data. Media protection is important because the these sites are totally based on media files.</p>
200
+ <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
201
+ <div class="modal-body-div">The Media protection prevents media files listed below:</div>
202
+ </div>
203
+ <div style="margin:1em;">
204
+ <ul>
205
+ <li>
206
+ <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
207
+ </li>
208
+ <li>
209
+ <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
210
+ </li>
211
+ </ul>
212
+ </div>';
213
+
214
+ $backup_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any e-commerce site. The ecommerce sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
215
+ $backup_business = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Business site. The business sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
216
+ $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Blog/News site. These sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
217
+ $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any site such as social networking, employment, etc. There are several attacks happens on these sites to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
218
+
219
+
220
+ $backup_body = '<div class="modal-body-div">
221
+ <ul>
222
+ <li>
223
+ <p class="modal-body-para"><b>1. <u>Scheduled backup:</u></b> Scheduled backup used to create automatic backup after scheduled time. It allows you to relax because you know that all of your information is being backed up, and you are limiting what you may lose. Using this feature you can set a time interval to create a continuous backup. ';
224
+ $backup_body_1 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">Set scheduled backup time 1/2 hr for ecommerce site.</span></div>';
225
+ $backup_body_2 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 12 hrs time interval.</span></div>';
226
+ $backup_body_3 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 4-5 hrs time interval.</span></div>';
227
+ $backup_body_4 = '</p>
228
+ </li>
229
+ <li>
230
+ <p class="modal-body-para"><b>2. <u>Manual backup:</u></b> Manual backup can be taken manually whenever user wants. It is important when you made any crucial changes and don\'t want to loose data then you can immediately take a backup and keep it securely.</p>
231
+ </li>
232
+ <li>
233
+ <p class="modal-body-para"><b>3. <u>Password protected encrypted backup:</u></b> Password protected encrypted backup is very secure way to take a backup. If anyone gets it still no one can decode it because of its highly secure nature.</p>
234
+ </li>
235
+ <li>
236
+ <p class="modal-body-para"><b>4. <u>Easy restoring and recovering:</u></b> Simple one-click restore using installer files created for your website. During backup, we create an installer.php file. At the time of restore and recovery, you just need to upload the zip file of backup and installer.php and run the installer file and follow instructions to set up your website.</p>
237
+ </li>
238
+ </ul>
239
+ </div>';
240
+
241
+ $comment_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce websites are attacked to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
242
+ $comment_business = '<div class="modal-body-div"><p class="modal-body-para">Business websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
243
+ $comment_blog = '<div class="modal-body-div"><p class="modal-body-para">Blog/News websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
244
+ $comment_other = '<div class="modal-body-div"><p class="modal-body-para">Other websites such as employment, multilingual, etc. are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
245
+
246
+ $comment_spam = '<div style="margin:1em;">
247
+ <ul>
248
+ <li>
249
+ <p class="modal-body-para"><b>1. <u>Comment protection:</u></b> Spam comments generated by automated scripts can be prevented using captcha. Honeypot is another widely used technique to catch bots and block them.</p>
250
+ </li>
251
+ <li>
252
+ <p class="modal-body-para"><b>2. <u>Post protection:</u></b> Automated scripts or botnets can prevented by using captcha. There are three forms of captcha availble text, math and google recaptcha. Honeypot is also another way to detect spam posts. Malware scanner can also used to scan the malware in the posts.</p>
253
+ </li>
254
+ </ul>
255
+ </div>';
256
+
257
+
258
+ $scanner = '<div class="modal-body-div"><p class="modal-body-para">Malware scanner detects the malicious code in the files. Compares the wordpress, plugins and theme files with Wordpress repo files. Detects changes present in any wordpress, theme and plugin files. It also checks outdated/vulnerable plugins, themes. It is also useful to detect malware in posts and comments.</p></div>
259
+ <div style="margin:1em;">
260
+ <ul>
261
+ <li>
262
+ <p class="modal-body-para"><b>1. <u>Malware scan:</u></b> Malware scan scans the wordpress core files, plugins and theme files to check malware. It detects the trojans, backdoors, viruses, worms, etc. in the files. </p>
263
+ </li>
264
+ <li>
265
+ <p class="modal-body-para"><b>2. <u>Wordpress version and file compare:</u></b> Checks WordPress, plugins and themes version with Wordpress.org repository and compare WordPress core, plugins and themes files with the repository to detect any file changes. Detect any changes in the files present in the WordPress plugins and themes folder.</p>
266
+ </li>
267
+ <li>
268
+ <p class="modal-body-para"><b>3. <u>Check vulnerable plugins and themes:</u></b> Checks vulnerable plugins and themes which contains malicious code. You can remove it to enhance your site security.</p>
269
+ </li>
270
+ </ul>
271
+ </div>';
272
+
273
+ $support_modal = '<div>
274
+
275
+ <div style="width: unset; float: unset; margin: 10px 20%;" class="mo_wpns_support_layout_model">
276
+
277
+ <img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/support3.png">
278
+ <h1>Support</h1>
279
+ <p>Need any help? We are available any time, Just send us a query so we can help you.</p>
280
+ <form name="f" method="post" action="">
281
+ <input type="hidden" name="option" value="mo_wpns_send_query"/>
282
+ <table class="mo_wpns_settings_table">
283
+ <tr><td>
284
+ <input type="email" class="mo_wpns_table_textbox" id="query_email" name="query_email" value="'.$email.'" placeholder="Enter your email" required />
285
+ </td>
286
+ </tr>
287
+ <tr><td>
288
+ <input type="text" class="mo_wpns_table_textbox" name="query_phone" id="query_phone" value="'.$phone.'" placeholder="Enter your phone"/>
289
+ </td>
290
+ </tr>
291
+ <tr>
292
+ <td>
293
+ <textarea id="query" name="query" class="mo_wpns_settings_textarea" style="resize: vertical;width:100%" cols="52" rows="7" onkeyup="mo_wpns_valid(this)" onblur="mo_wpns_valid(this)" onkeypress="mo_wpns_valid(this)" placeholder="Write your query here"></textarea>
294
+ </td>
295
+ </tr>
296
+ </table>
297
+ <input type="submit" name="send_query" id="send_query" value="Submit Query" class="mo_wpns_button mo_wpns_button1" />
298
+ </form>
299
+ <br />
300
+ </div>
301
+ </div>
302
+ <script>
303
+ function moSharingSizeValidate(e){
304
+ var t=parseInt(e.value.trim());t>60?e.value=60:10>t&&(e.value=10)
305
+ }
306
+ function moSharingSpaceValidate(e){
307
+ var t=parseInt(e.value.trim());t>50?e.value=50:0>t&&(e.value=0)
308
+ }
309
+ function moLoginSizeValidate(e){
310
+ var t=parseInt(e.value.trim());t>60?e.value=60:20>t&&(e.value=20)
311
+ }
312
+ function moLoginSpaceValidate(e){
313
+ var t=parseInt(e.value.trim());t>60?e.value=60:0>t&&(e.value=0)
314
+ }
315
+ function moLoginWidthValidate(e){
316
+ var t=parseInt(e.value.trim());t>1000?e.value=1000:140>t&&(e.value=140)
317
+ }
318
+ function moLoginHeightValidate(e){
319
+ var t=parseInt(e.value.trim());t>50?e.value=50:35>t&&(e.value=35)
320
+ }
321
+ </script>';
322
+
323
+
324
+ $ecommerce_site = array(array('Web Application Firewall(WAF)', $waf_body_ecommerce.$waf_body.$waf_arr_ecc), array('Login Security', $login_security_ecommerce.$login_security_body.$registration_security_ecommerce.$registration_security), array('Media Protection', $media_body), array('Encrypted Backup', $backup_ecommerce.$backup_body.$backup_body_1.$backup_body_4), array('Comment and Spam Protection', $comment_ecommerce.$comment_spam), array('Malware Scanner', $scanner), array('Support', $support_modal));
325
+
326
+ $business_site = array(array('Web Application Firewall(WAF)', $waf_body_business.$waf_body.$waf_arr_busi), array('Encrypted Backup', $backup_business.$backup_body.$backup_body_2.$backup_body_4), array('Comment and Spam Protection', $comment_business.$comment_spam), array('Login Security', $login_security_business.$login_security_body.$registration_security_business.$registration_security), array('Malware Scanner', $scanner), array('Support', $support_modal));
327
+
328
+ $blog_site = array(array('Web Application Firewall(WAF)', $waf_body_blog.$waf_body.$waf_arr_blog), array('Comment and Spam Protection', $comment_blog.$comment_spam), array('Login Security', $login_security_blog.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_3.$backup_body_4), array('Malware Scanner', $scanner), array('Support', $support_modal));
329
+
330
+ $other_site = array(array('Web Application Firewall(WAF)', $waf_body_other.$waf_body.$waf_arr_other), array('Comment and Spam Protection', $comment_other.$comment_spam), array('Login Security', $login_security_other.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_4), array('Media Protection', $media_body_1), array('Malware Scanner', $scanner), array('Support', $support_modal));
331
+
332
+ $main_pointer = array('Main' => array('Let\'s get Started', $tour_body), 'Ecommerce' => $ecommerce_site, 'Business' => $business_site, 'Blogs/News' => $blog_site, 'Other' => $other_site);
333
+
334
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'tour-model.php';
controllers/tour/tour_ajax.php ADDED
@@ -0,0 +1,146 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ class Mo_wpns_Tour
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
+
7
+ }
8
+
9
+ public function mo_wpns_save_tour_details(){
10
+ if(isset($_REQUEST['page']))
11
+ {
12
+ switch ($_REQUEST['page']) {
13
+ case 'mo_2fa_two_fa':
14
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
+ update_option('mo2f_two_factor_tour',1);
16
+
17
+ break;
18
+ case 'mo_2fa_waf':
19
+ if(!get_option('mo2f_tour_firewall'))
20
+ update_option('mo2f_tour_firewall',1);
21
+ break;
22
+ case 'mo_2fa_login_and_spam':
23
+ if(!get_option('mo2f_tour_loginSpam'))
24
+ update_option('mo2f_tour_loginSpam',1);
25
+ break;
26
+
27
+ case 'mo_2fa_backup':
28
+ if(!get_option('mo2f_tour_backup'))
29
+ update_option('mo2f_tour_backup',1);
30
+
31
+ break;
32
+ case 'mo_2fa_malwarescan':
33
+ if(!get_option('mo2f_tour_malware_scan'))
34
+ update_option('mo2f_tour_malware_scan',1);
35
+
36
+ break;
37
+ case 'mo_2fa_advancedblocking':
38
+ if(!get_option('mo2f_tour_advance_blocking'))
39
+ update_option('mo2f_tour_advance_blocking',1);
40
+ break;
41
+
42
+ default:
43
+ break;
44
+ }
45
+ }
46
+ add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
+
48
+ }
49
+
50
+ public function mo_wpns_tour(){
51
+ switch($_POST['call_type'])
52
+ {
53
+ case "wpns_enable_tour":
54
+ update_option('skip_tour', 0);
55
+ break;
56
+ case "skip_entire_plugin_tour":
57
+ $this->handle_skip_entire_plugin();
58
+ break;
59
+ case 'entire_plugin_tour_started':
60
+ $this->entire_plugin_tour_started();
61
+ break;
62
+ case "mo2f_close_tour_details":
63
+ $this->mo2f_close_tour_details();
64
+ break;
65
+ case "mo2f_visit_page_tour_details":
66
+ $this->mo2f_visit_page_tour_details();
67
+ break;
68
+ case "mo2f_last_visit_tab":
69
+ $this->mo2f_last_visit_tab();
70
+ break;
71
+ }
72
+ }
73
+
74
+
75
+ function mo2f_last_visit_tab()
76
+ {
77
+ $lasttab = sanitize_text_field($_POST['tab']);
78
+ update_option('mo2f_tour_tab',$lasttab);
79
+ }
80
+ function mo2f_visit_page_tour_details()
81
+ {
82
+ $currentPointer = '';
83
+ if(isset($_POST['index']))
84
+ $currentPointer = sanitize_text_field($_POST['index']);
85
+
86
+ if(strpos($currentPointer, 'support') != false)
87
+ {
88
+ exit;
89
+ }
90
+ $uid = get_current_user_id();
91
+ $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
+ $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
+ update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
+ }
95
+ function entire_plugin_tour_started()
96
+ {
97
+ update_option('mo2f_tour_started',3);
98
+ exit;
99
+ }
100
+
101
+ function handle_skip_entire_plugin(){
102
+ update_option('mo2f_two_factor_tour',-1);
103
+ update_option('mo2f_tour_firewall',-1);
104
+ update_option('mo2f_tour_malware_scan',-1);
105
+ update_option('mo2f_tour_advance_blocking',-1);
106
+ update_option('mo2f_tour_backup',-1);
107
+ update_option('mo2f_tour_loginSpam',-1);
108
+ update_option('mo2f_tour_started',3);
109
+ exit;
110
+ }
111
+
112
+
113
+ function mo2f_close_tour_details()
114
+ {
115
+ $uid = get_current_user_id();
116
+ delete_user_meta($uid,'mo2f_visited_pointers');
117
+ $page = $_POST['page'];
118
+ $page = sanitize_text_field($page[0]);
119
+ update_option('mo2f_tour_tab','');
120
+ update_option("yeah",1);
121
+ switch ($page) {
122
+ case 'toplevel_page_mo_2fa_two_fa':
123
+ update_option('mo2f_two_factor_tour',-1);
124
+ break;
125
+ case 'miniorange-2-factor_page_mo_2fa_waf':
126
+ update_option('mo2f_tour_firewall',-1);
127
+ break;
128
+ case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
+ update_option('mo2f_tour_malware_scan',-1);
130
+ break;
131
+ case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
+ update_option('mo2f_tour_advance_blocking',-1);
133
+ break;
134
+ case 'miniorange-2-factor_page_mo_2fa_backup':
135
+ update_option('mo2f_tour_backup',-1);
136
+ break;
137
+ case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
+ update_option('mo2f_tour_loginSpam',-1);
139
+ break;
140
+ }
141
+
142
+ }
143
+
144
+ }
145
+ new Mo_wpns_Tour();
146
+ ?>
controllers/troubleshooting.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
controllers/twofa/two_fa.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
-
3
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa.php';
4
  update_site_option('mo2f_two_factor',true);
1
+ <?php
2
+
3
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa.php';
4
  update_site_option('mo2f_two_factor',true);
controllers/twofa/two_fa_addon.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
- global $Mo2fdbQueries;
3
- $current_user = wp_get_current_user();
4
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
1
+ <?php
2
+ global $Mo2fdbQueries;
3
+ $current_user = wp_get_current_user();
4
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
controllers/twofa/two_fa_custom_form.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
- $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
- $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
- $is_custom = get_site_option('mo2f_custom_reg_custom');
7
- $is_registered = get_site_option('mo2f_customerkey');
8
-
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
1
+ <?php
2
+
3
+ $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
+ $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
+ $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
+ $is_custom = get_site_option('mo2f_custom_reg_custom');
7
+ $is_registered = get_site_option('mo2f_customerkey');
8
+
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
controllers/twofa/two_fa_login_option.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
controllers/twofa/two_fa_premium_feature.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_premium_feature.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_premium_feature.php';
controllers/twofa/two_fa_session_control.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_session_control.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_session_control.php';
controllers/twofa/two_fa_video_guide.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
-
4
 
1
+ <?php
2
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
+
4
 
controllers/upgrade.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
3
- MoWpnsUtility::checkSecurity();
4
  update_site_option("mo_2fa_pnp",time());
1
+ <?php
2
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
3
+ MoWpnsUtility::checkSecurity();
4
  update_site_option("mo_2fa_pnp",time());
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -1,1398 +1,1398 @@
1
- <?php
2
- class wpns_ajax
3
- {
4
- function __construct(){
5
- //add comment here
6
- add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
- add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
- }
9
-
10
- function mo_login_security_ajax(){
11
-
12
- add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
- add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
- add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
- }
16
-
17
- function mo2f_ajax(){
18
- $GLOBALS['mo2f_is_ajax_request'] = true;
19
- switch ($_POST['mo2f_ajax_option']) {
20
- case "mo2f_ajax_kba":
21
- $this->mo2f_ajax_kba();break;
22
- case "mo2f_ajax_login":
23
- $this->mo2f_ajax_login(); break;
24
- case "mo2f_ajax_otp":
25
- $this->mo2f_ajax_otp(); break;
26
- }
27
- }
28
- function mo2fa_elementor_ajax_fun()
29
- {
30
-
31
- if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
- $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
- wp_send_json('ERROR');
35
- }
36
- if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
- {
38
- $info = array();
39
- $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
- $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
- $info['remember'] = false;
42
- $user_signon = wp_signon($info, false);
43
- if (is_wp_error($user_signon)) {
44
- wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
- }
46
- }
47
- }
48
- }
49
- function wpns_login_security(){
50
- switch($_POST['wpns_loginsecurity_ajax'])
51
- {
52
- case "wpns_bruteforce_form":
53
- $this->wpns_handle_bf_configuration_form(); break;
54
- case "wpns_save_captcha":
55
- $this->wpns_captcha_settings();break;
56
- case "save_strong_password":
57
- $this->wpns_strong_password_settings();break;
58
- case 'wpns_ManualIPBlock_form':
59
- $this->wpns_handle_IP_blocking();break;
60
- case 'wpns_WhitelistIP_form':
61
- $this->wpns_whitelist_ip(); break;
62
- case 'wpns_waf_settings_form':
63
- $this->wpns_waf_settings_form(); break;
64
- case 'wpns_waf_rate_limiting_form':
65
- $this->wpns_waf_rate_limiting_form(); break;
66
- case 'wpns_waf_realtime_ip_block_free':
67
- $this->wpns_waf_realtime_ip_block_free();break;
68
- case 'wpns_ip_lookup':
69
- $this->wpns_ip_lookup(); break;
70
- case 'wpns_all_plans':
71
- $this->wpns_all_plans(); break;
72
- case 'wpns_logout_form':
73
- $this->wpns_logout_form(); break;
74
- case 'wpns_check_transaction':
75
- $this->wpns_check_transaction(); break;
76
- case 'waf_settings_mail_form_notify':
77
- $this->waf_settings_mail_form_notify(); break;
78
- case 'waf_settings_IP_mail_form':
79
- $this->waf_settings_IP_mail_form();break;
80
- case 'update_plan':
81
- $this->update_plan(); break;
82
- }
83
- }
84
-
85
- function update_plan(){
86
- $mo2f_all_plannames = $_POST['planname'];
87
- $mo_2fa_plan_type = $_POST['planType'];
88
- update_option('mo2f_planname', $mo2f_all_plannames);
89
- if ($mo2f_all_plannames == 'addon_plan')
90
- {
91
- update_option('mo2f_planname', 'addon_plan');
92
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
- }
94
- elseif ($mo2f_all_plannames == '2fa_plan')
95
- {
96
- update_option('mo2f_planname', '2fa_plan');
97
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
- }
99
- }
100
-
101
-
102
- function mo2f_ajax_otp(){
103
- $obj = new Miniorange_Password_2Factor_Login();
104
- $obj->check_miniorange_soft_token($_POST);
105
- }
106
- function mo2f_ajax_kba(){
107
- $obj = new Miniorange_Password_2Factor_Login();
108
- $obj->check_kba_validation($_POST);
109
- }
110
-
111
- function wpns_check_transaction()
112
- {
113
- $customerT = new Customer_Cloud_Setup();
114
-
115
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
116
- if($content['status'] == 'SUCCESS')
117
- {
118
- update_site_option('mo2f_license_type','PREMIUM');
119
- }
120
- else
121
- {
122
- update_site_option('mo2f_license_type','DEMO');
123
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
- }
125
- if(isset($content['smsRemaining']))
126
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
- else if($content['status'] =='SUCCESS')
128
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
-
130
-
131
- if(isset($content['emailRemaining']))
132
- {
133
- $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
- if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
- {
136
- $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
- if($available_transaction>30)
138
- $currentTransaction = $currentTransaction-$available_transaction;
139
-
140
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
- }
143
-
144
- }
145
-
146
- }
147
-
148
- function mo2f_ajax_login()
149
- {
150
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
- {
152
- wp_send_json("ERROR");
153
- exit;
154
- }
155
- else
156
- {
157
- $username = sanitize_text_field($_POST['username']);
158
- $password = sanitize_text_field($_POST['password'] );
159
- apply_filters( 'authenticate', null, $username, $password );
160
- }
161
- }
162
- function wpns_logout_form()
163
- {
164
- global $moWpnsUtility;
165
- if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
- delete_option('mo2f_email');
167
- }
168
- delete_option('mo2f_customerKey');
169
- delete_option('mo2f_api_key');
170
- delete_option('mo2f_customer_token');
171
- delete_option('mo_wpns_transactionId');
172
- delete_site_option('EmailTransactionCurrent');
173
- delete_option('mo_wpns_registration_status');
174
- delete_option( 'mo_2factor_admin_registration_status' );
175
-
176
- $two_fa_settings = new Miniorange_Authentication();
177
- $two_fa_settings->mo_auth_deactivate();
178
-
179
- }
180
- // It is the new line added for the database updation
181
- function waf_settings_mail_form_notify()
182
- {
183
- $nonce = sanitize_text_field($_POST['nonce']);
184
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
- wp_send_json('ERROR');
186
- return;
187
- }
188
- if(isset($_POST['S_mail']))
189
- {
190
- $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
- update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
- wp_send_json('true');
193
- }
194
- else{
195
- wp_send_json('false');
196
-
197
- }
198
- }
199
- function waf_settings_IP_mail_form()
200
- {
201
- $nonce = sanitize_text_field($_POST['nonce']);
202
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
- wp_send_json('ERROR');
204
- return;
205
- }
206
- $mo2f_mail_noyifying_IP = sanitize_text_field($_POST['Smail']);
207
- update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
- if($mo2f_mail_noyifying_IP == "on"){
209
- wp_send_json('true');
210
- }
211
- else if($mo2f_mail_noyifying_IP == ""){
212
- wp_send_json('false');
213
- }
214
- }
215
- function wpns_all_plans()
216
- {
217
- $mo2f_all_plannames = $_POST['planname'];
218
- $mo_2fa_plan_type = $_POST['planType'];
219
- update_option('mo2f_planname', $mo2f_all_plannames);
220
- if ($mo2f_all_plannames == 'addon_plan')
221
- {
222
- update_option('mo2f_planname', 'addon_plan');
223
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
- }
225
- elseif ($mo2f_all_plannames == '2fa_plan')
226
- {
227
- update_option('mo2f_planname', '2fa_plan');
228
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
- }
230
- }
231
- function wpns_handle_bf_configuration_form(){
232
-
233
- $nonce = $_POST['nonce'];
234
- if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
- wp_send_json('ERROR');
236
- return;
237
- }
238
- $brute_force = $_POST['bf_enabled/disabled'];
239
- if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
- $login_attempts = $_POST['allwed_login_attempts'];
241
- $blocking_type = $_POST['time_of_blocking_type'];
242
- $blocking_value = isset($_POST['time_of_blocking_val']) ? $_POST['time_of_blocking_val'] : false;
243
- $show_login_attempts= $_POST['show_remaining_attempts'];
244
- if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
- if($brute_force == 'on' && $login_attempts == "" ){
246
- wp_send_json('empty');
247
- return;
248
- }
249
- update_option( 'mo2f_enable_brute_force' , $brute_force );
250
- update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
- update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
- update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
- update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
- if($brute_force == "on"){
255
- update_site_option('bruteforce_notification_option',1);
256
- wp_send_json('true');
257
- }
258
- else if($brute_force == ""){
259
- wp_send_json('false');
260
- }
261
-
262
- }
263
- function wpns_handle_IP_blocking()
264
- {
265
-
266
- global $mo2f_dirName;
267
- if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
268
- {
269
- echo "NonceDidNotMatch";
270
- exit;
271
- }
272
- else
273
- {
274
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
275
- }
276
- }
277
- function wpns_whitelist_ip()
278
- {
279
- global $mo2f_dirName;
280
- if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
281
- {
282
- echo "NonceDidNotMatch";
283
- exit;
284
- }
285
- else
286
- {
287
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
288
- }
289
- }
290
-
291
- function wpns_ip_lookup()
292
- {
293
-
294
- if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
295
- {
296
- echo "NonceDidNotMatch";
297
- exit;
298
- }
299
- else
300
- {
301
- $ip = $_POST['IP'];
302
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
303
- {
304
- echo("INVALID_IP_FORMAT");
305
- exit;
306
- }
307
- else if(! filter_var($ip, FILTER_VALIDATE_IP)){
308
- echo("INVALID_IP");
309
- exit;
310
- }
311
- $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
312
- $hostname = gethostbyaddr($result["geoplugin_request"]);
313
- try{
314
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
315
- $timeoffset = $timeoffset/3600;
316
-
317
- }catch(Exception $e){
318
- $result["geoplugin_timezone"]="";
319
- $timeoffset="";
320
- }
321
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
322
- if($result['geoplugin_request']==$ip) {
323
-
324
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
325
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
326
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
327
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
328
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
329
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
330
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
331
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
332
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
333
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
334
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
335
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
336
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
337
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
338
-
339
- $result['ipDetails'] = $ipLookUpTemplate;
340
- }else{
341
- $result["ipDetails"]["status"]="ERROR";
342
- }
343
- wp_send_json( $result );
344
- }
345
- }
346
- function wpns_waf_settings_form()
347
- {
348
- $dir_name = dirname(__FILE__);
349
- $dir_name1 = explode('wp-content', $dir_name);
350
- $dir_name = $dir_name1[0];
351
- $filepath = str_replace('\\', '/', $dir_name1[0]);
352
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
353
-
354
- if(!file_exists($fileName))
355
- {
356
- $file = fopen($fileName, "a+");
357
- $string = "<?php".PHP_EOL;
358
- $string .= '$SQL=1;'.PHP_EOL;
359
- $string .= '$XSS=1;'.PHP_EOL;
360
- $string .= '$RCE=0;'.PHP_EOL;
361
- $string .= '$LFI=0;'.PHP_EOL;
362
- $string .= '$RFI=0;'.PHP_EOL;
363
- $string .= '$RateLimiting=1;'.PHP_EOL;
364
- $string .= '$RequestsPMin=120;'.PHP_EOL;
365
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
366
- $string .= '?>'.PHP_EOL;
367
-
368
- fwrite($file, $string);
369
- fclose($file);
370
- }
371
- else
372
- {
373
- if(!is_writable($fileName) or !is_readable($fileName))
374
- {
375
- echo "FilePermissionDenied";
376
- exit;
377
- }
378
- }
379
-
380
- if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
381
- {
382
- var_dump("NonceDidNotMatch");
383
- exit;
384
- }
385
- else
386
- {
387
- switch ($_POST['optionValue']) {
388
- case "SQL":
389
- $this->savesql(); break;
390
- case "XSS":
391
- $this->savexss(); break;
392
- case "RCE":
393
- $this->saverce(); break;
394
- case "RFI":
395
- $this->saverfi(); break;
396
- case "LFI":
397
- $this->savelfi(); break;
398
- case "WAF":
399
- $this->saveWAF(); break;
400
- case "HWAF":
401
- $this->saveHWAF(); break;
402
- case "backupHtaccess":
403
- $this->backupHtaccess(); break;
404
- case "limitAttack":
405
- $this->limitAttack(); break;
406
- default:
407
- break;
408
- }
409
-
410
- }
411
-
412
- }
413
- function wpns_waf_realtime_ip_block_free()
414
- {
415
- $nonce = sanitize_text_field($_POST['nonce']);
416
- if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
417
- {
418
- echo "NonceDidNotMatch";
419
- exit;
420
- }
421
- else
422
- {
423
- $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
424
-
425
- if($mo2f_realtime_ip_block_free == 'on')
426
- {
427
- update_site_option('mo2f_realtime_ip_block_free',1);
428
- if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
429
- wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
430
- }
431
- wp_send_json('realtime_block_free_enable');
432
- }
433
- else
434
- {
435
- update_site_option('mo2f_realtime_ip_block_free',0);
436
- $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
437
- wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
438
- wp_send_json('realtime_block_free_disable');
439
- }
440
-
441
-
442
- }
443
-
444
- }
445
- function wpns_waf_rate_limiting_form()
446
- {
447
- if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
448
- {
449
- echo "NonceDidNotMatch";
450
- exit;
451
- }
452
- else
453
- {
454
- if(get_site_option('WAFEnabled') != 1)
455
- {
456
- echo "WAFNotEnabled";
457
- exit;
458
- }
459
-
460
- if($_POST['Requests']!='')
461
- {
462
- if(is_numeric($_POST['Requests']))
463
- {
464
- $dir_name = dirname(__FILE__);
465
- $dir_name1 = explode('wp-content', $dir_name);
466
- $dir_name = $dir_name1[0];
467
- $filepath = str_replace('\\', '/', $dir_name1[0]);
468
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
469
-
470
- $file = file_get_contents($fileName);
471
- $data = $file;
472
-
473
- $req = sanitize_text_field($_POST['Requests']);
474
- if($req >1)
475
- {
476
- update_option('Rate_request',$req);
477
- if(isset($_POST['rateCheck']))
478
- {
479
- if($_POST['rateCheck'] == 'on')
480
- {
481
- update_option('Rate_limiting','1');
482
- echo "RateEnabled";
483
- if(strpos($file, 'RateLimiting')!=false)
484
- {
485
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
486
- $data = $file;
487
- file_put_contents($fileName,$file);
488
-
489
- }
490
- else
491
- {
492
- $content = explode('?>', $file);
493
- $file = $content[0];
494
- $file .= PHP_EOL;
495
- $file .= '$RateLimiting=1;'.PHP_EOL;
496
- $file .='?>';
497
- file_put_contents($fileName,$file);
498
- $data = $file;
499
- }
500
-
501
-
502
- }
503
- }
504
- else
505
- {
506
- update_option('Rate_limiting','0');
507
- echo "Ratedisabled";
508
- if(strpos($file, 'RateLimiting')!=false)
509
- {
510
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
511
- $data = $file;
512
- file_put_contents($fileName,$file);
513
- }
514
- else
515
- {
516
- $content = explode('?>', $file);
517
- $file = $content[0];
518
- $file .= PHP_EOL;
519
- $file .= '$RateLimiting=0;'.PHP_EOL;
520
- $file .='?>';
521
- file_put_contents($fileName,$file);
522
- $data = $file;
523
- }
524
-
525
- }
526
-
527
-
528
- $file = $data;
529
- if(strpos($file, 'RequestsPMin')!=false)
530
- {
531
- $content = explode(PHP_EOL, $file);
532
- $con = '';
533
- $len = sizeof($content);
534
-
535
- for($i=0;$i<$len;$i++)
536
- {
537
- if(strpos($content[$i], 'RequestsPMin')!=false)
538
- {
539
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
540
- }
541
- else
542
- {
543
- $con .= $content[$i].PHP_EOL;
544
- }
545
- }
546
-
547
- file_put_contents($fileName,$con);
548
- $data = $con;
549
-
550
- }
551
-
552
- else
553
- {
554
- $content = explode('?>', $file);
555
- $file = $content[0];
556
- $file .= PHP_EOL;
557
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
558
- $file .='?>';
559
- file_put_contents($fileName,$file);
560
- $data = $file;
561
- }
562
-
563
- if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
564
- {
565
- update_option('actionRateL',1);
566
-
567
- $file = $data;
568
- if(strpos($file, 'actionRateL')!=false)
569
- {
570
- $content = explode(PHP_EOL, $file);
571
- $con = '';
572
- foreach ($content as $line => $lineV) {
573
- if(strpos($lineV, 'actionRateL')!=false)
574
- {
575
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
576
- }
577
- else
578
- {
579
- $con .= $lineV.PHP_EOL;
580
- }
581
- }
582
- file_put_contents($fileName,$con);
583
- }
584
- else
585
- {
586
- $content = explode('?>', $file);
587
- $file = $content[0];
588
- $file .= PHP_EOL;
589
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
590
- $file .='?>';
591
- file_put_contents($fileName,$file);
592
- $file = $data;
593
- }
594
- }
595
- else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
596
- {
597
-
598
- $file = $data;
599
- update_option('actionRateL',0);
600
- if(strpos($file, 'actionRateL')!=false)
601
- {
602
- $content = explode(PHP_EOL, $file);
603
- $con = '';
604
- foreach ($content as $line => $lineV) {
605
- if(strpos($lineV, 'actionRateL')!=false)
606
- {
607
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
608
- }
609
- else
610
- {
611
- $con .= $lineV.PHP_EOL;
612
- }
613
- }
614
- file_put_contents($fileName,$con);
615
- }
616
- else
617
- {
618
- $content = explode('?>', $file);
619
- $file = $content[0];
620
- $file .= PHP_EOL;
621
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
622
- $file .='?>';
623
- file_put_contents($fileName,$file);
624
- }
625
- }
626
-
627
- }
628
- exit;
629
- }
630
-
631
-
632
-
633
- }
634
- echo("Error");
635
- exit;
636
- }
637
-
638
-
639
- }
640
-
641
- private function saveWAF()
642
- {
643
- if(isset($_POST['pluginWAF']))
644
- {
645
- if($_POST['pluginWAF']=='on')
646
- {
647
- update_option('WAF','PluginLevel');
648
- update_option('WAFEnabled','1');
649
- echo("PWAFenabled");exit;
650
- }
651
- }
652
- else
653
- {
654
- update_option('WAFEnabled','0');
655
- update_option('WAF','wafDisable');
656
- echo("PWAFdisabled");exit;
657
- }
658
- }
659
- private function saveHWAF()
660
- {
661
- if(!function_exists('mysqli_connect'))
662
- {
663
- echo "mysqliDoesNotExit";
664
- exit;
665
- }
666
- if(isset($_POST['htaccessWAF']))
667
- {
668
- if($_POST['htaccessWAF']=='on')
669
- {
670
- update_option('WAF','HtaccessLevel');
671
- update_option('WAFEnabled','1');
672
- $dir_name = dirname(__FILE__);
673
- $dirN = $dir_name;
674
- $dirN = str_replace('\\', '/', $dirN);
675
- $dirN = str_replace('controllers', 'handler', $dirN);
676
-
677
- $dir_name1 = explode('wp-content', $dir_name);
678
- $dir_name = $dir_name1[0];
679
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
680
- $dir_name .='.htaccess';
681
- $file = file_get_contents($dir_name);
682
- if(strpos($file, 'php_value auto_prepend_file')!=false)
683
- {
684
- echo("WAFConflicts");
685
- exit;
686
- }
687
-
688
- $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
689
- $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
690
- $cont .= '# END miniOrange WAF'.PHP_EOL;
691
- file_put_contents($dir_name, $cont);
692
-
693
- $filecontent = file_get_contents($dir_name);
694
-
695
- $dir_name = dirname(__FILE__);
696
- $dir_name1 = explode('wp-content', $dir_name);
697
- $dir_name = $dir_name1[0];
698
- $filepath = str_replace('\\', '/', $dir_name1[0]);
699
- $fileName = $filepath.'mo-check.php';
700
- $file = fopen($fileName, 'w+');
701
- $dir_name = dirname(__FILE__);
702
- $filepath = str_replace('\\', '/', $dir_name);
703
- $filepath = explode('controllers', $filepath);
704
- $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
705
-
706
- $string = '<?php'.PHP_EOL;
707
- $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
708
- $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
709
- $string .= '?>'.PHP_EOL;
710
-
711
- fwrite($file, $string);
712
- fclose($file);
713
-
714
- if(strpos($filecontent,'mo-check.php')!=false)
715
- {
716
- echo "HWAFEnabled";
717
- exit;
718
- }
719
- else
720
- {
721
- echo "HWAFEnabledFailed";
722
- exit;
723
- }
724
- }
725
- }
726
- else
727
- {
728
- update_option('WAF','wafDisable');
729
- if(isset($_POST['pluginWAF']))
730
- {
731
- if($_POST['pluginWAF'] == 'on')
732
- {
733
- update_option('WAFEnabled',1);
734
- update_option('WAF','PluginLevel');
735
- }
736
- }
737
- else
738
- update_option('WAFEnabled',0);
739
- $dir_name = dirname(__FILE__);
740
- $dirN = $dir_name;
741
- $dirN = str_replace('\\', '/', $dirN);
742
- $dirN = explode('wp-content', $dirN);
743
- $dir_name1 = explode('wp-content', $dir_name);
744
- $dir_name = $dir_name1[0];
745
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
746
- $dir_name00 = $dir_name1;
747
- $dir_name1 .='.htaccess';
748
- $file = file_get_contents($dir_name1);
749
-
750
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
751
- $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
752
- $cont .= '# END miniOrange WAF'.PHP_EOL;
753
- $file =str_replace($cont,'',$file);
754
- file_put_contents($dir_name1, $file);
755
-
756
- $filecontent = file_get_contents($dir_name1);
757
- if(strpos($filecontent,'mo-check.php')==false)
758
- {
759
- echo "HWAFdisabled";
760
- exit;
761
- }
762
- else
763
- {
764
- echo "HWAFdisabledFailed";
765
- exit;
766
- }
767
- }
768
-
769
-
770
- }
771
- private function savesql()
772
- {
773
- if(isset($_POST['SQL']))
774
- {
775
- if($_POST['SQL']=='on')
776
- {
777
- update_option('SQLInjection',1);
778
- $dir_name = dirname(__FILE__);
779
- $dir_name1 = explode('wp-content', $dir_name);
780
- $dir_name = $dir_name1[0];
781
- $filepath = str_replace('\\', '/', $dir_name1[0]);
782
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
783
-
784
- $file = file_get_contents($fileName);
785
- if(strpos($file, 'SQL')!=false)
786
- {
787
- $file = str_replace('$SQL=0;', '$SQL=1;', $file);
788
- file_put_contents($fileName,$file);
789
- }
790
- else
791
- {
792
- $content = explode('?>', $file);
793
- $file = $content[0];
794
- $file .= PHP_EOL;
795
- $file .= '$SQL=1;'.PHP_EOL;
796
- $file .='?>';
797
- file_put_contents($fileName,$file);
798
- }
799
- echo("SQLenable");
800
- exit;
801
-
802
- }
803
- }
804
- else
805
- {
806
- update_option('SQLInjection',0);
807
-
808
- $dir_name = dirname(__FILE__);
809
- $dir_name1 = explode('wp-content', $dir_name);
810
- $dir_name = $dir_name1[0];
811
- $filepath = str_replace('\\', '/', $dir_name1[0]);
812
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
813
-
814
- $file = file_get_contents($fileName);
815
- if(strpos($file, '$SQL')!=false)
816
- {
817
- $file = str_replace('$SQL=1;', '$SQL=0;', $file);
818
- file_put_contents($fileName,$file);
819
- }
820
- else
821
- {
822
- $content = explode('?>', $file);
823
- $file = $content[0];
824
- $file .= PHP_EOL;
825
- $file .= '$SQL=0;'.PHP_EOL;
826
- $file .='?>';
827
- file_put_contents($fileName,$file);
828
- }
829
-
830
- echo("SQLdisable");
831
- exit;
832
-
833
- }
834
-
835
- }
836
- private function saverce()
837
- {
838
- if(isset($_POST['RCE']))
839
- {
840
- if($_POST['RCE']=='on')
841
- {
842
- update_option('RCEAttack',1);
843
-
844
- $dir_name = dirname(__FILE__);
845
- $dir_name1 = explode('wp-content', $dir_name);
846
- $dir_name = $dir_name1[0];
847
- $filepath = str_replace('\\', '/', $dir_name1[0]);
848
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
849
-
850
- $file = file_get_contents($fileName);
851
- if(strpos($file, 'RCE')!=false)
852
- {
853
- $file = str_replace('$RCE=0;', '$RCE=1;', $file);
854
- file_put_contents($fileName,$file);
855
- }
856
- else
857
- {
858
- $content = explode('?>', $file);
859
- $file = $content[0];
860
- $file .= PHP_EOL;
861
- $file .= '$RCE=1;'.PHP_EOL;
862
- $file .='?>';
863
- file_put_contents($fileName,$file);
864
- }
865
- echo("RCEenable");
866
- exit;
867
- }
868
- }
869
- else
870
- {
871
- update_option('RCEAttack',0);
872
-
873
- $dir_name = dirname(__FILE__);
874
- $dir_name1 = explode('wp-content', $dir_name);
875
- $dir_name = $dir_name1[0];
876
- $filepath = str_replace('\\', '/', $dir_name1[0]);
877
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
878
-
879
- $file = file_get_contents($fileName);
880
- if(strpos($file, '$RCE')!=false)
881
- {
882
- $file = str_replace('$RCE=1;', '$RCE=0;', $file);
883
- file_put_contents($fileName,$file);
884
- }
885
- else
886
- {
887
- $content = explode('?>', $file);
888
- $file = $content[0];
889
- $file .= PHP_EOL;
890
- $file .= '$RCE=0;'.PHP_EOL;
891
- $file .='?>';
892
- file_put_contents($fileName,$file);
893
- }
894
- echo("RCEdisable");
895
- exit;
896
-
897
- }
898
-
899
- }
900
- private function savexss()
901
- {
902
- if(isset($_POST['XSS']))
903
- {
904
- if($_POST['XSS']=='on')
905
- {
906
- update_option('XSSAttack',1);
907
- $dir_name = dirname(__FILE__);
908
- $dir_name1 = explode('wp-content', $dir_name);
909
- $dir_name = $dir_name1[0];
910
- $filepath = str_replace('\\', '/', $dir_name1[0]);
911
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
912
-
913
- $file = file_get_contents($fileName);
914
- if(strpos($file, 'XSS')!=false)
915
- {
916
- $file = str_replace('$XSS=0;', '$XSS=1;', $file);
917
- file_put_contents($fileName,$file);
918
- }
919
- else
920
- {
921
- $content = explode('?>', $file);
922
- $file = $content[0];
923
- $file .= PHP_EOL;
924
- $file .= '$XSS=1;'.PHP_EOL;
925
- $file .='?>';
926
- file_put_contents($fileName,$file);
927
- }
928
- echo("XSSenable");
929
- exit;
930
- }
931
- }
932
- else
933
- {
934
- update_option('XSSAttack',0);
935
- $dir_name = dirname(__FILE__);
936
- $dir_name1 = explode('wp-content', $dir_name);
937
- $dir_name = $dir_name1[0];
938
- $filepath = str_replace('\\', '/', $dir_name1[0]);
939
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
940
-
941
- $file = file_get_contents($fileName);
942
- if(strpos($file, '$XSS')!=false)
943
- {
944
- $file = str_replace('$XSS=1;', '$XSS=0;', $file);
945
- file_put_contents($fileName,$file);
946
- }
947
- else
948
- {
949
- $content = explode('?>', $file);
950
- $file = $content[0];
951
- $file .= PHP_EOL;
952
- $file .= '$XSS=0;'.PHP_EOL;
953
- $file .='?>';
954
- file_put_contents($fileName,$file);
955
- }
956
- echo("XSSdisable");
957
- exit;
958
- }
959
-
960
- }
961
- private function savelfi()
962
- {
963
- if(isset($_POST['LFI']))
964
- {
965
- if($_POST['LFI']=='on')
966
- {
967
- update_option('LFIAttack',1);
968
- $dir_name = dirname(__FILE__);
969
- $dir_name1 = explode('wp-content', $dir_name);
970
- $dir_name = $dir_name1[0];
971
- $filepath = str_replace('\\', '/', $dir_name1[0]);
972
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
973
-
974
- $file = file_get_contents($fileName);
975
- if(strpos($file, 'LFI')!=false)
976
- {
977
- $file = str_replace("LFI=0;", "LFI=1;", $file);
978
- file_put_contents($fileName,$file);
979
- }
980
- else
981
- {
982
- $content = explode('?>', $file);
983
- $file = $content[0];
984
- $file .= PHP_EOL;
985
- $file .= '$LFI=1;'.PHP_EOL;
986
- $file .='?>';
987
- file_put_contents($fileName,$file);
988
- }
989
- $file = file_get_contents($fileName);
990
-
991
- echo("LFIenable");
992
- exit;
993
- }
994
- }
995
- else
996
- {
997
- update_option('LFIAttack',0);
998
- $dir_name = dirname(__FILE__);
999
- $dir_name1 = explode('wp-content', $dir_name);
1000
- $dir_name = $dir_name1[0];
1001
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1002
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1003
-
1004
- $file = file_get_contents($fileName);
1005
- if(strpos($file, '$LFI')!=false)
1006
- {
1007
- $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1008
- file_put_contents($fileName,$file);
1009
- }
1010
- else
1011
- {
1012
- $content = explode('?>', $file);
1013
- $file = $content[0];
1014
- $file .= PHP_EOL;
1015
- $file .= '$LFI=0;'.PHP_EOL;
1016
- $file .='?>';
1017
- file_put_contents($fileName,$file);
1018
- }
1019
- echo("LFIdisable");
1020
- exit;
1021
- }
1022
-
1023
- }
1024
- private function saverfi()
1025
- {
1026
- if(isset($_POST['RFI']))
1027
- {
1028
- if($_POST['RFI']=='on')
1029
- {
1030
- update_option('RFIAttack',1);
1031
- $dir_name = dirname(__FILE__);
1032
- $dir_name1 = explode('wp-content', $dir_name);
1033
- $dir_name = $dir_name1[0];
1034
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1035
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1036
-
1037
- $file = file_get_contents($fileName);
1038
- if(strpos($file, 'RFI')!=false)
1039
- {
1040
- $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1041
- file_put_contents($fileName,$file);
1042
- }
1043
- else
1044
- {
1045
- $content = explode('?>', $file);
1046
- $file = $content[0];
1047
- $file .= PHP_EOL;
1048
- $file .= '$RFI=1;'.PHP_EOL;
1049
- $file .='?>';
1050
- file_put_contents($fileName,$file);
1051
- }
1052
- echo("RFIenable");
1053
- exit;
1054
- }
1055
- }
1056
- else
1057
- {
1058
- update_option('RFIAttack',0);
1059
- $dir_name = dirname(__FILE__);
1060
- $dir_name1 = explode('wp-content', $dir_name);
1061
- $dir_name = $dir_name1[0];
1062
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1063
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1064
-
1065
- $file = file_get_contents($fileName);
1066
- if(strpos($file, '$RFI')!=false)
1067
- {
1068
- $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1069
- file_put_contents($fileName,$file);
1070
- }
1071
- else
1072
- {
1073
- $content = explode('?>', $file);
1074
- $file = $content[0];
1075
- $file .= PHP_EOL;
1076
- $file .= '$RFI=0;'.PHP_EOL;
1077
- $file .='?>';
1078
- file_put_contents($fileName,$file);
1079
- }
1080
- echo("RFIdisable");
1081
- exit;
1082
- }
1083
-
1084
- }
1085
- private function saveRateL()
1086
- {
1087
-
1088
- if($_POST['time']!='' && $_POST['req']!='')
1089
- {
1090
- if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1091
- {
1092
- $dir_name = dirname(__FILE__);
1093
- $dir_name1 = explode('wp-content', $dir_name);
1094
- $dir_name = $dir_name1[0];
1095
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1096
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1097
-
1098
- $file = file_get_contents($fileName);
1099
- $data = $file;
1100
- $time = sanitize_text_field($_POST['time']);
1101
- $req = sanitize_text_field($_POST['req']);
1102
- if($time>0 && $req >0)
1103
- {
1104
- update_option('Rate_time',$time);
1105
- update_option('Rate_request',$req);
1106
- update_option('Rate_limiting','1');
1107
-
1108
- if(strpos($file, 'RateLimiting')!=false)
1109
- {
1110
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1111
- $data = $file;
1112
- file_put_contents($fileName,$file);
1113
- }
1114
- else
1115
- {
1116
- $content = explode('?>', $file);
1117
- $file = $content[0];
1118
- $file .= PHP_EOL;
1119
- $file .= '$RateLimiting=1;'.PHP_EOL;
1120
- $file .='?>';
1121
- file_put_contents($fileName,$file);
1122
- $data = $file;
1123
- }
1124
-
1125
- $file = $data;
1126
- if(strpos($file, 'RequestsPMin')!=false)
1127
- {
1128
- $content = explode(PHP_EOL, $file);
1129
- $con = '';
1130
- $len = sizeof($content);
1131
-
1132
- for($i=0;$i<$len;$i++)
1133
- {
1134
- if(strpos($content[$i], 'RequestsPMin')!=false)
1135
- {
1136
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1137
- }
1138
- else
1139
- {
1140
- $con .= $content[$i].PHP_EOL;
1141
- }
1142
- }
1143
-
1144
- file_put_contents($fileName,$con);
1145
- $data = $con;
1146
-
1147
- }
1148
-
1149
- else
1150
- {
1151
- $content = explode('?>', $file);
1152
- $file = $content[0];
1153
- $file .= PHP_EOL;
1154
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1155
- $file .='?>';
1156
- file_put_contents($fileName,$file);
1157
- $data = $file;
1158
- }
1159
-
1160
-
1161
-
1162
- if($_POST['action']=='BlockIP')
1163
- {
1164
- update_option('actionRateL',1);
1165
-
1166
- $file = $data;
1167
- if(strpos($file, 'actionRateL')!=false)
1168
- {
1169
- $content = explode(PHP_EOL, $file);
1170
- $con = '';
1171
- foreach ($content as $line => $lineV) {
1172
- if(strpos($lineV, 'actionRateL')!=false)
1173
- {
1174
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
1175
- }
1176
- else
1177
- {
1178
- $con .= $lineV.PHP_EOL;
1179
- }
1180
- }
1181
- file_put_contents($fileName,$con);
1182
- }
1183
- else
1184
- {
1185
- $content = explode('?>', $file);
1186
- $file = $content[0];
1187
- $file .= PHP_EOL;
1188
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1189
- $file .='?>';
1190
- file_put_contents($fileName,$file);
1191
- $file = $data;
1192
- }
1193
- }
1194
- elseif($_POST['action']=='ThrottleIP')
1195
- {
1196
- $file = $data;
1197
- update_option('actionRateL',0);
1198
- if(strpos($file, 'actionRateL')!=false)
1199
- {
1200
- $content = explode(PHP_EOL, $file);
1201
- $con = '';
1202
- foreach ($content as $line => $lineV) {
1203
- if(strpos($lineV, 'actionRateL')!=false)
1204
- {
1205
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1206
- }
1207
- else
1208
- {
1209
- $con .= $lineV.PHP_EOL;
1210
- }
1211
- }
1212
- file_put_contents($fileName,$con);
1213
- }
1214
- else
1215
- {
1216
- $content = explode('?>', $file);
1217
- $file = $content[0];
1218
- $file .= PHP_EOL;
1219
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1220
- $file .='?>';
1221
- file_put_contents($fileName,$file);
1222
- }
1223
- }
1224
-
1225
- }
1226
-
1227
- }
1228
-
1229
- }
1230
-
1231
- }
1232
- private function disableRL()
1233
- {
1234
- update_option('Rate_limiting',0);
1235
-
1236
- $dir_name = dirname(__FILE__);
1237
- $dir_name1 = explode('wp-content', $dir_name);
1238
- $dir_name = $dir_name1[0];
1239
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1240
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1241
- $file = file_get_contents($fileName);
1242
-
1243
- if(strpos($file, 'RateLimiting')!=false)
1244
- {
1245
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1246
- file_put_contents($fileName,$file);
1247
- }
1248
- else
1249
- {
1250
- $content = explode('?>', $file);
1251
- $file = $content[0];
1252
- $file .= PHP_EOL;
1253
- $file .= '$RateLimiting=0;'.PHP_EOL;
1254
- $file .='?>';
1255
- file_put_contents($fileName,$file);
1256
- }
1257
-
1258
- }
1259
- private function backupHtaccess()
1260
- {
1261
- if(isset($_POST['htaccessWAF']))
1262
- {
1263
- if($_POST['htaccessWAF']=='on')
1264
- {
1265
- $dir_name = dirname(__FILE__);
1266
- $dirN = $dir_name;
1267
- $dirN = str_replace('\\', '/', $dirN);
1268
- $dir_name1 = explode('wp-content', $dir_name);
1269
- $dir_name = $dir_name1[0];
1270
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1271
- $dir_name =$dir_name1.'.htaccess';
1272
- $file = file_get_contents($dir_name);
1273
- $dir_backup = $dir_name1.'htaccess';
1274
- $handle = fopen($dir_backup, 'c+');
1275
- fwrite($handle,$file);
1276
- }
1277
- }
1278
- }
1279
- private function limitAttack()
1280
- {
1281
- if(isset($_POST['limitAttack']))
1282
- {
1283
- $value = sanitize_text_field($_POST['limitAttack']);
1284
- if($value>1)
1285
- {
1286
- update_option('limitAttack',$value);
1287
- echo "limitSaved";
1288
- exit;
1289
- }
1290
- else
1291
- {
1292
- echo "limitIsLT1";
1293
- exit;
1294
- }
1295
-
1296
- }
1297
- }
1298
-
1299
-
1300
-
1301
- function wpns_captcha_settings(){
1302
-
1303
- $nonce=sanitize_text_field($_POST['nonce']);
1304
- if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1305
- wp_send_json('ERROR');
1306
- return;
1307
- }
1308
-
1309
- $site_key = sanitize_text_field($_POST['site_key']);
1310
- $secret_key = sanitize_text_field($_POST['secret_key']);
1311
- $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1312
- $login_form_captcha = sanitize_text_field($_POST['login_form']);
1313
- $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1314
-
1315
- if((isset($_POST['version'])))
1316
- {
1317
- $mo2f_g_version = sanitize_text_field($_POST['version']);
1318
- }
1319
- else $mo2f_g_version='reCAPTCHA_v3';
1320
-
1321
- if($enable_captcha == 'true') $enable_captcha = "on";
1322
- else if($enable_captcha == 'false') $enable_captcha = "";
1323
-
1324
- if($login_form_captcha == 'true') $login_form_captcha = "on";
1325
- else if($login_form_captcha == 'false') $login_form_captcha = "";
1326
-
1327
- if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1328
- else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1329
-
1330
- if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1331
- wp_send_json('empty');
1332
- return;
1333
- }
1334
-
1335
-
1336
- if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1337
- wp_send_json('version_select');
1338
- return;
1339
- }
1340
- if($mo2f_g_version=='reCAPTCHA_v2')
1341
- {
1342
-
1343
- update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1344
- update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1345
- }
1346
- if($mo2f_g_version=='reCAPTCHA_v3')
1347
- {
1348
-
1349
- update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1350
- update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1351
- }
1352
-
1353
- update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1354
- update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1355
-
1356
-
1357
- if($enable_captcha == "on"){
1358
- update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1359
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1360
- update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1361
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1362
- update_site_option('recaptcha_notification_option',1);
1363
- wp_send_json('true');
1364
- }
1365
- else if($enable_captcha == ""){
1366
- update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1367
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1368
- update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1369
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1370
- wp_send_json('false');
1371
- }
1372
-
1373
- }
1374
-
1375
- function wpns_strong_password_settings(){
1376
- $nonce = $_POST['nonce'];
1377
- if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1378
- wp_send_json('ERROR');
1379
- return;
1380
- }
1381
- $enable_strong_pass = $_POST['enable_strong_pass'];
1382
- if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1383
- $strong_pass_accounts = $_POST['accounts_strong_pass'];
1384
- update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1385
- update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1386
- if($enable_strong_pass){
1387
- update_option('mo_wpns_enable_rename_login_url',"");
1388
- wp_send_json('true');
1389
- }
1390
- else{
1391
- wp_send_json('false');
1392
- }
1393
- }
1394
-
1395
- }
1396
- new wpns_ajax;
1397
-
1398
- ?>
1
+ <?php
2
+ class wpns_ajax
3
+ {
4
+ function __construct(){
5
+ //add comment here
6
+ add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
+ add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
+ }
9
+
10
+ function mo_login_security_ajax(){
11
+
12
+ add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
+ add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
+ add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
+ }
16
+
17
+ function mo2f_ajax(){
18
+ $GLOBALS['mo2f_is_ajax_request'] = true;
19
+ switch ($_POST['mo2f_ajax_option']) {
20
+ case "mo2f_ajax_kba":
21
+ $this->mo2f_ajax_kba();break;
22
+ case "mo2f_ajax_login":
23
+ $this->mo2f_ajax_login(); break;
24
+ case "mo2f_ajax_otp":
25
+ $this->mo2f_ajax_otp(); break;
26
+ }
27
+ }
28
+ function mo2fa_elementor_ajax_fun()
29
+ {
30
+
31
+ if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
+ $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
+ wp_send_json('ERROR');
35
+ }
36
+ if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
+ {
38
+ $info = array();
39
+ $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
+ $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
+ $info['remember'] = false;
42
+ $user_signon = wp_signon($info, false);
43
+ if (is_wp_error($user_signon)) {
44
+ wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
+ }
46
+ }
47
+ }
48
+ }
49
+ function wpns_login_security(){
50
+ switch($_POST['wpns_loginsecurity_ajax'])
51
+ {
52
+ case "wpns_bruteforce_form":
53
+ $this->wpns_handle_bf_configuration_form(); break;
54
+ case "wpns_save_captcha":
55
+ $this->wpns_captcha_settings();break;
56
+ case "save_strong_password":
57
+ $this->wpns_strong_password_settings();break;
58
+ case 'wpns_ManualIPBlock_form':
59
+ $this->wpns_handle_IP_blocking();break;
60
+ case 'wpns_WhitelistIP_form':
61
+ $this->wpns_whitelist_ip(); break;
62
+ case 'wpns_waf_settings_form':
63
+ $this->wpns_waf_settings_form(); break;
64
+ case 'wpns_waf_rate_limiting_form':
65
+ $this->wpns_waf_rate_limiting_form(); break;
66
+ case 'wpns_waf_realtime_ip_block_free':
67
+ $this->wpns_waf_realtime_ip_block_free();break;
68
+ case 'wpns_ip_lookup':
69
+ $this->wpns_ip_lookup(); break;
70
+ case 'wpns_all_plans':
71
+ $this->wpns_all_plans(); break;
72
+ case 'wpns_logout_form':
73
+ $this->wpns_logout_form(); break;
74
+ case 'wpns_check_transaction':
75
+ $this->wpns_check_transaction(); break;
76
+ case 'waf_settings_mail_form_notify':
77
+ $this->waf_settings_mail_form_notify(); break;
78
+ case 'waf_settings_IP_mail_form':
79
+ $this->waf_settings_IP_mail_form();break;
80
+ case 'update_plan':
81
+ $this->update_plan(); break;
82
+ }
83
+ }
84
+
85
+ function update_plan(){
86
+ $mo2f_all_plannames = $_POST['planname'];
87
+ $mo_2fa_plan_type = $_POST['planType'];
88
+ update_option('mo2f_planname', $mo2f_all_plannames);
89
+ if ($mo2f_all_plannames == 'addon_plan')
90
+ {
91
+ update_option('mo2f_planname', 'addon_plan');
92
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
+ }
94
+ elseif ($mo2f_all_plannames == '2fa_plan')
95
+ {
96
+ update_option('mo2f_planname', '2fa_plan');
97
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
+ }
99
+ }
100
+
101
+
102
+ function mo2f_ajax_otp(){
103
+ $obj = new Miniorange_Password_2Factor_Login();
104
+ $obj->check_miniorange_soft_token($_POST);
105
+ }
106
+ function mo2f_ajax_kba(){
107
+ $obj = new Miniorange_Password_2Factor_Login();
108
+ $obj->check_kba_validation($_POST);
109
+ }
110
+
111
+ function wpns_check_transaction()
112
+ {
113
+ $customerT = new Customer_Cloud_Setup();
114
+
115
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
116
+ if($content['status'] == 'SUCCESS')
117
+ {
118
+ update_site_option('mo2f_license_type','PREMIUM');
119
+ }
120
+ else
121
+ {
122
+ update_site_option('mo2f_license_type','DEMO');
123
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
+ }
125
+ if(isset($content['smsRemaining']))
126
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
+ else if($content['status'] =='SUCCESS')
128
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
+
130
+
131
+ if(isset($content['emailRemaining']))
132
+ {
133
+ $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
+ if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
+ {
136
+ $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
+ if($available_transaction>30)
138
+ $currentTransaction = $currentTransaction-$available_transaction;
139
+
140
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
+ }
143
+
144
+ }
145
+
146
+ }
147
+
148
+ function mo2f_ajax_login()
149
+ {
150
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
+ {
152
+ wp_send_json("ERROR");
153
+ exit;
154
+ }
155
+ else
156
+ {
157
+ $username = sanitize_text_field($_POST['username']);
158
+ $password = sanitize_text_field($_POST['password'] );
159
+ apply_filters( 'authenticate', null, $username, $password );
160
+ }
161
+ }
162
+ function wpns_logout_form()
163
+ {
164
+ global $moWpnsUtility;
165
+ if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
+ delete_option('mo2f_email');
167
+ }
168
+ delete_option('mo2f_customerKey');
169
+ delete_option('mo2f_api_key');
170
+ delete_option('mo2f_customer_token');
171
+ delete_option('mo_wpns_transactionId');
172
+ delete_site_option('EmailTransactionCurrent');
173
+ delete_option('mo_wpns_registration_status');
174
+ delete_option( 'mo_2factor_admin_registration_status' );
175
+
176
+ $two_fa_settings = new Miniorange_Authentication();
177
+ $two_fa_settings->mo_auth_deactivate();
178
+
179
+ }
180
+ // It is the new line added for the database updation
181
+ function waf_settings_mail_form_notify()
182
+ {
183
+ $nonce = sanitize_text_field($_POST['nonce']);
184
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
+ wp_send_json('ERROR');
186
+ return;
187
+ }
188
+ if(isset($_POST['S_mail']))
189
+ {
190
+ $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
+ update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
+ wp_send_json('true');
193
+ }
194
+ else{
195
+ wp_send_json('false');
196
+
197
+ }
198
+ }
199
+ function waf_settings_IP_mail_form()
200
+ {
201
+ $nonce = sanitize_text_field($_POST['nonce']);
202
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
+ wp_send_json('ERROR');
204
+ return;
205
+ }
206
+ $mo2f_mail_noyifying_IP = sanitize_text_field($_POST['Smail']);
207
+ update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
+ if($mo2f_mail_noyifying_IP == "on"){
209
+ wp_send_json('true');
210
+ }
211
+ else if($mo2f_mail_noyifying_IP == ""){
212
+ wp_send_json('false');
213
+ }
214
+ }
215
+ function wpns_all_plans()
216
+ {
217
+ $mo2f_all_plannames = $_POST['planname'];
218
+ $mo_2fa_plan_type = $_POST['planType'];
219
+ update_option('mo2f_planname', $mo2f_all_plannames);
220
+ if ($mo2f_all_plannames == 'addon_plan')
221
+ {
222
+ update_option('mo2f_planname', 'addon_plan');
223
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
+ }
225
+ elseif ($mo2f_all_plannames == '2fa_plan')
226
+ {
227
+ update_option('mo2f_planname', '2fa_plan');
228
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
+ }
230
+ }
231
+ function wpns_handle_bf_configuration_form(){
232
+
233
+ $nonce = $_POST['nonce'];
234
+ if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
+ wp_send_json('ERROR');
236
+ return;
237
+ }
238
+ $brute_force = $_POST['bf_enabled/disabled'];
239
+ if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
+ $login_attempts = $_POST['allwed_login_attempts'];
241
+ $blocking_type = $_POST['time_of_blocking_type'];
242
+ $blocking_value = isset($_POST['time_of_blocking_val']) ? $_POST['time_of_blocking_val'] : false;
243
+ $show_login_attempts= $_POST['show_remaining_attempts'];
244
+ if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
+ if($brute_force == 'on' && $login_attempts == "" ){
246
+ wp_send_json('empty');
247
+ return;
248
+ }
249
+ update_option( 'mo2f_enable_brute_force' , $brute_force );
250
+ update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
+ update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
+ update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
+ update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
+ if($brute_force == "on"){
255
+ update_site_option('bruteforce_notification_option',1);
256
+ wp_send_json('true');
257
+ }
258
+ else if($brute_force == ""){
259
+ wp_send_json('false');
260
+ }
261
+
262
+ }
263
+ function wpns_handle_IP_blocking()
264
+ {
265
+
266
+ global $mo2f_dirName;
267
+ if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
268
+ {
269
+ echo "NonceDidNotMatch";
270
+ exit;
271
+ }
272
+ else
273
+ {
274
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
275
+ }
276
+ }
277
+ function wpns_whitelist_ip()
278
+ {
279
+ global $mo2f_dirName;
280
+ if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
281
+ {
282
+ echo "NonceDidNotMatch";
283
+ exit;
284
+ }
285
+ else
286
+ {
287
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
288
+ }
289
+ }
290
+
291
+ function wpns_ip_lookup()
292
+ {
293
+
294
+ if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
295
+ {
296
+ echo "NonceDidNotMatch";
297
+ exit;
298
+ }
299
+ else
300
+ {
301
+ $ip = $_POST['IP'];
302
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
303
+ {
304
+ echo("INVALID_IP_FORMAT");
305
+ exit;
306
+ }
307
+ else if(! filter_var($ip, FILTER_VALIDATE_IP)){
308
+ echo("INVALID_IP");
309
+ exit;
310
+ }
311
+ $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
312
+ $hostname = gethostbyaddr($result["geoplugin_request"]);
313
+ try{
314
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
315
+ $timeoffset = $timeoffset/3600;
316
+
317
+ }catch(Exception $e){
318
+ $result["geoplugin_timezone"]="";
319
+ $timeoffset="";
320
+ }
321
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
322
+ if($result['geoplugin_request']==$ip) {
323
+
324
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
325
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
326
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
327
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
328
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
329
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
330
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
331
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
332
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
333
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
334
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
335
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
336
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
337
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
338
+
339
+ $result['ipDetails'] = $ipLookUpTemplate;
340
+ }else{
341
+ $result["ipDetails"]["status"]="ERROR";
342
+ }
343
+ wp_send_json( $result );
344
+ }
345
+ }
346
+ function wpns_waf_settings_form()
347
+ {
348
+ $dir_name = dirname(__FILE__);
349
+ $dir_name1 = explode('wp-content', $dir_name);
350
+ $dir_name = $dir_name1[0];
351
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
352
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
353
+
354
+ if(!file_exists($fileName))
355
+ {
356
+ $file = fopen($fileName, "a+");
357
+ $string = "<?php".PHP_EOL;
358
+ $string .= '$SQL=1;'.PHP_EOL;
359
+ $string .= '$XSS=1;'.PHP_EOL;
360
+ $string .= '$RCE=0;'.PHP_EOL;
361
+ $string .= '$LFI=0;'.PHP_EOL;
362
+ $string .= '$RFI=0;'.PHP_EOL;
363
+ $string .= '$RateLimiting=1;'.PHP_EOL;
364
+ $string .= '$RequestsPMin=120;'.PHP_EOL;
365
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
366
+ $string .= '?>'.PHP_EOL;
367
+
368
+ fwrite($file, $string);
369
+ fclose($file);
370
+ }
371
+ else
372
+ {
373
+ if(!is_writable($fileName) or !is_readable($fileName))
374
+ {
375
+ echo "FilePermissionDenied";
376
+ exit;
377
+ }
378
+ }
379
+
380
+ if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
381
+ {
382
+ var_dump("NonceDidNotMatch");
383
+ exit;
384
+ }
385
+ else
386
+ {
387
+ switch ($_POST['optionValue']) {
388
+ case "SQL":
389
+ $this->savesql(); break;
390
+ case "XSS":
391
+ $this->savexss(); break;
392
+ case "RCE":
393
+ $this->saverce(); break;
394
+ case "RFI":
395
+ $this->saverfi(); break;
396
+ case "LFI":
397
+ $this->savelfi(); break;
398
+ case "WAF":
399
+ $this->saveWAF(); break;
400
+ case "HWAF":
401
+ $this->saveHWAF(); break;
402
+ case "backupHtaccess":
403
+ $this->backupHtaccess(); break;
404
+ case "limitAttack":
405
+ $this->limitAttack(); break;
406
+ default:
407
+ break;
408
+ }
409
+
410
+ }
411
+
412
+ }
413
+ function wpns_waf_realtime_ip_block_free()
414
+ {
415
+ $nonce = sanitize_text_field($_POST['nonce']);
416
+ if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
417
+ {
418
+ echo "NonceDidNotMatch";
419
+ exit;
420
+ }
421
+ else
422
+ {
423
+ $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
424
+
425
+ if($mo2f_realtime_ip_block_free == 'on')
426
+ {
427
+ update_site_option('mo2f_realtime_ip_block_free',1);
428
+ if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
429
+ wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
430
+ }
431
+ wp_send_json('realtime_block_free_enable');
432
+ }
433
+ else
434
+ {
435
+ update_site_option('mo2f_realtime_ip_block_free',0);
436
+ $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
437
+ wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
438
+ wp_send_json('realtime_block_free_disable');
439
+ }
440
+
441
+
442
+ }
443
+
444
+ }
445
+ function wpns_waf_rate_limiting_form()
446
+ {
447
+ if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
448
+ {
449
+ echo "NonceDidNotMatch";
450
+ exit;
451
+ }
452
+ else
453
+ {
454
+ if(get_site_option('WAFEnabled') != 1)
455
+ {
456
+ echo "WAFNotEnabled";
457
+ exit;
458
+ }
459
+
460
+ if($_POST['Requests']!='')
461
+ {
462
+ if(is_numeric($_POST['Requests']))
463
+ {
464
+ $dir_name = dirname(__FILE__);
465
+ $dir_name1 = explode('wp-content', $dir_name);
466
+ $dir_name = $dir_name1[0];
467
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
468
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
469
+
470
+ $file = file_get_contents($fileName);
471
+ $data = $file;
472
+
473
+ $req = sanitize_text_field($_POST['Requests']);
474
+ if($req >1)
475
+ {
476
+ update_option('Rate_request',$req);
477
+ if(isset($_POST['rateCheck']))
478
+ {
479
+ if($_POST['rateCheck'] == 'on')
480
+ {
481
+ update_option('Rate_limiting','1');
482
+ echo "RateEnabled";
483
+ if(strpos($file, 'RateLimiting')!=false)
484
+ {
485
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
486
+ $data = $file;
487
+ file_put_contents($fileName,$file);
488
+
489
+ }
490
+ else
491
+ {
492
+ $content = explode('?>', $file);
493
+ $file = $content[0];
494
+ $file .= PHP_EOL;
495
+ $file .= '$RateLimiting=1;'.PHP_EOL;
496
+ $file .='?>';
497
+ file_put_contents($fileName,$file);
498
+ $data = $file;
499
+ }
500
+
501
+
502
+ }
503
+ }
504
+ else
505
+ {
506
+ update_option('Rate_limiting','0');
507
+ echo "Ratedisabled";
508
+ if(strpos($file, 'RateLimiting')!=false)
509
+ {
510
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
511
+ $data = $file;
512
+ file_put_contents($fileName,$file);
513
+ }
514
+ else
515
+ {
516
+ $content = explode('?>', $file);
517
+ $file = $content[0];
518
+ $file .= PHP_EOL;
519
+ $file .= '$RateLimiting=0;'.PHP_EOL;
520
+ $file .='?>';
521
+ file_put_contents($fileName,$file);
522
+ $data = $file;
523
+ }
524
+
525
+ }
526
+
527
+
528
+ $file = $data;
529
+ if(strpos($file, 'RequestsPMin')!=false)
530
+ {
531
+ $content = explode(PHP_EOL, $file);
532
+ $con = '';
533
+ $len = sizeof($content);
534
+
535
+ for($i=0;$i<$len;$i++)
536
+ {
537
+ if(strpos($content[$i], 'RequestsPMin')!=false)
538
+ {
539
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
540
+ }
541
+ else
542
+ {
543
+ $con .= $content[$i].PHP_EOL;
544
+ }
545
+ }
546
+
547
+ file_put_contents($fileName,$con);
548
+ $data = $con;
549
+
550
+ }
551
+
552
+ else
553
+ {
554
+ $content = explode('?>', $file);
555
+ $file = $content[0];
556
+ $file .= PHP_EOL;
557
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
558
+ $file .='?>';
559
+ file_put_contents($fileName,$file);
560
+ $data = $file;
561
+ }
562
+
563
+ if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
564
+ {
565
+ update_option('actionRateL',1);
566
+
567
+ $file = $data;
568
+ if(strpos($file, 'actionRateL')!=false)
569
+ {
570
+ $content = explode(PHP_EOL, $file);
571
+ $con = '';
572
+ foreach ($content as $line => $lineV) {
573
+ if(strpos($lineV, 'actionRateL')!=false)
574
+ {
575
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
576
+ }
577
+ else
578
+ {
579
+ $con .= $lineV.PHP_EOL;
580
+ }
581
+ }
582
+ file_put_contents($fileName,$con);
583
+ }
584
+ else
585
+ {
586
+ $content = explode('?>', $file);
587
+ $file = $content[0];
588
+ $file .= PHP_EOL;
589
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
590
+ $file .='?>';
591
+ file_put_contents($fileName,$file);
592
+ $file = $data;
593
+ }
594
+ }
595
+ else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
596
+ {
597
+
598
+ $file = $data;
599
+ update_option('actionRateL',0);
600
+ if(strpos($file, 'actionRateL')!=false)
601
+ {
602
+ $content = explode(PHP_EOL, $file);
603
+ $con = '';
604
+ foreach ($content as $line => $lineV) {
605
+ if(strpos($lineV, 'actionRateL')!=false)
606
+ {
607
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
608
+ }
609
+ else
610
+ {
611
+ $con .= $lineV.PHP_EOL;
612
+ }
613
+ }
614
+ file_put_contents($fileName,$con);
615
+ }
616
+ else
617
+ {
618
+ $content = explode('?>', $file);
619
+ $file = $content[0];
620
+ $file .= PHP_EOL;
621
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
622
+ $file .='?>';
623
+ file_put_contents($fileName,$file);
624
+ }
625
+ }
626
+
627
+ }
628
+ exit;
629
+ }
630
+
631
+
632
+
633
+ }
634
+ echo("Error");
635
+ exit;
636
+ }
637
+
638
+
639
+ }
640
+
641
+ private function saveWAF()
642
+ {
643
+ if(isset($_POST['pluginWAF']))
644
+ {
645
+ if($_POST['pluginWAF']=='on')
646
+ {
647
+ update_option('WAF','PluginLevel');
648
+ update_option('WAFEnabled','1');
649
+ echo("PWAFenabled");exit;
650
+ }
651
+ }
652
+ else
653
+ {
654
+ update_option('WAFEnabled','0');
655
+ update_option('WAF','wafDisable');
656
+ echo("PWAFdisabled");exit;
657
+ }
658
+ }
659
+ private function saveHWAF()
660
+ {
661
+ if(!function_exists('mysqli_connect'))
662
+ {
663
+ echo "mysqliDoesNotExit";
664
+ exit;
665
+ }
666
+ if(isset($_POST['htaccessWAF']))
667
+ {
668
+ if($_POST['htaccessWAF']=='on')
669
+ {
670
+ update_option('WAF','HtaccessLevel');
671
+ update_option('WAFEnabled','1');
672
+ $dir_name = dirname(__FILE__);
673
+ $dirN = $dir_name;
674
+ $dirN = str_replace('\\', '/', $dirN);
675
+ $dirN = str_replace('controllers', 'handler', $dirN);
676
+
677
+ $dir_name1 = explode('wp-content', $dir_name);
678
+ $dir_name = $dir_name1[0];
679
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
680
+ $dir_name .='.htaccess';
681
+ $file = file_get_contents($dir_name);
682
+ if(strpos($file, 'php_value auto_prepend_file')!=false)
683
+ {
684
+ echo("WAFConflicts");
685
+ exit;
686
+ }
687
+
688
+ $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
689
+ $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
690
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
691
+ file_put_contents($dir_name, $cont);
692
+
693
+ $filecontent = file_get_contents($dir_name);
694
+
695
+ $dir_name = dirname(__FILE__);
696
+ $dir_name1 = explode('wp-content', $dir_name);
697
+ $dir_name = $dir_name1[0];
698
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
699
+ $fileName = $filepath.'mo-check.php';
700
+ $file = fopen($fileName, 'w+');
701
+ $dir_name = dirname(__FILE__);
702
+ $filepath = str_replace('\\', '/', $dir_name);
703
+ $filepath = explode('controllers', $filepath);
704
+ $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
705
+
706
+ $string = '<?php'.PHP_EOL;
707
+ $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
708
+ $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
709
+ $string .= '?>'.PHP_EOL;
710
+
711
+ fwrite($file, $string);
712
+ fclose($file);
713
+
714
+ if(strpos($filecontent,'mo-check.php')!=false)
715
+ {
716
+ echo "HWAFEnabled";
717
+ exit;
718
+ }
719
+ else
720
+ {
721
+ echo "HWAFEnabledFailed";
722
+ exit;
723
+ }
724
+ }
725
+ }
726
+ else
727
+ {
728
+ update_option('WAF','wafDisable');
729
+ if(isset($_POST['pluginWAF']))
730
+ {
731
+ if($_POST['pluginWAF'] == 'on')
732
+ {
733
+ update_option('WAFEnabled',1);
734
+ update_option('WAF','PluginLevel');
735
+ }
736
+ }
737
+ else
738
+ update_option('WAFEnabled',0);
739
+ $dir_name = dirname(__FILE__);
740
+ $dirN = $dir_name;
741
+ $dirN = str_replace('\\', '/', $dirN);
742
+ $dirN = explode('wp-content', $dirN);
743
+ $dir_name1 = explode('wp-content', $dir_name);
744
+ $dir_name = $dir_name1[0];
745
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
746
+ $dir_name00 = $dir_name1;
747
+ $dir_name1 .='.htaccess';
748
+ $file = file_get_contents($dir_name1);
749
+
750
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
751
+ $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
752
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
753
+ $file =str_replace($cont,'',$file);
754
+ file_put_contents($dir_name1, $file);
755
+
756
+ $filecontent = file_get_contents($dir_name1);
757
+ if(strpos($filecontent,'mo-check.php')==false)
758
+ {
759
+ echo "HWAFdisabled";
760
+ exit;
761
+ }
762
+ else
763
+ {
764
+ echo "HWAFdisabledFailed";
765
+ exit;
766
+ }
767
+ }
768
+
769
+
770
+ }
771
+ private function savesql()
772
+ {
773
+ if(isset($_POST['SQL']))
774
+ {
775
+ if($_POST['SQL']=='on')
776
+ {
777
+ update_option('SQLInjection',1);
778
+ $dir_name = dirname(__FILE__);
779
+ $dir_name1 = explode('wp-content', $dir_name);
780
+ $dir_name = $dir_name1[0];
781
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
782
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
783
+
784
+ $file = file_get_contents($fileName);
785
+ if(strpos($file, 'SQL')!=false)
786
+ {
787
+ $file = str_replace('$SQL=0;', '$SQL=1;', $file);
788
+ file_put_contents($fileName,$file);
789
+ }
790
+ else
791
+ {
792
+ $content = explode('?>', $file);
793
+ $file = $content[0];
794
+ $file .= PHP_EOL;
795
+ $file .= '$SQL=1;'.PHP_EOL;
796
+ $file .='?>';
797
+ file_put_contents($fileName,$file);
798
+ }
799
+ echo("SQLenable");
800
+ exit;
801
+
802
+ }
803
+ }
804
+ else
805
+ {
806
+ update_option('SQLInjection',0);
807
+
808
+ $dir_name = dirname(__FILE__);
809
+ $dir_name1 = explode('wp-content', $dir_name);
810
+ $dir_name = $dir_name1[0];
811
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
812
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
813
+
814
+ $file = file_get_contents($fileName);
815
+ if(strpos($file, '$SQL')!=false)
816
+ {
817
+ $file = str_replace('$SQL=1;', '$SQL=0;', $file);
818
+ file_put_contents($fileName,$file);
819
+ }
820
+ else
821
+ {
822
+ $content = explode('?>', $file);
823
+ $file = $content[0];
824
+ $file .= PHP_EOL;
825
+ $file .= '$SQL=0;'.PHP_EOL;
826
+ $file .='?>';
827
+ file_put_contents($fileName,$file);
828
+ }
829
+
830
+ echo("SQLdisable");
831
+ exit;
832
+
833
+ }
834
+
835
+ }
836
+ private function saverce()
837
+ {
838
+ if(isset($_POST['RCE']))
839
+ {
840
+ if($_POST['RCE']=='on')
841
+ {
842
+ update_option('RCEAttack',1);
843
+
844
+ $dir_name = dirname(__FILE__);
845
+ $dir_name1 = explode('wp-content', $dir_name);
846
+ $dir_name = $dir_name1[0];
847
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
848
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
849
+
850
+ $file = file_get_contents($fileName);
851
+ if(strpos($file, 'RCE')!=false)
852
+ {
853
+ $file = str_replace('$RCE=0;', '$RCE=1;', $file);
854
+ file_put_contents($fileName,$file);
855
+ }
856
+ else
857
+ {
858
+ $content = explode('?>', $file);
859
+ $file = $content[0];
860
+ $file .= PHP_EOL;
861
+ $file .= '$RCE=1;'.PHP_EOL;
862
+ $file .='?>';
863
+ file_put_contents($fileName,$file);
864
+ }
865
+ echo("RCEenable");
866
+ exit;
867
+ }
868
+ }
869
+ else
870
+ {
871
+ update_option('RCEAttack',0);
872
+
873
+ $dir_name = dirname(__FILE__);
874
+ $dir_name1 = explode('wp-content', $dir_name);
875
+ $dir_name = $dir_name1[0];
876
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
877
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
878
+
879
+ $file = file_get_contents($fileName);
880
+ if(strpos($file, '$RCE')!=false)
881
+ {
882
+ $file = str_replace('$RCE=1;', '$RCE=0;', $file);
883
+ file_put_contents($fileName,$file);
884
+ }
885
+ else
886
+ {
887
+ $content = explode('?>', $file);
888
+ $file = $content[0];
889
+ $file .= PHP_EOL;
890
+ $file .= '$RCE=0;'.PHP_EOL;
891
+ $file .='?>';
892
+ file_put_contents($fileName,$file);
893
+ }
894
+ echo("RCEdisable");
895
+ exit;
896
+
897
+ }
898
+
899
+ }
900
+ private function savexss()
901
+ {
902
+ if(isset($_POST['XSS']))
903
+ {
904
+ if($_POST['XSS']=='on')
905
+ {
906
+ update_option('XSSAttack',1);
907
+ $dir_name = dirname(__FILE__);
908
+ $dir_name1 = explode('wp-content', $dir_name);
909
+ $dir_name = $dir_name1[0];
910
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
911
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
912
+
913
+ $file = file_get_contents($fileName);
914
+ if(strpos($file, 'XSS')!=false)
915
+ {
916
+ $file = str_replace('$XSS=0;', '$XSS=1;', $file);
917
+ file_put_contents($fileName,$file);
918
+ }
919
+ else
920
+ {
921
+ $content = explode('?>', $file);
922
+ $file = $content[0];
923
+ $file .= PHP_EOL;
924
+ $file .= '$XSS=1;'.PHP_EOL;
925
+ $file .='?>';
926
+ file_put_contents($fileName,$file);
927
+ }
928
+ echo("XSSenable");
929
+ exit;
930
+ }
931
+ }
932
+ else
933
+ {
934
+ update_option('XSSAttack',0);
935
+ $dir_name = dirname(__FILE__);
936
+ $dir_name1 = explode('wp-content', $dir_name);
937
+ $dir_name = $dir_name1[0];
938
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
939
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
940
+
941
+ $file = file_get_contents($fileName);
942
+ if(strpos($file, '$XSS')!=false)
943
+ {
944
+ $file = str_replace('$XSS=1;', '$XSS=0;', $file);
945
+ file_put_contents($fileName,$file);
946
+ }
947
+ else
948
+ {
949
+ $content = explode('?>', $file);
950
+ $file = $content[0];
951
+ $file .= PHP_EOL;
952
+ $file .= '$XSS=0;'.PHP_EOL;
953
+ $file .='?>';
954
+ file_put_contents($fileName,$file);
955
+ }
956
+ echo("XSSdisable");
957
+ exit;
958
+ }
959
+
960
+ }
961
+ private function savelfi()
962
+ {
963
+ if(isset($_POST['LFI']))
964
+ {
965
+ if($_POST['LFI']=='on')
966
+ {
967
+ update_option('LFIAttack',1);
968
+ $dir_name = dirname(__FILE__);
969
+ $dir_name1 = explode('wp-content', $dir_name);
970
+ $dir_name = $dir_name1[0];
971
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
972
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
973
+
974
+ $file = file_get_contents($fileName);
975
+ if(strpos($file, 'LFI')!=false)
976
+ {
977
+ $file = str_replace("LFI=0;", "LFI=1;", $file);
978
+ file_put_contents($fileName,$file);
979
+ }
980
+ else
981
+ {
982
+ $content = explode('?>', $file);
983
+ $file = $content[0];
984
+ $file .= PHP_EOL;
985
+ $file .= '$LFI=1;'.PHP_EOL;
986
+ $file .='?>';
987
+ file_put_contents($fileName,$file);
988
+ }
989
+ $file = file_get_contents($fileName);
990
+
991
+ echo("LFIenable");
992
+ exit;
993
+ }
994
+ }
995
+ else
996
+ {
997
+ update_option('LFIAttack',0);
998
+ $dir_name = dirname(__FILE__);
999
+ $dir_name1 = explode('wp-content', $dir_name);
1000
+ $dir_name = $dir_name1[0];
1001
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1002
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1003
+
1004
+ $file = file_get_contents($fileName);
1005
+ if(strpos($file, '$LFI')!=false)
1006
+ {
1007
+ $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1008
+ file_put_contents($fileName,$file);
1009
+ }
1010
+ else
1011
+ {
1012
+ $content = explode('?>', $file);
1013
+ $file = $content[0];
1014
+ $file .= PHP_EOL;
1015
+ $file .= '$LFI=0;'.PHP_EOL;
1016
+ $file .='?>';
1017
+ file_put_contents($fileName,$file);
1018
+ }
1019
+ echo("LFIdisable");
1020
+ exit;
1021
+ }
1022
+
1023
+ }
1024
+ private function saverfi()
1025
+ {
1026
+ if(isset($_POST['RFI']))
1027
+ {
1028
+ if($_POST['RFI']=='on')
1029
+ {
1030
+ update_option('RFIAttack',1);
1031
+ $dir_name = dirname(__FILE__);
1032
+ $dir_name1 = explode('wp-content', $dir_name);
1033
+ $dir_name = $dir_name1[0];
1034
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1035
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1036
+
1037
+ $file = file_get_contents($fileName);
1038
+ if(strpos($file, 'RFI')!=false)
1039
+ {
1040
+ $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1041
+ file_put_contents($fileName,$file);
1042
+ }
1043
+ else
1044
+ {
1045
+ $content = explode('?>', $file);
1046
+ $file = $content[0];
1047
+ $file .= PHP_EOL;
1048
+ $file .= '$RFI=1;'.PHP_EOL;
1049
+ $file .='?>';
1050
+ file_put_contents($fileName,$file);
1051
+ }
1052
+ echo("RFIenable");
1053
+ exit;
1054
+ }
1055
+ }
1056
+ else
1057
+ {
1058
+ update_option('RFIAttack',0);
1059
+ $dir_name = dirname(__FILE__);
1060
+ $dir_name1 = explode('wp-content', $dir_name);
1061
+ $dir_name = $dir_name1[0];
1062
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1063
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1064
+
1065
+ $file = file_get_contents($fileName);
1066
+ if(strpos($file, '$RFI')!=false)
1067
+ {
1068
+ $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1069
+ file_put_contents($fileName,$file);
1070
+ }
1071
+ else
1072
+ {
1073
+ $content = explode('?>', $file);
1074
+ $file = $content[0];
1075
+ $file .= PHP_EOL;
1076
+ $file .= '$RFI=0;'.PHP_EOL;
1077
+ $file .='?>';
1078
+ file_put_contents($fileName,$file);
1079
+ }
1080
+ echo("RFIdisable");
1081
+ exit;
1082
+ }
1083
+
1084
+ }
1085
+ private function saveRateL()
1086
+ {
1087
+
1088
+ if($_POST['time']!='' && $_POST['req']!='')
1089
+ {
1090
+ if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1091
+ {
1092
+ $dir_name = dirname(__FILE__);
1093
+ $dir_name1 = explode('wp-content', $dir_name);
1094
+ $dir_name = $dir_name1[0];
1095
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1096
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1097
+
1098
+ $file = file_get_contents($fileName);
1099
+ $data = $file;
1100
+ $time = sanitize_text_field($_POST['time']);
1101
+ $req = sanitize_text_field($_POST['req']);
1102
+ if($time>0 && $req >0)
1103
+ {
1104
+ update_option('Rate_time',$time);
1105
+ update_option('Rate_request',$req);
1106
+ update_option('Rate_limiting','1');
1107
+
1108
+ if(strpos($file, 'RateLimiting')!=false)
1109
+ {
1110
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1111
+ $data = $file;
1112
+ file_put_contents($fileName,$file);
1113
+ }
1114
+ else
1115
+ {
1116
+ $content = explode('?>', $file);
1117
+ $file = $content[0];
1118
+ $file .= PHP_EOL;
1119
+ $file .= '$RateLimiting=1;'.PHP_EOL;
1120
+ $file .='?>';
1121
+ file_put_contents($fileName,$file);
1122
+ $data = $file;
1123
+ }
1124
+
1125
+ $file = $data;
1126
+ if(strpos($file, 'RequestsPMin')!=false)
1127
+ {
1128
+ $content = explode(PHP_EOL, $file);
1129
+ $con = '';
1130
+ $len = sizeof($content);
1131
+
1132
+ for($i=0;$i<$len;$i++)
1133
+ {
1134
+ if(strpos($content[$i], 'RequestsPMin')!=false)
1135
+ {
1136
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1137
+ }
1138
+ else
1139
+ {
1140
+ $con .= $content[$i].PHP_EOL;
1141
+ }
1142
+ }
1143
+
1144
+ file_put_contents($fileName,$con);
1145
+ $data = $con;
1146
+
1147
+ }
1148
+
1149
+ else
1150
+ {
1151
+ $content = explode('?>', $file);
1152
+ $file = $content[0];
1153
+ $file .= PHP_EOL;
1154
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1155
+ $file .='?>';
1156
+ file_put_contents($fileName,$file);
1157
+ $data = $file;
1158
+ }
1159
+
1160
+
1161
+
1162
+ if($_POST['action']=='BlockIP')
1163
+ {
1164
+ update_option('actionRateL',1);
1165
+
1166
+ $file = $data;
1167
+ if(strpos($file, 'actionRateL')!=false)
1168
+ {
1169
+ $content = explode(PHP_EOL, $file);
1170
+ $con = '';
1171
+ foreach ($content as $line => $lineV) {
1172
+ if(strpos($lineV, 'actionRateL')!=false)
1173
+ {
1174
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
1175
+ }
1176
+ else
1177
+ {
1178
+ $con .= $lineV.PHP_EOL;
1179
+ }
1180
+ }
1181
+ file_put_contents($fileName,$con);
1182
+ }
1183
+ else
1184
+ {
1185
+ $content = explode('?>', $file);
1186
+ $file = $content[0];
1187
+ $file .= PHP_EOL;
1188
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1189
+ $file .='?>';
1190
+ file_put_contents($fileName,$file);
1191
+ $file = $data;
1192
+ }
1193
+ }
1194
+ elseif($_POST['action']=='ThrottleIP')
1195
+ {
1196
+ $file = $data;
1197
+ update_option('actionRateL',0);
1198
+ if(strpos($file, 'actionRateL')!=false)
1199
+ {
1200
+ $content = explode(PHP_EOL, $file);
1201
+ $con = '';
1202
+ foreach ($content as $line => $lineV) {
1203
+ if(strpos($lineV, 'actionRateL')!=false)
1204
+ {
1205
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1206
+ }
1207
+ else
1208
+ {
1209
+ $con .= $lineV.PHP_EOL;
1210
+ }
1211
+ }
1212
+ file_put_contents($fileName,$con);
1213
+ }
1214
+ else
1215
+ {
1216
+ $content = explode('?>', $file);
1217
+ $file = $content[0];
1218
+ $file .= PHP_EOL;
1219
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1220
+ $file .='?>';
1221
+ file_put_contents($fileName,$file);
1222
+ }
1223
+ }
1224
+
1225
+ }
1226
+
1227
+ }
1228
+
1229
+ }
1230
+
1231
+ }
1232
+ private function disableRL()
1233
+ {
1234
+ update_option('Rate_limiting',0);
1235
+
1236
+ $dir_name = dirname(__FILE__);
1237
+ $dir_name1 = explode('wp-content', $dir_name);
1238
+ $dir_name = $dir_name1[0];
1239
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1240
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1241
+ $file = file_get_contents($fileName);
1242
+
1243
+ if(strpos($file, 'RateLimiting')!=false)
1244
+ {
1245
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1246
+ file_put_contents($fileName,$file);
1247
+ }
1248
+ else
1249
+ {
1250
+ $content = explode('?>', $file);
1251
+ $file = $content[0];
1252
+ $file .= PHP_EOL;
1253
+ $file .= '$RateLimiting=0;'.PHP_EOL;
1254
+ $file .='?>';
1255
+ file_put_contents($fileName,$file);
1256
+ }
1257
+
1258
+ }
1259
+ private function backupHtaccess()
1260
+ {
1261
+ if(isset($_POST['htaccessWAF']))
1262
+ {
1263
+ if($_POST['htaccessWAF']=='on')
1264
+ {
1265
+ $dir_name = dirname(__FILE__);
1266
+ $dirN = $dir_name;
1267
+ $dirN = str_replace('\\', '/', $dirN);
1268
+ $dir_name1 = explode('wp-content', $dir_name);
1269
+ $dir_name = $dir_name1[0];
1270
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1271
+ $dir_name =$dir_name1.'.htaccess';
1272
+ $file = file_get_contents($dir_name);
1273
+ $dir_backup = $dir_name1.'htaccess';
1274
+ $handle = fopen($dir_backup, 'c+');
1275
+ fwrite($handle,$file);
1276
+ }
1277
+ }
1278
+ }
1279
+ private function limitAttack()
1280
+ {
1281
+ if(isset($_POST['limitAttack']))
1282
+ {
1283
+ $value = sanitize_text_field($_POST['limitAttack']);
1284
+ if($value>1)
1285
+ {
1286
+ update_option('limitAttack',$value);
1287
+ echo "limitSaved";
1288
+ exit;
1289
+ }
1290
+ else
1291
+ {
1292
+ echo "limitIsLT1";
1293
+ exit;
1294
+ }
1295
+
1296
+ }
1297
+ }
1298
+
1299
+
1300
+
1301
+ function wpns_captcha_settings(){
1302
+
1303
+ $nonce=sanitize_text_field($_POST['nonce']);
1304
+ if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1305
+ wp_send_json('ERROR');
1306
+ return;
1307
+ }
1308
+
1309
+ $site_key = sanitize_text_field($_POST['site_key']);
1310
+ $secret_key = sanitize_text_field($_POST['secret_key']);
1311
+ $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1312
+ $login_form_captcha = sanitize_text_field($_POST['login_form']);
1313
+ $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1314
+
1315
+ if((isset($_POST['version'])))
1316
+ {
1317
+ $mo2f_g_version = sanitize_text_field($_POST['version']);
1318
+ }
1319
+ else $mo2f_g_version='reCAPTCHA_v3';
1320
+
1321
+ if($enable_captcha == 'true') $enable_captcha = "on";
1322
+ else if($enable_captcha == 'false') $enable_captcha = "";
1323
+
1324
+ if($login_form_captcha == 'true') $login_form_captcha = "on";
1325
+ else if($login_form_captcha == 'false') $login_form_captcha = "";
1326
+
1327
+ if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1328
+ else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1329
+
1330
+ if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1331
+ wp_send_json('empty');
1332
+ return;
1333
+ }
1334
+
1335
+
1336
+ if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1337
+ wp_send_json('version_select');
1338
+ return;
1339
+ }
1340
+ if($mo2f_g_version=='reCAPTCHA_v2')
1341
+ {
1342
+
1343
+ update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1344
+ update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1345
+ }
1346
+ if($mo2f_g_version=='reCAPTCHA_v3')
1347
+ {
1348
+
1349
+ update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1350
+ update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1351
+ }
1352
+
1353
+ update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1354
+ update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1355
+
1356
+
1357
+ if($enable_captcha == "on"){
1358
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1359
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1360
+ update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1361
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1362
+ update_site_option('recaptcha_notification_option',1);
1363
+ wp_send_json('true');
1364
+ }
1365
+ else if($enable_captcha == ""){
1366
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1367
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1368
+ update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1369
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1370
+ wp_send_json('false');
1371
+ }
1372
+
1373
+ }
1374
+
1375
+ function wpns_strong_password_settings(){
1376
+ $nonce = $_POST['nonce'];
1377
+ if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1378
+ wp_send_json('ERROR');
1379
+ return;
1380
+ }
1381
+ $enable_strong_pass = $_POST['enable_strong_pass'];
1382
+ if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1383
+ $strong_pass_accounts = $_POST['accounts_strong_pass'];
1384
+ update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1385
+ update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1386
+ if($enable_strong_pass){
1387
+ update_option('mo_wpns_enable_rename_login_url',"");
1388
+ wp_send_json('true');
1389
+ }
1390
+ else{
1391
+ wp_send_json('false');
1392
+ }
1393
+ }
1394
+
1395
+ }
1396
+ new wpns_ajax;
1397
+
1398
+ ?>
database/database_functions.php CHANGED
@@ -1,873 +1,873 @@
1
- <?php
2
-
3
- require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
-
5
- class MoWpnsDB
6
- {
7
- private $transactionTable;
8
- private $blockedIPsTable;
9
- private $whitelistIPsTable;
10
- private $emailAuditTable;
11
- private $malwarereportTable;
12
- private $scanreportdetails;
13
- private $skipfiles;
14
- private $hashfile;
15
-
16
- function __construct()
17
- {
18
- global $wpdb;
19
- $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
- $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
- $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
- $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
- $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
- $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
- $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
- $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
- $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
- $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
- $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
- $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
- $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
- }
33
-
34
- function mo_plugin_activate()
35
- {
36
- global $wpdb;
37
- if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
- $this->generate_tables();
40
- } else {
41
- $current_db_version = get_option('mo_wpns_dbversion');
42
- if($current_db_version < MoWpnsConstants::DB_VERSION){
43
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
-
45
- }
46
- }
47
- }
48
-
49
- function generate_tables(){
50
- global $wpdb;
51
-
52
- $tableName = $this->transactionTable;
53
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
- {
55
- $sql = "CREATE TABLE " . $tableName . " (
56
- `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
- `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
- dbDelta($sql);
59
- }
60
-
61
- $tableName = $this->blockedIPsTable;
62
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
- {
64
- $sql = "CREATE TABLE " . $tableName . " (
65
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
- `created_timestamp` int, UNIQUE KEY id (id) );";
67
- dbDelta($sql);
68
- }
69
-
70
-
71
- $tableName = $this->whitelistIPsTable;
72
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
- {
74
- $sql = "CREATE TABLE " . $tableName . " (
75
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
- dbDelta($sql);
77
- }
78
-
79
- $tableName = $this->backupdetails;
80
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
- {
82
- $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
- `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
- dbDelta($sql);
85
- }
86
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
- if(is_null($result)){
88
- $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
- $results1 = $wpdb->query($sql);
90
- }
91
-
92
- $tableName = $this->emailAuditTable;
93
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
- {
95
- $sql = "CREATE TABLE " . $tableName . " (
96
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
- dbDelta($sql);
98
- }
99
- $tableName = $this->IPrateDetails;
100
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
- {
102
- $sql = "CREATE TABLE " . $tableName . " (
103
- ip varchar(20) , time bigint );";
104
- dbDelta($sql);
105
- }
106
-
107
- $tableName = $this->attackLogs;
108
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
- {
110
- $sql = "create table ". $tableName ." (
111
- ip varchar(20),
112
- type varchar(20),
113
- time bigint,
114
- input mediumtext );";
115
- //dbDelta($sql);
116
- $results = $wpdb->get_results($sql);
117
-
118
- }
119
- $tableName = $this->malwarereportTable;
120
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
- {
122
- $sql = "CREATE TABLE " . $tableName . " (
123
- `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
- dbDelta($sql);
125
- }
126
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
- if(is_null($result)){
128
- $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
- $results1 = $wpdb->query($sql);
130
- $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
- $resluts = $wpdb->query($sql1);
132
- }
133
-
134
-
135
- $tableName = $this->scanreportdetails;
136
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
- {
138
- $sql = "CREATE TABLE " . $tableName . " (
139
- `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
- dbDelta($sql);
141
- }
142
-
143
- $tableName = $this->skipfiles;
144
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
- {
146
- $sql = "CREATE TABLE " . $tableName . " (
147
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
- dbDelta($sql);
149
- }
150
-
151
- $tableName = $this->filescan;
152
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
- {
154
- $sql = "CREATE TABLE " . $tableName . " (
155
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
- dbDelta($sql);
157
- }
158
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
- if(is_null($result)){
160
- $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
- $results1 = $wpdb->query($sql);
162
- }
163
-
164
- $tableName = $this->hashfile;
165
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
- {
167
- $sql = "CREATE TABLE " . $tableName . " (
168
- `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
- dbDelta($sql);
170
- }
171
-
172
- $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
- $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
- $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
- if(empty($row1) && empty($row1) && empty($row1)){
176
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
- if($result){
178
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
- foreach ($report_ids as $key => $value) {
180
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
- $result = $this->mo_wpns_get_scan_count($scan_detail);
182
- $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
- }
184
- }
185
- }
186
- $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
- if(empty($rowhash)){
188
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
- }
190
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
- if(empty($result)){
192
- $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
- $results1 = $wpdb->query($sql);
194
- $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
- $resluts = $wpdb->query($sql1);
196
- }
197
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
- if(empty($result)){
199
- $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
- $results1 = $wpdb->query($sql);
201
- $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
- $resluts = $wpdb->query($sql1);
203
- }
204
- }
205
-
206
- function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
- global $wpdb;
208
- $wpdb->insert(
209
- $this->backupdetails,
210
- array(
211
- 'backup_id' =>$backup_id,
212
- 'file_name' =>$file_name,
213
- 'created_timestamp'=> $backup_created_timestamp,
214
- 'plugin_path' => $plugin_path
215
- ));
216
- }
217
-
218
- function get_table_content(){
219
- global $wpdb;
220
- return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
- }
222
-
223
- function get_number_of_plugin_backup(){
224
- global $wpdb;
225
-
226
- $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
- $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
- $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
- $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
- $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
- $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
-
233
- return $array;
234
- }
235
-
236
- function delete_file($id){
237
- global $wpdb;
238
- $wpdb->query(
239
- "DELETE FROM ".$this->backupdetails."
240
- WHERE id = ".$id
241
- );
242
- return;
243
- }
244
-
245
- function row_exist($id){
246
- global $wpdb;
247
- $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
- return $is_exist;
249
- }
250
-
251
- function get_ip_blocked_count($ipAddress)
252
- {
253
- global $wpdb;
254
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
- }
256
- function get_total_blocked_ips()
257
- {
258
- global $wpdb;
259
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
- }
261
- function get_total_manual_blocked_ips()
262
- {
263
- global $wpdb;
264
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
- }
266
- function get_total_blocked_ips_waf()
267
- {
268
- global $wpdb;
269
- $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
- return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
- }
272
- function get_blocked_attack_count($attack)
273
- {
274
- global $wpdb;
275
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
- }
277
-
278
- function get_count_of_blocked_ips(){
279
- global $wpdb;
280
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
- }
282
-
283
-
284
- function get_blocked_ip($entryid)
285
- {
286
- global $wpdb;
287
- return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
- }
289
-
290
- function get_blocked_ip_list()
291
- {
292
- global $wpdb;
293
- return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
- }
295
-
296
- function get_blocked_ips_realtime()
297
- {
298
- global $wpdb;
299
- return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
- }
301
- function get_blocked_attack_list($tableName)
302
- {
303
- global $wpdb;
304
- $tableName = $wpdb->base_prefix.$tableName;
305
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
- }
307
-
308
- function get_blocked_sqli_list()
309
- {
310
- global $wpdb;
311
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
- }
313
- function get_blocked_rfi_list()
314
- {
315
- global $wpdb;
316
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
- }
318
- function get_blocked_lfi_list()
319
- {
320
- global $wpdb;
321
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
- }
323
- function get_blocked_rce_list()
324
- {
325
- global $wpdb;
326
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
- }
328
- function get_blocked_xss_list()
329
- {
330
- global $wpdb;
331
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
- }
333
-
334
- function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
- {
336
- global $wpdb;
337
- $wpdb->insert(
338
- $this->blockedIPsTable,
339
- array(
340
- 'ip_address' => $ipAddress,
341
- 'reason' => $reason,
342
- 'blocked_for_time' => $blocked_for_time,
343
- 'created_timestamp' => current_time( 'timestamp' )
344
- )
345
- );
346
- return;
347
- }
348
-
349
- function delete_blocked_ip($entryid)
350
- {
351
- global $wpdb;
352
- $wpdb->query(
353
- "DELETE FROM ".$this->blockedIPsTable."
354
- WHERE id = ".$entryid
355
- );
356
- return;
357
- }
358
-
359
- function get_whitelisted_ip_count($ipAddress)
360
- {
361
- global $wpdb;
362
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
- }
364
-
365
- function insert_whitelisted_ip($ipAddress)
366
- {
367
- global $wpdb;
368
- $wpdb->insert(
369
- $this->whitelistIPsTable,
370
- array(
371
- 'ip_address' => $ipAddress,
372
- 'created_timestamp' => current_time( 'timestamp' )
373
- )
374
- );
375
- }
376
-
377
- function get_number_of_whitelisted_ips(){
378
- global $wpdb;
379
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
- }
381
-
382
- function delete_whitelisted_ip($entryid)
383
- {
384
- global $wpdb;
385
- $wpdb->query(
386
- "DELETE FROM ".$this->whitelistIPsTable."
387
- WHERE id = ".$entryid
388
- );
389
- return;
390
- }
391
-
392
- function get_whitelisted_ips_list()
393
- {
394
- global $wpdb;
395
- return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
- }
397
-
398
- function get_email_audit_count($ipAddress,$username)
399
- {
400
- global $wpdb;
401
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
- username='".$username."'" );
403
- }
404
-
405
- function insert_email_audit($ipAddress,$username,$reason)
406
- {
407
- global $wpdb;
408
- $wpdb->insert(
409
- $this->emailAuditTable,
410
- array(
411
- 'ip_address' => $ipAddress,
412
- 'username' => $username,
413
- 'reason' => $reason,
414
- 'created_timestamp' => current_time( 'timestamp' )
415
- )
416
- );
417
- return;
418
- }
419
-
420
- function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
- {
422
- global $wpdb;
423
- $data = array(
424
- 'ip_address' => $ipAddress,
425
- 'username' => $username,
426
- 'type' => $type,
427
- 'status' => $status,
428
- 'created_timestamp' => current_time( 'timestamp' )
429
- );
430
- $data['url'] = is_null($url) ? '' : $url;
431
- $wpdb->insert( $this->transactionTable, $data);
432
- return;
433
- }
434
-
435
- function get_transasction_list()
436
- {
437
- global $wpdb;
438
- return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
439
- }
440
-
441
- function get_login_transaction_report()
442
- {
443
- global $wpdb;
444
- return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
445
- }
446
-
447
- function get_error_transaction_report()
448
- {
449
- global $wpdb;
450
- return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
451
- }
452
-
453
- function update_transaction_table($where,$update)
454
- {
455
- global $wpdb;
456
-
457
- $sql = "UPDATE ".$this->transactionTable." SET ";
458
- $i = 0;
459
- foreach($update as $key=>$value)
460
- {
461
- if($i%2!=0)
462
- $sql .= ' , ';
463
- $sql .= $key."='".$value."'";
464
- $i++;
465
- }
466
- $sql .= " WHERE ";
467
- $i = 0;
468
- foreach($where as $key=>$value)
469
- {
470
- if($i%2!=0)
471
- $sql .= ' AND ';
472
- $sql .= $key."='".$value."'";
473
- $i++;
474
- }
475
-
476
- $wpdb->query($sql);
477
- return;
478
- }
479
-
480
- function get_count_of_attacks_blocked(){
481
- global $wpdb;
482
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
483
- }
484
-
485
- function get_failed_transaction_count($ipAddress)
486
- {
487
- global $wpdb;
488
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
489
- AND status = '".MoWpnsConstants::FAILED."'" );
490
- }
491
-
492
- function delete_transaction($ipAddress)
493
- {
494
- global $wpdb;
495
- $wpdb->query(
496
- "DELETE FROM ".$this->transactionTable."
497
- WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
498
- );
499
- return;
500
- }
501
-
502
- function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
503
- global $wpdb;
504
- $wpdb->insert(
505
- $this->malwarereportTable,
506
- array(
507
- 'scan_mode' => $scan_type,
508
- 'scanned_folders' => $folderNames,
509
- 'scanned_files' => 0,
510
- 'start_timestamp' => $start_timestamp,
511
- 'malware_count' => 0,
512
- 'repo_issues' => $repo_check_status_code,
513
- 'malicious_links' => 0
514
- )
515
- );
516
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
517
- if($result){
518
- $record = $result[0];
519
- return $record->id;
520
- }
521
- }
522
-
523
- function mo2f_update_net_issue($reportid){
524
- global $wpdb;
525
- $wpdb->update(
526
- $this->malwarereportTable,
527
- array(
528
- 'net_connection' => 1
529
- ),
530
- array(
531
- 'id' => $reportid
532
- )
533
- );
534
- }
535
-
536
- function mo2f_update_repo_issue($reportid, $issue){
537
- global $wpdb;
538
- $wpdb->update(
539
- $this->malwarereportTable,
540
- array(
541
- 'repo_key' => $issue
542
- ),
543
- array(
544
- 'id' => $reportid
545
- )
546
- );
547
- }
548
-
549
- function add_report_details($reportid, $filename, $report){
550
- global $wpdb;
551
- $wpdb->insert(
552
- $this->scanreportdetails,
553
- array(
554
- 'report_id' => $reportid,
555
- 'filename' => $filename,
556
- 'report' => serialize($report),
557
- 'created_timestamp' => current_time('timestamp')
558
- )
559
- );
560
- }
561
-
562
- function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
563
- global $wpdb;
564
- $wpdb->query(
565
- "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
566
- );
567
- }
568
-
569
- function count_files(){
570
- global $wpdb;
571
- $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
572
- return $sql[0]->scan_count;
573
- }
574
-
575
- function count_malicious_files(){
576
- global $wpdb;
577
- $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
578
- return $sql[0]->total_mal;
579
- }
580
-
581
- function count_files_last_scan($reportid){
582
- global $wpdb;
583
- $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
584
- return $sql[0]->scanned_files;
585
- }
586
-
587
- function count_malicious_last_scan($reportid){
588
- global $wpdb;
589
- $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
590
- return $sql[0]->mal_file;
591
- }
592
-
593
- function check_hash($hash_of_file){
594
- global $wpdb;
595
- $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
596
- $result=$wpdb->get_results( $sql );
597
- return $result;
598
- }
599
-
600
- function insert_hash($source_file_path,$hash_of_file, $scan_data){
601
- global $wpdb;
602
- $source_file_path = addslashes($source_file_path);
603
- $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
604
- $res=$wpdb->query( $query );
605
- }
606
-
607
- function update_hash($source_file_path, $hash_of_file, $scan_data){
608
- global $wpdb;
609
- $source_file_path = addslashes($source_file_path);
610
- $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
611
- $res=$wpdb->query( $query );
612
- }
613
-
614
- function delete_hash($source_file_path){
615
- global $wpdb;
616
- $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
617
- $res=$wpdb->query( $query );
618
- }
619
-
620
- function get_infected_file($filename){
621
- global $wpdb;
622
- $filename = addslashes($filename);
623
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
624
- return $result;
625
- }
626
-
627
- function insert_files_in_parts($file_path_array){
628
- global $wpdb;
629
- if(!empty($file_path_array)){
630
- $size=sizeof($file_path_array);
631
- $default=0;
632
- $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
633
- for ($i=1; $i <= $size ; $i++) {
634
- $value= $file_path_array[$i];
635
- $file_path = $value['file'];
636
- $file_path = addslashes($file_path);
637
- $hash_value= md5($file_path);
638
- $repo_key = $value['key'];
639
- $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
640
- if($i < $size){
641
- $query.= ",";
642
- }
643
- }
644
- $query.=";";
645
- $res=$wpdb->query( $query );
646
- }
647
- }
648
-
649
- function update_files_scan($file_path_array, $file_count){
650
- global $wpdb;
651
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
652
- for ($i=0; $i < $file_count ; $i++) {
653
- $value= $file_path_array[$i]->path;
654
- $value = addslashes($value);
655
- $value = md5($value);
656
- $query.= "('".$value."', 1)";
657
- if($i < $file_count-1){
658
- $query.= ",";
659
- }
660
- }
661
- $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
662
- $res=$wpdb->query( $query );
663
- }
664
-
665
- function update_files_scan_ext_link($file_path_array, $file_count){
666
- global $wpdb;
667
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
668
- for ($i=0; $i < $file_count ; $i++) {
669
- $value= $file_path_array[$i]->path;
670
- $value = addslashes($value);
671
- $value = md5($value);
672
- $query.= "('".$value."', 1)";
673
- if($i < $file_count-1){
674
- $query.= ",";
675
- }
676
- }
677
- $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
678
- $res=$wpdb->query( $query );
679
- }
680
-
681
- function update_files_scan_repo($file_path_array, $file_count){
682
- global $wpdb;
683
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
684
- for ($i=0; $i < $file_count ; $i++) {
685
- $value= $file_path_array[$i]->path;
686
- $value = addslashes($value);
687
- $value = md5($value);
688
- $query.= "('".$value."', 1)";
689
- if($i < $file_count-1){
690
- $query.= ",";
691
- }
692
- }
693
- $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
694
- $res=$wpdb->query( $query );
695
- }
696
-
697
- function get_files_in_parts(){
698
- global $wpdb;
699
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
700
- $result=$wpdb->get_results($sql);
701
- return $result;
702
- }
703
-
704
- function get_files_for_link(){
705
- global $wpdb;
706
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
707
- $result=$wpdb->get_results($sql);
708
- return $result;
709
- }
710
-
711
- function get_files_for_repo($repo_key){
712
- global $wpdb;
713
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
714
- $result=$wpdb->get_results($sql);
715
- return $result;
716
- }
717
-
718
- function delete_files_parts(){
719
- global $wpdb;
720
- $sql= "TRUNCATE TABLE ".$this->filescan.";";
721
- $res=$wpdb->query($sql);
722
- }
723
-
724
- function get_last_id(){
725
- global $wpdb;
726
- $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
727
- return $result;
728
- }
729
-
730
- function get_report_with_id($reportid){
731
- global $wpdb;
732
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
733
- return $result;
734
- }
735
-
736
- function delete_report($reportid){
737
- global $wpdb;
738
- $wpdb->query(
739
- "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
740
- );
741
- $warning_count=0;
742
- $malware_count=0;
743
- $last_id=$this->get_last_id();
744
- $send_id=$last_id[0]->max;
745
- if(!is_null($send_id)){
746
- $res = $this->get_report_with_id($send_id);
747
- $record = $res[0];
748
- if($record->malware_count >= 0){
749
- $malware_count = $record->malware_count;
750
- }
751
- if($record->repo_issues < 0){
752
- $warning_count = $record->malicious_links;
753
- }else{
754
- $warning_count = $record->repo_issues + $record->malicious_links;
755
- }
756
- }
757
-
758
- update_option('mo_wpns_infected_files', $malware_count);
759
- update_option('mo_wpns_warning_files', $warning_count);
760
-
761
- }
762
-
763
- function get_report(){
764
- global $wpdb;
765
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
766
- return $result;
767
- }
768
-
769
- function get_vulnerable_files_count_for_reportid($reportid){
770
- global $wpdb;
771
- $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
772
- return $result;
773
- }
774
-
775
- function ignorefile($filename){
776
- $signature = md5_file($filename);
777
- global $wpdb;
778
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
779
- if($result){
780
- $wpdb->query(
781
- "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
782
- );
783
- } else {
784
- $wpdb->insert(
785
- $this->skipfiles,
786
- array(
787
- 'path' => $filename,
788
- 'signature' => $signature,
789
- 'created_timestamp' => current_time('timestamp')
790
- )
791
- );
792
- }
793
- }
794
-
795
- function ignorechangedfile($recordId){
796
- global $wpdb;
797
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
798
- if($result){
799
- $record = $result[0];
800
- $signature = md5_file($record->path);
801
- $wpdb->query(
802
- "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
803
- );
804
- }
805
- }
806
-
807
- function getlistofignorefiles(){
808
- global $wpdb;
809
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
810
- return $result;
811
- }
812
-
813
- function get_detail_report_with_id($reportid){
814
- global $wpdb;
815
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
816
- return $result;
817
- }
818
-
819
- function mo_wpns_upgrade_process_complete(){
820
- $current_db_version = get_option('mo_wpns_dbversion');
821
- if($current_db_version < MoWpnsConstants::DB_VERSION){
822
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
823
- $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
824
- if(empty($row)){
825
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
826
- if($result){
827
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
828
- foreach ($report_ids as $key => $value) {
829
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
830
- $result = $this->mo_wpns_get_scan_count($scan_detail);
831
- $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
832
- }
833
- }
834
- }
835
- $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
836
- if(empty($rowhash)){
837
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
838
- }
839
- }
840
- }
841
-
842
- function mo_wpns_get_scan_count($result){
843
- $scan_count = 0;
844
- $repo_count = 0;
845
- $link_count = 0;
846
- $total = 0;
847
- foreach ($result as $key => $value) {
848
- $total+=1;
849
- $temp = unserialize($result[$key]->report);
850
- if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
851
- $scan_count++;
852
- $repo_count++;
853
- $link_count++;
854
- }else if(isset($temp['scan'])&&isset($temp['repo'])){
855
- $scan_count++;
856
- $repo_count++;
857
- }else if(isset($temp['scan'])&&isset($temp['extl'])){
858
- $scan_count++;
859
- $link_count++;
860
- }else if(isset($temp['repo'])&&isset($temp['extl'])){
861
- $repo_count++;
862
- $link_count++;
863
- }else if(isset($temp['scan'])){
864
- $scan_count++;
865
- }else if(isset($temp['repo'])){
866
- $repo_count++;
867
- }else if(isset($temp['extl'])){
868
- $link_count++;
869
- }
870
- }
871
- return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
872
- }
873
  }
1
+ <?php
2
+
3
+ require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
+
5
+ class MoWpnsDB
6
+ {
7
+ private $transactionTable;
8
+ private $blockedIPsTable;
9
+ private $whitelistIPsTable;
10
+ private $emailAuditTable;
11
+ private $malwarereportTable;
12
+ private $scanreportdetails;
13
+ private $skipfiles;
14
+ private $hashfile;
15
+
16
+ function __construct()
17
+ {
18
+ global $wpdb;
19
+ $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
+ $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
+ $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
+ $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
+ $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
+ $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
+ $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
+ $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
+ $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
+ $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
+ $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
+ $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
+ $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
+ }
33
+
34
+ function mo_plugin_activate()
35
+ {
36
+ global $wpdb;
37
+ if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
+ $this->generate_tables();
40
+ } else {
41
+ $current_db_version = get_option('mo_wpns_dbversion');
42
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
43
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
+
45
+ }
46
+ }
47
+ }
48
+
49
+ function generate_tables(){
50
+ global $wpdb;
51
+
52
+ $tableName = $this->transactionTable;
53
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
+ {
55
+ $sql = "CREATE TABLE " . $tableName . " (
56
+ `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
+ `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
+ dbDelta($sql);
59
+ }
60
+
61
+ $tableName = $this->blockedIPsTable;
62
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
+ {
64
+ $sql = "CREATE TABLE " . $tableName . " (
65
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
+ `created_timestamp` int, UNIQUE KEY id (id) );";
67
+ dbDelta($sql);
68
+ }
69
+
70
+
71
+ $tableName = $this->whitelistIPsTable;
72
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
+ {
74
+ $sql = "CREATE TABLE " . $tableName . " (
75
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
+ dbDelta($sql);
77
+ }
78
+
79
+ $tableName = $this->backupdetails;
80
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
+ {
82
+ $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
+ `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
+ dbDelta($sql);
85
+ }
86
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
+ if(is_null($result)){
88
+ $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
+ $results1 = $wpdb->query($sql);
90
+ }
91
+
92
+ $tableName = $this->emailAuditTable;
93
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
+ {
95
+ $sql = "CREATE TABLE " . $tableName . " (
96
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
+ dbDelta($sql);
98
+ }
99
+ $tableName = $this->IPrateDetails;
100
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
+ {
102
+ $sql = "CREATE TABLE " . $tableName . " (
103
+ ip varchar(20) , time bigint );";
104
+ dbDelta($sql);
105
+ }
106
+
107
+ $tableName = $this->attackLogs;
108
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
+ {
110
+ $sql = "create table ". $tableName ." (
111
+ ip varchar(20),
112
+ type varchar(20),
113
+ time bigint,
114
+ input mediumtext );";
115
+ //dbDelta($sql);
116
+ $results = $wpdb->get_results($sql);
117
+
118
+ }
119
+ $tableName = $this->malwarereportTable;
120
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
+ {
122
+ $sql = "CREATE TABLE " . $tableName . " (
123
+ `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
+ dbDelta($sql);
125
+ }
126
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
+ if(is_null($result)){
128
+ $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
+ $results1 = $wpdb->query($sql);
130
+ $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
+ $resluts = $wpdb->query($sql1);
132
+ }
133
+
134
+
135
+ $tableName = $this->scanreportdetails;
136
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
+ {
138
+ $sql = "CREATE TABLE " . $tableName . " (
139
+ `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
+ dbDelta($sql);
141
+ }
142
+
143
+ $tableName = $this->skipfiles;
144
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
+ {
146
+ $sql = "CREATE TABLE " . $tableName . " (
147
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
+ dbDelta($sql);
149
+ }
150
+
151
+ $tableName = $this->filescan;
152
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
+ {
154
+ $sql = "CREATE TABLE " . $tableName . " (
155
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
+ dbDelta($sql);
157
+ }
158
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
+ if(is_null($result)){
160
+ $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
+ $results1 = $wpdb->query($sql);
162
+ }
163
+
164
+ $tableName = $this->hashfile;
165
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
+ {
167
+ $sql = "CREATE TABLE " . $tableName . " (
168
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
+ dbDelta($sql);
170
+ }
171
+
172
+ $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
+ $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
+ $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
+ if(empty($row1) && empty($row1) && empty($row1)){
176
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
+ if($result){
178
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
+ foreach ($report_ids as $key => $value) {
180
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
182
+ $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
+ }
184
+ }
185
+ }
186
+ $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
+ if(empty($rowhash)){
188
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
+ }
190
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
+ if(empty($result)){
192
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
+ $results1 = $wpdb->query($sql);
194
+ $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
+ $resluts = $wpdb->query($sql1);
196
+ }
197
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
+ if(empty($result)){
199
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
+ $results1 = $wpdb->query($sql);
201
+ $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
+ $resluts = $wpdb->query($sql1);
203
+ }
204
+ }
205
+
206
+ function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
+ global $wpdb;
208
+ $wpdb->insert(
209
+ $this->backupdetails,
210
+ array(
211
+ 'backup_id' =>$backup_id,
212
+ 'file_name' =>$file_name,
213
+ 'created_timestamp'=> $backup_created_timestamp,
214
+ 'plugin_path' => $plugin_path
215
+ ));
216
+ }
217
+
218
+ function get_table_content(){
219
+ global $wpdb;
220
+ return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
+ }
222
+
223
+ function get_number_of_plugin_backup(){
224
+ global $wpdb;
225
+
226
+ $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
+ $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
+ $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
+ $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
+ $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
+ $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
+
233
+ return $array;
234
+ }
235
+
236
+ function delete_file($id){
237
+ global $wpdb;
238
+ $wpdb->query(
239
+ "DELETE FROM ".$this->backupdetails."
240
+ WHERE id = ".$id
241
+ );
242
+ return;
243
+ }
244
+
245
+ function row_exist($id){
246
+ global $wpdb;
247
+ $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
+ return $is_exist;
249
+ }
250
+
251
+ function get_ip_blocked_count($ipAddress)
252
+ {
253
+ global $wpdb;
254
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
+ }
256
+ function get_total_blocked_ips()
257
+ {
258
+ global $wpdb;
259
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
+ }
261
+ function get_total_manual_blocked_ips()
262
+ {
263
+ global $wpdb;
264
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
+ }
266
+ function get_total_blocked_ips_waf()
267
+ {
268
+ global $wpdb;
269
+ $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
+ return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
+ }
272
+ function get_blocked_attack_count($attack)
273
+ {
274
+ global $wpdb;
275
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
+ }
277
+
278
+ function get_count_of_blocked_ips(){
279
+ global $wpdb;
280
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
+ }
282
+
283
+
284
+ function get_blocked_ip($entryid)
285
+ {
286
+ global $wpdb;
287
+ return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
+ }
289
+
290
+ function get_blocked_ip_list()
291
+ {
292
+ global $wpdb;
293
+ return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
+ }
295
+
296
+ function get_blocked_ips_realtime()
297
+ {
298
+ global $wpdb;
299
+ return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
+ }
301
+ function get_blocked_attack_list($tableName)
302
+ {
303
+ global $wpdb;
304
+ $tableName = $wpdb->base_prefix.$tableName;
305
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
+ }
307
+
308
+ function get_blocked_sqli_list()
309
+ {
310
+ global $wpdb;
311
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
+ }
313
+ function get_blocked_rfi_list()
314
+ {
315
+ global $wpdb;
316
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
+ }
318
+ function get_blocked_lfi_list()
319
+ {
320
+ global $wpdb;
321
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
+ }
323
+ function get_blocked_rce_list()
324
+ {
325
+ global $wpdb;
326
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
+ }
328
+ function get_blocked_xss_list()
329
+ {
330
+ global $wpdb;
331
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
+ }
333
+
334
+ function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
+ {
336
+ global $wpdb;
337
+ $wpdb->insert(
338
+ $this->blockedIPsTable,
339
+ array(
340
+ 'ip_address' => $ipAddress,
341
+ 'reason' => $reason,
342
+ 'blocked_for_time' => $blocked_for_time,
343
+ 'created_timestamp' => current_time( 'timestamp' )
344
+ )
345
+ );
346
+ return;
347
+ }
348
+
349
+ function delete_blocked_ip($entryid)
350
+ {
351
+ global $wpdb;
352
+ $wpdb->query(
353
+ "DELETE FROM ".$this->blockedIPsTable."
354
+ WHERE id = ".$entryid
355
+ );
356
+ return;
357
+ }
358
+
359
+ function get_whitelisted_ip_count($ipAddress)
360
+ {
361
+ global $wpdb;
362
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
+ }
364
+
365
+ function insert_whitelisted_ip($ipAddress)
366
+ {
367
+ global $wpdb;
368
+ $wpdb->insert(
369
+ $this->whitelistIPsTable,
370
+ array(
371
+ 'ip_address' => $ipAddress,
372
+ 'created_timestamp' => current_time( 'timestamp' )
373
+ )
374
+ );
375
+ }
376
+
377
+ function get_number_of_whitelisted_ips(){
378
+ global $wpdb;
379
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
+ }
381
+
382
+ function delete_whitelisted_ip($entryid)
383
+ {
384
+ global $wpdb;
385
+ $wpdb->query(
386
+ "DELETE FROM ".$this->whitelistIPsTable."
387
+ WHERE id = ".$entryid
388
+ );
389
+ return;
390
+ }
391
+
392
+ function get_whitelisted_ips_list()
393
+ {
394
+ global $wpdb;
395
+ return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
+ }
397
+
398
+ function get_email_audit_count($ipAddress,$username)
399
+ {
400
+ global $wpdb;
401
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
+ username='".$username."'" );
403
+ }
404
+
405
+ function insert_email_audit($ipAddress,$username,$reason)
406
+ {
407
+ global $wpdb;
408
+ $wpdb->insert(
409
+ $this->emailAuditTable,
410
+ array(
411
+ 'ip_address' => $ipAddress,
412
+ 'username' => $username,
413
+ 'reason' => $reason,
414
+ 'created_timestamp' => current_time( 'timestamp' )
415
+ )
416
+ );
417
+ return;
418
+ }
419
+
420
+ function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
+ {
422
+ global $wpdb;
423
+ $data = array(
424
+ 'ip_address' => $ipAddress,
425
+ 'username' => $username,
426
+ 'type' => $type,
427
+ 'status' => $status,
428
+ 'created_timestamp' => current_time( 'timestamp' )
429
+ );
430
+ $data['url'] = is_null($url) ? '' : $url;
431
+ $wpdb->insert( $this->transactionTable, $data);
432
+ return;
433
+ }
434
+
435
+ function get_transasction_list()
436
+ {
437
+ global $wpdb;
438
+ return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
439
+ }
440
+
441
+ function get_login_transaction_report()
442
+ {
443
+ global $wpdb;
444
+ return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
445
+ }
446
+
447
+ function get_error_transaction_report()
448
+ {
449
+ global $wpdb;
450
+ return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
451
+ }
452
+
453
+ function update_transaction_table($where,$update)
454
+ {
455
+ global $wpdb;
456
+
457
+ $sql = "UPDATE ".$this->transactionTable." SET ";
458
+ $i = 0;
459
+ foreach($update as $key=>$value)
460
+ {
461
+ if($i%2!=0)
462
+ $sql .= ' , ';
463
+ $sql .= $key."='".$value."'";
464
+ $i++;
465
+ }
466
+ $sql .= " WHERE ";
467
+ $i = 0;
468
+ foreach($where as $key=>$value)
469
+ {
470
+ if($i%2!=0)
471
+ $sql .= ' AND ';
472
+ $sql .= $key."='".$value."'";
473
+ $i++;
474
+ }
475
+
476
+ $wpdb->query($sql);
477
+ return;
478
+ }
479
+
480
+ function get_count_of_attacks_blocked(){
481
+ global $wpdb;
482
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
483
+ }
484
+
485
+ function get_failed_transaction_count($ipAddress)
486
+ {
487
+ global $wpdb;
488
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
489
+ AND status = '".MoWpnsConstants::FAILED."'" );
490
+ }
491
+
492
+ function delete_transaction($ipAddress)
493
+ {
494
+ global $wpdb;
495
+ $wpdb->query(
496
+ "DELETE FROM ".$this->transactionTable."
497
+ WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
498
+ );
499
+ return;
500
+ }
501
+
502
+ function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
503
+ global $wpdb;
504
+ $wpdb->insert(
505
+ $this->malwarereportTable,
506
+ array(
507
+ 'scan_mode' => $scan_type,
508
+ 'scanned_folders' => $folderNames,
509
+ 'scanned_files' => 0,
510
+ 'start_timestamp' => $start_timestamp,
511
+ 'malware_count' => 0,
512
+ 'repo_issues' => $repo_check_status_code,
513
+ 'malicious_links' => 0
514
+ )
515
+ );
516
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
517
+ if($result){
518
+ $record = $result[0];
519
+ return $record->id;
520
+ }
521
+ }
522
+
523
+ function mo2f_update_net_issue($reportid){
524
+ global $wpdb;
525
+ $wpdb->update(
526
+ $this->malwarereportTable,
527
+ array(
528
+ 'net_connection' => 1
529
+ ),
530
+ array(
531
+ 'id' => $reportid
532
+ )
533
+ );
534
+ }
535
+
536
+ function mo2f_update_repo_issue($reportid, $issue){
537
+ global $wpdb;
538
+ $wpdb->update(
539
+ $this->malwarereportTable,
540
+ array(
541
+ 'repo_key' => $issue
542
+ ),
543
+ array(
544
+ 'id' => $reportid
545
+ )
546
+ );
547
+ }
548
+
549
+ function add_report_details($reportid, $filename, $report){
550
+ global $wpdb;
551
+ $wpdb->insert(
552
+ $this->scanreportdetails,
553
+ array(
554
+ 'report_id' => $reportid,
555
+ 'filename' => $filename,
556
+ 'report' => serialize($report),
557
+ 'created_timestamp' => current_time('timestamp')
558
+ )
559
+ );
560
+ }
561
+
562
+ function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
563
+ global $wpdb;
564
+ $wpdb->query(
565
+ "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
566
+ );
567
+ }
568
+
569
+ function count_files(){
570
+ global $wpdb;
571
+ $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
572
+ return $sql[0]->scan_count;
573
+ }
574
+
575
+ function count_malicious_files(){
576
+ global $wpdb;
577
+ $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
578
+ return $sql[0]->total_mal;
579
+ }
580
+
581
+ function count_files_last_scan($reportid){
582
+ global $wpdb;
583
+ $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
584
+ return $sql[0]->scanned_files;
585
+ }
586
+
587
+ function count_malicious_last_scan($reportid){
588
+ global $wpdb;
589
+ $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
590
+ return $sql[0]->mal_file;
591
+ }
592
+
593
+ function check_hash($hash_of_file){
594
+ global $wpdb;
595
+ $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
596
+ $result=$wpdb->get_results( $sql );
597
+ return $result;
598
+ }
599
+
600
+ function insert_hash($source_file_path,$hash_of_file, $scan_data){
601
+ global $wpdb;
602
+ $source_file_path = addslashes($source_file_path);
603
+ $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
604
+ $res=$wpdb->query( $query );
605
+ }
606
+
607
+ function update_hash($source_file_path, $hash_of_file, $scan_data){
608
+ global $wpdb;
609
+ $source_file_path = addslashes($source_file_path);
610
+ $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
611
+ $res=$wpdb->query( $query );
612
+ }
613
+
614
+ function delete_hash($source_file_path){
615
+ global $wpdb;
616
+ $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
617
+ $res=$wpdb->query( $query );
618
+ }
619
+
620
+ function get_infected_file($filename){
621
+ global $wpdb;
622
+ $filename = addslashes($filename);
623
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
624
+ return $result;
625
+ }
626
+
627
+ function insert_files_in_parts($file_path_array){
628
+ global $wpdb;
629
+ if(!empty($file_path_array)){
630
+ $size=sizeof($file_path_array);
631
+ $default=0;
632
+ $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
633
+ for ($i=1; $i <= $size ; $i++) {
634
+ $value= $file_path_array[$i];
635
+ $file_path = $value['file'];
636
+ $file_path = addslashes($file_path);
637
+ $hash_value= md5($file_path);
638
+ $repo_key = $value['key'];
639
+ $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
640
+ if($i < $size){
641
+ $query.= ",";
642
+ }
643
+ }
644
+ $query.=";";
645
+ $res=$wpdb->query( $query );
646
+ }
647
+ }
648
+
649
+ function update_files_scan($file_path_array, $file_count){
650
+ global $wpdb;
651
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
652
+ for ($i=0; $i < $file_count ; $i++) {
653
+ $value= $file_path_array[$i]->path;
654
+ $value = addslashes($value);
655
+ $value = md5($value);
656
+ $query.= "('".$value."', 1)";
657
+ if($i < $file_count-1){
658
+ $query.= ",";
659
+ }
660
+ }
661
+ $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
662
+ $res=$wpdb->query( $query );
663
+ }
664
+
665
+ function update_files_scan_ext_link($file_path_array, $file_count){
666
+ global $wpdb;
667
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
668
+ for ($i=0; $i < $file_count ; $i++) {
669
+ $value= $file_path_array[$i]->path;
670
+ $value = addslashes($value);
671
+ $value = md5($value);
672
+ $query.= "('".$value."', 1)";
673
+ if($i < $file_count-1){
674
+ $query.= ",";
675
+ }
676
+ }
677
+ $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
678
+ $res=$wpdb->query( $query );
679
+ }
680
+
681
+ function update_files_scan_repo($file_path_array, $file_count){
682
+ global $wpdb;
683
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
684
+ for ($i=0; $i < $file_count ; $i++) {
685
+ $value= $file_path_array[$i]->path;
686
+ $value = addslashes($value);
687
+ $value = md5($value);
688
+ $query.= "('".$value."', 1)";
689
+ if($i < $file_count-1){
690
+ $query.= ",";
691
+ }
692
+ }
693
+ $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
694
+ $res=$wpdb->query( $query );
695
+ }
696
+
697
+ function get_files_in_parts(){
698
+ global $wpdb;
699
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
700
+ $result=$wpdb->get_results($sql);
701
+ return $result;
702
+ }
703
+
704
+ function get_files_for_link(){
705
+ global $wpdb;
706
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
707
+ $result=$wpdb->get_results($sql);
708
+ return $result;
709
+ }
710
+
711
+ function get_files_for_repo($repo_key){
712
+ global $wpdb;
713
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
714
+ $result=$wpdb->get_results($sql);
715
+ return $result;
716
+ }
717
+
718
+ function delete_files_parts(){
719
+ global $wpdb;
720
+ $sql= "TRUNCATE TABLE ".$this->filescan.";";
721
+ $res=$wpdb->query($sql);
722
+ }
723
+
724
+ function get_last_id(){
725
+ global $wpdb;
726
+ $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
727
+ return $result;
728
+ }
729
+
730
+ function get_report_with_id($reportid){
731
+ global $wpdb;
732
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
733
+ return $result;
734
+ }
735
+
736
+ function delete_report($reportid){
737
+ global $wpdb;
738
+ $wpdb->query(
739
+ "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
740
+ );
741
+ $warning_count=0;
742
+ $malware_count=0;
743
+ $last_id=$this->get_last_id();
744
+ $send_id=$last_id[0]->max;
745
+ if(!is_null($send_id)){
746
+ $res = $this->get_report_with_id($send_id);
747
+ $record = $res[0];
748
+ if($record->malware_count >= 0){
749
+ $malware_count = $record->malware_count;
750
+ }
751
+ if($record->repo_issues < 0){
752
+ $warning_count = $record->malicious_links;
753
+ }else{
754
+ $warning_count = $record->repo_issues + $record->malicious_links;
755
+ }
756
+ }
757
+
758
+ update_option('mo_wpns_infected_files', $malware_count);
759
+ update_option('mo_wpns_warning_files', $warning_count);
760
+
761
+ }
762
+
763
+ function get_report(){
764
+ global $wpdb;
765
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
766
+ return $result;
767
+ }
768
+
769
+ function get_vulnerable_files_count_for_reportid($reportid){
770
+ global $wpdb;
771
+ $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
772
+ return $result;
773
+ }
774
+
775
+ function ignorefile($filename){
776
+ $signature = md5_file($filename);
777
+ global $wpdb;
778
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
779
+ if($result){
780
+ $wpdb->query(
781
+ "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
782
+ );
783
+ } else {
784
+ $wpdb->insert(
785
+ $this->skipfiles,
786
+ array(
787
+ 'path' => $filename,
788
+ 'signature' => $signature,
789
+ 'created_timestamp' => current_time('timestamp')
790
+ )
791
+ );
792
+ }
793
+ }
794
+
795
+ function ignorechangedfile($recordId){
796
+ global $wpdb;
797
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
798
+ if($result){
799
+ $record = $result[0];
800
+ $signature = md5_file($record->path);
801
+ $wpdb->query(
802
+ "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
803
+ );
804
+ }
805
+ }
806
+
807
+ function getlistofignorefiles(){
808
+ global $wpdb;
809
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
810
+ return $result;
811
+ }
812
+
813
+ function get_detail_report_with_id($reportid){
814
+ global $wpdb;
815
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
816
+ return $result;
817
+ }
818
+
819
+ function mo_wpns_upgrade_process_complete(){
820
+ $current_db_version = get_option('mo_wpns_dbversion');
821
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
822
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
823
+ $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
824
+ if(empty($row)){
825
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
826
+ if($result){
827
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
828
+ foreach ($report_ids as $key => $value) {
829
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
830
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
831
+ $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
832
+ }
833
+ }
834
+ }
835
+ $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
836
+ if(empty($rowhash)){
837
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
838
+ }
839
+ }
840
+ }
841
+
842
+ function mo_wpns_get_scan_count($result){
843
+ $scan_count = 0;
844
+ $repo_count = 0;
845
+ $link_count = 0;
846
+ $total = 0;
847
+ foreach ($result as $key => $value) {
848
+ $total+=1;
849
+ $temp = unserialize($result[$key]->report);
850
+ if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
851
+ $scan_count++;
852
+ $repo_count++;
853
+ $link_count++;
854
+ }else if(isset($temp['scan'])&&isset($temp['repo'])){
855
+ $scan_count++;
856
+ $repo_count++;
857
+ }else if(isset($temp['scan'])&&isset($temp['extl'])){
858
+ $scan_count++;
859
+ $link_count++;
860
+ }else if(isset($temp['repo'])&&isset($temp['extl'])){
861
+ $repo_count++;
862
+ $link_count++;
863
+ }else if(isset($temp['scan'])){
864
+ $scan_count++;
865
+ }else if(isset($temp['repo'])){
866
+ $repo_count++;
867
+ }else if(isset($temp['extl'])){
868
+ $link_count++;
869
+ }
870
+ }
871
+ return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
872
+ }
873
  }
database/database_functions_2fa.php CHANGED
@@ -1,403 +1,403 @@
1
- <?php
2
-
3
- require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
4
-
5
- class Mo2fDB {
6
- private $userDetailsTable;
7
- private $userLoginInfoTable;
8
-
9
- function __construct() {
10
- global $wpdb;
11
- $this->userDetailsTable = $wpdb->prefix . 'mo2f_user_details';
12
- $this->userLoginInfoTable = $wpdb->prefix . 'mo2f_user_login_info';
13
- }
14
-
15
- function mo_plugin_activate() {
16
- global $wpdb;
17
- if ( ! get_option( 'mo2f_dbversion' ) ) {
18
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
19
- $this->generate_tables();
20
- } else {
21
- $current_db_version = get_option( 'mo2f_dbversion' );
22
- if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
23
-
24
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
25
- $this->generate_tables();
26
- }
27
- //update the tables based on DB_VERSION.
28
- }
29
- }
30
-
31
- function generate_tables() {
32
- global $wpdb;
33
-
34
- $tableName = $this->userDetailsTable;
35
-
36
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
37
-
38
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
39
- `user_id` bigint NOT NULL,
40
- `mo2f_OTPOverSMS_config_status` tinyint,
41
- `mo2f_miniOrangePushNotification_config_status` tinyint,
42
- `mo2f_miniOrangeQRCodeAuthentication_config_status` tinyint,
43
- `mo2f_miniOrangeSoftToken_config_status` tinyint,
44
- `mo2f_AuthyAuthenticator_config_status` tinyint,
45
- `mo2f_EmailVerification_config_status` tinyint,
46
- `mo2f_SecurityQuestions_config_status` tinyint,
47
- `mo2f_GoogleAuthenticator_config_status` tinyint,
48
- `mo2f_OTPOverEmail_config_status` tinyint,
49
- `mo2f_OTPOverTelegram_config_status` tinyint,
50
- `mo2f_OTPOverWhatsapp_config_status` tinyint,
51
- `mo2f_DuoAuthenticator_config_status` tinyint,
52
- `mobile_registration_status` tinyint,
53
- `mo2f_2factor_enable_2fa_byusers` tinyint DEFAULT 1,
54
- `mo2f_configured_2FA_method` mediumtext NOT NULL ,
55
- `mo2f_user_phone` mediumtext NOT NULL ,
56
- `mo2f_user_email` mediumtext NOT NULL,
57
- `user_registration_with_miniorange` mediumtext NOT NULL,
58
- `mo_2factor_user_registration_status` mediumtext NOT NULL,
59
- UNIQUE KEY user_id (user_id) );";
60
-
61
- dbDelta( $sql );
62
- }
63
- add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
64
- add_site_option( 'bGltaXRSZWFjaGVk' ,0);
65
- add_site_option( base64_encode('totalUsersCloud'),0);
66
- add_site_option(base64_encode('remainingWhatsapptransactions'),30);
67
-
68
-
69
-
70
-
71
- $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
72
- $check_if_column_exists_tel = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverTelegram_config_status" );
73
- $check_if_column_exists_duo = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_DuoAuthenticator_config_status" );
74
-
75
- if ( ! $check_if_column_exists ) {
76
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo2f_OTPOverEmail_config_status` tinyint";
77
- $this->execute_add_column( $query );
78
-
79
- }
80
- if(!$check_if_column_exists_tel)
81
- {
82
- $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
83
- `mo2f_OTPOverTelegram_config_status` tinyint,
84
- `mo2f_OTPOverWhatsapp_config_status` tinyint);";
85
- $this->execute_add_column( $query );
86
- }
87
- if(!$check_if_column_exists_duo)
88
- {
89
- $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
90
- `mo2f_DuoAuthenticator_config_status` tinyint);";
91
- $this->execute_add_column( $query );
92
- }
93
-
94
-
95
- $tableName = $this->userLoginInfoTable;
96
-
97
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
98
-
99
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
100
- `session_id` mediumtext NOT NULL,
101
- `mo2f_login_message` mediumtext NOT NULL ,
102
- `mo2f_current_user_id` tinyint NOT NULL ,
103
- `mo2f_1stfactor_status` mediumtext NOT NULL ,
104
- `mo_2factor_login_status` mediumtext NOT NULL ,
105
- `mo2f_transactionId` mediumtext NOT NULL ,
106
- `mo_2_factor_kba_questions` longtext NOT NULL ,
107
- `mo2f_rba_status` longtext NOT NULL ,
108
- `secret_ga` mediumtext NOT NULL,
109
- `ga_qrCode` mediumtext NOT NULL,
110
- `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
111
- PRIMARY KEY (`session_id`(100)));";
112
-
113
- dbDelta( $sql );
114
- }
115
-
116
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
117
-
118
- if ( ! $check_if_column_exists ) {
119
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
120
- $this->execute_add_column( $query );
121
-
122
- }
123
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "secret_ga" );
124
-
125
- if ( ! $check_if_column_exists ) {
126
- $query = "ALTER TABLE `$tableName` ADD COLUMN `secret_ga` mediumtext NOT NULL";
127
- $this->execute_add_column( $query );
128
-
129
- }
130
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "ga_qrCode" );
131
-
132
- if ( ! $check_if_column_exists ) {
133
- $query = "ALTER TABLE `$tableName` ADD COLUMN `ga_qrCode` mediumtext NOT NULL";
134
- $this->execute_add_column( $query );
135
-
136
- }
137
-
138
- }
139
- function get_current_user_email($id)
140
- {
141
- global $wpdb;
142
- $sql = 'select user_email from wp_users where ID='.$id.';';
143
- return $wpdb->get_var($sql);
144
- }
145
- function database_table_issue(){
146
-
147
- global $wpdb;
148
- $tableName = $this->userLoginInfoTable;
149
-
150
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
151
-
152
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
153
- `session_id` mediumtext NOT NULL,
154
- `mo2f_login_message` mediumtext NOT NULL ,
155
- `mo2f_current_user_id` tinyint NOT NULL ,
156
- `mo2f_1stfactor_status` mediumtext NOT NULL ,
157
- `mo_2factor_login_status` mediumtext NOT NULL ,
158
- `mo2f_transactionId` mediumtext NOT NULL ,
159
- `mo_2_factor_kba_questions` longtext NOT NULL ,
160
- `mo2f_rba_status` longtext NOT NULL ,
161
- `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
162
- PRIMARY KEY (`session_id`(100)));";
163
- dbDelta( $sql );
164
- }
165
-
166
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
167
-
168
- if ( ! $check_if_column_exists ) {
169
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
170
- $this->execute_add_column( $query );
171
-
172
- }
173
-
174
- }
175
-
176
-
177
- function insert_user( $user_id ) {
178
- global $wpdb;
179
- $sql = "INSERT INTO $this->userDetailsTable (user_id) VALUES($user_id) ON DUPLICATE KEY UPDATE user_id=$user_id";
180
- $wpdb->query( $sql );
181
- }
182
-
183
- function drop_table( $table_name ) {
184
- global $wpdb;
185
- $sql = "DROP TABLE $table_name";
186
- $wpdb->query( $sql );
187
- }
188
-
189
-
190
- function get_user_detail( $column_name, $user_id ) {
191
- global $wpdb;
192
- $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userDetailsTable . " WHERE user_id = " . $user_id . ";" );
193
- $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
194
-
195
- return $value == '' ? '' : $value[ $column_name ];
196
- }
197
-
198
- function delete_user_details( $user_id ) {
199
- global $wpdb;
200
- $wpdb->query(
201
- "DELETE FROM " . $this->userDetailsTable . "
202
- WHERE user_id = " . $user_id
203
- );
204
-
205
- return;
206
- }
207
- function get_no_of_2fa_users() {
208
- global $wpdb;
209
- $count=$wpdb->query(
210
- "SELECT * FROM ". $this->userDetailsTable
211
- );
212
- return $count;
213
- }
214
-
215
- function get_all_user_2fa_methods() {
216
- global $wpdb;
217
- $all_methods = [];
218
- $methods=$wpdb->get_results(
219
- "SELECT `mo2f_configured_2FA_method` FROM ". $this->userDetailsTable,ARRAY_A
220
- );
221
- foreach($methods as $method){
222
- array_push($all_methods,$method['mo2f_configured_2FA_method']);
223
- }
224
- return implode(',',$all_methods);
225
- }
226
-
227
- function check_if_table_exists( ) {
228
- global $wpdb;
229
- $does_table_exist= $wpdb->query(
230
- "SHOW TABLES LIKE '" . $this->userDetailsTable . "';"
231
- );
232
-
233
- return $does_table_exist;
234
- }
235
-
236
- function check_if_user_column_exists($user_id){
237
- global $wpdb;
238
- $value = $wpdb->query(
239
- "SELECT * FROM " . $this->userDetailsTable . "
240
- WHERE user_id = " . $user_id
241
- );
242
-
243
- return $value;
244
-
245
- }
246
-
247
- function check_if_column_exists( $table_type, $column_name ){
248
-
249
- if($table_type == "user_login_info_table")
250
- $table = $this->userLoginInfoTable;
251
- else if($table_type == "mo2f_user_details")
252
- $table = $this->userDetailsTable;
253
- global $wpdb;
254
- $sql="SHOW COLUMNS FROM " . $table . "
255
- LIKE '" . $column_name . "'";
256
- $value = $wpdb->query($sql);
257
-
258
- return $value;
259
-
260
- }
261
-
262
- function update_user_details( $user_id, $update ) {
263
- global $wpdb;
264
- $count = count( $update );
265
- $sql = "UPDATE " . $this->userDetailsTable . " SET ";
266
- $i = 1;
267
- foreach ( $update as $key => $value ) {
268
-
269
- $sql .= $key . "='" . $value . "'";
270
- if ( $i < $count ) {
271
- $sql .= ' , ';
272
- }
273
- $i ++;
274
- }
275
- $sql .= " WHERE user_id=" . $user_id . ";";
276
- $wpdb->query( $sql );
277
-
278
- return;
279
-
280
- }
281
-
282
- function insert_user_login_session( $session_id ) {
283
- global $wpdb;
284
- $sql = "INSERT INTO $this->userLoginInfoTable (session_id) VALUES('$session_id') ON DUPLICATE KEY UPDATE session_id='$session_id'";
285
-
286
- $wpdb->query( $sql );
287
- $sql = "DELETE FROM $this->userLoginInfoTable WHERE ts_created < DATE_ADD(NOW(),INTERVAL - 2 MINUTE);";
288
- $wpdb->query( $sql );
289
- }
290
-
291
- function save_user_login_details( $session_id, $user_values ) {
292
- global $wpdb;
293
- $count = count( $user_values );
294
- $sql = "UPDATE " . $this->userLoginInfoTable . " SET ";
295
- $i = 1;
296
- foreach ( $user_values as $key => $value ) {
297
-
298
- $sql .= $key . "='" . $value . "'";
299
- if ( $i < $count ) {
300
- $sql .= ' , ';
301
- }
302
- $i ++;
303
- }
304
- $sql .= " WHERE session_id='" . $session_id . "';";
305
- $wpdb->query( $sql );
306
-
307
- return;
308
-
309
- }
310
-
311
- function execute_add_column ( $query ){
312
- global $wpdb;
313
- $wpdb->query( $query );
314
-
315
- return;
316
- }
317
-
318
- function get_user_login_details( $column_name, $session_id ) {
319
- global $wpdb;
320
- $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userLoginInfoTable . " WHERE session_id = '" . $session_id . "';" );
321
- $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
322
-
323
- return $value == '' ? '' : $value[ $column_name ];
324
- }
325
-
326
- function delete_user_login_sessions($session_id ) {
327
- global $wpdb;
328
- $wpdb->query(
329
- "DELETE FROM " . $this->userLoginInfoTable . "
330
- WHERE session_id='$session_id';"
331
- );
332
-
333
- return;
334
- }
335
- function check_user_limit_exceeded($user_id){
336
-
337
- global $wpdb;
338
- $value = $wpdb->query(
339
- "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
340
- WHERE meta_key = 'currentMethod'"
341
- );
342
-
343
- $user_already_configured = $wpdb->query(
344
- "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
345
- WHERE meta_key = 'currentMethod' and user_id =".$user_id);
346
-
347
- if($value < 3 || $user_already_configured){
348
- return false;
349
- }
350
- else{
351
- return true;
352
- }
353
- }
354
- function check_alluser_limit_exceeded($user_id){
355
-
356
- global $wpdb;
357
- $value = $wpdb->query(
358
- "SELECT * FROM ".$this->userDetailsTable
359
- );
360
- $user_already_configured = $wpdb->query(
361
- "SELECT * FROM ".$this->userDetailsTable ." WHERE user_id =".$user_id );
362
-
363
- if($value < 3 || $user_already_configured){
364
- return false;
365
- }
366
- else{
367
- return true;
368
- }
369
- }
370
-
371
- function get_all_onprem_userids(){
372
-
373
- global $wpdb;
374
- $value = $wpdb->get_results(
375
- "SELECT * FROM ".$wpdb->base_prefix ."usermeta
376
- WHERE meta_key = 'currentMethod'"
377
- );
378
-
379
-
380
- foreach ($value as $row){
381
-
382
- if(isset($row->user_id)){
383
-
384
- $this->insert_user( $row->user_id);
385
-
386
- $this->update_user_details( $row->user_id,
387
- array(
388
- 'mo2f_GoogleAuthenticator_config_status' => get_user_meta($row->user_id,'Google Authenticator',true),
389
- 'mo2f_SecurityQuestions_config_status' => get_user_meta($row->user_id,'Security Questions',true),
390
- 'mo2f_EmailVerification_config_status' => get_user_meta($row->user_id,'Email Verification',true),
391
- 'mo2f_AuthyAuthenticator_config_status' =>0,
392
- 'mo2f_user_email' => get_user_meta($row->user_id,'email',true),
393
- 'mo2f_user_phone' => '',
394
- 'user_registration_with_miniorange' => '',
395
- 'mobile_registration_status' => '',
396
- 'mo2f_configured_2FA_method' => get_user_meta($row->user_id,'currentMethod',true),
397
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
398
- ) );
399
- }
400
- }
401
- }
402
-
403
- }
1
+ <?php
2
+
3
+ require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
4
+
5
+ class Mo2fDB {
6
+ private $userDetailsTable;
7
+ private $userLoginInfoTable;
8
+
9
+ function __construct() {
10
+ global $wpdb;
11
+ $this->userDetailsTable = $wpdb->prefix . 'mo2f_user_details';
12
+ $this->userLoginInfoTable = $wpdb->prefix . 'mo2f_user_login_info';
13
+ }
14
+
15
+ function mo_plugin_activate() {
16
+ global $wpdb;
17
+ if ( ! get_option( 'mo2f_dbversion' ) ) {
18
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
19
+ $this->generate_tables();
20
+ } else {
21
+ $current_db_version = get_option( 'mo2f_dbversion' );
22
+ if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
23
+
24
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
25
+ $this->generate_tables();
26
+ }
27
+ //update the tables based on DB_VERSION.
28
+ }
29
+ }
30
+
31
+ function generate_tables() {
32
+ global $wpdb;
33
+
34
+ $tableName = $this->userDetailsTable;
35
+
36
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
37
+
38
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
39
+ `user_id` bigint NOT NULL,
40
+ `mo2f_OTPOverSMS_config_status` tinyint,
41
+ `mo2f_miniOrangePushNotification_config_status` tinyint,
42
+ `mo2f_miniOrangeQRCodeAuthentication_config_status` tinyint,
43
+ `mo2f_miniOrangeSoftToken_config_status` tinyint,
44
+ `mo2f_AuthyAuthenticator_config_status` tinyint,
45
+ `mo2f_EmailVerification_config_status` tinyint,
46
+ `mo2f_SecurityQuestions_config_status` tinyint,
47
+ `mo2f_GoogleAuthenticator_config_status` tinyint,
48
+ `mo2f_OTPOverEmail_config_status` tinyint,
49
+ `mo2f_OTPOverTelegram_config_status` tinyint,
50
+ `mo2f_OTPOverWhatsapp_config_status` tinyint,
51
+ `mo2f_DuoAuthenticator_config_status` tinyint,
52
+ `mobile_registration_status` tinyint,
53
+ `mo2f_2factor_enable_2fa_byusers` tinyint DEFAULT 1,
54
+ `mo2f_configured_2FA_method` mediumtext NOT NULL ,
55
+ `mo2f_user_phone` mediumtext NOT NULL ,
56
+ `mo2f_user_email` mediumtext NOT NULL,
57
+ `user_registration_with_miniorange` mediumtext NOT NULL,
58
+ `mo_2factor_user_registration_status` mediumtext NOT NULL,
59
+ UNIQUE KEY user_id (user_id) );";
60
+
61
+ dbDelta( $sql );
62
+ }
63
+ add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
64
+ add_site_option( 'bGltaXRSZWFjaGVk' ,0);
65
+ add_site_option( base64_encode('totalUsersCloud'),0);
66
+ add_site_option(base64_encode('remainingWhatsapptransactions'),30);
67
+
68
+
69
+
70
+
71
+ $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
72
+ $check_if_column_exists_tel = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverTelegram_config_status" );
73
+ $check_if_column_exists_duo = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_DuoAuthenticator_config_status" );
74
+
75
+ if ( ! $check_if_column_exists ) {
76
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo2f_OTPOverEmail_config_status` tinyint";
77
+ $this->execute_add_column( $query );
78
+
79
+ }
80
+ if(!$check_if_column_exists_tel)
81
+ {
82
+ $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
83
+ `mo2f_OTPOverTelegram_config_status` tinyint,
84
+ `mo2f_OTPOverWhatsapp_config_status` tinyint);";
85
+ $this->execute_add_column( $query );
86
+ }
87
+ if(!$check_if_column_exists_duo)
88
+ {
89
+ $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
90
+ `mo2f_DuoAuthenticator_config_status` tinyint);";
91
+ $this->execute_add_column( $query );
92
+ }
93
+
94
+
95
+ $tableName = $this->userLoginInfoTable;
96
+
97
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
98
+
99
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
100
+ `session_id` mediumtext NOT NULL,
101
+ `mo2f_login_message` mediumtext NOT NULL ,
102
+ `mo2f_current_user_id` tinyint NOT NULL ,
103
+ `mo2f_1stfactor_status` mediumtext NOT NULL ,
104
+ `mo_2factor_login_status` mediumtext NOT NULL ,
105
+ `mo2f_transactionId` mediumtext NOT NULL ,
106
+ `mo_2_factor_kba_questions` longtext NOT NULL ,
107
+ `mo2f_rba_status` longtext NOT NULL ,
108
+ `secret_ga` mediumtext NOT NULL,
109
+ `ga_qrCode` mediumtext NOT NULL,
110
+ `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
111
+ PRIMARY KEY (`session_id`(100)));";
112
+
113
+ dbDelta( $sql );
114
+ }
115
+
116
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
117
+
118
+ if ( ! $check_if_column_exists ) {
119
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
120
+ $this->execute_add_column( $query );
121
+
122
+ }
123
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "secret_ga" );
124
+
125
+ if ( ! $check_if_column_exists ) {
126
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `secret_ga` mediumtext NOT NULL";
127
+ $this->execute_add_column( $query );
128
+
129
+ }
130
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "ga_qrCode" );
131
+
132
+ if ( ! $check_if_column_exists ) {
133
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `ga_qrCode` mediumtext NOT NULL";
134
+ $this->execute_add_column( $query );
135
+
136
+ }
137
+
138
+ }
139
+ function get_current_user_email($id)
140
+ {
141
+ global $wpdb;
142
+ $sql = 'select user_email from wp_users where ID='.$id.';';
143
+ return $wpdb->get_var($sql);
144
+ }
145
+ function database_table_issue(){
146
+
147
+ global $wpdb;
148
+ $tableName = $this->userLoginInfoTable;
149
+
150
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
151
+
152
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
153
+ `session_id` mediumtext NOT NULL,
154
+ `mo2f_login_message` mediumtext NOT NULL ,
155
+ `mo2f_current_user_id` tinyint NOT NULL ,
156
+ `mo2f_1stfactor_status` mediumtext NOT NULL ,
157
+ `mo_2factor_login_status` mediumtext NOT NULL ,
158
+ `mo2f_transactionId` mediumtext NOT NULL ,
159
+ `mo_2_factor_kba_questions` longtext NOT NULL ,
160
+ `mo2f_rba_status` longtext NOT NULL ,
161
+ `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
162
+ PRIMARY KEY (`session_id`(100)));";
163
+ dbDelta( $sql );
164
+ }
165
+
166
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
167
+
168
+ if ( ! $check_if_column_exists ) {
169
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
170
+ $this->execute_add_column( $query );
171
+
172
+ }
173
+
174
+ }
175
+
176
+
177
+ function insert_user( $user_id ) {
178
+ global $wpdb;
179
+ $sql = "INSERT INTO $this->userDetailsTable (user_id) VALUES($user_id) ON DUPLICATE KEY UPDATE user_id=$user_id";
180
+ $wpdb->query( $sql );
181
+ }
182
+
183
+ function drop_table( $table_name ) {
184
+ global $wpdb;
185
+ $sql = "DROP TABLE $table_name";
186
+ $wpdb->query( $sql );
187
+ }
188
+
189
+
190
+ function get_user_detail( $column_name, $user_id ) {
191
+ global $wpdb;
192
+ $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userDetailsTable . " WHERE user_id = " . $user_id . ";" );
193
+ $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
194
+
195
+ return $value == '' ? '' : $value[ $column_name ];
196
+ }
197
+
198
+ function delete_user_details( $user_id ) {
199
+ global $wpdb;
200
+ $wpdb->query(
201
+ "DELETE FROM " . $this->userDetailsTable . "
202
+ WHERE user_id = " . $user_id
203
+ );
204
+
205
+ return;
206
+ }
207
+ function get_no_of_2fa_users() {
208
+ global $wpdb;
209
+ $count=$wpdb->query(
210
+ "SELECT * FROM ". $this->userDetailsTable
211
+ );
212
+ return $count;
213
+ }
214
+
215
+ function get_all_user_2fa_methods() {
216
+ global $wpdb;
217
+ $all_methods = [];
218
+ $methods=$wpdb->get_results(
219
+ "SELECT `mo2f_configured_2FA_method` FROM ". $this->userDetailsTable,ARRAY_A
220
+ );
221
+ foreach($methods as $method){
222
+ array_push($all_methods,$method['mo2f_configured_2FA_method']);
223
+ }
224
+ return implode(',',$all_methods);
225
+ }
226
+
227
+ function check_if_table_exists( ) {
228
+ global $wpdb;
229
+ $does_table_exist= $wpdb->query(
230
+ "SHOW TABLES LIKE '" . $this->userDetailsTable . "';"
231
+ );
232
+
233
+ return $does_table_exist;
234
+ }
235
+
236
+ function check_if_user_column_exists($user_id){
237
+ global $wpdb;
238
+ $value = $wpdb->query(
239
+ "SELECT * FROM " . $this->userDetailsTable . "
240
+ WHERE user_id = " . $user_id
241
+ );
242
+
243
+ return $value;
244
+
245
+ }
246
+
247
+ function check_if_column_exists( $table_type, $column_name ){
248
+
249
+ if($table_type == "user_login_info_table")
250
+ $table = $this->userLoginInfoTable;
251
+ else if($table_type == "mo2f_user_details")
252
+ $table = $this->userDetailsTable;
253
+ global $wpdb;
254
+ $sql="SHOW COLUMNS FROM " . $table . "
255
+ LIKE '" . $column_name . "'";
256
+ $value = $wpdb->query($sql);
257
+
258
+ return $value;
259
+
260
+ }
261
+
262
+ function update_user_details( $user_id, $update ) {
263
+ global $wpdb;
264
+ $count = count( $update );
265
+ $sql = "UPDATE " . $this->userDetailsTable . " SET ";
266
+ $i = 1;
267
+ foreach ( $update as $key => $value ) {
268
+
269
+ $sql .= $key . "='" . $value . "'";
270
+ if ( $i < $count ) {
271
+ $sql .= ' , ';
272
+ }
273
+ $i ++;
274
+ }
275
+ $sql .= " WHERE user_id=" . $user_id . ";";
276
+ $wpdb->query( $sql );
277
+
278
+ return;
279
+
280
+ }
281
+
282
+ function insert_user_login_session( $session_id ) {
283
+ global $wpdb;
284
+ $sql = "INSERT INTO $this->userLoginInfoTable (session_id) VALUES('$session_id') ON DUPLICATE KEY UPDATE session_id='$session_id'";
285
+
286
+ $wpdb->query( $sql );
287
+ $sql = "DELETE FROM $this->userLoginInfoTable WHERE ts_created < DATE_ADD(NOW(),INTERVAL - 2 MINUTE);";
288
+ $wpdb->query( $sql );
289
+ }
290
+
291
+ function save_user_login_details( $session_id, $user_values ) {
292
+ global $wpdb;
293
+ $count = count( $user_values );
294
+ $sql = "UPDATE " . $this->userLoginInfoTable . " SET ";
295
+ $i = 1;
296
+ foreach ( $user_values as $key => $value ) {
297
+
298
+ $sql .= $key . "='" . $value . "'";
299
+ if ( $i < $count ) {
300
+ $sql .= ' , ';
301
+ }
302
+ $i ++;
303
+ }
304
+ $sql .= " WHERE session_id='" . $session_id . "';";
305
+ $wpdb->query( $sql );
306
+
307
+ return;
308
+
309
+ }
310
+
311
+ function execute_add_column ( $query ){
312
+ global $wpdb;
313
+ $wpdb->query( $query );
314
+
315
+ return;
316
+ }
317
+
318
+ function get_user_login_details( $column_name, $session_id ) {
319
+ global $wpdb;
320
+ $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userLoginInfoTable . " WHERE session_id = '" . $session_id . "';" );
321
+ $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
322
+
323
+ return $value == '' ? '' : $value[ $column_name ];
324
+ }
325
+
326
+ function delete_user_login_sessions($session_id ) {
327
+ global $wpdb;
328
+ $wpdb->query(
329
+ "DELETE FROM " . $this->userLoginInfoTable . "
330
+ WHERE session_id='$session_id';"
331
+ );
332
+
333
+ return;
334
+ }
335
+ function check_user_limit_exceeded($user_id){
336
+
337
+ global $wpdb;
338
+ $value = $wpdb->query(
339
+ "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
340
+ WHERE meta_key = 'currentMethod'"
341
+ );
342
+
343
+ $user_already_configured = $wpdb->query(
344
+ "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
345
+ WHERE meta_key = 'currentMethod' and user_id =".$user_id);
346
+
347
+ if($value < 3 || $user_already_configured){
348
+ return false;
349
+ }
350
+ else{
351
+ return true;
352
+ }
353
+ }
354
+ function check_alluser_limit_exceeded($user_id){
355
+
356
+ global $wpdb;
357
+ $value = $wpdb->query(
358
+ "SELECT * FROM ".$this->userDetailsTable
359
+ );
360
+ $user_already_configured = $wpdb->query(
361
+ "SELECT * FROM ".$this->userDetailsTable ." WHERE user_id =".$user_id );
362
+
363
+ if($value < 3 || $user_already_configured){
364
+ return false;
365
+ }
366
+ else{
367
+ return true;
368
+ }
369
+ }
370
+
371
+ function get_all_onprem_userids(){
372
+
373
+ global $wpdb;
374
+ $value = $wpdb->get_results(
375
+ "SELECT * FROM ".$wpdb->base_prefix ."usermeta
376
+ WHERE meta_key = 'currentMethod'"
377
+ );
378
+
379
+
380
+ foreach ($value as $row){
381
+
382
+ if(isset($row->user_id)){
383
+
384
+ $this->insert_user( $row->user_id);
385
+
386
+ $this->update_user_details( $row->user_id,
387
+ array(
388
+ 'mo2f_GoogleAuthenticator_config_status' => get_user_meta($row->user_id,'Google Authenticator',true),
389
+ 'mo2f_SecurityQuestions_config_status' => get_user_meta($row->user_id,'Security Questions',true),
390
+ 'mo2f_EmailVerification_config_status' => get_user_meta($row->user_id,'Email Verification',true),
391
+ 'mo2f_AuthyAuthenticator_config_status' =>0,
392
+ 'mo2f_user_email' => get_user_meta($row->user_id,'email',true),
393
+ 'mo2f_user_phone' => '',
394
+ 'user_registration_with_miniorange' => '',
395
+ 'mobile_registration_status' => '',
396
+ 'mo2f_configured_2FA_method' => get_user_meta($row->user_id,'currentMethod',true),
397
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
398
+ ) );
399
+ }
400
+ }
401
+ }
402
+
403
+ }
handler/WAF/database/mo-waf-db-common.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
- function retrivefullname($name)
3
- {
4
-
5
- switch ($name) {
6
- case 'XSS':
7
- return 'Cross-site Scripting';
8
- case 'SQL':
9
- return 'SQL injection';
10
- case 'RCE':
11
- return 'Remote Code Execution';
12
- case 'LFI':
13
- return 'Local File Inclusion';
14
- case 'RFI':
15
- return 'Remote File Inclusion';
16
- case 'RLE':
17
- return 'Rate limiting Exceeded';
18
- case 'RLECrawler':
19
- return 'Rate limit Exceeded for crawler';
20
- default:
21
- return $name;
22
-
23
- }
24
-
25
  }
1
+ <?php
2
+ function retrivefullname($name)
3
+ {
4
+
5
+ switch ($name) {
6
+ case 'XSS':
7
+ return 'Cross-site Scripting';
8
+ case 'SQL':
9
+ return 'SQL injection';
10
+ case 'RCE':
11
+ return 'Remote Code Execution';
12
+ case 'LFI':
13
+ return 'Local File Inclusion';
14
+ case 'RFI':
15
+ return 'Remote File Inclusion';
16
+ case 'RLE':
17
+ return 'Rate limiting Exceeded';
18
+ case 'RLECrawler':
19
+ return 'Rate limit Exceeded for crawler';
20
+ default:
21
+ return $name;
22
+
23
+ }
24
+
25
  }
handler/WAF/database/mo-waf-db.php CHANGED
@@ -1,249 +1,249 @@
1
- <?php
2
- global $dbcon,$prefix;
3
- include_once('mo-waf-db-common.php');
4
- function mo_wpns_log_attack($ipaddress,$value1,$value)
5
- {
6
- global $prefix,$dbcon;
7
- $value = htmlspecialchars($value);
8
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
9
- $results = mysqli_query($dbcon,$query);
10
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
11
- $results = mysqli_query($dbcon,$query);
12
- $rows = mysqli_fetch_array($results);
13
- return $rows['count(*)'];
14
- }
15
- function mo_wpns_setting_file()
16
- {
17
- global $prefix,$dbcon;
18
- $dir_name = dirname(__FILE__);
19
- $dir_name1 = explode('wp-content', $dir_name);
20
- $dir_name = $dir_name1[0];
21
- $filepath = str_replace('\\', '/', $dir_name1[0]);
22
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
23
- $missingFile = 0;
24
- if(!file_exists($fileName))
25
- {
26
- $missingFile = 1;
27
- }
28
- if($missingFile==1)
29
- {
30
- $file = fopen($fileName, "a+");
31
- $string = "<?php".PHP_EOL;
32
-
33
- $sqlInjection = mo_wpns_get_option_value("SQLInjection");
34
- $string .= '$SQL='.$sqlInjection.';'.PHP_EOL;
35
-
36
- $XSSAttack = mo_wpns_get_option_value("XSSAttack");
37
- $string .= '$XSS='.$XSSAttack.';'.PHP_EOL;
38
-
39
- $RFIAttack = mo_wpns_get_option_value("RFIAttack");
40
- $string .= '$RFI='.$RFIAttack.';'.PHP_EOL;
41
-
42
- $LFIAttack = mo_wpns_get_option_value("LFIAttack");
43
- $string .= '$LFI='.$LFIAttack.';'.PHP_EOL;
44
-
45
- $RCEAttack = mo_wpns_get_option_value("RCEAttack");
46
- $string .= '$RCE='.$RCEAttack.';'.PHP_EOL;
47
-
48
- $Rate_limiting = mo_wpns_get_option_value("Rate_limiting");
49
- if($Rate_limiting!='')
50
- $string .= '$RateLimiting='.$Rate_limiting.';'.PHP_EOL;
51
- else
52
- $string .= '$RateLimiting=0;'.PHP_EOL;
53
-
54
- $Rate_request = mo_wpns_get_option_value("Rate_request");
55
- if($Rate_request!='')
56
- $string .= '$RequestsPMin='.$Rate_request.';'.PHP_EOL;
57
- else
58
- $string .= '$RequestsPMin=0;'.PHP_EOL;
59
-
60
- $actionRateL = mo_wpns_get_option_value("actionRateL");
61
- if($actionRateL==1)
62
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
63
- else
64
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
65
-
66
- $string .= '?>'.PHP_EOL;
67
- fwrite($file, $string);
68
- fclose($file);
69
-
70
- return $fileName;
71
- }
72
- return "notMissing";
73
- }
74
- function mo_wpns_is_ip_whitelisted($ipaddress)
75
- {
76
- global $dbcon,$prefix;
77
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
78
- $results = mysqli_query($dbcon,$query);
79
- if($results)
80
- {
81
- $row = mysqli_fetch_array($results);
82
- if(is_null($row))
83
- {
84
- return false;
85
- }
86
- else
87
- {
88
- return true;
89
- }
90
- }
91
- return false;
92
- }
93
- function mo_wpns_is_ip_blocked($ipaddress)
94
- {
95
- global $dbcon,$prefix;
96
- $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
97
- $results = mysqli_query($dbcon,$query);
98
- if($results)
99
- {
100
- $row = mysqli_fetch_array($results);
101
- if(is_null($row))
102
- {
103
- return false;
104
- }
105
- else
106
- {
107
- return true;
108
- }
109
- }
110
- return false;
111
- }
112
- function mo_wpns_block_ip($ipaddress,$reason)
113
- {
114
- global $dbcon, $prefix;
115
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','".$reason."',NULL,".time().");";
116
- $results = mysqli_query($dbcon,$query);
117
- }
118
- function mo_wpns_dbconnection()
119
- {
120
- global $dbcon,$prefix;
121
- $dir = dirname(__FILE__);
122
- $dir = str_replace('\\', "/", $dir);
123
- $dir_name = explode('wp-content', $dir);
124
- $file = file_get_contents($dir_name[0].'wp-config.php');
125
- $content = explode("\n", $file);
126
- $len = sizeof($content);
127
- $Ismultisite = 0;
128
- $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
129
-
130
- $prefix = 'wp_';
131
-
132
- for($i=0;$i<$len;$i++)
133
- {
134
-
135
- if(preg_match("/define/", $content[$i]))
136
- {
137
- $cont = explode(",", $content[$i]);
138
- $string = str_replace(array('define(',' ','\''), '', $cont[0]);
139
- switch ($string) {
140
- case "DB_NAME":
141
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
142
- $res = preg_replace('/\s/', '', $res);
143
- $dbD['DB_NAME'] = $res;
144
- break;
145
- case 'DB_USER':
146
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
147
- $res = preg_replace('/\s/', '', $res);
148
- $dbD['DB_USER'] = $res;
149
- break;
150
- case "DB_PASSWORD":
151
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
152
- $res = preg_replace('/\s/', '', $res);
153
- $dbD['DB_PASSWORD'] = $res;
154
- break;
155
- case 'DB_HOST':
156
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
157
- $res = preg_replace('/\s/', '', $res);
158
- $dbD['DB_HOST'] = $res;
159
- break;
160
- case "DB_CHARSET":
161
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
162
- $res = preg_replace('/\s/', '', $res);
163
- $dbD['DB_CHARSET'] = $res;
164
- break;
165
- case 'DB_COLLATE':
166
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
167
- $res = preg_replace('/\s/', '', $res);
168
- $dbD['DB_COLLATE'] = $res;
169
- break;
170
- default:
171
-
172
- break;
173
- }
174
- }
175
- if(preg_match('/\$table_prefix/', $content[$i]))
176
- {
177
- $cont = explode("'", $content[$i]);
178
-
179
- $prefix = $cont['1'];
180
- }
181
- }
182
- $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
183
- if(!$dbcon)
184
- {
185
- echo "database connection error";
186
- exit;
187
- }
188
- $connection = mysqli_select_db($dbcon,$dbD['DB_NAME']);
189
- return $connection;
190
- }
191
- function mo_wpns_get_option_value($option)
192
- {
193
- global $dbcon,$prefix;
194
- $query = 'select option_value from '.$prefix.'options where option_name ="'.$option.'";';
195
- $results = mysqli_query($dbcon,$query);
196
- if($results)
197
- {
198
- $rows = mysqli_fetch_array($results);
199
- if(isset($rows)&&(!is_null($rows['option_value'])))
200
- {
201
- $option_value = intval($rows['option_value']);
202
- return $option_value;
203
- }
204
- }
205
- return '';
206
- }
207
-
208
- function mo_wpns_getRLEattack($ipaddress)
209
- {
210
- global $dbcon,$prefix;
211
- $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' and type = 'RLE' ORDER BY time DESC LIMIT 1;";
212
- $results = mysqli_query($dbcon,$query);
213
- if($results)
214
- {
215
- $results = mysqli_fetch_array($results);
216
- return $results['time'];
217
- }
218
- return 0;
219
- }
220
- function mo_wpns_CheckRate($ipaddress)
221
- {
222
- global $dbcon,$prefix;
223
- $time = 60;
224
- mo_wpns_clearRate($time);
225
- mo_wpns_insertRate($ipaddress);
226
- $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
227
- $results = mysqli_query($dbcon,$query);
228
-
229
- if($results)
230
- {
231
- $row = mysqli_fetch_array($results);
232
- return $row['count(*)'];
233
- }
234
- return 0;
235
- }
236
- function mo_wpns_clearRate($time)
237
- {
238
- global $dbcon,$prefix;
239
- $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
240
- $results = mysqli_query($dbcon,$query);
241
- }
242
- function mo_wpns_insertRate($ipaddress)
243
- {
244
- global $dbcon,$prefix;
245
- $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
- $results = mysqli_query($dbcon,$query);
247
- }
248
-
249
  ?>
1
+ <?php
2
+ global $dbcon,$prefix;
3
+ include_once('mo-waf-db-common.php');
4
+ function mo_wpns_log_attack($ipaddress,$value1,$value)
5
+ {
6
+ global $prefix,$dbcon;
7
+ $value = htmlspecialchars($value);
8
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
9
+ $results = mysqli_query($dbcon,$query);
10
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
11
+ $results = mysqli_query($dbcon,$query);
12
+ $rows = mysqli_fetch_array($results);
13
+ return $rows['count(*)'];
14
+ }
15
+ function mo_wpns_setting_file()
16
+ {
17
+ global $prefix,$dbcon;
18
+ $dir_name = dirname(__FILE__);
19
+ $dir_name1 = explode('wp-content', $dir_name);
20
+ $dir_name = $dir_name1[0];
21
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
22
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
23
+ $missingFile = 0;
24
+ if(!file_exists($fileName))
25
+ {
26
+ $missingFile = 1;
27
+ }
28
+ if($missingFile==1)
29
+ {
30
+ $file = fopen($fileName, "a+");
31
+ $string = "<?php".PHP_EOL;
32
+
33
+ $sqlInjection = mo_wpns_get_option_value("SQLInjection");
34
+ $string .= '$SQL='.$sqlInjection.';'.PHP_EOL;
35
+
36
+ $XSSAttack = mo_wpns_get_option_value("XSSAttack");
37
+ $string .= '$XSS='.$XSSAttack.';'.PHP_EOL;
38
+
39
+ $RFIAttack = mo_wpns_get_option_value("RFIAttack");
40
+ $string .= '$RFI='.$RFIAttack.';'.PHP_EOL;
41
+
42
+ $LFIAttack = mo_wpns_get_option_value("LFIAttack");
43
+ $string .= '$LFI='.$LFIAttack.';'.PHP_EOL;
44
+
45
+ $RCEAttack = mo_wpns_get_option_value("RCEAttack");
46
+ $string .= '$RCE='.$RCEAttack.';'.PHP_EOL;
47
+
48
+ $Rate_limiting = mo_wpns_get_option_value("Rate_limiting");
49
+ if($Rate_limiting!='')
50
+ $string .= '$RateLimiting='.$Rate_limiting.';'.PHP_EOL;
51
+ else
52
+ $string .= '$RateLimiting=0;'.PHP_EOL;
53
+
54
+ $Rate_request = mo_wpns_get_option_value("Rate_request");
55
+ if($Rate_request!='')
56
+ $string .= '$RequestsPMin='.$Rate_request.';'.PHP_EOL;
57
+ else
58
+ $string .= '$RequestsPMin=0;'.PHP_EOL;
59
+
60
+ $actionRateL = mo_wpns_get_option_value("actionRateL");
61
+ if($actionRateL==1)
62
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
63
+ else
64
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
65
+
66
+ $string .= '?>'.PHP_EOL;
67
+ fwrite($file, $string);
68
+ fclose($file);
69
+
70
+ return $fileName;
71
+ }
72
+ return "notMissing";
73
+ }
74
+ function mo_wpns_is_ip_whitelisted($ipaddress)
75
+ {
76
+ global $dbcon,$prefix;
77
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
78
+ $results = mysqli_query($dbcon,$query);
79
+ if($results)
80
+ {
81
+ $row = mysqli_fetch_array($results);
82
+ if(is_null($row))
83
+ {
84
+ return false;
85
+ }
86
+ else
87
+ {
88
+ return true;
89
+ }
90
+ }
91
+ return false;
92
+ }
93
+ function mo_wpns_is_ip_blocked($ipaddress)
94
+ {
95
+ global $dbcon,$prefix;
96
+ $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
97
+ $results = mysqli_query($dbcon,$query);
98
+ if($results)
99
+ {
100
+ $row = mysqli_fetch_array($results);
101
+ if(is_null($row))
102
+ {
103
+ return false;
104
+ }
105
+ else
106
+ {
107
+ return true;
108
+ }
109
+ }
110
+ return false;
111
+ }
112
+ function mo_wpns_block_ip($ipaddress,$reason)
113
+ {
114
+ global $dbcon, $prefix;
115
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','".$reason."',NULL,".time().");";
116
+ $results = mysqli_query($dbcon,$query);
117
+ }
118
+ function mo_wpns_dbconnection()
119
+ {
120
+ global $dbcon,$prefix;
121
+ $dir = dirname(__FILE__);
122
+ $dir = str_replace('\\', "/", $dir);
123
+ $dir_name = explode('wp-content', $dir);
124
+ $file = file_get_contents($dir_name[0].'wp-config.php');
125
+ $content = explode("\n", $file);
126
+ $len = sizeof($content);
127
+ $Ismultisite = 0;
128
+ $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
129
+
130
+ $prefix = 'wp_';
131
+
132
+ for($i=0;$i<$len;$i++)
133
+ {
134
+
135
+ if(preg_match("/define/", $content[$i]))
136
+ {
137
+ $cont = explode(",", $content[$i]);
138
+ $string = str_replace(array('define(',' ','\''), '', $cont[0]);
139
+ switch ($string) {
140
+ case "DB_NAME":
141
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
142
+ $res = preg_replace('/\s/', '', $res);
143
+ $dbD['DB_NAME'] = $res;
144
+ break;
145
+ case 'DB_USER':
146
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
147
+ $res = preg_replace('/\s/', '', $res);
148
+ $dbD['DB_USER'] = $res;
149
+ break;
150
+ case "DB_PASSWORD":
151
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
152
+ $res = preg_replace('/\s/', '', $res);
153
+ $dbD['DB_PASSWORD'] = $res;
154
+ break;
155
+ case 'DB_HOST':
156
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
157
+ $res = preg_replace('/\s/', '', $res);
158
+ $dbD['DB_HOST'] = $res;
159
+ break;
160
+ case "DB_CHARSET":
161
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
162
+ $res = preg_replace('/\s/', '', $res);
163
+ $dbD['DB_CHARSET'] = $res;
164
+ break;
165
+ case 'DB_COLLATE':
166
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
167
+ $res = preg_replace('/\s/', '', $res);
168
+ $dbD['DB_COLLATE'] = $res;
169
+ break;
170
+ default:
171
+
172
+ break;
173
+ }
174
+ }
175
+ if(preg_match('/\$table_prefix/', $content[$i]))
176
+ {
177
+ $cont = explode("'", $content[$i]);
178
+
179
+ $prefix = $cont['1'];
180
+ }
181
+ }
182
+ $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
183
+ if(!$dbcon)
184
+ {
185
+ echo "database connection error";
186
+ exit;
187
+ }
188
+ $connection = mysqli_select_db($dbcon,$dbD['DB_NAME']);
189
+ return $connection;
190
+ }
191
+ function mo_wpns_get_option_value($option)
192
+ {
193
+ global $dbcon,$prefix;
194
+ $query = 'select option_value from '.$prefix.'options where option_name ="'.$option.'";';
195
+ $results = mysqli_query($dbcon,$query);
196
+ if($results)
197
+ {
198
+ $rows = mysqli_fetch_array($results);
199
+ if(isset($rows)&&(!is_null($rows['option_value'])))
200
+ {
201
+ $option_value = intval($rows['option_value']);
202
+ return $option_value;
203
+ }
204
+ }
205
+ return '';
206
+ }
207
+
208
+ function mo_wpns_getRLEattack($ipaddress)
209
+ {
210
+ global $dbcon,$prefix;
211
+ $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' and type = 'RLE' ORDER BY time DESC LIMIT 1;";
212
+ $results = mysqli_query($dbcon,$query);
213
+ if($results)
214
+ {
215
+ $results = mysqli_fetch_array($results);
216
+ return $results['time'];
217
+ }
218
+ return 0;
219
+ }
220
+ function mo_wpns_CheckRate($ipaddress)
221
+ {
222
+ global $dbcon,$prefix;
223
+ $time = 60;
224
+ mo_wpns_clearRate($time);
225
+ mo_wpns_insertRate($ipaddress);
226
+ $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
227
+ $results = mysqli_query($dbcon,$query);
228
+
229
+ if($results)
230
+ {
231
+ $row = mysqli_fetch_array($results);
232
+ return $row['count(*)'];
233
+ }
234
+ return 0;
235
+ }
236
+ function mo_wpns_clearRate($time)
237
+ {
238
+ global $dbcon,$prefix;
239
+ $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
240
+ $results = mysqli_query($dbcon,$query);
241
+ }
242
+ function mo_wpns_insertRate($ipaddress)
243
+ {
244
+ global $dbcon,$prefix;
245
+ $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
+ $results = mysqli_query($dbcon,$query);
247
+ }
248
+
249
  ?>
handler/WAF/database/mo-waf-plugin-db.php CHANGED
@@ -1,91 +1,91 @@
1
- <?php
2
-
3
- include_once('mo-waf-db-common.php');
4
- function mo_wpns_setting_file()
5
- {
6
- global $prefix,$dbcon;
7
- $dir_name = dirname(__FILE__);
8
- $dir_name1 = explode('wp-content', $dir_name);
9
- $dir_name = $dir_name1[0];
10
- $filepath = str_replace('\\', '/', $dir_name1[0]);
11
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
- $missingFile = 0;
13
- if(!file_exists($fileName))
14
- {
15
- $missingFile = 1;
16
- }
17
- if($missingFile==1)
18
- {
19
- $file = fopen($fileName, "a+");
20
- $string = "<?php".PHP_EOL;
21
- $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
- $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
- $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
- $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
- $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
- $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
- $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
-
29
- if(get_option('actionRateL') == 0)
30
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
- else
32
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
-
34
- $string .= '?>'.PHP_EOL;
35
- fwrite($file, $string);
36
- fclose($file);
37
- return $fileName;
38
- }
39
- return "notMissing";
40
-
41
- }
42
-
43
- function mo_wpns_getRLEAttack($ipaddress)
44
- {
45
- global $wpdb;
46
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
- $results = $wpdb->get_results($query);
48
- return $results[0]->time;
49
- }
50
- function mo_wpns_log_attack($ipaddress,$value1,$value)
51
- {
52
- global $wpdb;
53
- $value = htmlspecialchars($value);
54
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
- $results = $wpdb->get_results($query);
56
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
- $results = $wpdb->get_results($query);
58
- return $results[0]->count;
59
- }
60
-
61
-
62
- function mo_wpns_CheckRate($ipaddress)
63
- {
64
- global $wpdb;
65
- $time = 60;
66
- mo_wpns_clearRate($time);
67
- mo_wpns_insertRate($ipaddress);
68
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
- $results = $wpdb->get_results($query);
70
-
71
- if(isset($results[0]->count))
72
- {
73
- return $results[0]->count;
74
- }
75
- return 0;
76
-
77
- }
78
- function mo_wpns_clearRate($time)
79
- {
80
- global $wpdb;
81
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
- $results = $wpdb->get_results($query);
83
- }
84
- function mo_wpns_insertRate($ipaddress)
85
- {
86
- global $wpdb;
87
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
- $results = $wpdb->get_results($query);
89
- }
90
-
91
  ?>
1
+ <?php
2
+
3
+ include_once('mo-waf-db-common.php');
4
+ function mo_wpns_setting_file()
5
+ {
6
+ global $prefix,$dbcon;
7
+ $dir_name = dirname(__FILE__);
8
+ $dir_name1 = explode('wp-content', $dir_name);
9
+ $dir_name = $dir_name1[0];
10
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
11
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
+ $missingFile = 0;
13
+ if(!file_exists($fileName))
14
+ {
15
+ $missingFile = 1;
16
+ }
17
+ if($missingFile==1)
18
+ {
19
+ $file = fopen($fileName, "a+");
20
+ $string = "<?php".PHP_EOL;
21
+ $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
+ $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
+ $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
+ $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
+ $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
+ $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
+ $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
+
29
+ if(get_option('actionRateL') == 0)
30
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
+ else
32
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
+
34
+ $string .= '?>'.PHP_EOL;
35
+ fwrite($file, $string);
36
+ fclose($file);
37
+ return $fileName;
38
+ }
39
+ return "notMissing";
40
+
41
+ }
42
+
43
+ function mo_wpns_getRLEAttack($ipaddress)
44
+ {
45
+ global $wpdb;
46
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
+ $results = $wpdb->get_results($query);
48
+ return $results[0]->time;
49
+ }
50
+ function mo_wpns_log_attack($ipaddress,$value1,$value)
51
+ {
52
+ global $wpdb;
53
+ $value = htmlspecialchars($value);
54
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
+ $results = $wpdb->get_results($query);
56
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
+ $results = $wpdb->get_results($query);
58
+ return $results[0]->count;
59
+ }
60
+
61
+
62
+ function mo_wpns_CheckRate($ipaddress)
63
+ {
64
+ global $wpdb;
65
+ $time = 60;
66
+ mo_wpns_clearRate($time);
67
+ mo_wpns_insertRate($ipaddress);
68
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
+ $results = $wpdb->get_results($query);
70
+
71
+ if(isset($results[0]->count))
72
+ {
73
+ return $results[0]->count;
74
+ }
75
+ return 0;
76
+
77
+ }
78
+ function mo_wpns_clearRate($time)
79
+ {
80
+ global $wpdb;
81
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
+ $results = $wpdb->get_results($query);
83
+ }
84
+ function mo_wpns_insertRate($ipaddress)
85
+ {
86
+ global $wpdb;
87
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
+ $results = $wpdb->get_results($query);
89
+ }
90
+
91
  ?>
handler/WAF/mo-waf-plugin.php CHANGED
@@ -1,212 +1,212 @@
1
- <?php
2
-
3
- $dir = dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $dir = explode('handler', $dir);
6
- $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
- $pluginU = $dir[0].'helper/pluginUtility.php';
8
- $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
- $errorPage = $dir[0].'handler/mo-error.html';
10
- $blockPage = $dir[0].'handler/mo-block.html';
11
-
12
- include_once($wafInclude);
13
- include_once($pluginU);
14
- include_once($wafDB);
15
-
16
-
17
- global $wpdb,$mowpnshandle;
18
- $mowpnshandle = new MoWpnsHandler();
19
- $ipaddress = get_ipaddress();
20
- $ipaddress = sanitize_text_field($ipaddress);
21
- if($mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
22
- {
23
- if(!$mowpnshandle->is_whitelisted($ipaddress))
24
- {
25
- header('HTTP/1.1 403 Forbidden');
26
- include_once($blockPage);
27
- exit;
28
- }
29
- }
30
- $fileName = mo_wpns_setting_file();
31
- if($fileName != "notMissing")
32
- {
33
- include_once($fileName);
34
- }
35
- if(isset($RateLimiting) and $RateLimiting == 1)
36
- {
37
- if(!is_crawler())
38
- {
39
- mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
- }
41
- }
42
- if(isset($RateLimitingCrawler))
43
- {
44
- if($RateLimitingCrawler == 1)
45
- {
46
- if(is_crawler())
47
- {
48
- if(is_fake_googlebot($ipaddress))
49
- {
50
- header('HTTP/1.1 403 Forbidden');
51
- include_once($errorPage);
52
- exit;
53
- }
54
- if($RateLimitingCrawler == '1')
55
- {
56
- mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
- }
58
-
59
- }
60
- }
61
- }
62
- $attack = array();
63
- if(isset($SQL) )
64
- {
65
- if($SQL==1)
66
- array_push($attack,"SQL");
67
- }
68
- if(isset($XSS) )
69
- {
70
- if( $XSS==1)
71
- array_push($attack,"XSS");
72
- }
73
- if(isset($LFI))
74
- {
75
- if($LFI==1)
76
- array_push($attack,"LFI");
77
- }
78
-
79
- $attackC = $attack;
80
- $ParanoiaLevel = 1;
81
- $annomalyS = 0;
82
- $SQLScore = 0;
83
- $XSSScore = 0;
84
- $limitAttack = get_option('limitAttack');
85
-
86
-
87
- foreach ($attackC as $key1 => $value1)
88
- {
89
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
90
- {
91
- if(isset($regex[$value1][$lev]))
92
- { $ooo = 0;
93
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
94
- {
95
- foreach ($_REQUEST as $key => $value) {
96
-
97
- if($regex[$value1][$lev][$i] != "")
98
- {
99
- if(is_string($value))
100
- {
101
- if(preg_match($regex[$value1][$lev][$i], $value))
102
- {
103
-
104
- if($value1 == "SQL")
105
- {
106
- $SQLScore += $score[$value1][$lev][$i];
107
- }
108
- elseif ($value1 == "XSS")
109
- {
110
- $XSSScore += $score[$value1][$lev][$i];
111
- }
112
- else
113
- {
114
- $annomalyS += $score[$value1][$lev][$i];
115
- }
116
-
117
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
118
- {
119
- $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
120
- if($attackCount>$limitAttack)
121
- {
122
- if(!$mowpnshandle->is_whitelisted($ipaddress))
123
- {
124
- if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
125
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
- }
127
- }
128
-
129
- header('HTTP/1.1 403 Forbidden');
130
- include_once($errorPage);
131
- exit;
132
- }
133
- }
134
- }
135
- }
136
- }
137
- }
138
- }
139
- }
140
- }
141
-
142
- function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
- {
144
- global $wpdb,$mowpnshandle;
145
- $rate = mo_wpns_CheckRate($ipaddress);
146
- if($rate>=$reqLimit)
147
- {
148
- $lastAttack = mo_wpns_getRLEAttack($ipaddress)+60;
149
- $current_time = time();
150
- if($lastAttack < $current_time-60)
151
- {
152
- mo_wpns_log_attack($ipaddress,'RLE','RLE');
153
- }
154
- if($action != 'ThrottleIP')
155
- {
156
- if(!$mowpnshandle->is_whitelisted($ipaddress))
157
- {
158
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLE',true);
159
- }
160
- }
161
- header('HTTP/1.1 403 Forbidden');
162
- include_once($errorPage);
163
- exit;
164
- }
165
- }
166
- function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
167
- {
168
- if(file_exists($filename))
169
- {
170
- include($filename);
171
- }
172
- global $wpdb,$mowpnshandle;
173
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
174
- if(isset($RateLimitingCrawler))
175
- {
176
- if($RateLimitingCrawler=='1')
177
- {
178
- if(isset($RequestsPMinCrawler))
179
- {
180
- $reqLimit = $RequestsPMinCrawler;
181
- $rate = mo_wpns_CheckRate($ipaddress);
182
- if($rate>=$reqLimit)
183
- {
184
- $action = $actionRateLCrawler;
185
- $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
- $current_time = time();
187
- if($current_time>$lastAttack && $_SERVER['HTTP_USER_AGENT']!='')
188
- {
189
- mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
- }
191
- if($action != 'ThrottleIP')
192
- {
193
- if(!$mowpnshandle->is_whitelisted($ipaddress))
194
- {
195
- if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
196
- {
197
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLECrawler',true);
198
- }
199
- }
200
- }
201
- header('HTTP/1.1 403 Forbidden');
202
- include_once($errorPage);
203
- exit;
204
- }
205
- }
206
- }
207
- }
208
- }
209
-
210
-
211
-
212
  ?>
1
+ <?php
2
+
3
+ $dir = dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $dir = explode('handler', $dir);
6
+ $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
+ $pluginU = $dir[0].'helper/pluginUtility.php';
8
+ $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
+ $errorPage = $dir[0].'handler/mo-error.html';
10
+ $blockPage = $dir[0].'handler/mo-block.html';
11
+
12
+ include_once($wafInclude);
13
+ include_once($pluginU);
14
+ include_once($wafDB);
15
+
16
+
17
+ global $wpdb,$mowpnshandle;
18
+ $mowpnshandle = new MoWpnsHandler();
19
+ $ipaddress = get_ipaddress();
20
+ $ipaddress = sanitize_text_field($ipaddress);
21
+ if($mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
22
+ {
23
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
24
+ {
25
+ header('HTTP/1.1 403 Forbidden');
26
+ include_once($blockPage);
27
+ exit;
28
+ }
29
+ }
30
+ $fileName = mo_wpns_setting_file();
31
+ if($fileName != "notMissing")
32
+ {
33
+ include_once($fileName);
34
+ }
35
+ if(isset($RateLimiting) and $RateLimiting == 1)
36
+ {
37
+ if(!is_crawler())
38
+ {
39
+ mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
+ }
41
+ }
42
+ if(isset($RateLimitingCrawler))
43
+ {
44
+ if($RateLimitingCrawler == 1)
45
+ {
46
+ if(is_crawler())
47
+ {
48
+ if(is_fake_googlebot($ipaddress))
49
+ {
50
+ header('HTTP/1.1 403 Forbidden');
51
+ include_once($errorPage);
52
+ exit;
53
+ }
54
+ if($RateLimitingCrawler == '1')
55
+ {
56
+ mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
+ }
58
+
59
+ }
60
+ }
61
+ }
62
+ $attack = array();
63
+ if(isset($SQL) )
64
+ {
65
+ if($SQL==1)
66
+ array_push($attack,"SQL");
67
+ }
68
+ if(isset($XSS) )
69
+ {
70
+ if( $XSS==1)
71
+ array_push($attack,"XSS");
72
+ }
73
+ if(isset($LFI))
74
+ {
75
+ if($LFI==1)
76
+ array_push($attack,"LFI");
77
+ }
78
+
79
+ $attackC = $attack;
80
+ $ParanoiaLevel = 1;
81
+ $annomalyS = 0;
82
+ $SQLScore = 0;
83
+ $XSSScore = 0;
84
+ $limitAttack = get_option('limitAttack');
85
+
86
+
87
+ foreach ($attackC as $key1 => $value1)
88
+ {
89
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
90
+ {
91
+ if(isset($regex[$value1][$lev]))
92
+ { $ooo = 0;
93
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
94
+ {
95
+ foreach ($_REQUEST as $key => $value) {
96
+
97
+ if($regex[$value1][$lev][$i] != "")
98
+ {
99
+ if(is_string($value))
100
+ {
101
+ if(preg_match($regex[$value1][$lev][$i], $value))
102
+ {
103
+
104
+ if($value1 == "SQL")
105
+ {
106
+ $SQLScore += $score[$value1][$lev][$i];
107
+ }
108
+ elseif ($value1 == "XSS")
109
+ {
110
+ $XSSScore += $score[$value1][$lev][$i];
111
+ }
112
+ else
113
+ {
114
+ $annomalyS += $score[$value1][$lev][$i];
115
+ }
116
+
117
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
118
+ {
119
+ $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
120
+ if($attackCount>$limitAttack)
121
+ {
122
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
123
+ {
124
+ if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
125
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
+ }
127
+ }
128
+
129
+ header('HTTP/1.1 403 Forbidden');
130
+ include_once($errorPage);
131
+ exit;
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }
137
+ }
138
+ }
139
+ }
140
+ }
141
+
142
+ function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
+ {
144
+ global $wpdb,$mowpnshandle;
145
+ $rate = mo_wpns_CheckRate($ipaddress);
146
+ if($rate>=$reqLimit)
147
+ {
148
+ $lastAttack = mo_wpns_getRLEAttack($ipaddress)+60;
149
+ $current_time = time();
150
+ if($lastAttack < $current_time-60)
151
+ {
152
+ mo_wpns_log_attack($ipaddress,'RLE','RLE');
153
+ }
154
+ if($action != 'ThrottleIP')
155
+ {
156
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
157
+ {
158
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLE',true);
159
+ }
160
+ }
161
+ header('HTTP/1.1 403 Forbidden');
162
+ include_once($errorPage);
163
+ exit;
164
+ }
165
+ }
166
+ function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
167
+ {
168
+ if(file_exists($filename))
169
+ {
170
+ include($filename);
171
+ }
172
+ global $wpdb,$mowpnshandle;
173
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
174
+ if(isset($RateLimitingCrawler))
175
+ {
176
+ if($RateLimitingCrawler=='1')
177
+ {
178
+ if(isset($RequestsPMinCrawler))
179
+ {
180
+ $reqLimit = $RequestsPMinCrawler;
181
+ $rate = mo_wpns_CheckRate($ipaddress);
182
+ if($rate>=$reqLimit)
183
+ {
184
+ $action = $actionRateLCrawler;
185
+ $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
+ $current_time = time();
187
+ if($current_time>$lastAttack && $_SERVER['HTTP_USER_AGENT']!='')
188
+ {
189
+ mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
+ }
191
+ if($action != 'ThrottleIP')
192
+ {
193
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
194
+ {
195
+ if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
196
+ {
197
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLECrawler',true);
198
+ }
199
+ }
200
+ }
201
+ header('HTTP/1.1 403 Forbidden');
202
+ include_once($errorPage);
203
+ exit;
204
+ }
205
+ }
206
+ }
207
+ }
208
+ }
209
+
210
+
211
+
212
  ?>
handler/WAF/mo-waf.php CHANGED
@@ -1,207 +1,207 @@
1
- <?php
2
- $dir = dirname(__FILE__);
3
- $dir = str_replace('\\', "/", $dir);
4
- $dir = explode('WAF', $dir);
5
- $wafInclude = $dir[0].'WAF/waf-include.php';
6
- $wafdb = $dir[0].'WAF/database/mo-waf-db.php';
7
- $errorPage = $dir[0].'mo-error.html';
8
- $blockPage = $dir[0].'mo-block.html';
9
-
10
- include_once($wafInclude);
11
- include_once($wafdb);
12
-
13
- global $dbcon,$prefix;
14
- $connection = mo_wpns_dbconnection();
15
- if($connection)
16
- {
17
- $wafLevel = mo_wpns_get_option_value('WAF');
18
- if($wafLevel=='HtaccessLevel')
19
- {
20
- $ipaddress = get_ipaddress();
21
- if(mo_wpns_is_ip_blocked($ipaddress))
22
- {
23
- if(!mo_wpns_is_ip_whitelisted($ipaddress))
24
- {
25
- header('HTTP/1.1 403 Forbidden');
26
- include_once($blockPage);
27
- exit;
28
- }
29
- }
30
- $fileName = mo_wpns_setting_file();
31
-
32
- if($fileName != 'notMissing')
33
- {
34
- include_once($fileName);
35
- }
36
- if(isset($RateLimiting) && $RateLimiting == 1)
37
- {
38
- if(!is_crawler())
39
- {
40
- if(isset($RequestsPMin) && isset($actionRateL))
41
- mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
42
- }
43
- }
44
- if(isset($RateLimitingCrawler) && $RateLimitingCrawler == 1)
45
- {
46
- if(is_crawler())
47
- {
48
- if(is_fake_googlebot($ipaddress))
49
- {
50
- header('HTTP/1.1 403 Forbidden');
51
- include_once($errorPage);
52
- exit;
53
- }
54
- if($RateLimitingCrawler == '1')
55
- {
56
- mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
- }
58
-
59
- }
60
- }
61
- $attack = array();
62
- if(isset($SQL) && $SQL==1)
63
- {
64
- array_push($attack,"SQL");
65
- }
66
- if(isset($XSS) && $XSS==1)
67
- {
68
- array_push($attack,"XSS");
69
- }
70
- if(isset($LFI) && $LFI==1)
71
- {
72
- array_push($attack,"LFI");
73
- }
74
-
75
- $attackC = $attack;
76
- $ParanoiaLevel = 1;
77
- $annomalyS = 0;
78
- $SQLScore = 0;
79
- $XSSScore = 0;
80
- $limitAttack = mo_wpns_get_option_value("limitAttack");
81
-
82
- foreach ($attackC as $key1 => $value1)
83
- {
84
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
85
- {
86
- if(isset($regex[$value1][$lev]))
87
- { $ooo = 0;
88
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
89
- {
90
- foreach ($_REQUEST as $key => $value) {
91
-
92
- if($regex[$value1][$lev][$i] != "")
93
- {
94
- if(is_string($value))
95
- {
96
- if(preg_match($regex[$value1][$lev][$i], $value))
97
- {
98
-
99
- if($value1 == "SQL")
100
- {
101
- $SQLScore += $score[$value1][$lev][$i];
102
- }
103
- elseif ($value1 == "XSS")
104
- {
105
- $XSSScore += $score[$value1][$lev][$i];
106
- }
107
- else
108
- {
109
- $annomalyS += $score[$value1][$lev][$i];
110
- }
111
-
112
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
113
- {
114
- $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
115
- if($attackCount>$limitAttack)
116
- {
117
- if(!mo_wpns_is_ip_whitelisted($ipaddress))
118
- {
119
- mo_wpns_block_ip($ipaddress,'Attack limit Exceeded'); //Attack Limit Exceed
120
- }
121
- }
122
-
123
- header('HTTP/1.1 403 Forbidden');
124
- include_once($errorPage);
125
- exit;
126
- }
127
- }
128
- }
129
- }
130
- }
131
- }
132
- }
133
- }
134
- }
135
- }
136
- }
137
-
138
-
139
- function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
140
- {
141
- global $dbcon, $prefix;
142
- $rate = mo_wpns_CheckRate($ipaddress);
143
- if($rate>$reqLimit)
144
- {
145
- $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
146
- $current_time = time();
147
- if($current_time > $lastAttack)
148
- {
149
- mo_wpns_log_attack($ipaddress,'RLE','RLE');
150
- }
151
- if($action != 'ThrottleIP')
152
- {
153
- if(!mo_wpns_is_ip_whitelisted($ipaddress))
154
- {
155
- mo_wpns_block_ip($ipaddress,'RLE'); //Rate Limit Exceed
156
- }
157
- }
158
- header('HTTP/1.1 403 Forbidden');
159
- include_once($errorPage);
160
- exit;
161
- }
162
- }
163
-
164
- function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
165
- {
166
- if(file_exists($filename))
167
- {
168
- include($filename);
169
- }
170
- global $dbcon,$prefix;
171
- $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
172
- if(isset($RateLimitingCrawler))
173
- {
174
- if(isset($RateLimitingCrawler) && $RateLimitingCrawler=='1')
175
- {
176
- if(isset($RequestsPMinCrawler) && isset($actionRateLCrawler) )
177
- {
178
- $reqLimit = $RequestsPMinCrawler;
179
- $rate = mo_wpns_CheckRate($ipaddress);
180
- if($rate>=$reqLimit)
181
- {
182
- $action = $actionRateLCrawler;
183
- $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
184
- $current_time = time();
185
- if($current_time>$lastAttack)
186
- {
187
- mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
188
- }
189
- if($action != 'ThrottleIP')
190
- {
191
- if(!mo_wpns_is_ip_whitelisted($ipaddress))
192
- {
193
- mo_wpns_block_ip($ipaddress,'RLECrawler'); //Rate Limit Exceed for Crawler
194
- }
195
- }
196
- header('HTTP/1.1 403 Forbidden');
197
- include_once($errorPage);
198
- exit;
199
- }
200
- }
201
- }
202
- }
203
- }
204
-
205
-
206
- $dbcon->close();
207
  ?>
1
+ <?php
2
+ $dir = dirname(__FILE__);
3
+ $dir = str_replace('\\', "/", $dir);
4
+ $dir = explode('WAF', $dir);
5
+ $wafInclude = $dir[0].'WAF/waf-include.php';
6
+ $wafdb = $dir[0].'WAF/database/mo-waf-db.php';
7
+ $errorPage = $dir[0].'mo-error.html';
8
+ $blockPage = $dir[0].'mo-block.html';
9
+
10
+ include_once($wafInclude);
11
+ include_once($wafdb);
12
+
13
+ global $dbcon,$prefix;
14
+ $connection = mo_wpns_dbconnection();
15
+ if($connection)
16
+ {
17
+ $wafLevel = mo_wpns_get_option_value('WAF');
18
+ if($wafLevel=='HtaccessLevel')
19
+ {
20
+ $ipaddress = get_ipaddress();
21
+ if(mo_wpns_is_ip_blocked($ipaddress))
22
+ {
23
+ if(!mo_wpns_is_ip_whitelisted($ipaddress))
24
+ {
25
+ header('HTTP/1.1 403 Forbidden');
26
+ include_once($blockPage);
27
+ exit;
28
+ }
29
+ }
30
+ $fileName = mo_wpns_setting_file();
31
+
32
+ if($fileName != 'notMissing')
33
+ {
34
+ include_once($fileName);
35
+ }
36
+ if(isset($RateLimiting) && $RateLimiting == 1)
37
+ {
38
+ if(!is_crawler())
39
+ {
40
+ if(isset($RequestsPMin) && isset($actionRateL))
41
+ mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
42
+ }
43
+ }
44
+ if(isset($RateLimitingCrawler) && $RateLimitingCrawler == 1)
45
+ {
46
+ if(is_crawler())
47
+ {
48
+ if(is_fake_googlebot($ipaddress))
49
+ {
50
+ header('HTTP/1.1 403 Forbidden');
51
+ include_once($errorPage);
52
+ exit;
53
+ }
54
+ if($RateLimitingCrawler == '1')
55
+ {
56
+ mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
+ }
58
+
59
+ }
60
+ }
61
+ $attack = array();
62
+ if(isset($SQL) && $SQL==1)
63
+ {
64
+ array_push($attack,"SQL");
65
+ }
66
+ if(isset($XSS) && $XSS==1)
67
+ {
68
+ array_push($attack,"XSS");
69
+ }
70
+ if(isset($LFI) && $LFI==1)
71
+ {
72
+ array_push($attack,"LFI");
73
+ }
74
+
75
+ $attackC = $attack;
76
+ $ParanoiaLevel = 1;
77
+ $annomalyS = 0;
78
+ $SQLScore = 0;
79
+ $XSSScore = 0;
80
+ $limitAttack = mo_wpns_get_option_value("limitAttack");
81
+
82
+ foreach ($attackC as $key1 => $value1)
83
+ {
84
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
85
+ {
86
+ if(isset($regex[$value1][$lev]))
87
+ { $ooo = 0;
88
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
89
+ {
90
+ foreach ($_REQUEST as $key => $value) {
91
+
92
+ if($regex[$value1][$lev][$i] != "")
93
+ {
94
+ if(is_string($value))
95
+ {
96
+ if(preg_match($regex[$value1][$lev][$i], $value))
97
+ {
98
+
99
+ if($value1 == "SQL")
100
+ {
101
+ $SQLScore += $score[$value1][$lev][$i];
102
+ }
103
+ elseif ($value1 == "XSS")
104
+ {
105
+ $XSSScore += $score[$value1][$lev][$i];
106
+ }
107
+ else
108
+ {
109
+ $annomalyS += $score[$value1][$lev][$i];
110
+ }
111
+
112
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
113
+ {
114
+ $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
115
+ if($attackCount>$limitAttack)
116
+ {
117
+ if(!mo_wpns_is_ip_whitelisted($ipaddress))
118
+ {
119
+ mo_wpns_block_ip($ipaddress,'Attack limit Exceeded'); //Attack Limit Exceed
120
+ }
121
+ }
122
+
123
+ header('HTTP/1.1 403 Forbidden');
124
+ include_once($errorPage);
125
+ exit;
126
+ }
127
+ }
128
+ }
129
+ }
130
+ }
131
+ }
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }
137
+
138
+
139
+ function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
140
+ {
141
+ global $dbcon, $prefix;
142
+ $rate = mo_wpns_CheckRate($ipaddress);
143
+ if($rate>$reqLimit)
144
+ {
145
+ $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
146
+ $current_time = time();
147
+ if($current_time > $lastAttack)
148
+ {
149
+ mo_wpns_log_attack($ipaddress,'RLE','RLE');
150
+ }
151
+ if($action != 'ThrottleIP')
152
+ {
153
+ if(!mo_wpns_is_ip_whitelisted($ipaddress))
154
+ {
155
+ mo_wpns_block_ip($ipaddress,'RLE'); //Rate Limit Exceed
156
+ }
157
+ }
158
+ header('HTTP/1.1 403 Forbidden');
159
+ include_once($errorPage);
160
+ exit;
161
+ }
162
+ }
163
+
164
+ function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
165
+ {
166
+ if(file_exists($filename))
167
+ {
168
+ include($filename);
169
+ }
170
+ global $dbcon,$prefix;
171
+ $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
172
+ if(isset($RateLimitingCrawler))
173
+ {
174
+ if(isset($RateLimitingCrawler) && $RateLimitingCrawler=='1')
175
+ {
176
+ if(isset($RequestsPMinCrawler) && isset($actionRateLCrawler) )
177
+ {
178
+ $reqLimit = $RequestsPMinCrawler;
179
+ $rate = mo_wpns_CheckRate($ipaddress);
180
+ if($rate>=$reqLimit)
181
+ {
182
+ $action = $actionRateLCrawler;
183
+ $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
184
+ $current_time = time();
185
+ if($current_time>$lastAttack)
186
+ {
187
+ mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
188
+ }
189
+ if($action != 'ThrottleIP')
190
+ {
191
+ if(!mo_wpns_is_ip_whitelisted($ipaddress))
192
+ {
193
+ mo_wpns_block_ip($ipaddress,'RLECrawler'); //Rate Limit Exceed for Crawler
194
+ }
195
+ }
196
+ header('HTTP/1.1 403 Forbidden');
197
+ include_once($errorPage);
198
+ exit;
199
+ }
200
+ }
201
+ }
202
+ }
203
+ }
204
+
205
+
206
+ $dbcon->close();
207
  ?>
handler/WAF/waf-include.php CHANGED
@@ -1,92 +1,92 @@
1
- <?php
2
- $dir = dirname(__FILE__);
3
- $dir = str_replace('\\', "/", $dir);
4
- $dir = explode('WAF', $dir);
5
- $dir = $dir[0];
6
- $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
- $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
- $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
- $configfilepath = explode('wp-content', $dir);
10
- $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include_once($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
- function get_ipaddress()
26
- {
27
- $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['REMOTE_ADDR']))
31
- $ipaddress = $_SERVER['REMOTE_ADDR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
- else if(isset($_SERVER['HTTP_FORWARDED']))
39
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
- else
41
- $ipaddress = 'UNKNOWN';
42
-
43
- return $ipaddress;
44
- }
45
- function is_crawler()
46
- {
47
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
48
- $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
- foreach ($Botsign as $key => $value)
50
- {
51
- if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
52
- {
53
- return true;
54
- }
55
- }
56
- return false;
57
- }
58
- function is_fake_googlebot($ipaddress)
59
- {
60
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
61
- if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
62
- {
63
- if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
- {
65
- header('HTTP/1.1 403 Forbidden');
66
- include_once("mo-error.html");
67
- exit;
68
- }
69
- }
70
- }
71
- function is_fake($crawler,$USER_AGENT,$ipaddress)
72
- {
73
- // $hostName = gethostbyaddr($ipaddress);
74
- // $hostIP = gethostbyname($hostName);
75
- // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
- // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
- // for($i = 1 ; $i <= $range_count ; $i++){
78
- // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
- // $rangearray = explode("-",$blockedrange);
80
- // if(sizeof($rangearray)==2){
81
- // $lowip = ip2long(trim($rangearray[0]));
82
- // $highip = ip2long(trim($rangearray[1]));
83
- // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
- // $mo_wpns_config = new MoWpnsHandler();
85
- // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
- // return true;
87
- // }
88
- // }
89
- // }
90
- // return false;
91
- }
92
  ?>
1
+ <?php
2
+ $dir = dirname(__FILE__);
3
+ $dir = str_replace('\\', "/", $dir);
4
+ $dir = explode('WAF', $dir);
5
+ $dir = $dir[0];
6
+ $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
+ $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
+ $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
+ $configfilepath = explode('wp-content', $dir);
10
+ $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include_once($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+ function get_ipaddress()
26
+ {
27
+ $ipaddress = '';
28
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
29
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
+ else if(isset($_SERVER['REMOTE_ADDR']))
31
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
32
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
+ else if(isset($_SERVER['HTTP_FORWARDED']))
39
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
+ else
41
+ $ipaddress = 'UNKNOWN';
42
+
43
+ return $ipaddress;
44
+ }
45
+ function is_crawler()
46
+ {
47
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
48
+ $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
+ foreach ($Botsign as $key => $value)
50
+ {
51
+ if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
52
+ {
53
+ return true;
54
+ }
55
+ }
56
+ return false;
57
+ }
58
+ function is_fake_googlebot($ipaddress)
59
+ {
60
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
61
+ if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
62
+ {
63
+ if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
+ {
65
+ header('HTTP/1.1 403 Forbidden');
66
+ include_once("mo-error.html");
67
+ exit;
68
+ }
69
+ }
70
+ }
71
+ function is_fake($crawler,$USER_AGENT,$ipaddress)
72
+ {
73
+ // $hostName = gethostbyaddr($ipaddress);
74
+ // $hostIP = gethostbyname($hostName);
75
+ // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
+ // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
+ // for($i = 1 ; $i <= $range_count ; $i++){
78
+ // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
+ // $rangearray = explode("-",$blockedrange);
80
+ // if(sizeof($rangearray)==2){
81
+ // $lowip = ip2long(trim($rangearray[0]));
82
+ // $highip = ip2long(trim($rangearray[1]));
83
+ // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
+ // $mo_wpns_config = new MoWpnsHandler();
85
+ // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
+ // return true;
87
+ // }
88
+ // }
89
+ // }
90
+ // return false;
91
+ }
92
  ?>
handler/ajax.php CHANGED
@@ -1,175 +1,175 @@
1
- <?php
2
-
3
- class AjaxHandler
4
- {
5
- function __construct()
6
- {
7
- add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
- }
9
-
10
- function mo_wpns_2fa_actions()
11
- {
12
- global $moWpnsUtility,$mo2f_dirName;
13
-
14
- if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
- {
16
- switch($_REQUEST['option'])
17
- {
18
- case "iplookup":
19
- $this->lookupIP($_GET['ip']); break;
20
-
21
- case "dissmissSMTP":
22
- $this->handle_smtp(); break;
23
- case "whitelistself":
24
- $this->whitelist_self(); break;
25
-
26
- case "dismissplugin":
27
- $this->wpns_plugin_notice(); break;
28
-
29
- case "dismissbackup":
30
- $this->wpns_dismiss_backup_notice(); break;
31
-
32
- case "dismissbruteforce":
33
- $this->wpns_dismiss_bruteforce_notice(); break;
34
-
35
- case "dismissrecaptcha":
36
- $this-> wpns_dismiss_recaptcha_notice(); break;
37
-
38
- case "dismissfirewall":
39
- $this->wpns_dismiss_firewall_notice(); break;
40
-
41
- case "plugin_warning_never_show_again":
42
- $this->wpns_plugin_warning_never_show_again();
43
- break;
44
-
45
- case "dismissSms":
46
- $this->wpns_sms_notice(); break;
47
-
48
- case "dismissEmail":
49
- $this->wpns_email_notice(); break;
50
-
51
- case "dismissSms_always":
52
- $this->wpns_sms_notice_always(); break;
53
-
54
- case "dismissEmail_always":
55
- $this->wpns_email_notice_always(); break;
56
-
57
- case "dismisscodeswarning":
58
- $this->mo2f_backup_codes_dismiss(); break;
59
- }
60
- }
61
- }
62
-
63
- private function lookupIP($ip)
64
- {
65
- $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
66
- $hostname = gethostbyaddr($result["geoplugin_request"]);
67
- try{
68
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
69
- $timeoffset = $timeoffset/3600;
70
-
71
- }catch(Exception $e){
72
- $result["geoplugin_timezone"]="";
73
- $timeoffset="";
74
- }
75
-
76
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
77
- if($result['geoplugin_request']==$ip) {
78
-
79
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
80
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
81
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
82
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
83
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
84
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
85
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
86
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
87
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
88
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
89
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
90
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
91
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
92
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
93
-
94
- $result['ipDetails'] = $ipLookUpTemplate;
95
- }else{
96
- $result["ipDetails"]["status"]="ERROR";
97
- }
98
-
99
- wp_send_json( $result );
100
-
101
- }
102
- private function whitelist_self()
103
- {
104
- global $moWpnsUtility;
105
- $moPluginsUtility = new MoWpnsHandler();
106
- $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
107
- wp_send_json('success');
108
- }
109
-
110
- private function wpns_plugin_notice()
111
- {
112
-
113
- update_site_option('malware_notification_option', 1);
114
- update_site_option('notice_dismiss_time',time());
115
- wp_send_json('success');
116
- }
117
-
118
- function wpns_dismiss_backup_notice(){
119
- update_site_option('backup_notification_option', 1);
120
- update_site_option('notice_dismiss_time',time());
121
- wp_send_json('success');
122
- }
123
-
124
- function wpns_dismiss_bruteforce_notice(){
125
- update_site_option('bruteforce_notification_option', 1);
126
- update_site_option('notice_dismiss_time',time());
127
- wp_send_json('success');
128
- }
129
-
130
- function wpns_dismiss_recaptcha_notice(){
131
- update_site_option('recaptcha_notification_option', 1);
132
- update_site_option('notice_dismiss_time',time());
133
- wp_send_json('success');
134
- }
135
-
136
- function wpns_plugin_warning_never_show_again(){
137
- update_site_option('plugin_warning_never_show_again', 1);
138
- wp_send_json('success');
139
- }
140
-
141
- function wpns_dismiss_firewall_notice(){
142
- update_site_option('waf_notification_option', 1);
143
- update_site_option('notice_dismiss_time',time());
144
- wp_send_json('success');
145
- }
146
- private function wpns_sms_notice()
147
- {
148
- update_site_option('mo2f_wpns_sms_dismiss', time());
149
- wp_send_json('success');
150
- }
151
- private function wpns_email_notice()
152
- {
153
- update_site_option('mo2f_wpns_email_dismiss', time());
154
- wp_send_json('success');
155
- }
156
- private function wpns_sms_notice_always()
157
- {
158
- update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
159
- wp_send_json('success');
160
- }
161
- private function wpns_email_notice_always()
162
- {
163
- update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
164
- wp_send_json('success');
165
- }
166
- private function mo2f_backup_codes_dismiss()
167
- {
168
- $user_id = get_current_user_id();
169
- update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
170
- wp_send_json('success');
171
- }
172
-
173
-
174
-
175
- }new AjaxHandler;
1
+ <?php
2
+
3
+ class AjaxHandler
4
+ {
5
+ function __construct()
6
+ {
7
+ add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
+ }
9
+
10
+ function mo_wpns_2fa_actions()
11
+ {
12
+ global $moWpnsUtility,$mo2f_dirName;
13
+
14
+ if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
+ {
16
+ switch($_REQUEST['option'])
17
+ {
18
+ case "iplookup":
19
+ $this->lookupIP($_GET['ip']); break;
20
+
21
+ case "dissmissSMTP":
22
+ $this->handle_smtp(); break;
23
+ case "whitelistself":
24
+ $this->whitelist_self(); break;
25
+
26
+ case "dismissplugin":
27
+ $this->wpns_plugin_notice(); break;
28
+
29
+ case "dismissbackup":
30
+ $this->wpns_dismiss_backup_notice(); break;
31
+
32
+ case "dismissbruteforce":
33
+ $this->wpns_dismiss_bruteforce_notice(); break;
34
+
35
+ case "dismissrecaptcha":
36
+ $this-> wpns_dismiss_recaptcha_notice(); break;
37
+
38
+ case "dismissfirewall":
39
+ $this->wpns_dismiss_firewall_notice(); break;
40
+
41
+ case "plugin_warning_never_show_again":
42
+ $this->wpns_plugin_warning_never_show_again();
43
+ break;
44
+
45
+ case "dismissSms":
46
+ $this->wpns_sms_notice(); break;
47
+
48
+ case "dismissEmail":
49
+ $this->wpns_email_notice(); break;
50
+
51
+ case "dismissSms_always":
52
+ $this->wpns_sms_notice_always(); break;
53
+
54
+ case "dismissEmail_always":
55
+ $this->wpns_email_notice_always(); break;
56
+
57
+ case "dismisscodeswarning":
58
+ $this->mo2f_backup_codes_dismiss(); break;
59
+ }
60
+ }
61
+ }
62
+
63
+ private function lookupIP($ip)
64
+ {
65
+ $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
66
+ $hostname = gethostbyaddr($result["geoplugin_request"]);
67
+ try{
68
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
69
+ $timeoffset = $timeoffset/3600;
70
+
71
+ }catch(Exception $e){
72
+ $result["geoplugin_timezone"]="";
73
+ $timeoffset="";
74
+ }
75
+
76
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
77
+ if($result['geoplugin_request']==$ip) {
78
+
79
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
80
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
81
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
82
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
83
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
84
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
85
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
86
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
87
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
88
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
89
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
90
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
91
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
92
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
93
+
94
+ $result['ipDetails'] = $ipLookUpTemplate;
95
+ }else{
96
+ $result["ipDetails"]["status"]="ERROR";
97
+ }
98
+
99
+ wp_send_json( $result );
100
+
101
+ }
102
+ private function whitelist_self()
103
+ {
104
+ global $moWpnsUtility;
105
+ $moPluginsUtility = new MoWpnsHandler();
106
+ $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
107
+ wp_send_json('success');
108
+ }
109
+
110
+ private function wpns_plugin_notice()
111
+ {
112
+
113
+ update_site_option('malware_notification_option', 1);
114
+ update_site_option('notice_dismiss_time',time());
115
+ wp_send_json('success');
116
+ }
117
+
118
+ function wpns_dismiss_backup_notice(){
119
+ update_site_option('backup_notification_option', 1);
120
+ update_site_option('notice_dismiss_time',time());
121
+ wp_send_json('success');
122
+ }
123
+
124
+ function wpns_dismiss_bruteforce_notice(){
125
+ update_site_option('bruteforce_notification_option', 1);
126
+ update_site_option('notice_dismiss_time',time());
127
+ wp_send_json('success');
128
+ }
129
+
130
+ function wpns_dismiss_recaptcha_notice(){
131
+ update_site_option('recaptcha_notification_option', 1);
132
+ update_site_option('notice_dismiss_time',time());
133
+ wp_send_json('success');
134
+ }
135
+
136
+ function wpns_plugin_warning_never_show_again(){
137
+ update_site_option('plugin_warning_never_show_again', 1);
138
+ wp_send_json('success');
139
+ }
140
+
141
+ function wpns_dismiss_firewall_notice(){
142
+ update_site_option('waf_notification_option', 1);
143
+ update_site_option('notice_dismiss_time',time());
144
+ wp_send_json('success');
145
+ }
146
+ private function wpns_sms_notice()
147
+ {
148
+ update_site_option('mo2f_wpns_sms_dismiss', time());
149
+ wp_send_json('success');
150
+ }
151
+ private function wpns_email_notice()
152
+ {
153
+ update_site_option('mo2f_wpns_email_dismiss', time());
154
+ wp_send_json('success');
155
+ }
156
+ private function wpns_sms_notice_always()
157
+ {
158
+ update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
159
+ wp_send_json('success');
160
+ }
161
+ private function wpns_email_notice_always()
162
+ {
163
+ update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
164
+ wp_send_json('success');
165
+ }
166
+ private function mo2f_backup_codes_dismiss()
167
+ {
168
+ $user_id = get_current_user_id();
169
+ update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
170
+ wp_send_json('success');
171
+ }
172
+
173
+
174
+
175
+ }new AjaxHandler;
handler/backup.php CHANGED
@@ -1,322 +1,322 @@
1
- <?php
2
-
3
- class MoBackupSite{
4
-
5
- function __construct()
6
- {
7
- add_filter( 'cron_schedules', array($this,'db_eb_backup_interval'));
8
- add_action( 'mo_eb_bl_cron_hook', array($this,'db_cron_backup') );
9
- add_filter( 'cron_schedules', array($this,'file_eb_backup_interval'));
10
- add_action( 'mo_eb_file_cron_hook', array($this,'file_cron_backup') );
11
- }
12
-
13
- function db_cron_backup(){
14
-
15
- $obj = new MoBackupSite;
16
- $obj->backupDB();
17
-
18
- }
19
-
20
- function db_eb_backup_interval($schedules){
21
- $mo2f_cron_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option')*3600;
22
- $schedules['db_eb_backup_time'] = array(
23
- 'interval' => $mo2f_cron_hours,
24
- 'display' => esc_html__( 'Cron Activated' ),
25
- );
26
- return $schedules;
27
- }
28
-
29
- function bl_deactivate() {
30
- $timestamp = wp_next_scheduled( 'mo_eb_bl_cron_hook' );
31
- wp_unschedule_event( $timestamp, 'mo_eb_bl_cron_hook' );
32
- }
33
-
34
- function file_cron_backup(){
35
- $backup_store_path = wp_upload_dir();
36
- $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
37
- $time = time();
38
- update_site_option('backup_created_time',$time);
39
-
40
- if(MoWpnsUtility::get_mo2f_db_option('mo_file_backup_plugins', 'site_option') =='1'){
41
- $this->plugin_backup($backup_store_path, $time);
42
- }
43
- if(MoWpnsUtility::get_mo2f_db_option('mo_file_backup_themes','site_option') =='1'){
44
- $this->themes_backup($backup_store_path ,$time);
45
- }
46
-
47
- if(get_site_option('mo_file_backup_wp_files') == '1'){
48
- $this->wpfiles_backup($backup_store_path, $time);
49
- }
50
- update_site_option('backup_notification_option',1);
51
- }
52
-
53
- function file_manual_backup(){
54
- $backup_store_path = wp_upload_dir();
55
- $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
56
- $time = time();
57
- update_site_option('backup_created_time',$time);
58
-
59
- if(MoWpnsUtility::get_mo2f_db_option('mo_file_manual_backup_plugins', 'site_option') =='1'){
60
- // if(get_option('mo_file_manual_backup_plugins') =='1'){
61
- $this->plugin_backup($backup_store_path, $time);
62
- }
63
- if(MoWpnsUtility::get_mo2f_db_option('mo_file_manual_backup_themes', 'site_option') =='1'){
64
- // if(get_option('mo_file_manual_backup_themes') =='1'){
65
- $this->themes_backup($backup_store_path ,$time);
66
- }
67
-
68
- if(get_site_option('mo_file_manual_backup_wp_files') == '1'){
69
- $this->wpfiles_backup($backup_store_path, $time);
70
- }
71
- update_site_option('backup_notification_option',1);
72
- }
73
-
74
- function file_eb_backup_interval($schedules){
75
- $mo2f_cron_file_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option')*3600;
76
- $schedules['file_eb_backup_time'] = array(
77
- 'interval' => $mo2f_cron_file_backup_hours,
78
- 'display' => esc_html__( 'Cron Activated' ),
79
- );
80
- return $schedules;
81
- }
82
-
83
- function file_backup_deactivate(){
84
- $timestamp = wp_next_scheduled( 'mo_eb_file_cron_hook' );
85
- wp_unschedule_event( $timestamp, 'mo_eb_file_cron_hook' );
86
- }
87
-
88
- function plugin_backup($backup_store_path, $time){
89
- global $wpnsDbQueries;
90
- $this->mkdirectory('plugins');
91
- $real_path= WP_PLUGIN_DIR;
92
- $backup_path =$backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR.'plugins';
93
- $filename = 'miniorange-plugins-backup-'.$time.'.zip';
94
- $this->file_backup($real_path,$filename,'plugins');
95
- $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::PLUGIN,$filename,$time,$backup_path);
96
- }
97
-
98
- function themes_backup($backup_store_path ,$time){
99
- global $wpnsDbQueries;
100
- $this->mkdirectory('themes');
101
- $real_path= get_theme_root();
102
- $backup_path =$backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR.'themes';
103
- $filename = 'miniorange-themes-backup-'.$time.'.zip';
104
- $this->file_backup($real_path,$filename,'themes');
105
- $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::THEMES,$filename,$time,$backup_path);
106
-
107
- }
108
-
109
- function wpfiles_backup($backup_store_path, $time){
110
- global $wpnsDbQueries;
111
- $this->mkdirectory('wp_files');
112
- $homepath = get_home_path();
113
- $real_path= $homepath;
114
- $backup_path =$backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR.'wp_files';
115
- $filename = 'miniorange-wpfiles-backup-'.$time.'.zip';
116
- $this->file_backup($real_path,$filename, 'wp_files');
117
- $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::WPFILES,$filename,$time,$backup_path);
118
- }
119
-
120
- function mkdirectory($foldername){
121
-
122
- $homepath = wp_upload_dir();
123
- $homepath = $homepath['basedir'].DIRECTORY_SEPARATOR;
124
- if(!is_writable($homepath)){
125
- wp_send_json('not_writable');
126
- return;
127
- }
128
-
129
-
130
- $basepath = $homepath;
131
- if(!file_exists($basepath."miniorangebackup")){
132
- mkdir($basepath."miniorangebackup");
133
- }
134
-
135
- $basepath = $homepath.'miniorangebackup'.DIRECTORY_SEPARATOR;
136
- $this-> create_index_file($basepath);
137
-
138
- if(!file_exists($basepath.'file-backups')){
139
- mkdir($basepath.'file-backups');
140
- }
141
-
142
- $basepath = $homepath.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR;
143
- if(!file_exists($basepath.$foldername)){
144
- mkdir($basepath.$foldername);
145
- }
146
-
147
- }
148
-
149
- function create_index_file($folder_path){
150
-
151
- $html_path=$folder_path."index.html";
152
- $htaccess_path= $folder_path.".htaccess";
153
-
154
- if(!file_exists($html_path)){
155
- $f = fopen($html_path, "a");
156
- fwrite($f, '<html><body><a href="https://security.miniorange.com/" target="_blank">WordPress backups by miniorange</a></body></html>');
157
- fclose($f);
158
- }
159
- if(!file_exists($htaccess_path)){
160
- $f = fopen($htaccess_path, "a");
161
- fwrite($f, "deny from all");
162
- fclose($f);
163
- }
164
- }
165
-
166
-
167
- function file_backup($real_path, $filename, $foldername){
168
- ini_set('max_execution_time', 0);
169
- $backup_store_path = wp_upload_dir();
170
- $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR;
171
- $rootPath = realpath($real_path);
172
- $zip = new ZipArchive();
173
- $res = $zip->open($backup_store_path.$foldername.DIRECTORY_SEPARATOR.$filename, ZipArchive::CREATE | ZipArchive::OVERWRITE);
174
-
175
- $files = new RecursiveIteratorIterator(
176
- new RecursiveDirectoryIterator($rootPath),
177
- RecursiveIteratorIterator::LEAVES_ONLY
178
- );
179
- foreach ($files as $name => $file)
180
- {
181
- if (!$file->isDir())
182
- {
183
- $filePath = $file->getRealPath();
184
- $relativePath = substr($filePath, strlen($rootPath) + 1);
185
- if(strpos($relativePath, 'miniorangebackup')!== false ){}
186
- else{
187
- $zip->addFile($filePath, $relativePath);
188
- }
189
- }
190
- }
191
- $zip->close();
192
- }
193
-
194
-
195
- function backupDB(){
196
-
197
- if ( function_exists('memory_get_usage') && ( (int) ini_get('memory_limit') < 128 ) ){
198
- ini_set('memory_limit', '128M' );
199
- do_action('mo_eb_show_message',MoBackupMessages::showMessage('DB_MEMORY_LIMIT'),'SUCCESS');
200
- }
201
-
202
- $backup_store_path = wp_upload_dir();
203
- $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
204
-
205
- if(!is_writable($backup_store_path)){
206
- wp_send_json('not_writable');
207
- return;
208
- }
209
- global $wpdb;
210
- $tables = $wpdb->get_results("SHOW TABLES", ARRAY_N);
211
- $nooftables = count($tables);
212
- $query = "";
213
- $tableswithfk = array();
214
- $tableswithoutfk= array();
215
-
216
- foreach($tables as $table)
217
- {
218
- if(is_array($table))
219
- $table = $table[0];
220
- $createtable = $wpdb->get_results("SHOW CREATE TABLE $table", ARRAY_A);
221
- if(!empty($createtable[0]))
222
- {
223
- $createquery = $createtable[0]['Create Table'];
224
- if (strpos($createquery, 'FOREIGN KEY') !== false)
225
- array_push($tableswithfk,$table);
226
- else
227
- array_push($tableswithoutfk, $table);
228
- }
229
- }
230
-
231
- $query .= $this->get_table_query($query,$tableswithoutfk);
232
-
233
- $query .= $this->get_table_query($query,$tableswithfk);
234
-
235
- $fileName = $this->create_db_backup_file($query);
236
- wp_send_json('created_backup');
237
- }
238
-
239
- function get_table_query($query,$tables)
240
- {
241
-
242
- global $wpdb;
243
- foreach($tables as $table)
244
- {
245
- $createtable = $wpdb->get_results("SHOW CREATE TABLE $table", ARRAY_A);
246
- if(!empty($createtable[0]))
247
- {
248
- $createquery = $createtable[0]['Create Table'];
249
- $query .= 'DROP TABLE IF EXISTS '.$table.";\n";
250
- $query .= $createquery.";\n\n";
251
- $data = $wpdb->get_results("SELECT * FROM $table", ARRAY_A);
252
- foreach($data as $record)
253
- {
254
- if(count($record)>0)
255
- {
256
- $query.= 'INSERT INTO '.$table.' VALUES(';
257
- $i=0;
258
- foreach($record as $key=>$value)
259
- {
260
- $value = addslashes($value);
261
- if (isset($value))
262
- $query.= '"'.$value.'"' ;
263
- else
264
- $query.= '""';
265
- if ($i < (count($record)-1)) { $query.= ','; }
266
- $i++;
267
- }
268
- $query.= ");\n";
269
- }
270
- }
271
- $query.="\n\n";
272
- }
273
- }
274
- return $query;
275
- }
276
-
277
- function create_db_backup_file($data)
278
- {
279
-
280
- global $wpnsDbQueries;
281
- $time = time();
282
- $backup_store_path = wp_upload_dir();
283
- $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
284
- if(!file_exists($backup_store_path."miniorangebackup")){
285
- mkdir($backup_store_path."miniorangebackup");
286
- }
287
- $basepath = $backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR;
288
- $handler_obj = new MoBackupSite;
289
- $handler_obj->create_index_file($basepath);
290
- if(!file_exists($basepath.'db-backups')){
291
- mkdir($basepath.'db-backups');
292
- }
293
-
294
- $backup_path = $basepath.'db-backups';
295
- $filename = 'miniorange-db-backup-'.$time.'.sql';
296
- $basepath = $basepath.'db-backups';
297
- $handle = fopen($basepath.DIRECTORY_SEPARATOR.$filename,'w+');
298
- fwrite($handle,$data);
299
- fclose($handle);
300
- $filezipname = $this->barfw_create_database_backup_zip_file($filename,$time);
301
- $zip_path = $basepath.DIRECTORY_SEPARATOR.$filename;
302
- unlink($zip_path);
303
- $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::DATABASE,$filezipname,$time,$backup_path);
304
- return $filename;
305
- }
306
-
307
- function barfw_create_database_backup_zip_file($filename,$time){
308
- $backup_store_path = wp_upload_dir();
309
- $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR.'miniorangebackup'.DIRECTORY_SEPARATOR.'db-backups'.DIRECTORY_SEPARATOR;
310
-
311
- $filezipname = 'miniorange-db-backup-'.$time.'.zip';
312
- $zip = new ZipArchive();
313
- $res = $zip->open($backup_store_path.DIRECTORY_SEPARATOR.$filezipname, ZipArchive::CREATE | ZipArchive::OVERWRITE);
314
- $filePath = $backup_store_path.$filename;
315
- $relativePath = $filename;
316
- $zip->addFile($filePath, $relativePath);
317
-
318
- $zip->close();
319
- return $filezipname;
320
- }
321
-
322
  }new MoBackupSite;
1
+ <?php
2
+
3
+ class MoBackupSite{
4
+
5
+ function __construct()
6
+ {
7
+ add_filter( 'cron_schedules', array($this,'db_eb_backup_interval'));
8
+ add_action( 'mo_eb_bl_cron_hook', array($this,'db_cron_backup') );
9
+ add_filter( 'cron_schedules', array($this,'file_eb_backup_interval'));
10
+ add_action( 'mo_eb_file_cron_hook', array($this,'file_cron_backup') );
11
+ }
12
+
13
+ function db_cron_backup(){
14
+
15
+ $obj = new MoBackupSite;
16
+ $obj->backupDB();
17
+
18
+ }
19
+
20
+ function db_eb_backup_interval($schedules){
21
+ $mo2f_cron_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option')*3600;
22
+ $schedules['db_eb_backup_time'] = array(
23
+ 'interval' => $mo2f_cron_hours,
24
+ 'display' => esc_html__( 'Cron Activated' ),
25
+ );
26
+ return $schedules;
27
+ }
28
+
29
+ function bl_deactivate() {
30
+ $timestamp = wp_next_scheduled( 'mo_eb_bl_cron_hook' );
31
+ wp_unschedule_event( $timestamp, 'mo_eb_bl_cron_hook' );
32
+ }
33
+
34
+ function file_cron_backup(){
35
+ $backup_store_path = wp_upload_dir();
36
+ $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
37
+ $time = time();
38
+ update_site_option('backup_created_time',$time);
39
+
40
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_backup_plugins', 'site_option') =='1'){
41
+ $this->plugin_backup($backup_store_path, $time);
42
+ }
43
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_backup_themes','site_option') =='1'){
44
+ $this->themes_backup($backup_store_path ,$time);
45
+ }
46
+
47
+ if(get_site_option('mo_file_backup_wp_files') == '1'){
48
+ $this->wpfiles_backup($backup_store_path, $time);
49
+ }
50
+ update_site_option('backup_notification_option',1);
51
+ }
52
+
53
+ function file_manual_backup(){
54
+ $backup_store_path = wp_upload_dir();
55
+ $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
56
+ $time = time();
57
+ update_site_option('backup_created_time',$time);
58
+
59
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_manual_backup_plugins', 'site_option') =='1'){
60
+ // if(get_option('mo_file_manual_backup_plugins') =='1'){
61
+ $this->plugin_backup($backup_store_path, $time);
62
+ }
63
+ if(MoWpnsUtility::get_mo2f_db_option('mo_file_manual_backup_themes', 'site_option') =='1'){
64
+ // if(get_option('mo_file_manual_backup_themes') =='1'){
65
+ $this->themes_backup($backup_store_path ,$time);
66
+ }
67
+
68
+ if(get_site_option('mo_file_manual_backup_wp_files') == '1'){
69
+ $this->wpfiles_backup($backup_store_path, $time);
70
+ }
71
+ update_site_option('backup_notification_option',1);
72
+ }
73
+
74
+ function file_eb_backup_interval($schedules){
75
+ $mo2f_cron_file_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option')*3600;
76
+ $schedules['file_eb_backup_time'] = array(
77
+ 'interval' => $mo2f_cron_file_backup_hours,
78
+ 'display' => esc_html__( 'Cron Activated' ),
79
+ );
80
+ return $schedules;
81
+ }
82
+
83
+ function file_backup_deactivate(){
84
+ $timestamp = wp_next_scheduled( 'mo_eb_file_cron_hook' );
85
+ wp_unschedule_event( $timestamp, 'mo_eb_file_cron_hook' );
86
+ }
87
+
88
+ function plugin_backup($backup_store_path, $time){
89
+ global $wpnsDbQueries;
90
+ $this->mkdirectory('plugins');
91
+ $real_path= WP_PLUGIN_DIR;
92
+ $backup_path =$backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR.'plugins';
93
+ $filename = 'miniorange-plugins-backup-'.$time.'.zip';
94
+ $this->file_backup($real_path,$filename,'plugins');
95
+ $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::PLUGIN,$filename,$time,$backup_path);
96
+ }
97
+
98
+ function themes_backup($backup_store_path ,$time){
99
+ global $wpnsDbQueries;
100
+ $this->mkdirectory('themes');
101
+ $real_path= get_theme_root();
102
+ $backup_path =$backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR.'themes';
103
+ $filename = 'miniorange-themes-backup-'.$time.'.zip';
104
+ $this->file_backup($real_path,$filename,'themes');
105
+ $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::THEMES,$filename,$time,$backup_path);
106
+
107
+ }
108
+
109
+ function wpfiles_backup($backup_store_path, $time){
110
+ global $wpnsDbQueries;
111
+ $this->mkdirectory('wp_files');
112
+ $homepath = get_home_path();
113
+ $real_path= $homepath;
114
+ $backup_path =$backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR.'wp_files';
115
+ $filename = 'miniorange-wpfiles-backup-'.$time.'.zip';
116
+ $this->file_backup($real_path,$filename, 'wp_files');
117
+ $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::WPFILES,$filename,$time,$backup_path);
118
+ }
119
+
120
+ function mkdirectory($foldername){
121
+
122
+ $homepath = wp_upload_dir();
123
+ $homepath = $homepath['basedir'].DIRECTORY_SEPARATOR;
124
+ if(!is_writable($homepath)){
125
+ wp_send_json('not_writable');
126
+ return;
127
+ }
128
+
129
+
130
+ $basepath = $homepath;
131
+ if(!file_exists($basepath."miniorangebackup")){
132
+ mkdir($basepath."miniorangebackup");
133
+ }
134
+
135
+ $basepath = $homepath.'miniorangebackup'.DIRECTORY_SEPARATOR;
136
+ $this-> create_index_file($basepath);
137
+
138
+ if(!file_exists($basepath.'file-backups')){
139
+ mkdir($basepath.'file-backups');
140
+ }
141
+
142
+ $basepath = $homepath.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR;
143
+ if(!file_exists($basepath.$foldername)){
144
+ mkdir($basepath.$foldername);
145
+ }
146
+
147
+ }
148
+
149
+ function create_index_file($folder_path){
150
+
151
+ $html_path=$folder_path."index.html";
152
+ $htaccess_path= $folder_path.".htaccess";
153
+
154
+ if(!file_exists($html_path)){
155
+ $f = fopen($html_path, "a");
156
+ fwrite($f, '<html><body><a href="https://security.miniorange.com/" target="_blank">WordPress backups by miniorange</a></body></html>');
157
+ fclose($f);
158
+ }
159
+ if(!file_exists($htaccess_path)){
160
+ $f = fopen($htaccess_path, "a");
161
+ fwrite($f, "deny from all");
162
+ fclose($f);
163
+ }
164
+ }
165
+
166
+
167
+ function file_backup($real_path, $filename, $foldername){
168
+ ini_set('max_execution_time', 0);
169
+ $backup_store_path = wp_upload_dir();
170
+ $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR.'miniorangebackup'.DIRECTORY_SEPARATOR.'file-backups'.DIRECTORY_SEPARATOR;
171
+ $rootPath = realpath($real_path);
172
+ $zip = new ZipArchive();
173
+ $res = $zip->open($backup_store_path.$foldername.DIRECTORY_SEPARATOR.$filename, ZipArchive::CREATE | ZipArchive::OVERWRITE);
174
+
175
+ $files = new RecursiveIteratorIterator(
176
+ new RecursiveDirectoryIterator($rootPath),
177
+ RecursiveIteratorIterator::LEAVES_ONLY
178
+ );
179
+ foreach ($files as $name => $file)
180
+ {
181
+ if (!$file->isDir())
182
+ {
183
+ $filePath = $file->getRealPath();
184
+ $relativePath = substr($filePath, strlen($rootPath) + 1);
185
+ if(strpos($relativePath, 'miniorangebackup')!== false ){}
186
+ else{
187
+ $zip->addFile($filePath, $relativePath);
188
+ }
189
+ }
190
+ }
191
+ $zip->close();
192
+ }
193
+
194
+
195
+ function backupDB(){
196
+
197
+ if ( function_exists('memory_get_usage') && ( (int) ini_get('memory_limit') < 128 ) ){
198
+ ini_set('memory_limit', '128M' );
199
+ do_action('mo_eb_show_message',MoBackupMessages::showMessage('DB_MEMORY_LIMIT'),'SUCCESS');
200
+ }
201
+
202
+ $backup_store_path = wp_upload_dir();
203
+ $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
204
+
205
+ if(!is_writable($backup_store_path)){
206
+ wp_send_json('not_writable');
207
+ return;
208
+ }
209
+ global $wpdb;
210
+ $tables = $wpdb->get_results("SHOW TABLES", ARRAY_N);
211
+ $nooftables = count($tables);
212
+ $query = "";
213
+ $tableswithfk = array();
214
+ $tableswithoutfk= array();
215
+
216
+ foreach($tables as $table)
217
+ {
218
+ if(is_array($table))
219
+ $table = $table[0];
220
+ $createtable = $wpdb->get_results("SHOW CREATE TABLE $table", ARRAY_A);
221
+ if(!empty($createtable[0]))
222
+ {
223
+ $createquery = $createtable[0]['Create Table'];
224
+ if (strpos($createquery, 'FOREIGN KEY') !== false)
225
+ array_push($tableswithfk,$table);
226
+ else
227
+ array_push($tableswithoutfk, $table);
228
+ }
229
+ }
230
+
231
+ $query .= $this->get_table_query($query,$tableswithoutfk);
232
+
233
+ $query .= $this->get_table_query($query,$tableswithfk);
234
+
235
+ $fileName = $this->create_db_backup_file($query);
236
+ wp_send_json('created_backup');
237
+ }
238
+
239
+ function get_table_query($query,$tables)
240
+ {
241
+
242
+ global $wpdb;
243
+ foreach($tables as $table)
244
+ {
245
+ $createtable = $wpdb->get_results("SHOW CREATE TABLE $table", ARRAY_A);
246
+ if(!empty($createtable[0]))
247
+ {
248
+ $createquery = $createtable[0]['Create Table'];
249
+ $query .= 'DROP TABLE IF EXISTS '.$table.";\n";
250
+ $query .= $createquery.";\n\n";
251
+ $data = $wpdb->get_results("SELECT * FROM $table", ARRAY_A);
252
+ foreach($data as $record)
253
+ {
254
+ if(count($record)>0)
255
+ {
256
+ $query.= 'INSERT INTO '.$table.' VALUES(';
257
+ $i=0;
258
+ foreach($record as $key=>$value)
259
+ {
260
+ $value = addslashes($value);
261
+ if (isset($value))
262
+ $query.= '"'.$value.'"' ;
263
+ else
264
+ $query.= '""';
265
+ if ($i < (count($record)-1)) { $query.= ','; }
266
+ $i++;
267
+ }
268
+ $query.= ");\n";
269
+ }
270
+ }
271
+ $query.="\n\n";
272
+ }
273
+ }
274
+ return $query;
275
+ }
276
+
277
+ function create_db_backup_file($data)
278
+ {
279
+
280
+ global $wpnsDbQueries;
281
+ $time = time();
282
+ $backup_store_path = wp_upload_dir();
283
+ $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR;
284
+ if(!file_exists($backup_store_path."miniorangebackup")){
285
+ mkdir($backup_store_path."miniorangebackup");
286
+ }
287
+ $basepath = $backup_store_path.'miniorangebackup'.DIRECTORY_SEPARATOR;
288
+ $handler_obj = new MoBackupSite;
289
+ $handler_obj->create_index_file($basepath);
290
+ if(!file_exists($basepath.'db-backups')){
291
+ mkdir($basepath.'db-backups');
292
+ }
293
+
294
+ $backup_path = $basepath.'db-backups';
295
+ $filename = 'miniorange-db-backup-'.$time.'.sql';
296
+ $basepath = $basepath.'db-backups';
297
+ $handle = fopen($basepath.DIRECTORY_SEPARATOR.$filename,'w+');
298
+ fwrite($handle,$data);
299
+ fclose($handle);
300
+ $filezipname = $this->barfw_create_database_backup_zip_file($filename,$time);
301
+ $zip_path = $basepath.DIRECTORY_SEPARATOR.$filename;
302
+ unlink($zip_path);
303
+ $wpnsDbQueries->insert_backup_detail(MoWpnsConstants::DATABASE,$filezipname,$time,$backup_path);
304
+ return $filename;
305
+ }
306
+
307
+ function barfw_create_database_backup_zip_file($filename,$time){
308
+ $backup_store_path = wp_upload_dir();
309
+ $backup_store_path = $backup_store_path['basedir'].DIRECTORY_SEPARATOR.'miniorangebackup'.DIRECTORY_SEPARATOR.'db-backups'.DIRECTORY_SEPARATOR;
310
+
311
+ $filezipname = 'miniorange-db-backup-'.$time.'.zip';
312
+ $zip = new ZipArchive();
313
+ $res = $zip->open($backup_store_path.DIRECTORY_SEPARATOR.$filezipname, ZipArchive::CREATE | ZipArchive::OVERWRITE);
314
+ $filePath = $backup_store_path.$filename;
315
+ $relativePath = $filename;
316
+ $zip->addFile($filePath, $relativePath);
317
+
318
+ $zip->close();
319
+ return $filezipname;
320
+ }
321
+
322
  }new MoBackupSite;
handler/feedback_form.php CHANGED
@@ -1,210 +1,210 @@
1
- <?php
2
- class FeedbackHandler
3
- {
4
- function __construct()
5
- {
6
- add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
- }
8
-
9
- function mo_wpns_feedback_actions()
10
- {
11
-
12
- global $moWpnsUtility, $mo2f_dirName;
13
-
14
- if (current_user_can('manage_options') && isset($_POST['option'])) {
15
- switch ($_REQUEST['option']) {
16
- case "mo_wpns_skip_feedback":
17
- case "mo_wpns_rating":
18
- case "mo_wpns_feedback":
19
- $this->wpns_handle_feedback($_POST); break;
20
- case "mo_wpns_backup_download":
21
- $this->mo2f_backup_download($_POST);
22
- break;
23
- case "log_file_download":
24
- $this->mo2f_download_log_file();
25
- break;
26
-
27
-
28
- }
29
- }
30
- }
31
-
32
-
33
- function wpns_handle_feedback($postdata)
34
- {
35
-
36
- if(MO2F_TEST_MODE){
37
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
- return;
39
- }
40
-
41
- $user = wp_get_current_user();
42
- $feedback_option = $_POST['option'];
43
- if ($feedback_option != "mo_wpns_rating")
44
- {
45
- $message = 'Plugin Deactivated';
46
- }
47
-
48
-
49
- $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
- $activation_date = get_site_option('mo2f_activated_time');
51
- $current_date = time();
52
- $diff = $activation_date - $current_date;
53
- if($activation_date == false){
54
- $days = 'NA';
55
- }
56
- else{
57
- $days = abs(round($diff / 86400));
58
- }
59
- update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
-
61
- if ($feedback_option != "mo_wpns_rating")
62
- {
63
- $reply_required = '';
64
- if (isset($_POST['get_reply']))
65
- $reply_required = htmlspecialchars($_POST['get_reply']);
66
-
67
- if (empty($reply_required)) {
68
- $reply_required = "don't reply";
69
- $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
- } else {
71
- $reply_required = "yes";
72
- $message .= '[Reply:' . $reply_required . ',';
73
- }
74
- }
75
- else
76
- {
77
- $message ='[' ;
78
- }
79
- $message .= 'D:' . $days . ',';
80
- if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
- $message .= '2FA+NS]';
82
- }
83
- else{
84
- $message .= '2FA]';
85
- }
86
-
87
- $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
-
89
- if (isset($_POST['rate']))
90
- $rate_value = htmlspecialchars($_POST['rate']);
91
- else
92
- $rate_value = "--";
93
- $message .= ', [Rating :' . $rate_value . ']';
94
- if (empty($reply_required))
95
- $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
- else
97
- $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
- $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
- $email = get_option('mo2f_email');
101
- if (empty($email))
102
- $email = $user->user_email;
103
- }
104
- $phone = get_option('mo_wpns_admin_phone');
105
- $feedback_reasons = new MocURL();
106
- global $moWpnsUtility;
107
- if (!is_null($feedback_reasons)) {
108
- if (!$moWpnsUtility->is_curl_installed()) {
109
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
- wp_redirect('plugins.php');
111
- } else {
112
- $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
- if (json_last_error() == JSON_ERROR_NONE) {
114
- if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
115
- do_action('wpns_show_message',$submited['message'],'ERROR');
116
-
117
- } else {
118
- if ($submited == false) {
119
- do_action('wpns_show_message','Error while submitting the query.','ERROR');
120
- }
121
- }
122
- }
123
-
124
- if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
125
- {
126
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
127
- }
128
- do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
129
-
130
- }
131
- }
132
- }
133
-
134
- function mo2f_download_log_file(){
135
- ob_start();
136
- $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
137
-
138
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
139
- $error = new WP_Error();
140
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
141
-
142
- }else{
143
-
144
-
145
- $debug_log_path = wp_upload_dir();
146
- $debug_log_path = $debug_log_path['basedir'];
147
- $file_name = 'miniorange_debug_log.txt';
148
- $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
149
- if($status){
150
- header("Pragma: public");
151
- header("Expires: 0");
152
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
153
- header("Content-Type: application/octet-stream");
154
- header("Content-Disposition: attachment; filename=".$file_name);
155
- header("Content-Transfer-Encoding: binary");
156
- header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
157
- while (ob_get_level()) {
158
- ob_end_clean();
159
- @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
160
- exit;
161
- }
162
- }else{
163
- do_action('wpns_show_message','File does not exist.','ERROR');
164
- }
165
- }
166
- }
167
-
168
- function mo2f_backup_download($postdata){
169
- global $wpnsDbQueries;
170
-
171
- $nonce = $postdata['download_nonce'];
172
- if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
173
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
174
- return;
175
- }
176
-
177
- ob_start();
178
- if(current_user_can('administrator')){
179
- $file_name=$postdata['file_name'];
180
- $file_path=$postdata['file_path'];
181
- $file = explode('/', $file_name);
182
- $file_name = $file[0];
183
- $id = $file[1];
184
- $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
185
- if($status){
186
- header("Pragma: public");
187
- header("Expires: 0");
188
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
189
- header("Content-Type: application/octet-stream");
190
- header("Content-Disposition: attachment; filename=".$file_name);
191
- header("Content-Transfer-Encoding: binary");
192
- header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
193
- while (ob_get_level()) {
194
- ob_end_clean();
195
- @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
196
- exit;
197
- }
198
- }else{
199
- $wpnsDbQueries->delete_file($id);
200
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
201
- return;
202
- }
203
- }else{
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
205
- return;
206
- }
207
-
208
- }
209
-
210
- }new FeedbackHandler();
1
+ <?php
2
+ class FeedbackHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
+ }
8
+
9
+ function mo_wpns_feedback_actions()
10
+ {
11
+
12
+ global $moWpnsUtility, $mo2f_dirName;
13
+
14
+ if (current_user_can('manage_options') && isset($_POST['option'])) {
15
+ switch ($_REQUEST['option']) {
16
+ case "mo_wpns_skip_feedback":
17
+ case "mo_wpns_rating":
18
+ case "mo_wpns_feedback":
19
+ $this->wpns_handle_feedback($_POST); break;
20
+ case "mo_wpns_backup_download":
21
+ $this->mo2f_backup_download($_POST);
22
+ break;
23
+ case "log_file_download":
24
+ $this->mo2f_download_log_file();
25
+ break;
26
+
27
+
28
+ }
29
+ }
30
+ }
31
+
32
+
33
+ function wpns_handle_feedback($postdata)
34
+ {
35
+
36
+ if(MO2F_TEST_MODE){
37
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
+ return;
39
+ }
40
+
41
+ $user = wp_get_current_user();
42
+ $feedback_option = $_POST['option'];
43
+ if ($feedback_option != "mo_wpns_rating")
44
+ {
45
+ $message = 'Plugin Deactivated';
46
+ }
47
+
48
+
49
+ $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
+ $activation_date = get_site_option('mo2f_activated_time');
51
+ $current_date = time();
52
+ $diff = $activation_date - $current_date;
53
+ if($activation_date == false){
54
+ $days = 'NA';
55
+ }
56
+ else{
57
+ $days = abs(round($diff / 86400));
58
+ }
59
+ update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
+
61
+ if ($feedback_option != "mo_wpns_rating")
62
+ {
63
+ $reply_required = '';
64
+ if (isset($_POST['get_reply']))
65
+ $reply_required = htmlspecialchars($_POST['get_reply']);
66
+
67
+ if (empty($reply_required)) {
68
+ $reply_required = "don't reply";
69
+ $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
+ } else {
71
+ $reply_required = "yes";
72
+ $message .= '[Reply:' . $reply_required . ',';
73
+ }
74
+ }
75
+ else
76
+ {
77
+ $message ='[' ;
78
+ }
79
+ $message .= 'D:' . $days . ',';
80
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
+ $message .= '2FA+NS]';
82
+ }
83
+ else{
84
+ $message .= '2FA]';
85
+ }
86
+
87
+ $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
+
89
+ if (isset($_POST['rate']))
90
+ $rate_value = htmlspecialchars($_POST['rate']);
91
+ else
92
+ $rate_value = "--";
93
+ $message .= ', [Rating :' . $rate_value . ']';
94
+ if (empty($reply_required))
95
+ $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
+ else
97
+ $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
+ $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
+ $email = get_option('mo2f_email');
101
+ if (empty($email))
102
+ $email = $user->user_email;
103
+ }
104
+ $phone = get_option('mo_wpns_admin_phone');
105
+ $feedback_reasons = new MocURL();
106
+ global $moWpnsUtility;
107
+ if (!is_null($feedback_reasons)) {
108
+ if (!$moWpnsUtility->is_curl_installed()) {
109
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
+ wp_redirect('plugins.php');
111
+ } else {
112
+ $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
+ if (json_last_error() == JSON_ERROR_NONE) {
114
+ if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
115
+ do_action('wpns_show_message',$submited['message'],'ERROR');
116
+
117
+ } else {
118
+ if ($submited == false) {
119
+ do_action('wpns_show_message','Error while submitting the query.','ERROR');
120
+ }
121
+ }
122
+ }
123
+
124
+ if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
125
+ {
126
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
127
+ }
128
+ do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
129
+
130
+ }
131
+ }
132
+ }
133
+
134
+ function mo2f_download_log_file(){
135
+ ob_start();
136
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
137
+
138
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
139
+ $error = new WP_Error();
140
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
141
+
142
+ }else{
143
+
144
+
145
+ $debug_log_path = wp_upload_dir();
146
+ $debug_log_path = $debug_log_path['basedir'];
147
+ $file_name = 'miniorange_debug_log.txt';
148
+ $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
149
+ if($status){
150
+ header("Pragma: public");
151
+ header("Expires: 0");
152
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
153
+ header("Content-Type: application/octet-stream");
154
+ header("Content-Disposition: attachment; filename=".$file_name);
155
+ header("Content-Transfer-Encoding: binary");
156
+ header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
157
+ while (ob_get_level()) {
158
+ ob_end_clean();
159
+ @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
160
+ exit;
161
+ }
162
+ }else{
163
+ do_action('wpns_show_message','File does not exist.','ERROR');
164
+ }
165
+ }
166
+ }
167
+
168
+ function mo2f_backup_download($postdata){
169
+ global $wpnsDbQueries;
170
+
171
+ $nonce = $postdata['download_nonce'];
172
+ if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
173
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
174
+ return;
175
+ }
176
+
177
+ ob_start();
178
+ if(current_user_can('administrator')){
179
+ $file_name=$postdata['file_name'];
180
+ $file_path=$postdata['file_path'];
181
+ $file = explode('/', $file_name);
182
+ $file_name = $file[0];
183
+ $id = $file[1];
184
+ $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
185
+ if($status){
186
+ header("Pragma: public");
187
+ header("Expires: 0");
188
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
189
+ header("Content-Type: application/octet-stream");
190
+ header("Content-Disposition: attachment; filename=".$file_name);
191
+ header("Content-Transfer-Encoding: binary");
192
+ header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
193
+ while (ob_get_level()) {
194
+ ob_end_clean();
195
+ @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
196
+ exit;
197
+ }
198
+ }else{
199
+ $wpnsDbQueries->delete_file($id);
200
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
201
+ return;
202
+ }
203
+ }else{
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
205
+ return;
206
+ }
207
+
208
+ }
209
+
210
+ }new FeedbackHandler();
handler/login.php CHANGED
@@ -1,414 +1,414 @@
1
- <?php
2
- class LoginHandler
3
- {
4
- function __construct()
5
- {
6
- add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
- if(get_site_option('mo2f_restrict_restAPI')){
8
- add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
- }
10
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
- || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
- {
13
-
14
- remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
- add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
- }
17
-
18
- add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
- add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
- //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
- //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
-
23
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
- add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
- }
26
- }
27
-
28
- function mo_block_restAPI(){
29
- global $moWpnsUtility,$mo2f_dirName;
30
- if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
- include_once("mo-block.html");
32
- exit;
33
- }
34
- }
35
-
36
- function mo_wpns_init()
37
- {
38
- add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
- add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
- add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
- add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
- global $moWpnsUtility,$mo2f_dirName;
43
- $WAFEnabled = get_option('WAFEnabled');
44
- $WAFLevel = get_option('WAF');
45
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
- if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
- add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
- $mo2f_scanner_parts = new mo2f_scanner_parts();
49
- $mo2f_scanner_parts->file_cron_scan();
50
-
51
- if($WAFEnabled == 1)
52
- {
53
- if($WAFLevel == 'PluginLevel')
54
- {
55
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
- }
58
- }
59
-
60
-
61
- $userIp = $moWpnsUtility->get_client_ip();
62
- $mo_wpns_config = new MoWpnsHandler();
63
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
64
- $isIpBlocked = false;
65
- if(!$isWhitelisted){
66
- $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
67
- }
68
- if($isIpBlocked){
69
- include_once("mo-block.html");
70
- exit;
71
- }
72
-
73
- $requested_uri = $_SERVER["REQUEST_URI"];
74
- $option = false;
75
- if (is_user_logged_in()) { //chr?
76
- if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
77
- wp_redirect(site_url());
78
- die;
79
- }
80
- } else {
81
- $option = get_option('mo_wpns_enable_rename_login_url');
82
- }
83
- if ($option) {
84
- if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
85
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
86
- wp_redirect($requested_uri);
87
- die;
88
- } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
89
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
90
- wp_redirect($requested_uri);
91
- die;
92
- }
93
-
94
- if (strpos($requested_uri, '/wp-login.php') !== false) {
95
- wp_redirect(site_url());
96
- }
97
- else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
98
- @require_once ABSPATH . 'wp-login.php';
99
- die;
100
- }
101
- }
102
-
103
- if(isset($_POST['option']))
104
- {
105
- switch($_POST['option'])
106
- {
107
- case "mo_wpns_change_password":
108
- $this->handle_change_password(sanitize_text_field($_POST['username'])
109
- ,sanitize_text_field($_POST['new_password']),sanitize_text_field($_POST['confirm_password']));
110
- break;
111
- }
112
- }
113
-
114
- }
115
- function twofa_on_user_profile( $user ) {
116
- global $mo2f_dirName;
117
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
118
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
119
- }
120
- }
121
- function user_two_factor_options_update( $user ) {
122
- global $mo2f_dirName;
123
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
124
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
125
- }
126
- }
127
-
128
- function mo2f_IP_email_send()
129
- {
130
- global $moWpnsUtility;
131
- $userIp = $moWpnsUtility->get_client_ip();
132
-
133
- if(!get_site_option('mo2f_user_IP'))
134
- {
135
- update_site_option('mo2f_user_IP',$userIp );
136
- }
137
- $check_Ip = get_site_option('mo2f_user_IP');
138
-
139
- if ($check_Ip != $userIp)
140
- {
141
-
142
- $email = get_option('admin_email');
143
- $subject ="Alert: New IP Detected";
144
- $message = mo_IP_template();
145
- $headers=array('Content-Type: text/html; charset=UTF-8');
146
- if(empty($email))
147
- {
148
- $user = wp_get_current_user();
149
- $email = $user->user_email;
150
- }
151
- if(is_email($email))
152
- {
153
-
154
- wp_mail( $email,$subject,$message,$headers);
155
-
156
- }
157
-
158
- }
159
-
160
- }
161
-
162
- function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
163
-
164
- if (empty($_POST['g-recaptcha-response'])) {
165
- $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
166
- }
167
- }
168
-
169
- //Function to Handle Change Password Form
170
- function handle_change_password($username,$newpassword,$confirmpassword)
171
- {
172
- global $mo2f_dirName;
173
- $user = get_user_by("login",$username);
174
- $error = wp_authenticate_username_password($user,$username,$newpassword);
175
-
176
- if(is_wp_error($error))
177
- {
178
- $this->mo_wpns_login_failed($username);
179
- return $error;
180
- }
181
-
182
- if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
183
- {
184
- wp_set_auth_cookie($user->ID,false,false);
185
- $this->mo_wpns_login_success($username);
186
- wp_redirect(get_site_option('siteurl'),301);
187
- }
188
- }
189
-
190
-
191
- //Function to Update User password
192
- function update_strong_password($username,$newpassword,$confirmpassword)
193
- {
194
- global $mo2f_dirName;
195
-
196
- if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
197
- && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
198
- {
199
- $user = get_user_by("login",$username);
200
- wp_set_password($newpassword,$user->ID);
201
- return "success";
202
- }
203
- else
204
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
205
- }
206
-
207
-
208
- //Our custom logic for user authentication
209
- function custom_authenticate($user, $username, $password)
210
- {
211
- global $moWpnsUtility;
212
- $error = new WP_Error();
213
-
214
- if(empty($username) && empty ($password))
215
- return $error;
216
-
217
- if(empty($username)) {
218
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
219
- }
220
- if(empty($password)) {
221
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
222
- }
223
-
224
- $user = wp_authenticate_username_password( $user, $username, $password );
225
-
226
- if ( is_wp_error( $user ) ) {
227
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
228
- return $user;
229
- }
230
- if(empty($error->errors))
231
- {
232
- $user = get_user_by("login",$username);
233
-
234
- if($user)
235
- {
236
- $moCURL=new MocURL;
237
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
238
- {
239
- $captcha_version=get_option('mo_wpns_recaptcha_version');
240
- if($captcha_version=='reCAPTCHA_v3')
241
- $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
242
- else if($captcha_version=='reCAPTCHA_v2')
243
- $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
244
-
245
- }
246
- }
247
-
248
- if(!empty($recaptchaError->errors))
249
- $error = $recaptchaError;
250
- if(empty($error->errors)){
251
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
252
- {
253
- $this->mo_wpns_login_success($username);
254
- }
255
- return $user;
256
- }
257
- }
258
- else
259
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
260
- return $error;
261
-
262
- }
263
-
264
-
265
-
266
-
267
- //Function to check user password
268
- function check_password($user,$error,$password)
269
- {
270
- global $moWpnsUtility, $mo2f_dirName;
271
- if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
272
- {
273
- if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
274
- {
275
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
276
- $this->mo_wpns_login_success($user->data->user_login);
277
- return $user;
278
- }
279
- else
280
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
281
- }
282
- else
283
- $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
284
-
285
- return $error;
286
- }
287
-
288
-
289
- //Function to handle successful user login
290
- function mo_wpns_login_success($username)
291
- {
292
- global $moWpnsUtility;
293
- if(get_site_option('mo2f_mail_notify') == 'on')
294
- {
295
- $this->mo2f_IP_email_send();
296
- }
297
-
298
- $mo_wpns_config = new MoWpnsHandler();
299
- $userIp = $moWpnsUtility->get_client_ip();
300
-
301
- $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
302
-
303
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
304
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
305
-
306
-
307
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
308
-
309
- if(isset($_POST['log']) && isset($_POST['pwd'])){
310
- $username = sanitize_text_field($_POST['log']);
311
- $pass = sanitize_text_field($_POST['pwd']);
312
- $user = get_user_by('login',$username);
313
-
314
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
315
- if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
316
- if(!get_user_meta($user->ID,'password_strong?')){
317
- update_user_meta($user->ID,'password_strong?', true);
318
- $count = get_site_option('users_with_weak_pass');
319
- $count = $count + 1;
320
- update_site_option('users_with_weak_pass', $count);
321
- }
322
- }
323
- else{
324
- if(get_user_meta($user->ID,'password_strong?')){
325
- $count = get_site_option('users_with_weak_pass');
326
- $count = $count - 1;
327
- update_site_option('users_with_weak_pass', $count);
328
- }
329
- delete_user_meta($user->ID,'password_strong?');
330
- }
331
-
332
-
333
- }
334
-
335
- }
336
- }
337
-
338
-
339
- //Function to handle failed user login attempt
340
- function mo_wpns_login_failed($username)
341
- {
342
- global $moWpnsUtility;
343
- $userIp = $moWpnsUtility->get_client_ip();
344
-
345
- if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
346
- return;
347
-
348
- $mo_wpns_config = new MoWpnsHandler();
349
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
350
-
351
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
352
-
353
- if(!$isWhitelisted)
354
- {
355
-
356
-
357
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
358
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
359
-
360
- $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
361
- $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
362
-
363
- if($allowedLoginAttepts - $failedAttempts<=0)
364
- $this->handle_login_attempt_exceeded($userIp);
365
- else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
366
- $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
367
- }
368
-
369
- }
370
-
371
-
372
-
373
-
374
-
375
- //Function to show number of attempts remaining
376
- function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
377
- {
378
- global $error;
379
- $diff = $allowedLoginAttepts - $failedAttempts;
380
- $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
381
- }
382
-
383
-
384
- //Function to handle login limit exceeded
385
- function handle_login_attempt_exceeded($userIp)
386
- {
387
- global $moWpnsUtility, $mo2f_dirName;
388
- $mo_wpns_config = new MoWpnsHandler();
389
- $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
390
- include_once("mo-block.html");
391
- exit;
392
-
393
- }
394
-
395
- function setup_registration_closed($user){
396
- global $Mo2fdbQueries;
397
- if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
398
- $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
399
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
400
- $error = new WP_Error();
401
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
402
- return $error;
403
- } else {
404
- if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
405
- //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
406
- delete_user_meta( $user->ID, 'register_account_popup' );
407
-
408
- }
409
- }
410
- }
411
- }
412
-
413
- }
414
- new LoginHandler;
1
+ <?php
2
+ class LoginHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
+ if(get_site_option('mo2f_restrict_restAPI')){
8
+ add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
+ }
10
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
+ || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
+ {
13
+
14
+ remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
+ add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
+ }
17
+
18
+ add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
+ add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
+ //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
+ //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
+
23
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
+ add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
+ }
26
+ }
27
+
28
+ function mo_block_restAPI(){
29
+ global $moWpnsUtility,$mo2f_dirName;
30
+ if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
+ include_once("mo-block.html");
32
+ exit;
33
+ }
34
+ }
35
+
36
+ function mo_wpns_init()
37
+ {
38
+ add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
+ add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
+ add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
+ add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
+ global $moWpnsUtility,$mo2f_dirName;
43
+ $WAFEnabled = get_option('WAFEnabled');
44
+ $WAFLevel = get_option('WAF');
45
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
+ if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
+ add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
+ $mo2f_scanner_parts = new mo2f_scanner_parts();
49
+ $mo2f_scanner_parts->file_cron_scan();
50
+
51
+ if($WAFEnabled == 1)
52
+ {
53
+ if($WAFLevel == 'PluginLevel')
54
+ {
55
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
+ }
58
+ }
59
+
60
+
61
+ $userIp = $moWpnsUtility->get_client_ip();
62
+ $mo_wpns_config = new MoWpnsHandler();
63
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
64
+ $isIpBlocked = false;
65
+ if(!$isWhitelisted){
66
+ $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
67
+ }
68
+ if($isIpBlocked){
69
+ include_once("mo-block.html");
70
+ exit;
71
+ }
72
+
73
+ $requested_uri = $_SERVER["REQUEST_URI"];
74
+ $option = false;
75
+ if (is_user_logged_in()) { //chr?
76
+ if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
77
+ wp_redirect(site_url());
78
+ die;
79
+ }
80
+ } else {
81
+ $option = get_option('mo_wpns_enable_rename_login_url');
82
+ }
83
+ if ($option) {
84
+ if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
85
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
86
+ wp_redirect($requested_uri);
87
+ die;
88
+ } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
89
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
90
+ wp_redirect($requested_uri);
91
+ die;
92
+ }
93
+
94
+ if (strpos($requested_uri, '/wp-login.php') !== false) {
95
+ wp_redirect(site_url());
96
+ }
97
+ else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
98
+ @require_once ABSPATH . 'wp-login.php';
99
+ die;
100
+ }
101
+ }
102
+
103
+ if(isset($_POST['option']))
104
+ {
105
+ switch($_POST['option'])
106
+ {
107
+ case "mo_wpns_change_password":
108
+ $this->handle_change_password(sanitize_text_field($_POST['username'])
109
+ ,sanitize_text_field($_POST['new_password']),sanitize_text_field($_POST['confirm_password']));
110
+ break;
111
+ }
112
+ }
113
+
114
+ }
115
+ function twofa_on_user_profile( $user ) {
116
+ global $mo2f_dirName;
117
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
118
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
119
+ }
120
+ }
121
+ function user_two_factor_options_update( $user ) {
122
+ global $mo2f_dirName;
123
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
124
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
125
+ }
126
+ }
127
+
128
+ function mo2f_IP_email_send()
129
+ {
130
+ global $moWpnsUtility;
131
+ $userIp = $moWpnsUtility->get_client_ip();
132
+
133
+ if(!get_site_option('mo2f_user_IP'))
134
+ {
135
+ update_site_option('mo2f_user_IP',$userIp );
136
+ }
137
+ $check_Ip = get_site_option('mo2f_user_IP');
138
+
139
+ if ($check_Ip != $userIp)
140
+ {
141
+
142
+ $email = get_option('admin_email');
143
+ $subject ="Alert: New IP Detected";
144
+ $message = mo_IP_template();
145
+ $headers=array('Content-Type: text/html; charset=UTF-8');
146
+ if(empty($email))
147
+ {
148
+ $user = wp_get_current_user();
149
+ $email = $user->user_email;
150
+ }
151
+ if(is_email($email))
152
+ {
153
+
154
+ wp_mail( $email,$subject,$message,$headers);
155
+
156
+ }
157
+
158
+ }
159
+
160
+ }
161
+
162
+ function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
163
+
164
+ if (empty($_POST['g-recaptcha-response'])) {
165
+ $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
166
+ }
167
+ }
168
+
169
+ //Function to Handle Change Password Form
170
+ function handle_change_password($username,$newpassword,$confirmpassword)
171
+ {
172
+ global $mo2f_dirName;
173
+ $user = get_user_by("login",$username);
174
+ $error = wp_authenticate_username_password($user,$username,$newpassword);
175
+
176
+ if(is_wp_error($error))
177
+ {
178
+ $this->mo_wpns_login_failed($username);
179
+ return $error;
180
+ }
181
+
182
+ if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
183
+ {
184
+ wp_set_auth_cookie($user->ID,false,false);
185
+ $this->mo_wpns_login_success($username);
186
+ wp_redirect(get_site_option('siteurl'),301);
187
+ }
188
+ }
189
+
190
+
191
+ //Function to Update User password
192
+ function update_strong_password($username,$newpassword,$confirmpassword)
193
+ {
194
+ global $mo2f_dirName;
195
+
196
+ if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
197
+ && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
198
+ {
199
+ $user = get_user_by("login",$username);
200
+ wp_set_password($newpassword,$user->ID);
201
+ return "success";
202
+ }
203
+ else
204
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
205
+ }
206
+
207
+
208
+ //Our custom logic for user authentication
209
+ function custom_authenticate($user, $username, $password)
210
+ {
211
+ global $moWpnsUtility;
212
+ $error = new WP_Error();
213
+
214
+ if(empty($username) && empty ($password))
215
+ return $error;
216
+
217
+ if(empty($username)) {
218
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
219
+ }
220
+ if(empty($password)) {
221
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
222
+ }
223
+
224
+ $user = wp_authenticate_username_password( $user, $username, $password );
225
+
226
+ if ( is_wp_error( $user ) ) {
227
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
228
+ return $user;
229
+ }
230
+ if(empty($error->errors))
231
+ {
232
+ $user = get_user_by("login",$username);
233
+
234
+ if($user)
235
+ {
236
+ $moCURL=new MocURL;
237
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
238
+ {
239
+ $captcha_version=get_option('mo_wpns_recaptcha_version');
240
+ if($captcha_version=='reCAPTCHA_v3')
241
+ $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
242
+ else if($captcha_version=='reCAPTCHA_v2')
243
+ $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
244
+
245
+ }
246
+ }
247
+
248
+ if(!empty($recaptchaError->errors))
249
+ $error = $recaptchaError;
250
+ if(empty($error->errors)){
251
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
252
+ {
253
+ $this->mo_wpns_login_success($username);
254
+ }
255
+ return $user;
256
+ }
257
+ }
258
+ else
259
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
260
+ return $error;
261
+
262
+ }
263
+
264
+
265
+
266
+
267
+ //Function to check user password
268
+ function check_password($user,$error,$password)
269
+ {
270
+ global $moWpnsUtility, $mo2f_dirName;
271
+ if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
272
+ {
273
+ if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
274
+ {
275
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
276
+ $this->mo_wpns_login_success($user->data->user_login);
277
+ return $user;
278
+ }
279
+ else
280
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
281
+ }
282
+ else
283
+ $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
284
+
285
+ return $error;
286
+ }
287
+
288
+
289
+ //Function to handle successful user login
290
+ function mo_wpns_login_success($username)
291
+ {
292
+ global $moWpnsUtility;
293
+ if(get_site_option('mo2f_mail_notify') == 'on')
294
+ {
295
+ $this->mo2f_IP_email_send();
296
+ }
297
+
298
+ $mo_wpns_config = new MoWpnsHandler();
299
+ $userIp = $moWpnsUtility->get_client_ip();
300
+
301
+ $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
302
+
303
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
304
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
305
+
306
+
307
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
308
+
309
+ if(isset($_POST['log']) && isset($_POST['pwd'])){
310
+ $username = sanitize_text_field($_POST['log']);
311
+ $pass = sanitize_text_field($_POST['pwd']);
312
+ $user = get_user_by('login',$username);
313
+
314
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
315
+ if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
316
+ if(!get_user_meta($user->ID,'password_strong?')){
317
+ update_user_meta($user->ID,'password_strong?', true);
318
+ $count = get_site_option('users_with_weak_pass');
319
+ $count = $count + 1;
320
+ update_site_option('users_with_weak_pass', $count);
321
+ }
322
+ }
323
+ else{
324
+ if(get_user_meta($user->ID,'password_strong?')){
325
+ $count = get_site_option('users_with_weak_pass');
326
+ $count = $count - 1;
327
+ update_site_option('users_with_weak_pass', $count);
328
+ }
329
+ delete_user_meta($user->ID,'password_strong?');
330
+ }
331
+
332
+
333
+ }
334
+
335
+ }
336
+ }
337
+
338
+
339
+ //Function to handle failed user login attempt
340
+ function mo_wpns_login_failed($username)
341
+ {
342
+ global $moWpnsUtility;
343
+ $userIp = $moWpnsUtility->get_client_ip();
344
+
345
+ if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
346
+ return;
347
+
348
+ $mo_wpns_config = new MoWpnsHandler();
349
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
350
+
351
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
352
+
353
+ if(!$isWhitelisted)
354
+ {
355
+
356
+
357
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
358
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
359
+
360
+ $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
361
+ $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
362
+
363
+ if($allowedLoginAttepts - $failedAttempts<=0)
364
+ $this->handle_login_attempt_exceeded($userIp);
365
+ else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
366
+ $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
367
+ }
368
+
369
+ }
370
+
371
+
372
+
373
+
374
+
375
+ //Function to show number of attempts remaining
376
+ function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
377
+ {
378
+ global $error;
379
+ $diff = $allowedLoginAttepts - $failedAttempts;
380
+ $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
381
+ }
382
+
383
+
384
+ //Function to handle login limit exceeded
385
+ function handle_login_attempt_exceeded($userIp)
386
+ {
387
+ global $moWpnsUtility, $mo2f_dirName;
388
+ $mo_wpns_config = new MoWpnsHandler();
389
+ $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
390
+ include_once("mo-block.html");
391
+ exit;
392
+
393
+ }
394
+
395
+ function setup_registration_closed($user){
396
+ global $Mo2fdbQueries;
397
+ if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
398
+ $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
399
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
400
+ $error = new WP_Error();
401
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
402
+ return $error;
403
+ } else {
404
+ if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
405
+ //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
406
+ delete_user_meta( $user->ID, 'register_account_popup' );
407
+
408
+ }
409
+ }
410
+ }
411
+ }
412
+
413
+ }
414
+ new LoginHandler;
handler/malware_scanner.php CHANGED
@@ -1,669 +1,669 @@
1
- <?php
2
-
3
- class Mo_wpns_Scan_Handler{
4
- private $total_files_to_scan;
5
- public $scanned_files = array();
6
- function __construct(){
7
-
8
- }
9
- function mo2f_scan_all_files($scan_config){
10
- update_option('mo_wpns_scan_initialize', 0);
11
- update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
12
- update_option('mo_wpns_files_scanned',0);
13
- update_option('mo_wpns_infected_files',0);
14
- ini_set('memory_limit', '-1');
15
- ini_set('max_execution_time', 0);
16
- $result = array();
17
- $folderpaths = array();
18
- $wp_repo_file = array();
19
- $folderNames = "";
20
- $repo_check_status = $scan_config['check_repo'];
21
- $repo_check_status_code = 0;
22
- $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
- $hostname = 'wordpress.org';
24
- $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
25
- if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
26
- $scan_config['check_repo'] = 0;
27
- $repo_check_status_code = -97;
28
- }
29
- if (!$wordpress_server_status) {
30
- $scan_config['check_repo'] = 0;
31
- $repo_check_status_code = -98;
32
- }
33
- $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
34
- if($scan_config['core_scan'] == 1){
35
- $folderpaths['base'] = $base;
36
- $folderNames .= "WP Files;";
37
- }
38
- if($scan_config['plugin_scan'] == 1){
39
- $folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
40
- $folderNames .= "Plugins;";
41
- }
42
- if($scan_config['theme_scan'] == 1){
43
- $folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
44
- $folderNames .= "Themes;";
45
- }
46
- if($scan_config['check_repo'] == 1){
47
- $folderNames .= "WP Repo Files;";
48
- }
49
- $this->count_total_files($folderpaths, $base, $scan_config);
50
-
51
- if ( ! function_exists( 'get_plugins' ) ) {
52
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
53
- }
54
- if ( ! function_exists( 'plugins_api' ) ) {
55
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
56
- }
57
- if($scan_config['check_repo'] == 1){
58
- if(!is_dir($repo_file_path)){
59
- mkdir($repo_file_path);
60
- }
61
- if($scan_config['core_scan'] == 1){
62
- require(ABSPATH . 'wp-includes/version.php');
63
- //wordpress name to be changed to be changed based on version
64
- $zip_name="wp-".$wp_version;
65
- $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
66
- update_option('downloaded_wordpress_repo_name', $zip_name);
67
- if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
68
- $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
69
- if($result === -99){
70
- $scan_config['check_repo'] = 0;
71
- $repo_check_status_code = -99;
72
- }else if(!$result){
73
- $scan_config['check_repo'] = 0;
74
- $repo_check_status_code = -100;
75
- }
76
- }
77
- }
78
- if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
79
- $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
80
- if(!is_dir($wp_plugin_repo_file)){
81
- mkdir($wp_plugin_repo_file);
82
- }
83
- $wp_repo_file['plugins']=$wp_plugin_repo_file;
84
- $plugin_list=get_site_transient( 'update_plugins' );
85
- $all_plugins=array();
86
- foreach ($plugin_list as $key => $value) {
87
- if($key=='response'||$key=='no_update'){
88
- foreach ($value as $ke => $val) {
89
- $all_plugins[$ke] = $val;
90
- }
91
- }
92
- }
93
- $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
94
- if($result === -99){
95
- $scan_config['check_repo'] = 0;
96
- $repo_check_status_code = -99;
97
- }else if(!$result){
98
- $scan_config['check_repo'] = 0;
99
- $repo_check_status_code = -100;
100
- }
101
- }
102
- if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
103
- $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
104
- if(!is_dir($wp_theme_repo_file)){
105
- mkdir($wp_theme_repo_file);
106
- }
107
- $wp_repo_file['themes']=$wp_theme_repo_file;
108
- $all_themes=get_site_transient( 'update_themes' )->checked;
109
- $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
110
- if($result === -99){
111
- $scan_config['check_repo'] = 0;
112
- $repo_check_status_code = -99;
113
- }else if(!$result){
114
- $scan_config['check_repo'] = 0;
115
- $repo_check_status_code = -100;
116
- }
117
- }
118
- }
119
- $mo2f_malware_db_handler = new MoWpnsDB();
120
- $time = current_time('timestamp');
121
- $result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
122
- $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
123
- if($result['scan']){
124
- foreach ($result['scan'] as $key => $value) {
125
- $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
126
- }
127
- }
128
- $result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
129
- $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
130
- if(is_dir($repo_file_path)){
131
- $this->remove_dir($repo_file_path);
132
- }
133
- update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
134
- $total_scan=$mo2f_malware_db_handler->count_files();
135
- $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
136
- $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
137
- $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
138
- if($total_scan > 999){
139
- $total_scan=($total_scan/1000);
140
- $total_scan= round($total_scan,1)."k";
141
- }
142
- if($total_malicious > 999){
143
- $total_malicious=($total_malicious/1000);
144
- $total_malicious= round($total_malicious,1)."k";
145
- }
146
- $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
147
- wp_send_json($response);
148
- }
149
-
150
- function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
151
- foreach($themes_or_plugins as $key => $data){
152
- if($type=='plugins'){
153
- $plugin_slug=$data->slug;
154
- $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
155
- $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
156
- $plugin_version=$plugin_data['Version'];
157
- if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
158
- $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
- if($result === -99){
160
- return -99;
161
- }else if(!$result){
162
- return false;
163
- }
164
- }
165
- } else if($type=='themes'){
166
- if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
- $result= $this->download_repo($key, $data, $path, $type);
168
- if($result === -99){
169
- return -99;
170
- }else if(!$result){
171
- return false;
172
- }
173
- }
174
- }
175
- }
176
- return true;
177
- }
178
-
179
- function download_repo($zip_name, $version, $path, $type=''){
180
- if ($type=='plugins') {
181
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
182
- $plugin_name=$zip_name.'.'.$version;
183
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
184
- if( $download_result){
185
- $result = $this->unzip_downloaded_repo($zip_name, $path);
186
- return $result;
187
- }else {
188
- $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
189
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
190
- if( $download_result){
191
- $result = $this->unzip_downloaded_repo($zip_name, $path);
192
- return $result;
193
- }else {
194
- error_log("Unable to download Plugin: ".$plugin_name);
195
- return -99;
196
- }
197
- return -99;
198
- }
199
- } else if($type=='themes'){
200
- $theme_name=$zip_name.'.'.$version;
201
- $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
202
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
203
- if( $download_result){
204
- $result = $this->unzip_downloaded_repo($zip_name, $path);
205
- return $result;
206
- }else {
207
- $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
208
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
209
- if( $download_result){
210
- $result = $this->unzip_downloaded_repo($zip_name, $path);
211
- return $result;
212
- }else {
213
- error_log("Unable to download Theme: ".$theme_name);
214
- return -99;
215
- }
216
- return -99;
217
- }
218
- } else {
219
- $download_link="https://wordpress.org/wordpress-".$version.".zip";
220
- $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
221
- if($download_result){
222
- $result=$this->unzip_downloaded_repo($zip_name, $path);
223
- return $result;
224
- } else {
225
- error_log("Unable to download wordpress-".$version);
226
- return -99;
227
- }
228
- }
229
- return false;
230
- }
231
-
232
- function unzip_downloaded_repo($name, $path){
233
- $zip = new ZipArchive;
234
- $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
235
- $res = $zip->open($folder_path);
236
- if ($res === TRUE) {
237
- // extract it to the path we determined above
238
- $result = $zip->extractTo($path);
239
- $zip->close();
240
- if ($name == get_option('downloaded_wordpress_repo_name')) {
241
- rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
242
- }
243
- unlink($folder_path);
244
- return true;
245
- } else {
246
- return false;
247
- }
248
- }
249
-
250
- function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
251
- if(!empty($folderpaths)){
252
- if ( in_array( 'curl', get_loaded_extensions() ) ) {
253
- $scanresults=array();
254
- $nooffiles=0;
255
- $scan_malware_count = 0;
256
- $repo_issue_count = 0;
257
- $malicious_link_count = 0;
258
- $file_ext = $scan_config['file_extension'];
259
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
260
- $extensions = array();
261
- $hostname = 'scanner.api.xecurify.com';
262
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
263
- if(empty($file_ext)){
264
- }else{
265
- if(strpos($file_ext,';') !=false){
266
- $extensions = explode(";", $file_ext);
267
- }else{
268
- array_push($extensions, $file_ext);
269
- }
270
- }
271
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
272
- $skip_path_array= array();
273
- for($i=0; $i<count($folder_skip_array); $i++){
274
- $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
275
- $n= sizeof($pathParts)-1;
276
- $folder= $pathParts[$n];
277
- array_push($skip_path_array, $folder);
278
- }
279
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
280
- foreach ($folderpaths as $value) {
281
- $onearr = array();
282
- if (is_dir($value)) {
283
- foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
284
- if ($item->isFile()) {
285
- $scanresult=array();
286
- $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
287
- if ($value == $base && ($scan_config['core_scan'] == 1)){
288
- $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
289
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
290
-
291
- }else{
292
- continue;
293
- }
294
- }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
295
- continue;
296
- } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
297
- continue;
298
- }
299
- $flag_skip=0;
300
- if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
301
- for($q=0; $q<count($skip_path_array); $q++){
302
- if(strpos($source_file_path, $skip_path_array[$q])){
303
- $flag_skip=1;
304
- break;
305
- }
306
- }
307
- }
308
- if($flag_skip == 1){
309
- continue;
310
- }
311
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
- $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
- if($extns){
314
- $nooffiles++;
315
- if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
316
- update_option('mo_wpns_files_scanned', $nooffiles);
317
- }
318
- }
319
-
320
- $hash_of_file= md5_file($source_file_path);
321
- $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
-
323
- $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
- $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
- $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
326
- $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
327
- $malware_status = $scanmalware? 0 : 1;
328
- $repo_status = $repocheck? 0 : 1;
329
- $link_status = $extlink? 0 : 1;
330
- if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
331
-
332
- else{
333
- $flag_update=0;
334
- $file_content=file_get_contents($source_file_path);
335
- $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
- if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
- $malware_status = 1;
338
- $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
- $postdata = array('file' => $cfile);
340
- $content_type = 'multipart/form-data';
341
- $issues = $this->mo_wpns_malware_scan_request( $host, $content_type,$postdata);
342
- if ($issues) {
343
- $scan_malware_count++;
344
- $scanresult['scan'] = $issues;
345
- $flag_update=1;
346
- }
347
- }else{
348
-
349
- }
350
-
351
- if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
- if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
- $repo_status = 1;
355
- if($value==$base){
356
- $repo_file_path=$repo_folder_path['base'];
357
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
358
- $repo_file_path=$repo_folder_path['plugins'];
359
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
360
- $repo_file_path=$repo_folder_path['themes'];
361
- }
362
- $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
363
- if(!empty($issues)){
364
- $repo_issue_count++;
365
- $scanresult['repo']=$issues;
366
- $flag_update=1;
367
- }
368
- }
369
- }
370
- }
371
- if($extns && $extlink){
372
- if($scan_config['ext_link_check'] == 1){
373
- $link_status = 1;
374
- $elresult= $this->check_external_link($file_content);
375
- if(!empty($elresult)){
376
- $malicious_link_count++;
377
- $flag_update=1;
378
- $scanresult['extl']=$elresult;
379
- }
380
- }
381
- }
382
- if($flag_update == 0){
383
- $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
384
- $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
385
- $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
386
- $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
387
- if(empty($res)){
388
- $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
389
- }else{
390
- $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
391
- }
392
- }else{
393
- $infected_files=get_option('mo_wpns_infected_files');
394
- $infected_files++;
395
- if(!empty($res)){
396
- $mo2f_malware_db_handler->delete_hash($source_file_path);
397
- }
398
- update_option('mo_wpns_infected_files', $infected_files);
399
- }
400
- }
401
- if(!empty($scanresult))
402
- $scanresults[$source_file_path]=$scanresult;
403
- }
404
- }
405
- }
406
- }
407
- $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
408
- if($malware_server_status){
409
- $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
410
- $postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
411
- $content_type = 'application/x-www-form-urlencoded';
412
- $lastRequest = $this->mo_wpns_malware_scan_request( $host, $content_type,$postdata);
413
- }
414
- update_option('mo_wpns_files_scanned', $nooffiles);
415
- return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
416
- }else{
417
- return array('message'=>'CURL not installed on the server.');
418
- }
419
- } else {
420
- return array('message'=>'No folder selected for scanning.');
421
- }
422
- }
423
-
424
- function mo_wpns_check_malware_server_status($host){
425
- $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
426
- if ( ! $fsock ){
427
- return FALSE;
428
- }else{
429
- fclose($fsock);
430
- return TRUE;
431
- }
432
- }
433
-
434
- function mo_wpns_malware_scan_request( $host, $content_type,$postdata = array()){
435
- $response = null;
436
- $ch=curl_init($host);
437
- curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
438
- curl_setopt( $ch, CURLOPT_ENCODING, "" );
439
- curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
440
- curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
441
- curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
442
- curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
443
- curl_setopt( $ch, CURLOPT_POST, true );
444
- curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
445
- $results=curl_exec($ch);
446
- curl_close($ch);
447
- if($results==false){
448
- error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
449
- }else{
450
- $result = json_decode($results, true);
451
- if(isset($result['status'])){
452
- if ($result['status'] == 'success') {
453
- if($result['result']!='OK')
454
- $response = $result['result'];
455
- }else if($result['status']=='error'){
456
- error_log("Exception on server");
457
- }
458
- }else if(strpos($results, 'Summary')){
459
-
460
- }else{
461
- error_log("Any other issues on server");
462
- }
463
- }
464
- return $response;
465
- }
466
-
467
- function check_with_repo_files($file_content, $repo_file_path){
468
- $issues = array();
469
- if(file_exists($repo_file_path)){
470
- $content=@file_get_contents($repo_file_path);
471
- $hash_repo = md5($content);
472
- $hash_file = md5($file_content);
473
- if ($hash_file != $hash_repo) {
474
- $flag=1;
475
- $issues=array("exist" => "Mismatch in Files");
476
- }
477
- } else {
478
- $issues=array('exist'=>'Unwanted File Found');
479
- }
480
- return $issues;
481
- }
482
-
483
- function getlines($contents, $href){
484
- $newissues = 0;
485
- $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
486
- for($i=0; $i<count($lines); $i++){
487
- $line = $lines[$i];
488
- if (strpos($line, $href) !== false) {
489
- $newissues = $i+1;
490
- }
491
- }
492
- return $newissues;
493
- }
494
-
495
- function check_external_link($contents){
496
- $issues = array();
497
- $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
498
- if(isset($hrefs[1])){
499
- foreach($hrefs[1] as $href){
500
- if($this->isexternal($href)){
501
- $line=$this->getlines($contents, $href);
502
- $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
503
- }
504
- }
505
- }
506
- return $issues;
507
- }
508
-
509
- function isexternal($url) {
510
- $url = trim($url);
511
- $url = trim($url,';');
512
- $url = trim($url,'(');
513
- $url = trim($url,')');
514
- $url = trim($url,"'");
515
- $url = trim($url,'"');
516
- $components = parse_url($url);
517
- if(isset($components['host'])){
518
- if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
519
- else{
520
- if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
521
- return true;
522
- }
523
- }
524
- }
525
- return false;
526
- }
527
- function check_vulnerable_code($contents){
528
- $issues = array();
529
- $tokens = token_get_all($contents);
530
-
531
- for($i=0; $i< sizeof($tokens); $i++) {
532
- $token = $tokens[$i];
533
- if (is_array($token)) {
534
- if(in_array(token_name($token[0]), array("T_EVAL"))){
535
- $issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
536
- if(!empty($issue))
537
- $issues[] = $issue;
538
- } else if(in_array(token_name($token[0]), array("T_STRING"))){
539
- if(in_array($token[1],array("popen","fsockopen"))){
540
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
541
- if(!empty($issue))
542
- $issues[] = $issue;
543
- } else if(in_array($token[1],array("assert"))){
544
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
545
- if(!empty($issue))
546
- $issues[] = $issue;
547
- } else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
548
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
549
- if(!empty($issue))
550
- $issues[] = $issue;
551
- } else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
552
- $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
553
- if(!empty($issue))
554
- $issues[] = $issue;
555
- }
556
- }
557
- }
558
- }
559
- return $issues;
560
- }
561
-
562
- function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
563
-
564
- $flag = 1;
565
- $argument = "";
566
- $line = "";
567
- $issue = array();
568
- for($j=$start; $j< sizeof($tokens); $j++) {
569
- $innertoken = $tokens[$j];
570
- if ($flag==1 && is_array($innertoken)) {
571
- $argument .= $innertoken[1];
572
- if(empty($line))
573
- $line = $innertoken[2];
574
- } else if($innertoken==";"){
575
- $argument .= ";";
576
- if($checkForExternalLink){
577
- if($this->isexternal($argument)){
578
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
579
- }
580
- } else {
581
- $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
582
- }
583
- break;
584
- } else if($flag==1){
585
- $argument .= $innertoken;
586
- }
587
- }
588
- return $issue;
589
- }
590
-
591
- function remove_dir($repo_path){
592
- $dir=$repo_path;
593
- $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
594
- $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
595
- foreach($files as $file) {
596
- if ($file->isDir()){
597
- rmdir($file->getRealPath());
598
- } else {
599
- unlink($file->getRealPath());
600
- }
601
- }
602
- rmdir($dir);
603
- }
604
-
605
- function count_total_files($folder_paths, $base, $scan_config){
606
-
607
- $file_count=0;
608
- $file_ext = $scan_config['file_extension'];
609
- $extensions = array();
610
- if(empty($file_ext)){
611
-
612
- }else{
613
- if(strpos($file_ext,';') !=false){
614
- $extensions = explode(";", $file_ext);
615
- }else{
616
- array_push($extensions, $file_ext);
617
- }
618
- }
619
- $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
620
- $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
621
- $skip_path_array= array();
622
- for($i=0; $i<count($folder_skip_array); $i++){
623
- $pathParts = explode('/', $folder_skip_array[$i]);
624
- $n= sizeof($pathParts)-1;
625
- $folder= $pathParts[$n];
626
- array_push($skip_path_array, $folder);
627
- }
628
- foreach ($folder_paths as $value) {
629
- if (is_dir($value)) {
630
- foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
631
- if ($item->isFile()) {
632
- $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
633
- if ($value == $base && ($scan_config['core_scan'] == 1)){
634
- $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
635
- if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
636
-
637
- }else{
638
- continue;
639
- }
640
- }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
641
- continue;
642
- } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
643
- continue;
644
- }
645
- $flag_skip=0;
646
- if (!empty($folder_skip_array)) {
647
- for($q=0; $q<count($skip_path_array); $q++){
648
- if(strpos($source_file_path, $skip_path_array[$q])){
649
- $flag_skip=1;
650
- break;
651
- }
652
- }
653
- }
654
- if($flag_skip == 1){
655
- continue;
656
- }
657
- $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
658
- $extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
659
- if($extns)
660
- $file_count++;
661
- }
662
- }
663
- }
664
- }
665
- update_option('mo_wpns_total_files', $file_count);
666
- }
667
- }
668
- new Mo_wpns_Scan_Handler;
669
  ?>
1
+ <?php
2
+
3
+ class Mo_wpns_Scan_Handler{
4
+ private $total_files_to_scan;
5
+ public $scanned_files = array();
6
+ function __construct(){
7
+
8
+ }
9
+ function mo2f_scan_all_files($scan_config){
10
+ update_option('mo_wpns_scan_initialize', 0);
11
+ update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
12
+ update_option('mo_wpns_files_scanned',0);
13
+ update_option('mo_wpns_infected_files',0);
14
+ ini_set('memory_limit', '-1');
15
+ ini_set('max_execution_time', 0);
16
+ $result = array();
17
+ $folderpaths = array();
18
+ $wp_repo_file = array();
19
+ $folderNames = "";
20
+ $repo_check_status = $scan_config['check_repo'];
21
+ $repo_check_status_code = 0;
22
+ $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
+ $hostname = 'wordpress.org';
24
+ $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
25
+ if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
26
+ $scan_config['check_repo'] = 0;
27
+ $repo_check_status_code = -97;
28
+ }
29
+ if (!$wordpress_server_status) {
30
+ $scan_config['check_repo'] = 0;
31
+ $repo_check_status_code = -98;
32
+ }
33
+ $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
34
+ if($scan_config['core_scan'] == 1){
35
+ $folderpaths['base'] = $base;
36
+ $folderNames .= "WP Files;";
37
+ }
38
+ if($scan_config['plugin_scan'] == 1){
39
+ $folderpaths['plugins'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."plugins";
40
+ $folderNames .= "Plugins;";
41
+ }
42
+ if($scan_config['theme_scan'] == 1){
43
+ $folderpaths['themes'] = $base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."themes";
44
+ $folderNames .= "Themes;";
45
+ }
46
+ if($scan_config['check_repo'] == 1){
47
+ $folderNames .= "WP Repo Files;";
48
+ }
49
+ $this->count_total_files($folderpaths, $base, $scan_config);
50
+
51
+ if ( ! function_exists( 'get_plugins' ) ) {
52
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
53
+ }
54
+ if ( ! function_exists( 'plugins_api' ) ) {
55
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
56
+ }
57
+ if($scan_config['check_repo'] == 1){
58
+ if(!is_dir($repo_file_path)){
59
+ mkdir($repo_file_path);
60
+ }
61
+ if($scan_config['core_scan'] == 1){
62
+ require(ABSPATH . 'wp-includes/version.php');
63
+ //wordpress name to be changed to be changed based on version
64
+ $zip_name="wp-".$wp_version;
65
+ $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
66
+ update_option('downloaded_wordpress_repo_name', $zip_name);
67
+ if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
68
+ $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
69
+ if($result === -99){
70
+ $scan_config['check_repo'] = 0;
71
+ $repo_check_status_code = -99;
72
+ }else if(!$result){
73
+ $scan_config['check_repo'] = 0;
74
+ $repo_check_status_code = -100;
75
+ }
76
+ }
77
+ }
78
+ if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
79
+ $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
80
+ if(!is_dir($wp_plugin_repo_file)){
81
+ mkdir($wp_plugin_repo_file);
82
+ }
83
+ $wp_repo_file['plugins']=$wp_plugin_repo_file;
84
+ $plugin_list=get_site_transient( 'update_plugins' );
85
+ $all_plugins=array();
86
+ foreach ($plugin_list as $key => $value) {
87
+ if($key=='response'||$key=='no_update'){
88
+ foreach ($value as $ke => $val) {
89
+ $all_plugins[$ke] = $val;
90
+ }
91
+ }
92
+ }
93
+ $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
94
+ if($result === -99){
95
+ $scan_config['check_repo'] = 0;
96
+ $repo_check_status_code = -99;
97
+ }else if(!$result){
98
+ $scan_config['check_repo'] = 0;
99
+ $repo_check_status_code = -100;
100
+ }
101
+ }
102
+ if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
103
+ $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
104
+ if(!is_dir($wp_theme_repo_file)){
105
+ mkdir($wp_theme_repo_file);
106
+ }
107
+ $wp_repo_file['themes']=$wp_theme_repo_file;
108
+ $all_themes=get_site_transient( 'update_themes' )->checked;
109
+ $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
110
+ if($result === -99){
111
+ $scan_config['check_repo'] = 0;
112
+ $repo_check_status_code = -99;
113
+ }else if(!$result){
114
+ $scan_config['check_repo'] = 0;
115
+ $repo_check_status_code = -100;
116
+ }
117
+ }
118
+ }
119
+ $mo2f_malware_db_handler = new MoWpnsDB();
120
+ $time = current_time('timestamp');
121
+ $result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
122
+ $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
123
+ if($result['scan']){
124
+ foreach ($result['scan'] as $key => $value) {
125
+ $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
126
+ }
127
+ }
128
+ $result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
129
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
130
+ if(is_dir($repo_file_path)){
131
+ $this->remove_dir($repo_file_path);
132
+ }
133
+ update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
134
+ $total_scan=$mo2f_malware_db_handler->count_files();
135
+ $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
136
+ $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
137
+ $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
138
+ if($total_scan > 999){
139
+ $total_scan=($total_scan/1000);
140
+ $total_scan= round($total_scan,1)."k";
141
+ }
142
+ if($total_malicious > 999){
143
+ $total_malicious=($total_malicious/1000);
144
+ $total_malicious= round($total_malicious,1)."k";
145
+ }
146
+ $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
147
+ wp_send_json($response);
148
+ }
149
+
150
+ function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
151
+ foreach($themes_or_plugins as $key => $data){
152
+ if($type=='plugins'){
153
+ $plugin_slug=$data->slug;
154
+ $plugin_directory_location=dirname(dirname(dirname($path))).DIRECTORY_SEPARATOR.'plugins';
155
+ $plugin_data=get_plugin_data($plugin_directory_location.DIRECTORY_SEPARATOR.$data->plugin);
156
+ $plugin_version=$plugin_data['Version'];
157
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
158
+ $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
+ if($result === -99){
160
+ return -99;
161
+ }else if(!$result){
162
+ return false;
163
+ }
164
+ }
165
+ } else if($type=='themes'){
166
+ if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
+ $result= $this->download_repo($key, $data, $path, $type);
168
+ if($result === -99){
169
+ return -99;
170
+ }else if(!$result){
171
+ return false;
172
+ }
173
+ }
174
+ }
175
+ }
176
+ return true;
177
+ }
178
+
179
+ function download_repo($zip_name, $version, $path, $type=''){
180
+ if ($type=='plugins') {
181
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".".$version.".zip";
182
+ $plugin_name=$zip_name.'.'.$version;
183
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
184
+ if( $download_result){
185
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
186
+ return $result;
187
+ }else {
188
+ $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
189
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
190
+ if( $download_result){
191
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
192
+ return $result;
193
+ }else {
194
+ error_log("Unable to download Plugin: ".$plugin_name);
195
+ return -99;
196
+ }
197
+ return -99;
198
+ }
199
+ } else if($type=='themes'){
200
+ $theme_name=$zip_name.'.'.$version;
201
+ $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
202
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
203
+ if( $download_result){
204
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
205
+ return $result;
206
+ }else {
207
+ $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
208
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
209
+ if( $download_result){
210
+ $result = $this->unzip_downloaded_repo($zip_name, $path);
211
+ return $result;
212
+ }else {
213
+ error_log("Unable to download Theme: ".$theme_name);
214
+ return -99;
215
+ }
216
+ return -99;
217
+ }
218
+ } else {
219
+ $download_link="https://wordpress.org/wordpress-".$version.".zip";
220
+ $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
221
+ if($download_result){
222
+ $result=$this->unzip_downloaded_repo($zip_name, $path);
223
+ return $result;
224
+ } else {
225
+ error_log("Unable to download wordpress-".$version);
226
+ return -99;
227
+ }
228
+ }
229
+ return false;
230
+ }
231
+
232
+ function unzip_downloaded_repo($name, $path){
233
+ $zip = new ZipArchive;
234
+ $folder_path=$path.DIRECTORY_SEPARATOR.$name.".zip";
235
+ $res = $zip->open($folder_path);
236
+ if ($res === TRUE) {
237
+ // extract it to the path we determined above
238
+ $result = $zip->extractTo($path);
239
+ $zip->close();
240
+ if ($name == get_option('downloaded_wordpress_repo_name')) {
241
+ rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
242
+ }
243
+ unlink($folder_path);
244
+ return true;
245
+ } else {
246
+ return false;
247
+ }
248
+ }
249
+
250
+ function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
251
+ if(!empty($folderpaths)){
252
+ if ( in_array( 'curl', get_loaded_extensions() ) ) {
253
+ $scanresults=array();
254
+ $nooffiles=0;
255
+ $scan_malware_count = 0;
256
+ $repo_issue_count = 0;
257
+ $malicious_link_count = 0;
258
+ $file_ext = $scan_config['file_extension'];
259
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
260
+ $extensions = array();
261
+ $hostname = 'scanner.api.xecurify.com';
262
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
263
+ if(empty($file_ext)){
264
+ }else{
265
+ if(strpos($file_ext,';') !=false){
266
+ $extensions = explode(";", $file_ext);
267
+ }else{
268
+ array_push($extensions, $file_ext);
269
+ }
270
+ }
271
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
272
+ $skip_path_array= array();
273
+ for($i=0; $i<count($folder_skip_array); $i++){
274
+ $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
275
+ $n= sizeof($pathParts)-1;
276
+ $folder= $pathParts[$n];
277
+ array_push($skip_path_array, $folder);
278
+ }
279
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
280
+ foreach ($folderpaths as $value) {
281
+ $onearr = array();
282
+ if (is_dir($value)) {
283
+ foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
284
+ if ($item->isFile()) {
285
+ $scanresult=array();
286
+ $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
287
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
288
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
289
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
290
+
291
+ }else{
292
+ continue;
293
+ }
294
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
295
+ continue;
296
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
297
+ continue;
298
+ }
299
+ $flag_skip=0;
300
+ if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
301
+ for($q=0; $q<count($skip_path_array); $q++){
302
+ if(strpos($source_file_path, $skip_path_array[$q])){
303
+ $flag_skip=1;
304
+ break;
305
+ }
306
+ }
307
+ }
308
+ if($flag_skip == 1){
309
+ continue;
310
+ }
311
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
+ $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
+ if($extns){
314
+ $nooffiles++;
315
+ if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
316
+ update_option('mo_wpns_files_scanned', $nooffiles);
317
+ }
318
+ }
319
+
320
+ $hash_of_file= md5_file($source_file_path);
321
+ $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
+
323
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
+ $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
+ $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
326
+ $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
327
+ $malware_status = $scanmalware? 0 : 1;
328
+ $repo_status = $repocheck? 0 : 1;
329
+ $link_status = $extlink? 0 : 1;
330
+ if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
331
+
332
+ else{
333
+ $flag_update=0;
334
+ $file_content=file_get_contents($source_file_path);
335
+ $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
+ if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
+ $malware_status = 1;
338
+ $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
+ $postdata = array('file' => $cfile);
340
+ $content_type = 'multipart/form-data';
341
+ $issues = $this->mo_wpns_malware_scan_request( $host, $content_type,$postdata);
342
+ if ($issues) {
343
+ $scan_malware_count++;
344
+ $scanresult['scan'] = $issues;
345
+ $flag_update=1;
346
+ }
347
+ }else{
348
+
349
+ }
350
+
351
+ if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
+ if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
+ $repo_status = 1;
355
+ if($value==$base){
356
+ $repo_file_path=$repo_folder_path['base'];
357
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
358
+ $repo_file_path=$repo_folder_path['plugins'];
359
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
360
+ $repo_file_path=$repo_folder_path['themes'];
361
+ }
362
+ $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
363
+ if(!empty($issues)){
364
+ $repo_issue_count++;
365
+ $scanresult['repo']=$issues;
366
+ $flag_update=1;
367
+ }
368
+ }
369
+ }
370
+ }
371
+ if($extns && $extlink){
372
+ if($scan_config['ext_link_check'] == 1){
373
+ $link_status = 1;
374
+ $elresult= $this->check_external_link($file_content);
375
+ if(!empty($elresult)){
376
+ $malicious_link_count++;
377
+ $flag_update=1;
378
+ $scanresult['extl']=$elresult;
379
+ }
380
+ }
381
+ }
382
+ if($flag_update == 0){
383
+ $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
384
+ $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
385
+ $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
386
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
387
+ if(empty($res)){
388
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
389
+ }else{
390
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
391
+ }
392
+ }else{
393
+ $infected_files=get_option('mo_wpns_infected_files');
394
+ $infected_files++;
395
+ if(!empty($res)){
396
+ $mo2f_malware_db_handler->delete_hash($source_file_path);
397
+ }
398
+ update_option('mo_wpns_infected_files', $infected_files);
399
+ }
400
+ }
401
+ if(!empty($scanresult))
402
+ $scanresults[$source_file_path]=$scanresult;
403
+ }
404
+ }
405
+ }
406
+ }
407
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
408
+ if($malware_server_status){
409
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
410
+ $postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
411
+ $content_type = 'application/x-www-form-urlencoded';
412
+ $lastRequest = $this->mo_wpns_malware_scan_request( $host, $content_type,$postdata);
413
+ }
414
+ update_option('mo_wpns_files_scanned', $nooffiles);
415
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
416
+ }else{
417
+ return array('message'=>'CURL not installed on the server.');
418
+ }
419
+ } else {
420
+ return array('message'=>'No folder selected for scanning.');
421
+ }
422
+ }
423
+
424
+ function mo_wpns_check_malware_server_status($host){
425
+ $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
426
+ if ( ! $fsock ){
427
+ return FALSE;
428
+ }else{
429
+ fclose($fsock);
430
+ return TRUE;
431
+ }
432
+ }
433
+
434
+ function mo_wpns_malware_scan_request( $host, $content_type,$postdata = array()){
435
+ $response = null;
436
+ $ch=curl_init($host);
437
+ curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
438
+ curl_setopt( $ch, CURLOPT_ENCODING, "" );
439
+ curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
440
+ curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
441
+ curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
442
+ curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
443
+ curl_setopt( $ch, CURLOPT_POST, true );
444
+ curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
445
+ $results=curl_exec($ch);
446
+ curl_close($ch);
447
+ if($results==false){
448
+ error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
449
+ }else{
450
+ $result = json_decode($results, true);
451
+ if(isset($result['status'])){
452
+ if ($result['status'] == 'success') {
453
+ if($result['result']!='OK')
454
+ $response = $result['result'];
455
+ }else if($result['status']=='error'){
456
+ error_log("Exception on server");
457
+ }
458
+ }else if(strpos($results, 'Summary')){
459
+
460
+ }else{
461
+ error_log("Any other issues on server");
462
+ }
463
+ }
464
+ return $response;
465
+ }
466
+
467
+ function check_with_repo_files($file_content, $repo_file_path){
468
+ $issues = array();
469
+ if(file_exists($repo_file_path)){
470
+ $content=@file_get_contents($repo_file_path);
471
+ $hash_repo = md5($content);
472
+ $hash_file = md5($file_content);
473
+ if ($hash_file != $hash_repo) {
474
+ $flag=1;
475
+ $issues=array("exist" => "Mismatch in Files");
476
+ }
477
+ } else {
478
+ $issues=array('exist'=>'Unwanted File Found');
479
+ }
480
+ return $issues;
481
+ }
482
+
483
+ function getlines($contents, $href){
484
+ $newissues = 0;
485
+ $lines = preg_split("/((\r?\n)|(\r\n?))/", $contents);
486
+ for($i=0; $i<count($lines); $i++){
487
+ $line = $lines[$i];
488
+ if (strpos($line, $href) !== false) {
489
+ $newissues = $i+1;
490
+ }
491
+ }
492
+ return $newissues;
493
+ }
494
+
495
+ function check_external_link($contents){
496
+ $issues = array();
497
+ $hrefs = preg_match_all('/<a\s+(?:[^"\'>]+|"[^"]*"|\'[^\']*\')*href=("[^"]+"|\'[^\'‌​]+\'|[^<>\s]+)/i', $contents, $matches) ? $matches: array();
498
+ if(isset($hrefs[1])){
499
+ foreach($hrefs[1] as $href){
500
+ if($this->isexternal($href)){
501
+ $line=$this->getlines($contents, $href);
502
+ $issues[] = array("i"=>"eld", "d"=>$href, "l"=>$line);
503
+ }
504
+ }
505
+ }
506
+ return $issues;
507
+ }
508
+
509
+ function isexternal($url) {
510
+ $url = trim($url);
511
+ $url = trim($url,';');
512
+ $url = trim($url,'(');
513
+ $url = trim($url,')');
514
+ $url = trim($url,"'");
515
+ $url = trim($url,'"');
516
+ $components = parse_url($url);
517
+ if(isset($components['host'])){
518
+ if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
519
+ else{
520
+ if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
521
+ return true;
522
+ }
523
+ }
524
+ }
525
+ return false;
526
+ }
527
+ function check_vulnerable_code($contents){
528
+ $issues = array();
529
+ $tokens = token_get_all($contents);
530
+
531
+ for($i=0; $i< sizeof($tokens); $i++) {
532
+ $token = $tokens[$i];
533
+ if (is_array($token)) {
534
+ if(in_array(token_name($token[0]), array("T_EVAL"))){
535
+ $issue = $this->getFunctionArgumentsOrEnclosedString("eval", $tokens, $i+1, "vlc", false);
536
+ if(!empty($issue))
537
+ $issues[] = $issue;
538
+ } else if(in_array(token_name($token[0]), array("T_STRING"))){
539
+ if(in_array($token[1],array("popen","fsockopen"))){
540
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", true);
541
+ if(!empty($issue))
542
+ $issues[] = $issue;
543
+ } else if(in_array($token[1],array("assert"))){
544
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "vlc", false);
545
+ if(!empty($issue))
546
+ $issues[] = $issue;
547
+ } else if(in_array($token[1],array("exec","shell_exec","passthru","system","proc_"))){
548
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "shc", false);
549
+ if(!empty($issue))
550
+ $issues[] = $issue;
551
+ } else if(in_array($token[1],array("mysql_connect","mysqli_connect","mysqli_real_connect","PDO"))){
552
+ $issue = $this->getFunctionArgumentsOrEnclosedString($token[1], $tokens, $i+1, "sqc", false);
553
+ if(!empty($issue))
554
+ $issues[] = $issue;
555
+ }
556
+ }
557
+ }
558
+ }
559
+ return $issues;
560
+ }
561
+
562
+ function getFunctionArgumentsOrEnclosedString($issueFunction, $tokens, $start, $issuetype, $checkForExternalLink){
563
+
564
+ $flag = 1;
565
+ $argument = "";
566
+ $line = "";
567
+ $issue = array();
568
+ for($j=$start; $j< sizeof($tokens); $j++) {
569
+ $innertoken = $tokens[$j];
570
+ if ($flag==1 && is_array($innertoken)) {
571
+ $argument .= $innertoken[1];
572
+ if(empty($line))
573
+ $line = $innertoken[2];
574
+ } else if($innertoken==";"){
575
+ $argument .= ";";
576
+ if($checkForExternalLink){
577
+ if($this->isexternal($argument)){
578
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
579
+ }
580
+ } else {
581
+ $issue = array("l"=>$line, "t"=> $issueFunction, "i"=>$issuetype, "d"=>$argument);
582
+ }
583
+ break;
584
+ } else if($flag==1){
585
+ $argument .= $innertoken;
586
+ }
587
+ }
588
+ return $issue;
589
+ }
590
+
591
+ function remove_dir($repo_path){
592
+ $dir=$repo_path;
593
+ $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
594
+ $files = new RecursiveIteratorIterator($it,RecursiveIteratorIterator::CHILD_FIRST);
595
+ foreach($files as $file) {
596
+ if ($file->isDir()){
597
+ rmdir($file->getRealPath());
598
+ } else {
599
+ unlink($file->getRealPath());
600
+ }
601
+ }
602
+ rmdir($dir);
603
+ }
604
+
605
+ function count_total_files($folder_paths, $base, $scan_config){
606
+
607
+ $file_count=0;
608
+ $file_ext = $scan_config['file_extension'];
609
+ $extensions = array();
610
+ if(empty($file_ext)){
611
+
612
+ }else{
613
+ if(strpos($file_ext,';') !=false){
614
+ $extensions = explode(";", $file_ext);
615
+ }else{
616
+ array_push($extensions, $file_ext);
617
+ }
618
+ }
619
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
620
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
621
+ $skip_path_array= array();
622
+ for($i=0; $i<count($folder_skip_array); $i++){
623
+ $pathParts = explode('/', $folder_skip_array[$i]);
624
+ $n= sizeof($pathParts)-1;
625
+ $folder= $pathParts[$n];
626
+ array_push($skip_path_array, $folder);
627
+ }
628
+ foreach ($folder_paths as $value) {
629
+ if (is_dir($value)) {
630
+ foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
631
+ if ($item->isFile()) {
632
+ $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
633
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
634
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
635
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
636
+
637
+ }else{
638
+ continue;
639
+ }
640
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
641
+ continue;
642
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
643
+ continue;
644
+ }
645
+ $flag_skip=0;
646
+ if (!empty($folder_skip_array)) {
647
+ for($q=0; $q<count($skip_path_array); $q++){
648
+ if(strpos($source_file_path, $skip_path_array[$q])){
649
+ $flag_skip=1;
650
+ break;
651
+ }
652
+ }
653
+ }
654
+ if($flag_skip == 1){
655
+ continue;
656
+ }
657
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
658
+ $extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
659
+ if($extns)
660
+ $file_count++;
661
+ }
662
+ }
663
+ }
664
+ }
665
+ update_option('mo_wpns_total_files', $file_count);
666
+ }
667
+ }
668
+ new Mo_wpns_Scan_Handler;
669
  ?>
handler/mo-block.html CHANGED
@@ -1,9 +1,9 @@
1
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
- <div>
3
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
- <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
5
- <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
6
- <div><h6 style="font-size: 21px;margin-left: 19em;margin-top: 7em;color: red;">Your IP has been blocked. Please Contact your Administrator.<h6></div>
7
- <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
8
- </div>
9
- </div>
1
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
+ <div>
3
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
+ <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
5
+ <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
6
+ <div><h6 style="font-size: 21px;margin-left: 19em;margin-top: 7em;color: red;">Your IP has been blocked. Please Contact your Administrator.<h6></div>
7
+ <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
8
+ </div>
9
+ </div>
handler/mo-error.html CHANGED
@@ -1,11 +1,11 @@
1
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
- <div>
3
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
- <div>
5
- <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
- <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
- <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
- <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
- <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
- </div>
11
  </div>
1
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
+ <div>
3
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
+ <div>
5
+ <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
6
+ <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
7
+ <div><h6 style="font-size: 21px;margin-left: 23em;margin-top: 7em;color: red;">Your request was detected as suspicious.<h6></div>
8
+ <div><h6 style="font-size: 21px;margin-left: 17em;margin-top: -2em;color: red;">Please Contact Your Site Administrator if you feel the request is legitimate.<h6></div>
9
+ <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
10
+ </div>
11
  </div>
handler/mo-waf-plugin.php CHANGED
@@ -1,410 +1,410 @@
1
- <?php
2
-
3
- $dir =dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
- $xssFile = $dir.'/signature/APXSS.php';
7
- $lfiFile = $dir.'/signature/APLFI.php';
8
- $configfilepath = explode('wp-content', $dir);
9
- $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
-
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
-
26
- global $wpdb;
27
- $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
31
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
34
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
35
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
36
- else if(isset($_SERVER['HTTP_FORWARDED']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
38
- else if(isset($_SERVER['REMOTE_ADDR']))
39
- $ipaddress = $_SERVER['REMOTE_ADDR'];
40
- else
41
- $ipaddress = 'UNKNOWN';
42
-
43
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
44
- $results = $wpdb->get_results($query);
45
-
46
- if(sizeof($results)!=0)
47
- {
48
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
49
- $results1 = $wpdb->get_results($query);
50
- if(sizeof($results1)!=0)
51
- {
52
- //IP whitelisted
53
- }
54
- else
55
- {
56
- header('HTTP/1.1 403 Forbidden');
57
- include_once("mo-block.html");
58
- exit;
59
- }
60
- }
61
- $dir_name = dirname(__FILE__);
62
- $dir_name1 = explode('wp-content', $dir_name);
63
- $dir_name = $dir_name1[0];
64
- $filepath = str_replace('\\', '/', $dir_name1[0]);
65
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
66
-
67
- if($missingFile==1)
68
- {
69
- if(!file_exists($fileName))
70
- {
71
- $file = fopen($fileName, "a+");
72
- $string = "<?php".PHP_EOL;
73
- $string .= '$SQL = '.get_option("SQLInjection").';'.PHP_EOL;
74
- $string .= '$XSS = '.get_option("XSSAttack").';'.PHP_EOL;
75
- $string .= '$RFI = '.get_option("RFIAttack").';'.PHP_EOL;
76
- $string .= '$LFI = '.get_option("LFIAttack").';'.PHP_EOL;
77
- $string .= '$RCE = '.get_option("RCEAttack").';'.PHP_EOL;
78
- $string .= '$RateLimiting = '.get_option("Rate_limiting").';'.PHP_EOL;
79
- $string .= '$RequestsPMin = '.get_option("Rate_request").';'.PHP_EOL;
80
-
81
- if(get_option('actionRateL') == 0)
82
- $string .= '$actionRateL = "ThrottleIP";'.PHP_EOL;
83
- else
84
- $string .= '$actionRateL = "BlockIP";'.PHP_EOL;
85
-
86
- $string .= '?>'.PHP_EOL;
87
- fwrite($file, $string);
88
- fclose($file);
89
-
90
- }
91
-
92
- }
93
- include_once($fileName);
94
-
95
-
96
- if($RateLimiting == 1)
97
- {
98
- $time = 60;
99
- $reqLimit = $RequestsPMin;
100
-
101
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
102
- $results = $wpdb->get_results($query);
103
-
104
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
105
- $results = $wpdb->get_results($query);
106
-
107
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
108
- $results = $wpdb->get_results($query);
109
-
110
- if($results[0]->count>=$reqLimit)
111
- {
112
- $action = $actionRateL;
113
- if($action == 'ThrottleIP')
114
- {
115
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
116
- $results = $wpdb->get_results($query);
117
- $current_time = time();
118
- if($results[0]->time < $current_time-60)
119
- {
120
- $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
121
- $results = $wpdb->get_results($query);
122
- }
123
- header('HTTP/1.1 403 Forbidden');
124
- include_once("mo-error.html");
125
- exit;
126
- }
127
- else
128
- {
129
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
130
- $results = $wpdb->get_results($query);
131
- $current_time = time();
132
- if($results[0]->time < $current_time-60)
133
- {
134
- $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
135
- $results = $wpdb->get_results($query);
136
- }
137
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
138
- $results1 = $wpdb->get_results($query);
139
- if(sizeof($results1)!=0)
140
- {
141
- //IP whitelisted
142
- }
143
- else
144
- {
145
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".current_time( 'timestamp' ).");";
146
- $results =$wpdb->get_results($query);
147
- }
148
- header('HTTP/1.1 403 Forbidden');
149
- include_once("mo-error.html");
150
- exit;
151
- }
152
- }
153
- }
154
- $attack = array();
155
- if($SQL==1)
156
- {
157
- array_push($attack,"SQL");
158
- }
159
- if($XSS==1)
160
- {
161
- array_push($attack,"XSS");
162
- }
163
- if($LFI==1)
164
- {
165
- array_push($attack,"LFI");
166
- }
167
-
168
- $attackC = $attack;
169
- $ParanoiaLevel = 1;
170
- $annomalyS = 0;
171
- $SQLScore = 0;
172
- $XSSScore = 0;
173
- $limitAttack = get_option('limitAttack');
174
-
175
-
176
- foreach ($attackC as $key1 => $value1) {
177
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
178
- {
179
- if(isset($regex[$value1][$lev]))
180
- {
181
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
182
- {
183
- foreach ($_REQUEST as $key => $value) {
184
- if($regex[$value1][$lev][$i] != "")
185
- {
186
- if(strpos($regex[$value1][$lev][$i], '/') == false)
187
- {
188
- if(is_string($value))
189
- {
190
-
191
- if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
192
- {
193
- $scoreValue = 0;
194
-
195
- $annomalyMS = $score[$value1][$lev][$i];
196
- if(strcmp($annomalyMS,"CRITICAL")==0)
197
- {
198
- $scoreValue = 5;
199
- }
200
-
201
- elseif(strcmp($annomalyMS,"WARNING")==0)
202
- {
203
- $scoreValue = 3;
204
- }
205
- elseif(strcmp($annomalyMS,"ERROR")==0)
206
- {
207
- $scoreValue = 4;
208
- }
209
- elseif(strcmp($annomalyMS,"NOTICE")==0)
210
- {
211
- $scoreValue =2;
212
- }
213
-
214
- if($value1 == "SQL")
215
- {
216
- $SQLScore += $scoreValue;
217
-
218
- }
219
- elseif ($value1 == "XSS")
220
- {
221
- $XSSScore += $scoreValue;
222
- }
223
- else
224
- {
225
- $annomalyS += $scoreValue;
226
- }
227
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
228
- {
229
- $value = htmlspecialchars($value);
230
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
231
- $results = $wpdb->get_results($query);
232
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
233
- $results = $wpdb->get_results($query);
234
- if($results[0]->count>$limitAttack)
235
- {
236
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
237
- $results = $wpdb->get_results($query);
238
- if(sizeof($results)!=0)
239
- {
240
- //IP whitelisted
241
- }
242
- else
243
- {
244
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
245
- $results =$wpdb->get_results($query);
246
- }
247
- }
248
- header('HTTP/1.1 403 Forbidden');
249
- include_once("mo-error.html");
250
- exit;
251
- }
252
-
253
- }
254
- }
255
- }
256
- else if (strpos($regex[$value1][$lev][$i], '#') == false) {
257
- if(is_string($value))
258
- {
259
-
260
- if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
261
- {
262
- $scoreValue = 0;
263
- $annomalyMS = $score[$value1][$lev][$i];
264
- if(strcmp($annomalyMS,"CRITICAL")==0)
265
- {
266
- $scoreValue = 5;
267
- }
268
-
269
- elseif(strcmp($annomalyMS,"WARNING")==0)
270
- {
271
- $scoreValue = 3;
272
- }
273
- elseif(strcmp($annomalyMS,"ERROR")==0)
274
- {
275
- $scoreValue = 4;
276
- }
277
- elseif(strcmp($annomalyMS,"NOTICE")==0)
278
- {
279
- $scoreValue =2;
280
- }
281
-
282
-
283
- if($value1 == "SQL")
284
- {
285
- $SQLScore += $scoreValue;
286
-
287
- }
288
- elseif ($value1 == "XSS")
289
- {
290
- $XSSScore += $scoreValue;
291
- }
292
- else
293
- {
294
- $annomalyS += $scoreValue;
295
- }
296
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
297
- {
298
- $value = htmlspecialchars($value);
299
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
300
- $results = $wpdb->get_results($query);
301
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
302
- $results = $wpdb->get_results($query);
303
-
304
- if($results[0]->count>$limitAttack)
305
- {
306
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
307
- $results = $wpdb->get_results($query);
308
- if(sizeof($results)!=0)
309
- {
310
- //IP whitelisted
311
- }
312
- else
313
- {
314
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
315
- $results =$wpdb->get_results($query);
316
- }
317
- }
318
- header('HTTP/1.1 403 Forbidden');
319
- include_once("mo-error.html");
320
- exit;
321
- }
322
- }
323
- }
324
- }
325
-
326
- elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
327
- if(is_string($value))
328
- {
329
-
330
- if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
331
- {
332
- $scoreValue = 0;
333
- $annomalyMS = $score[$value1][$lev][$i];
334
- if(strcmp($annomalyMS,"CRITICAL")==0)
335
- {
336
- $scoreValue = 5;
337
- }
338
-
339
- elseif(strcmp($annomalyMS,"WARNING")==0)
340
- {
341
- $scoreValue = 3;
342
- }
343
- elseif(strcmp($annomalyMS,"ERROR")==0)
344
- {
345
- $scoreValue = 4;
346
- }
347
- elseif(strcmp($annomalyMS,"NOTICE")==0)
348
- {
349
- $scoreValue =2;
350
- }
351
-
352
-
353
- if($value1 == "SQL")
354
- {
355
- $SQLScore += $scoreValue;
356
-
357
- }
358
- elseif ($value1 == "XSS")
359
- {
360
- $XSSScore += $scoreValue;
361
- }
362
- else
363
- {
364
- $annomalyS += $scoreValue;
365
- }
366
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
367
- {
368
- $value = htmlspecialchars($value);
369
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
370
- $results = $wpdb->get_results($query);
371
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
372
- $results = $wpdb->get_results($query);
373
-
374
- if($results[0]->count>$limitAttack)
375
- {
376
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
377
- $results = $wpdb->get_results($query);
378
- if(sizeof($results)!=0)
379
- {
380
- //IP whitelisted
381
- }
382
- else
383
- {
384
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
385
- $results =$wpdb->get_results($query);
386
- }
387
- }
388
- header('HTTP/1.1 403 Forbidden');
389
- include_once("mo-error.html");
390
- exit;
391
- }
392
- }
393
- }
394
-
395
- }
396
-
397
- }
398
- }
399
-
400
- }
401
- }
402
-
403
- }
404
- }
405
-
406
-
407
-
408
-
409
-
410
  ?>
1
+ <?php
2
+
3
+ $dir =dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
+ $xssFile = $dir.'/signature/APXSS.php';
7
+ $lfiFile = $dir.'/signature/APLFI.php';
8
+ $configfilepath = explode('wp-content', $dir);
9
+ $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
+
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+
26
+ global $wpdb;
27
+ $ipaddress = '';
28
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
29
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
31
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
32
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
33
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
34
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
35
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
36
+ else if(isset($_SERVER['HTTP_FORWARDED']))
37
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
38
+ else if(isset($_SERVER['REMOTE_ADDR']))
39
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
40
+ else
41
+ $ipaddress = 'UNKNOWN';
42
+
43
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
44
+ $results = $wpdb->get_results($query);
45
+
46
+ if(sizeof($results)!=0)
47
+ {
48
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
49
+ $results1 = $wpdb->get_results($query);
50
+ if(sizeof($results1)!=0)
51
+ {
52
+ //IP whitelisted
53
+ }
54
+ else
55
+ {
56
+ header('HTTP/1.1 403 Forbidden');
57
+ include_once("mo-block.html");
58
+ exit;
59
+ }
60
+ }
61
+ $dir_name = dirname(__FILE__);
62
+ $dir_name1 = explode('wp-content', $dir_name);
63
+ $dir_name = $dir_name1[0];
64
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
65
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
66
+
67
+ if($missingFile==1)
68
+ {
69
+ if(!file_exists($fileName))
70
+ {
71
+ $file = fopen($fileName, "a+");
72
+ $string = "<?php".PHP_EOL;
73
+ $string .= '$SQL = '.get_option("SQLInjection").';'.PHP_EOL;
74
+ $string .= '$XSS = '.get_option("XSSAttack").';'.PHP_EOL;
75
+ $string .= '$RFI = '.get_option("RFIAttack").';'.PHP_EOL;
76
+ $string .= '$LFI = '.get_option("LFIAttack").';'.PHP_EOL;
77
+ $string .= '$RCE = '.get_option("RCEAttack").';'.PHP_EOL;
78
+ $string .= '$RateLimiting = '.get_option("Rate_limiting").';'.PHP_EOL;
79
+ $string .= '$RequestsPMin = '.get_option("Rate_request").';'.PHP_EOL;
80
+
81
+ if(get_option('actionRateL') == 0)
82
+ $string .= '$actionRateL = "ThrottleIP";'.PHP_EOL;
83
+ else
84
+ $string .= '$actionRateL = "BlockIP";'.PHP_EOL;
85
+
86
+ $string .= '?>'.PHP_EOL;
87
+ fwrite($file, $string);
88
+ fclose($file);
89
+
90
+ }
91
+
92
+ }
93
+ include_once($fileName);
94
+
95
+
96
+ if($RateLimiting == 1)
97
+ {
98
+ $time = 60;
99
+ $reqLimit = $RequestsPMin;
100
+
101
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
102
+ $results = $wpdb->get_results($query);
103
+
104
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
105
+ $results = $wpdb->get_results($query);
106
+
107
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
108
+ $results = $wpdb->get_results($query);
109
+
110
+ if($results[0]->count>=$reqLimit)
111
+ {
112
+ $action = $actionRateL;
113
+ if($action == 'ThrottleIP')
114
+ {
115
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
116
+ $results = $wpdb->get_results($query);
117
+ $current_time = time();
118
+ if($results[0]->time < $current_time-60)
119
+ {
120
+ $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
121
+ $results = $wpdb->get_results($query);
122
+ }
123
+ header('HTTP/1.1 403 Forbidden');
124
+ include_once("mo-error.html");
125
+ exit;
126
+ }
127
+ else
128
+ {
129
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
130
+ $results = $wpdb->get_results($query);
131
+ $current_time = time();
132
+ if($results[0]->time < $current_time-60)
133
+ {
134
+ $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
135
+ $results = $wpdb->get_results($query);
136
+ }
137
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
138
+ $results1 = $wpdb->get_results($query);
139
+ if(sizeof($results1)!=0)
140
+ {
141
+ //IP whitelisted
142
+ }
143
+ else
144
+ {
145
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".current_time( 'timestamp' ).");";
146
+ $results =$wpdb->get_results($query);
147
+ }
148
+ header('HTTP/1.1 403 Forbidden');
149
+ include_once("mo-error.html");
150
+ exit;
151
+ }
152
+ }
153
+ }
154
+ $attack = array();
155
+ if($SQL==1)
156
+ {
157
+ array_push($attack,"SQL");
158
+ }
159
+ if($XSS==1)
160
+ {
161
+ array_push($attack,"XSS");
162
+ }
163
+ if($LFI==1)
164
+ {
165
+ array_push($attack,"LFI");
166
+ }
167
+
168
+ $attackC = $attack;
169
+ $ParanoiaLevel = 1;
170
+ $annomalyS = 0;
171
+ $SQLScore = 0;
172
+ $XSSScore = 0;
173
+ $limitAttack = get_option('limitAttack');
174
+
175
+
176
+ foreach ($attackC as $key1 => $value1) {
177
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
178
+ {
179
+ if(isset($regex[$value1][$lev]))
180
+ {
181
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
182
+ {
183
+ foreach ($_REQUEST as $key => $value) {
184
+ if($regex[$value1][$lev][$i] != "")
185
+ {
186
+ if(strpos($regex[$value1][$lev][$i], '/') == false)
187
+ {
188
+ if(is_string($value))
189
+ {
190
+
191
+ if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
192
+ {
193
+ $scoreValue = 0;
194
+
195
+ $annomalyMS = $score[$value1][$lev][$i];
196
+ if(strcmp($annomalyMS,"CRITICAL")==0)
197
+ {
198
+ $scoreValue = 5;
199
+ }
200
+
201
+ elseif(strcmp($annomalyMS,"WARNING")==0)
202
+ {
203
+ $scoreValue = 3;
204
+ }
205
+ elseif(strcmp($annomalyMS,"ERROR")==0)
206
+ {
207
+ $scoreValue = 4;
208
+ }
209
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
210
+ {
211
+ $scoreValue =2;
212
+ }
213
+
214
+ if($value1 == "SQL")
215
+ {
216
+ $SQLScore += $scoreValue;
217
+
218
+ }
219
+ elseif ($value1 == "XSS")
220
+ {
221
+ $XSSScore += $scoreValue;
222
+ }
223
+ else
224
+ {
225
+ $annomalyS += $scoreValue;
226
+ }
227
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
228
+ {
229
+ $value = htmlspecialchars($value);
230
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
231
+ $results = $wpdb->get_results($query);
232
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
233
+ $results = $wpdb->get_results($query);
234
+ if($results[0]->count>$limitAttack)
235
+ {
236
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
237
+ $results = $wpdb->get_results($query);
238
+ if(sizeof($results)!=0)
239
+ {
240
+ //IP whitelisted
241
+ }
242
+ else
243
+ {
244
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
245
+ $results =$wpdb->get_results($query);
246
+ }
247
+ }
248
+ header('HTTP/1.1 403 Forbidden');
249
+ include_once("mo-error.html");
250
+ exit;
251
+ }
252
+
253
+ }
254
+ }
255
+ }
256
+ else if (strpos($regex[$value1][$lev][$i], '#') == false) {
257
+ if(is_string($value))
258
+ {
259
+
260
+ if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
261
+ {
262
+ $scoreValue = 0;
263
+ $annomalyMS = $score[$value1][$lev][$i];
264
+ if(strcmp($annomalyMS,"CRITICAL")==0)
265
+ {
266
+ $scoreValue = 5;
267
+ }
268
+
269
+ elseif(strcmp($annomalyMS,"WARNING")==0)
270
+ {
271
+ $scoreValue = 3;
272
+ }
273
+ elseif(strcmp($annomalyMS,"ERROR")==0)
274
+ {
275
+ $scoreValue = 4;
276
+ }
277
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
278
+ {
279
+ $scoreValue =2;
280
+ }
281
+
282
+
283
+ if($value1 == "SQL")
284
+ {
285
+ $SQLScore += $scoreValue;
286
+
287
+ }
288
+ elseif ($value1 == "XSS")
289
+ {
290
+ $XSSScore += $scoreValue;
291
+ }
292
+ else
293
+ {
294
+ $annomalyS += $scoreValue;
295
+ }
296
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
297
+ {
298
+ $value = htmlspecialchars($value);
299
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
300
+ $results = $wpdb->get_results($query);
301
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
302
+ $results = $wpdb->get_results($query);
303
+
304
+ if($results[0]->count>$limitAttack)
305
+ {
306
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
307
+ $results = $wpdb->get_results($query);
308
+ if(sizeof($results)!=0)
309
+ {
310
+ //IP whitelisted
311
+ }
312
+ else
313
+ {
314
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
315
+ $results =$wpdb->get_results($query);
316
+ }
317
+ }
318
+ header('HTTP/1.1 403 Forbidden');
319
+ include_once("mo-error.html");
320
+ exit;
321
+ }
322
+ }
323
+ }
324
+ }
325
+
326
+ elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
327
+ if(is_string($value))
328
+ {
329
+
330
+ if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
331
+ {
332
+ $scoreValue = 0;
333
+ $annomalyMS = $score[$value1][$lev][$i];
334
+ if(strcmp($annomalyMS,"CRITICAL")==0)
335
+ {
336
+ $scoreValue = 5;
337
+ }
338
+
339
+ elseif(strcmp($annomalyMS,"WARNING")==0)
340
+ {
341
+ $scoreValue = 3;
342
+ }
343
+ elseif(strcmp($annomalyMS,"ERROR")==0)
344
+ {
345
+ $scoreValue = 4;
346
+ }
347
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
348
+ {
349
+ $scoreValue =2;
350
+ }
351
+
352
+
353
+ if($value1 == "SQL")
354
+ {
355
+ $SQLScore += $scoreValue;
356
+
357
+ }
358
+ elseif ($value1 == "XSS")
359
+ {
360
+ $XSSScore += $scoreValue;
361
+ }
362
+ else
363
+ {
364
+ $annomalyS += $scoreValue;
365
+ }
366
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
367
+ {
368
+ $value = htmlspecialchars($value);
369
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
370
+ $results = $wpdb->get_results($query);
371
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
372
+ $results = $wpdb->get_results($query);
373
+
374
+ if($results[0]->count>$limitAttack)
375
+ {
376
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
377
+ $results = $wpdb->get_results($query);
378
+ if(sizeof($results)!=0)
379
+ {
380
+ //IP whitelisted
381
+ }
382
+ else
383
+ {
384
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
385
+ $results =$wpdb->get_results($query);
386
+ }
387
+ }
388
+ header('HTTP/1.1 403 Forbidden');
389
+ include_once("mo-error.html");
390
+ exit;
391
+ }
392
+ }
393
+ }
394
+
395
+ }
396
+
397
+ }
398
+ }
399
+
400
+ }
401
+ }
402
+
403
+ }
404
+ }
405
+
406
+
407
+
408
+
409
+
410
  ?>
handler/realtime_ip_block_free.php CHANGED
@@ -1,52 +1,52 @@
1
- <?php
2
- /**
3
- *
4
- */
5
- class MO2F_realtime_free
6
- {
7
-
8
- function __construct()
9
- {
10
- add_filter( 'cron_schedules', array($this,'mo_2fa_realtime_blocking_int'));
11
- add_action( 'mo2f_realtime_ip_block_free_hook', array($this,'mo2f_realtime_ip_block_free') );
12
-
13
- }
14
- function mo2f_realtime_ip_block_free()
15
- {
16
- global $wpnsDbQueries;
17
- $results = $wpnsDbQueries->get_blocked_ips_realtime();
18
-
19
- $ip_addresses = array();
20
- $mo2f_added_ips = get_site_option('mo2f_added_ips_realtime');
21
- $sizeofResults = sizeof($results);
22
-
23
- $mo2f_added_ips = explode(',', $mo2f_added_ips);
24
-
25
- for($i = 0;$i<$sizeofResults;$i++)
26
- {
27
- if($results[$i]->ip_address != '::1' and $results[$i]->ip_address != '127.0.0.1' and rest_is_ip_address($results[$i]->ip_address))
28
- {
29
- if(!in_array($results[$i]->ip_address, $mo2f_added_ips))
30
- {
31
- array_push($ip_addresses,$results[$i]->ip_address);
32
- }
33
- }
34
- }
35
-
36
-
37
- add_to_blacklist($ip_addresses,get_site_option('siteurl'));
38
-
39
- }
40
- function mo_2fa_realtime_blocking_int()
41
- {
42
- $mo2f_cron_hours = 7200;
43
- $schedules['mo2f_realtime_ipblock_free'] = array(
44
- 'interval' => $mo2f_cron_hours,
45
- 'display' => esc_html__( 'Cron Activated' ),
46
- );
47
- return $schedules;
48
- }
49
- }
50
- new MO2F_realtime_free;
51
-
52
  ?>
1
+ <?php
2
+ /**
3
+ *
4
+ */
5
+ class MO2F_realtime_free
6
+ {
7
+
8
+ function __construct()
9
+ {
10
+ add_filter( 'cron_schedules', array($this,'mo_2fa_realtime_blocking_int'));
11
+ add_action( 'mo2f_realtime_ip_block_free_hook', array($this,'mo2f_realtime_ip_block_free') );
12
+
13
+ }
14
+ function mo2f_realtime_ip_block_free()
15
+ {
16
+ global $wpnsDbQueries;
17
+ $results = $wpnsDbQueries->get_blocked_ips_realtime();
18
+
19
+ $ip_addresses = array();
20
+ $mo2f_added_ips = get_site_option('mo2f_added_ips_realtime');
21
+ $sizeofResults = sizeof($results);
22
+
23
+ $mo2f_added_ips = explode(',', $mo2f_added_ips);
24
+
25
+ for($i = 0;$i<$sizeofResults;$i++)
26
+ {
27
+ if($results[$i]->ip_address != '::1' and $results[$i]->ip_address != '127.0.0.1' and rest_is_ip_address($results[$i]->ip_address))
28
+ {
29
+ if(!in_array($results[$i]->ip_address, $mo2f_added_ips))
30
+ {
31
+ array_push($ip_addresses,$results[$i]->ip_address);
32
+ }
33
+ }
34
+ }
35
+
36
+
37
+ add_to_blacklist($ip_addresses,get_site_option('siteurl'));
38
+
39
+ }
40
+ function mo_2fa_realtime_blocking_int()
41
+ {
42
+ $mo2f_cron_hours = 7200;
43
+ $schedules['mo2f_realtime_ipblock_free'] = array(
44
+ 'interval' => $mo2f_cron_hours,
45
+ 'display' => esc_html__( 'Cron Activated' ),
46
+ );
47
+ return $schedules;
48
+ }
49
+ }
50
+ new MO2F_realtime_free;
51
+
52
  ?>
handler/recaptcha.php CHANGED
@@ -1,156 +1,156 @@
1
- <?php
2
-
3
- class mo2f_ReCaptcha
4
- {
5
- function __construct()
6
- {
7
- add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
- add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
- add_action( 'register_form' , array($this, 'register_with_captcha') );
10
- add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
- add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
- add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
- }
14
-
15
-
16
- //Function to handle Testing reCaptcha
17
- function handle_recaptcha()
18
- {
19
- global $moWpnsUtility,$mo2f_dirName;
20
- if (current_user_can( 'manage_options' ))
21
- {
22
- if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig')
23
- {
24
- if(array_key_exists('g-recaptcha-response',$_POST))
25
- {
26
- $userIp = $moWpnsUtility->get_client_ip();
27
- $mocURL = new MocURL;
28
- $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
29
- $content = json_decode($response, true);
30
- if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
31
- echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
32
- else if(isset($content['success']) && $content['success']==1)
33
- echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
34
- else
35
- echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
36
- }
37
- show_google_recaptcha_form_v2();
38
- }
39
- if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig3')
40
- {
41
- if(array_key_exists('g-recaptcha-response',$_REQUEST))
42
- {
43
- $userIp = $moWpnsUtility->get_client_ip();
44
- $mocURL = new MocURL;
45
-
46
- $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
47
-
48
- $content = json_decode($response, true);
49
- if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
50
- echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
51
- else if(isset($content['success']) && $content['success']==1)
52
- {
53
-
54
- if($content['success']==1)
55
- {
56
- if($content['score']>=0.9)
57
- {
58
- echo "<br><br><h2 style=color:green;text-align:center>Welcome!</h2>";
59
- echo "<h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
60
- }
61
- else echo "<br><br><h2 style=color:red;text-align:center>Captcha verification failed! Permission denied.</h2>";
62
- }
63
- }
64
- else
65
- echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
66
- }
67
- show_google_recaptcha_form_v3();
68
- }
69
- }
70
- }
71
-
72
-
73
- function custom_login_fields()
74
- {
75
- global $moWpnsUtility,$mo2f_dirName;
76
- if(get_option('mo_wpns_activate_recaptcha_for_login') && MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'))
77
- {
78
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
79
- show_google_recaptcha_form_v3_login();
80
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
81
- {
82
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
83
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
84
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
85
- }
86
- }
87
- }
88
-
89
-
90
- function register_with_captcha(){
91
- global $moWpnsUtility,$mo2f_dirName;
92
- if(get_option('mo_wpns_activate_recaptcha_for_registration'))
93
- {
94
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
95
- show_google_recaptcha_form_v3_login();
96
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
97
- show_google_recaptcha_form_v2_login();
98
- }
99
- }
100
-
101
- function woocommerce_register_with_captcha(){
102
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
103
- {
104
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
105
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
106
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
107
- }
108
- }
109
-
110
- function woocommerce_login_with_captcha(){
111
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
112
- {
113
-
114
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
115
-
116
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
117
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
118
- }
119
- }
120
-
121
- function woocommerce_register_with_captcha_checkout(){
122
-
123
- if (!is_user_logged_in()){
124
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
125
- {
126
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
127
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
128
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
129
- }
130
- }
131
- }
132
-
133
- public static function recaptcha_verify($response)
134
- {
135
- global $moWpnsUtility;
136
- $userIp = $moWpnsUtility->get_client_ip();
137
- $mocURL = new MocURL;
138
- $response = $mocURL->validate_recaptcha($userIp,$response);
139
- $content = json_decode($response, true);
140
- $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
141
- return $isvalid;
142
- }
143
-
144
- public static function recaptcha_verify_3($response)
145
- {
146
- global $moWpnsUtility;
147
- $userIp = $moWpnsUtility->get_client_ip();
148
- $mocURL = new MocURL;
149
- $response = $mocURL->get_Captcha_v3($response);
150
- $content = json_decode($response, true);
151
- $isvalid = isset($content['success']) && $content['success']==1 && $content['score']>=0.9? true : false;
152
- return $isvalid;
153
- }
154
-
155
- }
156
- new mo2f_ReCaptcha;
1
+ <?php
2
+
3
+ class mo2f_ReCaptcha
4
+ {
5
+ function __construct()
6
+ {
7
+ add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
+ add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
+ add_action( 'register_form' , array($this, 'register_with_captcha') );
10
+ add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
+ add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
+ add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
+ }
14
+
15
+
16
+ //Function to handle Testing reCaptcha
17
+ function handle_recaptcha()
18
+ {
19
+ global $moWpnsUtility,$mo2f_dirName;
20
+ if (current_user_can( 'manage_options' ))
21
+ {
22
+ if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig')
23
+ {
24
+ if(array_key_exists('g-recaptcha-response',$_POST))
25
+ {
26
+ $userIp = $moWpnsUtility->get_client_ip();
27
+ $mocURL = new MocURL;
28
+ $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
29
+ $content = json_decode($response, true);
30
+ if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
31
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
32
+ else if(isset($content['success']) && $content['success']==1)
33
+ echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
34
+ else
35
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
36
+ }
37
+ show_google_recaptcha_form_v2();
38
+ }
39
+ if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig3')
40
+ {
41
+ if(array_key_exists('g-recaptcha-response',$_REQUEST))
42
+ {
43
+ $userIp = $moWpnsUtility->get_client_ip();
44
+ $mocURL = new MocURL;
45
+
46
+ $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
47
+
48
+ $content = json_decode($response, true);
49
+ if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
50
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
51
+ else if(isset($content['success']) && $content['success']==1)
52
+ {
53
+
54
+ if($content['success']==1)
55
+ {
56
+ if($content['score']>=0.9)
57
+ {
58
+ echo "<br><br><h2 style=color:green;text-align:center>Welcome!</h2>";
59
+ echo "<h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
60
+ }
61
+ else echo "<br><br><h2 style=color:red;text-align:center>Captcha verification failed! Permission denied.</h2>";
62
+ }
63
+ }
64
+ else
65
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
66
+ }
67
+ show_google_recaptcha_form_v3();
68
+ }
69
+ }
70
+ }
71
+
72
+
73
+ function custom_login_fields()
74
+ {
75
+ global $moWpnsUtility,$mo2f_dirName;
76
+ if(get_option('mo_wpns_activate_recaptcha_for_login') && MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'))
77
+ {
78
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
79
+ show_google_recaptcha_form_v3_login();
80
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
81
+ {
82
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
83
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
84
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
85
+ }
86
+ }
87
+ }
88
+
89
+
90
+ function register_with_captcha(){
91
+ global $moWpnsUtility,$mo2f_dirName;
92
+ if(get_option('mo_wpns_activate_recaptcha_for_registration'))
93
+ {
94
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
95
+ show_google_recaptcha_form_v3_login();
96
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
97
+ show_google_recaptcha_form_v2_login();
98
+ }
99
+ }
100
+
101
+ function woocommerce_register_with_captcha(){
102
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
103
+ {
104
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
105
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
106
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
107
+ }
108
+ }
109
+
110
+ function woocommerce_login_with_captcha(){
111
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
112
+ {
113
+
114
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
115
+
116
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
117
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
118
+ }
119
+ }
120
+
121
+ function woocommerce_register_with_captcha_checkout(){
122
+
123
+ if (!is_user_logged_in()){
124
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
125
+ {
126
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
127
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
128
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
129
+ }
130
+ }
131
+ }
132
+
133
+ public static function recaptcha_verify($response)
134
+ {
135
+ global $moWpnsUtility;
136
+ $userIp = $moWpnsUtility->get_client_ip();
137
+ $mocURL = new MocURL;
138
+ $response = $mocURL->validate_recaptcha($userIp,$response);
139
+ $content = json_decode($response, true);
140
+ $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
141
+ return $isvalid;
142
+ }
143
+
144
+ public static function recaptcha_verify_3($response)
145
+ {
146
+ global $moWpnsUtility;
147
+ $userIp = $moWpnsUtility->get_client_ip();
148
+ $mocURL = new MocURL;
149
+ $response = $mocURL->get_Captcha_v3($response);
150
+ $content = json_decode($response, true);
151
+ $isvalid = isset($content['success']) && $content['success']==1 && $content['score']>=0.9? true : false;
152
+ return $isvalid;
153
+ }
154
+
155
+ }
156
+ new mo2f_ReCaptcha;
handler/security_features.php CHANGED
@@ -1,47 +1,47 @@
1
- <?php
2
- class Mo_2fa_security_features
3
- {
4
- function wpns_2fa_features_only()
5
- {
6
- update_option( 'mo_wpns_2fa_with_network_security', 0);
7
- update_option( 'mo_wpns_2fa_with_network_security_popup_visible', 0);
8
- ?><script>window.location.href="admin.php?page=mo_2fa_two_fa";</script><?php
9
-
10
- }
11
-
12
- function wpns_2fa_with_network_security($postvalue)
13
- {
14
- $nonce= sanitize_text_field(wp_unslash($_POST['mo_security_features_nonce']));
15
-
16
- if ( wp_verify_nonce( $nonce, 'mo_2fa_security_features_nonce' ) )
17
- {
18
- $enable_newtwork_security_features = isset($postvalue['mo_wpns_2fa_with_network_security']) ? true : false;
19
-
20
- update_option( 'mo_wpns_2fa_with_network_security', $enable_newtwork_security_features);
21
-
22
- if ($enable_newtwork_security_features)
23
- {
24
- $mo2f_enable_all_enable = new Mo2f_ajax_dashboard();
25
- $mo2f_enable_all_enable -> mo2f_handle_all_enable(1);
26
- }
27
-
28
-
29
-
30
- update_option( 'mo_wpns_2fa_with_network_security_popup_visible', 0);
31
- if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option'))
32
- {
33
- ?><script>window.location.href="admin.php?page=mo_2fa_dashboard";</script><?php
34
- }
35
- else
36
- {
37
- ?><script>window.location.href="admin.php?page=mo_2fa_two_fa";</script><?php
38
- }
39
-
40
-
41
- }
42
- else
43
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
44
-
45
- }
46
- }new Mo_2fa_security_features;
47
- ?>
1
+ <?php
2
+ class Mo_2fa_security_features
3
+ {
4
+ function wpns_2fa_features_only()
5
+ {
6
+ update_option( 'mo_wpns_2fa_with_network_security', 0);
7
+ update_option( 'mo_wpns_2fa_with_network_security_popup_visible', 0);
8
+ ?><script>window.location.href="admin.php?page=mo_2fa_two_fa";</script><?php
9
+
10
+ }
11
+
12
+ function wpns_2fa_with_network_security($postvalue)
13
+ {
14
+ $nonce= sanitize_text_field(wp_unslash($_POST['mo_security_features_nonce']));
15
+
16
+ if ( wp_verify_nonce( $nonce, 'mo_2fa_security_features_nonce' ) )
17
+ {
18
+ $enable_newtwork_security_features = isset($postvalue['mo_wpns_2fa_with_network_security']) ? true : false;
19
+
20
+ update_option( 'mo_wpns_2fa_with_network_security', $enable_newtwork_security_features);
21
+
22
+ if ($enable_newtwork_security_features)
23
+ {
24
+ $mo2f_enable_all_enable = new Mo2f_ajax_dashboard();
25
+ $mo2f_enable_all_enable -> mo2f_handle_all_enable(1);
26
+ }
27
+
28
+
29
+
30
+ update_option( 'mo_wpns_2fa_with_network_security_popup_visible', 0);
31
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option'))
32
+ {
33
+ ?><script>window.location.href="admin.php?page=mo_2fa_dashboard";</script><?php
34
+ }
35
+ else
36
+ {
37
+ ?><script>window.location.href="admin.php?page=mo_2fa_two_fa";</script><?php
38
+ }
39
+
40
+
41
+ }
42
+ else
43
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
44
+
45
+ }
46
+ }new Mo_2fa_security_features;
47
+ ?>
handler/signature/APLFI.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
- $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
1
+ <?php
2
+
3
+ $regex['LFI'][1] = array( "#(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))#" , "# (?:^|[\\/])\.\.(?:[\\/]|$)#","#(?:etc/(?:s(?:e(?:curity/(?:(?:(?:namespac|tim)e|sepermit|access).conf|l(?:imits(?:.conf)?|astlog)|(?:failedlogi|enviro)n|pa(?:m_env.conf|sswd)|group(?:.conf)?|opasswd|user)|nsors3?.conf)|ys(?:c(?:tl(?:.d/(?:10-(?:(?:network|process)-security|console-messages)|wine.sysctl))?.conf|onfig/network-scripts/ifcfg-eth0)|log.conf)|quirrelmail/(?:(?:config(?:_(?:default|local)|/config)?|sqspell_config|filters_setup|index).php|(?:default_pre|apache.con)f)|amba/(?:s(?:mb(?:.conf(?:.user)?|passwd|users)|amba.conf)|private/smbpasswd|dhcp.conf|netlogon)|(?:w-cp-server/applications.d/(?:00-sso-cpserver|plesk)|tunnel/stunnel).conf|u(?:bversion/config|se-release|doers)|s(?:o/sso_config.ini|h/sshd_config)|m(?:b(?:passwd|.conf)|i.conf)|lackware-release|hadow[-~]?)|a(?:p(?:ache(?:2(?:/(?:(?:mods-(?:available/(?:m(?:em_cach|im)e|s(?:etenvif|sl)|d(?:eflate|ir)|autoindex|proxy)|enabled/(?:(?:statu|alia)s|d(?:eflate|ir)|negotiation|mime|php5))|(?:apache|httpd)2?|default-server|ports).conf|s(?:ites-(?:available/default(?:-ssl)?|enabled/(?:000-)?default)|sl-global.conf)|conf(?:.d/(?:phpmyadmin.conf|security|charset)|/httpd.conf)|vhosts.d/(?:00_default_vhost.conf|default_vhost.include)|envvars)|2(?:/conf)?/httpd.conf)|/(?:a(?:ccess|pache)|(?:conf/)?httpd|default-server).conf)|t/apt.conf)|(?:vahi/avahi-daemon|dduser).conf|lias)|p(?:hp(?:(?:(?:(?:4(?:/(?:apache2?|cgi)|.4/fcgi)|5/(?:apache2?|cgi))/|/(?:(?:apache2?|cgi)/|(?:php4/)?))php)?.ini|myadmin/config.inc.php)|u(?:re(?:-ftpd(?:/pure(?:-ftpd.(?:conf|pdb)|ftpd.pdb)|.conf)|ftpd.p(?:asswd|db))|lse/client.conf)|ro(?:f(?:tp(?:d/modules)?.conf|ile)|tpd/proftpd.conf)|a(?:ssw(?:ord.master|d[-~]?)|m.(?:d/proftpd|conf))|ostgresql/p(?:ostgresql|g_hba).conf)|m(?:o(?:no/(?:(?:2.0/(?:machine|web)|1.0/machine).)?config|d(?:probe.d/vmware-tools.conf|ules)|td)|(?:y(?:sql/(?:conf.d/old_passwords|my))?.c|iredo(?:/miredo)?(?:-server)?.co)nf|uddleftpd(?:/(?:mud(?:dleftpd.(?:passwd|conf)|log(?:d.conf)?)|passwd)|.com)|a(?:n(?:drake-release|path.config)|il/sendmail.conf)|t(?:ools.conf|ab))|h(?:ttp(?:d(?:/(?:conf(?:.d(?:/(?:squirrelmail|php).conf)?|/(?:apache2?|httpd).conf)?|(?:extra/httpd-ssl|apache2?|mod_php|httpd).conf|logs/(?:access.)log|php.ini)|.conf)|(?:/conf)?/httpd.conf)|ost(?:s(?:.(?:allow|deny))?|.conf|name)|dparm.conf)|c(?:ups/(?:(?:p(?:rinter|dftop)s|acroread).conf|cupsd.conf(?:.default)?)|(?:lamav/(?:freshclam|clamd)|vs-(?:pserver|cron)).conf|a(?:-certificates.conf(?:.dpkg-old)?|sper.conf)|h(?:krootkit.conf|rootusers)|r(?:ypt|on)tab)|w(?:icd/(?:(?:wire(?:less|d)|manager)-settings.conf|dhclient.conf.template.default)|u-ftpd/ftp(?:acces|host|user)s|ebmin/miniserv.(?:users|conf))|v(?:mware-tools/(?:(?:vmware-tools-libraries|tpvmlp).conf|config)|sftpd(?:.c(?:hroot_list|onf)|/vsftpd.conf)|hcs2/proftpd/proftpd.conf)|l(?:og(?:rotate.(?:d/(?:vsftpd.log|proftpd|ftp)|conf)|in.defs)|(?:ighttpd/lighthttpd|d(?:ap/ldap|.so)|trace).conf)|r(?:e(?:solv(?:conf/update-libc.d/sendmail|.conf)|d(?:is(?:-sentinel)?.conf|hat-release))|c.(?:d/rc.httpd|conf))|d(?:e(?:b(?:ian_version|conf.conf)|fault/grub|luser.conf)|(?:hcp(?:3/dhc(?:lient|pd)|/dhclient)|ns2tcpd).conf)|f(?:tp(?:(?:host|user)s|chroot)|(?:oremost|use).conf|edora-release|irewall.rules|stab)|b(?:luetooth/(?:network|rfcomm|input|main).conf|ash(?:_completion.d/debconf|.bashrc))|x11/xorg.conf(?:.(?:beforevmwaretoolsinstall|orig)|-v(?:mware|esa))?|i(?:n(?:it(?:tab|.d|/)|etd.conf)|pfw.(?:rules|conf)|ssue(?:.net)?)|t(?:i(?:nyproxy/tinyproxy.conf|mezone)|(?:or/tor-t)?socks.conf)|o(?:s(?:xhttpd/osxhttpd.conf|-release)|penldap/ldap.conf)|u(?:pdatedb.conf(?:.beforevmwaretoolsinstall)?|tmp)|n(?:e(?:wsyslog.conf|twork[/s])|ginx/nginx.conf)|e(?:(?:sound/esd|2fsck|tter).conf|xports)|k(?:ernel-(?:im|pk)g.conf|bd/config)|group-?)|usr(?:/(?:l(?:ocal/(?:p(?:hp(?:4/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|5/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini)|/(?:apache(?:2.conf(?:.php)?|.conf(?:.php)?)|httpd.conf(?:.php)?|lib/php.ini))|sa/admin/(?:htdocs/domains/databases/phpmyadmin/libraries/config.default.php|conf/(?:site_isolation_settings|php).ini|logs/(?:httpsd_access_|panel.)log)|gsql/(?:data/p(?:ostgresql.(?:conf|log)|g_(?:hba.conf|log)|asswd)|bin/pg_passwd)|ureftpd/(?:etc/pure(?:-ftpd.conf|ftpd.pdb)|sbin/pure-config.pl))|ap(?:ache(?:2(?:/(?:(?:conf/(?:(?:extra/httpd-)?ssl|vhosts(?:-custom)?|apache2?|modsec|httpd)|apache2?|httpd).conf|logs/(?:a(?:ccess.|udit_))?log)|2(?:/conf)?/httpd.conf)|/(?:conf/(?:(?:a(?:pache2?|ccess)|vhosts(?:-custom)?|modsec).conf|httpd.conf(?:.default)?|php.ini)|logs/(?:a(?:ccess.|udit_))?log|(?:apache2?|httpd).conf)|1.3/conf/httpd.conf)|ps/apache(?:2?2)?/conf/httpd.conf)|jakarta/(?:tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/(?:catalina.(?:err|out)|mod_jk.log))|dist/tomcat/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml|jakarta.conf)|logs/mod_jk.log))|etc/(?:(?:(?:apache(?:2(?:/(?:(?:conf/)?httpd|vhosts)|2(?:/conf)?/httpd)|/(?:(?:conf/)?httpd|vhosts))|nginx/nginx|smb).|httpd/(?:conf/httpd.)?)conf|p(?:ure(?:-ftpd.conf|ftpd.pdb)|hp.ini)|webmin/miniserv.(?:users|conf)|lighttpd.conf(?:.new)?)|l(?:i(?:ghttpd/(?:log/(?:lighttpd.error|access).log|conf/lighttpd.conf)|b/php.ini)|sws/(?:conf/httpd_conf.xml|logs/error.log)|ogs/(?:access|samba).log)|mysql/data/mysql(?:-(?:bin.(?:index|log)|slow.log)|.(?:err|log)|derror.log)|s(?:amba/lib/(?:smb.conf|log).user|quirrelmail/www/readme|b/config)|cpanel/logs/(?:l(?:icense|ogin)|(?:acces|stat)s|error)_log|ze(?:us/web/(?:global.cfg|log/errors)|nd/etc/php.ini)|(?:httpd/conf/httpd|nginx/conf/nginx).conf)|ib/(?:security/mkuser.default|(?:php/)?php.ini|cron/log))|s(?:hare/(?:tomcat(?:6/(?:conf/(?:(?:logging|workers).properties|(?:context|server).xml)|logs/catalina.(?:err|out))|/logs/catalina.(?:err|out))|squirrelmail/(?:plugins/squirrel_logger/setup|config/config).php|logs/catalina.(?:err|out)|adduser/adduser.conf)|bin/(?:mud(?:passw|log)d|pure-config.pl)|pool/(?:mqueue/sys|lp/)log)|p(?:orts/(?:contrib/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|ftp/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|net/pure-ftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf))|kg(?:src/net/pureftpd/pure(?:ftpd.p(?:asswd|db)|-ftpd.conf)|/etc/httpd/httpd(?:-(?:default|vhosts))?.conf))|home/user/(?:var/log/(?:lighttpd.error|apache).log|lighttpd/lighttpd.conf)|internet/pgsql/data/p(?:ostmaster.log|g_hba.conf)|(?:apache2?/conf/ht|etc/pure-f)tpd.conf)|\/local\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql\/data\/\{host\}.err))|v(?:ar(?:/(?:l(?:o(?:g(?:/(?:p(?:(?:o(?:stgres(?:ql(?:/(?:postgres(?:ql(?:-(?:8.[134]|9.[01])-main)?)?|main))?|/p(?:g_backup|ostgres)).|p)|(?:ure(?:-ftpd/pure-)?ftpd|m-powersave).|gsql(?:(?:/pgsql|8).|_))log|roftpd(?:.(?:access_|xfer)log|/xferlog.legacy)?)|(?:(?:v(?:mware/hostd(?:-1)?|sftpd)|cron/var/log/postgres|webmin/miniserv|boot).|a(?:pache(?:2/(?:(?:access|error).)|/(?:access.))|ccess.|uth.?)|e(?:xim[/_](?:reject|panic|main)|rror.)|httpd/(?:access.)|x(?:org.0.|fer))log|m(?:ysql(?:/(?:mysql(?:-(?:bin.(?:index|log)|slow.log)|.log)|data/mysql-bin.index)|.(?:err|log)|-bin.index|derror.log)|ail(?:.(?:info|warn|err|log)|log)|uddleftpd(?:.conf)?|essages(?:.1)?)|n(?:ews(?:/(?:news.(?:notice|crit|all|err)|suck.(?:notice|err))|.all)|ginx(?:.(?:access|error)_|/(?:access.))log)|s(?:(?:(?:quirrelmail|so/sso).|w-cp-server/error_)log|amba(?:/log.[ns]mbd|.log[12]?)|yslog(?:.1)?)|l(?:ighttpd(?:/(?:(?:access|error)(?:.www)?.log)?|.(?:access|error).log)|og.smb)|da(?:ta/mysql-bin.index|emon.log(?:.1)?)|ftp(?:-proxy(?:/ftp-proxy.log)?|log)|ipfw(?:.(?:today|log)|/ipfw.log)?|u(?:ser.log(?:.1)?|fw.log)|tomcat6/catalina.out|kern.log(?:.1)?)|s/access.log)|cal/www/conf/php.ini)|i(?:b/(?:(?:pgsql/data/postgresql.co|mysql/my.c)nf|squirrelmail/prefs/squirrelmail.log)|ghttpd.log)|p/logs/(?:lp(?:sched|net)|requests))|a(?:dm/(?:l(?:og(?:/(?:asppp.|xfer)|in)log|astlog/username|p/lpd-errs)|(?:ras/(?:boot|err)|s(?:ys|u)|vold.)log|cr(?:ash/(?:vmcore|unix)|on/log)|ac(?:ct/sum/loginlog|ulogs?)|(?:message|x0msg)s|[pq]acct|utmpx?|wtmpx?|dtmp)|pache/conf/httpd.conf)|www/(?:(?:html/squirrelmail(?:-1.2.9)?|squirrelmail)/config/config.php|(?:conf/httpd.)?conf|logs/(?:access.)log|.lighttpdpassword)|postgresql/(?:db/postgresql.conf|log/postgresql.log)|c(?:panel/(?:tomcat.options|cpanel.config)|ron/log)|m(?:ysql(?:-bin.index|.log)|ail/www-data)|data/mysql-bin.index|nm2/postgresql.conf|saf/(?:port/|_)log)|\/log\/lighttpd\/\{domain\}\/(?:access|error).log)|olumes/(?:macintosh_hd1/(?:usr/local/php(?:/(?:httpd.conf.php|lib/php.ini)|[45]/httpd.conf.php)|opt/(?:apache2?|httpd)/conf/httpd.conf)|webbackup/(?:private/etc/httpd/httpd.conf(?:.default)?|opt/apache2/conf/httpd.conf)))|p(?:r(?:o(?:gram files(?:/(?:apache (?:group/apache(?:/(?:(?:conf/(?:apache2?|httpd)|apache2?).conf|logs/(?:access|error).log)|2/conf/(?:apache2?|httpd).conf)|software foundation/apache2.2/(?:logs/(?:access|error).log|conf/httpd.conf))|mysql/(?:my(?:sql server 5.0/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini))|.(?:cnf|ini))|data/mysql(?:-bin.(?:index|log)|.(?:err|log)))|(?:postgresql/(?:8.[34]|9.[01])/data/p(?:g_(?:ident|hba)|ostgresql)|xampp/apache/conf/(?:apache2?|httpd)|vidalia bundle/polipo/polipo).conf)|\/(?:[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|mysql(?:\/mysql server 5.0)?\/data\/\{host\}.err))|c/(?:self/(?:fd/(?:[023456789]|1[012345]?)|stat(?:us)?|cmdline|environ|mounts)|(?:cpu|mem)info|net/(?:tc|ud)p|devices|version))|ivate(?:\/tmp\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/etc/(?:httpd/(?:httpd.conf(?:.default)?|apache2?.conf)|squirrelmail/config/config.php)))|a(?:ckage(?:-lock)?.json|rameters.yml)|ostgresql/log/pgadmin.log|hp[45]?/php.ini)|w(?:in(?:dows/(?:s(?:ystem32/(?:logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|drivers/etc/(?:(?:network|service|host)s|lmhosts.sam|protocol)|macromed/flash/(?:flash)?install.log)|etup(?:a(?:ct|pi)|err).log)|(?:(?:debug/net|repair/|com)setup|w(?:indowsupdate|msetup)|updspapi).log|(?:odbc|php).ini)|nt/(?:system32/logfiles/(?:firewall/pfirewall.log(?:.old)?|w3svc[123]?/inetsvn1.log|smtpsvc[12345]?|msftpsvc[12]?)|repair/sam._|php.ini))|amp/(?:bin/(?:apache/apache2.2.2(?:2/(?:(?:conf/(?:wampserver|httpd)|wampserver).conf|logs/(?:access|error).log)|1/(?:(?:conf/httpd|wampserver).conf|logs/(?:access|error).log))|mysql/mysql5.5.(?:16/(?:data/mysql-bin.index|wampserver.conf|my.ini)|24/(?:data/mysql-bin.index|wampserver.conf|my.ini))|php/php5.(?:3.8|4.3)/php.ini)|logs/(?:a(?:pache_error|ccess)|(?:slow|gen)query|mysql).log)|ww/(?:logs/(?:freebsddiary-(?:access_|error.)|proftpd.system.)log|(?:apache/)?conf/httpd.conf)|p-config.(?:t(?:e?mp|xt)|bak|old|php)|eb(?:pack.config.js|/conf/php.ini))|\.(?:s(?:sh/(?:id(?:_(?:dsa(?:.pub)?|rsa(?:.pub)?)|entity(?:.pub)?)|(?:authorized_key|known_host)s|config)|ubversion/(?:servers|config|auth)|(?:qlite|h)_history)|c(?:onfig/odesk/odesk team.conf|ache/notify-osd.log|shrc)|l(?:(?:ocal/share/mc|ftp)/|(?:ldb-)?history|esshst)|h(?:t(?:access|digest|passwd)|plip/hplip.conf)|p(?:(?:ython|sql|hp)_history|rofile|earrc|ki/)|bash(?:_(?:history|profile|config|logout)|rc)|(?:(?:(?:rediscli|ksh)_|R)histor|xauthorit)y|vi(?:dalia/vidalia.conf|m(?:info|rc))|n(?:(?:ode_repl|ano)_history|sr)|z(?:sh(?:_history|rc)|history)|tc(?:onn/tconn.conf|shrc)|my(?:sql_history|.cnf)|g(?:itconfig|nupg/)|aptitude/config|drush/)|o(?:pt(?:/(?:(?:apache(?:2(?:/(?:conf/(?:apache2?|httpd)|apache2?)|2/conf/httpd)|/(?:conf/(?:apache2?|httpd)|apache2?))|httpd/(?:conf/)?apache2?).conf|l(?:sws/(?:logs/(?:access|error).log|conf/httpd_conf.xml)|ampp/(?:logs/(?:access.)log|etc/httpd.conf))|xampp/(?:logs/(?:access.)log|etc/php.ini)|tomcat/logs/catalina.(?:err|out))|\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log))|rmconfig.json)|xampp(?:/(?:apache/(?:logs/(?:access|error).log|conf/httpd.conf|bin/php.ini)|m(?:ysql/data/mysql(?:-bin.index|.err)|ercurymail/mercury.ini)|htdocs/(?:a(?:dmin.php|ca.txt)|leer.txt)|php(?:myadmin/config.inc.php|/php.ini)|filezillaftp/filezilla server.xml|sendmail/sendmail.(?:ini|log)|webalizer/webalizer.conf)|\/mysql\/data\/\{host\}.err)|s(?:ystem(?:32/(?:inetsrv/config/(?:a(?:pplicationhost|dministration)|redirection).config|config/(?:s(?:(?:yste|a)m|oftware)|default))|/library/webobjects/adaptors/apache2.2/apache.conf)|(?:ites/default/(?:settings(?:.local)?|default.settings)|rv/www/htdos/squirrelmail/config/config).php|e(?:curity|rvices).yml|ftp-config.json)|t(?:mp(?:\/[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|/access.log)|ypo3conf/localconf.php|sconfig.json)|[jboss]\/server\/default\/(?:conf\/(?:s(?:tandardj(?:bos|aw)s.xml|erver.log.properties)|j(?:boss-(?:minimal|service).xml|ndi.properties)|log(?:in-config|4j).xml)|deploy\/jboss-logging.xml|log\/(?:server|boot).log)|h(?:ome(?:/(?:postgres/data/p(?:g_(?:(?:ident|hba).conf|version)|ostgresql.conf)|user/lighttpd/lighttpd.conf|bin/stable/apache/php.ini)|2/bin/stable/apache/php.ini)|ttp/httpd.conf)|ap(?:ache(?:/(?:logs/(?:access|error).log|conf/httpd.conf|php/php.ini)|2/logs/(?:access|error).log)|p/etc/local.xml)|l(?:ibrary/webserver/documents/(?:default.(?:html?|php)|index.(?:html?|php))|ogs/(?:security(?:_debug)?_)?log)|mysql(?:/(?:data/mysql(?:-bin.(?:index|log)|.(?:err|log))|my.(?:cnf|ini)|bin/my.ini)|\/data\/\{host\}.err)|ro(?:ot/.(?:bash(?:_(?:history|config|logout)|rc)|(?:ksh_histor|xauthorit)y)|uting.yml)|config(?:/(?:database|custom|app).php|_(?:prod|test|dev).yml|.(?:inc.php|yml))|in(?:c(?:ludes/config(?:ure)?|/config).php|etpub/wwwroot/global.asa)|n(?:etserver/bin/stable/apache/php.ini|pm-debug.log)|b(?:oot/grub/(?:grub.cfg|menu.lst)|in/php.ini)|/(?:config(?:uration)?.php|boot.ini|etc/)|LocalSettings.php|gruntfile.js|Web.config|yarn.lock)#" );
4
+ $score['LFI'][1] = array( 5 , 5, 5, 5 );
5
  ?>
handler/signature/APSQLI.php CHANGED
@@ -1,11 +1,11 @@
1
- <?php
2
- $regex['SQL'][1] = array( "#(?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)|db)|aster\.\.sysdatabases|ysql\.db)|pg_(?:catalog|toast)|information_schema|northwind|tempdb)\b|s(?:(?:ys(?:\.database_name|aux)|qlite(?:_temp)?_master)\b|chema(?:_name\b|\W*\())|d(?:atabas|b_nam)e\W*\())#" , "#(?i:sleep\(\s*?\d*?\s*?\)|benchmark\(.*?\,.*?\))#" , "#(?i:(?:select|;)\s+(?:benchmark|sleep|if)\s*?\(\s*?\(?\s*?\w+)#" , "#(?i:(?:[\'`](?:;?\s*?(?:having|select|union)\b\s*?[^\s]|\s*?!\s*?[\'`\w])|(?:c(?:onnection_id|urrent_user)|database)\s*?\([^\)]*?|u(?:nion(?:[\w(\s]*?select|select@)|ser\s*?\([^\)]*?)|s(?:chema\s*?\([^\)]*?|elect.*?\w?user\()|into[\s+]+(?:dump|out)file\s*?[\'`]|\s*?exec(?:ute)?.*?\Wxp_cmdshell|from\W+information_schema\W|exec(?:ute)?\s+master\.|\wiif\s*?\())#" , "#^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$#" , "#(?i:[\s()]case\s*?\(|\)\s*?like\s*?\(|having\s*?[^\s]+\s*?[^\w\s]|if\s?\([\d\w]\s*?[=<>~])#" , "#(?i:(?:[\'`](?:;*?\s*?waitfor\s+(?:delay|time)\s+[\'`]|;.*?:\s*?goto)|alter\s*?\w+.*?cha(?:racte)?r\s+set\s+\w+))#" , "#(?i:merge.*?using\s*?\(|execute\s*?immediate\s*?[\'`]|match\s*?[\w(),+-]+\s*?against\s*?\()#" , "#(?i)union.*?select.*?from#" , "@(?i:(?:;\s*?shutdown\s*?(?:[#;]|\/\*|--|\{)|waitfor\s*?delay\s?[\'`]+\s?\d|select\s*?pg_sleep))@" , "#(?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))#" , "%(?i:(?:create\s+(?:procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-|;\s*?(?:declare|open)\s+[\w-]+|procedure\s+analyse\s*?\(|declare[^\w]+[@#]\s*?\w+|exec\s*?\(\s*?\@))%" , "#(?i:(?:;\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?[\[(]?\w{2,}|create\s+function\s+.+\s+returns))#" , "#(?i:(?:^[\W\d]+\s*?(?:alter\s*(?:a(?:(?:pplication\s*rol|ggregat)e|s(?:ymmetric\s*ke|sembl)y|u(?:thorization|dit)|vailability\s*group)|c(?:r(?:yptographic\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\s*key|k)|terialized)|e(?:ssage\s*type|thod)|odule)|l(?:o(?:g(?:file\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\s*priority|ufferpool)|x(?:ml\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|u(?:nion\s*(?:(?:distin|sele)ct|all)|pdate)|(?:(?:trunc|cre)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|load)\b|(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s+(?:group_concat|load_file|char)\s?\(?|[\d\W]\s+as\s*?[\'`\w]+\s*?from|[\s(]load_file\s*?\(|[\'`]\s+regexp\W|end\s*?\);))#" , "#(?i:/\*[!+](?:[\w\s=_\-()]+)?\*/)#" );
3
- $score['SQL'][1] = array( 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 );
4
- $regex['SQL'][2] = array( "#(?:^\s*[\'`;]+|[\'`]+\s*$)#" , "#(?i:(?:(?:^|\W)in[+\s]*\([\s\d\]+[^()]*\)|\b(?:r(?:egexp|like)|isnull|xor)\b|<(?:>(?:\s+binary)?|=>?|<)|r(?:egexp|like)\s+binary|not\s+between\s+0\s+and|(?:like|is)\s+null|>[=>]|\|\||!=|&&))#" , "#(?i:[\s'\`()]*?([\d\w]++)[\s'\`()]*?(?:<(?:=(?:[\s'\`()]*?(?!\1)[\d\w]+|>[\s'\`()]*?(?:\1))|>?[\s'\`()]*?(?!\1)[\d\w]+)|(?:not\s+(?:regexp|like)|is\s+not|>=?|!=|\^)[\s'\`()]*?(?!\1)[\d\w]+|(?:(?:sounds\s+)?like|r(?:egexp|like)|=)[\s'\`()]*?(?:\1)))#" , "#(?i)\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|llation|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:inser_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|r(?:e(?:p(?:lace|eat)|lease_lock|verse)|a(?:wtohex|dians|nd)|o(?:w_count|und)|ight|trim|pad)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*\(#" , "@(?i:[\'`](?:\s*?(?:(?:between|x?or|and|div)[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|like(?:[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|\W+[\w\'`(])|[!=|](?:[\d\s!=+-]+.*?[\'`(].*?|[\d\s!=]+.*?\d+)$|[^\w\s]?=\s*?[\'`])|(?:\W*?[+=]+\W*?|[<>~]+)[\'`])|(?:/\*)+[\'`]+\s?(?:\/\*|--|\{|#)?|\d[\'`]\s+[\'`]\s+\d|where\s[\s\w\.,-]+\s=|^admin\s*?[\'`]|\sis\s*?0\W)@" , "#(?i:(?:(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?\(\s*?space\s*?\(|,.*?[)\da-f\'`][\'`](?:[\'`].*?[\'`]|(?:\r?\n)?\z|[^\'`]+)|\Wselect.+\W*?from))#" , "%(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)[\s(]+\w+[\s)]*?[!=+]+[\s\d]*?[\'`=()]|\/\w+;?\s+(?:between|having|select|like|x?or|and|div)\W|\d+\s*?(?:between|like|x?or|and|div)\s*?\d+\s*?[\-+]|--\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|#\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|;\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|\@.+=\s*?\(\s*?select|\d\s+group\s+by.+\(|[^\w]SET\s*?\@\w+))%" , "#(?i:[\'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\'`\d])|[^?\w\s=.,;)(]++\s*?[(@\'`]*?\s*?\w+\W+\w|\*\s*?\w+\W+[\'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\'`-]+from)\s+|\w+\s+like\s+[\'`]|find_in_set\s*?\(|like\s*?[\'`]%)#" , "@(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s+\s*?\w+\(|\)\s*?when\s*?\d+\s*?then|[\'`]\s*?(?:--|\{|#)|cha?r\s*?\(\s*?\d|\/\*!\s?\d+))@" , "#(?i:(?:[\'`](?:;\s*?(?:begin|while|if)|[\s\d]+=\s*?\d|\s+and\s*?=\W)|(?:\(\s*?select\s*?\w+|order\s+by\s+if\w*?|coalesce)\s*?\(|\w[\'`]\s*?(?:(?:[-+=|@]+\s+?)+|[-+=|@]+)[\d(]|[\s(]+case\d*?\W.+[tw]hen[\s(]|\+\s*?\d+\s*?\+\s*?\@|\@\@\w+\s*?[^\w\s]|\W!+[\'`]\w|\*\/from))#" , "#(?i:(?:(?:(?:^[\'`\\\\]*?[^\'`]+[\'`])+|(?:^[\'`\\\\]*?[\d\'`]+)+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\'`][+&!@(),.-]|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\'`\d]+)|[\'`]\s*?(?:between|like|x?or|and|div)\s*?[\'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\'`].|[^\w\s]\w+\s*?[|-]\s*?[\'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W|^.?[\'`]$))#" , "@(?i:(?:[\'`](?:\s*?(?:is\s*?(?:[\d.]+\s*?\W.*?[\'`]|\d.+[\'`]?\w)|\d\s*?(?:--|#))|(?:\W+[\w+-]+\s*?=\s*?\d\W+|\|?[\w-]{3,}[^\w\s.,]+)[\'`]|[\%&<>^=]+\d\s*?(?:between|like|x?or|and|div|=))|(?i:n?and|x?x?or|div|like|between|not|\|\||\&\&)\s+[\s\w+]+(?:sounds\s+like\s*?[\'`]|regexp\s*?\(|[=\d]+x)|in\s*?\(+\s*?select))@" , "#(?i:^[\W\d]+\s*?(?:alter|union)\b)#" , "@(?i:[\'`](?:\s*?(?:(?:\*.+(?:(?:an|i)d|between|like|x?or|div)\W*?[\'`]|(?:between|like|x?or|and|div)\s[^\d]+[\w-]+.*?)\d|[^\w\s?]+\s*?[^\w\s]+\s*?[\'`]|[^\w\s]+\s*?[\W\d].*?(?:--|#))|.*?\*\s*?\d)|[()\*<>%+-][\w-]+[^\w\s]+[\'`][^,]|\^[\'`])@" , "#(?:\b(?:having\b?(?:[\'\][^=]{1,10}[\'\?[=<>]+|\d{1,10}?[=<>]+)|(?i:having)\b\s+(?:'[^=]{1,10}'|\d{1,10})\s*?[=<>])|exists\s(?:s(?:elect\S(?:if(?:null)?\s\(|concat|top)|ystem\s\()|\b(?i:having)\b\s+\d{1,10}|'[^=]{1,10}'|\sselect)|(?i:\bexecute\s{1,5}[\w\.$]{1,5}\s{0,3})|(?i:\bcreate\s+?table.{0,20}?\()|(?i:\blike\W*?char\W*?\()|(?i:select.*?case)|(?i:from.*?limit)|(?i:\bexecute\()|(?i:order\sby))#" , "#(?:\b(?:(?i:xor)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|(?i:or)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?))|(?i:\bor\b?[\'\][^=]{1,10}[\'\]?[=<>]+)|(?i:'\s+xor\s+.{1,20}[+\-!<>=])|(?i:'\s+or\s+.{1,20}[+\-!<>=])|(?i:\bor\b?\d{1,10}?[=<>]+))#" , "#(?i:\band\b(?:\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|?(?:[\'\][^=]{1,10}[\'\]|\d{1,10})?[=<>]+))#" , "#(?i:\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:t(?:d(?:dev(?:_(?:sam|po)p)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)?|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:insert_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|r(?:a(?:wto(?:nhex(?:toraw)?|hex)|dians|nd)|e(?:p(?:lace|eat)|lease_lock|verse)|o(?:w_count|und)|ight|trim|pad)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o_(?:(?:second|day)s|base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*?\()#" , "#(?i:(?:xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|(?:servicecontro|cmdshel)l|e(?:xecresultset|numdsn)|ntsec(?:_enumdomains)?|terminate(?:_process)?|availablemedia|loginconfig|filelist|dirtree|makecab)|s(?:p_(?:(?:addextendedpro|sqlexe)c|p(?:assword|repare)|replwritetovarbin|is_srvrolemember|execute(?:sql)?|makewebtask|oacreate|help)|ql_(?:longvarchar|variant))|open(?:owa_util|rowset|query)|(?:n?varcha|tbcreato)r|autonomous_transaction|db(?:a_users|ms_java)|utl_(?:file|http)))#" , "#(?i:(?:\b(?:(?:s(?:elect\b.{1,100}?\b(?:(?:(?:length|count)\b.{1,100}?|.*?\bdump\b.*)\bfrom|to(?:p\b.{1,100}?\bfrom|_(?:numbe|cha)r)|(?:from\b.{1,100}?\bwher|data_typ)e|instr)|ys_context)|in(?:to\b\W*?\b(?:dump|out)file|sert\b\W*?\binto|ner\b\W*?\bjoin)|u(?:nion\b.{1,100}?\bselect|tl_inaddr)|group\b.*?\bby\b.{1,100}?\bhaving|d(?:elete\b\W*?\bfrom|bms_\w+\.)|load\b\W*?\bdata\b.*?\binfile)\b|print\b\W*?\@\@)|(?:;\W*?\b(?:shutdown|drop)|collation\W*?\(a|\@\@version)\b|'(?:s(?:qloledb|a)|msdasql|dbo)'))#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){12})/ " , "@(?:/\*!?|\*/|[';]--|--[\s\r\n\v\f]|--[^-]*?-|[^&-]#.*?[\s\r\n\v\f]|;?\\x00)@" , "#(?i:(?:\A|[^\d])0x[a-f\d]{3,})#" , " (?:`((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)`)" );
5
- $score['SQL'][2] = array( 3 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 3 , 5 , 5 , 5 );
6
- $regex['SQL'][3] = array( "#(?i)\W+\d*?\s*?having\s*?[^\s\-]#" , "#[\'`][\s\d]*?[^\w\s]\W*?\d\W*?.*?[\'`\d]#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){8})/ " , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){6})/ " , " /(?:'((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)')/ " );
7
- $score['SQL'][3] = array( 5 , 5 , 3 , 3 , 3 , 5 );
8
- $regex['SQL'][4] = array( "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){3})/ " , " /((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){2})/" );
9
- $score['SQL'][4] = array( 3 , 3 );
10
-
11
  ?>
1
+ <?php
2
+ $regex['SQL'][1] = array( "#(?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)|db)|aster\.\.sysdatabases|ysql\.db)|pg_(?:catalog|toast)|information_schema|northwind|tempdb)\b|s(?:(?:ys(?:\.database_name|aux)|qlite(?:_temp)?_master)\b|chema(?:_name\b|\W*\())|d(?:atabas|b_nam)e\W*\())#" , "#(?i:sleep\(\s*?\d*?\s*?\)|benchmark\(.*?\,.*?\))#" , "#(?i:(?:select|;)\s+(?:benchmark|sleep|if)\s*?\(\s*?\(?\s*?\w+)#" , "#(?i:(?:[\'`](?:;?\s*?(?:having|select|union)\b\s*?[^\s]|\s*?!\s*?[\'`\w])|(?:c(?:onnection_id|urrent_user)|database)\s*?\([^\)]*?|u(?:nion(?:[\w(\s]*?select|select@)|ser\s*?\([^\)]*?)|s(?:chema\s*?\([^\)]*?|elect.*?\w?user\()|into[\s+]+(?:dump|out)file\s*?[\'`]|\s*?exec(?:ute)?.*?\Wxp_cmdshell|from\W+information_schema\W|exec(?:ute)?\s+master\.|\wiif\s*?\())#" , "#^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$#" , "#(?i:[\s()]case\s*?\(|\)\s*?like\s*?\(|having\s*?[^\s]+\s*?[^\w\s]|if\s?\([\d\w]\s*?[=<>~])#" , "#(?i:(?:[\'`](?:;*?\s*?waitfor\s+(?:delay|time)\s+[\'`]|;.*?:\s*?goto)|alter\s*?\w+.*?cha(?:racte)?r\s+set\s+\w+))#" , "#(?i:merge.*?using\s*?\(|execute\s*?immediate\s*?[\'`]|match\s*?[\w(),+-]+\s*?against\s*?\()#" , "#(?i)union.*?select.*?from#" , "@(?i:(?:;\s*?shutdown\s*?(?:[#;]|\/\*|--|\{)|waitfor\s*?delay\s?[\'`]+\s?\d|select\s*?pg_sleep))@" , "#(?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))#" , "%(?i:(?:create\s+(?:procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-|;\s*?(?:declare|open)\s+[\w-]+|procedure\s+analyse\s*?\(|declare[^\w]+[@#]\s*?\w+|exec\s*?\(\s*?\@))%" , "#(?i:(?:;\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?[\[(]?\w{2,}|create\s+function\s+.+\s+returns))#" , "#(?i:(?:^[\W\d]+\s*?(?:alter\s*(?:a(?:(?:pplication\s*rol|ggregat)e|s(?:ymmetric\s*ke|sembl)y|u(?:thorization|dit)|vailability\s*group)|c(?:r(?:yptographic\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\s*key|k)|terialized)|e(?:ssage\s*type|thod)|odule)|l(?:o(?:g(?:file\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\s*priority|ufferpool)|x(?:ml\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|u(?:nion\s*(?:(?:distin|sele)ct|all)|pdate)|(?:(?:trunc|cre)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|load)\b|(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s+(?:group_concat|load_file|char)\s?\(?|[\d\W]\s+as\s*?[\'`\w]+\s*?from|[\s(]load_file\s*?\(|[\'`]\s+regexp\W|end\s*?\);))#" , "#(?i:/\*[!+](?:[\w\s=_\-()]+)?\*/)#" );
3
+ $score['SQL'][1] = array( 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 );
4
+ $regex['SQL'][2] = array( "#(?:^\s*[\'`;]+|[\'`]+\s*$)#" , "#(?i:(?:(?:^|\W)in[+\s]*\([\s\d\]+[^()]*\)|\b(?:r(?:egexp|like)|isnull|xor)\b|<(?:>(?:\s+binary)?|=>?|<)|r(?:egexp|like)\s+binary|not\s+between\s+0\s+and|(?:like|is)\s+null|>[=>]|\|\||!=|&&))#" , "#(?i:[\s'\`()]*?([\d\w]++)[\s'\`()]*?(?:<(?:=(?:[\s'\`()]*?(?!\1)[\d\w]+|>[\s'\`()]*?(?:\1))|>?[\s'\`()]*?(?!\1)[\d\w]+)|(?:not\s+(?:regexp|like)|is\s+not|>=?|!=|\^)[\s'\`()]*?(?!\1)[\d\w]+|(?:(?:sounds\s+)?like|r(?:egexp|like)|=)[\s'\`()]*?(?:\1)))#" , "#(?i)\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|llation|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:inser_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|r(?:e(?:p(?:lace|eat)|lease_lock|verse)|a(?:wtohex|dians|nd)|o(?:w_count|und)|ight|trim|pad)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*\(#" , "@(?i:[\'`](?:\s*?(?:(?:between|x?or|and|div)[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|like(?:[\w\s-]+\s*?[+<>=(),-]\s*?[\d\'`]|\W+[\w\'`(])|[!=|](?:[\d\s!=+-]+.*?[\'`(].*?|[\d\s!=]+.*?\d+)$|[^\w\s]?=\s*?[\'`])|(?:\W*?[+=]+\W*?|[<>~]+)[\'`])|(?:/\*)+[\'`]+\s?(?:\/\*|--|\{|#)?|\d[\'`]\s+[\'`]\s+\d|where\s[\s\w\.,-]+\s=|^admin\s*?[\'`]|\sis\s*?0\W)@" , "#(?i:(?:(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?\(\s*?space\s*?\(|,.*?[)\da-f\'`][\'`](?:[\'`].*?[\'`]|(?:\r?\n)?\z|[^\'`]+)|\Wselect.+\W*?from))#" , "%(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)[\s(]+\w+[\s)]*?[!=+]+[\s\d]*?[\'`=()]|\/\w+;?\s+(?:between|having|select|like|x?or|and|div)\W|\d+\s*?(?:between|like|x?or|and|div)\s*?\d+\s*?[\-+]|--\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|#\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|;\s*?(?:(?:insert|update)\s*?\w{2,}|alter|drop)|\@.+=\s*?\(\s*?select|\d\s+group\s+by.+\(|[^\w]SET\s*?\@\w+))%" , "#(?i:[\'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\'`\d])|[^?\w\s=.,;)(]++\s*?[(@\'`]*?\s*?\w+\W+\w|\*\s*?\w+\W+[\'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\'`-]+from)\s+|\w+\s+like\s+[\'`]|find_in_set\s*?\(|like\s*?[\'`]%)#" , "@(?i:(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s+\s*?\w+\(|\)\s*?when\s*?\d+\s*?then|[\'`]\s*?(?:--|\{|#)|cha?r\s*?\(\s*?\d|\/\*!\s?\d+))@" , "#(?i:(?:[\'`](?:;\s*?(?:begin|while|if)|[\s\d]+=\s*?\d|\s+and\s*?=\W)|(?:\(\s*?select\s*?\w+|order\s+by\s+if\w*?|coalesce)\s*?\(|\w[\'`]\s*?(?:(?:[-+=|@]+\s+?)+|[-+=|@]+)[\d(]|[\s(]+case\d*?\W.+[tw]hen[\s(]|\+\s*?\d+\s*?\+\s*?\@|\@\@\w+\s*?[^\w\s]|\W!+[\'`]\w|\*\/from))#" , "#(?i:(?:(?:(?:^[\'`\\\\]*?[^\'`]+[\'`])+|(?:^[\'`\\\\]*?[\d\'`]+)+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\'`][+&!@(),.-]|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\'`\d]+)|[\'`]\s*?(?:between|like|x?or|and|div)\s*?[\'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\'`].|[^\w\s]\w+\s*?[|-]\s*?[\'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W|^.?[\'`]$))#" , "@(?i:(?:[\'`](?:\s*?(?:is\s*?(?:[\d.]+\s*?\W.*?[\'`]|\d.+[\'`]?\w)|\d\s*?(?:--|#))|(?:\W+[\w+-]+\s*?=\s*?\d\W+|\|?[\w-]{3,}[^\w\s.,]+)[\'`]|[\%&<>^=]+\d\s*?(?:between|like|x?or|and|div|=))|(?i:n?and|x?x?or|div|like|between|not|\|\||\&\&)\s+[\s\w+]+(?:sounds\s+like\s*?[\'`]|regexp\s*?\(|[=\d]+x)|in\s*?\(+\s*?select))@" , "#(?i:^[\W\d]+\s*?(?:alter|union)\b)#" , "@(?i:[\'`](?:\s*?(?:(?:\*.+(?:(?:an|i)d|between|like|x?or|div)\W*?[\'`]|(?:between|like|x?or|and|div)\s[^\d]+[\w-]+.*?)\d|[^\w\s?]+\s*?[^\w\s]+\s*?[\'`]|[^\w\s]+\s*?[\W\d].*?(?:--|#))|.*?\*\s*?\d)|[()\*<>%+-][\w-]+[^\w\s]+[\'`][^,]|\^[\'`])@" , "#(?:\b(?:having\b?(?:[\'\][^=]{1,10}[\'\?[=<>]+|\d{1,10}?[=<>]+)|(?i:having)\b\s+(?:'[^=]{1,10}'|\d{1,10})\s*?[=<>])|exists\s(?:s(?:elect\S(?:if(?:null)?\s\(|concat|top)|ystem\s\()|\b(?i:having)\b\s+\d{1,10}|'[^=]{1,10}'|\sselect)|(?i:\bexecute\s{1,5}[\w\.$]{1,5}\s{0,3})|(?i:\bcreate\s+?table.{0,20}?\()|(?i:\blike\W*?char\W*?\()|(?i:select.*?case)|(?i:from.*?limit)|(?i:\bexecute\()|(?i:order\sby))#" , "#(?:\b(?:(?i:xor)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|(?i:or)\b\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?))|(?i:\bor\b?[\'\][^=]{1,10}[\'\]?[=<>]+)|(?i:'\s+xor\s+.{1,20}[+\-!<>=])|(?i:'\s+or\s+.{1,20}[+\-!<>=])|(?i:\bor\b?\d{1,10}?[=<>]+))#" , "#(?i:\band\b(?:\s+(?:'[^=]{1,10}'(?:\s*?[=<>])?|\d{1,10}(?:\s*?[=<>])?)|?(?:[\'\][^=]{1,10}[\'\]|\d{1,10})?[=<>]+))#" , "#(?i:\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:t(?:d(?:dev(?:_(?:sam|po)p)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)?|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:insert_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|r(?:a(?:wto(?:nhex(?:toraw)?|hex)|dians|nd)|e(?:p(?:lace|eat)|lease_lock|verse)|o(?:w_count|und)|ight|trim|pad)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o_(?:(?:second|day)s|base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*?\()#" , "#(?i:(?:xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|(?:servicecontro|cmdshel)l|e(?:xecresultset|numdsn)|ntsec(?:_enumdomains)?|terminate(?:_process)?|availablemedia|loginconfig|filelist|dirtree|makecab)|s(?:p_(?:(?:addextendedpro|sqlexe)c|p(?:assword|repare)|replwritetovarbin|is_srvrolemember|execute(?:sql)?|makewebtask|oacreate|help)|ql_(?:longvarchar|variant))|open(?:owa_util|rowset|query)|(?:n?varcha|tbcreato)r|autonomous_transaction|db(?:a_users|ms_java)|utl_(?:file|http)))#" , "#(?i:(?:\b(?:(?:s(?:elect\b.{1,100}?\b(?:(?:(?:length|count)\b.{1,100}?|.*?\bdump\b.*)\bfrom|to(?:p\b.{1,100}?\bfrom|_(?:numbe|cha)r)|(?:from\b.{1,100}?\bwher|data_typ)e|instr)|ys_context)|in(?:to\b\W*?\b(?:dump|out)file|sert\b\W*?\binto|ner\b\W*?\bjoin)|u(?:nion\b.{1,100}?\bselect|tl_inaddr)|group\b.*?\bby\b.{1,100}?\bhaving|d(?:elete\b\W*?\bfrom|bms_\w+\.)|load\b\W*?\bdata\b.*?\binfile)\b|print\b\W*?\@\@)|(?:;\W*?\b(?:shutdown|drop)|collation\W*?\(a|\@\@version)\b|'(?:s(?:qloledb|a)|msdasql|dbo)'))#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){12})/ " , "@(?:/\*!?|\*/|[';]--|--[\s\r\n\v\f]|--[^-]*?-|[^&-]#.*?[\s\r\n\v\f]|;?\\x00)@" , "#(?i:(?:\A|[^\d])0x[a-f\d]{3,})#" , " (?:`((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)`)" );
5
+ $score['SQL'][2] = array( 3 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 5 , 3 , 5 , 5 , 5 );
6
+ $regex['SQL'][3] = array( "#(?i)\W+\d*?\s*?having\s*?[^\s\-]#" , "#[\'`][\s\d]*?[^\w\s]\W*?\d\W*?.*?[\'`\d]#" , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){8})/ " , "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){6})/ " , " /(?:'((?:[\w\s=_\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\/]{4})+(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?)')/ " );
7
+ $score['SQL'][3] = array( 5 , 5 , 3 , 3 , 3 , 5 );
8
+ $regex['SQL'][4] = array( "/((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\'´’‘`<>]*?){3})/ " , " /((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){2})/" );
9
+ $score['SQL'][4] = array( 3 , 3 );
10
+
11
  ?>
handler/twofa/encryption.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
- /**
3
- * @package miniOrange
4
- * @author miniOrange Security Software Pvt. Ltd.
5
- * @license GNU/GPLv3
6
- * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
- *
8
- *
9
- * This file is part of miniOrange Gauth plugin.
10
- */
11
-
12
- class mo2f_GAuth_AESEncryption {
13
- /**
14
- * @param string $data - the key=value pairs separated with &
15
- * @return string
16
- */
17
- public static function encrypt_data_ga($data, $key) {
18
- $plaintext = $data;
19
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
- $iv = openssl_random_pseudo_bytes($ivlen);
21
- $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
- $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
- $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
- return $ciphertext;
25
- }
26
-
27
-
28
- /**
29
- * @param string $data - crypt response from Sagepay
30
- * @return string
31
- */
32
- public static function decrypt_data($data, $key) {
33
- $c = base64_decode($data);
34
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
- $iv = substr($c, 0, $ivlen);
36
- $hmac = substr($c, $ivlen, $sha2len=32);
37
- $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
- $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
- $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
-
41
-
42
- return $original_plaintext;
43
- }
44
-
45
- }
46
  ?>
1
+ <?php
2
+ /**
3
+ * @package miniOrange
4
+ * @author miniOrange Security Software Pvt. Ltd.
5
+ * @license GNU/GPLv3
6
+ * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
+ *
8
+ *
9
+ * This file is part of miniOrange Gauth plugin.
10
+ */
11
+
12
+ class mo2f_GAuth_AESEncryption {
13
+ /**
14
+ * @param string $data - the key=value pairs separated with &
15
+ * @return string
16
+ */
17
+ public static function encrypt_data_ga($data, $key) {
18
+ $plaintext = $data;
19
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
+ $iv = openssl_random_pseudo_bytes($ivlen);
21
+ $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
+ $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
+ $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
+ return $ciphertext;
25
+ }
26
+
27
+
28
+ /**
29
+ * @param string $data - crypt response from Sagepay
30
+ * @return string
31
+ */
32
+ public static function decrypt_data($data, $key) {
33
+ $c = base64_decode($data);
34
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
+ $iv = substr($c, 0, $ivlen);
36
+ $hmac = substr($c, $ivlen, $sha2len=32);
37
+ $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
+ $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
+ $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
+
41
+
42
+ return $original_plaintext;
43
+ }
44
+
45
+ }
46
  ?>
handler/twofa/gaonprem.php CHANGED
@@ -1,253 +1,253 @@
1
- <?php
2
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'encryption.php';
3
- class Google_auth_onpremise{
4
- protected $_codeLength = 6;
5
- function __construct(){
6
-
7
- }
8
-
9
- function mo_GAuth_get_details($setupWizard = false)
10
- {
11
-
12
- $user=wp_get_current_user();
13
- $user_id=$user->ID;
14
-
15
- if(isset($_POST) && isset($_POST['mo2f_session_id'])){
16
- $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
17
- }else{
18
- $session_id_encrypt = MO2f_Utility::random_str(20);
19
- }
20
- $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
21
- if(!$secret_ga){
22
- $secret_ga = $this->createSecret();
23
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $secret_ga);
24
- }
25
-
26
-
27
- $issuer=get_option('mo2f_google_appname', 'miniOrangeAu');
28
- $email=$user->user_email;
29
- $otpcode=$this->getCode($secret_ga);
30
- $url=$this->geturl($secret_ga ,$issuer,$email);
31
- if(!$setupWizard)
32
- {
33
- echo '<div class="mo2f_table_layout">';
34
- mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
35
- echo '</div>';
36
- }
37
- else
38
- {
39
- mo2f_configure_google_authenticator_setupWizard($secret_ga ,$url,$otpcode, $session_id_encrypt);
40
- }
41
- exit;
42
-
43
- }
44
-
45
- function mo_GAuth_set_secret($user_id,$secret){
46
- global $Mo2fdbQueries;
47
- $key=$this->random_str(8);
48
- update_user_meta( $user_id, 'mo2f_get_auth_rnd_string', $key);
49
- $secret=mo2f_GAuth_AESEncryption::encrypt_data_ga($secret,$key);
50
- update_user_meta( $user_id, 'mo2f_gauth_key', $secret);
51
- }
52
-
53
- function mo_GAuth_get_secret($user_id){
54
- global $Mo2fdbQueries;
55
- $key=get_user_meta( $user_id, 'mo2f_get_auth_rnd_string', true);
56
- $secret=get_user_meta( $user_id, 'mo2f_gauth_key', true);
57
- $secret=mo2f_GAuth_AESEncryption::decrypt_data($secret,$key);
58
-
59
- return $secret;
60
- }
61
-
62
- function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
63
- {
64
- $randomString = '';
65
- $charactersLength = strlen($keyspace);
66
- for ($i = 0; $i < $length; $i++) {
67
- $randomString .= $keyspace[rand(0, $charactersLength - 1)];
68
- }
69
- return $randomString;
70
-
71
- }
72
-
73
-
74
-
75
-
76
- function createSecret($secretLength = 16)
77
- {
78
- $validChars = $this->_getBase32LookupTable();
79
-
80
- // Valid secret lengths are 80 to 640 bits
81
- if ($secretLength < 16 || $secretLength > 128) {
82
- throw new Exception('Bad secret length');
83
- }
84
- $secret = '';
85
- $rnd = false;
86
- if (function_exists('random_bytes')) {
87
- $rnd = random_bytes($secretLength);
88
- } elseif (function_exists('openssl_random_pseudo_bytes')) {
89
- $rnd = openssl_random_pseudo_bytes($secretLength, $cryptoStrong);
90
- if (!$cryptoStrong) {
91
- $rnd = false;
92
- }
93
- }
94
- if ($rnd !== false) {
95
- for ($i = 0; $i < $secretLength; ++$i) {
96
- $secret .= $validChars[ord($rnd[$i]) & 31];
97
- }
98
- } else {
99
- throw new Exception('No source of secure random');
100
- }
101
-
102
- return $secret;
103
- }
104
-
105
- function _getBase32LookupTable()
106
- {
107
- return array(
108
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
109
- 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
110
- 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
111
- 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
112
- '=', // padding char
113
- );
114
- }
115
-
116
- function verifyCode($secret, $code,$discrepancy = 3, $currentTimeSlice = null)
117
- {
118
- global $Mo2fdbQueries;
119
- $response=array("status"=>'false');
120
- if ($currentTimeSlice === null) {
121
- $currentTimeSlice = floor(time() / 30);
122
- }
123
-
124
- if (strlen($code) != 6) {
125
- return json_encode($response);
126
- }
127
- for ($i = -$discrepancy; $i <= $discrepancy; ++$i) {
128
- $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
129
- if ($this->timingSafeEquals($calculatedCode, $code)) {
130
- update_option('mo2f_time_slice', $i);
131
- $response['status']='SUCCESS';
132
- return json_encode($response);
133
- }
134
- }
135
- return json_encode($response);
136
- }
137
-
138
- function geturl($secret,$issuer,$email){
139
- // id can be email or name
140
- $url="otpauth://totp/";
141
-
142
- $url.=$email."?secret=".$secret."&issuer=".$issuer;
143
- return $url;
144
-
145
- //aksjdbdzcaasd?secret=4RNWQWBQH4JDPABP&issuer=miniOrange/competits";
146
-
147
- }
148
-
149
- function timingSafeEquals($safeString, $userString)
150
- {
151
- if (function_exists('hash_equals')) {
152
- return hash_equals($safeString, $userString);
153
- }
154
- $safeLen = strlen($safeString);
155
- $userLen = strlen($userString);
156
-
157
- if ($userLen != $safeLen) {
158
- return false;
159
- }
160
-
161
- $result = 0;
162
-
163
- for ($i = 0; $i < $userLen; ++$i) {
164
- $result |= (ord($safeString[$i]) ^ ord($userString[$i]));
165
- }
166
-
167
- // They are only identical strings if $result is exactly 0...
168
- return $result === 0;
169
- }
170
-
171
- function getCode($secret, $timeSlice = null)
172
- {
173
- if ($timeSlice === null) {
174
- $timeSlice = floor(time() / 30);
175
- }
176
-
177
- $secretkey = $this->_base32Decode($secret);
178
- // Pack time into binary string
179
- $time = chr(0).chr(0).chr(0).chr(0). pack('N*', $timeSlice);
180
- // Hash it with users secret key
181
- $hm = hash_hmac('SHA1', $time, $secretkey, true);
182
-
183
- // Use last nipple of result as index/offset
184
- $offset = ord(substr($hm, -1)) & 0x0F;
185
-
186
- // grab 4 bytes of the result
187
- $hashpart = substr($hm, $offset, 4);
188
- // Unpak binary value
189
- $value = unpack('N', $hashpart);
190
- $value = $value[1];
191
- // Only 32 bits
192
- $value = $value & 0x7FFFFFFF;
193
- $modulo = pow(10, $this->_codeLength);
194
- return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
195
- }
196
-
197
- function _base32Decode($secret)
198
- {
199
- if (empty($secret)) {
200
- return '';
201
- }
202
- $base32chars = $this->_getBase32LookupTable();
203
- $base32charsFlipped = array_flip($base32chars);
204
-
205
- $paddingCharCount = substr_count($secret, $base32chars[32]);
206
- $allowedValues = array(6, 4, 3, 1, 0);
207
- if (!in_array($paddingCharCount, $allowedValues)) {
208
- return false;
209
- }
210
-
211
-
212
- for ($i = 0; $i < 4; ++$i) {
213
- if ($paddingCharCount == $allowedValues[$i] &&
214
- substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) {
215
- return false;
216
- }
217
- }
218
- $secret = str_replace('=', '', $secret);
219
- $secret = str_split($secret);
220
- $binaryString = '';
221
- for ($i = 0; $i < count($secret); $i = $i + 8) {
222
- $x = '';
223
- if (!in_array($secret[$i], $base32chars)) {
224
- return false;
225
- }
226
- for ($j = 0; $j < 8; ++$j) {
227
-
228
- $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
229
- }
230
- $eightBits = str_split($x, 8);
231
- for ($z = 0; $z < count($eightBits); ++$z) {
232
- $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y : '';
233
-
234
- }
235
- }
236
-
237
- return $binaryString;
238
- }
239
-
240
- public static function mo2f_GAuth_get_option($option,$val=null){
241
- if(is_multisite()){
242
-
243
- $val=get_site_option($option,$val);
244
-
245
- }else{
246
- $val=get_option($option,$val);
247
- }
248
-
249
- return $val;
250
-
251
- }
252
- }
253
  ?>
1
+ <?php
2
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'encryption.php';
3
+ class Google_auth_onpremise{
4
+ protected $_codeLength = 6;
5
+ function __construct(){
6
+
7
+ }
8
+
9
+ function mo_GAuth_get_details($setupWizard = false)
10
+ {
11
+
12
+ $user=wp_get_current_user();
13
+ $user_id=$user->ID;
14
+
15
+ if(isset($_POST) && isset($_POST['mo2f_session_id'])){
16
+ $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
17
+ }else{
18
+ $session_id_encrypt = MO2f_Utility::random_str(20);
19
+ }
20
+ $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
21
+ if(!$secret_ga){
22
+ $secret_ga = $this->createSecret();
23
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $secret_ga);
24
+ }
25
+
26
+
27
+ $issuer=get_option('mo2f_google_appname', 'miniOrangeAu');
28
+ $email=$user->user_email;
29
+ $otpcode=$this->getCode($secret_ga);
30
+ $url=$this->geturl($secret_ga ,$issuer,$email);
31
+ if(!$setupWizard)
32
+ {
33
+ echo '<div class="mo2f_table_layout">';
34
+ mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
35
+ echo '</div>';
36
+ }
37
+ else
38
+ {
39
+ mo2f_configure_google_authenticator_setupWizard($secret_ga ,$url,$otpcode, $session_id_encrypt);
40
+ }
41
+ exit;
42
+
43
+ }
44
+
45
+ function mo_GAuth_set_secret($user_id,$secret){
46
+ global $Mo2fdbQueries;
47
+ $key=$this->random_str(8);
48
+ update_user_meta( $user_id, 'mo2f_get_auth_rnd_string', $key);
49
+ $secret=mo2f_GAuth_AESEncryption::encrypt_data_ga($secret,$key);
50
+ update_user_meta( $user_id, 'mo2f_gauth_key', $secret);
51
+ }
52
+
53
+ function mo_GAuth_get_secret($user_id){
54
+ global $Mo2fdbQueries;
55
+ $key=get_user_meta( $user_id, 'mo2f_get_auth_rnd_string', true);
56
+ $secret=get_user_meta( $user_id, 'mo2f_gauth_key', true);
57
+ $secret=mo2f_GAuth_AESEncryption::decrypt_data($secret,$key);
58
+
59
+ return $secret;
60
+ }
61
+
62
+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
63
+ {
64
+ $randomString = '';
65
+ $charactersLength = strlen($keyspace);
66
+ for ($i = 0; $i < $length; $i++) {
67
+ $randomString .= $keyspace[rand(0, $charactersLength - 1)];
68
+ }
69
+ return $randomString;
70
+
71
+ }
72
+
73
+
74
+
75
+
76
+ function createSecret($secretLength = 16)
77
+ {
78
+ $validChars = $this->_getBase32LookupTable();
79
+
80
+ // Valid secret lengths are 80 to 640 bits
81
+ if ($secretLength < 16 || $secretLength > 128) {
82
+ throw new Exception('Bad secret length');
83
+ }
84
+ $secret = '';
85
+ $rnd = false;
86
+ if (function_exists('random_bytes')) {
87
+ $rnd = random_bytes($secretLength);
88
+ } elseif (function_exists('openssl_random_pseudo_bytes')) {
89
+ $rnd = openssl_random_pseudo_bytes($secretLength, $cryptoStrong);
90
+ if (!$cryptoStrong) {
91
+ $rnd = false;
92
+ }
93
+ }
94
+ if ($rnd !== false) {
95
+ for ($i = 0; $i < $secretLength; ++$i) {
96
+ $secret .= $validChars[ord($rnd[$i]) & 31];
97
+ }
98
+ } else {
99
+ throw new Exception('No source of secure random');
100
+ }
101
+
102
+ return $secret;
103
+ }
104
+
105
+ function _getBase32LookupTable()
106
+ {
107
+ return array(
108
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
109
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
110
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
111
+ 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
112
+ '=', // padding char
113
+ );
114
+ }
115
+
116
+ function verifyCode($secret, $code,$discrepancy = 3, $currentTimeSlice = null)
117
+ {
118
+ global $Mo2fdbQueries;
119
+ $response=array("status"=>'false');
120
+ if ($currentTimeSlice === null) {
121
+ $currentTimeSlice = floor(time() / 30);
122
+ }
123
+
124
+ if (strlen($code) != 6) {
125
+ return json_encode($response);
126
+ }
127
+ for ($i = -$discrepancy; $i <= $discrepancy; ++$i) {
128
+ $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
129
+ if ($this->timingSafeEquals($calculatedCode, $code)) {
130
+ update_option('mo2f_time_slice', $i);
131
+ $response['status']='SUCCESS';
132
+ return json_encode($response);
133
+ }
134
+ }
135
+ return json_encode($response);
136
+ }
137
+
138
+ function geturl($secret,$issuer,$email){
139
+ // id can be email or name
140
+ $url="otpauth://totp/";
141
+
142
+ $url.=$email."?secret=".$secret."&issuer=".$issuer;
143
+ return $url;
144
+
145
+ //aksjdbdzcaasd?secret=4RNWQWBQH4JDPABP&issuer=miniOrange/competits";
146
+
147
+ }
148
+
149
+ function timingSafeEquals($safeString, $userString)
150
+ {
151
+ if (function_exists('hash_equals')) {
152
+ return hash_equals($safeString, $userString);
153
+ }
154
+ $safeLen = strlen($safeString);
155
+ $userLen = strlen($userString);
156
+
157
+ if ($userLen != $safeLen) {
158
+ return false;
159
+ }
160
+
161
+ $result = 0;
162
+
163
+ for ($i = 0; $i < $userLen; ++$i) {
164
+ $result |= (ord($safeString[$i]) ^ ord($userString[$i]));
165
+ }
166
+
167
+ // They are only identical strings if $result is exactly 0...
168
+ return $result === 0;
169
+ }
170
+
171
+ function getCode($secret, $timeSlice = null)
172
+ {
173
+ if ($timeSlice === null) {
174
+ $timeSlice = floor(time() / 30);
175
+ }
176
+
177
+ $secretkey = $this->_base32Decode($secret);
178
+ // Pack time into binary string
179
+ $time = chr(0).chr(0).chr(0).chr(0). pack('N*', $timeSlice);
180
+ // Hash it with users secret key
181
+ $hm = hash_hmac('SHA1', $time, $secretkey, true);
182
+
183
+ // Use last nipple of result as index/offset
184
+ $offset = ord(substr($hm, -1)) & 0x0F;
185
+
186
+ // grab 4 bytes of the result
187
+ $hashpart = substr($hm, $offset, 4);
188
+ // Unpak binary value
189
+ $value = unpack('N', $hashpart);
190
+ $value = $value[1];
191
+ // Only 32 bits
192
+ $value = $value & 0x7FFFFFFF;
193
+ $modulo = pow(10, $this->_codeLength);
194
+ return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
195
+ }
196
+
197
+ function _base32Decode($secret)
198
+ {
199
+ if (empty($secret)) {
200
+ return '';
201
+ }
202
+ $base32chars = $this->_getBase32LookupTable();
203
+ $base32charsFlipped = array_flip($base32chars);
204
+
205
+ $paddingCharCount = substr_count($secret, $base32chars[32]);
206
+ $allowedValues = array(6, 4, 3, 1, 0);
207
+ if (!in_array($paddingCharCount, $allowedValues)) {
208
+ return false;
209
+ }
210
+
211
+
212
+ for ($i = 0; $i < 4; ++$i) {
213
+ if ($paddingCharCount == $allowedValues[$i] &&
214
+ substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) {
215
+ return false;
216
+ }
217
+ }
218
+ $secret = str_replace('=', '', $secret);
219
+ $secret = str_split($secret);
220
+ $binaryString = '';
221
+ for ($i = 0; $i < count($secret); $i = $i + 8) {
222
+ $x = '';
223
+ if (!in_array($secret[$i], $base32chars)) {
224
+ return false;
225
+ }
226
+ for ($j = 0; $j < 8; ++$j) {
227
+
228
+ $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
229
+ }
230
+ $eightBits = str_split($x, 8);
231
+ for ($z = 0; $z < count($eightBits); ++$z) {
232
+ $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y : '';
233
+
234
+ }
235
+ }
236
+
237
+ return $binaryString;
238
+ }
239
+
240
+ public static function mo2f_GAuth_get_option($option,$val=null){
241
+ if(is_multisite()){
242
+
243
+ $val=get_site_option($option,$val);
244
+
245
+ }else{
246
+ $val=get_option($option,$val);
247
+ }
248
+
249
+ return $val;
250
+
251
+ }
252
+ }
253
  ?>
handler/twofa/two_fa_constants.php CHANGED
@@ -1,441 +1,441 @@
1
- <?php
2
- if ( ! defined( 'ABSPATH' ) ) {
3
- exit;
4
- }
5
-
6
- class Mo2fConstants {
7
- static function langTranslate( $text ) {
8
- switch ( $text ) {
9
- case 'Successfully validated.':
10
- return mo2f_lt( 'Successfully validated.' );
11
- break;
12
- case 'SCAN_QR_CODE':
13
- return mo2f_lt( 'Please scan the QR Code now.' );
14
- break;
15
- case 'miniOrange QR Code Authentication':
16
- return mo2f_lt( 'miniOrange QR Code Authentication' );
17
- break;
18
- case 'miniOrange Push Notification':
19
- return mo2f_lt( 'miniOrange Push Notification' );
20
- break;
21
- case 'miniOrange Soft Token':
22
- return mo2f_lt( 'miniOrange Soft Token' );
23
- break;
24
- case 'Security Questions':
25
- return mo2f_lt( 'Security Questions' );
26
- break;
27
- case 'Google Authenticator':
28
- return mo2f_lt( 'Google Authenticator' );
29
- break;
30
- case 'Authy Authenticator':
31
- return mo2f_lt( 'Authy Authenticator' );
32
- break;
33
- case 'Email Verification':
34
- return mo2f_lt( 'Email Verification' );
35
- break;
36
- case 'OTP Over SMS':
37
- return mo2f_lt( 'OTP Over SMS' );
38
- break;
39
- case 'OTP Over SMS And Email':
40
- return mo2f_lt( 'OTP Over SMS And Email' );
41
- break;
42
- case 'Your license has expired. Please renew your license to continue using our service.':
43
- return mo2f_lt( 'Your license has expired. Please renew your license to continue using our service.' );
44
- break;
45
- case 'The total transaction limit has been exceeded. Please upgrade your premium plan.':
46
- return mo2f_lt( 'The total transaction limit has been exceeded. Please upgrade your premium plan.' );
47
- break;
48
- case 'The transaction limit has exceeded.':
49
- return mo2f_lt( 'The transaction limit has exceeded.' );
50
- break;
51
- case 'GenerateOtpRequest is null':
52
- return mo2f_lt( 'GenerateOtpRequest is null' );
53
- break;
54
- case 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
55
- return mo2f_lt( 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
56
- break;
57
- case 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
58
- return mo2f_lt( 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
59
- break;
60
- case 'Transaction limit exceeded. Please contact your administrator':
61
- return mo2f_lt( 'Transaction limit exceeded. Please contact your administrator' );
62
- break;
63
- case 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.':
64
- return mo2f_lt( 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.' );
65
- break;
66
- case 'Invalid format.':
67
- return mo2f_lt( 'Invalid format.' );
68
- break;
69
- case 'Mobile registration failed.':
70
- return mo2f_lt( 'Mobile registration failed.' );
71
- break;
72
- case 'Invalid mobile authentication request.':
73
- return mo2f_lt( 'Invalid mobile authentication request.' );
74
- break;
75
- case 'Exception during SMS sending':
76
- return mo2f_lt( 'Exception during SMS sending' );
77
- break;
78
- case 'There was an error during sending an SMS.':
79
- return mo2f_lt( 'There was an error during sending an SMS.' );
80
- break;
81
- case 'Exception during logUserTransaction':
82
- return mo2f_lt( 'Exception during logUserTransaction' );
83
- break;
84
- case 'There was an error processing the challenge user request.':
85
- return mo2f_lt( 'There was an error processing the challenge user request.' );
86
- break;
87
- case 'What is your first company name?':
88
- return mo2f_lt( 'What is your first company name?' );
89
- break;
90
- case 'What was your childhood nickname?':
91
- return mo2f_lt( 'What was your childhood nickname?' );
92
- break;
93
- case 'In what city did you meet your spouse/significant other?':
94
- return mo2f_lt( 'In what city did you meet your spouse/significant other?' );
95
- break;
96
- case 'What is the name of your favorite childhood friend?':
97
- return mo2f_lt( 'What is the name of your favorite childhood friend?' );
98
- break;
99
- case "What was your first vehicle's registration number?":
100
- return mo2f_lt( "What was your first vehicle's registration number?" );
101
- break;
102
- case "What is your grandmother's maiden name?":
103
- return mo2f_lt( "What is your grandmother's maiden name?" );
104
- break;
105
- case 'Who is your favourite sports player?':
106
- return mo2f_lt( 'Who is your favourite sports player?' );
107
- break;
108
- case 'What is your favourite sport?':
109
- return mo2f_lt( 'What is your favourite sport?' );
110
- break;
111
- case 'In what city or town was your first job':
112
- return mo2f_lt( 'In what city or town was your first job' );
113
- break;
114
- case 'What school did you attend for sixth grade?':
115
- return mo2f_lt( 'What school did you attend for sixth grade?' );
116
- break;
117
- case 'G_AUTH':
118
- return mo2f_lt( 'Google Authenticator' );
119
- break;
120
- case 'AUTHY_2FA':
121
- return mo2f_lt( 'Authy 2-Factor Authentication' );
122
- break;
123
- case 'An unknown error occurred while creating the end user.':
124
- return mo2f_lt( 'An unknown error occurred while creating the end user.' );
125
- break;
126
- case 'An unknown error occurred while challenging the user':
127
- return mo2f_lt( 'An unknown error occurred while challenging the user.' );
128
- break;
129
- case 'An unknown error occurred while generating QR Code for registering mobile.':
130
- return mo2f_lt( 'An unknown error occurred while generating QR Code for registering mobile.' );
131
- break;
132
- case 'An unknown error occurred while validating the user\'s identity.':
133
- return mo2f_lt( 'An unknown error occurred while validating the user\'s identity.' );
134
- break;
135
- case 'Customer not found.':
136
- return mo2f_lt( 'Customer not found.' );
137
- break;
138
- case 'The customer is not valid ':
139
- return mo2f_lt( 'The customer is not valid' );
140
- break;
141
- case 'The user is not valid ':
142
- return mo2f_lt( 'The user is not valid ' );
143
- break;
144
- case 'Customer already exists.':
145
- return mo2f_lt( 'Customer already exists.' );
146
- break;
147
- case 'Customer Name is null':
148
- return mo2f_lt( 'Customer Name is null' );
149
- break;
150
- case 'Customer check request failed.':
151
- return mo2f_lt( 'Customer check request failed.' );
152
- break;
153
- case 'Invalid username or password. Please try again.':
154
- return mo2f_lt( 'Invalid username or password. Please try again.' );
155
- break;
156
- case 'You are not authorized to perform this operation.':
157
- return mo2f_lt( 'You are not authorized to perform this operation.' );
158
- break;
159
- case 'Invalid request. No such challenge request was initiated.':
160
- return mo2f_lt( 'Invalid request. No such challenge request was initiated.' );
161
- break;
162
- case 'No OTP Token for the given request was found.':
163
- return mo2f_lt( 'No OTP Token for the given request was found.' );
164
- break;
165
- case 'Query submitted.':
166
- return mo2f_lt( 'Query submitted.' );
167
- break;
168
- case 'Invalid parameters.':
169
- return mo2f_lt( 'Invalid parameters.' );
170
- break;
171
- case 'Alternate email cannot be same as primary email.':
172
- return mo2f_lt( 'Alternate email cannot be same as primary email.' );
173
- break;
174
- case 'CustomerId is null.':
175
- return mo2f_lt( 'CustomerId is null.' );
176
- break;
177
- case 'You are not authorized to create users. Please upgrade to premium plan. ':
178
- return mo2f_lt( 'You are not authorized to create users. Please upgrade to premium plan. ' );
179
- break;
180
- case 'Your user creation limit has been completed. Please upgrade your license to add more users.':
181
- return mo2f_lt( 'Your user creation limit has been completed. Please upgrade your license to add more users.' );
182
- break;
183
- case 'Username cannot be blank.':
184
- return mo2f_lt( 'Username cannot be blank.' );
185
- break;
186
- case 'End user created successfully.':
187
- return mo2f_lt( 'End user created successfully.' );
188
- break;
189
- case 'There was an exception processing the update user request.':
190
- return mo2f_lt( 'There was an exception processing the update user request.' );
191
- break;
192
- case 'End user found.':
193
- return mo2f_lt( 'End user found.' );
194
- break;
195
- case 'End user found under different customer. ':
196
- return mo2f_lt( 'End user found under different customer. ' );
197
- break;
198
- case 'End user not found.':
199
- return mo2f_lt( 'End user not found.' );
200
- break;
201
- case 'Customer successfully registered.':
202
- return mo2f_lt( 'Customer successfully registered.' );
203
- break;
204
- case 'Customer registration failed.':
205
- return mo2f_lt( 'Customer registration failed.' );
206
- break;
207
- case 'There was an error processing the register mobile request.':
208
- return mo2f_lt( 'There was an error processing the register mobile request.' );
209
- break;
210
- case 'There was an exception processing the get user request.':
211
- return mo2f_lt( 'There was an exception processing the get user request.' );
212
- break;
213
- case 'End User retrieved successfully.':
214
- return mo2f_lt( 'End User retrieved successfully.' );
215
- break;
216
- case 'COMPLETED_TEST':
217
- Return mo2f_lt( 'You have successfully completed the test.' );
218
- break;
219
- case 'INVALID_EMAIL_VER_REQ':
220
- Return mo2f_lt( 'Invalid request. test case failed.');
221
- break;
222
- case 'INVALID_ENTRY':
223
- Return mo2f_lt( 'All the fields are required. Please enter valid entries.' );
224
- break;
225
- case 'INVALID_PASSWORD':
226
- Return mo2f_lt( 'You already have an account with miniOrange. Please enter a valid password.' );
227
- break;
228
- case 'INVALID_REQ':
229
- Return mo2f_lt( 'Invalid request. Please try again' );
230
- break;
231
- case 'INVALID_OTP':
232
- Return mo2f_lt( 'Invalid OTP. Please try again.' );
233
- break;
234
- case 'INVALID_EMAIL_OR_PASSWORD':
235
- Return mo2f_lt( 'Invalid email or password. Please try again.' );
236
- break;
237
- case 'PASSWORDS_MISMATCH':
238
- Return mo2f_lt( 'Password and Confirm password do not match.' );
239
- break;
240
- case 'ENTER_YOUR_EMAIL_PASSWORD':
241
- Return mo2f_lt( 'Please enter your registered email and password.' );
242
- break;
243
- case 'OTP_SENT':
244
- Return mo2f_lt( 'One Time Passcode has been sent for verification to ' );
245
- break;
246
- case 'ERROR_IN_SENDING_OTP_OVER_EMAIL':
247
- Return mo2f_lt( 'There was an error in sending OTP over email. Please click on Resend OTP to try again.' );
248
- break;
249
- case 'ERROR_DURING_REGISTRATION':
250
- Return mo2f_lt( 'Error occured while registration. Please try again.' );
251
- break;
252
- case 'ERROR_DURING_PROCESS':
253
- Return mo2f_lt( 'An error occured while processing your request. Please Try again.' );
254
- break;
255
- case 'ERROR_DURING_PROCESS_EMAIL':
256
- Return mo2f_lt( 'An error occured while processing your request. Please check your SMTP server is configured.' );
257
- break;
258
- case 'ERROR_WHILE_SENDING_SMS':
259
- Return mo2f_lt( 'There was an error in sending sms. Please click on Resend OTP to try again.' );
260
- break;
261
- case 'ERROR_DURING_USER_REGISTRATION':
262
- Return mo2f_lt( 'Error occurred while registering the user. Please try again.' );
263
- break;
264
- case 'VALIDATE_DUO':
265
- Return mo2f_lt( 'Duo push notification validate successfully.' );
266
- break;
267
- case 'SET_AS_2ND_FACTOR':
268
- Return mo2f_lt( 'is set as your 2 factor authentication method.' );
269
- break;
270
- case 'ERROR_WHILE_SAVING_KBA':
271
- Return mo2f_lt( 'Error occured while saving your kba details. Please try again.' );
272
- break;
273
- case 'ANSWER_SECURITY_QUESTIONS':
274
- Return mo2f_lt( 'Please answer the following security questions.' );
275
- break;
276
- case 'RESET_DUO_CONFIGURATON':
277
- Return mo2f_lt( 'Your Duo configuration has been reset successfully.' );
278
- break;
279
- case 'ERROR_FETCHING_QUESTIONS':
280
- Return mo2f_lt( 'There was an error fetching security questions. Please try again.' );
281
- break;
282
- case 'INVALID_ANSWERS':
283
- Return mo2f_lt( 'Invalid Answers. Please try again.' );
284
- break;
285
- case 'MIN_PASS_LENGTH':
286
- Return mo2f_lt( 'Choose a password with minimum length 6.' );
287
- break;
288
- case 'ACCOUNT_RETRIEVED_SUCCESSFULLY':
289
- Return mo2f_lt( 'Your account has been retrieved successfully.' );
290
- break;
291
- case 'DEFAULT_2ND_FACTOR':
292
- Return mo2f_lt( 'has been set as your default 2nd factor method' );
293
- break;
294
- case 'RESENT_OTP':
295
- Return mo2f_lt( 'Another One Time Passcode has been sent' );
296
- break;
297
- case 'VERIFY':
298
- Return mo2f_lt( 'for verification to' );
299
- break;
300
- case 'ERROR_IN_SENDING_EMAIL':
301
- Return mo2f_lt( 'There was an error in sending email. Please click on Resend OTP to try again.' );
302
- break;
303
- case 'EMAIL_IN_USE':
304
- Return mo2f_lt( 'The email is already used by other user. Please register with other email.' );
305
- break;
306
- case 'EMAIL_MANDATORY':
307
- Return mo2f_lt( 'Please submit your query with email' );
308
- break;
309
- case 'ERROR_WHILE_SUBMITTING_QUERY':
310
- Return mo2f_lt( 'Your query could not be submitted. Please try again.' );
311
- break;
312
- case 'QUERY_SUBMITTED_SUCCESSFULLY':
313
- Return mo2f_lt( 'Thanks for getting in touch! We shall get back to you shortly.' );
314
- break;
315
- case 'SETTINGS_SAVED':
316
- Return mo2f_lt( 'Your settings are saved successfully.' );
317
- break;
318
- case 'AUTHENTICATION_FAILED':
319
- Return mo2f_lt( 'Authentication failed. Please try again to test the configuration.' );
320
- break;
321
- case 'REGISTER_WITH_MO':
322
- Return mo2f_lt( 'Invalid request. Please register with miniOrange before configuring your mobile.' );
323
- break;
324
- case 'ENTER_EMAILID':
325
- Return mo2f_lt( 'Please enter email-id to register.' );
326
- break;
327
- case 'ENTER_VALUE':
328
- Return mo2f_lt( 'Please enter a value to test your authentication.' );
329
- break;
330
- case 'ENTER_OTP':
331
- Return mo2f_lt( 'Please enter the one time passcode below.' );
332
- break;
333
- case 'ERROR_IN_SENDING_OTP':
334
- Return mo2f_lt( 'There was an error in sending one-time passcode. Your transaction limit might have exceeded. Please contact miniOrange or upgrade to our premium plan.' );
335
- break;
336
- case 'ERROR_IN_SENDING_OTP_ONPREM':
337
- Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
338
- break;
339
- case 'SMTP_CHECK_FOR_EMAIL_VERIFICATON':
340
- Return mo2f_lt('Please set your SMTP to get the email to verify the email at the time of login otherwise you will get logged out');
341
- break;
342
- case 'PUSH_NOTIFICATION_SENT':
343
- Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
344
- break;
345
- case 'ERROR_WHILE_VALIDATING_OTP':
346
- Return mo2f_lt( 'Error occurred while validating the OTP. Please try again.' );
347
- break;
348
- case 'TEST_GAUTH_METHOD':
349
- Return mo2f_lt( 'to test Google Authenticator method.' );
350
- break;
351
- case 'ERROR_IN_SENDING_OTP_CAUSES':
352
- Return mo2f_lt( 'Error occurred while validating the OTP. Please try again. Possible causes:' );
353
- break;
354
- case 'APP_TIME_SYNC':
355
- Return mo2f_lt( 'Your App Time is not in sync.Go to settings and tap on tap on Sync Time now .' );
356
- break;
357
- case 'SERVER_TIME_SYNC':
358
- Return mo2f_lt( 'Please make sure your System and device have the same time as the displayed Server time.' );
359
- break;
360
- case 'ERROR_WHILE_VALIDATING_USER':
361
- Return mo2f_lt( 'Error occurred while validating the user. Please try again.' );
362
- break;
363
- case 'ONLY_DIGITS_ALLOWED':
364
- Return mo2f_lt( 'Only digits are allowed. Please enter again.' );
365
- break;
366
- case 'TEST_AUTHY_2FA':
367
- Return mo2f_lt( 'to test Authy 2-Factor Authentication method.' );
368
- break;
369
- case 'METHOD':
370
- Return mo2f_lt( 'method.' );
371
- break;
372
- case 'TO_TEST':
373
- Return mo2f_lt( 'to test' );
374
- break;
375
- case 'SET_2FA':
376
- Return mo2f_lt( 'is set as your Two-Factor method.' );
377
- break;
378
-
379
- case 'SET_2FA_otp':
380
- Return mo2f_lt( 'is set as your Two-Factor method.' );
381
- break;
382
-
383
-
384
- case 'VERIFICATION_EMAIL_SENT':
385
- Return mo2f_lt( 'A verification email is sent to' );
386
- break;
387
- case 'ACCEPT_LINK_TO_VERIFY_EMAIL':
388
- Return mo2f_lt( 'Please click on accept link to verify your email.' );
389
- break;
390
- case 'ACCOUNT_CREATED':
391
- Return mo2f_lt( 'Your account has been created successfully.' );
392
- break;
393
- case 'ACCOUNT_REMOVED':
394
- Return mo2f_lt( 'Your account has been removed. Please contact your administrator.' );
395
- break;
396
- case 'REGISTRATION_SUCCESS':
397
- Return mo2f_lt( 'You are registered successfully.' );
398
- break;
399
- case 'DENIED_REQUEST':
400
- Return mo2f_lt( 'You have denied the request.' );
401
- break;
402
- case 'DENIED_DUO_REQUEST':
403
- Return mo2f_lt( 'You have denied the request or you have not set duo push notification yet' );
404
- break;
405
- case 'DISABLED_2FA':
406
- Return mo2f_lt( 'Two-Factor plugin has been disabled.' );
407
- break;
408
- case 'ERROR_WHILE_SAVING_SETTINGS':
409
- Return mo2f_lt( 'Error occurred while saving the settings.Please try again.' );
410
- break;
411
- case 'INVALID_REQUEST':
412
- Return mo2f_lt( 'Invalid request. Please register with miniOrange and configure 2-Factor to save your login settings.' );
413
- break;
414
- case 'ACCOUNT_ALREADY_EXISTS':
415
- Return mo2f_lt( 'You already have an account with miniOrange, please sign in.' );
416
- break;
417
- case 'CONFIGURE_2FA':
418
- Return mo2f_lt( 'to configure another 2 Factor authentication method.' );
419
- break;
420
- case 'PHONE_NOT_CONFIGURED':
421
- Return mo2f_lt( 'Your phone number is not configured. Please configure it before selecting OTP Over SMS as your 2-factor method.' );
422
- break;
423
- case 'CLICK_HERE':
424
- Return mo2f_lt( 'Click Here' );
425
- break;
426
- case 'ERROR_CREATE_ACC_OTP':
427
- Return mo2f_lt( 'An error occured while creating your account. Please try again by sending OTP again.' );
428
- break;
429
- case 'LOGIN_WITH_2ND_FACTOR':
430
- Return mo2f_lt( 'Please disable 2FA prompt on WP login page to enable Login with 2nd facor only.' );
431
- break;
432
- case 'USER_LIMIT_EXCEEDED':
433
- Return mo2f_lt( 'Your limit of 3 users has exceeded. Please upgrade to premium plans for more users.' );
434
- break;
435
- default:
436
- return $text;
437
- }
438
- }
439
- }
440
-
441
- new Mo2fConstants;
1
+ <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
+ class Mo2fConstants {
7
+ static function langTranslate( $text ) {
8
+ switch ( $text ) {
9
+ case 'Successfully validated.':
10
+ return mo2f_lt( 'Successfully validated.' );
11
+ break;
12
+ case 'SCAN_QR_CODE':
13
+ return mo2f_lt( 'Please scan the QR Code now.' );
14
+ break;
15
+ case 'miniOrange QR Code Authentication':
16
+ return mo2f_lt( 'miniOrange QR Code Authentication' );
17
+ break;
18
+ case 'miniOrange Push Notification':
19
+ return mo2f_lt( 'miniOrange Push Notification' );
20
+ break;
21
+ case 'miniOrange Soft Token':
22
+ return mo2f_lt( 'miniOrange Soft Token' );
23
+ break;
24
+ case 'Security Questions':
25
+ return mo2f_lt( 'Security Questions' );
26
+ break;
27
+ case 'Google Authenticator':
28
+ return mo2f_lt( 'Google Authenticator' );
29
+ break;
30
+ case 'Authy Authenticator':
31
+ return mo2f_lt( 'Authy Authenticator' );
32
+ break;
33
+ case 'Email Verification':
34
+ return mo2f_lt( 'Email Verification' );
35
+ break;
36
+ case 'OTP Over SMS':
37
+ return mo2f_lt( 'OTP Over SMS' );
38
+ break;
39
+ case 'OTP Over SMS And Email':
40
+ return mo2f_lt( 'OTP Over SMS And Email' );
41
+ break;
42
+ case 'Your license has expired. Please renew your license to continue using our service.':
43
+ return mo2f_lt( 'Your license has expired. Please renew your license to continue using our service.' );
44
+ break;
45
+ case 'The total transaction limit has been exceeded. Please upgrade your premium plan.':
46
+ return mo2f_lt( 'The total transaction limit has been exceeded. Please upgrade your premium plan.' );
47
+ break;
48
+ case 'The transaction limit has exceeded.':
49
+ return mo2f_lt( 'The transaction limit has exceeded.' );
50
+ break;
51
+ case 'GenerateOtpRequest is null':
52
+ return mo2f_lt( 'GenerateOtpRequest is null' );
53
+ break;
54
+ case 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
55
+ return mo2f_lt( 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
56
+ break;
57
+ case 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
58
+ return mo2f_lt( 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
59
+ break;
60
+ case 'Transaction limit exceeded. Please contact your administrator':
61
+ return mo2f_lt( 'Transaction limit exceeded. Please contact your administrator' );
62
+ break;
63
+ case 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.':
64
+ return mo2f_lt( 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.' );
65
+ break;
66
+ case 'Invalid format.':
67
+ return mo2f_lt( 'Invalid format.' );
68
+ break;
69
+ case 'Mobile registration failed.':
70
+ return mo2f_lt( 'Mobile registration failed.' );
71
+ break;
72
+ case 'Invalid mobile authentication request.':
73
+ return mo2f_lt( 'Invalid mobile authentication request.' );
74
+ break;
75
+ case 'Exception during SMS sending':
76
+ return mo2f_lt( 'Exception during SMS sending' );
77
+ break;
78
+ case 'There was an error during sending an SMS.':
79
+ return mo2f_lt( 'There was an error during sending an SMS.' );
80
+ break;
81
+ case 'Exception during logUserTransaction':
82
+ return mo2f_lt( 'Exception during logUserTransaction' );
83
+ break;
84
+ case 'There was an error processing the challenge user request.':
85
+ return mo2f_lt( 'There was an error processing the challenge user request.' );
86
+ break;
87
+ case 'What is your first company name?':
88
+ return mo2f_lt( 'What is your first company name?' );
89
+ break;
90
+ case 'What was your childhood nickname?':
91
+ return mo2f_lt( 'What was your childhood nickname?' );
92
+ break;
93
+ case 'In what city did you meet your spouse/significant other?':
94
+ return mo2f_lt( 'In what city did you meet your spouse/significant other?' );
95
+ break;
96
+ case 'What is the name of your favorite childhood friend?':
97
+ return mo2f_lt( 'What is the name of your favorite childhood friend?' );
98
+ break;
99
+ case "What was your first vehicle's registration number?":
100
+ return mo2f_lt( "What was your first vehicle's registration number?" );
101
+ break;
102
+ case "What is your grandmother's maiden name?":
103
+ return mo2f_lt( "What is your grandmother's maiden name?" );
104
+ break;
105
+ case 'Who is your favourite sports player?':
106
+ return mo2f_lt( 'Who is your favourite sports player?' );
107
+ break;
108
+ case 'What is your favourite sport?':
109
+ return mo2f_lt( 'What is your favourite sport?' );
110
+ break;
111
+ case 'In what city or town was your first job':
112
+ return mo2f_lt( 'In what city or town was your first job' );
113
+ break;
114
+ case 'What school did you attend for sixth grade?':
115
+ return mo2f_lt( 'What school did you attend for sixth grade?' );
116
+ break;
117
+ case 'G_AUTH':
118
+ return mo2f_lt( 'Google Authenticator' );
119
+ break;
120
+ case 'AUTHY_2FA':
121
+ return mo2f_lt( 'Authy 2-Factor Authentication' );
122
+ break;
123
+ case 'An unknown error occurred while creating the end user.':
124
+ return mo2f_lt( 'An unknown error occurred while creating the end user.' );
125
+ break;
126
+ case 'An unknown error occurred while challenging the user':
127
+ return mo2f_lt( 'An unknown error occurred while challenging the user.' );
128
+ break;
129
+ case 'An unknown error occurred while generating QR Code for registering mobile.':
130
+ return mo2f_lt( 'An unknown error occurred while generating QR Code for registering mobile.' );
131
+ break;
132
+ case 'An unknown error occurred while validating the user\'s identity.':
133
+ return mo2f_lt( 'An unknown error occurred while validating the user\'s identity.' );
134
+ break;
135
+ case 'Customer not found.':
136
+ return mo2f_lt( 'Customer not found.' );
137
+ break;
138
+ case 'The customer is not valid ':
139
+ return mo2f_lt( 'The customer is not valid' );
140
+ break;
141
+ case 'The user is not valid ':
142
+ return mo2f_lt( 'The user is not valid ' );
143
+ break;
144
+ case 'Customer already exists.':
145
+ return mo2f_lt( 'Customer already exists.' );
146
+ break;
147
+ case 'Customer Name is null':
148
+ return mo2f_lt( 'Customer Name is null' );
149
+ break;
150
+ case 'Customer check request failed.':
151
+ return mo2f_lt( 'Customer check request failed.' );
152
+ break;
153
+ case 'Invalid username or password. Please try again.':
154
+ return mo2f_lt( 'Invalid username or password. Please try again.' );
155
+ break;
156
+ case 'You are not authorized to perform this operation.':
157
+ return mo2f_lt( 'You are not authorized to perform this operation.' );
158
+ break;
159
+ case 'Invalid request. No such challenge request was initiated.':
160
+ return mo2f_lt( 'Invalid request. No such challenge request was initiated.' );
161
+ break;
162
+ case 'No OTP Token for the given request was found.':
163
+ return mo2f_lt( 'No OTP Token for the given request was found.' );
164
+ break;
165
+ case 'Query submitted.':
166
+ return mo2f_lt( 'Query submitted.' );
167
+ break;
168
+ case 'Invalid parameters.':
169
+ return mo2f_lt( 'Invalid parameters.' );
170
+ break;
171
+ case 'Alternate email cannot be same as primary email.':
172
+ return mo2f_lt( 'Alternate email cannot be same as primary email.' );
173
+ break;
174
+ case 'CustomerId is null.':
175
+ return mo2f_lt( 'CustomerId is null.' );
176
+ break;
177
+ case 'You are not authorized to create users. Please upgrade to premium plan. ':
178
+ return mo2f_lt( 'You are not authorized to create users. Please upgrade to premium plan. ' );
179
+ break;
180
+ case 'Your user creation limit has been completed. Please upgrade your license to add more users.':
181
+ return mo2f_lt( 'Your user creation limit has been completed. Please upgrade your license to add more users.' );
182
+ break;
183
+ case 'Username cannot be blank.':
184
+ return mo2f_lt( 'Username cannot be blank.' );
185
+ break;
186
+ case 'End user created successfully.':
187
+ return mo2f_lt( 'End user created successfully.' );
188
+ break;
189
+ case 'There was an exception processing the update user request.':
190
+ return mo2f_lt( 'There was an exception processing the update user request.' );
191
+ break;
192
+ case 'End user found.':
193
+ return mo2f_lt( 'End user found.' );
194
+ break;
195
+ case 'End user found under different customer. ':
196
+ return mo2f_lt( 'End user found under different customer. ' );
197
+ break;
198
+ case 'End user not found.':
199
+ return mo2f_lt( 'End user not found.' );
200
+ break;
201
+ case 'Customer successfully registered.':
202
+ return mo2f_lt( 'Customer successfully registered.' );
203
+ break;
204
+ case 'Customer registration failed.':
205
+ return mo2f_lt( 'Customer registration failed.' );
206
+ break;
207
+ case 'There was an error processing the register mobile request.':
208
+ return mo2f_lt( 'There was an error processing the register mobile request.' );
209
+ break;
210
+ case 'There was an exception processing the get user request.':
211
+ return mo2f_lt( 'There was an exception processing the get user request.' );
212
+ break;
213
+ case 'End User retrieved successfully.':
214
+ return mo2f_lt( 'End User retrieved successfully.' );
215
+ break;
216
+ case 'COMPLETED_TEST':
217
+ Return mo2f_lt( 'You have successfully completed the test.' );
218
+ break;
219
+ case 'INVALID_EMAIL_VER_REQ':
220
+ Return mo2f_lt( 'Invalid request. test case failed.');
221
+ break;
222
+ case 'INVALID_ENTRY':
223
+ Return mo2f_lt( 'All the fields are required. Please enter valid entries.' );
224
+ break;
225
+ case 'INVALID_PASSWORD':
226
+ Return mo2f_lt( 'You already have an account with miniOrange. Please enter a valid password.' );
227
+ break;
228
+ case 'INVALID_REQ':
229
+ Return mo2f_lt( 'Invalid request. Please try again' );
230
+ break;
231
+ case 'INVALID_OTP':
232
+ Return mo2f_lt( 'Invalid OTP. Please try again.' );
233
+ break;
234
+ case 'INVALID_EMAIL_OR_PASSWORD':
235
+ Return mo2f_lt( 'Invalid email or password. Please try again.' );
236
+ break;
237
+ case 'PASSWORDS_MISMATCH':
238
+ Return mo2f_lt( 'Password and Confirm password do not match.' );
239
+ break;
240
+ case 'ENTER_YOUR_EMAIL_PASSWORD':
241
+ Return mo2f_lt( 'Please enter your registered email and password.' );
242
+ break;
243
+ case 'OTP_SENT':
244
+ Return mo2f_lt( 'One Time Passcode has been sent for verification to ' );
245
+ break;
246
+ case 'ERROR_IN_SENDING_OTP_OVER_EMAIL':
247
+ Return mo2f_lt( 'There was an error in sending OTP over email. Please click on Resend OTP to try again.' );
248
+ break;
249
+ case 'ERROR_DURING_REGISTRATION':
250
+ Return mo2f_lt( 'Error occured while registration. Please try again.' );
251
+ break;
252
+ case 'ERROR_DURING_PROCESS':
253
+ Return mo2f_lt( 'An error occured while processing your request. Please Try again.' );
254
+ break;
255
+ case 'ERROR_DURING_PROCESS_EMAIL':
256
+ Return mo2f_lt( 'An error occured while processing your request. Please check your SMTP server is configured.' );
257
+ break;
258
+ case 'ERROR_WHILE_SENDING_SMS':
259
+ Return mo2f_lt( 'There was an error in sending sms. Please click on Resend OTP to try again.' );
260
+ break;
261
+ case 'ERROR_DURING_USER_REGISTRATION':
262
+ Return mo2f_lt( 'Error occurred while registering the user. Please try again.' );
263
+ break;
264
+ case 'VALIDATE_DUO':
265
+ Return mo2f_lt( 'Duo push notification validate successfully.' );
266
+ break;
267
+ case 'SET_AS_2ND_FACTOR':
268
+ Return mo2f_lt( 'is set as your 2 factor authentication method.' );
269
+ break;
270
+ case 'ERROR_WHILE_SAVING_KBA':
271
+ Return mo2f_lt( 'Error occured while saving your kba details. Please try again.' );
272
+ break;
273
+ case 'ANSWER_SECURITY_QUESTIONS':
274
+ Return mo2f_lt( 'Please answer the following security questions.' );
275
+ break;
276
+ case 'RESET_DUO_CONFIGURATON':
277
+ Return mo2f_lt( 'Your Duo configuration has been reset successfully.' );
278
+ break;
279
+ case 'ERROR_FETCHING_QUESTIONS':
280
+ Return mo2f_lt( 'There was an error fetching security questions. Please try again.' );
281
+ break;
282
+ case 'INVALID_ANSWERS':
283
+ Return mo2f_lt( 'Invalid Answers. Please try again.' );
284
+ break;
285
+ case 'MIN_PASS_LENGTH':
286
+ Return mo2f_lt( 'Choose a password with minimum length 6.' );
287
+ break;
288
+ case 'ACCOUNT_RETRIEVED_SUCCESSFULLY':
289
+ Return mo2f_lt( 'Your account has been retrieved successfully.' );
290
+ break;
291
+ case 'DEFAULT_2ND_FACTOR':
292
+ Return mo2f_lt( 'has been set as your default 2nd factor method' );
293
+ break;
294
+ case 'RESENT_OTP':
295
+ Return mo2f_lt( 'Another One Time Passcode has been sent' );
296
+ break;
297
+ case 'VERIFY':
298
+ Return mo2f_lt( 'for verification to' );
299
+ break;
300
+ case 'ERROR_IN_SENDING_EMAIL':
301
+ Return mo2f_lt( 'There was an error in sending email. Please click on Resend OTP to try again.' );
302
+ break;
303
+ case 'EMAIL_IN_USE':
304
+ Return mo2f_lt( 'The email is already used by other user. Please register with other email.' );
305
+ break;
306
+ case 'EMAIL_MANDATORY':
307
+ Return mo2f_lt( 'Please submit your query with email' );
308
+ break;
309
+ case 'ERROR_WHILE_SUBMITTING_QUERY':
310
+ Return mo2f_lt( 'Your query could not be submitted. Please try again.' );
311
+ break;
312
+ case 'QUERY_SUBMITTED_SUCCESSFULLY':
313
+ Return mo2f_lt( 'Thanks for getting in touch! We shall get back to you shortly.' );
314
+ break;
315
+ case 'SETTINGS_SAVED':
316
+ Return mo2f_lt( 'Your settings are saved successfully.' );
317
+ break;
318
+ case 'AUTHENTICATION_FAILED':
319
+ Return mo2f_lt( 'Authentication failed. Please try again to test the configuration.' );
320
+ break;
321
+ case 'REGISTER_WITH_MO':
322
+ Return mo2f_lt( 'Invalid request. Please register with miniOrange before configuring your mobile.' );
323
+ break;
324
+ case 'ENTER_EMAILID':
325
+ Return mo2f_lt( 'Please enter email-id to register.' );
326
+ break;
327
+ case 'ENTER_VALUE':
328
+ Return mo2f_lt( 'Please enter a value to test your authentication.' );
329
+ break;
330
+ case 'ENTER_OTP':
331
+ Return mo2f_lt( 'Please enter the one time passcode below.' );
332
+ break;
333
+ case 'ERROR_IN_SENDING_OTP':
334
+ Return mo2f_lt( 'There was an error in sending one-time passcode. Your transaction limit might have exceeded. Please contact miniOrange or upgrade to our premium plan.' );
335
+ break;
336
+ case 'ERROR_IN_SENDING_OTP_ONPREM':
337
+ Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
338
+ break;
339
+ case 'SMTP_CHECK_FOR_EMAIL_VERIFICATON':
340
+ Return mo2f_lt('Please set your SMTP to get the email to verify the email at the time of login otherwise you will get logged out');
341
+ break;
342
+ case 'PUSH_NOTIFICATION_SENT':
343
+ Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
344
+ break;
345
+ case 'ERROR_WHILE_VALIDATING_OTP':
346
+ Return mo2f_lt( 'Error occurred while validating the OTP. Please try again.' );
347
+ break;
348
+ case 'TEST_GAUTH_METHOD':
349
+ Return mo2f_lt( 'to test Google Authenticator method.' );
350
+ break;
351
+ case 'ERROR_IN_SENDING_OTP_CAUSES':
352
+ Return mo2f_lt( 'Error occurred while validating the OTP. Please try again. Possible causes:' );
353
+ break;
354
+ case 'APP_TIME_SYNC':
355
+ Return mo2f_lt( 'Your App Time is not in sync.Go to settings and tap on tap on Sync Time now .' );
356
+ break;
357
+ case 'SERVER_TIME_SYNC':
358
+ Return mo2f_lt( 'Please make sure your System and device have the same time as the displayed Server time.' );
359
+ break;
360
+ case 'ERROR_WHILE_VALIDATING_USER':
361
+ Return mo2f_lt( 'Error occurred while validating the user. Please try again.' );
362
+ break;
363
+ case 'ONLY_DIGITS_ALLOWED':
364
+ Return mo2f_lt( 'Only digits are allowed. Please enter again.' );
365
+ break;
366
+ case 'TEST_AUTHY_2FA':
367
+ Return mo2f_lt( 'to test Authy 2-Factor Authentication method.' );
368
+ break;
369
+ case 'METHOD':
370
+ Return mo2f_lt( 'method.' );
371
+ break;
372
+ case 'TO_TEST':
373
+ Return mo2f_lt( 'to test' );
374
+ break;
375
+ case 'SET_2FA':
376
+ Return mo2f_lt( 'is set as your Two-Factor method.' );
377
+ break;
378
+
379
+ case 'SET_2FA_otp':
380
+ Return mo2f_lt( 'is set as your Two-Factor method.' );
381
+ break;
382
+
383
+
384
+ case 'VERIFICATION_EMAIL_SENT':
385
+ Return mo2f_lt( 'A verification email is sent to' );
386
+ break;
387
+ case 'ACCEPT_LINK_TO_VERIFY_EMAIL':
388
+ Return mo2f_lt( 'Please click on accept link to verify your email.' );
389
+ break;
390
+ case 'ACCOUNT_CREATED':
391
+ Return mo2f_lt( 'Your account has been created successfully.' );
392
+ break;
393
+ case 'ACCOUNT_REMOVED':
394
+ Return mo2f_lt( 'Your account has been removed. Please contact your administrator.' );
395
+ break;
396
+ case 'REGISTRATION_SUCCESS':
397
+ Return mo2f_lt( 'You are registered successfully.' );
398
+ break;
399
+ case 'DENIED_REQUEST':
400
+ Return mo2f_lt( 'You have denied the request.' );
401
+ break;
402
+ case 'DENIED_DUO_REQUEST':
403
+ Return mo2f_lt( 'You have denied the request or you have not set duo push notification yet' );
404
+ break;
405
+ case 'DISABLED_2FA':
406
+ Return mo2f_lt( 'Two-Factor plugin has been disabled.' );
407
+ break;
408
+ case 'ERROR_WHILE_SAVING_SETTINGS':
409
+ Return mo2f_lt( 'Error occurred while saving the settings.Please try again.' );
410
+ break;
411
+ case 'INVALID_REQUEST':
412
+ Return mo2f_lt( 'Invalid request. Please register with miniOrange and configure 2-Factor to save your login settings.' );
413
+ break;
414
+ case 'ACCOUNT_ALREADY_EXISTS':
415
+ Return mo2f_lt( 'You already have an account with miniOrange, please sign in.' );
416
+ break;
417
+ case 'CONFIGURE_2FA':
418
+ Return mo2f_lt( 'to configure another 2 Factor authentication method.' );
419
+ break;
420
+ case 'PHONE_NOT_CONFIGURED':
421
+ Return mo2f_lt( 'Your phone number is not configured. Please configure it before selecting OTP Over SMS as your 2-factor method.' );
422
+ break;
423
+ case 'CLICK_HERE':
424
+ Return mo2f_lt( 'Click Here' );
425
+ break;
426
+ case 'ERROR_CREATE_ACC_OTP':
427
+ Return mo2f_lt( 'An error occured while creating your account. Please try again by sending OTP again.' );
428
+ break;
429
+ case 'LOGIN_WITH_2ND_FACTOR':
430
+ Return mo2f_lt( 'Please disable 2FA prompt on WP login page to enable Login with 2nd facor only.' );
431
+ break;
432
+ case 'USER_LIMIT_EXCEEDED':
433
+ Return mo2f_lt( 'Your limit of 3 users has exceeded. Please upgrade to premium plans for more users.' );
434
+ break;
435
+ default:
436
+ return $text;
437
+ }
438
+ }
439
+ }
440
+
441
+ new Mo2fConstants;
handler/twofa/two_fa_get_details.php CHANGED
@@ -1,24 +1,24 @@
1
- <?php
2
-
3
- class two_fa_get_details {
4
-
5
- function getUserMethod($userid){
6
- $userMethod = get_user_meta($userid,'currentMethod',true);
7
- return $userMethod;
8
- }
9
- function setUserMethod($userid,$currentMethod){
10
- $response= update_user_meta($userid,'currentMethod',$currentMethod);
11
- return $response;
12
- }
13
-
14
- function setUserEmail($userid,$email){
15
- $response= update_user_meta($userid,'email',$email);
16
- return $response;
17
- }
18
-
19
- function getUserEmail($userid){
20
- $userEmail = get_user_meta($userid , 'email',true);
21
- return $userEmail;
22
-
23
- }
24
  }
1
+ <?php
2
+
3
+ class two_fa_get_details {
4
+
5
+ function getUserMethod($userid){
6
+ $userMethod = get_user_meta($userid,'currentMethod',true);
7
+ return $userMethod;
8
+ }
9
+ function setUserMethod($userid,$currentMethod){
10
+ $response= update_user_meta($userid,'currentMethod',$currentMethod);
11
+ return $response;
12
+ }
13
+
14
+ function setUserEmail($userid,$email){
15
+ $response= update_user_meta($userid,'email',$email);
16
+ return $response;
17
+ }
18
+
19
+ function getUserEmail($userid){
20
+ $userEmail = get_user_meta($userid , 'email',true);
21
+ return $userEmail;
22
+
23
+ }
24
  }
handler/twofa/two_fa_login.php CHANGED
@@ -1,403 +1,403 @@
1
- <?Php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
- class Miniorange_Mobile_Login {
27
-
28
- function mo2fa_default_login( $user, $username, $password ) {
29
-
30
- global $Mo2fdbQueries;
31
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
- if ( is_wp_error( $currentuser ) ) {
33
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
- wp_send_json_success($data);
36
- }
37
- else{
38
- return $currentuser;
39
- }
40
- } else {
41
- if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
- {
43
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
- $handleSecondFactor = new Miniorange_Password_2Factor_Login();
47
- if(is_null($session_id)) {
48
- $session_id = $handleSecondFactor->create_session();
49
- }
50
-
51
- $key = get_option('mo2f_customer_token');
52
- $otp_token = '';
53
- $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
54
-
55
- }
56
- $this->miniorange_login_start_session();
57
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
58
- $session_id=$pass2fa_login_session->create_session();
59
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
60
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
61
- if ( $mo2f_configured_2FA_method ) {
62
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
63
- $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
64
- if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
65
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
66
- $this->mo_auth_show_error_message();
67
- $this->mo2f_redirectto_wp_login();
68
- $error = new WP_Error();
69
- return $error;
70
- } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
71
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
72
- }
73
- } else { //plugin is not activated for non-admin then logged him in
74
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
75
- }
76
- }
77
- }
78
-
79
- public function miniorange_login_start_session() {
80
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
81
- session_start();
82
- }
83
- }
84
-
85
- function mo_auth_show_error_message($value = null) {
86
- remove_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
87
- add_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
88
- }
89
-
90
- function mo2f_redirectto_wp_login() {
91
- global $Mo2fdbQueries;
92
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
93
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
94
- if(is_null($session_id)) {
95
- $session_id=$pass2fa_login_session->create_session();
96
- }
97
- remove_action( 'login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login' ) );
98
- add_action( 'login_dequeue_scripts', array( $this, 'mo_2_factor_show_login' ) );
99
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
100
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' );
101
- } else {
102
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM' );
103
- }
104
- }
105
-
106
- function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
107
- $user_id = $user->ID;
108
- wp_set_current_user( $user_id, $user->user_login );
109
- $this->remove_current_activity($session_id);
110
- wp_set_auth_cookie( $user_id, true );
111
- do_action( 'wp_login', $user->user_login, $user );
112
- redirect_user_to( $user, $redirect_to );
113
- exit;
114
- }
115
-
116
- function remove_current_activity($session_id) {
117
- global $Mo2fdbQueries;
118
- $session_variables = array(
119
- 'mo2f_current_user_id',
120
- 'mo2f_1stfactor_status',
121
- 'mo_2factor_login_status',
122
- 'mo2f-login-qrCode',
123
- 'mo2f_transactionId',
124
- 'mo2f_login_message',
125
- 'mo2f_rba_status',
126
- 'mo_2_factor_kba_questions',
127
- 'mo2f_show_qr_code',
128
- 'mo2f_google_auth',
129
- 'mo2f_authy_keys'
130
- );
131
-
132
- $cookie_variables = array(
133
- 'mo2f_current_user_id',
134
- 'mo2f_1stfactor_status',
135
- 'mo_2factor_login_status',
136
- 'mo2f-login-qrCode',
137
- 'mo2f_transactionId',
138
- 'mo2f_login_message',
139
- 'mo2f_rba_status_status',
140
- 'mo2f_rba_status_sessionUuid',
141
- 'mo2f_rba_status_decision_flag',
142
- 'kba_question1',
143
- 'kba_question2',
144
- 'mo2f_show_qr_code',
145
- 'mo2f_google_auth',
146
- 'mo2f_authy_keys'
147
- );
148
-
149
- $temp_table_variables = array(
150
- 'session_id',
151
- 'mo2f_current_user_id',
152
- 'mo2f_login_message',
153
- 'mo2f_1stfactor_status',
154
- 'mo2f_transactionId',
155
- 'mo_2_factor_kba_questions',
156
- 'mo2f_rba_status',
157
- 'ts_created'
158
- );
159
-
160
- MO2f_Utility::unset_session_variables( $session_variables );
161
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
162
- MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
163
- }
164
-
165
- function custom_login_enqueue_scripts() {
166
- wp_enqueue_script( 'jquery' );
167
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
168
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
169
- wp_enqueue_style( 'bootstrap_script', $bootstrappath );
170
- wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__ ))) );
171
- }
172
-
173
- function mo_2_factor_hide_login() {
174
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
175
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
176
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
177
- $hidepath = str_replace('/handler/includes/css', '/includes/css', $hidepath);
178
-
179
- wp_register_style( 'hide-login', $hidepath );
180
- wp_register_style( 'bootstrap', $bootstrappath );
181
- wp_enqueue_style( 'hide-login' );
182
- wp_enqueue_style( 'bootstrap' );
183
-
184
- }
185
-
186
- function mo_auth_success_message() {
187
- $message = isset($_SESSION['mo2f_login_message']) ? $_SESSION['mo2f_login_message'] : '';
188
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
189
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
190
- //if the php session folder has insufficient permissions, cookies to be used
191
-
192
-
193
- if($message == '')
194
- {
195
- $message = 'Please login into your account using password.';
196
- }
197
-
198
- return "<div> <p class='message'>" . $message . "</p></div>";
199
- }
200
-
201
- function mo_auth_error_message() {
202
- $id = "login_error1";
203
- //if the php session folder has insufficient permissions, cookies to be used
204
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
205
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
206
- //if the php session folder has insufficient permissions, cookies to be used
207
- if($message=='')
208
- {
209
- $message = 'Invalid Username';
210
- }
211
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
212
- { //test
213
- $message = 'Invalid Username or recaptcha';
214
- }
215
- return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
216
- }
217
-
218
- function mo_auth_show_success_message() {
219
- remove_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
220
- add_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
221
- }
222
-
223
- function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
224
- global $Mo2fdbQueries;
225
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']): null;
226
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
227
-
228
- if(is_null($session_id_encrypt)) {
229
- $session_id_encrypt=$pass2fa_login_session->create_session();
230
- }
231
-
232
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
233
- //if the php session folder has insufficient permissions, cookies to be used
234
- $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' ,$session_id_encrypt);
235
-
236
- if(MO2F_IS_ONPREM)
237
- {
238
- $userName = isset($_POST['mo2fa_username']) ? sanitize_text_field($_POST['mo2fa_username']) : '';
239
-
240
- if(!empty($userName))
241
- {
242
- $user = get_user_by('login',$userName);
243
- if($user)
244
- {
245
- //$currentMethod = get_user_meta($user->ID, 'currentMethod', true);
246
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
247
- if($currentMethod == 'None' or $currentMethod == '')
248
- $login_status_phone_enable = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
249
- }
250
- }
251
- }
252
- if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_login_nonce']), 'miniorange-2-factor-login-nonce' ) ) {
253
- $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
- $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
- $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
256
- $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
- ?>
258
- <script>
259
- jQuery('#user_login').val(<?php echo "'" . $mo2f_user_login . "'"; ?>);
260
- </script><?php
261
- } else {
262
- $this->mo_2_factor_show_login();
263
- $this->mo_2_factor_show_wp_login_form();
264
- }
265
- } else { //Login with phone is alogin with default login form
266
- $this->mo_2_factor_show_login();
267
- $this->mo_2_factor_show_wp_login_form();
268
- }
269
-
270
- }
271
-
272
- function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
273
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ ))) );
274
- wp_enqueue_style( 'show-login' );
275
- }
276
-
277
-
278
- // login form fields
279
-
280
- function mo_2_factor_show_wp_login_form_when_phonelogin_enabled() {
281
- ?>
282
- <script>
283
- var content = ' <a href="javascript:void(0)" id="backto_mo" onClick="mo2fa_backtomologin()" style="float:right">← Back</a>';
284
- jQuery('#login').append(content);
285
-
286
- function mo2fa_backtomologin() {
287
- jQuery('#mo2f_backto_mo_loginform').submit();
288
- }
289
- </script>
290
- <?php
291
- }
292
-
293
- function mo_2_factor_show_login() {
294
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
295
-
296
- $showpath = plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ )));
297
-
298
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
299
- wp_register_style( 'show-login', $hidepath );
300
- } else {
301
- wp_register_style( 'show-login', $showpath );
302
- }
303
- wp_enqueue_style( 'show-login' );
304
- }
305
-
306
- function mo_2_factor_show_wp_login_form() {
307
- $mo2f_enable_login_with_2nd_factor = get_option( 'mo2f_enable_login_with_2nd_factor' );
308
-
309
-
310
- ?>
311
- <div class="mo2f-login-container">
312
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?>
313
- <div style="position: relative" class="or-container">
314
- <div class="login_with_2factor_inner_div"></div>
315
- <h2 class="login_with_2factor_h2"><?php echo mo2f_lt( 'or' ); ?></h2>
316
- </div>
317
- <?php } ?>
318
-
319
- <br>
320
- <div class="mo2f-button-container" id="mo2f_button_container">
321
- <input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true"
322
- placeholder="<?php echo mo2f_lt( 'Username' ); ?>"/>
323
- <p>
324
-
325
- <input type="button" name="miniorange_login_submit" style="width:100% !important;"
326
- onclick="mouserloginsubmit();" id="miniorange_login_submit"
327
- class="button button-primary button-large"
328
- value="<?php echo mo2f_lt( 'Login with 2nd factor' ); ?>"/>
329
- </p>
330
- <br><br><br>
331
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?><br><br><?php } ?>
332
- </div>
333
- </div>
334
-
335
- <script>
336
- jQuery(window).scrollTop(jQuery('#mo2f_button_container').offset().top);
337
-
338
- function mouserloginsubmit() {
339
- var username = jQuery('#mo2fa_usernamekey').val();
340
- var recap = jQuery('#g-recaptcha-response').val();
341
- if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
342
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
343
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[1].value = recap;
344
-
345
- jQuery('#mo2fa-g-recaptcha-response-form').submit();
346
- }
347
- }
348
-
349
- jQuery('#mo2fa_usernamekey').keypress(function (e) {
350
- if (e.which == 13) {//Enter key pressed
351
- e.preventDefault();
352
- var username = jQuery('#mo2fa_usernamekey').val();
353
- if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
354
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
355
- jQuery('#mo2fa-g-recaptcha-response-form').submit();
356
- }
357
- }
358
-
359
- });
360
- </script>
361
- <?php
362
- }
363
-
364
- function miniorange_login_footer_form() {
365
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
366
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
367
- if(is_null($session_id_encrypt)) {
368
- $session_id_encrypt=$pass2fa_login_session->create_session();
369
- }
370
-
371
- ?>
372
- <input type="hidden" name="miniorange_login_nonce"
373
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
375
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
- <input type="hidden" id="sessids" name="session_id"
378
- value="<?php echo $session_id_encrypt; ?>"/>
379
- </form>
380
- <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
- <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
- <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
- <input type="hidden" name="miniorange_login_nonce"
384
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
- <input type="hidden" id="sessid" name="session_id"
386
- value="<?php echo $session_id_encrypt; ?>"/>
387
- </form>
388
- <script>
389
- jQuery(document).ready(function () {
390
- var session_ids="<?php echo $session_id_encrypt; ?>";
391
- if (document.getElementById('loginform') != null) {
392
- jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
- jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
-
395
- }
396
- });
397
- </script>
398
- <?php
399
-
400
- }
401
- }
402
-
1
+ <?Php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
+ class Miniorange_Mobile_Login {
27
+
28
+ function mo2fa_default_login( $user, $username, $password ) {
29
+
30
+ global $Mo2fdbQueries;
31
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
+ if ( is_wp_error( $currentuser ) ) {
33
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
+ wp_send_json_success($data);
36
+ }
37
+ else{
38
+ return $currentuser;
39
+ }
40
+ } else {
41
+ if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
+ {
43
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
+ $handleSecondFactor = new Miniorange_Password_2Factor_Login();
47
+ if(is_null($session_id)) {
48
+ $session_id = $handleSecondFactor->create_session();
49
+ }
50
+
51
+ $key = get_option('mo2f_customer_token');
52
+ $otp_token = '';
53
+ $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
54
+
55
+ }
56
+ $this->miniorange_login_start_session();
57
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
58
+ $session_id=$pass2fa_login_session->create_session();
59
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
60
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
61
+ if ( $mo2f_configured_2FA_method ) {
62
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
63
+ $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
64
+ if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
65
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
66
+ $this->mo_auth_show_err