Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.4

Version Description

  • Google Authenticator-Two Factor Authentication (2FA) : Two Factor : Woocommerce login page integration.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.4
Comparing to
See all releases

Code changes from version 5.4.3 to 5.4.4

Files changed (11) hide show
  1. handler/twofa/gaonprem.php +1 -1
  2. handler/twofa/two_fa_constants.php +3 -0
  3. handler/twofa/two_fa_pass2login.php +1 -1
  4. handler/twofa/two_fa_settings.php +10 -2
  5. helper/constants.php +2 -3
  6. miniorange_2_factor_settings.php +9 -14
  7. readme.txt +10 -2
  8. views/twofa/setup/setup_google_authenticator.php +4 -2
  9. views/twofa/setup/setup_google_authenticator_onpremise.php +12 -2
  10. views/twofa/two_fa_setup_notification.php +2 -2
  11. views/twofa/two_fa_unlimittedUser.php +1 -1
handler/twofa/gaonprem.php CHANGED
@@ -100,7 +100,7 @@ class Google_auth_onpremise{
100
  );
101
  }
102
 
103
- function verifyCode($secret, $code,$discrepancy = 2, $currentTimeSlice = null)
104
  {
105
  global $Mo2fdbQueries;
106
  $response=array("status"=>'false');
100
  );
101
  }
102
 
103
+ function verifyCode($secret, $code,$discrepancy = 3, $currentTimeSlice = null)
104
  {
105
  global $Mo2fdbQueries;
106
  $response=array("status"=>'false');
handler/twofa/two_fa_constants.php CHANGED
@@ -342,6 +342,9 @@ class Mo2fConstants {
342
  case 'APP_TIME_SYNC':
343
  Return mo2f_lt( 'Your App Time is not in sync.Go to settings and tap on tap on Sync Time now .' );
344
  break;
 
 
 
345
  case 'ERROR_WHILE_VALIDATING_USER':
346
  Return mo2f_lt( 'Error occurred while validating the user. Please try again.' );
347
  break;
342
  case 'APP_TIME_SYNC':
343
  Return mo2f_lt( 'Your App Time is not in sync.Go to settings and tap on tap on Sync Time now .' );
344
  break;
345
+ case 'SERVER_TIME_SYNC':
346
+ Return mo2f_lt( 'Please make sure your System and device have the same time as the displayed Server time.' );
347
+ break;
348
  case 'ERROR_WHILE_VALIDATING_USER':
349
  Return mo2f_lt( 'Error occurred while validating the user. Please try again.' );
350
  break;
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1172,7 +1172,7 @@ class Miniorange_Password_2Factor_Login {
1172
  $mo2f_second_factor = 'NONE';
1173
  }
1174
  }
1175
- if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && get_option('mo2f_enable_2fa_prompt_on_login_page')&& !get_option('mo2f_remember_device'))
1176
  {
1177
  $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
1178
  if(is_wp_error( $error))
1172
  $mo2f_second_factor = 'NONE';
1173
  }
1174
  }
1175
+ if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && get_option('mo2f_enable_2fa_prompt_on_login_page')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
1176
  {
1177
  $error=$this->mo2f_validate_soft_token($currentuser, $redirect_to, $mo2f_second_factor, $otp_token,$session_id_encrypt);
1178
  if(is_wp_error( $error))
handler/twofa/two_fa_settings.php CHANGED
@@ -70,10 +70,18 @@ class Miniorange_Authentication {
70
  'mo_2_factor_enable_jquery_default_login'
71
  ) );
72
 
73
- add_action( 'woocommerce_login_form_end', array(
 
74
  $pass2fa_login,
75
  'mo_2_factor_pass2login_show_wp_login_form'
76
  ) );
 
 
 
 
 
 
 
77
  add_action( 'wp_enqueue_scripts', array(
78
  $pass2fa_login,
79
  'mo_2_factor_enable_jquery_default_login'
@@ -1627,7 +1635,7 @@ class Miniorange_Authentication {
1627
 
1628
  }
1629
  } else {
1630
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) );
1631
  $this->mo_auth_show_error_message();
1632
 
1633
  }
70
  'mo_2_factor_enable_jquery_default_login'
71
  ) );
72
 
73
+ if(get_site_option('mo2f_woocommerce_login_prompt')){
74
+ add_action( 'woocommerce_login_form', array(
75
  $pass2fa_login,
76
  'mo_2_factor_pass2login_show_wp_login_form'
77
  ) );
78
+ }
79
+ else if(!get_site_option('mo2f_woocommerce_login_prompt') && get_site_option('mo2f_enable_2fa_prompt_on_login_page') ) {
80
+ add_action('woocommerce_login_form_end' ,array(
81
+ $pass2fa_login,
82
+ 'mo_2_factor_pass2login_woocommerce'
83
+ ) );
84
+ }
85
  add_action( 'wp_enqueue_scripts', array(
86
  $pass2fa_login,
87
  'mo_2_factor_enable_jquery_default_login'
1635
 
1636
  }
1637
  } else {
1638
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) . '<br>3.' . Mo2fConstants::langTranslate( "SERVER_TIME_SYNC" ));
1639
  $this->mo_auth_show_error_message();
1640
 
1641
  }
helper/constants.php CHANGED
@@ -19,8 +19,7 @@
19
  //urls
20
  const RECAPTCHA_URL = 'https://www.google.com/recaptcha/api.js';
21
  const HOST_NAME = "https://login.xecurify.com";
22
- const FOOTER_LINK = '<a style="display:none;" href="http://miniorange.com/cyber-security">Secured By miniOrange</a>';
23
-
24
  //plugins
25
  const TWO_FACTOR_SETTINGS = 'miniorange-2-factor-authentication/miniorange_2_factor_settings.php';
26
  const OTP_VERIFICATION_SETTINGS = 'miniorange-otp-verification/miniorange_validation_settings.php';
@@ -95,4 +94,4 @@
95
  }
96
  new MoWpnsConstants;
97
 
98
- ?>
19
  //urls
20
  const RECAPTCHA_URL = 'https://www.google.com/recaptcha/api.js';
21
  const HOST_NAME = "https://login.xecurify.com";
22
+
 
23
  //plugins
24
  const TWO_FACTOR_SETTINGS = 'miniorange-2-factor-authentication/miniorange_2_factor_settings.php';
25
  const OTP_VERIFICATION_SETTINGS = 'miniorange-otp-verification/miniorange_validation_settings.php';
94
  }
95
  new MoWpnsConstants;
96
 
97
+ ?>
miniorange_2_factor_settings.php CHANGED
@@ -3,13 +3,13 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
- * Version: 5.4.3
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
12
- define( 'MO2F_VERSION', '5.4.3' );
13
  define( 'MO2F_TEST_MODE', FALSE );
14
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
15
  class Miniorange_twoFactor{
@@ -22,8 +22,7 @@
22
  add_action( 'admin_enqueue_scripts' , array( $this, 'mo_wpns_settings_style' ) );
23
  add_action( 'admin_enqueue_scripts' , array( $this, 'mo_wpns_settings_script' ) );
24
  add_action( 'wpns_show_message' , array( $this, 'mo_show_message' ), 1 , 2 );
25
- add_action( 'wp_footer' , array( $this, 'footer_link' ),100 );
26
-
27
  add_action( 'admin_init' , array( $this, 'miniorange_reset_save_settings' ) );
28
  add_filter('manage_users_columns' , array( $this, 'mo2f_mapped_email_column' ) );
29
  add_action('manage_users_custom_column' , array( $this, 'mo2f_mapped_email_column_content'), 10, 3 );
@@ -31,7 +30,8 @@
31
  $actions = add_filter('user_row_actions' , array( $this, 'miniorange_reset_users' ),10 , 2 );
32
  add_action( 'admin_footer' , array( $this, 'feedback_request' ) );
33
  add_action('admin_notices',array( $this, 'mo_wpns_malware_notices' ) );
34
- if(get_option('mo2f_disable_file_editing')) define('DISALLOW_FILE_EDIT', true);
 
35
  $this->includes();
36
  if(get_option("mo_wpns_2fa_with_network_security"))
37
  {
@@ -304,7 +304,7 @@
304
  var element = document.getElementById("pop_up_success");
305
  element.classList.toggle("overlay_not_JQ_success");
306
  element.innerHTML = "";
307
- }, 4000);
308
 
309
  </script>
310
  <?php
@@ -318,7 +318,7 @@
318
  var element = document.getElementById("pop_up_error");
319
  element.classList.toggle("overlay_not_JQ_error");
320
  element.innerHTML = "";
321
- }, 4000);
322
 
323
  </script>
324
  <?php
@@ -332,7 +332,7 @@
332
  var element = document.getElementById("pop_up_error");
333
  element.classList.toggle("overlay_not_JQ_error");
334
  element.innerHTML = "";
335
- }, 4000);
336
 
337
  </script>
338
  <?php
@@ -346,18 +346,13 @@
346
  var element = document.getElementById("pop_up_success");
347
  element.classList.toggle("overlay_not_JQ_success");
348
  element.innerHTML = "";
349
- }, 4000);
350
 
351
  </script>
352
  <?php
353
  }
354
  }
355
 
356
- function footer_link()
357
- {
358
- echo MoWpnsConstants::FOOTER_LINK;
359
- }
360
-
361
  function includes()
362
  {
363
  require('helper/pluginUtility.php');
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
+ * Version: 5.4.4
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
12
+ define( 'MO2F_VERSION', '5.4.4' );
13
  define( 'MO2F_TEST_MODE', FALSE );
14
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
15
  class Miniorange_twoFactor{
22
  add_action( 'admin_enqueue_scripts' , array( $this, 'mo_wpns_settings_style' ) );
23
  add_action( 'admin_enqueue_scripts' , array( $this, 'mo_wpns_settings_script' ) );
24
  add_action( 'wpns_show_message' , array( $this, 'mo_show_message' ), 1 , 2 );
25
+
 
26
  add_action( 'admin_init' , array( $this, 'miniorange_reset_save_settings' ) );
27
  add_filter('manage_users_columns' , array( $this, 'mo2f_mapped_email_column' ) );
28
  add_action('manage_users_custom_column' , array( $this, 'mo2f_mapped_email_column_content'), 10, 3 );
30
  $actions = add_filter('user_row_actions' , array( $this, 'miniorange_reset_users' ),10 , 2 );
31
  add_action( 'admin_footer' , array( $this, 'feedback_request' ) );
32
  add_action('admin_notices',array( $this, 'mo_wpns_malware_notices' ) );
33
+
34
+ if(!defined("DISALLOW_FILE_EDIT") && get_option('mo2f_disable_file_editing') ) define('DISALLOW_FILE_EDIT', true);
35
  $this->includes();
36
  if(get_option("mo_wpns_2fa_with_network_security"))
37
  {
304
  var element = document.getElementById("pop_up_success");
305
  element.classList.toggle("overlay_not_JQ_success");
306
  element.innerHTML = "";
307
+ }, 7000);
308
 
309
  </script>
310
  <?php
318
  var element = document.getElementById("pop_up_error");
319
  element.classList.toggle("overlay_not_JQ_error");
320
  element.innerHTML = "";
321
+ }, 7000);
322
 
323
  </script>
324
  <?php
332
  var element = document.getElementById("pop_up_error");
333
  element.classList.toggle("overlay_not_JQ_error");
334
  element.innerHTML = "";
335
+ }, 7000);
336
 
337
  </script>
338
  <?php
346
  var element = document.getElementById("pop_up_success");
347
  element.classList.toggle("overlay_not_JQ_success");
348
  element.innerHTML = "";
349
+ }, 7000);
350
 
351
  </script>
352
  <?php
353
  }
354
  }
355
 
 
 
 
 
 
356
  function includes()
357
  {
358
  require('helper/pluginUtility.php');
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://miniorange.com/
6
  Requires at least: 3.0.1
7
  Tested up to: 5.4
8
  Requires PHP: 5.3.0
9
- Stable tag: 5.4.3
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -32,9 +32,10 @@ If you are looking for OTP Verification of users during <b>Registration</b> then
32
 
33
  <h4>FREE Plugin Features</h4>
34
  * Simplified & easy to user interface.
35
- * Two Factor Authentication (2FA) for **1 User** forever FREE!
36
  * **Variety of Authentication Methods:** Any App supporting TOTP algorithm like Google, Authy, LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA)
37
  * Includes Language Translation Support. Supports a wide variety of languages
 
38
  * This plugin Supports standard TOTP + HOTP protocols for Authentication Methods.
39
  * Two Factor Authentication (2FA) allows authentication on login page itself for Google Authenticator & miniOrange Soft Token.
40
  * Brute force attack prevention & IP Blocking.
@@ -297,6 +298,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
297
 
298
  == Changelog ==
299
 
 
 
 
300
  = 5.4.3 =
301
  * Google Authenticator-Two Factor Authentication (2FA , Two Factor) : Session issue fix for customers using Two Factor.
302
 
@@ -781,8 +785,12 @@ More descriptive setup messages and UI changes.
781
 
782
  == Upgrade Notice ==
783
 
 
 
 
784
  = 5.4.3 =
785
  * Google Authenticator-Two Factor Authentication (2FA) : Session issue fix for customers using Two Factor.
 
786
  = 5.4.2 =
787
  * Google Authenticator-Two Factor Authentication (2FA) : Warning for cloud customer moving to on-premise Two factor
788
 
6
  Requires at least: 3.0.1
7
  Tested up to: 5.4
8
  Requires PHP: 5.3.0
9
+ Stable tag: 5.4.4
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
32
 
33
  <h4>FREE Plugin Features</h4>
34
  * Simplified & easy to user interface.
35
+ * Two Factor Authentication (2FA) for **3 User** forever FREE!
36
  * **Variety of Authentication Methods:** Any App supporting TOTP algorithm like Google, Authy, LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA)
37
  * Includes Language Translation Support. Supports a wide variety of languages
38
+ * Passwordless login
39
  * This plugin Supports standard TOTP + HOTP protocols for Authentication Methods.
40
  * Two Factor Authentication (2FA) allows authentication on login page itself for Google Authenticator & miniOrange Soft Token.
41
  * Brute force attack prevention & IP Blocking.
298
 
299
  == Changelog ==
300
 
301
+ = 5.4.4 =
302
+ * Google Authenticator-Two Factor Authentication (2FA) : Two Factor : Woocommerce login page integration.
303
+
304
  = 5.4.3 =
305
  * Google Authenticator-Two Factor Authentication (2FA , Two Factor) : Session issue fix for customers using Two Factor.
306
 
785
 
786
  == Upgrade Notice ==
787
 
788
+ = 5.4.4 =
789
+ * Google Authenticator-Two Factor Authentication (2FA) : Two Factor : Woocommerce login page integration.
790
+
791
  = 5.4.3 =
792
  * Google Authenticator-Two Factor Authentication (2FA) : Session issue fix for customers using Two Factor.
793
+
794
  = 5.4.2 =
795
  * Google Authenticator-Two Factor Authentication (2FA) : Warning for cloud customer moving to on-premise Two factor
796
 
views/twofa/setup/setup_google_authenticator.php CHANGED
@@ -117,10 +117,12 @@ function mo2f_configure_google_authenticator( $user ) {
117
  <input type="hidden" name="mo2f_go_back_nonce"
118
  value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
119
  </form>
120
- </div>
 
121
  </td>
122
  </tr>
123
  </table>
 
124
  <script>
125
  jQuery(document).ready(function(){
126
  jQuery(this).scrollTop(0);
@@ -177,4 +179,4 @@ function mo2f_configure_google_authenticator( $user ) {
177
  <?php
178
  }
179
 
180
- ?>
117
  <input type="hidden" name="mo2f_go_back_nonce"
118
  value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
119
  </form>
120
+ </div><br><br>
121
+
122
  </td>
123
  </tr>
124
  </table>
125
+
126
  <script>
127
  jQuery(document).ready(function(){
128
  jQuery(this).scrollTop(0);
179
  <?php
180
  }
181
 
182
+ ?>
views/twofa/setup/setup_google_authenticator_onpremise.php CHANGED
@@ -119,12 +119,22 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode ) {
119
  <input type="hidden" name="mo2f_go_back_nonce"
120
  value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
121
  </form>
 
 
 
122
  </div>
123
  </td>
124
  </tr>
125
  </table>
126
  <?php
127
-
 
 
 
 
 
 
 
128
  echo '<head>';
129
  // echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", __FILE__ ).'"></script>';
130
  // echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", __FILE__ ).'"></script>';
@@ -197,4 +207,4 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode ) {
197
  <?php
198
  }
199
 
200
- ?>
119
  <input type="hidden" name="mo2f_go_back_nonce"
120
  value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
121
  </form>
122
+ </div><br><br>
123
+ <div>
124
+ <h3 style="color: red">Current Server Time: <span id="mo2f_server_time">--</span></h3>
125
  </div>
126
  </td>
127
  </tr>
128
  </table>
129
  <?php
130
+ $q = $_SERVER['REQUEST_TIME']*1000;
131
+ ?>
132
+ <script>
133
+ var d = new Date(<?php echo $q ?>);
134
+ var server_time = d.toLocaleTimeString();
135
+ document.getElementById("mo2f_server_time").innerHTML = server_time;
136
+ </script>
137
+ <?php
138
  echo '<head>';
139
  // echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", __FILE__ ).'"></script>';
140
  // echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", __FILE__ ).'"></script>';
207
  <?php
208
  }
209
 
210
+ ?>
views/twofa/two_fa_setup_notification.php CHANGED
@@ -15,7 +15,7 @@ function mo2f_display_test_2fa_notification( $user ) {
15
  include_once $mo2f_dirName . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
16
  $gauth_obj= new Google_auth_onpremise();
17
  $secret= $gauth_obj->mo_GAuth_get_secret($user->ID);
18
- for ($i = -2; $i <= 2; ++$i) {
19
  $calculatedCode = $gauth_obj->getCode($secret, $currentTimeSlice + $i);
20
  array_push($code_array, $calculatedCode);
21
  }
@@ -63,4 +63,4 @@ function mo2f_display_test_2fa_notification( $user ) {
63
  });
64
  </script>
65
  <?php }
66
- ?>
15
  include_once $mo2f_dirName . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
16
  $gauth_obj= new Google_auth_onpremise();
17
  $secret= $gauth_obj->mo_GAuth_get_secret($user->ID);
18
+ for ($i = -3; $i <= 3; ++$i) {
19
  $calculatedCode = $gauth_obj->getCode($secret, $currentTimeSlice + $i);
20
  array_push($code_array, $calculatedCode);
21
  }
63
  });
64
  </script>
65
  <?php }
66
+ ?>
views/twofa/two_fa_unlimittedUser.php CHANGED
@@ -102,7 +102,7 @@ if(MO2F_IS_ONPREM && current_user_can('administrator'))
102
  <div class="mo_wpns_setting_layout" id="2fa_method">
103
  <input type="hidden" name="option" value="" />
104
  <span>
105
- <h3>Select Roles to enable 2-Factor for Users <b style="font-size: 70%;color: red;">(Upto 5 users in Free version)</b></h3>
106
  <span>
107
  <hr><br>
108
 
102
  <div class="mo_wpns_setting_layout" id="2fa_method">
103
  <input type="hidden" name="option" value="" />
104
  <span>
105
+ <h3>Select Roles to enable 2-Factor for Users <b style="font-size: 70%;color: red;">(Upto 3 users in Free version)</b></h3>
106
  <span>
107
  <hr><br>
108