Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.41

Version Description

  • Google Authenticator - Two factor Authentication (2FA, OTP) :
  • Minor UI Changes and Bug Fixes
Download this release

Release Info

Developer twofactorauthentication
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.41
Comparing to
See all releases

Code changes from version 5.4.40 to 5.4.41

Files changed (39) hide show
  1. api/Mo2f_OnPremRedirect.php +343 -343
  2. api/class-customer-setup.php +33 -33
  3. api/class-rba-attributes.php +183 -183
  4. controllers/PointersManager.php +53 -53
  5. controllers/backup/backup_created_report.php +1 -1
  6. controllers/dashboard_ajax.php +210 -210
  7. controllers/duo_authenticator/duo_authenticator_ajax.php +74 -74
  8. controllers/feedback_footer.php +78 -78
  9. controllers/malware_scanner/scan_malware.php +9 -9
  10. controllers/pointers.php +581 -581
  11. controllers/reports.php +24 -24
  12. controllers/request_christmas_offer.php +47 -47
  13. controllers/request_demo.php +50 -50
  14. controllers/tour/tour_ajax.php +145 -145
  15. controllers/troubleshooting.php +4 -4
  16. controllers/twofa/two_fa_addon.php +5 -5
  17. controllers/twofa/two_fa_custom_form.php +8 -8
  18. controllers/twofa/two_fa_login_option.php +1 -1
  19. controllers/twofa/two_fa_video_guide.php +3 -3
  20. controllers/wpns-loginsecurity-ajax.php +1398 -1398
  21. database/database_functions.php +872 -872
  22. database/database_functions_2fa.php +403 -403
  23. handler/WAF/database/mo-waf-db-common.php +24 -24
  24. handler/WAF/database/mo-waf-db.php +248 -248
  25. handler/WAF/database/mo-waf-plugin-db.php +90 -90
  26. handler/WAF/mo-waf-plugin.php +211 -211
  27. handler/WAF/waf-include.php +91 -91
  28. handler/ajax.php +175 -175
  29. handler/feedback_form.php +210 -210
  30. handler/logger.php +2 -0
  31. handler/login.php +408 -414
  32. handler/mo-block.html +9 -9
  33. handler/mo-waf-plugin.php +409 -409
  34. handler/realtime_ip_block_free.php +51 -51
  35. handler/recaptcha.php +4 -0
  36. handler/twofa/encryption.php +45 -45
  37. handler/twofa/gaonprem.php +250 -252
  38. handler/twofa/two_fa_login.php +402 -402
  39. handler/twofa/two_fa_settings.php +4131 -5060
api/Mo2f_OnPremRedirect.php CHANGED
@@ -1,343 +1,343 @@
1
- <?php
2
- class Mo2f_OnPremRedirect {
3
-
4
- function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
- switch($authType){
6
-
7
- case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
- return $content;
9
- break;
10
- case "KBA": $content = $this->mo2f_kba_onpremise();
11
- return $content;
12
- break;
13
- case "OUT OF BAND EMAIL":
14
- break;
15
- case "EMAIL":
16
- case "OTP OVER EMAIL":
17
- case "OTP_OVER_EMAIL":
18
- return $this->mo2f_otp_over_email($otpToken,$current_user);
19
-
20
-
21
- }
22
-
23
- }
24
-
25
- function mo2f_kba_onpremise(){
26
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
- if(isset($_POST['validate'])){
28
- $user_id = wp_get_current_user()->ID;
29
- }
30
- else{
31
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
- }
33
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
- $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
- $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
- $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
- $questions_challenged = $questions_challenged[0];
38
- $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
- $all_ques_ans = $all_ques_ans[0];
40
- $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
- $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
-
45
- $pass2fa = new Miniorange_Password_2Factor_Login;
46
- $twofa_Settings = new Miniorange_Authentication;
47
- if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
- $content = json_encode($arr);
50
- delete_user_meta( $user_id, 'test_2FA' );
51
- return $content;
52
- }
53
- else {
54
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
- $content = json_encode($arr);
56
- return $content;
57
- }
58
-
59
- }
60
-
61
- function OnpremSendRedirect($useremail,$authType,$currentuser){
62
-
63
- switch($authType){
64
-
65
- case "Email Verification":
66
- case "OUT OF BAND EMAIL":
67
- $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
- return $content;
69
- case "EMAIL":
70
-
71
- case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
- return $content;
73
- case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
- return $content;
75
-
76
- }
77
-
78
- }
79
-
80
- function OnpremSecurityQuestions($user){
81
- $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
- $challenge_questions = array_keys($question_answers[0]);
83
- $random_keys = array_rand($challenge_questions,2);
84
- $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
- $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
- $questions = array($challenge_ques1,$challenge_ques2);
87
- update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
- $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
- return $response;
90
-
91
- }
92
-
93
- function mo2f_google_authenticator_onpremise($otpToken){
94
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
- $gauth_obj= new Google_auth_onpremise();
96
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
- if(is_user_logged_in()){
98
- $user = wp_get_current_user();
99
- $user_id = $user->ID;
100
- }else{
101
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
- }
103
- $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
- $content=$gauth_obj->verifyCode($secret, $otpToken);
105
- return $content;
106
- }
107
- function OnpremOTPOverEMail($current_user,$useremail=false)
108
- {
109
- return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
- }
111
- function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
- {
113
- $count_threshold = 5;
114
- global $Mo2fdbQueries;
115
- if(!isset($current_user) or is_null($current_user))
116
- {
117
- if(is_user_logged_in()){
118
- $current_user = wp_get_current_user();
119
- }else{
120
- $current_user = unserialize($_SESSION['mo2f_current_user']);
121
- }
122
- }
123
-
124
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
- {
126
- $email = get_user_meta($current_user->ID,'tempEmail',true);
127
-
128
- if($email == '' or empty($email))
129
- {
130
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
- }
132
-
133
- }
134
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
- $email = $current_user->user_email;
136
-
137
- delete_user_meta($current_user->ID,'tempEmail');
138
- $subject = '2-Factor Authentication';
139
- $headers = array('Content-Type: text/html; charset=UTF-8');
140
- $otpToken = '';
141
- for($i=1;$i<7;$i++)
142
- {
143
- $otpToken .= rand(0,9);
144
- }
145
- update_user_meta($current_user->ID,$tokenName,$otpToken);
146
- update_user_meta($current_user->ID,$timeName,time());
147
- update_user_meta($current_user->ID,'tempRegEmail',$email);
148
- $message = '<table cellpadding="25" style="margin:0px auto">
149
- <tbody>
150
- <tr>
151
- <td>
152
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
- <tbody>
154
- <tr>
155
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
- </tr>
157
- </tbody>
158
- </table>
159
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
- <tbody>
161
- <tr>
162
- <td>
163
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
- <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
- </div></div></td>
169
- </tr>
170
- </tbody>
171
- </table>
172
- </td>
173
- </tr>
174
- </tbody>
175
- </table>';
176
-
177
- $result = wp_mail($email,$subject,$message,$headers);
178
- if($result){
179
- if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
- Miniorange_Authentication::low_otp_alert("email");
181
- update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
-
184
- }else{
185
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
- }
188
- $content = json_encode($arr);
189
- return $content;
190
-
191
- }
192
-
193
- function mo2f_otp_over_email($otpToken,$current_user)
194
- {
195
- return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
- }
197
- function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
- {
199
- global $Mo2fdbQueries;
200
- if(is_null($current_user))
201
- {
202
- $current_user = wp_get_current_user();
203
- }
204
-
205
- if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
- {
207
- $user_id = $current_user->ID;
208
-
209
-
210
-
211
-
212
- $valid_token = get_user_meta($user_id,$dtoken,true);
213
-
214
-
215
- $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
-
217
-
218
- $time = get_user_meta($user_id,$dtime,true);
219
- $accepted_time = time()-300;
220
-
221
-
222
- if($accepted_time>$time)
223
- {
224
-
225
- delete_user_meta( $user_id, $dtoken );
226
- delete_user_meta( $user_id, $dtime );
227
- delete_user_meta( $user_id,'tempRegEmail');
228
-
229
- $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
- }
231
-
232
- else if($valid_token == $otpToken)
233
- {
234
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
- delete_user_meta( $user_id, $dtoken );
236
- if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
- {
238
- $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
- if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
- $Mo2fdbQueries->update_user_details($user_id,array(
241
- 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
- 'mo2f_user_email'=> $tempRegEmail));
244
- }
245
- delete_user_meta( $user_id,'tempRegEmail');
246
- }
247
- else
248
- {
249
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
- }
251
-
252
- $content = json_encode($arr);
253
- return $content;
254
-
255
- }
256
- }
257
-
258
-
259
- function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
- {
261
-
262
- global $Mo2fdbQueries;
263
-
264
- $email = get_user_meta($current_user->ID,'tempEmail',true);
265
-
266
-
267
- if(empty($email))
268
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
-
270
- $subject = "2-Factor Authentication(Email verification)";
271
- $headers = array('Content-Type: text/html; charset=UTF-8');
272
- $txid = '';
273
- $otpToken = '';
274
- $otpTokenD = '';
275
- for($i=1;$i<7;$i++)
276
- {
277
- $otpToken .= rand(0,9);
278
- $txid .= rand(100,999);
279
- $otpTokenD .= rand(0,9);
280
- }
281
- $otpTokenH = hash('sha512',$otpToken);
282
- $otpTokenDH = hash('sha512', $otpTokenD);
283
- update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
- $userID = hash('sha512',$current_user->ID);
285
- update_site_option($userID,$otpTokenH);
286
- update_site_option($txid,3);
287
- $userIDd = $userID . 'D';
288
- update_site_option($userIDd,$otpTokenDH);
289
-
290
- $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
- $result = wp_mail($email,$subject,$message,$headers);
292
-
293
- $response=array("txId"=>$txid);
294
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
- if($result)
296
- {
297
- $response['status']='SUCCESS';
298
- $time = "time".$txid;
299
- $currentTimeInMillis = round(microtime(true) * 1000);
300
- update_site_option($time,$currentTimeInMillis);
301
- }
302
- else
303
- {
304
- $response['status']='FAILED';
305
- }
306
-
307
- return json_encode($response);
308
- }
309
-
310
- function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
- $url = get_site_option('siteurl').'/wp-login.php?';
312
- $message = '<table cellpadding="25" style="margin:0px auto">
313
- <tbody>
314
- <tr>
315
- <td>
316
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
- <tbody>
318
- <tr>
319
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
- </tr>
321
- </tbody>
322
- </table>
323
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
- <tbody>
325
- <tr>
326
- <td>
327
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
- <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
- <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
- </div></div></td>
334
- </tr>
335
- </tbody>
336
- </table>
337
- </td>
338
- </tr>
339
- </tbody>
340
- </table>';
341
- return $message;
342
- }
343
- }
1
+ <?php
2
+ class Mo2f_OnPremRedirect {
3
+
4
+ function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
+ switch($authType){
6
+
7
+ case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
+ return $content;
9
+ break;
10
+ case "KBA": $content = $this->mo2f_kba_onpremise();
11
+ return $content;
12
+ break;
13
+ case "OUT OF BAND EMAIL":
14
+ break;
15
+ case "EMAIL":
16
+ case "OTP OVER EMAIL":
17
+ case "OTP_OVER_EMAIL":
18
+ return $this->mo2f_otp_over_email($otpToken,$current_user);
19
+
20
+
21
+ }
22
+
23
+ }
24
+
25
+ function mo2f_kba_onpremise(){
26
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
+ if(isset($_POST['validate'])){
28
+ $user_id = wp_get_current_user()->ID;
29
+ }
30
+ else{
31
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
+ }
33
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
+ $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
+ $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
+ $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
+ $questions_challenged = $questions_challenged[0];
38
+ $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
+ $all_ques_ans = $all_ques_ans[0];
40
+ $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
+ $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
+
45
+ $pass2fa = new Miniorange_Password_2Factor_Login;
46
+ $twofa_Settings = new Miniorange_Authentication;
47
+ if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
+ $content = json_encode($arr);
50
+ delete_user_meta( $user_id, 'test_2FA' );
51
+ return $content;
52
+ }
53
+ else {
54
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
+ $content = json_encode($arr);
56
+ return $content;
57
+ }
58
+
59
+ }
60
+
61
+ function OnpremSendRedirect($useremail,$authType,$currentuser){
62
+
63
+ switch($authType){
64
+
65
+ case "Email Verification":
66
+ case "OUT OF BAND EMAIL":
67
+ $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
+ return $content;
69
+ case "EMAIL":
70
+
71
+ case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
+ return $content;
73
+ case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
+ return $content;
75
+
76
+ }
77
+
78
+ }
79
+
80
+ function OnpremSecurityQuestions($user){
81
+ $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
+ $challenge_questions = array_keys($question_answers[0]);
83
+ $random_keys = array_rand($challenge_questions,2);
84
+ $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
+ $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
+ $questions = array($challenge_ques1,$challenge_ques2);
87
+ update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
+ $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
+ return $response;
90
+
91
+ }
92
+
93
+ function mo2f_google_authenticator_onpremise($otpToken){
94
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
+ $gauth_obj= new Google_auth_onpremise();
96
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
+ if(is_user_logged_in()){
98
+ $user = wp_get_current_user();
99
+ $user_id = $user->ID;
100
+ }else{
101
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
+ }
103
+ $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
+ $content=$gauth_obj->verifyCode($secret, $otpToken);
105
+ return $content;
106
+ }
107
+ function OnpremOTPOverEMail($current_user,$useremail=false)
108
+ {
109
+ return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
+ }
111
+ function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
+ {
113
+ $count_threshold = 5;
114
+ global $Mo2fdbQueries;
115
+ if(!isset($current_user) or is_null($current_user))
116
+ {
117
+ if(is_user_logged_in()){
118
+ $current_user = wp_get_current_user();
119
+ }else{
120
+ $current_user = unserialize($_SESSION['mo2f_current_user']);
121
+ }
122
+ }
123
+
124
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
+ {
126
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
127
+
128
+ if($email == '' or empty($email))
129
+ {
130
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
+ }
132
+
133
+ }
134
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
+ $email = $current_user->user_email;
136
+
137
+ delete_user_meta($current_user->ID,'tempEmail');
138
+ $subject = '2-Factor Authentication';
139
+ $headers = array('Content-Type: text/html; charset=UTF-8');
140
+ $otpToken = '';
141
+ for($i=1;$i<7;$i++)
142
+ {
143
+ $otpToken .= rand(0,9);
144
+ }
145
+ update_user_meta($current_user->ID,$tokenName,$otpToken);
146
+ update_user_meta($current_user->ID,$timeName,time());
147
+ update_user_meta($current_user->ID,'tempRegEmail',$email);
148
+ $message = '<table cellpadding="25" style="margin:0px auto">
149
+ <tbody>
150
+ <tr>
151
+ <td>
152
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
+ <tbody>
154
+ <tr>
155
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
+ </tr>
157
+ </tbody>
158
+ </table>
159
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
+ <tbody>
161
+ <tr>
162
+ <td>
163
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
+ <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
+ </div></div></td>
169
+ </tr>
170
+ </tbody>
171
+ </table>
172
+ </td>
173
+ </tr>
174
+ </tbody>
175
+ </table>';
176
+
177
+ $result = wp_mail($email,$subject,$message,$headers);
178
+ if($result){
179
+ if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
+ Miniorange_Authentication::low_otp_alert("email");
181
+ update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
+
184
+ }else{
185
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
+ update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
+ }
188
+ $content = json_encode($arr);
189
+ return $content;
190
+
191
+ }
192
+
193
+ function mo2f_otp_over_email($otpToken,$current_user)
194
+ {
195
+ return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
+ }
197
+ function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
+ {
199
+ global $Mo2fdbQueries;
200
+ if(is_null($current_user))
201
+ {
202
+ $current_user = wp_get_current_user();
203
+ }
204
+
205
+ if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
+ {
207
+ $user_id = $current_user->ID;
208
+
209
+
210
+
211
+
212
+ $valid_token = get_user_meta($user_id,$dtoken,true);
213
+
214
+
215
+ $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
+
217
+
218
+ $time = get_user_meta($user_id,$dtime,true);
219
+ $accepted_time = time()-300;
220
+
221
+
222
+ if($accepted_time>$time)
223
+ {
224
+
225
+ delete_user_meta( $user_id, $dtoken );
226
+ delete_user_meta( $user_id, $dtime );
227
+ delete_user_meta( $user_id,'tempRegEmail');
228
+
229
+ $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
+ }
231
+
232
+ else if($valid_token == $otpToken)
233
+ {
234
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
+ delete_user_meta( $user_id, $dtoken );
236
+ if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
+ {
238
+ $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
+ if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
+ $Mo2fdbQueries->update_user_details($user_id,array(
241
+ 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
+ 'mo2f_user_email'=> $tempRegEmail));
244
+ }
245
+ delete_user_meta( $user_id,'tempRegEmail');
246
+ }
247
+ else
248
+ {
249
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
+ }
251
+
252
+ $content = json_encode($arr);
253
+ return $content;
254
+
255
+ }
256
+ }
257
+
258
+
259
+ function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
+ {
261
+
262
+ global $Mo2fdbQueries;
263
+
264
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
265
+
266
+
267
+ if(empty($email))
268
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
+
270
+ $subject = "2-Factor Authentication(Email verification)";
271
+ $headers = array('Content-Type: text/html; charset=UTF-8');
272
+ $txid = '';
273
+ $otpToken = '';
274
+ $otpTokenD = '';
275
+ for($i=1;$i<7;$i++)
276
+ {
277
+ $otpToken .= rand(0,9);
278
+ $txid .= rand(100,999);
279
+ $otpTokenD .= rand(0,9);
280
+ }
281
+ $otpTokenH = hash('sha512',$otpToken);
282
+ $otpTokenDH = hash('sha512', $otpTokenD);
283
+ update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
+ $userID = hash('sha512',$current_user->ID);
285
+ update_site_option($userID,$otpTokenH);
286
+ update_site_option($txid,3);
287
+ $userIDd = $userID . 'D';
288
+ update_site_option($userIDd,$otpTokenDH);
289
+
290
+ $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
+ $result = wp_mail($email,$subject,$message,$headers);
292
+
293
+ $response=array("txId"=>$txid);
294
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
+ if($result)
296
+ {
297
+ $response['status']='SUCCESS';
298
+ $time = "time".$txid;
299
+ $currentTimeInMillis = round(microtime(true) * 1000);
300
+ update_site_option($time,$currentTimeInMillis);
301
+ }
302
+ else
303
+ {
304
+ $response['status']='FAILED';
305
+ }
306
+
307
+ return json_encode($response);
308
+ }
309
+
310
+ function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
+ $url = get_site_option('siteurl').'/wp-login.php?';
312
+ $message = '<table cellpadding="25" style="margin:0px auto">
313
+ <tbody>
314
+ <tr>
315
+ <td>
316
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
+ <tbody>
318
+ <tr>
319
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
+ </tr>
321
+ </tbody>
322
+ </table>
323
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
+ <tbody>
325
+ <tr>
326
+ <td>
327
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
+ <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
+ <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
+ </div></div></td>
334
+ </tr>
335
+ </tbody>
336
+ </table>
337
+ </td>
338
+ </tr>
339
+ </tbody>
340
+ </table>';
341
+ return $message;
342
+ }
343
+ }
api/class-customer-setup.php CHANGED
@@ -1,34 +1,34 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
- //all parent methods
31
- }
32
-
33
-
34
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+ //all parent methods
31
+ }
32
+
33
+
34
  ?>
api/class-rba-attributes.php CHANGED
@@ -1,184 +1,184 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Miniorange_Rba_Attributes {
29
-
30
- private $auth_mode = 2; // miniorange test or not
31
- private $https_mode = false; // website http or https
32
-
33
- function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
-
35
- if ( ! MO2f_Utility::is_curl_installed() ) {
36
- return $this->get_curl_error_message();
37
- }
38
-
39
- $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
- $customerKey = get_option( 'mo2f_customerKey' );
41
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
- $mo2fApi= new Mo2f_Api();
43
- $http_header_array = $mo2fApi->get_http_header_array();
44
-
45
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
- }
47
-
48
- function get_curl_error_message() {
49
- $message = mo2f_lt( 'Please enable curl extension.' ) .
50
- ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
- mo2f_lt( 'Click here' ) .
52
- ' </a> ' .
53
- mo2f_lt( 'for the steps to enable curl.' );
54
-
55
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
- }
57
-
58
- function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
-
60
- if ( ! MO2f_Utility::is_curl_installed() ) {
61
- return $this->get_curl_error_message();
62
- }
63
-
64
- $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
- $customerKey = get_option( 'mo2f_customerKey' );
66
- $field_string = array(
67
- 'customerKey' => $customerKey,
68
- 'appSecret' => get_option( 'mo2f_app_secret' ),
69
- 'userKey' => $useremail,
70
- 'sessionUuid' => $sessionUuid
71
- );
72
- $mo2fApi= new Mo2f_Api();
73
-
74
- $http_header_array = $mo2fApi->get_http_header_array();
75
-
76
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
- }
78
-
79
- function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
-
81
- if ( ! MO2f_Utility::is_curl_installed() ) {
82
- return $this->get_curl_error_message();
83
- }
84
-
85
- $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
- $customerKey = get_option( 'mo2f_customerKey' );
87
- $field_string = array(
88
- 'customerKey' => $customerKey,
89
- 'userKey' => $useremail,
90
- 'sessionUuid' => $sessionUuid
91
- );
92
- $mo2fApi= new Mo2f_Api();
93
- $http_header_array = $mo2fApi->get_http_header_array();
94
-
95
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
- }
97
-
98
- function mo2f_get_app_secret() {
99
-
100
- if ( ! MO2f_Utility::is_curl_installed() ) {
101
- return $this->get_curl_error_message();
102
- }
103
-
104
- $mo2fApi= new Mo2f_Api();
105
-
106
- $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
- $customerKey = get_option( 'mo2f_customerKey' );
108
- $field_string = array(
109
- 'customerId' => $customerKey
110
- );
111
-
112
- $http_header_array = $mo2fApi->get_http_header_array();
113
-
114
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
- }
116
-
117
- function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
-
119
- if ( ! MO2f_Utility::is_curl_installed() ) {
120
- return $this->get_curl_error_message();
121
- }
122
- $mo2fApi= new Mo2f_Api();
123
- $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
- $customerKey = get_option( 'mo2f_customerKey' );
125
- $field_string = array(
126
- 'customerKey' => $customerKey,
127
- 'username' => $useremail,
128
- 'googleAuthenticatorName' => $googleAuthenticatorName
129
- );
130
-
131
- $http_header_array = $mo2fApi->get_http_header_array();
132
-
133
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
- }
135
-
136
- function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
- if(MO2F_IS_ONPREM){
138
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
- $gauth_obj= new Google_auth_onpremise();
140
- $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
- if($session_id_encrypt){
142
- $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
- }else{
144
- $secret_ga = $secret;
145
- }
146
- $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
- $value = json_decode($content,true);
148
- if($value['status'] == 'SUCCESS'){
149
- $user = wp_get_current_user();
150
- $user_id = $user->ID;
151
- $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
- update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
- update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
- global $Mo2fdbQueries;//might not need this
155
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
- }
157
- }else{
158
- if ( ! MO2f_Utility::is_curl_installed() ) {
159
- return $this->get_curl_error_message();
160
- }
161
-
162
-
163
- $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
- $mo2fApi= new Mo2f_Api();
165
-
166
- $customerKey = get_option( 'mo2f_customerKey' );
167
- $field_string = array(
168
- 'customerKey' => $customerKey,
169
- 'username' => $useremail,
170
- 'secret' => $secret,
171
- 'otpToken' => $otptoken,
172
- 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
- );
174
-
175
- $http_header_array = $mo2fApi->get_http_header_array();
176
- $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
- }
178
-
179
- return $content;
180
- }
181
-
182
- }
183
-
184
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Miniorange_Rba_Attributes {
29
+
30
+ private $auth_mode = 2; // miniorange test or not
31
+ private $https_mode = false; // website http or https
32
+
33
+ function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
+ $customerKey = get_option( 'mo2f_customerKey' );
41
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
+ $mo2fApi= new Mo2f_Api();
43
+ $http_header_array = $mo2fApi->get_http_header_array();
44
+
45
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
+ }
47
+
48
+ function get_curl_error_message() {
49
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
50
+ ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
+ mo2f_lt( 'Click here' ) .
52
+ ' </a> ' .
53
+ mo2f_lt( 'for the steps to enable curl.' );
54
+
55
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
+ }
57
+
58
+ function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
+
60
+ if ( ! MO2f_Utility::is_curl_installed() ) {
61
+ return $this->get_curl_error_message();
62
+ }
63
+
64
+ $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
+ $customerKey = get_option( 'mo2f_customerKey' );
66
+ $field_string = array(
67
+ 'customerKey' => $customerKey,
68
+ 'appSecret' => get_option( 'mo2f_app_secret' ),
69
+ 'userKey' => $useremail,
70
+ 'sessionUuid' => $sessionUuid
71
+ );
72
+ $mo2fApi= new Mo2f_Api();
73
+
74
+ $http_header_array = $mo2fApi->get_http_header_array();
75
+
76
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
+ }
78
+
79
+ function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
+
81
+ if ( ! MO2f_Utility::is_curl_installed() ) {
82
+ return $this->get_curl_error_message();
83
+ }
84
+
85
+ $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
+ $customerKey = get_option( 'mo2f_customerKey' );
87
+ $field_string = array(
88
+ 'customerKey' => $customerKey,
89
+ 'userKey' => $useremail,
90
+ 'sessionUuid' => $sessionUuid
91
+ );
92
+ $mo2fApi= new Mo2f_Api();
93
+ $http_header_array = $mo2fApi->get_http_header_array();
94
+
95
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
+ }
97
+
98
+ function mo2f_get_app_secret() {
99
+
100
+ if ( ! MO2f_Utility::is_curl_installed() ) {
101
+ return $this->get_curl_error_message();
102
+ }
103
+
104
+ $mo2fApi= new Mo2f_Api();
105
+
106
+ $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
+ $customerKey = get_option( 'mo2f_customerKey' );
108
+ $field_string = array(
109
+ 'customerId' => $customerKey
110
+ );
111
+
112
+ $http_header_array = $mo2fApi->get_http_header_array();
113
+
114
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
+ }
116
+
117
+ function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
+
119
+ if ( ! MO2f_Utility::is_curl_installed() ) {
120
+ return $this->get_curl_error_message();
121
+ }
122
+ $mo2fApi= new Mo2f_Api();
123
+ $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
+ $customerKey = get_option( 'mo2f_customerKey' );
125
+ $field_string = array(
126
+ 'customerKey' => $customerKey,
127
+ 'username' => $useremail,
128
+ 'googleAuthenticatorName' => $googleAuthenticatorName
129
+ );
130
+
131
+ $http_header_array = $mo2fApi->get_http_header_array();
132
+
133
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
+ }
135
+
136
+ function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
+ if(MO2F_IS_ONPREM){
138
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
+ $gauth_obj= new Google_auth_onpremise();
140
+ $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
+ if($session_id_encrypt){
142
+ $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
+ }else{
144
+ $secret_ga = $secret;
145
+ }
146
+ $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
+ $value = json_decode($content,true);
148
+ if($value['status'] == 'SUCCESS'){
149
+ $user = wp_get_current_user();
150
+ $user_id = $user->ID;
151
+ $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
+ update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
+ update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
+ global $Mo2fdbQueries;//might not need this
155
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
+ }
157
+ }else{
158
+ if ( ! MO2f_Utility::is_curl_installed() ) {
159
+ return $this->get_curl_error_message();
160
+ }
161
+
162
+
163
+ $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
+ $mo2fApi= new Mo2f_Api();
165
+
166
+ $customerKey = get_option( 'mo2f_customerKey' );
167
+ $field_string = array(
168
+ 'customerKey' => $customerKey,
169
+ 'username' => $useremail,
170
+ 'secret' => $secret,
171
+ 'otpToken' => $otptoken,
172
+ 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
+ );
174
+
175
+ $http_header_array = $mo2fApi->get_http_header_array();
176
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
+ }
178
+
179
+ return $content;
180
+ }
181
+
182
+ }
183
+
184
  ?>
controllers/PointersManager.php CHANGED
@@ -1,54 +1,54 @@
1
- <?php
2
-
3
- class Mo2FAPointersManager {
4
-
5
- private $pfile;
6
- private $version;
7
- private $prefix;
8
- private $pointers = array();
9
-
10
- public function __construct( $file, $version, $prefix ) {
11
- $this->pfile = file_exists( $file ) ? $file : FALSE;
12
- $this->version = str_replace( '.', '_', $version );
13
- $this->prefix = $prefix;
14
- }
15
-
16
- public function parse() {
17
- if ( empty( $this->pfile ) ) return;
18
- $pointers = (array) require_once $this->pfile;
19
- if ( empty($pointers) ) return;
20
- foreach ( $pointers as $i => $pointer ) {
21
- if(is_array($pointer)){
22
- $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
- $this->pointers[$pointer['id']] = (object) $pointer;
24
- }
25
- }
26
- }
27
-
28
- public function filter( $page ) {
29
- if ( empty( $this->pointers ) ) return array();
30
- $uid = get_current_user_id();
31
- $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
-
33
- $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
-
35
-
36
- $good = array();
37
-
38
- foreach( $this->pointers as $i => $pointer ) {
39
- if (
40
- in_array( $i, $active_ids, TRUE ) // is active
41
- && isset( $pointer->where ) // has where
42
- && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
- ) {
44
- $good[] = $pointer;
45
- }
46
- }
47
- $count = count( $good );
48
- if ( $good === 0 ) return array();
49
- foreach( array_values( $good ) as $i => $pointer ) {
50
- $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
- }
52
- return $good;
53
- }
54
  }
1
+ <?php
2
+
3
+ class Mo2FAPointersManager {
4
+
5
+ private $pfile;
6
+ private $version;
7
+ private $prefix;
8
+ private $pointers = array();
9
+
10
+ public function __construct( $file, $version, $prefix ) {
11
+ $this->pfile = file_exists( $file ) ? $file : FALSE;
12
+ $this->version = str_replace( '.', '_', $version );
13
+ $this->prefix = $prefix;
14
+ }
15
+
16
+ public function parse() {
17
+ if ( empty( $this->pfile ) ) return;
18
+ $pointers = (array) require_once $this->pfile;
19
+ if ( empty($pointers) ) return;
20
+ foreach ( $pointers as $i => $pointer ) {
21
+ if(is_array($pointer)){
22
+ $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
+ $this->pointers[$pointer['id']] = (object) $pointer;
24
+ }
25
+ }
26
+ }
27
+
28
+ public function filter( $page ) {
29
+ if ( empty( $this->pointers ) ) return array();
30
+ $uid = get_current_user_id();
31
+ $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
+
33
+ $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
+
35
+
36
+ $good = array();
37
+
38
+ foreach( $this->pointers as $i => $pointer ) {
39
+ if (
40
+ in_array( $i, $active_ids, TRUE ) // is active
41
+ && isset( $pointer->where ) // has where
42
+ && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
+ ) {
44
+ $good[] = $pointer;
45
+ }
46
+ }
47
+ $count = count( $good );
48
+ if ( $good === 0 ) return array();
49
+ foreach( array_values( $good ) as $i => $pointer ) {
50
+ $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
+ }
52
+ return $good;
53
+ }
54
  }
controllers/backup/backup_created_report.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
controllers/dashboard_ajax.php CHANGED
@@ -1,211 +1,211 @@
1
- <?php
2
- class Mo2f_ajax_dashboard
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
- }
7
-
8
- public function mo2f_switch_functions(){
9
- if(isset($_POST) && isset($_POST['option'])){
10
- $tab_count= get_site_option('mo2f_tab_count', 0);
11
- if($tab_count == 5)
12
- update_site_option('mo_2f_switch_all', 1);
13
- else if($tab_count == 0)
14
- update_site_option('mo_2f_switch_all', 0);
15
- $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
- switch(sanitize_text_field($_POST['option']))
17
- {
18
- case "tab_all_switch":
19
- $this->mo2f_handle_all_enable($santizied_post);
20
- break;
21
- case "tab_2fa_switch":
22
- $this->mo2f_handle_2fa_enable($santizied_post);
23
- break;
24
- case "tab_waf_switch":
25
- $this->mo2f_handle_waf_enable($santizied_post);
26
- break;
27
- case "tab_login_switch":
28
- $this->mo2f_handle_login_enable($santizied_post);
29
- break;
30
- case "tab_backup_switch":
31
- $this->mo2f_handle_backup_enable($santizied_post);
32
- break;
33
- case "tab_malware_switch":
34
- $this->mo2f_handle_malware_enable($santizied_post);
35
- break;
36
- case "tab_block_switch":
37
- $this->mo2f_handle_block_enable($santizied_post);
38
- break;
39
-
40
- }
41
- }
42
- }
43
-
44
- public function mo2f_handle_all_enable($POSTED){
45
- $this->mo2f_handle_waf_enable($POSTED);
46
- $this->mo2f_handle_login_enable($POSTED);
47
- $this->mo2f_handle_backup_enable($POSTED);
48
- $this->mo2f_handle_malware_enable($POSTED);
49
- $this->mo2f_handle_block_enable($POSTED);
50
- if($POSTED){
51
- update_option('mo_2f_switch_all',1);
52
- update_site_option('mo2f_tab_count', 5);
53
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
- }
55
- else{
56
- update_option('mo_2f_switch_all', 0);
57
- update_site_option('mo2f_tab_count', 0);
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
- }
60
- }
61
-
62
- public function mo2f_handle_2fa_enable($POSTED){
63
- global $Mo2fdbQueries;
64
- $user= wp_get_current_user();
65
- $user_id= $user->user_ID;
66
- if($POSTED){
67
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
- if(sanitize_text_field($_POST['tab_2fa_switch']))
69
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
- }
71
- else{
72
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
- if(sanitize_text_field($_POST['tab_2fa_switch']))
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
- }
76
- }
77
-
78
- public function mo2f_handle_waf_enable($POSTED){
79
- if($POSTED){
80
- update_site_option('mo_2f_switch_waf', 1);
81
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
- if (isset($_POST['option'] ))
83
- {
84
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
- {
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
- }
88
- }
89
- }
90
- else{
91
- update_site_option('mo_2f_switch_waf', 0);
92
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
- update_option('WAFEnabled', 0);
94
- update_option('WAF','wafDisable');
95
- update_site_option('Rate_limiting', 0);
96
- $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
- $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
- $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
- $filePath = str_replace('\\', '/', $filePath);
100
- $file = file_get_contents($dir_name1);
101
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
- $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
- $cont .= '# END miniOrange WAF'.PHP_EOL;
104
- $file =str_replace($cont,'',$file);
105
- file_put_contents($dir_name1, $file);
106
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
- }
109
- }
110
-
111
- public function mo2f_handle_login_enable($POSTED){
112
- if($POSTED){
113
- update_site_option('mo_2f_switch_loginspam', 1);
114
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
- if (isset($_POST['option'] ))
116
- {
117
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
- }
120
- }
121
- else{
122
- update_site_option('mo_2f_switch_loginspam', 0);
123
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
- update_site_option('mo2f_enable_brute_force', false);
125
- update_site_option('mo_wpns_activate_recaptcha', false);
126
- update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
- update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
- update_site_option('mo2f_enforce_strong_passswords', 0);
131
- update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
- update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
- update_site_option('mo_wpns_enable_social_integration', false);
134
- update_site_option('mo2f_protect_wp_config', 0);
135
- update_site_option('mo2f_prevent_directory_browsing', 0);
136
- update_site_option('mo2f_disable_file_editing', 0);
137
- update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
- update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
- update_site_option('mo2f_htaccess_file', 0);
140
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
- }
143
- }
144
-
145
- public function mo2f_handle_backup_enable($POSTED){
146
- if($POSTED){
147
- update_site_option('mo_2f_switch_backup', 1);
148
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
- if (isset($_POST['option'] ))
150
- {
151
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
- }
154
- }
155
- else{
156
- update_site_option('mo_2f_switch_backup', 0);
157
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
- $handler_obj = new MoBackupSite;
159
- $handler_obj->bl_deactivate();
160
- update_site_option('mo2f_enable_cron_backup', 0);
161
- $handler_obj->file_backup_deactivate();
162
- update_site_option('mo2f_enable_cron_file_backup', 0);
163
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
- }
166
- }
167
-
168
- public function mo2f_handle_malware_enable($POSTED){
169
- if($POSTED){
170
- update_site_option('mo_2f_switch_malware', 1);
171
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
- if (isset($_POST['option'] ))
173
- {
174
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
- }
177
- }else{
178
- update_site_option('mo_2f_switch_malware', 0);
179
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
- }
183
- }
184
-
185
- public function mo2f_handle_block_enable($POSTED){
186
- if($POSTED){
187
- update_site_option('mo_2f_switch_adv_block', 1);
188
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
- if (isset($_POST['option'] ))
190
- {
191
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
- }
194
- }
195
- else{
196
- update_site_option('mo_2f_switch_adv_block', 0);
197
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
- update_site_option('mo_wpns_iprange_count', 0);
199
- update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
- update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
- update_site_option('mo_wpns_referrers', false);
202
- update_site_option('mo_wpns_countrycodes', false);
203
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
- }
206
- }
207
-
208
-
209
- }
210
- new Mo2f_ajax_dashboard();
211
  ?>
1
+ <?php
2
+ class Mo2f_ajax_dashboard
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
+ }
7
+
8
+ public function mo2f_switch_functions(){
9
+ if(isset($_POST) && isset($_POST['option'])){
10
+ $tab_count= get_site_option('mo2f_tab_count', 0);
11
+ if($tab_count == 5)
12
+ update_site_option('mo_2f_switch_all', 1);
13
+ else if($tab_count == 0)
14
+ update_site_option('mo_2f_switch_all', 0);
15
+ $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
+ switch(sanitize_text_field($_POST['option']))
17
+ {
18
+ case "tab_all_switch":
19
+ $this->mo2f_handle_all_enable($santizied_post);
20
+ break;
21
+ case "tab_2fa_switch":
22
+ $this->mo2f_handle_2fa_enable($santizied_post);
23
+ break;
24
+ case "tab_waf_switch":
25
+ $this->mo2f_handle_waf_enable($santizied_post);
26
+ break;
27
+ case "tab_login_switch":
28
+ $this->mo2f_handle_login_enable($santizied_post);
29
+ break;
30
+ case "tab_backup_switch":
31
+ $this->mo2f_handle_backup_enable($santizied_post);
32
+ break;
33
+ case "tab_malware_switch":
34
+ $this->mo2f_handle_malware_enable($santizied_post);
35
+ break;
36
+ case "tab_block_switch":
37
+ $this->mo2f_handle_block_enable($santizied_post);
38
+ break;
39
+
40
+ }
41
+ }
42
+ }
43
+
44
+ public function mo2f_handle_all_enable($POSTED){
45
+ $this->mo2f_handle_waf_enable($POSTED);
46
+ $this->mo2f_handle_login_enable($POSTED);
47
+ $this->mo2f_handle_backup_enable($POSTED);
48
+ $this->mo2f_handle_malware_enable($POSTED);
49
+ $this->mo2f_handle_block_enable($POSTED);
50
+ if($POSTED){
51
+ update_option('mo_2f_switch_all',1);
52
+ update_site_option('mo2f_tab_count', 5);
53
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
+ }
55
+ else{
56
+ update_option('mo_2f_switch_all', 0);
57
+ update_site_option('mo2f_tab_count', 0);
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
+ }
60
+ }
61
+
62
+ public function mo2f_handle_2fa_enable($POSTED){
63
+ global $Mo2fdbQueries;
64
+ $user= wp_get_current_user();
65
+ $user_id= $user->user_ID;
66
+ if($POSTED){
67
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
69
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
+ }
71
+ else{
72
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
+ }
76
+ }
77
+
78
+ public function mo2f_handle_waf_enable($POSTED){
79
+ if($POSTED){
80
+ update_site_option('mo_2f_switch_waf', 1);
81
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
+ if (isset($_POST['option'] ))
83
+ {
84
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
+ {
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
+ }
88
+ }
89
+ }
90
+ else{
91
+ update_site_option('mo_2f_switch_waf', 0);
92
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
+ update_option('WAFEnabled', 0);
94
+ update_option('WAF','wafDisable');
95
+ update_site_option('Rate_limiting', 0);
96
+ $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
+ $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
+ $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
+ $filePath = str_replace('\\', '/', $filePath);
100
+ $file = file_get_contents($dir_name1);
101
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
+ $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
104
+ $file =str_replace($cont,'',$file);
105
+ file_put_contents($dir_name1, $file);
106
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
+ }
109
+ }
110
+
111
+ public function mo2f_handle_login_enable($POSTED){
112
+ if($POSTED){
113
+ update_site_option('mo_2f_switch_loginspam', 1);
114
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
+ if (isset($_POST['option'] ))
116
+ {
117
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
+ }
120
+ }
121
+ else{
122
+ update_site_option('mo_2f_switch_loginspam', 0);
123
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
+ update_site_option('mo2f_enable_brute_force', false);
125
+ update_site_option('mo_wpns_activate_recaptcha', false);
126
+ update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
+ update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
+ update_site_option('mo2f_enforce_strong_passswords', 0);
131
+ update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
+ update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
+ update_site_option('mo_wpns_enable_social_integration', false);
134
+ update_site_option('mo2f_protect_wp_config', 0);
135
+ update_site_option('mo2f_prevent_directory_browsing', 0);
136
+ update_site_option('mo2f_disable_file_editing', 0);
137
+ update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
+ update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
+ update_site_option('mo2f_htaccess_file', 0);
140
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
+ }
143
+ }
144
+
145
+ public function mo2f_handle_backup_enable($POSTED){
146
+ if($POSTED){
147
+ update_site_option('mo_2f_switch_backup', 1);
148
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
+ if (isset($_POST['option'] ))
150
+ {
151
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
+ }
154
+ }
155
+ else{
156
+ update_site_option('mo_2f_switch_backup', 0);
157
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
+ $handler_obj = new MoBackupSite;
159
+ $handler_obj->bl_deactivate();
160
+ update_site_option('mo2f_enable_cron_backup', 0);
161
+ $handler_obj->file_backup_deactivate();
162
+ update_site_option('mo2f_enable_cron_file_backup', 0);
163
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
+ }
166
+ }
167
+
168
+ public function mo2f_handle_malware_enable($POSTED){
169
+ if($POSTED){
170
+ update_site_option('mo_2f_switch_malware', 1);
171
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
+ if (isset($_POST['option'] ))
173
+ {
174
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
+ }
177
+ }else{
178
+ update_site_option('mo_2f_switch_malware', 0);
179
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
+ }
183
+ }
184
+
185
+ public function mo2f_handle_block_enable($POSTED){
186
+ if($POSTED){
187
+ update_site_option('mo_2f_switch_adv_block', 1);
188
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
+ if (isset($_POST['option'] ))
190
+ {
191
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
+ }
194
+ }
195
+ else{
196
+ update_site_option('mo_2f_switch_adv_block', 0);
197
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
+ update_site_option('mo_wpns_iprange_count', 0);
199
+ update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
+ update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
+ update_site_option('mo_wpns_referrers', false);
202
+ update_site_option('mo_wpns_countrycodes', false);
203
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
+ }
206
+ }
207
+
208
+
209
+ }
210
+ new Mo2f_ajax_dashboard();
211
  ?>
controllers/duo_authenticator/duo_authenticator_ajax.php CHANGED
@@ -1,74 +1,74 @@
1
- <?php
2
- class Mo_2f_duo_authenticator
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
-
7
- }
8
-
9
- public function mo2f_duo_authenticator_functions(){
10
- add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
- add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
- }
13
-
14
- public function mo2f_duo_ajax_request(){
15
-
16
- switch ($_POST['call_type']) {
17
- case "check_duo_push_auth_status":
18
- $this->mo2f_check_duo_push_auth_status();
19
- break;
20
- }
21
- }
22
-
23
- public function mo2f_duo_authenticator_ajax(){
24
- switch($_POST['call_type'])
25
- {
26
-
27
- case "check_duo_push_auth_status":
28
- $this->mo2f_check_duo_push_auth_status();
29
- break;
30
- }
31
- }
32
-
33
-
34
- function mo2f_check_duo_push_auth_status(){
35
-
36
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
- {
38
- wp_send_json("ERROR");
39
- exit;
40
- }else{
41
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
- $ikey = get_site_option('mo2f_d_integration_key');
43
- $skey = get_site_option('mo2f_d_secret_key');
44
- $host = get_site_option('mo2f_d_api_hostname');
45
- $current_user = wp_get_current_user();
46
-
47
- $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
- $user_email = get_user_meta($user_id,'current_user_email');
50
- $user_email = isset($user_email[0])? $user_email[0]:'';
51
-
52
- if($user_email == '' || empty($user_email))
53
- $user_email = $current_user->user_email;
54
-
55
- $device['device'] = 'auto';
56
-
57
- $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
-
59
-
60
- if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
-
62
- wp_send_json('SUCCESS');
63
- }else{
64
-
65
- wp_send_json('ERROR');
66
- }
67
- }
68
-
69
-
70
- }
71
-
72
- }
73
- new Mo_2f_duo_authenticator();
74
- ?>
1
+ <?php
2
+ class Mo_2f_duo_authenticator
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
+
7
+ }
8
+
9
+ public function mo2f_duo_authenticator_functions(){
10
+ add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
+ add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
+ }
13
+
14
+ public function mo2f_duo_ajax_request(){
15
+
16
+ switch ($_POST['call_type']) {
17
+ case "check_duo_push_auth_status":
18
+ $this->mo2f_check_duo_push_auth_status();
19
+ break;
20
+ }
21
+ }
22
+
23
+ public function mo2f_duo_authenticator_ajax(){
24
+ switch($_POST['call_type'])
25
+ {
26
+
27
+ case "check_duo_push_auth_status":
28
+ $this->mo2f_check_duo_push_auth_status();
29
+ break;
30
+ }
31
+ }
32
+
33
+
34
+ function mo2f_check_duo_push_auth_status(){
35
+
36
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
+ {
38
+ wp_send_json("ERROR");
39
+ exit;
40
+ }else{
41
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
+ $ikey = get_site_option('mo2f_d_integration_key');
43
+ $skey = get_site_option('mo2f_d_secret_key');
44
+ $host = get_site_option('mo2f_d_api_hostname');
45
+ $current_user = wp_get_current_user();
46
+
47
+ $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
+ $user_email = get_user_meta($user_id,'current_user_email');
50
+ $user_email = isset($user_email[0])? $user_email[0]:'';
51
+
52
+ if($user_email == '' || empty($user_email))
53
+ $user_email = $current_user->user_email;
54
+
55
+ $device['device'] = 'auto';
56
+
57
+ $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
+
59
+
60
+ if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
+
62
+ wp_send_json('SUCCESS');
63
+ }else{
64
+
65
+ wp_send_json('ERROR');
66
+ }
67
+ }
68
+
69
+
70
+ }
71
+
72
+ }
73
+ new Mo_2f_duo_authenticator();
74
+ ?>
controllers/feedback_footer.php CHANGED
@@ -1,79 +1,79 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
- break;
12
- }
13
- }
14
-
15
- $current_user = wp_get_current_user();
16
- $email = get_option("mo2f_email");
17
- $phone = get_option("mo_wpns_admin_phone");
18
-
19
-
20
- /* SUPPORT FORM RELATED FUNCTIONS */
21
-
22
- //Function to handle support form submit
23
-
24
- if(empty($email))
25
- $email = $current_user->user_email;
26
-
27
- function wpns_handle_support_form_new($email,$query,$phone)
28
- {
29
- $call_setup = false;
30
- if(array_key_exists('2fa_setup_call',$_POST)===true){
31
- $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
32
- $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
33
- $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
34
- $call_setup = true;
35
- }
36
- $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
37
-
38
- if(empty($email) || empty($query)){
39
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
40
- return;
41
- }
42
-
43
- $query = sanitize_text_field( $query );
44
- $email = sanitize_text_field( $email );
45
- $phone = sanitize_text_field( $phone );
46
- $contact_us = new MocURL();
47
-
48
- if($send_configuration)
49
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
50
- else
51
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
52
-
53
- if($call_setup == false) {
54
- $query = $query.'<br><br>';
55
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
56
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
57
- } else {
58
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
59
- }
60
- } else {
61
-
62
- $local_timezone='Asia/Kolkata';
63
- $call_datetime=$call_date.$call_time;
64
- $convert_datetime = strtotime ( $call_datetime );
65
- $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
66
- $ist_date->setTimezone(new DateTimeZone($local_timezone));
67
-
68
-
69
- $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
70
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
71
-
72
- }
73
- if(json_last_error() == JSON_ERROR_NONE && $submited){
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
75
- }else{
76
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
77
- }
78
- }
79
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
+ break;
12
+ }
13
+ }
14
+
15
+ $current_user = wp_get_current_user();
16
+ $email = get_option("mo2f_email");
17
+ $phone = get_option("mo_wpns_admin_phone");
18
+
19
+
20
+ /* SUPPORT FORM RELATED FUNCTIONS */
21
+
22
+ //Function to handle support form submit
23
+
24
+ if(empty($email))
25
+ $email = $current_user->user_email;
26
+
27
+ function wpns_handle_support_form_new($email,$query,$phone)
28
+ {
29
+ $call_setup = false;
30
+ if(array_key_exists('2fa_setup_call',$_POST)===true){
31
+ $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
32
+ $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
33
+ $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
34
+ $call_setup = true;
35
+ }
36
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
37
+
38
+ if(empty($email) || empty($query)){
39
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
40
+ return;
41
+ }
42
+
43
+ $query = sanitize_text_field( $query );
44
+ $email = sanitize_text_field( $email );
45
+ $phone = sanitize_text_field( $phone );
46
+ $contact_us = new MocURL();
47
+
48
+ if($send_configuration)
49
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
50
+ else
51
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
52
+
53
+ if($call_setup == false) {
54
+ $query = $query.'<br><br>';
55
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
56
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
57
+ } else {
58
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
59
+ }
60
+ } else {
61
+
62
+ $local_timezone='Asia/Kolkata';
63
+ $call_datetime=$call_date.$call_time;
64
+ $convert_datetime = strtotime ( $call_datetime );
65
+ $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
66
+ $ist_date->setTimezone(new DateTimeZone($local_timezone));
67
+
68
+
69
+ $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
70
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
71
+
72
+ }
73
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
75
+ }else{
76
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
77
+ }
78
+ }
79
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
controllers/malware_scanner/scan_malware.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- update_site_option('mo2f_visit_malware',true);
6
-
7
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
- ?>
9
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ update_site_option('mo2f_visit_malware',true);
6
+
7
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
+ ?>
9
+
controllers/pointers.php CHANGED
@@ -1,581 +1,581 @@
1
- <?php
2
-
3
- $pointers = array();
4
- $tab= 'default';
5
- if(array_key_exists('tab',$_GET))
6
- $tab = $_GET['tab'];
7
-
8
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
-
10
- {
11
- $pointers['default-miniorange-2fa-select-authentication'] = array(
12
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
- 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
- 'isdefault' => 'yes',
16
- 'edge' => 'bottom',
17
- 'align' => 'middle',
18
- 'index' => 'default-miniorange-2fa-select-authentication',
19
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
- );
21
- $pointers['default-miniorange-2fa-configure'] = array(
22
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
- 'anchor_id' => '#GoogleAuthenticator_configuration',
25
- 'isdefault' => 'yes',
26
- 'edge' => 'top',
27
- 'align' => 'left',
28
- 'index' => 'default-miniorange-2fa-configure',
29
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
- );
31
-
32
- $pointers['default-miniorange-2fa-choose_app'] = array(
33
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
- 'anchor_id' => '#mo2f_choose_app_tour',
36
- 'isdefault' => 'yes',
37
- 'edge' => 'left',
38
- 'align' => 'left',
39
- 'index' => 'default-miniorange-2fa-choose_app1',
40
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
- );
42
-
43
- $pointers['default-miniorange-2fa-download_app'] = array(
44
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
- 'anchor_id' => '#links_to_apps_tour',
47
- 'isdefault' => 'yes',
48
- 'edge' => 'left',
49
- 'align' => 'left',
50
- 'index' => 'default-miniorange-2fa-download_app1',
51
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
- );
53
-
54
-
55
- $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
- 'anchor_id' => '#displayGAQrCodeTour',
59
- 'isdefault' => 'yes',
60
- 'edge' => 'left',
61
- 'align' => 'left',
62
- 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
- );
65
- $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
- 'anchor_id' => '#mo2f_change_app_name',
69
- 'isdefault' => 'yes',
70
- 'edge' => 'left',
71
- 'align' => 'left',
72
- 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
- );
75
-
76
- $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
- 'anchor_id' => '#mo2f_scanbarcode_a',
80
- 'isdefault' => 'yes',
81
- 'edge' => 'left',
82
- 'align' => 'left',
83
- 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
- );
86
-
87
- $pointers['default-miniorange-2fa-enter-otp'] = array(
88
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
- 'anchor_id' => '#EnterOTPGATour',
91
- 'isdefault' => 'yes',
92
- 'edge' => 'right',
93
- 'align' => 'left',
94
- 'index' => 'default-miniorange-2fa-enter-otp1',
95
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
- );
97
- $pointers['default-miniorange-2fa-save-otp'] = array(
98
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
- 'anchor_id' => '#SaveOTPGATour',
101
- 'isdefault' => 'yes',
102
- 'edge' => 'right',
103
- 'align' => 'left',
104
- 'index' => 'default-miniorange-2fa-save-otp1',
105
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
- );
107
- $pointers['default-miniorange-2fa-test'] = array(
108
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
- 'anchor_id' => '#test',
111
- 'isdefault' => 'yes',
112
- 'edge' => 'right',
113
- 'align' => 'left',
114
- 'index' => 'default-miniorange-2fa-test',
115
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
- );
117
-
118
- $pointers['default-miniorange-2fa-customizations'] = array(
119
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
- 'anchor_id' => '#disable_two_factor_tour',
122
- 'isdefault' => 'yes',
123
- 'edge' => 'top',
124
- 'align' => 'left',
125
- 'index' => 'default-miniorange-2fa-customizations',
126
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
- );
128
- $pointers['default-miniorange-2fa-inline-registration'] = array(
129
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
- 'anchor_id' => '#mo2f_inline_registration_tour',
132
- 'isdefault' => 'yes',
133
- 'edge' => 'top',
134
- 'align' => 'left',
135
- 'index' => 'default-miniorange-2fa-inline-registration',
136
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
- );
138
- $pointers['default-minorange-2fa-integration'] = array(
139
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
- 'anchor_id' => '#custom_form_2fa_div',
142
- 'isdefault' => 'yes',
143
- 'edge' => 'bottom',
144
- 'align' => 'middle',
145
- 'index' => 'default-minorange-2fa-integration',
146
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
- );
148
- $pointers['default-minorange-2fa-premium-features'] = array(
149
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
- 'anchor_id' => '#custom_login_2fa',
152
- 'isdefault' => 'yes',
153
- 'edge' => 'left',
154
- 'align' => 'left',
155
- 'index' => 'default-minorange-2fa-premium-features',
156
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
- );
158
-
159
- $pointers['default-miniorange-2fa-upgrade'] = array(
160
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
- 'anchor_id' => '#mo_2fa_upgrade_tour',
163
- 'isdefault' => 'yes',
164
- 'edge' => 'top',
165
- 'align' => 'left',
166
- 'index' => 'default-miniorange-2fa-upgrade',
167
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
- );
169
- $pointers['default-miniorange-2fa-support_open'] = array(
170
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
- 'anchor_id' => '#mo_wpns_support_layout_tour',
173
- 'isdefault' => 'yes',
174
- 'edge' => 'bottom',
175
- 'align' => 'right',
176
- 'index' => 'default-miniorange-2fa-support_open',
177
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
- );
179
-
180
-
181
- }
182
- if(get_option('mo2f_tour_firewall') == 1 ){
183
- $pointers['default-miniorange-firewall-level'] = array(
184
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
- 'anchor_id' => '#mo_waf_options_tour',
187
- 'isfirewall'=> 'yes',
188
- 'edge' => 'top',
189
- 'align' => 'left',
190
- 'index' => 'default-miniorange-firewall-level',
191
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
- );
193
- $pointers['default-miniorange-firewall-attacks'] = array(
194
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
- 'anchor_id' => '#mo2f_AttackTypes',
197
- 'isfirewall'=> 'yes',
198
- 'edge' => 'bottom',
199
- 'align' => 'left',
200
- 'index' => 'default-miniorange-firewall-attacks',
201
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
- );
203
- $pointers['default-miniorange-firewall-attack-limit'] = array(
204
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
- 'anchor_id' => '#mo2f_waf_block_after',
207
- 'isfirewall'=> 'yes',
208
- 'edge' => 'bottom',
209
- 'align' => 'left',
210
- 'index' => 'default-miniorange-firewall-attack-limit',
211
- 'align' => 'left',
212
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
- );
214
-
215
- $pointers['default-miniorange-firewall-rate-limit'] = array(
216
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
- 'anchor_id' => '#mo2f_ratelimiting',
219
- 'isfirewall'=> 'yes',
220
- 'edge' => 'top',
221
- 'align' => 'left',
222
- 'index' => 'default-miniorange-firewall-rate-limit',
223
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
- );
225
- $pointers['default-miniorange-firewall-check-attacks'] = array(
226
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
- 'anchor_id' => '#mo2f_firewall_attack_dash',
229
- 'isfirewall'=> 'yes',
230
- 'edge' => 'top',
231
- 'align' => 'left',
232
- 'index' => 'default-miniorange-firewall-check-attacks',
233
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
- );
235
- $pointers['default-miniorange-2fa-upgrade'] = array(
236
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
- 'anchor_id' => '#mo_2fa_upgrade_tour',
239
- 'isfirewall' => 'yes',
240
- 'edge' => 'top',
241
- 'align' => 'left',
242
- 'index' => 'default-miniorange-2fa-upgrade',
243
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
- );
245
-
246
- $pointers['default-miniorange-firewall-support'] = array(
247
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
- 'anchor_id' => '#mo_wpns_support_layout_tour',
250
- 'isfirewall' => 'yes',
251
- 'edge' => 'bottom',
252
- 'align' => 'left',
253
- 'index' => 'default-miniorange-firewall-support',
254
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
- );
256
-
257
- }
258
-
259
- if(get_option('mo2f_tour_malware_scan') ==1){
260
- $pointers['default-miniorange-malware-scan-modes'] = array(
261
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
- 'anchor_id' => '#scan_status_table',
264
- 'ismalware' => 'yes',
265
- 'edge' => 'bottom',
266
- 'align' => 'left',
267
- 'index' => 'default-miniorange-malware-scan-modes',
268
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
- );
270
- $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
- 'anchor_id' => '#mo2f_select_scanning_files',
274
- 'ismalware' => 'yes',
275
- 'edge' => 'bottom',
276
- 'align' => 'left',
277
- 'index' => 'default-miniorange-malware-custom-scan-files',
278
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
- );
280
- $pointers['default-miniorange-malware-scan-reports'] = array(
281
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
- 'anchor_id' => '#scan_report_table',
284
- 'ismalware' => 'yes',
285
- 'edge' => 'top',
286
- 'align' => 'left',
287
- 'index' => 'default-miniorange-malware-scan-reports',
288
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
- );
290
-
291
- $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
- 'anchor_id' => '#mo2f_scan_dash',
295
- 'ismalware' => 'yes',
296
- 'edge' => 'top',
297
- 'align' => 'left',
298
- 'index' => 'default-miniorange-malware-scan-dashboard',
299
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
- );
301
- $pointers['default-miniorange-2fa-upgrade'] = array(
302
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
- 'anchor_id' => '#mo_2fa_upgrade_tour',
305
- 'ismalware' => 'yes',
306
- 'edge' => 'top',
307
- 'align' => 'left',
308
- 'index' => 'default-miniorange-2fa-upgrade',
309
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
- );
311
-
312
- $pointers['default-miniorange-malware-support'] = array(
313
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
- 'anchor_id' => '#mo_wpns_support_layout_tour',
316
- 'ismalware' => 'yes',
317
- 'edge' => 'bottom',
318
- 'align' => 'left',
319
- 'index' => 'default-miniorange-malware-support',
320
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
- );
322
-
323
- }
324
-
325
- if(get_option('mo2f_tour_advance_blocking') ==1){
326
- $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
- 'anchor_id' => '#mo2f_manual_ip_blocking',
330
- 'advcblock' => 'yes',
331
- 'edge' => 'top',
332
- 'align' => 'left',
333
- 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
- );
336
- $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
- 'anchor_id' => '#mo2f_ip_whitelisting',
340
- 'advcblock' => 'yes',
341
- 'edge' => 'top',
342
- 'align' => 'left',
343
- 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
- );
346
-
347
- $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
- 'anchor_id' => '#mo2f_ip_lookup',
351
- 'advcblock' => 'yes',
352
- 'edge' => 'bottom',
353
- 'align' => 'left',
354
- 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
- );
357
-
358
-
359
- $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
- 'anchor_id' => '#mo2f_ip_range_blocking',
363
- 'advcblock' => 'yes',
364
- 'edge' => 'top',
365
- 'align' => 'left',
366
- 'index' => 'default-miniorange-advance-blocking-IP-range',
367
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
- );
369
- $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
- 'anchor_id' => '#mo2f_htaccess_blocking',
373
- 'advcblock' => 'yes',
374
- 'edge' => 'top',
375
- 'align' => 'left',
376
- 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
- );
379
- $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
- 'anchor_id' => '#mo2f_browser_blocking',
383
- 'advcblock' => 'yes',
384
- 'edge' => 'top',
385
- 'align' => 'left',
386
- 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
- );
389
- $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
- 'anchor_id' => '#mo2f_country_blocking',
393
- 'advcblock' => 'yes',
394
- 'edge' => 'bottom',
395
- 'align' => 'left',
396
- 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
- );
399
-
400
- $pointers['default-miniorange-2fa-upgrade'] = array(
401
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
- 'anchor_id' => '#mo_2fa_upgrade_tour',
404
- 'advcblock' => 'yes',
405
- 'edge' => 'top',
406
- 'align' => 'left',
407
- 'index' => 'default-miniorange-2fa-upgrade',
408
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
- );
410
- $pointers['default-miniorange-advance-blocking-support'] = array(
411
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
- 'anchor_id' => '#mo_wpns_support_layout_tour',
414
- 'advcblock' => 'yes',
415
- 'edge' => 'bottom',
416
- 'align' => 'left',
417
- 'index' => 'default-miniorange-advance-blocking-support',
418
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
- );
420
-
421
- }
422
-
423
-
424
- if(get_option('mo2f_tour_backup') == 1 ){
425
- $pointers['default-miniorange-backup-manual-db'] = array(
426
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
- 'anchor_id' => '#mo2f_select_files_backup',
429
- 'isBackup'=> 'yes',
430
- 'edge' => 'top',
431
- 'align' => 'left',
432
- 'index' => 'default-miniorange-backup-manual-db',
433
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
- );
435
- $pointers['default-miniorange-backup-auto-db'] = array(
436
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
- 'anchor_id' => '#mo2f_auto_dbbackup',
439
- 'isBackup'=> 'yes',
440
- 'edge' => 'bottom',
441
- 'align' => 'left',
442
- 'index' => 'default-miniorange-backup-auto-db',
443
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
- );
445
- $pointers['default-miniorange-backup-file'] = array(
446
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
- 'anchor_id' => '#mo2f_schedule_backup_status',
449
- 'isBackup'=> 'yes',
450
- 'edge' => 'top',
451
- 'align' => 'left',
452
- 'index' => 'default-miniorange-backup-file',
453
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
- );
455
- $pointers['default-miniorange-backup-report'] = array(
456
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
- 'anchor_id' => '#backup_report_table',
459
- 'isBackup'=> 'yes',
460
- 'edge' => 'bottom',
461
- 'align' => 'left',
462
- 'index' => 'default-miniorange-backup-report',
463
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
- );
465
-
466
- $pointers['default-miniorange-2fa-upgrade'] = array(
467
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
- 'anchor_id' => '#mo_2fa_upgrade_tour',
470
- 'isBackup' => 'yes',
471
- 'edge' => 'top',
472
- 'align' => 'left',
473
- 'index' => 'default-miniorange-2fa-upgrade',
474
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
- );
476
- $pointers['default-miniorange-backup-support'] = array(
477
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
- 'anchor_id' => '#mo_wpns_support_layout_tour',
480
- 'isBackup' => 'yes',
481
- 'edge' => 'bottom',
482
- 'align' => 'left',
483
- 'index' => 'default-miniorange-backup-support',
484
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
- );
486
-
487
- }
488
-
489
- if(get_option('mo2f_tour_loginSpam') == 1){
490
- $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
- 'anchor_id' => '#mo2f_bruteforce',
494
- 'loginSpam' => 'yes',
495
- 'edge' => 'top',
496
- 'align' => 'left',
497
- 'index' => 'default-miniorange-login-spam-bruteforce',
498
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
- );
500
- $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
- 'anchor_id' => '#mo2f_google_recaptcha',
504
- 'loginSpam' => 'yes',
505
- 'edge' => 'top',
506
- 'align' => 'left',
507
- 'index' => 'default-miniorange-login-spam-recaptcha',
508
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
- );
510
- $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
- 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
- 'loginSpam' => 'yes',
515
- 'edge' => 'bottom',
516
- 'align' => 'left',
517
- 'index' => 'default-miniorange-login-spam-strong-pass',
518
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
- );
520
-
521
- $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
- 'anchor_id' => '#mo2f_block_registration',
525
- 'loginSpam' => 'yes',
526
- 'edge' => 'top',
527
- 'align' => 'left',
528
- 'index' => 'default-miniorange-login-spam-fake-registration',
529
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
- );
531
- $pointers['default-miniorange-login-spam-content'] = array(
532
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
- 'anchor_id' => '#mo2f_content_protection',
535
- 'loginSpam' => 'yes',
536
- 'edge' => 'bottom',
537
- 'align' => 'left',
538
- 'index' => 'default-miniorange-login-spam-content',
539
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
- );
541
- $pointers['default-miniorange-login-spam-block-spam'] = array(
542
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
- 'anchor_id' => '#mo2f_comment_protection',
545
- 'loginSpam' => 'yes',
546
- 'edge' => 'bottom',
547
- 'align' => 'left',
548
- 'index' => 'default-miniorange-login-spam-block-spam',
549
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
- );
551
- $pointers['default-miniorange-2fa-upgrade'] = array(
552
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
- 'anchor_id' => '#mo_2fa_upgrade_tour',
555
- 'loginSpam' => 'yes',
556
- 'edge' => 'top',
557
- 'align' => 'left',
558
- 'index' => 'default-miniorange-2fa-upgrade',
559
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
- );
561
-
562
- $pointers['default-miniorange-login-spam-support'] = array(
563
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
- 'anchor_id' => '#mo_wpns_support_layout_tour',
566
- 'loginSpam' => 'yes',
567
- 'edge' => 'bottom',
568
- 'align' => 'left',
569
- 'index' => 'default-miniorange-login-spam-support',
570
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
- );
572
-
573
-
574
- }
575
-
576
-
577
-
578
-
579
-
580
-
581
- return $pointers;
1
+ <?php
2
+
3
+ $pointers = array();
4
+ $tab= 'default';
5
+ if(array_key_exists('tab',$_GET))
6
+ $tab = $_GET['tab'];
7
+
8
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
+
10
+ {
11
+ $pointers['default-miniorange-2fa-select-authentication'] = array(
12
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
+ 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
+ 'isdefault' => 'yes',
16
+ 'edge' => 'bottom',
17
+ 'align' => 'middle',
18
+ 'index' => 'default-miniorange-2fa-select-authentication',
19
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
+ );
21
+ $pointers['default-miniorange-2fa-configure'] = array(
22
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
+ 'anchor_id' => '#GoogleAuthenticator_configuration',
25
+ 'isdefault' => 'yes',
26
+ 'edge' => 'top',
27
+ 'align' => 'left',
28
+ 'index' => 'default-miniorange-2fa-configure',
29
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
+ );
31
+
32
+ $pointers['default-miniorange-2fa-choose_app'] = array(
33
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
+ 'anchor_id' => '#mo2f_choose_app_tour',
36
+ 'isdefault' => 'yes',
37
+ 'edge' => 'left',
38
+ 'align' => 'left',
39
+ 'index' => 'default-miniorange-2fa-choose_app1',
40
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
+ );
42
+
43
+ $pointers['default-miniorange-2fa-download_app'] = array(
44
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
+ 'anchor_id' => '#links_to_apps_tour',
47
+ 'isdefault' => 'yes',
48
+ 'edge' => 'left',
49
+ 'align' => 'left',
50
+ 'index' => 'default-miniorange-2fa-download_app1',
51
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
+ );
53
+
54
+
55
+ $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
+ 'anchor_id' => '#displayGAQrCodeTour',
59
+ 'isdefault' => 'yes',
60
+ 'edge' => 'left',
61
+ 'align' => 'left',
62
+ 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
+ );
65
+ $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
+ 'anchor_id' => '#mo2f_change_app_name',
69
+ 'isdefault' => 'yes',
70
+ 'edge' => 'left',
71
+ 'align' => 'left',
72
+ 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
+ );
75
+
76
+ $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
+ 'anchor_id' => '#mo2f_scanbarcode_a',
80
+ 'isdefault' => 'yes',
81
+ 'edge' => 'left',
82
+ 'align' => 'left',
83
+ 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
+ );
86
+
87
+ $pointers['default-miniorange-2fa-enter-otp'] = array(
88
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
+ 'anchor_id' => '#EnterOTPGATour',
91
+ 'isdefault' => 'yes',
92
+ 'edge' => 'right',
93
+ 'align' => 'left',
94
+ 'index' => 'default-miniorange-2fa-enter-otp1',
95
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
+ );
97
+ $pointers['default-miniorange-2fa-save-otp'] = array(
98
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
+ 'anchor_id' => '#SaveOTPGATour',
101
+ 'isdefault' => 'yes',
102
+ 'edge' => 'right',
103
+ 'align' => 'left',
104
+ 'index' => 'default-miniorange-2fa-save-otp1',
105
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
+ );
107
+ $pointers['default-miniorange-2fa-test'] = array(
108
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
+ 'anchor_id' => '#test',
111
+ 'isdefault' => 'yes',
112
+ 'edge' => 'right',
113
+ 'align' => 'left',
114
+ 'index' => 'default-miniorange-2fa-test',
115
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
+ );
117
+
118
+ $pointers['default-miniorange-2fa-customizations'] = array(
119
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
+ 'anchor_id' => '#disable_two_factor_tour',
122
+ 'isdefault' => 'yes',
123
+ 'edge' => 'top',
124
+ 'align' => 'left',
125
+ 'index' => 'default-miniorange-2fa-customizations',
126
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
+ );
128
+ $pointers['default-miniorange-2fa-inline-registration'] = array(
129
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
+ 'anchor_id' => '#mo2f_inline_registration_tour',
132
+ 'isdefault' => 'yes',
133
+ 'edge' => 'top',
134
+ 'align' => 'left',
135
+ 'index' => 'default-miniorange-2fa-inline-registration',
136
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
+ );
138
+ $pointers['default-minorange-2fa-integration'] = array(
139
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
+ 'anchor_id' => '#custom_form_2fa_div',
142
+ 'isdefault' => 'yes',
143
+ 'edge' => 'bottom',
144
+ 'align' => 'middle',
145
+ 'index' => 'default-minorange-2fa-integration',
146
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
+ );
148
+ $pointers['default-minorange-2fa-premium-features'] = array(
149
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
+ 'anchor_id' => '#custom_login_2fa',
152
+ 'isdefault' => 'yes',
153
+ 'edge' => 'left',
154
+ 'align' => 'left',
155
+ 'index' => 'default-minorange-2fa-premium-features',
156
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
+ );
158
+
159
+ $pointers['default-miniorange-2fa-upgrade'] = array(
160
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
163
+ 'isdefault' => 'yes',
164
+ 'edge' => 'top',
165
+ 'align' => 'left',
166
+ 'index' => 'default-miniorange-2fa-upgrade',
167
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
+ );
169
+ $pointers['default-miniorange-2fa-support_open'] = array(
170
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
173
+ 'isdefault' => 'yes',
174
+ 'edge' => 'bottom',
175
+ 'align' => 'right',
176
+ 'index' => 'default-miniorange-2fa-support_open',
177
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
+ );
179
+
180
+
181
+ }
182
+ if(get_option('mo2f_tour_firewall') == 1 ){
183
+ $pointers['default-miniorange-firewall-level'] = array(
184
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
+ 'anchor_id' => '#mo_waf_options_tour',
187
+ 'isfirewall'=> 'yes',
188
+ 'edge' => 'top',
189
+ 'align' => 'left',
190
+ 'index' => 'default-miniorange-firewall-level',
191
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
+ );
193
+ $pointers['default-miniorange-firewall-attacks'] = array(
194
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
+ 'anchor_id' => '#mo2f_AttackTypes',
197
+ 'isfirewall'=> 'yes',
198
+ 'edge' => 'bottom',
199
+ 'align' => 'left',
200
+ 'index' => 'default-miniorange-firewall-attacks',
201
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
+ );
203
+ $pointers['default-miniorange-firewall-attack-limit'] = array(
204
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
+ 'anchor_id' => '#mo2f_waf_block_after',
207
+ 'isfirewall'=> 'yes',
208
+ 'edge' => 'bottom',
209
+ 'align' => 'left',
210
+ 'index' => 'default-miniorange-firewall-attack-limit',
211
+ 'align' => 'left',
212
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
+ );
214
+
215
+ $pointers['default-miniorange-firewall-rate-limit'] = array(
216
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
+ 'anchor_id' => '#mo2f_ratelimiting',
219
+ 'isfirewall'=> 'yes',
220
+ 'edge' => 'top',
221
+ 'align' => 'left',
222
+ 'index' => 'default-miniorange-firewall-rate-limit',
223
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
+ );
225
+ $pointers['default-miniorange-firewall-check-attacks'] = array(
226
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
+ 'anchor_id' => '#mo2f_firewall_attack_dash',
229
+ 'isfirewall'=> 'yes',
230
+ 'edge' => 'top',
231
+ 'align' => 'left',
232
+ 'index' => 'default-miniorange-firewall-check-attacks',
233
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
+ );
235
+ $pointers['default-miniorange-2fa-upgrade'] = array(
236
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
239
+ 'isfirewall' => 'yes',
240
+ 'edge' => 'top',
241
+ 'align' => 'left',
242
+ 'index' => 'default-miniorange-2fa-upgrade',
243
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
+ );
245
+
246
+ $pointers['default-miniorange-firewall-support'] = array(
247
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
250
+ 'isfirewall' => 'yes',
251
+ 'edge' => 'bottom',
252
+ 'align' => 'left',
253
+ 'index' => 'default-miniorange-firewall-support',
254
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
+ );
256
+
257
+ }
258
+
259
+ if(get_option('mo2f_tour_malware_scan') ==1){
260
+ $pointers['default-miniorange-malware-scan-modes'] = array(
261
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
+ 'anchor_id' => '#scan_status_table',
264
+ 'ismalware' => 'yes',
265
+ 'edge' => 'bottom',
266
+ 'align' => 'left',
267
+ 'index' => 'default-miniorange-malware-scan-modes',
268
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
+ );
270
+ $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
+ 'anchor_id' => '#mo2f_select_scanning_files',
274
+ 'ismalware' => 'yes',
275
+ 'edge' => 'bottom',
276
+ 'align' => 'left',
277
+ 'index' => 'default-miniorange-malware-custom-scan-files',
278
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
+ );
280
+ $pointers['default-miniorange-malware-scan-reports'] = array(
281
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
+ 'anchor_id' => '#scan_report_table',
284
+ 'ismalware' => 'yes',
285
+ 'edge' => 'top',
286
+ 'align' => 'left',
287
+ 'index' => 'default-miniorange-malware-scan-reports',
288
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
+ );
290
+
291
+ $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
+ 'anchor_id' => '#mo2f_scan_dash',
295
+ 'ismalware' => 'yes',
296
+ 'edge' => 'top',
297
+ 'align' => 'left',
298
+ 'index' => 'default-miniorange-malware-scan-dashboard',
299
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
+ );
301
+ $pointers['default-miniorange-2fa-upgrade'] = array(
302
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
305
+ 'ismalware' => 'yes',
306
+ 'edge' => 'top',
307
+ 'align' => 'left',
308
+ 'index' => 'default-miniorange-2fa-upgrade',
309
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
+ );
311
+
312
+ $pointers['default-miniorange-malware-support'] = array(
313
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
316
+ 'ismalware' => 'yes',
317
+ 'edge' => 'bottom',
318
+ 'align' => 'left',
319
+ 'index' => 'default-miniorange-malware-support',
320
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
+ );
322
+
323
+ }
324
+
325
+ if(get_option('mo2f_tour_advance_blocking') ==1){
326
+ $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
+ 'anchor_id' => '#mo2f_manual_ip_blocking',
330
+ 'advcblock' => 'yes',
331
+ 'edge' => 'top',
332
+ 'align' => 'left',
333
+ 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
+ );
336
+ $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
+ 'anchor_id' => '#mo2f_ip_whitelisting',
340
+ 'advcblock' => 'yes',
341
+ 'edge' => 'top',
342
+ 'align' => 'left',
343
+ 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
+ );
346
+
347
+ $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
+ 'anchor_id' => '#mo2f_ip_lookup',
351
+ 'advcblock' => 'yes',
352
+ 'edge' => 'bottom',
353
+ 'align' => 'left',
354
+ 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
+ );
357
+
358
+
359
+ $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
+ 'anchor_id' => '#mo2f_ip_range_blocking',
363
+ 'advcblock' => 'yes',
364
+ 'edge' => 'top',
365
+ 'align' => 'left',
366
+ 'index' => 'default-miniorange-advance-blocking-IP-range',
367
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
+ );
369
+ $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
+ 'anchor_id' => '#mo2f_htaccess_blocking',
373
+ 'advcblock' => 'yes',
374
+ 'edge' => 'top',
375
+ 'align' => 'left',
376
+ 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
+ );
379
+ $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
+ 'anchor_id' => '#mo2f_browser_blocking',
383
+ 'advcblock' => 'yes',
384
+ 'edge' => 'top',
385
+ 'align' => 'left',
386
+ 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
+ );
389
+ $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
+ 'anchor_id' => '#mo2f_country_blocking',
393
+ 'advcblock' => 'yes',
394
+ 'edge' => 'bottom',
395
+ 'align' => 'left',
396
+ 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
+ );
399
+
400
+ $pointers['default-miniorange-2fa-upgrade'] = array(
401
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
404
+ 'advcblock' => 'yes',
405
+ 'edge' => 'top',
406
+ 'align' => 'left',
407
+ 'index' => 'default-miniorange-2fa-upgrade',
408
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
+ );
410
+ $pointers['default-miniorange-advance-blocking-support'] = array(
411
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
414
+ 'advcblock' => 'yes',
415
+ 'edge' => 'bottom',
416
+ 'align' => 'left',
417
+ 'index' => 'default-miniorange-advance-blocking-support',
418
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
+ );
420
+
421
+ }
422
+
423
+
424
+ if(get_option('mo2f_tour_backup') == 1 ){
425
+ $pointers['default-miniorange-backup-manual-db'] = array(
426
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
+ 'anchor_id' => '#mo2f_select_files_backup',
429
+ 'isBackup'=> 'yes',
430
+ 'edge' => 'top',
431
+ 'align' => 'left',
432
+ 'index' => 'default-miniorange-backup-manual-db',
433
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
+ );
435
+ $pointers['default-miniorange-backup-auto-db'] = array(
436
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
+ 'anchor_id' => '#mo2f_auto_dbbackup',
439
+ 'isBackup'=> 'yes',
440
+ 'edge' => 'bottom',
441
+ 'align' => 'left',
442
+ 'index' => 'default-miniorange-backup-auto-db',
443
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
+ );
445
+ $pointers['default-miniorange-backup-file'] = array(
446
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
+ 'anchor_id' => '#mo2f_schedule_backup_status',
449
+ 'isBackup'=> 'yes',
450
+ 'edge' => 'top',
451
+ 'align' => 'left',
452
+ 'index' => 'default-miniorange-backup-file',
453
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
+ );
455
+ $pointers['default-miniorange-backup-report'] = array(
456
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
+ 'anchor_id' => '#backup_report_table',
459
+ 'isBackup'=> 'yes',
460
+ 'edge' => 'bottom',
461
+ 'align' => 'left',
462
+ 'index' => 'default-miniorange-backup-report',
463
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
+ );
465
+
466
+ $pointers['default-miniorange-2fa-upgrade'] = array(
467
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
470
+ 'isBackup' => 'yes',
471
+ 'edge' => 'top',
472
+ 'align' => 'left',
473
+ 'index' => 'default-miniorange-2fa-upgrade',
474
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
+ );
476
+ $pointers['default-miniorange-backup-support'] = array(
477
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
480
+ 'isBackup' => 'yes',
481
+ 'edge' => 'bottom',
482
+ 'align' => 'left',
483
+ 'index' => 'default-miniorange-backup-support',
484
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
+ );
486
+
487
+ }
488
+
489
+ if(get_option('mo2f_tour_loginSpam') == 1){
490
+ $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
+ 'anchor_id' => '#mo2f_bruteforce',
494
+ 'loginSpam' => 'yes',
495
+ 'edge' => 'top',
496
+ 'align' => 'left',
497
+ 'index' => 'default-miniorange-login-spam-bruteforce',
498
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
+ );
500
+ $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
+ 'anchor_id' => '#mo2f_google_recaptcha',
504
+ 'loginSpam' => 'yes',
505
+ 'edge' => 'top',
506
+ 'align' => 'left',
507
+ 'index' => 'default-miniorange-login-spam-recaptcha',
508
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
+ );
510
+ $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
+ 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
+ 'loginSpam' => 'yes',
515
+ 'edge' => 'bottom',
516
+ 'align' => 'left',
517
+ 'index' => 'default-miniorange-login-spam-strong-pass',
518
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
+ );
520
+
521
+ $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
+ 'anchor_id' => '#mo2f_block_registration',
525
+ 'loginSpam' => 'yes',
526
+ 'edge' => 'top',
527
+ 'align' => 'left',
528
+ 'index' => 'default-miniorange-login-spam-fake-registration',
529
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
+ );
531
+ $pointers['default-miniorange-login-spam-content'] = array(
532
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
+ 'anchor_id' => '#mo2f_content_protection',
535
+ 'loginSpam' => 'yes',
536
+ 'edge' => 'bottom',
537
+ 'align' => 'left',
538
+ 'index' => 'default-miniorange-login-spam-content',
539
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
+ );
541
+ $pointers['default-miniorange-login-spam-block-spam'] = array(
542
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
+ 'anchor_id' => '#mo2f_comment_protection',
545
+ 'loginSpam' => 'yes',
546
+ 'edge' => 'bottom',
547
+ 'align' => 'left',
548
+ 'index' => 'default-miniorange-login-spam-block-spam',
549
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
+ );
551
+ $pointers['default-miniorange-2fa-upgrade'] = array(
552
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
555
+ 'loginSpam' => 'yes',
556
+ 'edge' => 'top',
557
+ 'align' => 'left',
558
+ 'index' => 'default-miniorange-2fa-upgrade',
559
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
+ );
561
+
562
+ $pointers['default-miniorange-login-spam-support'] = array(
563
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
566
+ 'loginSpam' => 'yes',
567
+ 'edge' => 'bottom',
568
+ 'align' => 'left',
569
+ 'index' => 'default-miniorange-login-spam-support',
570
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
+ );
572
+
573
+
574
+ }
575
+
576
+
577
+
578
+
579
+
580
+
581
+ return $pointers;
controllers/reports.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
- global $wpdb;
7
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
-
9
- }
10
-
11
-
12
-
13
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
- global $wpdb;
15
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
-
17
- }
18
-
19
- $mo_wpns_handler = new MoWpnsHandler();
20
- $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
- $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
-
23
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
-
25
  ?>
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
+ global $wpdb;
7
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
+
9
+ }
10
+
11
+
12
+
13
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
+ global $wpdb;
15
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
+
17
+ }
18
+
19
+ $mo_wpns_handler = new MoWpnsHandler();
20
+ $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
+ $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
+
23
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
+
25
  ?>
controllers/request_christmas_offer.php CHANGED
@@ -1,48 +1,48 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_christmas_request_form":
9
- wpns_handle_christmas_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
-
15
- function wpns_handle_christmas_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
- $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $usecase = sanitize_text_field( $usecase );
30
- $email = sanitize_text_field( $email );
31
- $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
- $query .= ' =>';
33
- $query .= ' : ';
34
- $query .= $usecase;
35
- $contact_us = new MocURL();
36
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
-
38
- if(json_last_error() == JSON_ERROR_NONE && $submited)
39
- {
40
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
- return;
42
- }
43
- else{
44
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
- }
46
- }
47
- }
48
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_christmas_request_form":
9
+ wpns_handle_christmas_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
+
15
+ function wpns_handle_christmas_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $usecase = sanitize_text_field( $usecase );
30
+ $email = sanitize_text_field( $email );
31
+ $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
+ $query .= ' =>';
33
+ $query .= ' : ';
34
+ $query .= $usecase;
35
+ $contact_us = new MocURL();
36
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
+
38
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
39
+ {
40
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
+ return;
42
+ }
43
+ else{
44
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
+ }
46
+ }
47
+ }
48
  ?>
controllers/request_demo.php CHANGED
@@ -1,51 +1,51 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_demo_request_form":
9
- wpns_handle_demo_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
-
15
- function wpns_handle_demo_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
- $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
- $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
- return;
22
- }
23
- if(empty($usecase) || empty($email) || empty($demo_plan) )
24
- {
25
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
- return;
27
- }
28
- else{
29
-
30
- $usecase = sanitize_text_field( $usecase );
31
- $email = sanitize_text_field( $email );
32
- $demo_plan = sanitize_text_field($demo_plan);
33
- $query = 'REQUEST FOR DEMO';
34
- $query .= ' =>';
35
- $query .= $demo_plan;
36
- $query .= ' : ';
37
- $query .= $usecase;
38
- $contact_us = new MocURL();
39
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
-
41
- if(json_last_error() == JSON_ERROR_NONE && $submited)
42
- {
43
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
- return;
45
- }
46
- else{
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
- }
49
- }
50
- }
51
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_demo_request_form":
9
+ wpns_handle_demo_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
+
15
+ function wpns_handle_demo_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
+ $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
+ return;
22
+ }
23
+ if(empty($usecase) || empty($email) || empty($demo_plan) )
24
+ {
25
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
+ return;
27
+ }
28
+ else{
29
+
30
+ $usecase = sanitize_text_field( $usecase );
31
+ $email = sanitize_text_field( $email );
32
+ $demo_plan = sanitize_text_field($demo_plan);
33
+ $query = 'REQUEST FOR DEMO';
34
+ $query .= ' =>';
35
+ $query .= $demo_plan;
36
+ $query .= ' : ';
37
+ $query .= $usecase;
38
+ $contact_us = new MocURL();
39
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
+
41
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
42
+ {
43
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
+ return;
45
+ }
46
+ else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ }
49
+ }
50
+ }
51
  ?>
controllers/tour/tour_ajax.php CHANGED
@@ -1,146 +1,146 @@
1
- <?php
2
- class Mo_wpns_Tour
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
-
7
- }
8
-
9
- public function mo_wpns_save_tour_details(){
10
- if(isset($_REQUEST['page']))
11
- {
12
- switch ($_REQUEST['page']) {
13
- case 'mo_2fa_two_fa':
14
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
- update_option('mo2f_two_factor_tour',1);
16
-
17
- break;
18
- case 'mo_2fa_waf':
19
- if(!get_option('mo2f_tour_firewall'))
20
- update_option('mo2f_tour_firewall',1);
21
- break;
22
- case 'mo_2fa_login_and_spam':
23
- if(!get_option('mo2f_tour_loginSpam'))
24
- update_option('mo2f_tour_loginSpam',1);
25
- break;
26
-
27
- case 'mo_2fa_backup':
28
- if(!get_option('mo2f_tour_backup'))
29
- update_option('mo2f_tour_backup',1);
30
-
31
- break;
32
- case 'mo_2fa_malwarescan':
33
- if(!get_option('mo2f_tour_malware_scan'))
34
- update_option('mo2f_tour_malware_scan',1);
35
-
36
- break;
37
- case 'mo_2fa_advancedblocking':
38
- if(!get_option('mo2f_tour_advance_blocking'))
39
- update_option('mo2f_tour_advance_blocking',1);
40
- break;
41
-
42
- default:
43
- break;
44
- }
45
- }
46
- add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
-
48
- }
49
-
50
- public function mo_wpns_tour(){
51
- switch($_POST['call_type'])
52
- {
53
- case "wpns_enable_tour":
54
- update_option('skip_tour', 0);
55
- break;
56
- case "skip_entire_plugin_tour":
57
- $this->handle_skip_entire_plugin();
58
- break;
59
- case 'entire_plugin_tour_started':
60
- $this->entire_plugin_tour_started();
61
- break;
62
- case "mo2f_close_tour_details":
63
- $this->mo2f_close_tour_details();
64
- break;
65
- case "mo2f_visit_page_tour_details":
66
- $this->mo2f_visit_page_tour_details();
67
- break;
68
- case "mo2f_last_visit_tab":
69
- $this->mo2f_last_visit_tab();
70
- break;
71
- }
72
- }
73
-
74
-
75
- function mo2f_last_visit_tab()
76
- {
77
- $lasttab = sanitize_text_field($_POST['tab']);
78
- update_option('mo2f_tour_tab',$lasttab);
79
- }
80
- function mo2f_visit_page_tour_details()
81
- {
82
- $currentPointer = '';
83
- if(isset($_POST['index']))
84
- $currentPointer = sanitize_text_field($_POST['index']);
85
-
86
- if(strpos($currentPointer, 'support') != false)
87
- {
88
- exit;
89
- }
90
- $uid = get_current_user_id();
91
- $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
- $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
- update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
- }
95
- function entire_plugin_tour_started()
96
- {
97
- update_option('mo2f_tour_started',3);
98
- exit;
99
- }
100
-
101
- function handle_skip_entire_plugin(){
102
- update_option('mo2f_two_factor_tour',-1);
103
- update_option('mo2f_tour_firewall',-1);
104
- update_option('mo2f_tour_malware_scan',-1);
105
- update_option('mo2f_tour_advance_blocking',-1);
106
- update_option('mo2f_tour_backup',-1);
107
- update_option('mo2f_tour_loginSpam',-1);
108
- update_option('mo2f_tour_started',3);
109
- exit;
110
- }
111
-
112
-
113
- function mo2f_close_tour_details()
114
- {
115
- $uid = get_current_user_id();
116
- delete_user_meta($uid,'mo2f_visited_pointers');
117
- $page = $_POST['page'];
118
- $page = sanitize_text_field($page[0]);
119
- update_option('mo2f_tour_tab','');
120
- update_option("yeah",1);
121
- switch ($page) {
122
- case 'toplevel_page_mo_2fa_two_fa':
123
- update_option('mo2f_two_factor_tour',-1);
124
- break;
125
- case 'miniorange-2-factor_page_mo_2fa_waf':
126
- update_option('mo2f_tour_firewall',-1);
127
- break;
128
- case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
- update_option('mo2f_tour_malware_scan',-1);
130
- break;
131
- case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
- update_option('mo2f_tour_advance_blocking',-1);
133
- break;
134
- case 'miniorange-2-factor_page_mo_2fa_backup':
135
- update_option('mo2f_tour_backup',-1);
136
- break;
137
- case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
- update_option('mo2f_tour_loginSpam',-1);
139
- break;
140
- }
141
-
142
- }
143
-
144
- }
145
- new Mo_wpns_Tour();
146
  ?>
1
+ <?php
2
+ class Mo_wpns_Tour
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
+
7
+ }
8
+
9
+ public function mo_wpns_save_tour_details(){
10
+ if(isset($_REQUEST['page']))
11
+ {
12
+ switch ($_REQUEST['page']) {
13
+ case 'mo_2fa_two_fa':
14
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
+ update_option('mo2f_two_factor_tour',1);
16
+
17
+ break;
18
+ case 'mo_2fa_waf':
19
+ if(!get_option('mo2f_tour_firewall'))
20
+ update_option('mo2f_tour_firewall',1);
21
+ break;
22
+ case 'mo_2fa_login_and_spam':
23
+ if(!get_option('mo2f_tour_loginSpam'))
24
+ update_option('mo2f_tour_loginSpam',1);
25
+ break;
26
+
27
+ case 'mo_2fa_backup':
28
+ if(!get_option('mo2f_tour_backup'))
29
+ update_option('mo2f_tour_backup',1);
30
+
31
+ break;
32
+ case 'mo_2fa_malwarescan':
33
+ if(!get_option('mo2f_tour_malware_scan'))
34
+ update_option('mo2f_tour_malware_scan',1);
35
+
36
+ break;
37
+ case 'mo_2fa_advancedblocking':
38
+ if(!get_option('mo2f_tour_advance_blocking'))
39
+ update_option('mo2f_tour_advance_blocking',1);
40
+ break;
41
+
42
+ default:
43
+ break;
44
+ }
45
+ }
46
+ add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
+
48
+ }
49
+
50
+ public function mo_wpns_tour(){
51
+ switch($_POST['call_type'])
52
+ {
53
+ case "wpns_enable_tour":
54
+ update_option('skip_tour', 0);
55
+ break;
56
+ case "skip_entire_plugin_tour":
57
+ $this->handle_skip_entire_plugin();
58
+ break;
59
+ case 'entire_plugin_tour_started':
60
+ $this->entire_plugin_tour_started();
61
+ break;
62
+ case "mo2f_close_tour_details":
63
+ $this->mo2f_close_tour_details();
64
+ break;
65
+ case "mo2f_visit_page_tour_details":
66
+ $this->mo2f_visit_page_tour_details();
67
+ break;
68
+ case "mo2f_last_visit_tab":
69
+ $this->mo2f_last_visit_tab();
70
+ break;
71
+ }
72
+ }
73
+
74
+
75
+ function mo2f_last_visit_tab()
76
+ {
77
+ $lasttab = sanitize_text_field($_POST['tab']);
78
+ update_option('mo2f_tour_tab',$lasttab);
79
+ }
80
+ function mo2f_visit_page_tour_details()
81
+ {
82
+ $currentPointer = '';
83
+ if(isset($_POST['index']))
84
+ $currentPointer = sanitize_text_field($_POST['index']);
85
+
86
+ if(strpos($currentPointer, 'support') != false)
87
+ {
88
+ exit;
89
+ }
90
+ $uid = get_current_user_id();
91
+ $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
+ $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
+ update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
+ }
95
+ function entire_plugin_tour_started()
96
+ {
97
+ update_option('mo2f_tour_started',3);
98
+ exit;
99
+ }
100
+
101
+ function handle_skip_entire_plugin(){
102
+ update_option('mo2f_two_factor_tour',-1);
103
+ update_option('mo2f_tour_firewall',-1);
104
+ update_option('mo2f_tour_malware_scan',-1);
105
+ update_option('mo2f_tour_advance_blocking',-1);
106
+ update_option('mo2f_tour_backup',-1);
107
+ update_option('mo2f_tour_loginSpam',-1);
108
+ update_option('mo2f_tour_started',3);
109
+ exit;
110
+ }
111
+
112
+
113
+ function mo2f_close_tour_details()
114
+ {
115
+ $uid = get_current_user_id();
116
+ delete_user_meta($uid,'mo2f_visited_pointers');
117
+ $page = $_POST['page'];
118
+ $page = sanitize_text_field($page[0]);
119
+ update_option('mo2f_tour_tab','');
120
+ update_option("yeah",1);
121
+ switch ($page) {
122
+ case 'toplevel_page_mo_2fa_two_fa':
123
+ update_option('mo2f_two_factor_tour',-1);
124
+ break;
125
+ case 'miniorange-2-factor_page_mo_2fa_waf':
126
+ update_option('mo2f_tour_firewall',-1);
127
+ break;
128
+ case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
+ update_option('mo2f_tour_malware_scan',-1);
130
+ break;
131
+ case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
+ update_option('mo2f_tour_advance_blocking',-1);
133
+ break;
134
+ case 'miniorange-2-factor_page_mo_2fa_backup':
135
+ update_option('mo2f_tour_backup',-1);
136
+ break;
137
+ case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
+ update_option('mo2f_tour_loginSpam',-1);
139
+ break;
140
+ }
141
+
142
+ }
143
+
144
+ }
145
+ new Mo_wpns_Tour();
146
  ?>
controllers/troubleshooting.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
controllers/twofa/two_fa_addon.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
- global $Mo2fdbQueries;
3
- $current_user = wp_get_current_user();
4
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
1
+ <?php
2
+ global $Mo2fdbQueries;
3
+ $current_user = wp_get_current_user();
4
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
controllers/twofa/two_fa_custom_form.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
- $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
- $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
- $is_custom = get_site_option('mo2f_custom_reg_custom');
7
- $is_registered = get_site_option('mo2f_customerkey');
8
-
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
1
+ <?php
2
+
3
+ $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
+ $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
+ $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
+ $is_custom = get_site_option('mo2f_custom_reg_custom');
7
+ $is_registered = get_site_option('mo2f_customerkey');
8
+
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
controllers/twofa/two_fa_login_option.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
controllers/twofa/two_fa_video_guide.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
-
4
 
1
+ <?php
2
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
+
4
 
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -1,1398 +1,1398 @@
1
- <?php
2
- class wpns_ajax
3
- {
4
- function __construct(){
5
- //add comment here
6
- add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
- add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
- }
9
-
10
- function mo_login_security_ajax(){
11
-
12
- add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
- add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
- add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
- }
16
-
17
- function mo2f_ajax(){
18
- $GLOBALS['mo2f_is_ajax_request'] = true;
19
- switch ($_POST['mo2f_ajax_option']) {
20
- case "mo2f_ajax_kba":
21
- $this->mo2f_ajax_kba();break;
22
- case "mo2f_ajax_login":
23
- $this->mo2f_ajax_login(); break;
24
- case "mo2f_ajax_otp":
25
- $this->mo2f_ajax_otp(); break;
26
- }
27
- }
28
- function mo2fa_elementor_ajax_fun()
29
- {
30
-
31
- if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
- $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
- wp_send_json('ERROR');
35
- }
36
- if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
- {
38
- $info = array();
39
- $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
- $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
- $info['remember'] = false;
42
- $user_signon = wp_signon($info, false);
43
- if (is_wp_error($user_signon)) {
44
- wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
- }
46
- }
47
- }
48
- }
49
- function wpns_login_security(){
50
- switch($_POST['wpns_loginsecurity_ajax'])
51
- {
52
- case "wpns_bruteforce_form":
53
- $this->wpns_handle_bf_configuration_form(); break;
54
- case "wpns_save_captcha":
55
- $this->wpns_captcha_settings();break;
56
- case "save_strong_password":
57
- $this->wpns_strong_password_settings();break;
58
- case 'wpns_ManualIPBlock_form':
59
- $this->wpns_handle_IP_blocking();break;
60
- case 'wpns_WhitelistIP_form':
61
- $this->wpns_whitelist_ip(); break;
62
- case 'wpns_waf_settings_form':
63
- $this->wpns_waf_settings_form(); break;
64
- case 'wpns_waf_rate_limiting_form':
65
- $this->wpns_waf_rate_limiting_form(); break;
66
- case 'wpns_waf_realtime_ip_block_free':
67
- $this->wpns_waf_realtime_ip_block_free();break;
68
- case 'wpns_ip_lookup':
69
- $this->wpns_ip_lookup(); break;
70
- case 'wpns_all_plans':
71
- $this->wpns_all_plans(); break;
72
- case 'wpns_logout_form':
73
- $this->wpns_logout_form(); break;
74
- case 'wpns_check_transaction':
75
- $this->wpns_check_transaction(); break;
76
- case 'waf_settings_mail_form_notify':
77
- $this->waf_settings_mail_form_notify(); break;
78
- case 'waf_settings_IP_mail_form':
79
- $this->waf_settings_IP_mail_form();break;
80
- case 'update_plan':
81
- $this->update_plan(); break;
82
- }
83
- }
84
-
85
- function update_plan(){
86
- $mo2f_all_plannames = $_POST['planname'];
87
- $mo_2fa_plan_type = $_POST['planType'];
88
- update_option('mo2f_planname', $mo2f_all_plannames);
89
- if ($mo2f_all_plannames == 'addon_plan')
90
- {
91
- update_option('mo2f_planname', 'addon_plan');
92
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
- }
94
- elseif ($mo2f_all_plannames == '2fa_plan')
95
- {
96
- update_option('mo2f_planname', '2fa_plan');
97
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
- }
99
- }
100
-
101
-
102
- function mo2f_ajax_otp(){
103
- $obj = new Miniorange_Password_2Factor_Login();
104
- $obj->check_miniorange_soft_token($_POST);
105
- }
106
- function mo2f_ajax_kba(){
107
- $obj = new Miniorange_Password_2Factor_Login();
108
- $obj->check_kba_validation($_POST);
109
- }
110
-
111
- function wpns_check_transaction()
112
- {
113
- $customerT = new Customer_Cloud_Setup();
114
-
115
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
116
- if($content['status'] == 'SUCCESS')
117
- {
118
- update_site_option('mo2f_license_type','PREMIUM');
119
- }
120
- else
121
- {
122
- update_site_option('mo2f_license_type','DEMO');
123
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
- }
125
- if(isset($content['smsRemaining']))
126
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
- else if($content['status'] =='SUCCESS')
128
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
-
130
-
131
- if(isset($content['emailRemaining']))
132
- {
133
- $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
- if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
- {
136
- $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
- if($available_transaction>30)
138
- $currentTransaction = $currentTransaction-$available_transaction;
139
-
140
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
- }
143
-
144
- }
145
-
146
- }
147
-
148
- function mo2f_ajax_login()
149
- {
150
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
- {
152
- wp_send_json("ERROR");
153
- exit;
154
- }
155
- else
156
- {
157
- $username = sanitize_text_field($_POST['username']);
158
- $password = sanitize_text_field($_POST['password'] );
159
- apply_filters( 'authenticate', null, $username, $password );
160
- }
161
- }
162
- function wpns_logout_form()
163
- {
164
- global $moWpnsUtility;
165
- if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
- delete_option('mo2f_email');
167
- }
168
- delete_option('mo2f_customerKey');
169
- delete_option('mo2f_api_key');
170
- delete_option('mo2f_customer_token');
171
- delete_option('mo_wpns_transactionId');
172
- delete_site_option('EmailTransactionCurrent');
173
- delete_option('mo_wpns_registration_status');
174
- delete_option( 'mo_2factor_admin_registration_status' );
175
-
176
- $two_fa_settings = new Miniorange_Authentication();
177
- $two_fa_settings->mo_auth_deactivate();
178
-
179
- }
180
- // It is the new line added for the database updation
181
- function waf_settings_mail_form_notify()
182
- {
183
- $nonce = sanitize_text_field($_POST['nonce']);
184
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
- wp_send_json('ERROR');
186
- return;
187
- }
188
- if(isset($_POST['S_mail']))
189
- {
190
- $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
- update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
- wp_send_json('true');
193
- }
194
- else{
195
- wp_send_json('false');
196
-
197
- }
198
- }
199
- function waf_settings_IP_mail_form()
200
- {
201
- $nonce = sanitize_text_field($_POST['nonce']);
202
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
- wp_send_json('ERROR');
204
- return;
205
- }
206
- $mo2f_mail_noyifying_IP = sanitize_text_field($_POST['Smail']);
207
- update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
- if($mo2f_mail_noyifying_IP == "on"){
209
- wp_send_json('true');
210
- }
211
- else if($mo2f_mail_noyifying_IP == ""){
212
- wp_send_json('false');
213
- }
214
- }
215
- function wpns_all_plans()
216
- {
217
- $mo2f_all_plannames = $_POST['planname'];
218
- $mo_2fa_plan_type = $_POST['planType'];
219
- update_option('mo2f_planname', $mo2f_all_plannames);
220
- if ($mo2f_all_plannames == 'addon_plan')
221
- {
222
- update_option('mo2f_planname', 'addon_plan');
223
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
- }
225
- elseif ($mo2f_all_plannames == '2fa_plan')
226
- {
227
- update_option('mo2f_planname', '2fa_plan');
228
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
- }
230
- }
231
- function wpns_handle_bf_configuration_form(){
232
-
233
- $nonce = $_POST['nonce'];
234
- if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
- wp_send_json('ERROR');
236
- return;
237
- }
238
- $brute_force = $_POST['bf_enabled/disabled'];
239
- if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
- $login_attempts = $_POST['allwed_login_attempts'];
241
- $blocking_type = $_POST['time_of_blocking_type'];
242
- $blocking_value = isset($_POST['time_of_blocking_val']) ? $_POST['time_of_blocking_val'] : false;
243
- $show_login_attempts= $_POST['show_remaining_attempts'];
244
- if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
- if($brute_force == 'on' && $login_attempts == "" ){
246
- wp_send_json('empty');
247
- return;
248
- }
249
- update_option( 'mo2f_enable_brute_force' , $brute_force );
250
- update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
- update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
- update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
- update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
- if($brute_force == "on"){
255
- update_site_option('bruteforce_notification_option',1);
256
- wp_send_json('true');
257
- }
258
- else if($brute_force == ""){
259
- wp_send_json('false');
260
- }
261
-
262
- }
263
- function wpns_handle_IP_blocking()
264
- {
265
-
266
- global $mo2f_dirName;
267
- if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
268
- {
269
- echo "NonceDidNotMatch";
270
- exit;
271
- }
272
- else
273
- {
274
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
275
- }
276
- }
277
- function wpns_whitelist_ip()
278
- {
279
- global $mo2f_dirName;
280
- if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
281
- {
282
- echo "NonceDidNotMatch";
283
- exit;
284
- }
285
- else
286
- {
287
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
288
- }
289
- }
290
-
291
- function wpns_ip_lookup()
292
- {
293
-
294
- if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
295
- {
296
- echo "NonceDidNotMatch";
297
- exit;
298
- }
299
- else
300
- {
301
- $ip = $_POST['IP'];
302
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
303
- {
304
- echo("INVALID_IP_FORMAT");
305
- exit;
306
- }
307
- else if(! filter_var($ip, FILTER_VALIDATE_IP)){
308
- echo("INVALID_IP");
309
- exit;
310
- }
311
- $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
312
- $hostname = gethostbyaddr($result["geoplugin_request"]);
313
- try{
314
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
315
- $timeoffset = $timeoffset/3600;
316
-
317
- }catch(Exception $e){
318
- $result["geoplugin_timezone"]="";
319
- $timeoffset="";
320
- }
321
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
322
- if($result['geoplugin_request']==$ip) {
323
-
324
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
325
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
326
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
327
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
328
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
329
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
330
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
331
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
332
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
333
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
334
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
335
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
336
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
337
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
338
-
339
- $result['ipDetails'] = $ipLookUpTemplate;
340
- }else{
341
- $result["ipDetails"]["status"]="ERROR";
342
- }
343
- wp_send_json( $result );
344
- }
345
- }
346
- function wpns_waf_settings_form()
347
- {
348
- $dir_name = dirname(__FILE__);
349
- $dir_name1 = explode('wp-content', $dir_name);
350
- $dir_name = $dir_name1[0];
351
- $filepath = str_replace('\\', '/', $dir_name1[0]);
352
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
353
-
354
- if(!file_exists($fileName))
355
- {
356
- $file = fopen($fileName, "a+");
357
- $string = "<?php".PHP_EOL;
358
- $string .= '$SQL=1;'.PHP_EOL;
359
- $string .= '$XSS=1;'.PHP_EOL;
360
- $string .= '$RCE=0;'.PHP_EOL;
361
- $string .= '$LFI=0;'.PHP_EOL;
362
- $string .= '$RFI=0;'.PHP_EOL;
363
- $string .= '$RateLimiting=1;'.PHP_EOL;
364
- $string .= '$RequestsPMin=120;'.PHP_EOL;
365
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
366
- $string .= '?>'.PHP_EOL;
367
-
368
- fwrite($file, $string);
369
- fclose($file);
370
- }
371
- else
372
- {
373
- if(!is_writable($fileName) or !is_readable($fileName))
374
- {
375
- echo "FilePermissionDenied";
376
- exit;
377
- }
378
- }
379
-
380
- if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
381
- {
382
- var_dump("NonceDidNotMatch");
383
- exit;
384
- }
385
- else
386
- {
387
- switch ($_POST['optionValue']) {
388
- case "SQL":
389
- $this->savesql(); break;
390
- case "XSS":
391
- $this->savexss(); break;
392
- case "RCE":
393
- $this->saverce(); break;
394
- case "RFI":
395
- $this->saverfi(); break;
396
- case "LFI":
397
- $this->savelfi(); break;
398
- case "WAF":
399
- $this->saveWAF(); break;
400
- case "HWAF":
401
- $this->saveHWAF(); break;
402
- case "backupHtaccess":
403
- $this->backupHtaccess(); break;
404
- case "limitAttack":
405
- $this->limitAttack(); break;
406
- default:
407
- break;
408
- }
409
-
410
- }
411
-
412
- }
413
- function wpns_waf_realtime_ip_block_free()
414
- {
415
- $nonce = sanitize_text_field($_POST['nonce']);
416
- if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
417
- {
418
- echo "NonceDidNotMatch";
419
- exit;
420
- }
421
- else
422
- {
423
- $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
424
-
425
- if($mo2f_realtime_ip_block_free == 'on')
426
- {
427
- update_site_option('mo2f_realtime_ip_block_free',1);
428
- if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
429
- wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
430
- }
431
- wp_send_json('realtime_block_free_enable');
432
- }
433
- else
434
- {
435
- update_site_option('mo2f_realtime_ip_block_free',0);
436
- $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
437
- wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
438
- wp_send_json('realtime_block_free_disable');
439
- }
440
-
441
-
442
- }
443
-
444
- }
445
- function wpns_waf_rate_limiting_form()
446
- {
447
- if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
448
- {
449
- echo "NonceDidNotMatch";
450
- exit;
451
- }
452
- else
453
- {
454
- if(get_site_option('WAFEnabled') != 1)
455
- {
456
- echo "WAFNotEnabled";
457
- exit;
458
- }
459
-
460
- if($_POST['Requests']!='')
461
- {
462
- if(is_numeric($_POST['Requests']))
463
- {
464
- $dir_name = dirname(__FILE__);
465
- $dir_name1 = explode('wp-content', $dir_name);
466
- $dir_name = $dir_name1[0];
467
- $filepath = str_replace('\\', '/', $dir_name1[0]);
468
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
469
-
470
- $file = file_get_contents($fileName);
471
- $data = $file;
472
-
473
- $req = sanitize_text_field($_POST['Requests']);
474
- if($req >1)
475
- {
476
- update_option('Rate_request',$req);
477
- if(isset($_POST['rateCheck']))
478
- {
479
- if($_POST['rateCheck'] == 'on')
480
- {
481
- update_option('Rate_limiting','1');
482
- echo "RateEnabled";
483
- if(strpos($file, 'RateLimiting')!=false)
484
- {
485
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
486
- $data = $file;
487
- file_put_contents($fileName,$file);
488
-
489
- }
490
- else
491
- {
492
- $content = explode('?>', $file);
493
- $file = $content[0];
494
- $file .= PHP_EOL;
495
- $file .= '$RateLimiting=1;'.PHP_EOL;
496
- $file .='?>';
497
- file_put_contents($fileName,$file);
498
- $data = $file;
499
- }
500
-
501
-
502
- }
503
- }
504
- else
505
- {
506
- update_option('Rate_limiting','0');
507
- echo "Ratedisabled";
508
- if(strpos($file, 'RateLimiting')!=false)
509
- {
510
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
511
- $data = $file;
512
- file_put_contents($fileName,$file);
513
- }
514
- else
515
- {
516
- $content = explode('?>', $file);
517
- $file = $content[0];
518
- $file .= PHP_EOL;
519
- $file .= '$RateLimiting=0;'.PHP_EOL;
520
- $file .='?>';
521
- file_put_contents($fileName,$file);
522
- $data = $file;
523
- }
524
-
525
- }
526
-
527
-
528
- $file = $data;
529
- if(strpos($file, 'RequestsPMin')!=false)
530
- {
531
- $content = explode(PHP_EOL, $file);
532
- $con = '';
533
- $len = sizeof($content);
534
-
535
- for($i=0;$i<$len;$i++)
536
- {
537
- if(strpos($content[$i], 'RequestsPMin')!=false)
538
- {
539
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
540
- }
541
- else
542
- {
543
- $con .= $content[$i].PHP_EOL;
544
- }
545
- }
546
-
547
- file_put_contents($fileName,$con);
548
- $data = $con;
549
-
550
- }
551
-
552
- else
553
- {
554
- $content = explode('?>', $file);
555
- $file = $content[0];
556
- $file .= PHP_EOL;
557
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
558
- $file .='?>';
559
- file_put_contents($fileName,$file);
560
- $data = $file;
561
- }
562
-
563
- if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
564
- {
565
- update_option('actionRateL',1);
566
-
567
- $file = $data;
568
- if(strpos($file, 'actionRateL')!=false)
569
- {
570
- $content = explode(PHP_EOL, $file);
571
- $con = '';
572
- foreach ($content as $line => $lineV) {
573
- if(strpos($lineV, 'actionRateL')!=false)
574
- {
575
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
576
- }
577
- else
578
- {
579
- $con .= $lineV.PHP_EOL;
580
- }
581
- }
582
- file_put_contents($fileName,$con);
583
- }
584
- else
585
- {
586
- $content = explode('?>', $file);
587
- $file = $content[0];
588
- $file .= PHP_EOL;
589
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
590
- $file .='?>';
591
- file_put_contents($fileName,$file);
592
- $file = $data;
593
- }
594
- }
595
- else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
596
- {
597
-
598
- $file = $data;
599
- update_option('actionRateL',0);
600
- if(strpos($file, 'actionRateL')!=false)
601
- {
602
- $content = explode(PHP_EOL, $file);
603
- $con = '';
604
- foreach ($content as $line => $lineV) {
605
- if(strpos($lineV, 'actionRateL')!=false)
606
- {
607
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
608
- }
609
- else
610
- {
611
- $con .= $lineV.PHP_EOL;
612
- }
613
- }
614
- file_put_contents($fileName,$con);
615
- }
616
- else
617
- {
618
- $content = explode('?>', $file);
619
- $file = $content[0];
620
- $file .= PHP_EOL;
621
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
622
- $file .='?>';
623
- file_put_contents($fileName,$file);
624
- }
625
- }
626
-
627
- }
628
- exit;
629
- }
630
-
631
-
632
-
633
- }
634
- echo("Error");
635
- exit;
636
- }
637
-
638
-
639
- }
640
-
641
- private function saveWAF()
642
- {
643
- if(isset($_POST['pluginWAF']))
644
- {
645
- if($_POST['pluginWAF']=='on')
646
- {
647
- update_option('WAF','PluginLevel');
648
- update_option('WAFEnabled','1');
649
- echo("PWAFenabled");exit;
650
- }
651
- }
652
- else
653
- {
654
- update_option('WAFEnabled','0');
655
- update_option('WAF','wafDisable');
656
- echo("PWAFdisabled");exit;
657
- }
658
- }
659
- private function saveHWAF()
660
- {
661
- if(!function_exists('mysqli_connect'))
662
- {
663
- echo "mysqliDoesNotExit";
664
- exit;
665
- }
666
- if(isset($_POST['htaccessWAF']))
667
- {
668
- if($_POST['htaccessWAF']=='on')
669
- {
670
- update_option('WAF','HtaccessLevel');
671
- update_option('WAFEnabled','1');
672
- $dir_name = dirname(__FILE__);
673
- $dirN = $dir_name;
674
- $dirN = str_replace('\\', '/', $dirN);
675
- $dirN = str_replace('controllers', 'handler', $dirN);
676
-
677
- $dir_name1 = explode('wp-content', $dir_name);
678
- $dir_name = $dir_name1[0];
679
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
680
- $dir_name .='.htaccess';
681
- $file = file_get_contents($dir_name);
682
- if(strpos($file, 'php_value auto_prepend_file')!=false)
683
- {
684
- echo("WAFConflicts");
685
- exit;
686
- }
687
-
688
- $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
689
- $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
690
- $cont .= '# END miniOrange WAF'.PHP_EOL;
691
- file_put_contents($dir_name, $cont);
692
-
693
- $filecontent = file_get_contents($dir_name);
694
-
695
- $dir_name = dirname(__FILE__);
696
- $dir_name1 = explode('wp-content', $dir_name);
697
- $dir_name = $dir_name1[0];
698
- $filepath = str_replace('\\', '/', $dir_name1[0]);
699
- $fileName = $filepath.'mo-check.php';
700
- $file = fopen($fileName, 'w+');
701
- $dir_name = dirname(__FILE__);
702
- $filepath = str_replace('\\', '/', $dir_name);
703
- $filepath = explode('controllers', $filepath);
704
- $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
705
-
706
- $string = '<?php'.PHP_EOL;
707
- $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
708
- $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
709
- $string .= '?>'.PHP_EOL;
710
-
711
- fwrite($file, $string);
712
- fclose($file);
713
-
714
- if(strpos($filecontent,'mo-check.php')!=false)
715
- {
716
- echo "HWAFEnabled";
717
- exit;
718
- }
719
- else
720
- {
721
- echo "HWAFEnabledFailed";
722
- exit;
723
- }
724
- }
725
- }
726
- else
727
- {
728
- update_option('WAF','wafDisable');
729
- if(isset($_POST['pluginWAF']))
730
- {
731
- if($_POST['pluginWAF'] == 'on')
732
- {
733
- update_option('WAFEnabled',1);
734
- update_option('WAF','PluginLevel');
735
- }
736
- }
737
- else
738
- update_option('WAFEnabled',0);
739
- $dir_name = dirname(__FILE__);
740
- $dirN = $dir_name;
741
- $dirN = str_replace('\\', '/', $dirN);
742
- $dirN = explode('wp-content', $dirN);
743
- $dir_name1 = explode('wp-content', $dir_name);
744
- $dir_name = $dir_name1[0];
745
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
746
- $dir_name00 = $dir_name1;
747
- $dir_name1 .='.htaccess';
748
- $file = file_get_contents($dir_name1);
749
-
750
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
751
- $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
752
- $cont .= '# END miniOrange WAF'.PHP_EOL;
753
- $file =str_replace($cont,'',$file);
754
- file_put_contents($dir_name1, $file);
755
-
756
- $filecontent = file_get_contents($dir_name1);
757
- if(strpos($filecontent,'mo-check.php')==false)
758
- {
759
- echo "HWAFdisabled";
760
- exit;
761
- }
762
- else
763
- {
764
- echo "HWAFdisabledFailed";
765
- exit;
766
- }
767
- }
768
-
769
-
770
- }
771
- private function savesql()
772
- {
773
- if(isset($_POST['SQL']))
774
- {
775
- if($_POST['SQL']=='on')
776
- {
777
- update_option('SQLInjection',1);
778
- $dir_name = dirname(__FILE__);
779
- $dir_name1 = explode('wp-content', $dir_name);
780
- $dir_name = $dir_name1[0];
781
- $filepath = str_replace('\\', '/', $dir_name1[0]);
782
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
783
-
784
- $file = file_get_contents($fileName);
785
- if(strpos($file, 'SQL')!=false)
786
- {
787
- $file = str_replace('$SQL=0;', '$SQL=1;', $file);
788
- file_put_contents($fileName,$file);
789
- }
790
- else
791
- {
792
- $content = explode('?>', $file);
793
- $file = $content[0];
794
- $file .= PHP_EOL;
795
- $file .= '$SQL=1;'.PHP_EOL;
796
- $file .='?>';
797
- file_put_contents($fileName,$file);
798
- }
799
- echo("SQLenable");
800
- exit;
801
-
802
- }
803
- }
804
- else
805
- {
806
- update_option('SQLInjection',0);
807
-
808
- $dir_name = dirname(__FILE__);
809
- $dir_name1 = explode('wp-content', $dir_name);
810
- $dir_name = $dir_name1[0];
811
- $filepath = str_replace('\\', '/', $dir_name1[0]);
812
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
813
-
814
- $file = file_get_contents($fileName);
815
- if(strpos($file, '$SQL')!=false)
816
- {
817
- $file = str_replace('$SQL=1;', '$SQL=0;', $file);
818
- file_put_contents($fileName,$file);
819
- }
820
- else
821
- {
822
- $content = explode('?>', $file);
823
- $file = $content[0];
824
- $file .= PHP_EOL;
825
- $file .= '$SQL=0;'.PHP_EOL;
826
- $file .='?>';
827
- file_put_contents($fileName,$file);
828
- }
829
-
830
- echo("SQLdisable");
831
- exit;
832
-
833
- }
834
-
835
- }
836
- private function saverce()
837
- {
838
- if(isset($_POST['RCE']))
839
- {
840
- if($_POST['RCE']=='on')
841
- {
842
- update_option('RCEAttack',1);
843
-
844
- $dir_name = dirname(__FILE__);
845
- $dir_name1 = explode('wp-content', $dir_name);
846
- $dir_name = $dir_name1[0];
847
- $filepath = str_replace('\\', '/', $dir_name1[0]);
848
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
849
-
850
- $file = file_get_contents($fileName);
851
- if(strpos($file, 'RCE')!=false)
852
- {
853
- $file = str_replace('$RCE=0;', '$RCE=1;', $file);
854
- file_put_contents($fileName,$file);
855
- }
856
- else
857
- {
858
- $content = explode('?>', $file);
859
- $file = $content[0];
860
- $file .= PHP_EOL;
861
- $file .= '$RCE=1;'.PHP_EOL;
862
- $file .='?>';
863
- file_put_contents($fileName,$file);
864
- }
865
- echo("RCEenable");
866
- exit;
867
- }
868
- }
869
- else
870
- {
871
- update_option('RCEAttack',0);
872
-
873
- $dir_name = dirname(__FILE__);
874
- $dir_name1 = explode('wp-content', $dir_name);
875
- $dir_name = $dir_name1[0];
876
- $filepath = str_replace('\\', '/', $dir_name1[0]);
877
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
878
-
879
- $file = file_get_contents($fileName);
880
- if(strpos($file, '$RCE')!=false)
881
- {
882
- $file = str_replace('$RCE=1;', '$RCE=0;', $file);
883
- file_put_contents($fileName,$file);
884
- }
885
- else
886
- {
887
- $content = explode('?>', $file);
888
- $file = $content[0];
889
- $file .= PHP_EOL;
890
- $file .= '$RCE=0;'.PHP_EOL;
891
- $file .='?>';
892
- file_put_contents($fileName,$file);
893
- }
894
- echo("RCEdisable");
895
- exit;
896
-
897
- }
898
-
899
- }
900
- private function savexss()
901
- {
902
- if(isset($_POST['XSS']))
903
- {
904
- if($_POST['XSS']=='on')
905
- {
906
- update_option('XSSAttack',1);
907
- $dir_name = dirname(__FILE__);
908
- $dir_name1 = explode('wp-content', $dir_name);
909
- $dir_name = $dir_name1[0];
910
- $filepath = str_replace('\\', '/', $dir_name1[0]);
911
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
912
-
913
- $file = file_get_contents($fileName);
914
- if(strpos($file, 'XSS')!=false)
915
- {
916
- $file = str_replace('$XSS=0;', '$XSS=1;', $file);
917
- file_put_contents($fileName,$file);
918
- }
919
- else
920
- {
921
- $content = explode('?>', $file);
922
- $file = $content[0];
923
- $file .= PHP_EOL;
924
- $file .= '$XSS=1;'.PHP_EOL;
925
- $file .='?>';
926
- file_put_contents($fileName,$file);
927
- }
928
- echo("XSSenable");
929
- exit;
930
- }
931
- }
932
- else
933
- {
934
- update_option('XSSAttack',0);
935
- $dir_name = dirname(__FILE__);
936
- $dir_name1 = explode('wp-content', $dir_name);
937
- $dir_name = $dir_name1[0];
938
- $filepath = str_replace('\\', '/', $dir_name1[0]);
939
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
940
-
941
- $file = file_get_contents($fileName);
942
- if(strpos($file, '$XSS')!=false)
943
- {
944
- $file = str_replace('$XSS=1;', '$XSS=0;', $file);
945
- file_put_contents($fileName,$file);
946
- }
947
- else
948
- {
949
- $content = explode('?>', $file);
950
- $file = $content[0];
951
- $file .= PHP_EOL;
952
- $file .= '$XSS=0;'.PHP_EOL;
953
- $file .='?>';
954
- file_put_contents($fileName,$file);
955
- }
956
- echo("XSSdisable");
957
- exit;
958
- }
959
-
960
- }
961
- private function savelfi()
962
- {
963
- if(isset($_POST['LFI']))
964
- {
965
- if($_POST['LFI']=='on')
966
- {
967
- update_option('LFIAttack',1);
968
- $dir_name = dirname(__FILE__);
969
- $dir_name1 = explode('wp-content', $dir_name);
970
- $dir_name = $dir_name1[0];
971
- $filepath = str_replace('\\', '/', $dir_name1[0]);
972
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
973
-
974
- $file = file_get_contents($fileName);
975
- if(strpos($file, 'LFI')!=false)
976
- {
977
- $file = str_replace("LFI=0;", "LFI=1;", $file);
978
- file_put_contents($fileName,$file);
979
- }
980
- else
981
- {
982
- $content = explode('?>', $file);
983
- $file = $content[0];
984
- $file .= PHP_EOL;
985
- $file .= '$LFI=1;'.PHP_EOL;
986
- $file .='?>';
987
- file_put_contents($fileName,$file);
988
- }
989
- $file = file_get_contents($fileName);
990
-
991
- echo("LFIenable");
992
- exit;
993
- }
994
- }
995
- else
996
- {
997
- update_option('LFIAttack',0);
998
- $dir_name = dirname(__FILE__);
999
- $dir_name1 = explode('wp-content', $dir_name);
1000
- $dir_name = $dir_name1[0];
1001
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1002
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1003
-
1004
- $file = file_get_contents($fileName);
1005
- if(strpos($file, '$LFI')!=false)
1006
- {
1007
- $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1008
- file_put_contents($fileName,$file);
1009
- }
1010
- else
1011
- {
1012
- $content = explode('?>', $file);
1013
- $file = $content[0];
1014
- $file .= PHP_EOL;
1015
- $file .= '$LFI=0;'.PHP_EOL;
1016
- $file .='?>';
1017
- file_put_contents($fileName,$file);
1018
- }
1019
- echo("LFIdisable");
1020
- exit;
1021
- }
1022
-
1023
- }
1024
- private function saverfi()
1025
- {
1026
- if(isset($_POST['RFI']))
1027
- {
1028
- if($_POST['RFI']=='on')
1029
- {
1030
- update_option('RFIAttack',1);
1031
- $dir_name = dirname(__FILE__);
1032
- $dir_name1 = explode('wp-content', $dir_name);
1033
- $dir_name = $dir_name1[0];
1034
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1035
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1036
-
1037
- $file = file_get_contents($fileName);
1038
- if(strpos($file, 'RFI')!=false)
1039
- {
1040
- $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1041
- file_put_contents($fileName,$file);
1042
- }
1043
- else
1044
- {
1045
- $content = explode('?>', $file);
1046
- $file = $content[0];
1047
- $file .= PHP_EOL;
1048
- $file .= '$RFI=1;'.PHP_EOL;
1049
- $file .='?>';
1050
- file_put_contents($fileName,$file);
1051
- }
1052
- echo("RFIenable");
1053
- exit;
1054
- }
1055
- }
1056
- else
1057
- {
1058
- update_option('RFIAttack',0);
1059
- $dir_name = dirname(__FILE__);
1060
- $dir_name1 = explode('wp-content', $dir_name);
1061
- $dir_name = $dir_name1[0];
1062
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1063
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1064
-
1065
- $file = file_get_contents($fileName);
1066
- if(strpos($file, '$RFI')!=false)
1067
- {
1068
- $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1069
- file_put_contents($fileName,$file);
1070
- }
1071
- else
1072
- {
1073
- $content = explode('?>', $file);
1074
- $file = $content[0];
1075
- $file .= PHP_EOL;
1076
- $file .= '$RFI=0;'.PHP_EOL;
1077
- $file .='?>';
1078
- file_put_contents($fileName,$file);
1079
- }
1080
- echo("RFIdisable");
1081
- exit;
1082
- }
1083
-
1084
- }
1085
- private function saveRateL()
1086
- {
1087
-
1088
- if($_POST['time']!='' && $_POST['req']!='')
1089
- {
1090
- if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1091
- {
1092
- $dir_name = dirname(__FILE__);
1093
- $dir_name1 = explode('wp-content', $dir_name);
1094
- $dir_name = $dir_name1[0];
1095
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1096
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1097
-
1098
- $file = file_get_contents($fileName);
1099
- $data = $file;
1100
- $time = sanitize_text_field($_POST['time']);
1101
- $req = sanitize_text_field($_POST['req']);
1102
- if($time>0 && $req >0)
1103
- {
1104
- update_option('Rate_time',$time);
1105
- update_option('Rate_request',$req);
1106
- update_option('Rate_limiting','1');
1107
-
1108
- if(strpos($file, 'RateLimiting')!=false)
1109
- {
1110
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1111
- $data = $file;
1112
- file_put_contents($fileName,$file);
1113
- }
1114
- else
1115
- {
1116
- $content = explode('?>', $file);
1117
- $file = $content[0];
1118
- $file .= PHP_EOL;
1119
- $file .= '$RateLimiting=1;'.PHP_EOL;
1120
- $file .='?>';
1121
- file_put_contents($fileName,$file);
1122
- $data = $file;
1123
- }
1124
-
1125
- $file = $data;
1126
- if(strpos($file, 'RequestsPMin')!=false)
1127
- {
1128
- $content = explode(PHP_EOL, $file);
1129
- $con = '';
1130
- $len = sizeof($content);
1131
-
1132
- for($i=0;$i<$len;$i++)
1133
- {
1134
- if(strpos($content[$i], 'RequestsPMin')!=false)
1135
- {
1136
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1137
- }
1138
- else
1139
- {
1140
- $con .= $content[$i].PHP_EOL;
1141
- }
1142
- }
1143
-
1144
- file_put_contents($fileName,$con);
1145
- $data = $con;
1146
-
1147
- }
1148
-
1149
- else
1150
- {
1151
- $content = explode('?>', $file);
1152
- $file = $content[0];
1153
- $file .= PHP_EOL;
1154
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1155
- $file .='?>';
1156
- file_put_contents($fileName,$file);
1157
- $data = $file;
1158
- }
1159
-
1160
-
1161
-
1162
- if($_POST['action']=='BlockIP')
1163
- {
1164
- update_option('actionRateL',1);
1165
-
1166
- $file = $data;
1167
- if(strpos($file, 'actionRateL')!=false)
1168
- {
1169
- $content = explode(PHP_EOL, $file);
1170
- $con = '';
1171
- foreach ($content as $line => $lineV) {
1172
- if(strpos($lineV, 'actionRateL')!=false)
1173
- {
1174
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
1175
- }
1176
- else
1177
- {
1178
- $con .= $lineV.PHP_EOL;
1179
- }
1180
- }
1181
- file_put_contents($fileName,$con);
1182
- }
1183
- else
1184
- {
1185
- $content = explode('?>', $file);
1186
- $file = $content[0];
1187
- $file .= PHP_EOL;
1188
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1189
- $file .='?>';
1190
- file_put_contents($fileName,$file);
1191
- $file = $data;
1192
- }
1193
- }
1194
- elseif($_POST['action']=='ThrottleIP')
1195
- {
1196
- $file = $data;
1197
- update_option('actionRateL',0);
1198
- if(strpos($file, 'actionRateL')!=false)
1199
- {
1200
- $content = explode(PHP_EOL, $file);
1201
- $con = '';
1202
- foreach ($content as $line => $lineV) {
1203
- if(strpos($lineV, 'actionRateL')!=false)
1204
- {
1205
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1206
- }
1207
- else
1208
- {
1209
- $con .= $lineV.PHP_EOL;
1210
- }
1211
- }
1212
- file_put_contents($fileName,$con);
1213
- }
1214
- else
1215
- {
1216
- $content = explode('?>', $file);
1217
- $file = $content[0];
1218
- $file .= PHP_EOL;
1219
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1220
- $file .='?>';
1221
- file_put_contents($fileName,$file);
1222
- }
1223
- }
1224
-
1225
- }
1226
-
1227
- }
1228
-
1229
- }
1230
-
1231
- }
1232
- private function disableRL()
1233
- {
1234
- update_option('Rate_limiting',0);
1235
-
1236
- $dir_name = dirname(__FILE__);
1237
- $dir_name1 = explode('wp-content', $dir_name);
1238
- $dir_name = $dir_name1[0];
1239
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1240
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1241
- $file = file_get_contents($fileName);
1242
-
1243
- if(strpos($file, 'RateLimiting')!=false)
1244
- {
1245
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1246
- file_put_contents($fileName,$file);
1247
- }
1248
- else
1249
- {
1250
- $content = explode('?>', $file);
1251
- $file = $content[0];
1252
- $file .= PHP_EOL;
1253
- $file .= '$RateLimiting=0;'.PHP_EOL;
1254
- $file .='?>';
1255
- file_put_contents($fileName,$file);
1256
- }
1257
-
1258
- }
1259
- private function backupHtaccess()
1260
- {
1261
- if(isset($_POST['htaccessWAF']))
1262
- {
1263
- if($_POST['htaccessWAF']=='on')
1264
- {
1265
- $dir_name = dirname(__FILE__);
1266
- $dirN = $dir_name;
1267
- $dirN = str_replace('\\', '/', $dirN);
1268
- $dir_name1 = explode('wp-content', $dir_name);
1269
- $dir_name = $dir_name1[0];
1270
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1271
- $dir_name =$dir_name1.'.htaccess';
1272
- $file = file_get_contents($dir_name);
1273
- $dir_backup = $dir_name1.'htaccess';
1274
- $handle = fopen($dir_backup, 'c+');
1275
- fwrite($handle,$file);
1276
- }
1277
- }
1278
- }
1279
- private function limitAttack()
1280
- {
1281
- if(isset($_POST['limitAttack']))
1282
- {
1283
- $value = sanitize_text_field($_POST['limitAttack']);
1284
- if($value>1)
1285
- {
1286
- update_option('limitAttack',$value);
1287
- echo "limitSaved";
1288
- exit;
1289
- }
1290
- else
1291
- {
1292
- echo "limitIsLT1";
1293
- exit;
1294
- }
1295
-
1296
- }
1297
- }
1298
-
1299
-
1300
-
1301
- function wpns_captcha_settings(){
1302
-
1303
- $nonce=sanitize_text_field($_POST['nonce']);
1304
- if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1305
- wp_send_json('ERROR');
1306
- return;
1307
- }
1308
-
1309
- $site_key = sanitize_text_field($_POST['site_key']);
1310
- $secret_key = sanitize_text_field($_POST['secret_key']);
1311
- $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1312
- $login_form_captcha = sanitize_text_field($_POST['login_form']);
1313
- $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1314
-
1315
- if((isset($_POST['version'])))
1316
- {
1317
- $mo2f_g_version = sanitize_text_field($_POST['version']);
1318
- }
1319
- else $mo2f_g_version='reCAPTCHA_v3';
1320
-
1321
- if($enable_captcha == 'true') $enable_captcha = "on";
1322
- else if($enable_captcha == 'false') $enable_captcha = "";
1323
-
1324
- if($login_form_captcha == 'true') $login_form_captcha = "on";
1325
- else if($login_form_captcha == 'false') $login_form_captcha = "";
1326
-
1327
- if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1328
- else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1329
-
1330
- if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1331
- wp_send_json('empty');
1332
- return;
1333
- }
1334
-
1335
-
1336
- if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1337
- wp_send_json('version_select');
1338
- return;
1339
- }
1340
- if($mo2f_g_version=='reCAPTCHA_v2')
1341
- {
1342
-
1343
- update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1344
- update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1345
- }
1346
- if($mo2f_g_version=='reCAPTCHA_v3')
1347
- {
1348
-
1349
- update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1350
- update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1351
- }
1352
-
1353
- update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1354
- update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1355
-
1356
-
1357
- if($enable_captcha == "on"){
1358
- update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1359
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1360
- update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1361
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1362
- update_site_option('recaptcha_notification_option',1);
1363
- wp_send_json('true');
1364
- }
1365
- else if($enable_captcha == ""){
1366
- update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1367
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1368
- update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1369
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1370
- wp_send_json('false');
1371
- }
1372
-
1373
- }
1374
-
1375
- function wpns_strong_password_settings(){
1376
- $nonce = $_POST['nonce'];
1377
- if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1378
- wp_send_json('ERROR');
1379
- return;
1380
- }
1381
- $enable_strong_pass = $_POST['enable_strong_pass'];
1382
- if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1383
- $strong_pass_accounts = $_POST['accounts_strong_pass'];
1384
- update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1385
- update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1386
- if($enable_strong_pass){
1387
- update_option('mo_wpns_enable_rename_login_url',"");
1388
- wp_send_json('true');
1389
- }
1390
- else{
1391
- wp_send_json('false');
1392
- }
1393
- }
1394
-
1395
- }
1396
- new wpns_ajax;
1397
-
1398
- ?>
1
+ <?php
2
+ class wpns_ajax
3
+ {
4
+ function __construct(){
5
+ //add comment here
6
+ add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
+ add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
+ }
9
+
10
+ function mo_login_security_ajax(){
11
+
12
+ add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
+ add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
+ add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
+ }
16
+
17
+ function mo2f_ajax(){
18
+ $GLOBALS['mo2f_is_ajax_request'] = true;
19
+ switch ($_POST['mo2f_ajax_option']) {
20
+ case "mo2f_ajax_kba":
21
+ $this->mo2f_ajax_kba();break;
22
+ case "mo2f_ajax_login":
23
+ $this->mo2f_ajax_login(); break;
24
+ case "mo2f_ajax_otp":
25
+ $this->mo2f_ajax_otp(); break;
26
+ }
27
+ }
28
+ function mo2fa_elementor_ajax_fun()
29
+ {
30
+
31
+ if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
+ $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
+ wp_send_json('ERROR');
35
+ }
36
+ if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
+ {
38
+ $info = array();
39
+ $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
+ $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
+ $info['remember'] = false;
42
+ $user_signon = wp_signon($info, false);
43
+ if (is_wp_error($user_signon)) {
44
+ wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
+ }
46
+ }
47
+ }
48
+ }
49
+ function wpns_login_security(){
50
+ switch($_POST['wpns_loginsecurity_ajax'])
51
+ {
52
+ case "wpns_bruteforce_form":
53
+ $this->wpns_handle_bf_configuration_form(); break;
54
+ case "wpns_save_captcha":
55
+ $this->wpns_captcha_settings();break;
56
+ case "save_strong_password":
57
+ $this->wpns_strong_password_settings();break;
58
+ case 'wpns_ManualIPBlock_form':
59
+ $this->wpns_handle_IP_blocking();break;
60
+ case 'wpns_WhitelistIP_form':
61
+ $this->wpns_whitelist_ip(); break;
62
+ case 'wpns_waf_settings_form':
63
+ $this->wpns_waf_settings_form(); break;
64
+ case 'wpns_waf_rate_limiting_form':
65
+ $this->wpns_waf_rate_limiting_form(); break;
66
+ case 'wpns_waf_realtime_ip_block_free':
67
+ $this->wpns_waf_realtime_ip_block_free();break;
68
+ case 'wpns_ip_lookup':
69
+ $this->wpns_ip_lookup(); break;
70
+ case 'wpns_all_plans':
71
+ $this->wpns_all_plans(); break;
72
+ case 'wpns_logout_form':
73
+ $this->wpns_logout_form(); break;
74
+ case 'wpns_check_transaction':
75
+ $this->wpns_check_transaction(); break;
76
+ case 'waf_settings_mail_form_notify':
77
+ $this->waf_settings_mail_form_notify(); break;
78
+ case 'waf_settings_IP_mail_form':
79
+ $this->waf_settings_IP_mail_form();break;
80
+ case 'update_plan':
81
+ $this->update_plan(); break;
82
+ }
83
+ }
84
+
85
+ function update_plan(){
86
+ $mo2f_all_plannames = $_POST['planname'];
87
+ $mo_2fa_plan_type = $_POST['planType'];
88
+ update_option('mo2f_planname', $mo2f_all_plannames);
89
+ if ($mo2f_all_plannames == 'addon_plan')
90
+ {
91
+ update_option('mo2f_planname', 'addon_plan');
92
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
+ }
94
+ elseif ($mo2f_all_plannames == '2fa_plan')
95
+ {
96
+ update_option('mo2f_planname', '2fa_plan');
97
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
+ }
99
+ }
100
+
101
+
102
+ function mo2f_ajax_otp(){
103
+ $obj = new Miniorange_Password_2Factor_Login();
104
+ $obj->check_miniorange_soft_token($_POST);
105
+ }
106
+ function mo2f_ajax_kba(){
107
+ $obj = new Miniorange_Password_2Factor_Login();
108
+ $obj->check_kba_validation($_POST);
109
+ }
110
+
111
+ function wpns_check_transaction()
112
+ {
113
+ $customerT = new Customer_Cloud_Setup();
114
+
115
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
116
+ if($content['status'] == 'SUCCESS')
117
+ {
118
+ update_site_option('mo2f_license_type','PREMIUM');
119
+ }
120
+ else
121
+ {
122
+ update_site_option('mo2f_license_type','DEMO');
123
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
+ }
125
+ if(isset($content['smsRemaining']))
126
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
+ else if($content['status'] =='SUCCESS')
128
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
+
130
+
131
+ if(isset($content['emailRemaining']))
132
+ {
133
+ $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
+ if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
+ {
136
+ $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
+ if($available_transaction>30)
138
+ $currentTransaction = $currentTransaction-$available_transaction;
139
+
140
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
+ }
143
+
144
+ }
145
+
146
+ }
147
+
148
+ function mo2f_ajax_login()
149
+ {
150
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
+ {
152
+ wp_send_json("ERROR");
153
+ exit;
154
+ }
155
+ else
156
+ {
157
+ $username = sanitize_text_field($_POST['username']);
158
+ $password = sanitize_text_field($_POST['password'] );
159
+ apply_filters( 'authenticate', null, $username, $password );
160
+ }
161
+ }
162
+ function wpns_logout_form()
163
+ {
164
+ global $moWpnsUtility;
165
+ if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
+ delete_option('mo2f_email');
167
+ }
168
+ delete_option('mo2f_customerKey');
169
+ delete_option('mo2f_api_key');
170
+ delete_option('mo2f_customer_token');
171
+ delete_option('mo_wpns_transactionId');
172
+ delete_site_option('EmailTransactionCurrent');
173
+ delete_option('mo_wpns_registration_status');
174
+ delete_option( 'mo_2factor_admin_registration_status' );
175
+
176
+ $two_fa_settings = new Miniorange_Authentication();
177
+ $two_fa_settings->mo_auth_deactivate();
178
+
179
+ }
180
+ // It is the new line added for the database updation
181
+ function waf_settings_mail_form_notify()
182
+ {
183
+ $nonce = sanitize_text_field($_POST['nonce']);
184
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
+ wp_send_json('ERROR');
186
+ return;
187
+ }
188
+ if(isset($_POST['S_mail']))
189
+ {
190
+ $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
+ update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
+ wp_send_json('true');
193
+ }
194
+ else{
195
+ wp_send_json('false');
196
+
197
+ }
198
+ }
199
+ function waf_settings_IP_mail_form()
200
+ {
201
+ $nonce = sanitize_text_field($_POST['nonce']);
202
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
+ wp_send_json('ERROR');
204
+ return;
205
+ }
206
+ $mo2f_mail_noyifying_IP = sanitize_text_field($_POST['Smail']);
207
+ update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
+ if($mo2f_mail_noyifying_IP == "on"){
209
+ wp_send_json('true');
210
+ }
211
+ else if($mo2f_mail_noyifying_IP == ""){
212
+ wp_send_json('false');
213
+ }
214
+ }
215
+ function wpns_all_plans()
216
+ {
217
+ $mo2f_all_plannames = $_POST['planname'];
218
+ $mo_2fa_plan_type = $_POST['planType'];
219
+ update_option('mo2f_planname', $mo2f_all_plannames);
220
+ if ($mo2f_all_plannames == 'addon_plan')
221
+ {
222
+ update_option('mo2f_planname', 'addon_plan');
223
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
+ }
225
+ elseif ($mo2f_all_plannames == '2fa_plan')
226
+ {
227
+ update_option('mo2f_planname', '2fa_plan');
228
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
+ }
230
+ }
231
+ function wpns_handle_bf_configuration_form(){
232
+
233
+ $nonce = $_POST['nonce'];
234
+ if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
+ wp_send_json('ERROR');
236
+ return;
237
+ }
238
+ $brute_force = $_POST['bf_enabled/disabled'];
239
+ if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
+ $login_attempts = $_POST['allwed_login_attempts'];
241
+ $blocking_type = $_POST['time_of_blocking_type'];
242
+ $blocking_value = isset($_POST['time_of_blocking_val']) ? $_POST['time_of_blocking_val'] : false;
243
+ $show_login_attempts= $_POST['show_remaining_attempts'];
244
+ if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
+ if($brute_force == 'on' && $login_attempts == "" ){
246
+ wp_send_json('empty');
247
+ return;
248
+ }
249
+ update_option( 'mo2f_enable_brute_force' , $brute_force );
250
+ update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
+ update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
+ update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
+ update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
+ if($brute_force == "on"){
255
+ update_site_option('bruteforce_notification_option',1);
256
+ wp_send_json('true');
257
+ }
258
+ else if($brute_force == ""){
259
+ wp_send_json('false');
260
+ }
261
+
262
+ }
263
+ function wpns_handle_IP_blocking()
264
+ {
265
+
266
+ global $mo2f_dirName;
267
+ if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
268
+ {
269
+ echo "NonceDidNotMatch";
270
+ exit;
271
+ }
272
+ else
273
+ {
274
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
275
+ }
276
+ }
277
+ function wpns_whitelist_ip()
278
+ {
279
+ global $mo2f_dirName;
280
+ if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
281
+ {
282
+ echo "NonceDidNotMatch";
283
+ exit;
284
+ }
285
+ else
286
+ {
287
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
288
+ }
289
+ }
290
+
291
+ function wpns_ip_lookup()
292
+ {
293
+
294
+ if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
295
+ {
296
+ echo "NonceDidNotMatch";
297
+ exit;
298
+ }
299
+ else
300
+ {
301
+ $ip = $_POST['IP'];
302
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
303
+ {
304
+ echo("INVALID_IP_FORMAT");
305
+ exit;
306
+ }
307
+ else if(! filter_var($ip, FILTER_VALIDATE_IP)){
308
+ echo("INVALID_IP");
309
+ exit;
310
+ }
311
+ $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
312
+ $hostname = gethostbyaddr($result["geoplugin_request"]);
313
+ try{
314
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
315
+ $timeoffset = $timeoffset/3600;
316
+
317
+ }catch(Exception $e){
318
+ $result["geoplugin_timezone"]="";
319
+ $timeoffset="";
320
+ }
321
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
322
+ if($result['geoplugin_request']==$ip) {
323
+
324
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
325
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
326
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
327
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
328
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
329
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
330
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
331
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
332
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
333
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
334
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
335
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
336
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
337
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
338
+
339
+ $result['ipDetails'] = $ipLookUpTemplate;
340
+ }else{
341
+ $result["ipDetails"]["status"]="ERROR";
342
+ }
343
+ wp_send_json( $result );
344
+ }
345
+ }
346
+ function wpns_waf_settings_form()
347
+ {
348
+ $dir_name = dirname(__FILE__);
349
+ $dir_name1 = explode('wp-content', $dir_name);
350
+ $dir_name = $dir_name1[0];
351
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
352
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
353
+
354
+ if(!file_exists($fileName))
355
+ {
356
+ $file = fopen($fileName, "a+");
357
+ $string = "<?php".PHP_EOL;
358
+ $string .= '$SQL=1;'.PHP_EOL;
359
+ $string .= '$XSS=1;'.PHP_EOL;
360
+ $string .= '$RCE=0;'.PHP_EOL;
361
+ $string .= '$LFI=0;'.PHP_EOL;
362
+ $string .= '$RFI=0;'.PHP_EOL;
363
+ $string .= '$RateLimiting=1;'.PHP_EOL;
364
+ $string .= '$RequestsPMin=120;'.PHP_EOL;
365
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
366
+ $string .= '?>'.PHP_EOL;
367
+
368
+ fwrite($file, $string);
369
+ fclose($file);
370
+ }
371
+ else
372
+ {
373
+ if(!is_writable($fileName) or !is_readable($fileName))
374
+ {
375
+ echo "FilePermissionDenied";
376
+ exit;
377
+ }
378
+ }
379
+
380
+ if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
381
+ {
382
+ var_dump("NonceDidNotMatch");
383
+ exit;
384
+ }
385
+ else
386
+ {
387
+ switch ($_POST['optionValue']) {
388
+ case "SQL":
389
+ $this->savesql(); break;
390
+ case "XSS":
391
+ $this->savexss(); break;
392
+ case "RCE":
393
+ $this->saverce(); break;
394
+ case "RFI":
395
+ $this->saverfi(); break;
396
+ case "LFI":
397
+ $this->savelfi(); break;
398
+ case "WAF":
399
+ $this->saveWAF(); break;
400
+ case "HWAF":
401
+ $this->saveHWAF(); break;
402
+ case "backupHtaccess":
403
+ $this->backupHtaccess(); break;
404
+ case "limitAttack":
405
+ $this->limitAttack(); break;
406
+ default:
407
+ break;
408
+ }
409
+
410
+ }
411
+
412
+ }
413
+ function wpns_waf_realtime_ip_block_free()
414
+ {
415
+ $nonce = sanitize_text_field($_POST['nonce']);
416
+ if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
417
+ {
418
+ echo "NonceDidNotMatch";
419
+ exit;
420
+ }
421
+ else
422
+ {
423
+ $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
424
+
425
+ if($mo2f_realtime_ip_block_free == 'on')
426
+ {
427
+ update_site_option('mo2f_realtime_ip_block_free',1);
428
+ if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
429
+ wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
430
+ }
431
+ wp_send_json('realtime_block_free_enable');
432
+ }
433
+ else
434
+ {
435
+ update_site_option('mo2f_realtime_ip_block_free',0);
436
+ $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
437
+ wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
438
+ wp_send_json('realtime_block_free_disable');
439
+ }
440
+
441
+
442
+ }
443
+
444
+ }
445
+ function wpns_waf_rate_limiting_form()
446
+ {
447
+ if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
448
+ {
449
+ echo "NonceDidNotMatch";
450
+ exit;
451
+ }
452
+ else
453
+ {
454
+ if(get_site_option('WAFEnabled') != 1)
455
+ {
456
+ echo "WAFNotEnabled";
457
+ exit;
458
+ }
459
+
460
+ if($_POST['Requests']!='')
461
+ {
462
+ if(is_numeric($_POST['Requests']))
463
+ {
464
+ $dir_name = dirname(__FILE__);
465
+ $dir_name1 = explode('wp-content', $dir_name);
466
+ $dir_name = $dir_name1[0];
467
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
468
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
469
+
470
+ $file = file_get_contents($fileName);
471
+ $data = $file;
472
+
473
+ $req = sanitize_text_field($_POST['Requests']);
474
+ if($req >1)
475
+ {
476
+ update_option('Rate_request',$req);
477
+ if(isset($_POST['rateCheck']))
478
+ {
479
+ if($_POST['rateCheck'] == 'on')
480
+ {
481
+ update_option('Rate_limiting','1');
482
+ echo "RateEnabled";
483
+ if(strpos($file, 'RateLimiting')!=false)
484
+ {
485
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
486
+ $data = $file;
487
+ file_put_contents($fileName,$file);
488
+
489
+ }
490
+ else
491
+ {
492
+ $content = explode('?>', $file);
493
+ $file = $content[0];
494
+ $file .= PHP_EOL;
495
+ $file .= '$RateLimiting=1;'.PHP_EOL;
496
+ $file .='?>';
497
+ file_put_contents($fileName,$file);
498
+ $data = $file;
499
+ }
500
+
501
+
502
+ }
503
+ }
504
+ else
505
+ {
506
+ update_option('Rate_limiting','0');
507
+ echo "Ratedisabled";
508
+ if(strpos($file, 'RateLimiting')!=false)
509
+ {
510
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
511
+ $data = $file;
512
+ file_put_contents($fileName,$file);
513
+ }
514
+ else
515
+ {
516
+ $content = explode('?>', $file);
517
+ $file = $content[0];
518
+ $file .= PHP_EOL;
519
+ $file .= '$RateLimiting=0;'.PHP_EOL;
520
+ $file .='?>';
521
+ file_put_contents($fileName,$file);
522
+ $data = $file;
523
+ }
524
+
525
+ }
526
+
527
+
528
+ $file = $data;
529
+ if(strpos($file, 'RequestsPMin')!=false)
530
+ {
531
+ $content = explode(PHP_EOL, $file);
532
+ $con = '';
533
+ $len = sizeof($content);
534
+
535
+ for($i=0;$i<$len;$i++)
536
+ {
537
+ if(strpos($content[$i], 'RequestsPMin')!=false)
538
+ {
539
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
540
+ }
541
+ else
542
+ {
543
+ $con .= $content[$i].PHP_EOL;
544
+ }
545
+ }
546
+
547
+ file_put_contents($fileName,$con);
548
+ $data = $con;
549
+
550
+ }
551
+
552
+ else
553
+ {
554
+ $content = explode('?>', $file);
555
+ $file = $content[0];
556
+ $file .= PHP_EOL;
557
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
558
+ $file .='?>';
559
+ file_put_contents($fileName,$file);
560
+ $data = $file;
561
+ }
562
+
563
+ if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
564
+ {
565
+ update_option('actionRateL',1);
566
+
567
+ $file = $data;
568
+ if(strpos($file, 'actionRateL')!=false)
569
+ {
570
+ $content = explode(PHP_EOL, $file);
571
+ $con = '';
572
+ foreach ($content as $line => $lineV) {
573
+ if(strpos($lineV, 'actionRateL')!=false)
574
+ {
575
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
576
+ }
577
+ else
578
+ {
579
+ $con .= $lineV.PHP_EOL;
580
+ }
581
+ }
582
+ file_put_contents($fileName,$con);
583
+ }
584
+ else
585
+ {
586
+ $content = explode('?>', $file);
587
+ $file = $content[0];
588
+ $file .= PHP_EOL;
589
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
590
+ $file .='?>';
591
+ file_put_contents($fileName,$file);
592
+ $file = $data;
593
+ }
594
+ }
595
+ else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
596
+ {
597
+
598
+ $file = $data;
599
+ update_option('actionRateL',0);
600
+ if(strpos($file, 'actionRateL')!=false)
601
+ {
602
+ $content = explode(PHP_EOL, $file);
603
+ $con = '';
604
+ foreach ($content as $line => $lineV) {
605
+ if(strpos($lineV, 'actionRateL')!=false)
606
+ {
607
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
608
+ }
609
+ else
610
+ {
611
+ $con .= $lineV.PHP_EOL;
612
+ }
613
+ }
614
+ file_put_contents($fileName,$con);
615
+ }
616
+ else
617
+ {
618
+ $content = explode('?>', $file);
619
+ $file = $content[0];
620
+ $file .= PHP_EOL;
621
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
622
+ $file .='?>';
623
+ file_put_contents($fileName,$file);
624
+ }
625
+ }
626
+
627
+ }
628
+ exit;
629
+ }
630
+
631
+
632
+
633
+ }
634
+ echo("Error");
635
+ exit;
636
+ }
637
+
638
+
639
+ }
640
+
641
+ private function saveWAF()
642
+ {
643
+ if(isset($_POST['pluginWAF']))
644
+ {
645
+ if($_POST['pluginWAF']=='on')
646
+ {
647
+ update_option('WAF','PluginLevel');
648
+ update_option('WAFEnabled','1');
649
+ echo("PWAFenabled");exit;
650
+ }
651
+ }
652
+ else
653
+ {
654
+ update_option('WAFEnabled','0');
655
+ update_option('WAF','wafDisable');
656
+ echo("PWAFdisabled");exit;
657
+ }
658
+ }
659
+ private function saveHWAF()
660
+ {
661
+ if(!function_exists('mysqli_connect'))
662
+ {
663
+ echo "mysqliDoesNotExit";
664
+ exit;
665
+ }
666
+ if(isset($_POST['htaccessWAF']))
667
+ {
668
+ if($_POST['htaccessWAF']=='on')
669
+ {
670
+ update_option('WAF','HtaccessLevel');
671
+ update_option('WAFEnabled','1');
672
+ $dir_name = dirname(__FILE__);
673
+ $dirN = $dir_name;
674
+ $dirN = str_replace('\\', '/', $dirN);
675
+ $dirN = str_replace('controllers', 'handler', $dirN);
676
+
677
+ $dir_name1 = explode('wp-content', $dir_name);
678
+ $dir_name = $dir_name1[0];
679
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
680
+ $dir_name .='.htaccess';
681
+ $file = file_get_contents($dir_name);
682
+ if(strpos($file, 'php_value auto_prepend_file')!=false)
683
+ {
684
+ echo("WAFConflicts");
685
+ exit;
686
+ }
687
+
688
+ $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
689
+ $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
690
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
691
+ file_put_contents($dir_name, $cont);
692
+
693
+ $filecontent = file_get_contents($dir_name);
694
+
695
+ $dir_name = dirname(__FILE__);
696
+ $dir_name1 = explode('wp-content', $dir_name);
697
+ $dir_name = $dir_name1[0];
698
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
699
+ $fileName = $filepath.'mo-check.php';
700
+ $file = fopen($fileName, 'w+');
701
+ $dir_name = dirname(__FILE__);
702
+ $filepath = str_replace('\\', '/', $dir_name);
703
+ $filepath = explode('controllers', $filepath);
704
+ $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
705
+
706
+ $string = '<?php'.PHP_EOL;
707
+ $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
708
+ $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
709
+ $string .= '?>'.PHP_EOL;
710
+
711
+ fwrite($file, $string);
712
+ fclose($file);
713
+
714
+ if(strpos($filecontent,'mo-check.php')!=false)
715
+ {
716
+ echo "HWAFEnabled";
717
+ exit;
718
+ }
719
+ else
720
+ {
721
+ echo "HWAFEnabledFailed";
722
+ exit;
723
+ }
724
+ }
725
+ }
726
+ else
727
+ {
728
+ update_option('WAF','wafDisable');
729
+ if(isset($_POST['pluginWAF']))
730
+ {
731
+ if($_POST['pluginWAF'] == 'on')
732
+ {
733
+ update_option('WAFEnabled',1);
734
+ update_option('WAF','PluginLevel');
735
+ }
736
+ }
737
+ else
738
+ update_option('WAFEnabled',0);
739
+ $dir_name = dirname(__FILE__);
740
+ $dirN = $dir_name;
741
+ $dirN = str_replace('\\', '/', $dirN);
742
+ $dirN = explode('wp-content', $dirN);
743
+ $dir_name1 = explode('wp-content', $dir_name);
744
+ $dir_name = $dir_name1[0];
745
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
746
+ $dir_name00 = $dir_name1;
747
+ $dir_name1 .='.htaccess';
748
+ $file = file_get_contents($dir_name1);
749
+
750
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
751
+ $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
752
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
753
+ $file =str_replace($cont,'',$file);
754
+ file_put_contents($dir_name1, $file);
755
+
756
+ $filecontent = file_get_contents($dir_name1);
757
+ if(strpos($filecontent,'mo-check.php')==false)
758
+ {
759
+ echo "HWAFdisabled";
760
+ exit;
761
+ }
762
+ else
763
+ {
764
+ echo "HWAFdisabledFailed";
765
+ exit;
766
+ }
767
+ }
768
+
769
+
770
+ }
771
+ private function savesql()
772
+ {
773
+ if(isset($_POST['SQL']))
774
+ {
775
+ if($_POST['SQL']=='on')
776
+ {
777
+ update_option('SQLInjection',1);
778
+ $dir_name = dirname(__FILE__);
779
+ $dir_name1 = explode('wp-content', $dir_name);
780
+ $dir_name = $dir_name1[0];
781
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
782
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
783
+
784
+ $file = file_get_contents($fileName);
785
+ if(strpos($file, 'SQL')!=false)
786
+ {
787
+ $file = str_replace('$SQL=0;', '$SQL=1;', $file);
788
+ file_put_contents($fileName,$file);
789
+ }
790
+ else
791
+ {
792
+ $content = explode('?>', $file);
793
+ $file = $content[0];
794
+ $file .= PHP_EOL;
795
+ $file .= '$SQL=1;'.PHP_EOL;
796
+ $file .='?>';
797
+ file_put_contents($fileName,$file);
798
+ }
799
+ echo("SQLenable");
800
+ exit;
801
+
802
+ }
803
+ }
804
+ else
805
+ {
806
+ update_option('SQLInjection',0);
807
+
808
+ $dir_name = dirname(__FILE__);
809
+ $dir_name1 = explode('wp-content', $dir_name);
810
+ $dir_name = $dir_name1[0];
811
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
812
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
813
+
814
+ $file = file_get_contents($fileName);
815
+ if(strpos($file, '$SQL')!=false)
816
+ {
817
+ $file = str_replace('$SQL=1;', '$SQL=0;', $file);
818
+ file_put_contents($fileName,$file);
819
+ }
820
+ else
821
+ {
822
+ $content = explode('?>', $file);
823
+ $file = $content[0];
824
+ $file .= PHP_EOL;
825
+ $file .= '$SQL=0;'.PHP_EOL;
826
+ $file .='?>';
827
+ file_put_contents($fileName,$file);
828
+ }
829
+
830
+ echo("SQLdisable");
831
+ exit;
832
+
833
+ }
834
+
835
+ }
836
+ private function saverce()
837
+ {
838
+ if(isset($_POST['RCE']))
839
+ {
840
+ if($_POST['RCE']=='on')
841
+ {
842
+ update_option('RCEAttack',1);
843
+
844
+ $dir_name = dirname(__FILE__);
845
+ $dir_name1 = explode('wp-content', $dir_name);
846
+ $dir_name = $dir_name1[0];
847
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
848
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
849
+
850
+ $file = file_get_contents($fileName);
851
+ if(strpos($file, 'RCE')!=false)
852
+ {
853
+ $file = str_replace('$RCE=0;', '$RCE=1;', $file);
854
+ file_put_contents($fileName,$file);
855
+ }
856
+ else
857
+ {
858
+ $content = explode('?>', $file);
859
+ $file = $content[0];
860
+ $file .= PHP_EOL;
861
+ $file .= '$RCE=1;'.PHP_EOL;
862
+ $file .='?>';
863
+ file_put_contents($fileName,$file);
864
+ }
865
+ echo("RCEenable");
866
+ exit;
867
+ }
868
+ }
869
+ else
870
+ {
871
+ update_option('RCEAttack',0);
872
+
873
+ $dir_name = dirname(__FILE__);
874
+ $dir_name1 = explode('wp-content', $dir_name);
875
+ $dir_name = $dir_name1[0];
876
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
877
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
878
+
879
+ $file = file_get_contents($fileName);
880
+ if(strpos($file, '$RCE')!=false)
881
+ {
882
+ $file = str_replace('$RCE=1;', '$RCE=0;', $file);
883
+ file_put_contents($fileName,$file);
884
+ }
885
+ else
886
+ {
887
+ $content = explode('?>', $file);
888
+ $file = $content[0];
889
+ $file .= PHP_EOL;
890
+ $file .= '$RCE=0;'.PHP_EOL;
891
+ $file .='?>';
892
+ file_put_contents($fileName,$file);
893
+ }
894
+ echo("RCEdisable");
895
+ exit;
896
+
897
+ }
898
+
899
+ }
900
+ private function savexss()
901
+ {
902
+ if(isset($_POST['XSS']))
903
+ {
904
+ if($_POST['XSS']=='on')
905
+ {
906
+ update_option('XSSAttack',1);
907
+ $dir_name = dirname(__FILE__);
908
+ $dir_name1 = explode('wp-content', $dir_name);
909
+ $dir_name = $dir_name1[0];
910
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
911
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
912
+
913
+ $file = file_get_contents($fileName);
914
+ if(strpos($file, 'XSS')!=false)
915
+ {
916
+ $file = str_replace('$XSS=0;', '$XSS=1;', $file);
917
+ file_put_contents($fileName,$file);
918
+ }
919
+ else
920
+ {
921
+ $content = explode('?>', $file);
922
+ $file = $content[0];
923
+ $file .= PHP_EOL;
924
+ $file .= '$XSS=1;'.PHP_EOL;
925
+ $file .='?>';
926
+ file_put_contents($fileName,$file);
927
+ }
928
+ echo("XSSenable");
929
+ exit;
930
+ }
931
+ }
932
+ else
933
+ {
934
+ update_option('XSSAttack',0);
935
+ $dir_name = dirname(__FILE__);
936
+ $dir_name1 = explode('wp-content', $dir_name);
937
+ $dir_name = $dir_name1[0];
938
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
939
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
940
+
941
+ $file = file_get_contents($fileName);
942
+ if(strpos($file, '$XSS')!=false)
943
+ {
944
+ $file = str_replace('$XSS=1;', '$XSS=0;', $file);
945
+ file_put_contents($fileName,$file);
946
+ }
947
+ else
948
+ {
949
+ $content = explode('?>', $file);
950
+ $file = $content[0];
951
+ $file .= PHP_EOL;
952
+ $file .= '$XSS=0;'.PHP_EOL;
953
+ $file .='?>';
954
+ file_put_contents($fileName,$file);
955
+ }
956
+ echo("XSSdisable");
957
+ exit;
958
+ }
959
+
960
+ }
961
+ private function savelfi()
962
+ {
963
+ if(isset($_POST['LFI']))
964
+ {
965
+ if($_POST['LFI']=='on')
966
+ {
967
+ update_option('LFIAttack',1);
968
+ $dir_name = dirname(__FILE__);
969
+ $dir_name1 = explode('wp-content', $dir_name);
970
+ $dir_name = $dir_name1[0];
971
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
972
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
973
+
974
+ $file = file_get_contents($fileName);
975
+ if(strpos($file, 'LFI')!=false)
976
+ {
977
+ $file = str_replace("LFI=0;", "LFI=1;", $file);
978
+ file_put_contents($fileName,$file);
979
+ }
980
+ else
981
+ {
982
+ $content = explode('?>', $file);
983
+ $file = $content[0];
984
+ $file .= PHP_EOL;
985
+ $file .= '$LFI=1;'.PHP_EOL;
986
+ $file .='?>';
987
+ file_put_contents($fileName,$file);
988
+ }
989
+ $file = file_get_contents($fileName);
990
+
991
+ echo("LFIenable");
992
+ exit;
993
+ }
994
+ }
995
+ else
996
+ {
997
+ update_option('LFIAttack',0);
998
+ $dir_name = dirname(__FILE__);
999
+ $dir_name1 = explode('wp-content', $dir_name);
1000
+ $dir_name = $dir_name1[0];
1001
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1002
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1003
+
1004
+ $file = file_get_contents($fileName);
1005
+ if(strpos($file, '$LFI')!=false)
1006
+ {
1007
+ $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1008
+ file_put_contents($fileName,$file);
1009
+ }
1010
+ else
1011
+ {
1012
+ $content = explode('?>', $file);
1013
+ $file = $content[0];
1014
+ $file .= PHP_EOL;
1015
+ $file .= '$LFI=0;'.PHP_EOL;
1016
+ $file .='?>';
1017
+ file_put_contents($fileName,$file);
1018
+ }
1019
+ echo("LFIdisable");
1020
+ exit;
1021
+ }
1022
+
1023
+ }
1024
+ private function saverfi()
1025
+ {
1026
+ if(isset($_POST['RFI']))
1027
+ {
1028
+ if($_POST['RFI']=='on')
1029
+ {
1030
+ update_option('RFIAttack',1);
1031
+ $dir_name = dirname(__FILE__);
1032
+ $dir_name1 = explode('wp-content', $dir_name);
1033
+ $dir_name = $dir_name1[0];
1034
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1035
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1036
+
1037
+ $file = file_get_contents($fileName);
1038
+ if(strpos($file, 'RFI')!=false)
1039
+ {
1040
+ $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1041
+ file_put_contents($fileName,$file);
1042
+ }
1043
+ else
1044
+ {
1045
+ $content = explode('?>', $file);
1046
+ $file = $content[0];
1047
+ $file .= PHP_EOL;
1048
+ $file .= '$RFI=1;'.PHP_EOL;
1049
+ $file .='?>';
1050
+ file_put_contents($fileName,$file);
1051
+ }
1052
+ echo("RFIenable");
1053
+ exit;
1054
+ }
1055
+ }
1056
+ else
1057
+ {
1058
+ update_option('RFIAttack',0);
1059
+ $dir_name = dirname(__FILE__);
1060
+ $dir_name1 = explode('wp-content', $dir_name);
1061
+ $dir_name = $dir_name1[0];
1062
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1063
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1064
+
1065
+ $file = file_get_contents($fileName);
1066
+ if(strpos($file, '$RFI')!=false)
1067
+ {
1068
+ $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1069
+ file_put_contents($fileName,$file);
1070
+ }
1071
+ else
1072
+ {
1073
+ $content = explode('?>', $file);
1074
+ $file = $content[0];
1075
+ $file .= PHP_EOL;
1076
+ $file .= '$RFI=0;'.PHP_EOL;
1077
+ $file .='?>';
1078
+ file_put_contents($fileName,$file);
1079
+ }
1080
+ echo("RFIdisable");
1081
+ exit;
1082
+ }
1083
+
1084
+ }
1085
+ private function saveRateL()
1086
+ {
1087
+
1088
+ if($_POST['time']!='' && $_POST['req']!='')
1089
+ {
1090
+ if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1091
+ {
1092
+ $dir_name = dirname(__FILE__);
1093
+ $dir_name1 = explode('wp-content', $dir_name);
1094
+ $dir_name = $dir_name1[0];
1095
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1096
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1097
+
1098
+ $file = file_get_contents($fileName);
1099
+ $data = $file;
1100
+ $time = sanitize_text_field($_POST['time']);
1101
+ $req = sanitize_text_field($_POST['req']);
1102
+ if($time>0 && $req >0)
1103
+ {
1104
+ update_option('Rate_time',$time);
1105
+ update_option('Rate_request',$req);
1106
+ update_option('Rate_limiting','1');
1107
+
1108
+ if(strpos($file, 'RateLimiting')!=false)
1109
+ {
1110
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1111
+ $data = $file;
1112
+ file_put_contents($fileName,$file);
1113
+ }
1114
+ else
1115
+ {
1116
+ $content = explode('?>', $file);
1117
+ $file = $content[0];
1118
+ $file .= PHP_EOL;
1119
+ $file .= '$RateLimiting=1;'.PHP_EOL;
1120
+ $file .='?>';
1121
+ file_put_contents($fileName,$file);
1122
+ $data = $file;
1123
+ }
1124
+
1125
+ $file = $data;
1126
+ if(strpos($file, 'RequestsPMin')!=false)
1127
+ {
1128
+ $content = explode(PHP_EOL, $file);
1129
+ $con = '';
1130
+ $len = sizeof($content);
1131
+
1132
+ for($i=0;$i<$len;$i++)
1133
+ {
1134
+ if(strpos($content[$i], 'RequestsPMin')!=false)
1135
+ {
1136
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1137
+ }
1138
+ else
1139
+ {
1140
+ $con .= $content[$i].PHP_EOL;
1141
+ }
1142
+ }
1143
+
1144
+ file_put_contents($fileName,$con);
1145
+ $data = $con;
1146
+
1147
+ }
1148
+
1149
+ else
1150
+ {
1151
+ $content = explode('?>', $file);
1152
+ $file = $content[0];
1153
+ $file .= PHP_EOL;
1154
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1155
+ $file .='?>';
1156
+ file_put_contents($fileName,$file);
1157
+ $data = $file;
1158
+ }
1159
+
1160
+
1161
+
1162
+ if($_POST['action']=='BlockIP')
1163
+ {
1164
+ update_option('actionRateL',1);
1165
+
1166
+ $file = $data;
1167
+ if(strpos($file, 'actionRateL')!=false)
1168
+ {
1169
+ $content = explode(PHP_EOL, $file);
1170
+ $con = '';
1171
+ foreach ($content as $line => $lineV) {
1172
+ if(strpos($lineV, 'actionRateL')!=false)
1173
+ {
1174
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
1175
+ }
1176
+ else
1177
+ {
1178
+ $con .= $lineV.PHP_EOL;
1179
+ }
1180
+ }
1181
+ file_put_contents($fileName,$con);
1182
+ }
1183
+ else
1184
+ {
1185
+ $content = explode('?>', $file);
1186
+ $file = $content[0];
1187
+ $file .= PHP_EOL;
1188
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1189
+ $file .='?>';
1190
+ file_put_contents($fileName,$file);
1191
+ $file = $data;
1192
+ }
1193
+ }
1194
+ elseif($_POST['action']=='ThrottleIP')
1195
+ {
1196
+ $file = $data;
1197
+ update_option('actionRateL',0);
1198
+ if(strpos($file, 'actionRateL')!=false)
1199
+ {
1200
+ $content = explode(PHP_EOL, $file);
1201
+ $con = '';
1202
+ foreach ($content as $line => $lineV) {
1203
+ if(strpos($lineV, 'actionRateL')!=false)
1204
+ {
1205
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1206
+ }
1207
+ else
1208
+ {
1209
+ $con .= $lineV.PHP_EOL;
1210
+ }
1211
+ }
1212
+ file_put_contents($fileName,$con);
1213
+ }
1214
+ else
1215
+ {
1216
+ $content = explode('?>', $file);
1217
+ $file = $content[0];
1218
+ $file .= PHP_EOL;
1219
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1220
+ $file .='?>';
1221
+ file_put_contents($fileName,$file);
1222
+ }
1223
+ }
1224
+
1225
+ }
1226
+
1227
+ }
1228
+
1229
+ }
1230
+
1231
+ }
1232
+ private function disableRL()
1233
+ {
1234
+ update_option('Rate_limiting',0);
1235
+
1236
+ $dir_name = dirname(__FILE__);
1237
+ $dir_name1 = explode('wp-content', $dir_name);
1238
+ $dir_name = $dir_name1[0];
1239
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1240
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1241
+ $file = file_get_contents($fileName);
1242
+
1243
+ if(strpos($file, 'RateLimiting')!=false)
1244
+ {
1245
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1246
+ file_put_contents($fileName,$file);
1247
+ }
1248
+ else
1249
+ {
1250
+ $content = explode('?>', $file);
1251
+ $file = $content[0];
1252
+ $file .= PHP_EOL;
1253
+ $file .= '$RateLimiting=0;'.PHP_EOL;
1254
+ $file .='?>';
1255
+ file_put_contents($fileName,$file);
1256
+ }
1257
+
1258
+ }
1259
+ private function backupHtaccess()
1260
+ {
1261
+ if(isset($_POST['htaccessWAF']))
1262
+ {
1263
+ if($_POST['htaccessWAF']=='on')
1264
+ {
1265
+ $dir_name = dirname(__FILE__);
1266
+ $dirN = $dir_name;
1267
+ $dirN = str_replace('\\', '/', $dirN);
1268
+ $dir_name1 = explode('wp-content', $dir_name);
1269
+ $dir_name = $dir_name1[0];
1270
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1271
+ $dir_name =$dir_name1.'.htaccess';
1272
+ $file = file_get_contents($dir_name);
1273
+ $dir_backup = $dir_name1.'htaccess';
1274
+ $handle = fopen($dir_backup, 'c+');
1275
+ fwrite($handle,$file);
1276
+ }
1277
+ }
1278
+ }
1279
+ private function limitAttack()
1280
+ {
1281
+ if(isset($_POST['limitAttack']))
1282
+ {
1283
+ $value = sanitize_text_field($_POST['limitAttack']);
1284
+ if($value>1)
1285
+ {
1286
+ update_option('limitAttack',$value);
1287
+ echo "limitSaved";
1288
+ exit;
1289
+ }
1290
+ else
1291
+ {
1292
+ echo "limitIsLT1";
1293
+ exit;
1294
+ }
1295
+
1296
+ }
1297
+ }
1298
+
1299
+
1300
+
1301
+ function wpns_captcha_settings(){
1302
+
1303
+ $nonce=sanitize_text_field($_POST['nonce']);
1304
+ if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1305
+ wp_send_json('ERROR');
1306
+ return;
1307
+ }
1308
+
1309
+ $site_key = sanitize_text_field($_POST['site_key']);
1310
+ $secret_key = sanitize_text_field($_POST['secret_key']);
1311
+ $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1312
+ $login_form_captcha = sanitize_text_field($_POST['login_form']);
1313
+ $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1314
+
1315
+ if((isset($_POST['version'])))
1316
+ {
1317
+ $mo2f_g_version = sanitize_text_field($_POST['version']);
1318
+ }
1319
+ else $mo2f_g_version='reCAPTCHA_v3';
1320
+
1321
+ if($enable_captcha == 'true') $enable_captcha = "on";
1322
+ else if($enable_captcha == 'false') $enable_captcha = "";
1323
+
1324
+ if($login_form_captcha == 'true') $login_form_captcha = "on";
1325
+ else if($login_form_captcha == 'false') $login_form_captcha = "";
1326
+
1327
+ if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1328
+ else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1329
+
1330
+ if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1331
+ wp_send_json('empty');
1332
+ return;
1333
+ }
1334
+
1335
+
1336
+ if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1337
+ wp_send_json('version_select');
1338
+ return;
1339
+ }
1340
+ if($mo2f_g_version=='reCAPTCHA_v2')
1341
+ {
1342
+
1343
+ update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1344
+ update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1345
+ }
1346
+ if($mo2f_g_version=='reCAPTCHA_v3')
1347
+ {
1348
+
1349
+ update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1350
+ update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1351
+ }
1352
+
1353
+ update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1354
+ update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1355
+
1356
+
1357
+ if($enable_captcha == "on"){
1358
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1359
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1360
+ update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1361
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1362
+ update_site_option('recaptcha_notification_option',1);
1363
+ wp_send_json('true');
1364
+ }
1365
+ else if($enable_captcha == ""){
1366
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1367
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1368
+ update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1369
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1370
+ wp_send_json('false');
1371
+ }
1372
+
1373
+ }
1374
+
1375
+ function wpns_strong_password_settings(){
1376
+ $nonce = $_POST['nonce'];
1377
+ if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1378
+ wp_send_json('ERROR');
1379
+ return;
1380
+ }
1381
+ $enable_strong_pass = $_POST['enable_strong_pass'];
1382
+ if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1383
+ $strong_pass_accounts = $_POST['accounts_strong_pass'];
1384
+ update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1385
+ update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1386
+ if($enable_strong_pass){
1387
+ update_option('mo_wpns_enable_rename_login_url',"");
1388
+ wp_send_json('true');
1389
+ }
1390
+ else{
1391
+ wp_send_json('false');
1392
+ }
1393
+ }
1394
+
1395
+ }
1396
+ new wpns_ajax;
1397
+
1398
+ ?>
database/database_functions.php CHANGED
@@ -1,873 +1,873 @@
1
- <?php
2
-
3
- require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
-
5
- class MoWpnsDB
6
- {
7
- private $transactionTable;
8
- private $blockedIPsTable;
9
- private $whitelistIPsTable;
10
- private $emailAuditTable;
11
- private $malwarereportTable;
12
- private $scanreportdetails;
13
- private $skipfiles;
14
- private $hashfile;
15
-
16
- function __construct()
17
- {
18
- global $wpdb;
19
- $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
- $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
- $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
- $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
- $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
- $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
- $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
- $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
- $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
- $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
- $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
- $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
- $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
- }
33
-
34
- function mo_plugin_activate()
35
- {
36
- global $wpdb;
37
- if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
- $this->generate_tables();
40
- } else {
41
- $current_db_version = get_option('mo_wpns_dbversion');
42
- if($current_db_version < MoWpnsConstants::DB_VERSION){
43
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
-
45
- }
46
- }
47
- }
48
-
49
- function generate_tables(){
50
- global $wpdb;
51
-
52
- $tableName = $this->transactionTable;
53
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
- {
55
- $sql = "CREATE TABLE " . $tableName . " (
56
- `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
- `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
- dbDelta($sql);
59
- }
60
-
61
- $tableName = $this->blockedIPsTable;
62
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
- {
64
- $sql = "CREATE TABLE " . $tableName . " (
65
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
- `created_timestamp` int, UNIQUE KEY id (id) );";
67
- dbDelta($sql);
68
- }
69
-
70
-
71
- $tableName = $this->whitelistIPsTable;
72
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
- {
74
- $sql = "CREATE TABLE " . $tableName . " (
75
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
- dbDelta($sql);
77
- }
78
-
79
- $tableName = $this->backupdetails;
80
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
- {
82
- $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
- `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
- dbDelta($sql);
85
- }
86
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
- if(is_null($result)){
88
- $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
- $results1 = $wpdb->query($sql);
90
- }
91
-
92
- $tableName = $this->emailAuditTable;
93
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
- {
95
- $sql = "CREATE TABLE " . $tableName . " (
96
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
- dbDelta($sql);
98
- }
99
- $tableName = $this->IPrateDetails;
100
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
- {
102
- $sql = "CREATE TABLE " . $tableName . " (
103
- ip varchar(20) , time bigint );";
104
- dbDelta($sql);
105
- }
106
-
107
- $tableName = $this->attackLogs;
108
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
- {
110
- $sql = "create table ". $tableName ." (
111
- ip varchar(20),
112
- type varchar(20),
113
- time bigint,
114
- input mediumtext );";
115
- //dbDelta($sql);
116
- $results = $wpdb->get_results($sql);
117
-
118
- }
119
- $tableName = $this->malwarereportTable;
120
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
- {
122
- $sql = "CREATE TABLE " . $tableName . " (
123
- `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
- dbDelta($sql);
125
- }
126
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
- if(is_null($result)){
128
- $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
- $results1 = $wpdb->query($sql);
130
- $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
- $resluts = $wpdb->query($sql1);
132
- }
133
-
134
-
135
- $tableName = $this->scanreportdetails;
136
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
- {
138
- $sql = "CREATE TABLE " . $tableName . " (
139
- `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
- dbDelta($sql);
141
- }
142
-
143
- $tableName = $this->skipfiles;
144
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
- {
146
- $sql = "CREATE TABLE " . $tableName . " (
147
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
- dbDelta($sql);
149
- }
150
-
151
- $tableName = $this->filescan;
152
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
- {
154
- $sql = "CREATE TABLE " . $tableName . " (
155
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
- dbDelta($sql);
157
- }
158
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
- if(is_null($result)){
160
- $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
- $results1 = $wpdb->query($sql);
162
- }
163
-
164
- $tableName = $this->hashfile;
165
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
- {
167
- $sql = "CREATE TABLE " . $tableName . " (
168
- `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
- dbDelta($sql);
170
- }
171
-
172
- $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
- $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
- $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
- if(empty($row1) && empty($row1) && empty($row1)){
176
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
- if($result){
178
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
- foreach ($report_ids as $key => $value) {
180
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
- $result = $this->mo_wpns_get_scan_count($scan_detail);
182
- $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
- }
184
- }
185
- }
186
- $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
- if(empty($rowhash)){
188
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
- }
190
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
- if(empty($result)){
192
- $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
- $results1 = $wpdb->query($sql);
194
- $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
- $resluts = $wpdb->query($sql1);
196
- }
197
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
- if(empty($result)){
199
- $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
- $results1 = $wpdb->query($sql);
201
- $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
- $resluts = $wpdb->query($sql1);
203
- }
204
- }
205
-
206
- function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
- global $wpdb;
208
- $wpdb->insert(
209
- $this->backupdetails,
210
- array(
211
- 'backup_id' =>$backup_id,
212
- 'file_name' =>$file_name,
213
- 'created_timestamp'=> $backup_created_timestamp,
214
- 'plugin_path' => $plugin_path
215
- ));
216
- }
217
-
218
- function get_table_content(){
219
- global $wpdb;
220
- return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
- }
222
-
223
- function get_number_of_plugin_backup(){
224
- global $wpdb;
225
-
226
- $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
- $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
- $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
- $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
- $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
- $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
-
233
- return $array;
234
- }
235
-
236
- function delete_file($id){
237
- global $wpdb;
238
- $wpdb->query(
239
- "DELETE FROM ".$this->backupdetails."
240
- WHERE id = ".$id
241
- );
242
- return;
243
- }
244
-
245
- function row_exist($id){
246
- global $wpdb;
247
- $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
- return $is_exist;
249
- }
250
-
251
- function get_ip_blocked_count($ipAddress)
252
- {
253
- global $wpdb;
254
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
- }
256
- function get_total_blocked_ips()
257
- {
258
- global $wpdb;
259
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
- }
261
- function get_total_manual_blocked_ips()
262
- {
263
- global $wpdb;
264
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
- }
266
- function get_total_blocked_ips_waf()
267
- {
268
- global $wpdb;
269
- $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
- return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
- }
272
- function get_blocked_attack_count($attack)
273
- {
274
- global $wpdb;
275
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
- }
277
-
278
- function get_count_of_blocked_ips(){
279
- global $wpdb;
280
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
- }
282
-
283
-
284
- function get_blocked_ip($entryid)
285
- {
286
- global $wpdb;
287
- return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
- }
289
-
290
- function get_blocked_ip_list()
291
- {
292
- global $wpdb;
293
- return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
- }
295
-
296
- function get_blocked_ips_realtime()
297
- {
298
- global $wpdb;
299
- return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
- }
301
- function get_blocked_attack_list($tableName)
302
- {
303
- global $wpdb;
304
- $tableName = $wpdb->base_prefix.$tableName;
305
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
- }
307
-
308
- function get_blocked_sqli_list()
309
- {
310
- global $wpdb;
311
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
- }
313
- function get_blocked_rfi_list()
314
- {
315
- global $wpdb;
316
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
- }
318
- function get_blocked_lfi_list()
319
- {
320
- global $wpdb;
321
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
- }
323
- function get_blocked_rce_list()
324
- {
325
- global $wpdb;
326
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
- }
328
- function get_blocked_xss_list()
329
- {
330
- global $wpdb;
331
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
- }
333
-
334
- function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
- {
336
- global $wpdb;
337
- $wpdb->insert(
338
- $this->blockedIPsTable,
339
- array(
340
- 'ip_address' => $ipAddress,
341
- 'reason' => $reason,
342
- 'blocked_for_time' => $blocked_for_time,
343
- 'created_timestamp' => current_time( 'timestamp' )
344
- )
345
- );
346
- return;
347
- }
348
-
349
- function delete_blocked_ip($entryid)
350
- {
351
- global $wpdb;
352
- $wpdb->query(
353
- "DELETE FROM ".$this->blockedIPsTable."
354
- WHERE id = ".$entryid
355
- );
356
- return;
357
- }
358
-
359
- function get_whitelisted_ip_count($ipAddress)
360
- {
361
- global $wpdb;
362
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
- }
364
-
365
- function insert_whitelisted_ip($ipAddress)
366
- {
367
- global $wpdb;
368
- $wpdb->insert(
369
- $this->whitelistIPsTable,
370
- array(
371
- 'ip_address' => $ipAddress,
372
- 'created_timestamp' => current_time( 'timestamp' )
373
- )
374
- );
375
- }
376
-
377
- function get_number_of_whitelisted_ips(){
378
- global $wpdb;
379
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
- }
381
-
382
- function delete_whitelisted_ip($entryid)
383
- {
384
- global $wpdb;
385
- $wpdb->query(
386
- "DELETE FROM ".$this->whitelistIPsTable."
387
- WHERE id = ".$entryid
388
- );
389
- return;
390
- }
391
-
392
- function get_whitelisted_ips_list()
393
- {
394
- global $wpdb;
395
- return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
- }
397
-
398
- function get_email_audit_count($ipAddress,$username)
399
- {
400
- global $wpdb;
401
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
- username='".$username."'" );
403
- }
404
-
405
- function insert_email_audit($ipAddress,$username,$reason)
406
- {
407
- global $wpdb;
408
- $wpdb->insert(
409
- $this->emailAuditTable,
410
- array(
411
- 'ip_address' => $ipAddress,
412
- 'username' => $username,
413
- 'reason' => $reason,
414
- 'created_timestamp' => current_time( 'timestamp' )
415
- )
416
- );
417
- return;
418
- }
419
-
420
- function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
- {
422
- global $wpdb;
423
- $data = array(
424
- 'ip_address' => $ipAddress,
425
- 'username' => $username,
426
- 'type' => $type,
427
- 'status' => $status,
428
- 'created_timestamp' => current_time( 'timestamp' )
429
- );
430
- $data['url'] = is_null($url) ? '' : $url;
431
- $wpdb->insert( $this->transactionTable, $data);
432
- return;
433
- }
434
-
435
- function get_transasction_list()
436
- {
437
- global $wpdb;
438
- return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
439
- }
440
-
441
- function get_login_transaction_report()
442
- {
443
- global $wpdb;
444
- return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
445
- }
446
-
447
- function get_error_transaction_report()
448
- {
449
- global $wpdb;
450
- return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
451
- }
452
-
453
- function update_transaction_table($where,$update)
454
- {
455
- global $wpdb;
456
-
457
- $sql = "UPDATE ".$this->transactionTable." SET ";
458
- $i = 0;
459
- foreach($update as $key=>$value)
460
- {
461
- if($i%2!=0)
462
- $sql .= ' , ';
463
- $sql .= $key."='".$value."'";
464
- $i++;
465
- }
466
- $sql .= " WHERE ";
467
- $i = 0;
468
- foreach($where as $key=>$value)
469
- {
470
- if($i%2!=0)
471
- $sql .= ' AND ';
472
- $sql .= $key."='".$value."'";
473
- $i++;
474
- }
475
-
476
- $wpdb->query($sql);
477
- return;
478
- }
479
-
480
- function get_count_of_attacks_blocked(){
481
- global $wpdb;
482
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
483
- }
484
-
485
- function get_failed_transaction_count($ipAddress)
486
- {
487
- global $wpdb;
488
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
489
- AND status = '".MoWpnsConstants::FAILED."'" );
490
- }
491
-
492
- function delete_transaction($ipAddress)
493
- {
494
- global $wpdb;
495
- $wpdb->query(
496
- "DELETE FROM ".$this->transactionTable."
497
- WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
498
- );
499
- return;
500
- }
501
-
502
- function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
503
- global $wpdb;
504
- $wpdb->insert(
505
- $this->malwarereportTable,
506
- array(
507
- 'scan_mode' => $scan_type,
508
- 'scanned_folders' => $folderNames,
509
- 'scanned_files' => 0,
510
- 'start_timestamp' => $start_timestamp,
511
- 'malware_count' => 0,
512
- 'repo_issues' => $repo_check_status_code,
513
- 'malicious_links' => 0
514
- )
515
- );
516
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
517
- if($result){
518
- $record = $result[0];
519
- return $record->id;
520
- }
521
- }
522
-
523
- function mo2f_update_net_issue($reportid){
524
- global $wpdb;
525
- $wpdb->update(
526
- $this->malwarereportTable,
527
- array(
528
- 'net_connection' => 1
529
- ),
530
- array(
531
- 'id' => $reportid
532
- )
533
- );
534
- }
535
-
536
- function mo2f_update_repo_issue($reportid, $issue){
537
- global $wpdb;
538
- $wpdb->update(
539
- $this->malwarereportTable,
540
- array(
541
- 'repo_key' => $issue
542
- ),
543
- array(
544
- 'id' => $reportid
545
- )
546
- );
547
- }
548
-
549
- function add_report_details($reportid, $filename, $report){
550
- global $wpdb;
551
- $wpdb->insert(
552
- $this->scanreportdetails,
553
- array(
554
- 'report_id' => $reportid,
555
- 'filename' => $filename,
556
- 'report' => serialize($report),
557
- 'created_timestamp' => current_time('timestamp')
558
- )
559
- );
560
- }
561
-
562
- function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
563
- global $wpdb;
564
- $wpdb->query(
565
- "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
566
- );
567
- }
568
-
569
- function count_files(){
570
- global $wpdb;
571
- $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
572
- return $sql[0]->scan_count;
573
- }
574
-
575
- function count_malicious_files(){
576
- global $wpdb;
577
- $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
578
- return $sql[0]->total_mal;
579
- }
580
-
581
- function count_files_last_scan($reportid){
582
- global $wpdb;
583
- $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
584
- return $sql[0]->scanned_files;
585
- }
586
-
587
- function count_malicious_last_scan($reportid){
588
- global $wpdb;
589
- $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
590
- return $sql[0]->mal_file;
591
- }
592
-
593
- function check_hash($hash_of_file){
594
- global $wpdb;
595
- $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
596
- $result=$wpdb->get_results( $sql );
597
- return $result;
598
- }
599
-
600
- function insert_hash($source_file_path,$hash_of_file, $scan_data){
601
- global $wpdb;
602
- $source_file_path = addslashes($source_file_path);
603
- $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
604
- $res=$wpdb->query( $query );
605
- }
606
-
607
- function update_hash($source_file_path, $hash_of_file, $scan_data){
608
- global $wpdb;
609
- $source_file_path = addslashes($source_file_path);
610
- $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
611
- $res=$wpdb->query( $query );
612
- }
613
-
614
- function delete_hash($source_file_path){
615
- global $wpdb;
616
- $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
617
- $res=$wpdb->query( $query );
618
- }
619
-
620
- function get_infected_file($filename){
621
- global $wpdb;
622
- $filename = addslashes($filename);
623
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
624
- return $result;
625
- }
626
-
627
- function insert_files_in_parts($file_path_array){
628
- global $wpdb;
629
- if(!empty($file_path_array)){
630
- $size=sizeof($file_path_array);
631
- $default=0;
632
- $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
633
- for ($i=1; $i <= $size ; $i++) {
634
- $value= $file_path_array[$i];
635
- $file_path = $value['file'];
636
- $file_path = addslashes($file_path);
637
- $hash_value= md5($file_path);
638
- $repo_key = $value['key'];
639
- $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
640
- if($i < $size){
641
- $query.= ",";
642
- }
643
- }
644
- $query.=";";
645
- $res=$wpdb->query( $query );
646
- }
647
- }
648
-
649
- function update_files_scan($file_path_array, $file_count){
650
- global $wpdb;
651
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
652
- for ($i=0; $i < $file_count ; $i++) {
653
- $value= $file_path_array[$i]->path;
654
- $value = addslashes($value);
655
- $value = md5($value);
656
- $query.= "('".$value."', 1)";
657
- if($i < $file_count-1){
658
- $query.= ",";
659
- }
660
- }
661
- $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
662
- $res=$wpdb->query( $query );
663
- }
664
-
665
- function update_files_scan_ext_link($file_path_array, $file_count){
666
- global $wpdb;
667
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
668
- for ($i=0; $i < $file_count ; $i++) {
669
- $value= $file_path_array[$i]->path;
670
- $value = addslashes($value);
671
- $value = md5($value);
672
- $query.= "('".$value."', 1)";
673
- if($i < $file_count-1){
674
- $query.= ",";
675
- }
676
- }
677
- $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
678
- $res=$wpdb->query( $query );
679
- }
680
-
681
- function update_files_scan_repo($file_path_array, $file_count){
682
- global $wpdb;
683
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
684
- for ($i=0; $i < $file_count ; $i++) {
685
- $value= $file_path_array[$i]->path;
686
- $value = addslashes($value);
687
- $value = md5($value);
688
- $query.= "('".$value."', 1)";
689
- if($i < $file_count-1){
690
- $query.= ",";
691
- }
692
- }
693
- $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
694
- $res=$wpdb->query( $query );
695
- }
696
-
697
- function get_files_in_parts(){
698
- global $wpdb;
699
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
700
- $result=$wpdb->get_results($sql);
701
- return $result;
702
- }
703
-
704
- function get_files_for_link(){
705
- global $wpdb;
706
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
707
- $result=$wpdb->get_results($sql);
708
- return $result;
709
- }
710
-
711
- function get_files_for_repo($repo_key){
712
- global $wpdb;
713
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
714
- $result=$wpdb->get_results($sql);
715
- return $result;
716
- }
717
-
718
- function delete_files_parts(){
719
- global $wpdb;
720
- $sql= "TRUNCATE TABLE ".$this->filescan.";";
721
- $res=$wpdb->query($sql);
722
- }
723
-
724
- function get_last_id(){
725
- global $wpdb;
726
- $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
727
- return $result;
728
- }
729
-
730
- function get_report_with_id($reportid){
731
- global $wpdb;
732
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
733
- return $result;
734
- }
735
-
736
- function delete_report($reportid){
737
- global $wpdb;
738
- $wpdb->query(
739
- "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
740
- );
741
- $warning_count=0;
742
- $malware_count=0;
743
- $last_id=$this->get_last_id();
744
- $send_id=$last_id[0]->max;
745
- if(!is_null($send_id)){
746
- $res = $this->get_report_with_id($send_id);
747
- $record = $res[0];
748
- if($record->malware_count >= 0){
749
- $malware_count = $record->malware_count;
750
- }
751
- if($record->repo_issues < 0){
752
- $warning_count = $record->malicious_links;
753
- }else{
754
- $warning_count = $record->repo_issues + $record->malicious_links;
755
- }
756
- }
757
-
758
- update_option('mo_wpns_infected_files', $malware_count);
759
- update_option('mo_wpns_warning_files', $warning_count);
760
-
761
- }
762
-
763
- function get_report(){
764
- global $wpdb;
765
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
766
- return $result;
767
- }
768
-
769
- function get_vulnerable_files_count_for_reportid($reportid){
770
- global $wpdb;
771
- $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
772
- return $result;
773
- }
774
-
775
- function ignorefile($filename){
776
- $signature = md5_file($filename);
777
- global $wpdb;
778
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
779
- if($result){
780
- $wpdb->query(
781
- "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
782
- );
783
- } else {
784
- $wpdb->insert(
785
- $this->skipfiles,
786
- array(
787
- 'path' => $filename,
788
- 'signature' => $signature,
789
- 'created_timestamp' => current_time('timestamp')
790
- )
791
- );
792
- }
793
- }
794
-
795
- function ignorechangedfile($recordId){
796
- global $wpdb;
797
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
798
- if($result){
799
- $record = $result[0];
800
- $signature = md5_file($record->path);
801
- $wpdb->query(
802
- "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
803
- );
804
- }
805
- }
806
-
807
- function getlistofignorefiles(){
808
- global $wpdb;
809
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
810
- return $result;
811
- }
812
-
813
- function get_detail_report_with_id($reportid){
814
- global $wpdb;
815
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
816
- return $result;
817
- }
818
-
819
- function mo_wpns_upgrade_process_complete(){
820
- $current_db_version = get_option('mo_wpns_dbversion');
821
- if($current_db_version < MoWpnsConstants::DB_VERSION){
822
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
823
- $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
824
- if(empty($row)){
825
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
826
- if($result){
827
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
828
- foreach ($report_ids as $key => $value) {
829
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
830
- $result = $this->mo_wpns_get_scan_count($scan_detail);
831
- $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
832
- }
833
- }
834
- }
835
- $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
836
- if(empty($rowhash)){
837
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
838
- }
839
- }
840
- }
841
-
842
- function mo_wpns_get_scan_count($result){
843
- $scan_count = 0;
844
- $repo_count = 0;
845
- $link_count = 0;
846
- $total = 0;
847
- foreach ($result as $key => $value) {
848
- $total+=1;
849
- $temp = unserialize($result[$key]->report);
850
- if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
851
- $scan_count++;
852
- $repo_count++;
853
- $link_count++;
854
- }else if(isset($temp['scan'])&&isset($temp['repo'])){
855
- $scan_count++;
856
- $repo_count++;
857
- }else if(isset($temp['scan'])&&isset($temp['extl'])){
858
- $scan_count++;
859
- $link_count++;
860
- }else if(isset($temp['repo'])&&isset($temp['extl'])){
861
- $repo_count++;
862
- $link_count++;
863
- }else if(isset($temp['scan'])){
864
- $scan_count++;
865
- }else if(isset($temp['repo'])){
866
- $repo_count++;
867
- }else if(isset($temp['extl'])){
868
- $link_count++;
869
- }
870
- }
871
- return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
872
- }
873
  }
1
+ <?php
2
+
3
+ require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
+
5
+ class MoWpnsDB
6
+ {
7
+ private $transactionTable;
8
+ private $blockedIPsTable;
9
+ private $whitelistIPsTable;
10
+ private $emailAuditTable;
11
+ private $malwarereportTable;
12
+ private $scanreportdetails;
13
+ private $skipfiles;
14
+ private $hashfile;
15
+
16
+ function __construct()
17
+ {
18
+ global $wpdb;
19
+ $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
+ $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
+ $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
+ $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
+ $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
+ $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
+ $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
+ $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
+ $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
+ $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
+ $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
+ $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
+ $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
+ }
33
+
34
+ function mo_plugin_activate()
35
+ {
36
+ global $wpdb;
37
+ if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
+ $this->generate_tables();
40
+ } else {
41
+ $current_db_version = get_option('mo_wpns_dbversion');
42
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
43
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
+
45
+ }
46
+ }
47
+ }
48
+
49
+ function generate_tables(){
50
+ global $wpdb;
51
+
52
+ $tableName = $this->transactionTable;
53
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
+ {
55
+ $sql = "CREATE TABLE " . $tableName . " (
56
+ `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
+ `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
+ dbDelta($sql);
59
+ }
60
+
61
+ $tableName = $this->blockedIPsTable;
62
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
+ {
64
+ $sql = "CREATE TABLE " . $tableName . " (
65
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
+ `created_timestamp` int, UNIQUE KEY id (id) );";
67
+ dbDelta($sql);
68
+ }
69
+
70
+
71
+ $tableName = $this->whitelistIPsTable;
72
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
+ {
74
+ $sql = "CREATE TABLE " . $tableName . " (
75
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
+ dbDelta($sql);
77
+ }
78
+
79
+ $tableName = $this->backupdetails;
80
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
+ {
82
+ $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
+ `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
+ dbDelta($sql);
85
+ }
86
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
+ if(is_null($result)){
88
+ $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
+ $results1 = $wpdb->query($sql);
90
+ }
91
+
92
+ $tableName = $this->emailAuditTable;
93
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
+ {
95
+ $sql = "CREATE TABLE " . $tableName . " (
96
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
+ dbDelta($sql);
98
+ }
99
+ $tableName = $this->IPrateDetails;
100
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
+ {
102
+ $sql = "CREATE TABLE " . $tableName . " (
103
+ ip varchar(20) , time bigint );";
104
+ dbDelta($sql);
105
+ }
106
+
107
+ $tableName = $this->attackLogs;
108
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
+ {
110
+ $sql = "create table ". $tableName ." (
111
+ ip varchar(20),
112
+ type varchar(20),
113
+ time bigint,
114
+ input mediumtext );";
115
+ //dbDelta($sql);
116
+ $results = $wpdb->get_results($sql);
117
+
118
+ }
119
+ $tableName = $this->malwarereportTable;
120
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
+ {
122
+ $sql = "CREATE TABLE " . $tableName . " (
123
+ `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
+ dbDelta($sql);
125
+ }
126
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
+ if(is_null($result)){
128
+ $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
+ $results1 = $wpdb->query($sql);
130
+ $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
+ $resluts = $wpdb->query($sql1);
132
+ }
133
+
134
+
135
+ $tableName = $this->scanreportdetails;
136
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
+ {
138
+ $sql = "CREATE TABLE " . $tableName . " (
139
+ `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
+ dbDelta($sql);
141
+ }
142
+
143
+ $tableName = $this->skipfiles;
144
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
+ {
146
+ $sql = "CREATE TABLE " . $tableName . " (
147
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
+ dbDelta($sql);
149
+ }
150
+
151
+ $tableName = $this->filescan;
152
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
+ {
154
+ $sql = "CREATE TABLE " . $tableName . " (
155
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
+ dbDelta($sql);
157
+ }
158
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
+ if(is_null($result)){
160
+ $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
+ $results1 = $wpdb->query($sql);
162
+ }
163
+
164
+ $tableName = $this->hashfile;
165
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
+ {
167
+ $sql = "CREATE TABLE " . $tableName . " (
168
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
+ dbDelta($sql);
170
+ }
171
+
172
+ $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
+ $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
+ $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
+ if(empty($row1) && empty($row1) && empty($row1)){
176
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
+ if($result){
178
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
+ foreach ($report_ids as $key => $value) {
180
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
182
+ $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
+ }
184
+ }
185
+ }
186
+ $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
+ if(empty($rowhash)){
188
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
+ }
190
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
+ if(empty($result)){
192
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
+ $results1 = $wpdb->query($sql);
194
+ $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
+ $resluts = $wpdb->query($sql1);
196
+ }
197
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
+ if(empty($result)){
199
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
+ $results1 = $wpdb->query($sql);
201
+ $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
+ $resluts = $wpdb->query($sql1);
203
+ }
204
+ }
205
+
206
+ function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
+ global $wpdb;
208
+ $wpdb->insert(
209
+ $this->backupdetails,
210
+ array(
211
+ 'backup_id' =>$backup_id,
212
+ 'file_name' =>$file_name,
213
+ 'created_timestamp'=> $backup_created_timestamp,
214
+ 'plugin_path' => $plugin_path
215
+ ));
216
+ }
217
+
218
+ function get_table_content(){
219
+ global $wpdb;
220
+ return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
+ }
222
+
223
+ function get_number_of_plugin_backup(){
224
+ global $wpdb;
225
+
226
+ $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
+ $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
+ $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
+ $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
+ $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
+ $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
+
233
+ return $array;
234
+ }
235
+
236
+ function delete_file($id){
237
+ global $wpdb;
238
+ $wpdb->query(
239
+ "DELETE FROM ".$this->backupdetails."
240
+ WHERE id = ".$id
241
+ );
242
+ return;
243
+ }
244
+
245
+ function row_exist($id){
246
+ global $wpdb;
247
+ $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
+ return $is_exist;
249
+ }
250
+
251
+ function get_ip_blocked_count($ipAddress)
252
+ {
253
+ global $wpdb;
254
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
+ }
256
+ function get_total_blocked_ips()
257
+ {
258
+ global $wpdb;
259
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
+ }
261
+ function get_total_manual_blocked_ips()
262
+ {
263
+ global $wpdb;
264
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
+ }
266
+ function get_total_blocked_ips_waf()
267
+ {
268
+ global $wpdb;
269
+ $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
+ return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
+ }
272
+ function get_blocked_attack_count($attack)
273
+ {
274
+ global $wpdb;
275
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
+ }
277
+
278
+ function get_count_of_blocked_ips(){
279
+ global $wpdb;
280
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
+ }
282
+
283
+
284
+ function get_blocked_ip($entryid)
285
+ {
286
+ global $wpdb;
287
+ return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
+ }
289
+
290
+ function get_blocked_ip_list()
291
+ {
292
+ global $wpdb;
293
+ return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
+ }
295
+
296
+ function get_blocked_ips_realtime()
297
+ {
298
+ global $wpdb;
299
+ return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
+ }
301
+ function get_blocked_attack_list($tableName)
302
+ {
303
+ global $wpdb;
304
+ $tableName = $wpdb->base_prefix.$tableName;
305
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
+ }
307
+
308
+ function get_blocked_sqli_list()
309
+ {
310
+ global $wpdb;
311
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
+ }
313
+ function get_blocked_rfi_list()
314
+ {
315
+ global $wpdb;
316
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
+ }
318
+ function get_blocked_lfi_list()
319
+ {
320
+ global $wpdb;
321
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
+ }
323
+ function get_blocked_rce_list()
324
+ {
325
+ global $wpdb;
326
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
+ }
328
+ function get_blocked_xss_list()
329
+ {
330
+ global $wpdb;
331
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
+ }
333
+
334
+ function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
+ {
336
+ global $wpdb;
337
+ $wpdb->insert(
338
+ $this->blockedIPsTable,
339
+ array(
340
+ 'ip_address' => $ipAddress,
341
+ 'reason' => $reason,
342
+ 'blocked_for_time' => $blocked_for_time,
343
+ 'created_timestamp' => current_time( 'timestamp' )
344
+ )
345
+ );
346
+ return;
347
+ }
348
+
349
+ function delete_blocked_ip($entryid)
350
+ {
351
+ global $wpdb;
352
+ $wpdb->query(
353
+ "DELETE FROM ".$this->blockedIPsTable."
354
+ WHERE id = ".$entryid
355
+ );
356
+ return;
357
+ }
358
+
359
+ function get_whitelisted_ip_count($ipAddress)
360
+ {
361
+ global $wpdb;
362
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
+ }
364
+
365
+ function insert_whitelisted_ip($ipAddress)
366
+ {
367
+ global $wpdb;
368
+ $wpdb->insert(
369
+ $this->whitelistIPsTable,
370
+ array(
371
+ 'ip_address' => $ipAddress,
372
+ 'created_timestamp' => current_time( 'timestamp' )
373
+ )
374
+ );
375
+ }
376
+
377
+ function get_number_of_whitelisted_ips(){
378
+ global $wpdb;
379
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
+ }
381
+
382
+ function delete_whitelisted_ip($entryid)
383
+ {
384
+ global $wpdb;
385
+ $wpdb->query(
386
+ "DELETE FROM ".$this->whitelistIPsTable."
387
+ WHERE id = ".$entryid
388
+ );
389
+ return;
390
+ }
391
+
392
+ function get_whitelisted_ips_list()
393
+ {
394
+ global $wpdb;
395
+ return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
+ }
397
+
398
+ function get_email_audit_count($ipAddress,$username)
399
+ {
400
+ global $wpdb;
401
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
+ username='".$username."'" );
403
+ }
404
+
405
+ function insert_email_audit($ipAddress,$username,$reason)
406
+ {
407
+ global $wpdb;
408
+ $wpdb->insert(
409
+ $this->emailAuditTable,
410
+ array(
411
+ 'ip_address' => $ipAddress,
412
+ 'username' => $username,
413
+ 'reason' => $reason,
414
+ 'created_timestamp' => current_time( 'timestamp' )
415
+ )
416
+ );
417
+ return;
418
+ }
419
+
420
+ function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
+ {
422
+ global $wpdb;
423
+ $data = array(
424
+ 'ip_address' => $ipAddress,
425
+ 'username' => $username,
426
+ 'type' => $type,
427
+ 'status' => $status,
428
+ 'created_timestamp' => current_time( 'timestamp' )
429
+ );
430
+ $data['url'] = is_null($url) ? '' : $url;
431
+ $wpdb->insert( $this->transactionTable, $data);
432
+ return;
433
+ }
434
+
435
+ function get_transasction_list()
436
+ {
437
+ global $wpdb;
438
+ return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
439
+ }
440
+
441
+ function get_login_transaction_report()
442
+ {
443
+ global $wpdb;
444
+ return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
445
+ }
446
+
447
+ function get_error_transaction_report()
448
+ {
449
+ global $wpdb;
450
+ return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
451
+ }
452
+
453
+ function update_transaction_table($where,$update)
454
+ {
455
+ global $wpdb;
456
+
457
+ $sql = "UPDATE ".$this->transactionTable." SET ";
458
+ $i = 0;
459
+ foreach($update as $key=>$value)
460
+ {
461
+ if($i%2!=0)
462
+ $sql .= ' , ';
463
+ $sql .= $key."='".$value."'";
464
+ $i++;
465
+ }
466
+ $sql .= " WHERE ";
467
+ $i = 0;
468
+ foreach($where as $key=>$value)
469
+ {
470
+ if($i%2!=0)
471
+ $sql .= ' AND ';
472
+ $sql .= $key."='".$value."'";
473
+ $i++;
474
+ }
475
+
476
+ $wpdb->query($sql);
477
+ return;
478
+ }
479
+
480
+ function get_count_of_attacks_blocked(){
481
+ global $wpdb;
482
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
483
+ }
484
+
485
+ function get_failed_transaction_count($ipAddress)
486
+ {
487
+ global $wpdb;
488
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
489
+ AND status = '".MoWpnsConstants::FAILED."'" );
490
+ }
491
+
492
+ function delete_transaction($ipAddress)
493
+ {
494
+ global $wpdb;
495
+ $wpdb->query(
496
+ "DELETE FROM ".$this->transactionTable."
497
+ WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
498
+ );
499
+ return;
500
+ }
501
+
502
+ function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
503
+ global $wpdb;
504
+ $wpdb->insert(
505
+ $this->malwarereportTable,
506
+ array(
507
+ 'scan_mode' => $scan_type,
508
+ 'scanned_folders' => $folderNames,
509
+ 'scanned_files' => 0,
510
+ 'start_timestamp' => $start_timestamp,
511
+ 'malware_count' => 0,
512
+ 'repo_issues' => $repo_check_status_code,
513
+ 'malicious_links' => 0
514
+ )
515
+ );
516
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
517
+ if($result){
518
+ $record = $result[0];
519
+ return $record->id;
520
+ }
521
+ }
522
+
523
+ function mo2f_update_net_issue($reportid){
524
+ global $wpdb;
525
+ $wpdb->update(
526
+ $this->malwarereportTable,
527
+ array(
528
+ 'net_connection' => 1
529
+ ),
530
+ array(
531
+ 'id' => $reportid
532
+ )
533
+ );
534
+ }
535
+
536
+ function mo2f_update_repo_issue($reportid, $issue){
537
+ global $wpdb;
538
+ $wpdb->update(
539
+ $this->malwarereportTable,
540
+ array(
541
+ 'repo_key' => $issue
542
+ ),
543
+ array(
544
+ 'id' => $reportid
545
+ )
546
+ );
547
+ }
548
+
549
+ function add_report_details($reportid, $filename, $report){
550
+ global $wpdb;
551
+ $wpdb->insert(
552
+ $this->scanreportdetails,
553
+ array(
554
+ 'report_id' => $reportid,
555
+ 'filename' => $filename,
556
+ 'report' => serialize($report),
557
+ 'created_timestamp' => current_time('timestamp')
558
+ )
559
+ );
560
+ }
561
+
562
+ function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
563
+ global $wpdb;
564
+ $wpdb->query(
565
+ "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
566
+ );
567
+ }
568
+
569
+ function count_files(){
570
+ global $wpdb;
571
+ $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
572
+ return $sql[0]->scan_count;
573
+ }
574
+
575
+ function count_malicious_files(){
576
+ global $wpdb;
577
+ $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
578
+ return $sql[0]->total_mal;
579
+ }
580
+
581
+ function count_files_last_scan($reportid){
582
+ global $wpdb;
583
+ $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
584
+ return $sql[0]->scanned_files;
585
+ }
586
+
587
+ function count_malicious_last_scan($reportid){
588
+ global $wpdb;
589
+ $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
590
+ return $sql[0]->mal_file;
591
+ }
592
+
593
+ function check_hash($hash_of_file){
594
+ global $wpdb;
595
+ $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
596
+ $result=$wpdb->get_results( $sql );
597
+ return $result;
598
+ }
599
+
600
+ function insert_hash($source_file_path,$hash_of_file, $scan_data){
601
+ global $wpdb;
602
+ $source_file_path = addslashes($source_file_path);
603
+ $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
604
+ $res=$wpdb->query( $query );
605
+ }
606
+
607
+ function update_hash($source_file_path, $hash_of_file, $scan_data){
608
+ global $wpdb;
609
+ $source_file_path = addslashes($source_file_path);
610
+ $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
611
+ $res=$wpdb->query( $query );
612
+ }
613
+
614
+ function delete_hash($source_file_path){
615
+ global $wpdb;
616
+ $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
617
+ $res=$wpdb->query( $query );
618
+ }
619
+
620
+ function get_infected_file($filename){
621
+ global $wpdb;
622
+ $filename = addslashes($filename);
623
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
624
+ return $result;
625
+ }
626
+
627
+ function insert_files_in_parts($file_path_array){
628
+ global $wpdb;
629
+ if(!empty($file_path_array)){
630
+ $size=sizeof($file_path_array);
631
+ $default=0;
632
+ $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
633
+ for ($i=1; $i <= $size ; $i++) {
634
+ $value= $file_path_array[$i];
635
+ $file_path = $value['file'];
636
+ $file_path = addslashes($file_path);
637
+ $hash_value= md5($file_path);
638
+ $repo_key = $value['key'];
639
+ $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
640
+ if($i < $size){
641
+ $query.= ",";
642
+ }
643
+ }
644
+ $query.=";";
645
+ $res=$wpdb->query( $query );
646
+ }
647
+ }
648
+
649
+ function update_files_scan($file_path_array, $file_count){
650
+ global $wpdb;
651
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
652
+ for ($i=0; $i < $file_count ; $i++) {
653
+ $value= $file_path_array[$i]->path;
654
+ $value = addslashes($value);
655
+ $value = md5($value);
656
+ $query.= "('".$value."', 1)";
657
+ if($i < $file_count-1){
658
+ $query.= ",";
659
+ }
660
+ }
661
+ $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
662
+ $res=$wpdb->query( $query );
663
+ }
664
+
665
+ function update_files_scan_ext_link($file_path_array, $file_count){
666
+ global $wpdb;
667
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
668
+ for ($i=0; $i < $file_count ; $i++) {
669
+ $value= $file_path_array[$i]->path;
670
+ $value = addslashes($value);
671
+ $value = md5($value);
672
+ $query.= "('".$value."', 1)";
673
+ if($i < $file_count-1){
674
+ $query.= ",";
675
+ }
676
+ }
677
+ $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
678
+ $res=$wpdb->query( $query );
679
+ }
680
+
681
+ function update_files_scan_repo($file_path_array, $file_count){
682
+ global $wpdb;
683
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
684
+ for ($i=0; $i < $file_count ; $i++) {
685
+ $value= $file_path_array[$i]->path;
686
+ $value = addslashes($value);
687
+ $value = md5($value);
688
+ $query.= "('".$value."', 1)";
689
+ if($i < $file_count-1){
690
+ $query.= ",";
691
+ }
692
+ }
693
+ $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
694
+ $res=$wpdb->query( $query );
695
+ }
696
+
697
+ function get_files_in_parts(){
698
+ global $wpdb;
699
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
700
+ $result=$wpdb->get_results($sql);
701
+ return $result;
702
+ }
703
+
704
+ function get_files_for_link(){
705
+ global $wpdb;
706
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
707
+ $result=$wpdb->get_results($sql);
708
+ return $result;
709
+ }
710
+
711
+ function get_files_for_repo($repo_key){
712
+ global $wpdb;
713
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
714
+ $result=$wpdb->get_results($sql);
715
+ return $result;
716
+ }
717
+
718
+ function delete_files_parts(){
719
+ global $wpdb;
720
+ $sql= "TRUNCATE TABLE ".$this->filescan.";";
721
+ $res=$wpdb->query($sql);
722
+ }
723
+
724
+ function get_last_id(){
725
+ global $wpdb;
726
+ $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
727
+ return $result;
728
+ }
729
+
730
+ function get_report_with_id($reportid){
731
+ global $wpdb;
732
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
733
+ return $result;
734
+ }
735
+
736
+ function delete_report($reportid){
737
+ global $wpdb;
738
+ $wpdb->query(
739
+ "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
740
+ );
741
+ $warning_count=0;
742
+ $malware_count=0;
743
+ $last_id=$this->get_last_id();
744
+ $send_id=$last_id[0]->max;
745
+ if(!is_null($send_id)){
746
+ $res = $this->get_report_with_id($send_id);
747
+ $record = $res[0];
748
+ if($record->malware_count >= 0){
749
+ $malware_count = $record->malware_count;
750
+ }
751
+ if($record->repo_issues < 0){
752
+ $warning_count = $record->malicious_links;
753
+ }else{
754
+ $warning_count = $record->repo_issues + $record->malicious_links;
755
+ }
756
+ }
757
+
758
+ update_option('mo_wpns_infected_files', $malware_count);
759
+ update_option('mo_wpns_warning_files', $warning_count);
760
+
761
+ }
762
+
763
+ function get_report(){
764
+ global $wpdb;
765
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
766
+ return $result;
767
+ }
768
+
769
+ function get_vulnerable_files_count_for_reportid($reportid){
770
+ global $wpdb;
771
+ $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
772
+ return $result;
773
+ }
774
+
775
+ function ignorefile($filename){
776
+ $signature = md5_file($filename);
777
+ global $wpdb;
778
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
779
+ if($result){
780
+ $wpdb->query(
781
+ "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
782
+ );
783
+ } else {
784
+ $wpdb->insert(
785
+ $this->skipfiles,
786
+ array(
787
+ 'path' => $filename,
788
+ 'signature' => $signature,
789
+ 'created_timestamp' => current_time('timestamp')
790
+ )
791
+ );
792
+ }
793
+ }
794
+
795
+ function ignorechangedfile($recordId){
796
+ global $wpdb;
797
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
798
+ if($result){
799
+ $record = $result[0];
800
+ $signature = md5_file($record->path);
801
+ $wpdb->query(
802
+ "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
803
+ );
804
+ }
805
+ }
806
+
807
+ function getlistofignorefiles(){
808
+ global $wpdb;
809
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
810
+ return $result;
811
+ }
812
+
813
+ function get_detail_report_with_id($reportid){
814
+ global $wpdb;
815
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
816
+ return $result;
817
+ }
818
+
819
+ function mo_wpns_upgrade_process_complete(){
820
+ $current_db_version = get_option('mo_wpns_dbversion');
821
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
822
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
823
+ $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
824
+ if(empty($row)){
825
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
826
+ if($result){
827
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
828
+ foreach ($report_ids as $key => $value) {
829
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
830
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
831
+ $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
832
+ }
833
+ }
834
+ }
835
+ $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
836
+ if(empty($rowhash)){
837
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
838
+ }
839
+ }
840
+ }
841
+
842
+ function mo_wpns_get_scan_count($result){
843
+ $scan_count = 0;
844
+ $repo_count = 0;
845
+ $link_count = 0;
846
+ $total = 0;
847
+ foreach ($result as $key => $value) {
848
+ $total+=1;
849
+ $temp = unserialize($result[$key]->report);
850
+ if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
851
+ $scan_count++;
852
+ $repo_count++;
853
+ $link_count++;
854
+ }else if(isset($temp['scan'])&&isset($temp['repo'])){
855
+ $scan_count++;
856
+ $repo_count++;
857
+ }else if(isset($temp['scan'])&&isset($temp['extl'])){
858
+ $scan_count++;
859
+ $link_count++;
860
+ }else if(isset($temp['repo'])&&isset($temp['extl'])){
861
+ $repo_count++;
862
+ $link_count++;
863
+ }else if(isset($temp['scan'])){
864
+ $scan_count++;
865
+ }else if(isset($temp['repo'])){
866
+ $repo_count++;
867
+ }else if(isset($temp['extl'])){
868
+ $link_count++;
869
+ }
870
+ }
871
+ return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
872
+ }
873
  }
database/database_functions_2fa.php CHANGED
@@ -1,403 +1,403 @@
1
- <?php
2
-
3
- require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
4
-
5
- class Mo2fDB {
6
- private $userDetailsTable;
7
- private $userLoginInfoTable;
8
-
9
- function __construct() {
10
- global $wpdb;
11
- $this->userDetailsTable = $wpdb->prefix . 'mo2f_user_details';
12
- $this->userLoginInfoTable = $wpdb->prefix . 'mo2f_user_login_info';
13
- }
14
-
15
- function mo_plugin_activate() {
16
- global $wpdb;
17
- if ( ! get_option( 'mo2f_dbversion' ) ) {
18
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
19
- $this->generate_tables();
20
- } else {
21
- $current_db_version = get_option( 'mo2f_dbversion' );
22
- if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
23
-
24
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
25
- $this->generate_tables();
26
- }
27
- //update the tables based on DB_VERSION.
28
- }
29
- }
30
-
31
- function generate_tables() {
32
- global $wpdb;
33
-
34
- $tableName = $this->userDetailsTable;
35
-
36
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
37
-
38
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
39
- `user_id` bigint NOT NULL,
40
- `mo2f_OTPOverSMS_config_status` tinyint,
41
- `mo2f_miniOrangePushNotification_config_status` tinyint,
42
- `mo2f_miniOrangeQRCodeAuthentication_config_status` tinyint,
43
- `mo2f_miniOrangeSoftToken_config_status` tinyint,
44
- `mo2f_AuthyAuthenticator_config_status` tinyint,
45
- `mo2f_EmailVerification_config_status` tinyint,
46
- `mo2f_SecurityQuestions_config_status` tinyint,
47
- `mo2f_GoogleAuthenticator_config_status` tinyint,
48
- `mo2f_OTPOverEmail_config_status` tinyint,
49
- `mo2f_OTPOverTelegram_config_status` tinyint,
50
- `mo2f_OTPOverWhatsapp_config_status` tinyint,
51
- `mo2f_DuoAuthenticator_config_status` tinyint,
52
- `mobile_registration_status` tinyint,
53
- `mo2f_2factor_enable_2fa_byusers` tinyint DEFAULT 1,
54
- `mo2f_configured_2FA_method` mediumtext NOT NULL ,
55
- `mo2f_user_phone` mediumtext NOT NULL ,
56
- `mo2f_user_email` mediumtext NOT NULL,
57
- `user_registration_with_miniorange` mediumtext NOT NULL,
58
- `mo_2factor_user_registration_status` mediumtext NOT NULL,
59
- UNIQUE KEY user_id (user_id) );";
60
-
61
- dbDelta( $sql );
62
- }
63
- add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
64
- add_site_option( 'bGltaXRSZWFjaGVk' ,0);
65
- add_site_option( base64_encode('totalUsersCloud'),0);
66
- add_site_option(base64_encode('remainingWhatsapptransactions'),30);
67
-
68
-
69
-
70
-
71
- $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
72
- $check_if_column_exists_tel = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverTelegram_config_status" );
73
- $check_if_column_exists_duo = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_DuoAuthenticator_config_status" );
74
-
75
- if ( ! $check_if_column_exists ) {
76
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo2f_OTPOverEmail_config_status` tinyint";
77
- $this->execute_add_column( $query );
78
-
79
- }
80
- if(!$check_if_column_exists_tel)
81
- {
82
- $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
83
- `mo2f_OTPOverTelegram_config_status` tinyint,
84
- `mo2f_OTPOverWhatsapp_config_status` tinyint);";
85
- $this->execute_add_column( $query );
86
- }
87
- if(!$check_if_column_exists_duo)
88
- {
89
- $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
90
- `mo2f_DuoAuthenticator_config_status` tinyint);";
91
- $this->execute_add_column( $query );
92
- }
93
-
94
-
95
- $tableName = $this->userLoginInfoTable;
96
-
97
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
98
-
99
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
100
- `session_id` mediumtext NOT NULL,
101
- `mo2f_login_message` mediumtext NOT NULL ,
102
- `mo2f_current_user_id` tinyint NOT NULL ,
103
- `mo2f_1stfactor_status` mediumtext NOT NULL ,
104
- `mo_2factor_login_status` mediumtext NOT NULL ,
105
- `mo2f_transactionId` mediumtext NOT NULL ,
106
- `mo_2_factor_kba_questions` longtext NOT NULL ,
107
- `mo2f_rba_status` longtext NOT NULL ,
108
- `secret_ga` mediumtext NOT NULL,
109
- `ga_qrCode` mediumtext NOT NULL,
110
- `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
111
- PRIMARY KEY (`session_id`(100)));";
112
-
113
- dbDelta( $sql );
114
- }
115
-
116
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
117
-
118
- if ( ! $check_if_column_exists ) {
119
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
120
- $this->execute_add_column( $query );
121
-
122
- }
123
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "secret_ga" );
124
-
125
- if ( ! $check_if_column_exists ) {
126
- $query = "ALTER TABLE `$tableName` ADD COLUMN `secret_ga` mediumtext NOT NULL";
127
- $this->execute_add_column( $query );
128
-
129
- }
130
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "ga_qrCode" );
131
-
132
- if ( ! $check_if_column_exists ) {
133
- $query = "ALTER TABLE `$tableName` ADD COLUMN `ga_qrCode` mediumtext NOT NULL";
134
- $this->execute_add_column( $query );
135
-
136
- }
137
-
138
- }
139
- function get_current_user_email($id)
140
- {
141
- global $wpdb;
142
- $sql = 'select user_email from wp_users where ID='.$id.';';
143
- return $wpdb->get_var($sql);
144
- }
145
- function database_table_issue(){
146
-
147
- global $wpdb;
148
- $tableName = $this->userLoginInfoTable;
149
-
150
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
151
-
152
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
153
- `session_id` mediumtext NOT NULL,
154
- `mo2f_login_message` mediumtext NOT NULL ,
155
- `mo2f_current_user_id` tinyint NOT NULL ,
156
- `mo2f_1stfactor_status` mediumtext NOT NULL ,
157
- `mo_2factor_login_status` mediumtext NOT NULL ,
158
- `mo2f_transactionId` mediumtext NOT NULL ,
159
- `mo_2_factor_kba_questions` longtext NOT NULL ,
160
- `mo2f_rba_status` longtext NOT NULL ,
161
- `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
162
- PRIMARY KEY (`session_id`(100)));";
163
- dbDelta( $sql );
164
- }
165
-
166
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
167
-
168
- if ( ! $check_if_column_exists ) {
169
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
170
- $this->execute_add_column( $query );
171
-
172
- }
173
-
174
- }
175
-
176
-
177
- function insert_user( $user_id ) {
178
- global $wpdb;
179
- $sql = "INSERT INTO $this->userDetailsTable (user_id) VALUES($user_id) ON DUPLICATE KEY UPDATE user_id=$user_id";
180
- $wpdb->query( $sql );
181
- }
182
-
183
- function drop_table( $table_name ) {
184
- global $wpdb;
185
- $sql = "DROP TABLE $table_name";
186
- $wpdb->query( $sql );
187
- }
188
-
189
-
190
- function get_user_detail( $column_name, $user_id ) {
191
- global $wpdb;
192
- $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userDetailsTable . " WHERE user_id = " . $user_id . ";" );
193
- $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
194
-
195
- return $value == '' ? '' : $value[ $column_name ];
196
- }
197
-
198
- function delete_user_details( $user_id ) {
199
- global $wpdb;
200
- $wpdb->query(
201
- "DELETE FROM " . $this->userDetailsTable . "
202
- WHERE user_id = " . $user_id
203
- );
204
-
205
- return;
206
- }
207
- function get_no_of_2fa_users() {
208
- global $wpdb;
209
- $count=$wpdb->query(
210
- "SELECT * FROM ". $this->userDetailsTable
211
- );
212
- return $count;
213
- }
214
-
215
- function get_all_user_2fa_methods() {
216
- global $wpdb;
217
- $all_methods = [];
218
- $methods=$wpdb->get_results(
219
- "SELECT `mo2f_configured_2FA_method` FROM ". $this->userDetailsTable,ARRAY_A
220
- );
221
- foreach($methods as $method){
222
- array_push($all_methods,$method['mo2f_configured_2FA_method']);
223
- }
224
- return implode(',',$all_methods);
225
- }
226
-
227
- function check_if_table_exists( ) {
228
- global $wpdb;
229
- $does_table_exist= $wpdb->query(
230
- "SHOW TABLES LIKE '" . $this->userDetailsTable . "';"
231
- );
232
-
233
- return $does_table_exist;
234
- }
235
-
236
- function check_if_user_column_exists($user_id){
237
- global $wpdb;
238
- $value = $wpdb->query(
239
- "SELECT * FROM " . $this->userDetailsTable . "
240
- WHERE user_id = " . $user_id
241
- );
242
-
243
- return $value;
244
-
245
- }
246
-
247
- function check_if_column_exists( $table_type, $column_name ){
248
-
249
- if($table_type == "user_login_info_table")
250
- $table = $this->userLoginInfoTable;
251
- else if($table_type == "mo2f_user_details")
252
- $table = $this->userDetailsTable;
253
- global $wpdb;
254
- $sql="SHOW COLUMNS FROM " . $table . "
255
- LIKE '" . $column_name . "'";
256
- $value = $wpdb->query($sql);
257
-
258
- return $value;
259
-
260
- }
261
-
262
- function update_user_details( $user_id, $update ) {
263
- global $wpdb;
264
- $count = count( $update );
265
- $sql = "UPDATE " . $this->userDetailsTable . " SET ";
266
- $i = 1;
267
- foreach ( $update as $key => $value ) {
268
-
269
- $sql .= $key . "='" . $value . "'";
270
- if ( $i < $count ) {
271
- $sql .= ' , ';
272
- }
273
- $i ++;
274
- }
275
- $sql .= " WHERE user_id=" . $user_id . ";";
276
- $wpdb->query( $sql );
277
-
278
- return;
279
-
280
- }
281
-
282
- function insert_user_login_session( $session_id ) {
283
- global $wpdb;
284
- $sql = "INSERT INTO $this->userLoginInfoTable (session_id) VALUES('$session_id') ON DUPLICATE KEY UPDATE session_id='$session_id'";
285
-
286
- $wpdb->query( $sql );
287
- $sql = "DELETE FROM $this->userLoginInfoTable WHERE ts_created < DATE_ADD(NOW(),INTERVAL - 2 MINUTE);";
288
- $wpdb->query( $sql );
289
- }
290
-
291
- function save_user_login_details( $session_id, $user_values ) {
292
- global $wpdb;
293
- $count = count( $user_values );
294
- $sql = "UPDATE " . $this->userLoginInfoTable . " SET ";
295
- $i = 1;
296
- foreach ( $user_values as $key => $value ) {
297
-
298
- $sql .= $key . "='" . $value . "'";
299
- if ( $i < $count ) {
300
- $sql .= ' , ';
301
- }
302
- $i ++;
303
- }
304
- $sql .= " WHERE session_id='" . $session_id . "';";
305
- $wpdb->query( $sql );
306
-
307
- return;
308
-
309
- }
310
-
311
- function execute_add_column ( $query ){
312
- global $wpdb;
313
- $wpdb->query( $query );
314
-
315
- return;
316
- }
317
-
318
- function get_user_login_details( $column_name, $session_id ) {
319
- global $wpdb;
320
- $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userLoginInfoTable . " WHERE session_id = '" . $session_id . "';" );
321
- $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
322
-
323
- return $value == '' ? '' : $value[ $column_name ];
324
- }
325
-
326
- function delete_user_login_sessions($session_id ) {
327
- global $wpdb;
328
- $wpdb->query(
329
- "DELETE FROM " . $this->userLoginInfoTable . "
330
- WHERE session_id='$session_id';"
331
- );
332
-
333
- return;
334
- }
335
- function check_user_limit_exceeded($user_id){
336
-
337
- global $wpdb;
338
- $value = $wpdb->query(
339
- "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
340
- WHERE meta_key = 'currentMethod'"
341
- );
342
-
343
- $user_already_configured = $wpdb->query(
344
- "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
345
- WHERE meta_key = 'currentMethod' and user_id =".$user_id);
346
-
347
- if($value < 3 || $user_already_configured){
348
- return false;
349
- }
350
- else{
351
- return true;
352
- }
353
- }
354
- function check_alluser_limit_exceeded($user_id){
355
-
356
- global $wpdb;
357
- $value = $wpdb->query(
358
- "SELECT * FROM ".$this->userDetailsTable
359
- );
360
- $user_already_configured = $wpdb->query(
361
- "SELECT * FROM ".$this->userDetailsTable ." WHERE user_id =".$user_id );
362
-
363
- if($value < 3 || $user_already_configured){
364
- return false;
365
- }
366
- else{
367
- return true;
368
- }
369
- }
370
-
371
- function get_all_onprem_userids(){
372
-
373
- global $wpdb;
374
- $value = $wpdb->get_results(
375
- "SELECT * FROM ".$wpdb->base_prefix ."usermeta
376
- WHERE meta_key = 'currentMethod'"
377
- );
378
-
379
-
380
- foreach ($value as $row){
381
-
382
- if(isset($row->user_id)){
383
-
384
- $this->insert_user( $row->user_id);
385
-
386
- $this->update_user_details( $row->user_id,
387
- array(
388
- 'mo2f_GoogleAuthenticator_config_status' => get_user_meta($row->user_id,'Google Authenticator',true),
389
- 'mo2f_SecurityQuestions_config_status' => get_user_meta($row->user_id,'Security Questions',true),
390
- 'mo2f_EmailVerification_config_status' => get_user_meta($row->user_id,'Email Verification',true),
391
- 'mo2f_AuthyAuthenticator_config_status' =>0,
392
- 'mo2f_user_email' => get_user_meta($row->user_id,'email',true),
393
- 'mo2f_user_phone' => '',
394
- 'user_registration_with_miniorange' => '',
395
- 'mobile_registration_status' => '',
396
- 'mo2f_configured_2FA_method' => get_user_meta($row->user_id,'currentMethod',true),
397
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
398
- ) );
399
- }
400
- }
401
- }
402
-
403
- }
1
+ <?php
2
+
3
+ require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
4
+
5
+ class Mo2fDB {
6
+ private $userDetailsTable;
7
+ private $userLoginInfoTable;
8
+
9
+ function __construct() {
10
+ global $wpdb;
11
+ $this->userDetailsTable = $wpdb->prefix . 'mo2f_user_details';
12
+ $this->userLoginInfoTable = $wpdb->prefix . 'mo2f_user_login_info';
13
+ }
14
+
15
+ function mo_plugin_activate() {
16
+ global $wpdb;
17
+ if ( ! get_option( 'mo2f_dbversion' ) ) {
18
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
19
+ $this->generate_tables();
20
+ } else {
21
+ $current_db_version = get_option( 'mo2f_dbversion' );
22
+ if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
23
+
24
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
25
+ $this->generate_tables();
26
+ }
27
+ //update the tables based on DB_VERSION.
28
+ }
29
+ }
30
+
31
+ function generate_tables() {
32
+ global $wpdb;
33
+
34
+ $tableName = $this->userDetailsTable;
35
+
36
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
37
+
38
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
39
+ `user_id` bigint NOT NULL,
40
+ `mo2f_OTPOverSMS_config_status` tinyint,
41
+ `mo2f_miniOrangePushNotification_config_status` tinyint,
42
+ `mo2f_miniOrangeQRCodeAuthentication_config_status` tinyint,
43
+ `mo2f_miniOrangeSoftToken_config_status` tinyint,
44
+ `mo2f_AuthyAuthenticator_config_status` tinyint,
45
+ `mo2f_EmailVerification_config_status` tinyint,
46
+ `mo2f_SecurityQuestions_config_status` tinyint,
47
+ `mo2f_GoogleAuthenticator_config_status` tinyint,
48
+ `mo2f_OTPOverEmail_config_status` tinyint,
49
+ `mo2f_OTPOverTelegram_config_status` tinyint,
50
+ `mo2f_OTPOverWhatsapp_config_status` tinyint,
51
+ `mo2f_DuoAuthenticator_config_status` tinyint,
52
+ `mobile_registration_status` tinyint,
53
+ `mo2f_2factor_enable_2fa_byusers` tinyint DEFAULT 1,
54
+ `mo2f_configured_2FA_method` mediumtext NOT NULL ,
55
+ `mo2f_user_phone` mediumtext NOT NULL ,
56
+ `mo2f_user_email` mediumtext NOT NULL,
57
+ `user_registration_with_miniorange` mediumtext NOT NULL,
58
+ `mo_2factor_user_registration_status` mediumtext NOT NULL,
59
+ UNIQUE KEY user_id (user_id) );";
60
+
61
+ dbDelta( $sql );
62
+ }
63
+ add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
64
+ add_site_option( 'bGltaXRSZWFjaGVk' ,0);
65
+ add_site_option( base64_encode('totalUsersCloud'),0);
66
+ add_site_option(base64_encode('remainingWhatsapptransactions'),30);
67
+
68
+
69
+
70
+
71
+ $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
72
+ $check_if_column_exists_tel = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverTelegram_config_status" );
73
+ $check_if_column_exists_duo = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_DuoAuthenticator_config_status" );
74
+
75
+ if ( ! $check_if_column_exists ) {
76
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo2f_OTPOverEmail_config_status` tinyint";
77
+ $this->execute_add_column( $query );
78
+
79
+ }
80
+ if(!$check_if_column_exists_tel)
81
+ {
82
+ $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
83
+ `mo2f_OTPOverTelegram_config_status` tinyint,
84
+ `mo2f_OTPOverWhatsapp_config_status` tinyint);";
85
+ $this->execute_add_column( $query );
86
+ }
87
+ if(!$check_if_column_exists_duo)
88
+ {
89
+ $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
90
+ `mo2f_DuoAuthenticator_config_status` tinyint);";
91
+ $this->execute_add_column( $query );
92
+ }
93
+
94
+
95
+ $tableName = $this->userLoginInfoTable;
96
+
97
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
98
+
99
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
100
+ `session_id` mediumtext NOT NULL,
101
+ `mo2f_login_message` mediumtext NOT NULL ,
102
+ `mo2f_current_user_id` tinyint NOT NULL ,
103
+ `mo2f_1stfactor_status` mediumtext NOT NULL ,
104
+ `mo_2factor_login_status` mediumtext NOT NULL ,
105
+ `mo2f_transactionId` mediumtext NOT NULL ,
106
+ `mo_2_factor_kba_questions` longtext NOT NULL ,
107
+ `mo2f_rba_status` longtext NOT NULL ,
108
+ `secret_ga` mediumtext NOT NULL,
109
+ `ga_qrCode` mediumtext NOT NULL,
110
+ `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
111
+ PRIMARY KEY (`session_id`(100)));";
112
+
113
+ dbDelta( $sql );
114
+ }
115
+
116
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
117
+
118
+ if ( ! $check_if_column_exists ) {
119
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
120
+ $this->execute_add_column( $query );
121
+
122
+ }
123
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "secret_ga" );
124
+
125
+ if ( ! $check_if_column_exists ) {
126
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `secret_ga` mediumtext NOT NULL";
127
+ $this->execute_add_column( $query );
128
+
129
+ }
130
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "ga_qrCode" );
131
+
132
+ if ( ! $check_if_column_exists ) {
133
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `ga_qrCode` mediumtext NOT NULL";
134
+ $this->execute_add_column( $query );
135
+
136
+ }
137
+
138
+ }
139
+ function get_current_user_email($id)
140
+ {
141
+ global $wpdb;
142
+ $sql = 'select user_email from wp_users where ID='.$id.';';
143
+ return $wpdb->get_var($sql);
144
+ }
145
+ function database_table_issue(){
146
+
147
+ global $wpdb;
148
+ $tableName = $this->userLoginInfoTable;
149
+
150
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
151
+
152
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
153
+ `session_id` mediumtext NOT NULL,
154
+ `mo2f_login_message` mediumtext NOT NULL ,
155
+ `mo2f_current_user_id` tinyint NOT NULL ,
156
+ `mo2f_1stfactor_status` mediumtext NOT NULL ,
157
+ `mo_2factor_login_status` mediumtext NOT NULL ,
158
+ `mo2f_transactionId` mediumtext NOT NULL ,
159
+ `mo_2_factor_kba_questions` longtext NOT NULL ,
160
+ `mo2f_rba_status` longtext NOT NULL ,
161
+ `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
162
+ PRIMARY KEY (`session_id`(100)));";
163
+ dbDelta( $sql );
164
+ }
165
+
166
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
167
+
168
+ if ( ! $check_if_column_exists ) {
169
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
170
+ $this->execute_add_column( $query );
171
+
172
+ }
173
+
174
+ }
175
+
176
+
177
+ function insert_user( $user_id ) {
178
+ global $wpdb;
179
+ $sql = "INSERT INTO $this->userDetailsTable (user_id) VALUES($user_id) ON DUPLICATE KEY UPDATE user_id=$user_id";
180
+ $wpdb->query( $sql );
181
+ }
182
+
183
+ function drop_table( $table_name ) {
184
+ global $wpdb;
185
+ $sql = "DROP TABLE $table_name";
186
+ $wpdb->query( $sql );
187
+ }
188
+
189
+
190
+ function get_user_detail( $column_name, $user_id ) {
191
+ global $wpdb;
192
+ $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userDetailsTable . " WHERE user_id = " . $user_id . ";" );
193
+ $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
194
+
195
+ return $value == '' ? '' : $value[ $column_name ];
196
+ }
197
+
198
+ function delete_user_details( $user_id ) {
199
+ global $wpdb;
200
+ $wpdb->query(
201
+ "DELETE FROM " . $this->userDetailsTable . "
202
+ WHERE user_id = " . $user_id
203
+ );
204
+
205
+ return;
206
+ }
207
+ function get_no_of_2fa_users() {
208
+ global $wpdb;
209
+ $count=$wpdb->query(
210
+ "SELECT * FROM ". $this->userDetailsTable
211
+ );
212
+ return $count;
213
+ }
214
+
215
+ function get_all_user_2fa_methods() {
216
+ global $wpdb;
217
+ $all_methods = [];
218
+ $methods=$wpdb->get_results(
219
+ "SELECT `mo2f_configured_2FA_method` FROM ". $this->userDetailsTable,ARRAY_A
220
+ );
221
+ foreach($methods as $method){
222
+ array_push($all_methods,$method['mo2f_configured_2FA_method']);
223
+ }
224
+ return implode(',',$all_methods);
225
+ }
226
+
227
+ function check_if_table_exists( ) {
228
+ global $wpdb;
229
+ $does_table_exist= $wpdb->query(
230
+ "SHOW TABLES LIKE '" . $this->userDetailsTable . "';"
231
+ );
232
+
233
+ return $does_table_exist;
234
+ }
235
+
236
+ function check_if_user_column_exists($user_id){
237
+ global $wpdb;
238
+ $value = $wpdb->query(
239
+ "SELECT * FROM " . $this->userDetailsTable . "
240
+ WHERE user_id = " . $user_id
241
+ );
242
+
243
+ return $value;
244
+
245
+ }
246
+
247
+ function check_if_column_exists( $table_type, $column_name ){
248
+
249
+ if($table_type == "user_login_info_table")
250
+ $table = $this->userLoginInfoTable;
251
+ else if($table_type == "mo2f_user_details")
252
+ $table = $this->userDetailsTable;
253
+ global $wpdb;
254
+ $sql="SHOW COLUMNS FROM " . $table . "
255
+ LIKE '" . $column_name . "'";
256
+ $value = $wpdb->query($sql);
257
+
258
+ return $value;
259
+
260
+ }
261
+
262
+ function update_user_details( $user_id, $update ) {
263
+ global $wpdb;
264
+ $count = count( $update );
265
+ $sql = "UPDATE " . $this->userDetailsTable . " SET ";
266
+ $i = 1;
267
+ foreach ( $update as $key => $value ) {
268
+
269
+ $sql .= $key . "='" . $value . "'";
270
+ if ( $i < $count ) {
271
+ $sql .= ' , ';
272
+ }
273
+ $i ++;
274
+ }
275
+ $sql .= " WHERE user_id=" . $user_id . ";";
276
+ $wpdb->query( $sql );
277
+
278
+ return;
279
+
280
+ }
281
+
282
+ function insert_user_login_session( $session_id ) {
283
+ global $wpdb;
284
+ $sql = "INSERT INTO $this->userLoginInfoTable (session_id) VALUES('$session_id') ON DUPLICATE KEY UPDATE session_id='$session_id'";
285
+
286
+ $wpdb->query( $sql );
287
+ $sql = "DELETE FROM $this->userLoginInfoTable WHERE ts_created < DATE_ADD(NOW(),INTERVAL - 2 MINUTE);";
288
+ $wpdb->query( $sql );
289
+ }
290
+
291
+ function save_user_login_details( $session_id, $user_values ) {
292
+ global $wpdb;
293
+ $count = count( $user_values );
294
+ $sql = "UPDATE " . $this->userLoginInfoTable . " SET ";
295
+ $i = 1;
296
+ foreach ( $user_values as $key => $value ) {
297
+
298
+ $sql .= $key . "='" . $value . "'";
299
+ if ( $i < $count ) {
300
+ $sql .= ' , ';
301
+ }
302
+ $i ++;
303
+ }
304
+ $sql .= " WHERE session_id='" . $session_id . "';";
305
+ $wpdb->query( $sql );
306
+
307
+ return;
308
+
309
+ }
310
+
311
+ function execute_add_column ( $query ){
312
+ global $wpdb;
313
+ $wpdb->query( $query );
314
+
315
+ return;
316
+ }
317
+
318
+ function get_user_login_details( $column_name, $session_id ) {
319
+ global $wpdb;
320
+ $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userLoginInfoTable . " WHERE session_id = '" . $session_id . "';" );
321
+ $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
322
+
323
+ return $value == '' ? '' : $value[ $column_name ];
324
+ }
325
+
326
+ function delete_user_login_sessions($session_id ) {
327
+ global $wpdb;
328
+ $wpdb->query(
329
+ "DELETE FROM " . $this->userLoginInfoTable . "
330
+ WHERE session_id='$session_id';"
331
+ );
332
+
333
+ return;
334
+ }
335
+ function check_user_limit_exceeded($user_id){
336
+
337
+ global $wpdb;
338
+ $value = $wpdb->query(
339
+ "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
340
+ WHERE meta_key = 'currentMethod'"
341
+ );
342
+
343
+ $user_already_configured = $wpdb->query(
344
+ "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
345
+ WHERE meta_key = 'currentMethod' and user_id =".$user_id);
346
+
347
+ if($value < 3 || $user_already_configured){
348
+ return false;
349
+ }
350
+ else{
351
+ return true;
352
+ }
353
+ }
354
+ function check_alluser_limit_exceeded($user_id){
355
+
356
+ global $wpdb;
357
+ $value = $wpdb->query(
358
+ "SELECT * FROM ".$this->userDetailsTable
359
+ );
360
+ $user_already_configured = $wpdb->query(
361
+ "SELECT * FROM ".$this->userDetailsTable ." WHERE user_id =".$user_id );
362
+
363
+ if($value < 3 || $user_already_configured){
364
+ return false;
365
+ }
366
+ else{
367
+ return true;
368
+ }
369
+ }
370
+
371
+ function get_all_onprem_userids(){
372
+
373
+ global $wpdb;
374
+ $value = $wpdb->get_results(
375
+ "SELECT * FROM ".$wpdb->base_prefix ."usermeta
376
+ WHERE meta_key = 'currentMethod'"
377
+ );
378
+
379
+
380
+ foreach ($value as $row){
381
+
382
+ if(isset($row->user_id)){
383
+
384
+ $this->insert_user( $row->user_id);
385
+
386
+ $this->update_user_details( $row->user_id,
387
+ array(
388
+ 'mo2f_GoogleAuthenticator_config_status' => get_user_meta($row->user_id,'Google Authenticator',true),
389
+ 'mo2f_SecurityQuestions_config_status' => get_user_meta($row->user_id,'Security Questions',true),
390
+ 'mo2f_EmailVerification_config_status' => get_user_meta($row->user_id,'Email Verification',true),
391
+ 'mo2f_AuthyAuthenticator_config_status' =>0,
392
+ 'mo2f_user_email' => get_user_meta($row->user_id,'email',true),
393
+ 'mo2f_user_phone' => '',
394
+ 'user_registration_with_miniorange' => '',
395
+ 'mobile_registration_status' => '',
396
+ 'mo2f_configured_2FA_method' => get_user_meta($row->user_id,'currentMethod',true),
397
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
398
+ ) );
399
+ }
400
+ }
401
+ }
402
+
403
+ }
handler/WAF/database/mo-waf-db-common.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
- function retrivefullname($name)
3
- {
4
-
5
- switch ($name) {
6
- case 'XSS':
7
- return 'Cross-site Scripting';
8
- case 'SQL':
9
- return 'SQL injection';
10
- case 'RCE':
11
- return 'Remote Code Execution';
12
- case 'LFI':
13
- return 'Local File Inclusion';
14
- case 'RFI':
15
- return 'Remote File Inclusion';
16
- case 'RLE':
17
- return 'Rate limiting Exceeded';
18
- case 'RLECrawler':
19
- return 'Rate limit Exceeded for crawler';
20
- default:
21
- return $name;
22
-
23
- }
24
-
25
  }
1
+ <?php
2
+ function retrivefullname($name)
3
+ {
4
+
5
+ switch ($name) {
6
+ case 'XSS':
7
+ return 'Cross-site Scripting';
8
+ case 'SQL':
9
+ return 'SQL injection';
10
+ case 'RCE':
11
+ return 'Remote Code Execution';
12
+ case 'LFI':
13
+ return 'Local File Inclusion';
14
+ case 'RFI':
15
+ return 'Remote File Inclusion';
16
+ case 'RLE':
17
+ return 'Rate limiting Exceeded';
18
+ case 'RLECrawler':
19
+ return 'Rate limit Exceeded for crawler';
20
+ default:
21
+ return $name;
22
+
23
+ }
24
+
25
  }
handler/WAF/database/mo-waf-db.php CHANGED
@@ -1,249 +1,249 @@
1
- <?php
2
- global $dbcon,$prefix;
3
- include_once('mo-waf-db-common.php');
4
- function mo_wpns_log_attack($ipaddress,$value1,$value)
5
- {
6
- global $prefix,$dbcon;
7
- $value = htmlspecialchars($value);
8
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
9
- $results = mysqli_query($dbcon,$query);
10
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
11
- $results = mysqli_query($dbcon,$query);
12
- $rows = mysqli_fetch_array($results);
13
- return $rows['count(*)'];
14
- }
15
- function mo_wpns_setting_file()
16
- {
17
- global $prefix,$dbcon;
18
- $dir_name = dirname(__FILE__);
19
- $dir_name1 = explode('wp-content', $dir_name);
20
- $dir_name = $dir_name1[0];
21
- $filepath = str_replace('\\', '/', $dir_name1[0]);
22
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
23
- $missingFile = 0;
24
- if(!file_exists($fileName))
25
- {
26
- $missingFile = 1;
27
- }
28
- if($missingFile==1)
29
- {
30
- $file = fopen($fileName, "a+");
31
- $string = "<?php".PHP_EOL;
32
-
33
- $sqlInjection = mo_wpns_get_option_value("SQLInjection");
34
- $string .= '$SQL='.$sqlInjection.';'.PHP_EOL;
35
-
36
- $XSSAttack = mo_wpns_get_option_value("XSSAttack");
37
- $string .= '$XSS='.$XSSAttack.';'.PHP_EOL;
38
-
39
- $RFIAttack = mo_wpns_get_option_value("RFIAttack");
40
- $string .= '$RFI='.$RFIAttack.';'.PHP_EOL;
41
-
42
- $LFIAttack = mo_wpns_get_option_value("LFIAttack");
43
- $string .= '$LFI='.$LFIAttack.';'.PHP_EOL;
44
-
45
- $RCEAttack = mo_wpns_get_option_value("RCEAttack");
46
- $string .= '$RCE='.$RCEAttack.';'.PHP_EOL;
47
-
48
- $Rate_limiting = mo_wpns_get_option_value("Rate_limiting");
49
- if($Rate_limiting!='')
50
- $string .= '$RateLimiting='.$Rate_limiting.';'.PHP_EOL;
51
- else
52
- $string .= '$RateLimiting=0;'.PHP_EOL;
53
-
54
- $Rate_request = mo_wpns_get_option_value("Rate_request");
55
- if($Rate_request!='')
56
- $string .= '$RequestsPMin='.$Rate_request.';'.PHP_EOL;
57
- else
58
- $string .= '$RequestsPMin=0;'.PHP_EOL;
59
-
60
- $actionRateL = mo_wpns_get_option_value("actionRateL");
61
- if($actionRateL==1)
62
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
63
- else
64
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
65
-
66
- $string .= '?>'.PHP_EOL;
67
- fwrite($file, $string);
68
- fclose($file);
69
-
70
- return $fileName;
71
- }
72
- return "notMissing";
73
- }
74
- function mo_wpns_is_ip_whitelisted($ipaddress)
75
- {
76
- global $dbcon,$prefix;
77
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
78
- $results = mysqli_query($dbcon,$query);
79
- if($results)
80
- {
81
- $row = mysqli_fetch_array($results);
82
- if(is_null($row))
83
- {
84
- return false;
85
- }
86
- else
87
- {
88
- return true;
89
- }
90
- }
91
- return false;
92
- }
93
- function mo_wpns_is_ip_blocked($ipaddress)
94
- {
95
- global $dbcon,$prefix;
96
- $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
97
- $results = mysqli_query($dbcon,$query);
98
- if($results)
99
- {
100
- $row = mysqli_fetch_array($results);
101
- if(is_null($row))
102
- {
103
- return false;
104
- }
105
- else
106
- {
107
- return true;
108
- }
109
- }
110
- return false;
111
- }
112
- function mo_wpns_block_ip($ipaddress,$reason)
113
- {
114
- global $dbcon, $prefix;
115
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','".$reason."',NULL,".time().");";
116
- $results = mysqli_query($dbcon,$query);
117
- }
118
- function mo_wpns_dbconnection()
119
- {
120
- global $dbcon,$prefix;
121
- $dir = dirname(__FILE__);
122
- $dir = str_replace('\\', "/", $dir);
123
- $dir_name = explode('wp-content', $dir);
124
- $file = file_get_contents($dir_name[0].'wp-config.php');
125
- $content = explode("\n", $file);
126
- $len = sizeof($content);
127
- $Ismultisite = 0;
128
- $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
129
-
130
- $prefix = 'wp_';
131
-
132
- for($i=0;$i<$len;$i++)
133
- {
134
-
135
- if(preg_match("/define/", $content[$i]))
136
- {
137
- $cont = explode(",", $content[$i]);
138
- $string = str_replace(array('define(',' ','\''), '', $cont[0]);
139
- switch ($string) {
140
- case "DB_NAME":
141
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
142
- $res = preg_replace('/\s/', '', $res);
143
- $dbD['DB_NAME'] = $res;
144
- break;
145
- case 'DB_USER':
146
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
147
- $res = preg_replace('/\s/', '', $res);
148
- $dbD['DB_USER'] = $res;
149
- break;
150
- case "DB_PASSWORD":
151
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
152
- $res = preg_replace('/\s/', '', $res);
153
- $dbD['DB_PASSWORD'] = $res;
154
- break;
155
- case 'DB_HOST':
156
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
157
- $res = preg_replace('/\s/', '', $res);
158
- $dbD['DB_HOST'] = $res;
159
- break;
160
- case "DB_CHARSET":
161
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
162
- $res = preg_replace('/\s/', '', $res);
163
- $dbD['DB_CHARSET'] = $res;
164
- break;
165
- case 'DB_COLLATE':
166
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
167
- $res = preg_replace('/\s/', '', $res);
168
- $dbD['DB_COLLATE'] = $res;
169
- break;
170
- default:
171
-
172
- break;
173
- }
174
- }
175
- if(preg_match('/\$table_prefix/', $content[$i]))
176
- {
177
- $cont = explode("'", $content[$i]);
178
-
179
- $prefix = $cont['1'];
180
- }
181
- }
182
- $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
183
- if(!$dbcon)
184
- {
185
- echo "database connection error";
186
- exit;
187
- }
188
- $connection = mysqli_select_db($dbcon,$dbD['DB_NAME']);
189
- return $connection;
190
- }
191
- function mo_wpns_get_option_value($option)
192
- {
193
- global $dbcon,$prefix;
194
- $query = 'select option_value from '.$prefix.'options where option_name ="'.$option.'";';
195
- $results = mysqli_query($dbcon,$query);
196
- if($results)
197
- {
198
- $rows = mysqli_fetch_array($results);
199
- if(isset($rows)&&(!is_null($rows['option_value'])))
200
- {
201
- $option_value = intval($rows['option_value']);
202
- return $option_value;
203
- }
204
- }
205
- return '';
206
- }
207
-
208
- function mo_wpns_getRLEattack($ipaddress)
209
- {
210
- global $dbcon,$prefix;
211
- $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' and type = 'RLE' ORDER BY time DESC LIMIT 1;";
212
- $results = mysqli_query($dbcon,$query);
213
- if($results)
214
- {
215
- $results = mysqli_fetch_array($results);
216
- return $results['time'];
217
- }
218
- return 0;
219
- }
220
- function mo_wpns_CheckRate($ipaddress)
221
- {
222
- global $dbcon,$prefix;
223
- $time = 60;
224
- mo_wpns_clearRate($time);
225
- mo_wpns_insertRate($ipaddress);
226
- $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
227
- $results = mysqli_query($dbcon,$query);
228
-
229
- if($results)
230
- {
231
- $row = mysqli_fetch_array($results);
232
- return $row['count(*)'];
233
- }
234
- return 0;
235
- }
236
- function mo_wpns_clearRate($time)
237
- {
238
- global $dbcon,$prefix;
239
- $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
240
- $results = mysqli_query($dbcon,$query);
241
- }
242
- function mo_wpns_insertRate($ipaddress)
243
- {
244
- global $dbcon,$prefix;
245
- $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
- $results = mysqli_query($dbcon,$query);
247
- }
248
-
249
  ?>
1
+ <?php
2
+ global $dbcon,$prefix;
3
+ include_once('mo-waf-db-common.php');
4
+ function mo_wpns_log_attack($ipaddress,$value1,$value)
5
+ {
6
+ global $prefix,$dbcon;
7
+ $value = htmlspecialchars($value);
8
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
9
+ $results = mysqli_query($dbcon,$query);
10
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
11
+ $results = mysqli_query($dbcon,$query);
12
+ $rows = mysqli_fetch_array($results);
13
+ return $rows['count(*)'];
14
+ }
15
+ function mo_wpns_setting_file()
16
+ {
17
+ global $prefix,$dbcon;
18
+ $dir_name = dirname(__FILE__);
19
+ $dir_name1 = explode('wp-content', $dir_name);
20
+ $dir_name = $dir_name1[0];
21
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
22
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
23
+ $missingFile = 0;
24
+ if(!file_exists($fileName))
25
+ {
26
+ $missingFile = 1;
27
+ }
28
+ if($missingFile==1)
29
+ {
30
+ $file = fopen($fileName, "a+");
31
+ $string = "<?php".PHP_EOL;
32
+
33
+ $sqlInjection = mo_wpns_get_option_value("SQLInjection");
34
+ $string .= '$SQL='.$sqlInjection.';'.PHP_EOL;
35
+
36
+ $XSSAttack = mo_wpns_get_option_value("XSSAttack");
37
+ $string .= '$XSS='.$XSSAttack.';'.PHP_EOL;
38
+
39
+ $RFIAttack = mo_wpns_get_option_value("RFIAttack");
40
+ $string .= '$RFI='.$RFIAttack.';'.PHP_EOL;
41
+
42
+ $LFIAttack = mo_wpns_get_option_value("LFIAttack");
43
+ $string .= '$LFI='.$LFIAttack.';'.PHP_EOL;
44
+
45
+ $RCEAttack = mo_wpns_get_option_value("RCEAttack");
46
+ $string .= '$RCE='.$RCEAttack.';'.PHP_EOL;
47
+
48
+ $Rate_limiting = mo_wpns_get_option_value("Rate_limiting");
49
+ if($Rate_limiting!='')
50
+ $string .= '$RateLimiting='.$Rate_limiting.';'.PHP_EOL;
51
+ else
52
+ $string .= '$RateLimiting=0;'.PHP_EOL;
53
+
54
+ $Rate_request = mo_wpns_get_option_value("Rate_request");
55
+ if($Rate_request!='')
56
+ $string .= '$RequestsPMin='.$Rate_request.';'.PHP_EOL;
57
+ else
58
+ $string .= '$RequestsPMin=0;'.PHP_EOL;
59
+
60
+ $actionRateL = mo_wpns_get_option_value("actionRateL");
61
+ if($actionRateL==1)
62
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
63
+ else
64
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
65
+
66
+ $string .= '?>'.PHP_EOL;
67
+ fwrite($file, $string);
68
+ fclose($file);
69
+
70
+ return $fileName;
71
+ }
72
+ return "notMissing";
73
+ }
74
+ function mo_wpns_is_ip_whitelisted($ipaddress)
75
+ {
76
+ global $dbcon,$prefix;
77
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
78
+ $results = mysqli_query($dbcon,$query);
79
+ if($results)
80
+ {
81
+ $row = mysqli_fetch_array($results);
82
+ if(is_null($row))
83
+ {
84
+ return false;
85
+ }
86
+ else
87
+ {
88
+ return true;
89
+ }
90
+ }
91
+ return false;
92
+ }
93
+ function mo_wpns_is_ip_blocked($ipaddress)
94
+ {
95
+ global $dbcon,$prefix;
96
+ $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
97
+ $results = mysqli_query($dbcon,$query);
98
+ if($results)
99
+ {
100
+ $row = mysqli_fetch_array($results);
101
+ if(is_null($row))
102
+ {
103
+ return false;
104
+ }
105
+ else
106
+ {
107
+ return true;
108
+ }
109
+ }
110
+ return false;
111
+ }
112
+ function mo_wpns_block_ip($ipaddress,$reason)
113
+ {
114
+ global $dbcon, $prefix;
115
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','".$reason."',NULL,".time().");";
116
+ $results = mysqli_query($dbcon,$query);
117
+ }
118
+ function mo_wpns_dbconnection()
119
+ {
120
+ global $dbcon,$prefix;
121
+ $dir = dirname(__FILE__);
122
+ $dir = str_replace('\\', "/", $dir);
123
+ $dir_name = explode('wp-content', $dir);
124
+ $file = file_get_contents($dir_name[0].'wp-config.php');
125
+ $content = explode("\n", $file);
126
+ $len = sizeof($content);
127
+ $Ismultisite = 0;
128
+ $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
129
+
130
+ $prefix = 'wp_';
131
+
132
+ for($i=0;$i<$len;$i++)
133
+ {
134
+
135
+ if(preg_match("/define/", $content[$i]))
136
+ {
137
+ $cont = explode(",", $content[$i]);
138
+ $string = str_replace(array('define(',' ','\''), '', $cont[0]);
139
+ switch ($string) {
140
+ case "DB_NAME":
141
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
142
+ $res = preg_replace('/\s/', '', $res);
143
+ $dbD['DB_NAME'] = $res;
144
+ break;
145
+ case 'DB_USER':
146
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
147
+ $res = preg_replace('/\s/', '', $res);
148
+ $dbD['DB_USER'] = $res;
149
+ break;
150
+ case "DB_PASSWORD":
151
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
152
+ $res = preg_replace('/\s/', '', $res);
153
+ $dbD['DB_PASSWORD'] = $res;
154
+ break;
155
+ case 'DB_HOST':
156
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
157
+ $res = preg_replace('/\s/', '', $res);
158
+ $dbD['DB_HOST'] = $res;
159
+ break;
160
+ case "DB_CHARSET":
161
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
162
+ $res = preg_replace('/\s/', '', $res);
163
+ $dbD['DB_CHARSET'] = $res;
164
+ break;
165
+ case 'DB_COLLATE':
166
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
167
+ $res = preg_replace('/\s/', '', $res);
168
+ $dbD['DB_COLLATE'] = $res;
169
+ break;
170
+ default:
171
+
172
+ break;
173
+ }
174
+ }
175
+ if(preg_match('/\$table_prefix/', $content[$i]))
176
+ {
177
+ $cont = explode("'", $content[$i]);
178
+
179
+ $prefix = $cont['1'];
180
+ }
181
+ }
182
+ $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
183
+ if(!$dbcon)
184
+ {
185
+ echo "database connection error";
186
+ exit;
187
+ }
188
+ $connection = mysqli_select_db($dbcon,$dbD['DB_NAME']);
189
+ return $connection;
190
+ }
191
+ function mo_wpns_get_option_value($option)
192
+ {
193
+ global $dbcon,$prefix;
194
+ $query = 'select option_value from '.$prefix.'options where option_name ="'.$option.'";';
195
+ $results = mysqli_query($dbcon,$query);
196
+ if($results)
197
+ {
198
+ $rows = mysqli_fetch_array($results);
199
+ if(isset($rows)&&(!is_null($rows['option_value'])))
200
+ {
201
+ $option_value = intval($rows['option_value']);
202
+ return $option_value;
203
+ }
204
+ }
205
+ return '';
206
+ }
207
+
208
+ function mo_wpns_getRLEattack($ipaddress)
209
+ {
210
+ global $dbcon,$prefix;
211
+ $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' and type = 'RLE' ORDER BY time DESC LIMIT 1;";
212
+ $results = mysqli_query($dbcon,$query);
213
+ if($results)
214
+ {
215
+ $results = mysqli_fetch_array($results);
216
+ return $results['time'];
217
+ }
218
+ return 0;
219
+ }
220
+ function mo_wpns_CheckRate($ipaddress)
221
+ {
222
+ global $dbcon,$prefix;
223
+ $time = 60;
224
+ mo_wpns_clearRate($time);
225
+ mo_wpns_insertRate($ipaddress);
226
+ $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
227
+ $results = mysqli_query($dbcon,$query);
228
+
229
+ if($results)
230
+ {
231
+ $row = mysqli_fetch_array($results);
232
+ return $row['count(*)'];
233
+ }
234
+ return 0;
235
+ }
236
+ function mo_wpns_clearRate($time)
237
+ {
238
+ global $dbcon,$prefix;
239
+ $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
240
+ $results = mysqli_query($dbcon,$query);
241
+ }
242
+ function mo_wpns_insertRate($ipaddress)
243
+ {
244
+ global $dbcon,$prefix;
245
+ $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
+ $results = mysqli_query($dbcon,$query);
247
+ }
248
+
249
  ?>
handler/WAF/database/mo-waf-plugin-db.php CHANGED
@@ -1,91 +1,91 @@
1
- <?php
2
-
3
- include_once('mo-waf-db-common.php');
4
- function mo_wpns_setting_file()
5
- {
6
- global $prefix,$dbcon;
7
- $dir_name = dirname(__FILE__);
8
- $dir_name1 = explode('wp-content', $dir_name);
9
- $dir_name = $dir_name1[0];
10
- $filepath = str_replace('\\', '/', $dir_name1[0]);
11
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
- $missingFile = 0;
13
- if(!file_exists($fileName))
14
- {
15
- $missingFile = 1;
16
- }
17
- if($missingFile==1)
18
- {
19
- $file = fopen($fileName, "a+");
20
- $string = "<?php".PHP_EOL;
21
- $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
- $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
- $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
- $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
- $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
- $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
- $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
-
29
- if(get_option('actionRateL') == 0)
30
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
- else
32
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
-
34
- $string .= '?>'.PHP_EOL;
35
- fwrite($file, $string);
36
- fclose($file);
37
- return $fileName;
38
- }
39
- return "notMissing";
40
-
41
- }
42
-
43
- function mo_wpns_getRLEAttack($ipaddress)
44
- {
45
- global $wpdb;
46
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
- $results = $wpdb->get_results($query);
48
- return $results[0]->time;
49
- }
50
- function mo_wpns_log_attack($ipaddress,$value1,$value)
51
- {
52
- global $wpdb;
53
- $value = htmlspecialchars($value);
54
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
- $results = $wpdb->get_results($query);
56
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
- $results = $wpdb->get_results($query);
58
- return $results[0]->count;
59
- }
60
-
61
-
62
- function mo_wpns_CheckRate($ipaddress)
63
- {
64
- global $wpdb;
65
- $time = 60;
66
- mo_wpns_clearRate($time);
67
- mo_wpns_insertRate($ipaddress);
68
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
- $results = $wpdb->get_results($query);
70
-
71
- if(isset($results[0]->count))
72
- {
73
- return $results[0]->count;
74
- }
75
- return 0;
76
-
77
- }
78
- function mo_wpns_clearRate($time)
79
- {
80
- global $wpdb;
81
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
- $results = $wpdb->get_results($query);
83
- }
84
- function mo_wpns_insertRate($ipaddress)
85
- {
86
- global $wpdb;
87
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
- $results = $wpdb->get_results($query);
89
- }
90
-
91
  ?>
1
+ <?php
2
+
3
+ include_once('mo-waf-db-common.php');
4
+ function mo_wpns_setting_file()
5
+ {
6
+ global $prefix,$dbcon;
7
+ $dir_name = dirname(__FILE__);
8
+ $dir_name1 = explode('wp-content', $dir_name);
9
+ $dir_name = $dir_name1[0];
10
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
11
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
+ $missingFile = 0;
13
+ if(!file_exists($fileName))
14
+ {
15
+ $missingFile = 1;
16
+ }
17
+ if($missingFile==1)
18
+ {
19
+ $file = fopen($fileName, "a+");
20
+ $string = "<?php".PHP_EOL;
21
+ $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
+ $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
+ $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
+ $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
+ $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
+ $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
+ $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
+
29
+ if(get_option('actionRateL') == 0)
30
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
+ else
32
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
+
34
+ $string .= '?>'.PHP_EOL;
35
+ fwrite($file, $string);
36
+ fclose($file);
37
+ return $fileName;
38
+ }
39
+ return "notMissing";
40
+
41
+ }
42
+
43
+ function mo_wpns_getRLEAttack($ipaddress)
44
+ {
45
+ global $wpdb;
46
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
+ $results = $wpdb->get_results($query);
48
+ return $results[0]->time;
49
+ }
50
+ function mo_wpns_log_attack($ipaddress,$value1,$value)
51
+ {
52
+ global $wpdb;
53
+ $value = htmlspecialchars($value);
54
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
+ $results = $wpdb->get_results($query);
56
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
+ $results = $wpdb->get_results($query);
58
+ return $results[0]->count;
59
+ }
60
+
61
+
62
+ function mo_wpns_CheckRate($ipaddress)
63
+ {
64
+ global $wpdb;
65
+ $time = 60;
66
+ mo_wpns_clearRate($time);
67
+ mo_wpns_insertRate($ipaddress);
68
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
+ $results = $wpdb->get_results($query);
70
+
71
+ if(isset($results[0]->count))
72
+ {
73
+ return $results[0]->count;
74
+ }
75
+ return 0;
76
+
77
+ }
78
+ function mo_wpns_clearRate($time)
79
+ {
80
+ global $wpdb;
81
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
+ $results = $wpdb->get_results($query);
83
+ }
84
+ function mo_wpns_insertRate($ipaddress)
85
+ {
86
+ global $wpdb;
87
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
+ $results = $wpdb->get_results($query);
89
+ }
90
+
91
  ?>
handler/WAF/mo-waf-plugin.php CHANGED
@@ -1,212 +1,212 @@
1
- <?php
2
-
3
- $dir = dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $dir = explode('handler', $dir);
6
- $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
- $pluginU = $dir[0].'helper/pluginUtility.php';
8
- $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
- $errorPage = $dir[0].'handler/mo-error.html';
10
- $blockPage = $dir[0].'handler/mo-block.html';
11
-
12
- include_once($wafInclude);
13
- include_once($pluginU);
14
- include_once($wafDB);
15
-
16
-
17
- global $wpdb,$mowpnshandle;
18
- $mowpnshandle = new MoWpnsHandler();
19
- $ipaddress = get_ipaddress();
20
- $ipaddress = sanitize_text_field($ipaddress);
21
- if($mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
22
- {
23
- if(!$mowpnshandle->is_whitelisted($ipaddress))
24
- {
25
- header('HTTP/1.1 403 Forbidden');
26
- include_once($blockPage);
27
- exit;
28
- }
29
- }
30
- $fileName = mo_wpns_setting_file();
31
- if($fileName != "notMissing")
32
- {
33
- include_once($fileName);
34
- }
35
- if(isset($RateLimiting) and $RateLimiting == 1)
36
- {
37
- if(!is_crawler())
38
- {
39
- mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
- }
41
- }
42
- if(isset($RateLimitingCrawler))
43
- {
44
- if($RateLimitingCrawler == 1)
45
- {
46
- if(is_crawler())
47
- {
48
- if(is_fake_googlebot($ipaddress))
49
- {
50
- header('HTTP/1.1 403 Forbidden');
51
- include_once($errorPage);
52
- exit;
53
- }
54
- if($RateLimitingCrawler == '1')
55
- {
56
- mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
- }
58
-
59
- }
60
- }
61
- }
62
- $attack = array();
63
- if(isset($SQL) )
64
- {
65
- if($SQL==1)
66
- array_push($attack,"SQL");
67
- }
68
- if(isset($XSS) )
69
- {
70
- if( $XSS==1)
71
- array_push($attack,"XSS");
72
- }
73
- if(isset($LFI))
74
- {
75
- if($LFI==1)
76
- array_push($attack,"LFI");
77
- }
78
-
79
- $attackC = $attack;
80
- $ParanoiaLevel = 1;
81
- $annomalyS = 0;
82
- $SQLScore = 0;
83
- $XSSScore = 0;
84
- $limitAttack = get_option('limitAttack');
85
-
86
-
87
- foreach ($attackC as $key1 => $value1)
88
- {
89
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
90
- {
91
- if(isset($regex[$value1][$lev]))
92
- { $ooo = 0;
93
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
94
- {
95
- foreach ($_REQUEST as $key => $value) {
96
-
97
- if($regex[$value1][$lev][$i] != "")
98
- {
99
- if(is_string($value))
100
- {
101
- if(preg_match($regex[$value1][$lev][$i], $value))
102
- {
103
-
104
- if($value1 == "SQL")
105
- {
106
- $SQLScore += $score[$value1][$lev][$i];
107
- }
108
- elseif ($value1 == "XSS")
109
- {
110
- $XSSScore += $score[$value1][$lev][$i];
111
- }
112
- else
113
- {
114
- $annomalyS += $score[$value1][$lev][$i];
115
- }
116
-
117
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
118
- {
119
- $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
120
- if($attackCount>$limitAttack)
121
- {
122
- if(!$mowpnshandle->is_whitelisted($ipaddress))
123
- {
124
- if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
125
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
- }
127
- }
128
-
129
- header('HTTP/1.1 403 Forbidden');
130
- include_once($errorPage);
131
- exit;
132
- }
133
- }
134
- }
135
- }
136
- }
137
- }
138
- }
139
- }
140
- }
141
-
142
- function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
- {
144
- global $wpdb,$mowpnshandle;
145
- $rate = mo_wpns_CheckRate($ipaddress);
146
- if($rate>=$reqLimit)
147
- {
148
- $lastAttack = mo_wpns_getRLEAttack($ipaddress)+60;
149
- $current_time = time();
150
- if($lastAttack < $current_time-60)
151
- {
152
- mo_wpns_log_attack($ipaddress,'RLE','RLE');
153
- }
154
- if($action != 'ThrottleIP')
155
- {
156
- if(!$mowpnshandle->is_whitelisted($ipaddress))
157
- {
158
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLE',true);
159
- }
160
- }
161
- header('HTTP/1.1 403 Forbidden');
162
- include_once($errorPage);
163
- exit;
164
- }
165
- }
166
- function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
167
- {
168
- if(file_exists($filename))
169
- {
170
- include($filename);
171
- }
172
- global $wpdb,$mowpnshandle;
173
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
174
- if(isset($RateLimitingCrawler))
175
- {
176
- if($RateLimitingCrawler=='1')
177
- {
178
- if(isset($RequestsPMinCrawler))
179
- {
180
- $reqLimit = $RequestsPMinCrawler;
181
- $rate = mo_wpns_CheckRate($ipaddress);
182
- if($rate>=$reqLimit)
183
- {
184
- $action = $actionRateLCrawler;
185
- $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
- $current_time = time();
187
- if($current_time>$lastAttack && $_SERVER['HTTP_USER_AGENT']!='')
188
- {
189
- mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
- }
191
- if($action != 'ThrottleIP')
192
- {
193
- if(!$mowpnshandle->is_whitelisted($ipaddress))
194
- {
195
- if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
196
- {
197
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLECrawler',true);
198
- }
199
- }
200
- }
201
- header('HTTP/1.1 403 Forbidden');
202
- include_once($errorPage);
203
- exit;
204
- }
205
- }
206
- }
207
- }
208
- }
209
-
210
-
211
-
212
  ?>
1
+ <?php
2
+
3
+ $dir = dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $dir = explode('handler', $dir);
6
+ $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
+ $pluginU = $dir[0].'helper/pluginUtility.php';
8
+ $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
+ $errorPage = $dir[0].'handler/mo-error.html';
10
+ $blockPage = $dir[0].'handler/mo-block.html';
11
+
12
+ include_once($wafInclude);
13
+ include_once($pluginU);
14
+ include_once($wafDB);
15
+
16
+
17
+ global $wpdb,$mowpnshandle;
18
+ $mowpnshandle = new MoWpnsHandler();
19
+ $ipaddress = get_ipaddress();
20
+ $ipaddress = sanitize_text_field($ipaddress);
21
+ if($mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
22
+ {
23
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
24
+ {
25
+ header('HTTP/1.1 403 Forbidden');
26
+ include_once($blockPage);
27
+ exit;
28
+ }
29
+ }
30
+ $fileName = mo_wpns_setting_file();
31
+ if($fileName != "notMissing")
32
+ {
33
+ include_once($fileName);
34
+ }
35
+ if(isset($RateLimiting) and $RateLimiting == 1)
36
+ {
37
+ if(!is_crawler())
38
+ {
39
+ mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
+ }
41
+ }
42
+ if(isset($RateLimitingCrawler))
43
+ {
44
+ if($RateLimitingCrawler == 1)
45
+ {
46
+ if(is_crawler())
47
+ {
48
+ if(is_fake_googlebot($ipaddress))
49
+ {
50
+ header('HTTP/1.1 403 Forbidden');
51
+ include_once($errorPage);
52
+ exit;
53
+ }
54
+ if($RateLimitingCrawler == '1')
55
+ {
56
+ mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
+ }
58
+
59
+ }
60
+ }
61
+ }
62
+ $attack = array();
63
+ if(isset($SQL) )
64
+ {
65
+ if($SQL==1)
66
+ array_push($attack,"SQL");
67
+ }
68
+ if(isset($XSS) )
69
+ {
70
+ if( $XSS==1)
71
+ array_push($attack,"XSS");
72
+ }
73
+ if(isset($LFI))
74
+ {
75
+ if($LFI==1)
76
+ array_push($attack,"LFI");
77
+ }
78
+
79
+ $attackC = $attack;
80
+ $ParanoiaLevel = 1;
81
+ $annomalyS = 0;
82
+ $SQLScore = 0;
83
+ $XSSScore = 0;
84
+ $limitAttack = get_option('limitAttack');
85
+
86
+
87
+ foreach ($attackC as $key1 => $value1)
88
+ {
89
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
90
+ {
91
+ if(isset($regex[$value1][$lev]))
92
+ { $ooo = 0;
93
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
94
+ {
95
+ foreach ($_REQUEST as $key => $value) {
96
+
97
+ if($regex[$value1][$lev][$i] != "")
98
+ {
99
+ if(is_string($value))
100
+ {
101
+ if(preg_match($regex[$value1][$lev][$i], $value))
102
+ {
103
+
104
+ if($value1 == "SQL")
105
+ {
106
+ $SQLScore += $score[$value1][$lev][$i];
107
+ }
108
+ elseif ($value1 == "XSS")
109
+ {
110
+ $XSSScore += $score[$value1][$lev][$i];
111
+ }
112
+ else
113
+ {
114
+ $annomalyS += $score[$value1][$lev][$i];
115
+ }
116
+
117
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
118
+ {
119
+ $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
120
+ if($attackCount>$limitAttack)
121
+ {
122
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
123
+ {
124
+ if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
125
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
+ }
127
+ }
128
+
129
+ header('HTTP/1.1 403 Forbidden');
130
+ include_once($errorPage);
131
+ exit;
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }
137
+ }
138
+ }
139
+ }
140
+ }
141
+
142
+ function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
+ {
144
+ global $wpdb,$mowpnshandle;
145
+ $rate = mo_wpns_CheckRate($ipaddress);
146
+ if($rate>=$reqLimit)
147
+ {
148
+ $lastAttack = mo_wpns_getRLEAttack($ipaddress)+60;
149
+ $current_time = time();
150
+ if($lastAttack < $current_time-60)
151
+ {
152
+ mo_wpns_log_attack($ipaddress,'RLE','RLE');
153
+ }
154
+ if($action != 'ThrottleIP')
155
+ {
156
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
157
+ {
158
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLE',true);
159
+ }
160
+ }
161
+ header('HTTP/1.1 403 Forbidden');
162
+ include_once($errorPage);
163
+ exit;
164
+ }
165
+ }
166
+ function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
167
+ {
168
+ if(file_exists($filename))
169
+ {
170
+ include($filename);
171
+ }
172
+ global $wpdb,$mowpnshandle;
173
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
174
+ if(isset($RateLimitingCrawler))
175
+ {
176
+ if($RateLimitingCrawler=='1')
177
+ {
178
+ if(isset($RequestsPMinCrawler))
179
+ {
180
+ $reqLimit = $RequestsPMinCrawler;
181
+ $rate = mo_wpns_CheckRate($ipaddress);
182
+ if($rate>=$reqLimit)
183
+ {
184
+ $action = $actionRateLCrawler;
185
+ $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
+ $current_time = time();
187
+ if($current_time>$lastAttack && $_SERVER['HTTP_USER_AGENT']!='')
188
+ {
189
+ mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
+ }
191
+ if($action != 'ThrottleIP')
192
+ {
193
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
194
+ {
195
+ if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
196
+ {
197
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLECrawler',true);
198
+ }
199
+ }
200
+ }
201
+ header('HTTP/1.1 403 Forbidden');
202
+ include_once($errorPage);
203
+ exit;
204
+ }
205
+ }
206
+ }
207
+ }
208
+ }
209
+
210
+
211
+
212
  ?>
handler/WAF/waf-include.php CHANGED
@@ -1,92 +1,92 @@
1
- <?php
2
- $dir = dirname(__FILE__);
3
- $dir = str_replace('\\', "/", $dir);
4
- $dir = explode('WAF', $dir);
5
- $dir = $dir[0];
6
- $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
- $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
- $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
- $configfilepath = explode('wp-content', $dir);
10
- $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include_once($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
- function get_ipaddress()
26
- {
27
- $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['REMOTE_ADDR']))
31
- $ipaddress = $_SERVER['REMOTE_ADDR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
- else if(isset($_SERVER['HTTP_FORWARDED']))
39
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
- else
41
- $ipaddress = 'UNKNOWN';
42
-
43
- return $ipaddress;
44
- }
45
- function is_crawler()
46
- {
47
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
48
- $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
- foreach ($Botsign as $key => $value)
50
- {
51
- if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
52
- {
53
- return true;
54
- }
55
- }
56
- return false;
57
- }
58
- function is_fake_googlebot($ipaddress)
59
- {
60
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
61
- if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
62
- {
63
- if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
- {
65
- header('HTTP/1.1 403 Forbidden');
66
- include_once("mo-error.html");
67
- exit;
68
- }
69
- }
70
- }
71
- function is_fake($crawler,$USER_AGENT,$ipaddress)
72
- {
73
- // $hostName = gethostbyaddr($ipaddress);
74
- // $hostIP = gethostbyname($hostName);
75
- // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
- // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
- // for($i = 1 ; $i <= $range_count ; $i++){
78
- // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
- // $rangearray = explode("-",$blockedrange);
80
- // if(sizeof($rangearray)==2){
81
- // $lowip = ip2long(trim($rangearray[0]));
82
- // $highip = ip2long(trim($rangearray[1]));
83
- // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
- // $mo_wpns_config = new MoWpnsHandler();
85
- // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
- // return true;
87
- // }
88
- // }
89
- // }
90
- // return false;
91
- }
92
  ?>
1
+ <?php
2
+ $dir = dirname(__FILE__);
3
+ $dir = str_replace('\\', "/", $dir);
4
+ $dir = explode('WAF', $dir);
5
+ $dir = $dir[0];
6
+ $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
+ $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
+ $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
+ $configfilepath = explode('wp-content', $dir);
10
+ $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include_once($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+ function get_ipaddress()
26
+ {
27
+ $ipaddress = '';
28
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
29
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
+ else if(isset($_SERVER['REMOTE_ADDR']))
31
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
32
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
+ else if(isset($_SERVER['HTTP_FORWARDED']))
39
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
+ else
41
+ $ipaddress = 'UNKNOWN';
42
+
43
+ return $ipaddress;
44
+ }
45
+ function is_crawler()
46
+ {
47
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
48
+ $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
+ foreach ($Botsign as $key => $value)
50
+ {
51
+ if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
52
+ {
53
+ return true;
54
+ }
55
+ }
56
+ return false;
57
+ }
58
+ function is_fake_googlebot($ipaddress)
59
+ {
60
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
61
+ if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
62
+ {
63
+ if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
+ {
65
+ header('HTTP/1.1 403 Forbidden');
66
+ include_once("mo-error.html");
67
+ exit;
68
+ }
69
+ }
70
+ }
71
+ function is_fake($crawler,$USER_AGENT,$ipaddress)
72
+ {
73
+ // $hostName = gethostbyaddr($ipaddress);
74
+ // $hostIP = gethostbyname($hostName);
75
+ // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
+ // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
+ // for($i = 1 ; $i <= $range_count ; $i++){
78
+ // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
+ // $rangearray = explode("-",$blockedrange);
80
+ // if(sizeof($rangearray)==2){
81
+ // $lowip = ip2long(trim($rangearray[0]));
82
+ // $highip = ip2long(trim($rangearray[1]));
83
+ // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
+ // $mo_wpns_config = new MoWpnsHandler();
85
+ // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
+ // return true;
87
+ // }
88
+ // }
89
+ // }
90
+ // return false;
91
+ }
92
  ?>
handler/ajax.php CHANGED
@@ -1,175 +1,175 @@
1
- <?php
2
-
3
- class AjaxHandler
4
- {
5
- function __construct()
6
- {
7
- add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
- }
9
-
10
- function mo_wpns_2fa_actions()
11
- {
12
- global $moWpnsUtility,$mo2f_dirName;
13
-
14
- if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
- {
16
- switch($_REQUEST['option'])
17
- {
18
- case "iplookup":
19
- $this->lookupIP($_GET['ip']); break;
20
-
21
- case "dissmissSMTP":
22
- $this->handle_smtp(); break;
23
- case "whitelistself":
24
- $this->whitelist_self(); break;
25
-
26
- case "dismissplugin":
27
- $this->wpns_plugin_notice(); break;
28
-
29
- case "dismissbackup":
30
- $this->wpns_dismiss_backup_notice(); break;
31
-
32
- case "dismissbruteforce":
33
- $this->wpns_dismiss_bruteforce_notice(); break;
34
-
35
- case "dismissrecaptcha":
36
- $this-> wpns_dismiss_recaptcha_notice(); break;
37
-
38
- case "dismissfirewall":
39
- $this->wpns_dismiss_firewall_notice(); break;
40
-
41
- case "plugin_warning_never_show_again":
42
- $this->wpns_plugin_warning_never_show_again();
43
- break;
44
-
45
- case "dismissSms":
46
- $this->wpns_sms_notice(); break;
47
-
48
- case "dismissEmail":
49
- $this->wpns_email_notice(); break;
50
-
51
- case "dismissSms_always":
52
- $this->wpns_sms_notice_always(); break;
53
-
54
- case "dismissEmail_always":
55
- $this->wpns_email_notice_always(); break;
56
-
57
- case "dismisscodeswarning":
58
- $this->mo2f_backup_codes_dismiss(); break;
59
- }
60
- }
61
- }
62
-
63
- private function lookupIP($ip)
64
- {
65
- $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
66
- $hostname = gethostbyaddr($result["geoplugin_request"]);
67
- try{
68
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
69
- $timeoffset = $timeoffset/3600;
70
-
71
- }catch(Exception $e){
72
- $result["geoplugin_timezone"]="";
73
- $timeoffset="";
74
- }
75
-
76
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
77
- if($result['geoplugin_request']==$ip) {
78
-
79
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
80
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
81
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
82
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
83
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
84
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
85
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
86
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
87
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
88
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
89
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
90
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
91
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
92
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
93
-
94
- $result['ipDetails'] = $ipLookUpTemplate;
95
- }else{
96
- $result["ipDetails"]["status"]="ERROR";
97
- }
98
-
99
- wp_send_json( $result );
100
-
101
- }
102
- private function whitelist_self()
103
- {
104
- global $moWpnsUtility;
105
- $moPluginsUtility = new MoWpnsHandler();
106
- $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
107
- wp_send_json('success');
108
- }
109
-
110
- private function wpns_plugin_notice()
111
- {
112
-
113
- update_site_option('malware_notification_option', 1);
114
- update_site_option('notice_dismiss_time',time());
115
- wp_send_json('success');
116
- }
117
-
118
- function wpns_dismiss_backup_notice(){
119
- update_site_option('backup_notification_option', 1);
120
- update_site_option('notice_dismiss_time',time());
121
- wp_send_json('success');
122
- }
123
-
124
- function wpns_dismiss_bruteforce_notice(){
125
- update_site_option('bruteforce_notification_option', 1);
126
- update_site_option('notice_dismiss_time',time());
127
- wp_send_json('success');
128
- }
129
-
130
- function wpns_dismiss_recaptcha_notice(){
131
- update_site_option('recaptcha_notification_option', 1);
132
- update_site_option('notice_dismiss_time',time());
133
- wp_send_json('success');
134
- }
135
-
136
- function wpns_plugin_warning_never_show_again(){
137
- update_site_option('plugin_warning_never_show_again', 1);
138
- wp_send_json('success');
139
- }
140
-
141
- function wpns_dismiss_firewall_notice(){
142
- update_site_option('waf_notification_option', 1);
143
- update_site_option('notice_dismiss_time',time());
144
- wp_send_json('success');
145
- }
146
- private function wpns_sms_notice()
147
- {
148
- update_site_option('mo2f_wpns_sms_dismiss', time());
149
- wp_send_json('success');
150
- }
151
- private function wpns_email_notice()
152
- {
153
- update_site_option('mo2f_wpns_email_dismiss', time());
154
- wp_send_json('success');
155
- }
156
- private function wpns_sms_notice_always()
157
- {
158
- update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
159
- wp_send_json('success');
160
- }
161
- private function wpns_email_notice_always()
162
- {
163
- update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
164
- wp_send_json('success');
165
- }
166
- private function mo2f_backup_codes_dismiss()
167
- {
168
- $user_id = get_current_user_id();
169
- update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
170
- wp_send_json('success');
171
- }
172
-
173
-
174
-
175
- }new AjaxHandler;
1
+ <?php
2
+
3
+ class AjaxHandler
4
+ {
5
+ function __construct()
6
+ {
7
+ add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
+ }
9
+
10
+ function mo_wpns_2fa_actions()
11
+ {
12
+ global $moWpnsUtility,$mo2f_dirName;
13
+
14
+ if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
+ {
16
+ switch($_REQUEST['option'])
17
+ {
18
+ case "iplookup":
19
+ $this->lookupIP($_GET['ip']); break;
20
+
21
+ case "dissmissSMTP":
22
+ $this->handle_smtp(); break;
23
+ case "whitelistself":
24
+ $this->whitelist_self(); break;
25
+
26
+ case "dismissplugin":
27
+ $this->wpns_plugin_notice(); break;
28
+
29
+ case "dismissbackup":
30
+ $this->wpns_dismiss_backup_notice(); break;
31
+
32
+ case "dismissbruteforce":
33
+ $this->wpns_dismiss_bruteforce_notice(); break;
34
+
35
+ case "dismissrecaptcha":
36
+ $this-> wpns_dismiss_recaptcha_notice(); break;
37
+
38
+ case "dismissfirewall":
39
+ $this->wpns_dismiss_firewall_notice(); break;
40
+
41
+ case "plugin_warning_never_show_again":
42
+ $this->wpns_plugin_warning_never_show_again();
43
+ break;
44
+
45
+ case "dismissSms":
46
+ $this->wpns_sms_notice(); break;
47
+
48
+ case "dismissEmail":
49
+ $this->wpns_email_notice(); break;
50
+
51
+ case "dismissSms_always":
52
+ $this->wpns_sms_notice_always(); break;
53
+
54
+ case "dismissEmail_always":
55
+ $this->wpns_email_notice_always(); break;
56
+
57
+ case "dismisscodeswarning":
58
+ $this->mo2f_backup_codes_dismiss(); break;
59
+ }
60
+ }
61
+ }
62
+
63
+ private function lookupIP($ip)
64
+ {
65
+ $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
66
+ $hostname = gethostbyaddr($result["geoplugin_request"]);
67
+ try{
68
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
69
+ $timeoffset = $timeoffset/3600;
70
+
71
+ }catch(Exception $e){
72
+ $result["geoplugin_timezone"]="";
73
+ $timeoffset="";
74
+ }
75
+
76
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
77
+ if($result['geoplugin_request']==$ip) {
78
+
79
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
80
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
81
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
82
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
83
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
84
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
85
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
86
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
87
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
88
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
89
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
90
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
91
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
92
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
93
+
94
+ $result['ipDetails'] = $ipLookUpTemplate;
95
+ }else{
96
+ $result["ipDetails"]["status"]="ERROR";
97
+ }
98
+
99
+ wp_send_json( $result );
100
+
101
+ }
102
+ private function whitelist_self()
103
+ {
104
+ global $moWpnsUtility;
105
+ $moPluginsUtility = new MoWpnsHandler();
106
+ $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
107
+ wp_send_json('success');
108
+ }
109
+
110
+ private function wpns_plugin_notice()
111
+ {
112
+
113
+ update_site_option('malware_notification_option', 1);
114
+ update_site_option('notice_dismiss_time',time());
115
+ wp_send_json('success');
116
+ }
117
+
118
+ function wpns_dismiss_backup_notice(){
119
+ update_site_option('backup_notification_option', 1);
120
+ update_site_option('notice_dismiss_time',time());
121
+ wp_send_json('success');
122
+ }
123
+
124
+ function wpns_dismiss_bruteforce_notice(){
125
+ update_site_option('bruteforce_notification_option', 1);
126
+ update_site_option('notice_dismiss_time',time());
127
+ wp_send_json('success');
128
+ }
129
+
130
+ function wpns_dismiss_recaptcha_notice(){
131
+ update_site_option('recaptcha_notification_option', 1);
132
+ update_site_option('notice_dismiss_time',time());
133
+ wp_send_json('success');
134
+ }
135
+
136
+ function wpns_plugin_warning_never_show_again(){
137
+ update_site_option('plugin_warning_never_show_again', 1);
138
+ wp_send_json('success');
139
+ }
140
+
141
+ function wpns_dismiss_firewall_notice(){
142
+ update_site_option('waf_notification_option', 1);
143
+ update_site_option('notice_dismiss_time',time());
144
+ wp_send_json('success');
145
+ }
146
+ private function wpns_sms_notice()
147
+ {
148
+ update_site_option('mo2f_wpns_sms_dismiss', time());
149
+ wp_send_json('success');
150
+ }
151
+ private function wpns_email_notice()
152
+ {
153
+ update_site_option('mo2f_wpns_email_dismiss', time());
154
+ wp_send_json('success');
155
+ }
156
+ private function wpns_sms_notice_always()
157
+ {
158
+ update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
159
+ wp_send_json('success');
160
+ }
161
+ private function wpns_email_notice_always()
162
+ {
163
+ update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
164
+ wp_send_json('success');
165
+ }
166
+ private function mo2f_backup_codes_dismiss()
167
+ {
168
+ $user_id = get_current_user_id();
169
+ update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
170
+ wp_send_json('success');
171
+ }
172
+
173
+
174
+
175
+ }new AjaxHandler;
handler/feedback_form.php CHANGED
@@ -1,210 +1,210 @@
1
- <?php
2
- class FeedbackHandler
3
- {
4
- function __construct()
5
- {
6
- add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
- }
8
-
9
- function mo_wpns_feedback_actions()
10
- {
11
-
12
- global $moWpnsUtility, $mo2f_dirName;
13
-
14
- if (current_user_can('manage_options') && isset($_POST['option'])) {
15
- switch ($_REQUEST['option']) {
16
- case "mo_wpns_skip_feedback":
17
- case "mo_wpns_rating":
18
- case "mo_wpns_feedback":
19
- $this->wpns_handle_feedback($_POST); break;
20
- case "mo_wpns_backup_download":
21
- $this->mo2f_backup_download($_POST);
22
- break;
23
- case "log_file_download":
24
- $this->mo2f_download_log_file();
25
- break;
26
-
27
-
28
- }
29
- }
30
- }
31
-
32
-
33
- function wpns_handle_feedback($postdata)
34
- {
35
-
36
- if(MO2F_TEST_MODE){
37
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
- return;
39
- }
40
-
41
- $user = wp_get_current_user();
42
- $feedback_option = $_POST['option'];
43
- if ($feedback_option != "mo_wpns_rating")
44
- {
45
- $message = 'Plugin Deactivated';
46
- }
47
-
48
-
49
- $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
- $activation_date = get_site_option('mo2f_activated_time');
51
- $current_date = time();
52
- $diff = $activation_date - $current_date;
53
- if($activation_date == false){
54
- $days = 'NA';
55
- }
56
- else{
57
- $days = abs(round($diff / 86400));
58
- }
59
- update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
-
61
- if ($feedback_option != "mo_wpns_rating")
62
- {
63
- $reply_required = '';
64
- if (isset($_POST['get_reply']))
65
- $reply_required = htmlspecialchars($_POST['get_reply']);
66
-
67
- if (empty($reply_required)) {
68
- $reply_required = "don't reply";
69
- $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
- } else {
71
- $reply_required = "yes";
72
- $message .= '[Reply:' . $reply_required . ',';
73
- }
74
- }
75
- else
76
- {
77
- $message ='[' ;
78
- }
79
- $message .= 'D:' . $days . ',';
80
- if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
- $message .= '2FA+NS]';
82
- }
83
- else{
84
- $message .= '2FA]';
85
- }
86
-
87
- $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
-
89
- if (isset($_POST['rate']))
90
- $rate_value = htmlspecialchars($_POST['rate']);
91
- else
92
- $rate_value = "--";
93
- $message .= ', [Rating :' . $rate_value . ']';
94
- if (empty($reply_required))
95
- $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
- else
97
- $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
- $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
- $email = get_option('mo2f_email');
101
- if (empty($email))
102
- $email = $user->user_email;
103
- }
104
- $phone = get_option('mo_wpns_admin_phone');
105
- $feedback_reasons = new MocURL();
106
- global $moWpnsUtility;
107
- if (!is_null($feedback_reasons)) {
108
- if (!$moWpnsUtility->is_curl_installed()) {
109
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
- wp_redirect('plugins.php');
111
- } else {
112
- $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
- if (json_last_error() == JSON_ERROR_NONE) {
114
- if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
115
- do_action('wpns_show_message',$submited['message'],'ERROR');
116
-
117
- } else {
118
- if ($submited == false) {
119
- do_action('wpns_show_message','Error while submitting the query.','ERROR');
120
- }
121
- }
122
- }
123
-
124
- if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
125
- {
126
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
127
- }
128
- do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
129
-
130
- }
131
- }
132
- }
133
-
134
- function mo2f_download_log_file(){
135
- ob_start();
136
- $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
137
-
138
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
139
- $error = new WP_Error();
140
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
141
-
142
- }else{
143
-
144
-
145
- $debug_log_path = wp_upload_dir();
146
- $debug_log_path = $debug_log_path['basedir'];
147
- $file_name = 'miniorange_debug_log.txt';
148
- $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
149
- if($status){
150
- header("Pragma: public");
151
- header("Expires: 0");
152
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
153
- header("Content-Type: application/octet-stream");
154
- header("Content-Disposition: attachment; filename=".$file_name);
155
- header("Content-Transfer-Encoding: binary");
156
- header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
157
- while (ob_get_level()) {
158
- ob_end_clean();
159
- @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
160
- exit;
161
- }
162
- }else{
163
- do_action('wpns_show_message','File does not exist.','ERROR');
164
- }
165
- }
166
- }
167
-
168
- function mo2f_backup_download($postdata){
169
- global $wpnsDbQueries;
170
-
171
- $nonce = $postdata['download_nonce'];
172
- if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
173
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
174
- return;
175
- }
176
-
177
- ob_start();
178
- if(current_user_can('administrator')){
179
- $file_name=$postdata['file_name'];
180
- $file_path=$postdata['file_path'];
181
- $file = explode('/', $file_name);
182
- $file_name = $file[0];
183
- $id = $file[1];
184
- $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
185
- if($status){
186
- header("Pragma: public");
187
- header("Expires: 0");
188
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
189
- header("Content-Type: application/octet-stream");
190
- header("Content-Disposition: attachment; filename=".$file_name);
191
- header("Content-Transfer-Encoding: binary");
192
- header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
193
- while (ob_get_level()) {
194
- ob_end_clean();
195
- @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
196
- exit;
197
- }
198
- }else{
199
- $wpnsDbQueries->delete_file($id);
200
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
201
- return;
202
- }
203
- }else{
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
205
- return;
206
- }
207
-
208
- }
209
-
210
- }new FeedbackHandler();
1
+ <?php
2
+ class FeedbackHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
+ }
8
+
9
+ function mo_wpns_feedback_actions()
10
+ {
11
+
12
+ global $moWpnsUtility, $mo2f_dirName;
13
+
14
+ if (current_user_can('manage_options') && isset($_POST['option'])) {
15
+ switch ($_REQUEST['option']) {
16
+ case "mo_wpns_skip_feedback":
17
+ case "mo_wpns_rating":
18
+ case "mo_wpns_feedback":
19
+ $this->wpns_handle_feedback($_POST); break;
20
+ case "mo_wpns_backup_download":
21
+ $this->mo2f_backup_download($_POST);
22
+ break;
23
+ case "log_file_download":
24
+ $this->mo2f_download_log_file();
25
+ break;
26
+
27
+
28
+ }
29
+ }
30
+ }
31
+
32
+
33
+ function wpns_handle_feedback($postdata)
34
+ {
35
+
36
+ if(MO2F_TEST_MODE){
37
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
+ return;
39
+ }
40
+
41
+ $user = wp_get_current_user();
42
+ $feedback_option = $_POST['option'];
43
+ if ($feedback_option != "mo_wpns_rating")
44
+ {
45
+ $message = 'Plugin Deactivated';
46
+ }
47
+
48
+
49
+ $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
+ $activation_date = get_site_option('mo2f_activated_time');
51
+ $current_date = time();
52
+ $diff = $activation_date - $current_date;
53
+ if($activation_date == false){
54
+ $days = 'NA';
55
+ }
56
+ else{
57
+ $days = abs(round($diff / 86400));
58
+ }
59
+ update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
+
61
+ if ($feedback_option != "mo_wpns_rating")
62
+ {
63
+ $reply_required = '';
64
+ if (isset($_POST['get_reply']))
65
+ $reply_required = htmlspecialchars($_POST['get_reply']);
66
+
67
+ if (empty($reply_required)) {
68
+ $reply_required = "don't reply";
69
+ $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
+ } else {
71
+ $reply_required = "yes";
72
+ $message .= '[Reply:' . $reply_required . ',';
73
+ }
74
+ }
75
+ else
76
+ {
77
+ $message ='[' ;
78
+ }
79
+ $message .= 'D:' . $days . ',';
80
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
+ $message .= '2FA+NS]';
82
+ }
83
+ else{
84
+ $message .= '2FA]';
85
+ }
86
+
87
+ $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
+
89
+ if (isset($_POST['rate']))
90
+ $rate_value = htmlspecialchars($_POST['rate']);
91
+ else
92
+ $rate_value = "--";
93
+ $message .= ', [Rating :' . $rate_value . ']';
94
+ if (empty($reply_required))
95
+ $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
+ else
97
+ $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
+ $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
+ $email = get_option('mo2f_email');
101
+ if (empty($email))
102
+ $email = $user->user_email;
103
+ }
104
+ $phone = get_option('mo_wpns_admin_phone');
105
+ $feedback_reasons = new MocURL();
106
+ global $moWpnsUtility;
107
+ if (!is_null($feedback_reasons)) {
108
+ if (!$moWpnsUtility->is_curl_installed()) {
109
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
+ wp_redirect('plugins.php');
111
+ } else {
112
+ $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
+ if (json_last_error() == JSON_ERROR_NONE) {
114
+ if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
115
+ do_action('wpns_show_message',$submited['message'],'ERROR');
116
+
117
+ } else {
118
+ if ($submited == false) {
119
+ do_action('wpns_show_message','Error while submitting the query.','ERROR');
120
+ }
121
+ }
122
+ }
123
+
124
+ if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
125
+ {
126
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
127
+ }
128
+ do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
129
+
130
+ }
131
+ }
132
+ }
133
+
134
+ function mo2f_download_log_file(){
135
+ ob_start();
136
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
137
+
138
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
139
+ $error = new WP_Error();
140
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
141
+
142
+ }else{
143
+
144
+
145
+ $debug_log_path = wp_upload_dir();
146
+ $debug_log_path = $debug_log_path['basedir'];
147
+ $file_name = 'miniorange_debug_log.txt';
148
+ $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
149
+ if($status){
150
+ header("Pragma: public");
151
+ header("Expires: 0");
152
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
153
+ header("Content-Type: application/octet-stream");
154
+ header("Content-Disposition: attachment; filename=".$file_name);
155
+ header("Content-Transfer-Encoding: binary");
156
+ header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
157
+ while (ob_get_level()) {
158
+ ob_end_clean();
159
+ @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
160
+ exit;
161
+ }
162
+ }else{
163
+ do_action('wpns_show_message','File does not exist.','ERROR');
164
+ }
165
+ }
166
+ }
167
+
168
+ function mo2f_backup_download($postdata){
169
+ global $wpnsDbQueries;
170
+
171
+ $nonce = $postdata['download_nonce'];
172
+ if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
173
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
174
+ return;
175
+ }
176
+
177
+ ob_start();
178
+ if(current_user_can('administrator')){
179
+ $file_name=$postdata['file_name'];
180
+ $file_path=$postdata['file_path'];
181
+ $file = explode('/', $file_name);
182
+ $file_name = $file[0];
183
+ $id = $file[1];
184
+ $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
185
+ if($status){
186
+ header("Pragma: public");
187
+ header("Expires: 0");
188
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
189
+ header("Content-Type: application/octet-stream");
190
+ header("Content-Disposition: attachment; filename=".$file_name);
191
+ header("Content-Transfer-Encoding: binary");
192
+ header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
193
+ while (ob_get_level()) {
194
+ ob_end_clean();
195
+ @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
196
+ exit;
197
+ }
198
+ }else{
199
+ $wpnsDbQueries->delete_file($id);
200
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
201
+ return;
202
+ }
203
+ }else{
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
205
+ return;
206
+ }
207
+
208
+ }
209
+
210
+ }new FeedbackHandler();
handler/logger.php CHANGED
@@ -14,6 +14,7 @@ class mo2f_Logger
14
  global $moWpnsUtility;
15
  $mo_wpns_config = new MoWpnsHandler();
16
  $userIp = $moWpnsUtility->get_client_ip();
 
17
  $url = $moWpnsUtility->get_current_url();
18
  $user = wp_get_current_user();
19
  $username = is_user_logged_in() ? $user->user_login : 'GUEST';
@@ -28,6 +29,7 @@ class mo2f_Logger
28
  return;
29
  $mo_wpns_config = new MoWpnsHandler();
30
  $userIp = $moWpnsUtility->get_client_ip();
 
31
  $url = $moWpnsUtility->get_current_url();
32
  $user = wp_get_current_user();
33
  $username = is_user_logged_in() ? $user->user_login : 'GUEST';
14
  global $moWpnsUtility;
15
  $mo_wpns_config = new MoWpnsHandler();
16
  $userIp = $moWpnsUtility->get_client_ip();
17
+ $userIp = sanitize_text_field( $userIp );
18
  $url = $moWpnsUtility->get_current_url();
19
  $user = wp_get_current_user();
20
  $username = is_user_logged_in() ? $user->user_login : 'GUEST';
29
  return;
30
  $mo_wpns_config = new MoWpnsHandler();
31
  $userIp = $moWpnsUtility->get_client_ip();
32
+ $userIp = sanitize_text_field( $userIp );
33
  $url = $moWpnsUtility->get_current_url();
34
  $user = wp_get_current_user();
35
  $username = is_user_logged_in() ? $user->user_login : 'GUEST';
handler/login.php CHANGED
@@ -1,414 +1,408 @@
1
- <?php
2
- class LoginHandler
3
- {
4
- function __construct()
5
- {
6
- add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
- if(get_site_option('mo2f_restrict_restAPI')){
8
- add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
- }
10
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
- || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
- {
13
-
14
- remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
- add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
- }
17
-
18
- add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
- add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
- //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
- //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
-
23
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
- add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
- }
26
- }
27
-
28
- function mo_block_restAPI(){
29
- global $moWpnsUtility,$mo2f_dirName;
30
- if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
- include_once("mo-block.html");
32
- exit;
33
- }
34
- }
35
-
36
- function mo_wpns_init()
37
- {
38
- add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
- add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
- add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
- add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
- global $moWpnsUtility,$mo2f_dirName;
43
- $WAFEnabled = get_option('WAFEnabled');
44
- $WAFLevel = get_option('WAF');
45
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
- if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
- add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
- $mo2f_scanner_parts = new mo2f_scanner_parts();
49
- $mo2f_scanner_parts->file_cron_scan();
50
-
51
- if($WAFEnabled == 1)
52
- {
53
- if($WAFLevel == 'PluginLevel')
54
- {
55
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
- }
58
- }
59
-
60
-
61
- $userIp = $moWpnsUtility->get_client_ip();
62
- $mo_wpns_config = new MoWpnsHandler();
63
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
64
- $isIpBlocked = false;
65
- if(!$isWhitelisted){
66
- $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
67
- }
68
- if($isIpBlocked){
69
- include_once("mo-block.html");
70
- exit;
71
- }
72
-
73
- $requested_uri = $_SERVER["REQUEST_URI"];
74
- $option = false;
75
- if (is_user_logged_in()) { //chr?
76
- if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
77
- wp_redirect(site_url());
78
- die;
79
- }
80
- } else {
81
- $option = get_option('mo_wpns_enable_rename_login_url');
82
- }
83
- if ($option) {
84
- if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
85
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
86
- wp_redirect($requested_uri);
87
- die;
88
- } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
89
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
90
- wp_redirect($requested_uri);
91
- die;
92
- }
93
-
94
- if (strpos($requested_uri, '/wp-login.php') !== false) {
95
- wp_redirect(site_url());
96
- }
97
- else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
98
- @require_once ABSPATH . 'wp-login.php';
99
- die;
100
- }
101
- }
102
-
103
- if(isset($_POST['option']))
104
- {
105
- switch($_POST['option'])
106
- {
107
- case "mo_wpns_change_password":
108
- $this->handle_change_password(sanitize_text_field($_POST['username'])
109
- ,sanitize_text_field($_POST['new_password']),sanitize_text_field($_POST['confirm_password']));
110
- break;
111
- }
112
- }
113
-
114
- }
115
- function twofa_on_user_profile( $user ) {
116
- global $mo2f_dirName;
117
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
118
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
119
- }
120
- }
121
- function user_two_factor_options_update( $user ) {
122
- global $mo2f_dirName;
123
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
124
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
125
- }
126
- }
127
-
128
- function mo2f_IP_email_send()
129
- {
130
- global $moWpnsUtility;
131
- $userIp = $moWpnsUtility->get_client_ip();
132
-
133
- if(!get_site_option('mo2f_user_IP'))
134
- {
135
- update_site_option('mo2f_user_IP',$userIp );
136
- }
137
- $check_Ip = get_site_option('mo2f_user_IP');
138
-
139
- if ($check_Ip != $userIp)
140
- {
141
-
142
- $email = get_option('admin_email');
143
- $subject ="Alert: New IP Detected";
144
- $message = mo_IP_template();
145
- $headers=array('Content-Type: text/html; charset=UTF-8');
146
- if(empty($email))
147
- {
148
- $user = wp_get_current_user();
149
- $email = $user->user_email;
150
- }
151
- if(is_email($email))
152
- {
153
-
154
- wp_mail( $email,$subject,$message,$headers);
155
-
156
- }
157
-
158
- }
159
-
160
- }
161
-
162
- function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
163
-
164
- if (empty($_POST['g-recaptcha-response'])) {
165
- $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
166
- }
167
- }
168
-
169
- //Function to Handle Change Password Form
170
- function handle_change_password($username,$newpassword,$confirmpassword)
171
- {
172
- global $mo2f_dirName;
173
- $user = get_user_by("login",$username);
174
- $error = wp_authenticate_username_password($user,$username,$newpassword);
175
-
176
- if(is_wp_error($error))
177
- {
178
- $this->mo_wpns_login_failed($username);
179
- return $error;
180
- }
181
-
182
- if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
183
- {
184
- wp_set_auth_cookie($user->ID,false,false);
185
- $this->mo_wpns_login_success($username);
186
- wp_redirect(get_site_option('siteurl'),301);
187
- }
188
- }
189
-
190
-
191
- //Function to Update User password
192
- function update_strong_password($username,$newpassword,$confirmpassword)
193
- {
194
- global $mo2f_dirName;
195
-
196
- if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
197
- && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
198
- {
199
- $user = get_user_by("login",$username);
200
- wp_set_password($newpassword,$user->ID);
201
- return "success";
202
- }
203
- else
204
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
205
- }
206
-
207
-
208
- //Our custom logic for user authentication
209
- function custom_authenticate($user, $username, $password)
210
- {
211
- global $moWpnsUtility;
212
- $error = new WP_Error();
213
-
214
- if(empty($username) && empty ($password))
215
- return $error;
216
-
217
- if(empty($username)) {
218
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
219
- }
220
- if(empty($password)) {
221
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
222
- }
223
-
224
- $user = wp_authenticate_username_password( $user, $username, $password );
225
-
226
- if ( is_wp_error( $user ) ) {
227
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
228
- return $user;
229
- }
230
- if(empty($error->errors))
231
- {
232
- $user = get_user_by("login",$username);
233
-
234
- if($user)
235
- {
236
- $moCURL=new MocURL;
237
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
238
- {
239
- $captcha_version=get_option('mo_wpns_recaptcha_version');
240
- if($captcha_version=='reCAPTCHA_v3')
241
- $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
242
- else if($captcha_version=='reCAPTCHA_v2')
243
- $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
244
-
245
- }
246
- }
247
-
248
- if(!empty($recaptchaError->errors))
249
- $error = $recaptchaError;
250
- if(empty($error->errors)){
251
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
252
- {
253
- $this->mo_wpns_login_success($username);
254
- }
255
- return $user;
256
- }
257
- }
258
- else
259
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
260
- return $error;
261
-
262
- }
263
-
264
-
265
-
266
-
267
- //Function to check user password
268
- function check_password($user,$error,$password)
269
- {
270
- global $moWpnsUtility, $mo2f_dirName;
271
- if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
272
- {
273
- if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
274
- {
275
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
276
- $this->mo_wpns_login_success($user->data->user_login);
277
- return $user;
278
- }
279
- else
280
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
281
- }
282
- else
283
- $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
284
-
285
- return $error;
286
- }
287
-
288
-
289
- //Function to handle successful user login
290
- function mo_wpns_login_success($username)
291
- {
292
- global $moWpnsUtility;
293
- if(get_site_option('mo2f_mail_notify') == 'on')
294
- {
295
- $this->mo2f_IP_email_send();
296
- }
297
-
298
- $mo_wpns_config = new MoWpnsHandler();
299
- $userIp = $moWpnsUtility->get_client_ip();
300
-
301
- $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
302
-
303
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
304
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
305
-
306
-
307
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
308
-
309
- if(isset($_POST['log']) && isset($_POST['pwd'])){
310
- $username = sanitize_text_field($_POST['log']);
311
- $pass = sanitize_text_field($_POST['pwd']);
312
- $user = get_user_by('login',$username);
313
-
314
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
315
- if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
316
- if(!get_user_meta($user->ID,'password_strong?')){
317
- update_user_meta($user->ID,'password_strong?', true);
318
- $count = get_site_option('users_with_weak_pass');
319
- $count = $count + 1;
320
- update_site_option('users_with_weak_pass', $count);
321
- }
322
- }
323
- else{
324
- if(get_user_meta($user->ID,'password_strong?')){
325
- $count = get_site_option('users_with_weak_pass');
326
- $count = $count - 1;
327
- update_site_option('users_with_weak_pass', $count);
328
- }
329
- delete_user_meta($user->ID,'password_strong?');
330
- }
331
-
332
-
333
- }
334
-
335
- }
336
- }
337
-
338
-
339
- //Function to handle failed user login attempt
340
- function mo_wpns_login_failed($username)
341
- {
342
- global $moWpnsUtility;
343
- $userIp = $moWpnsUtility->get_client_ip();
344
-
345
- if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
346
- return;
347
-
348
- $mo_wpns_config = new MoWpnsHandler();
349
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
350
-
351
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
352
-
353
- if(!$isWhitelisted)
354
- {
355
-
356
-
357
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
358
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
359
-
360
- $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
361
- $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
362
-
363
- if($allowedLoginAttepts - $failedAttempts<=0)
364
- $this->handle_login_attempt_exceeded($userIp);
365
- else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
366
- $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
367
- }
368
-
369
- }
370
-
371
-
372
-
373
-
374
-
375
- //Function to show number of attempts remaining
376
- function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
377
- {
378
- global $error;
379
- $diff = $allowedLoginAttepts - $failedAttempts;
380
- $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
381
- }
382
-
383
-
384
- //Function to handle login limit exceeded
385
- function handle_login_attempt_exceeded($userIp)
386
- {
387
- global $moWpnsUtility, $mo2f_dirName;
388
- $mo_wpns_config = new MoWpnsHandler();
389
- $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
390
- include_once("mo-block.html");
391
- exit;
392
-
393
- }
394
-
395
- function setup_registration_closed($user){
396
- global $Mo2fdbQueries;
397
- if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
398
- $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
399
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
400
- $error = new WP_Error();
401
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
402
- return $error;
403
- } else {
404
- if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
405
- //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
406
- delete_user_meta( $user->ID, 'register_account_popup' );
407
-
408
- }
409
- }
410
- }
411
- }
412
-
413
- }
414
- new LoginHandler;
1
+ <?php
2
+ class LoginHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
+ if(get_site_option('mo2f_restrict_restAPI')){
8
+ add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
+ }
10
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
+ || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
+ {
13
+
14
+ remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
+ add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
+ }
17
+
18
+ add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
+ add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
+ //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
+ //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
+
23
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
+ add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
+ }
26
+ }
27
+
28
+ function mo_block_restAPI(){
29
+ global $moWpnsUtility,$mo2f_dirName;
30
+ if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
+ include_once("mo-block.html");
32
+ exit;
33
+ }
34
+ }
35
+
36
+ function mo_wpns_init()
37
+ {
38
+ add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
+ add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
+ add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
+ add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
+ global $moWpnsUtility,$mo2f_dirName;
43
+ $WAFEnabled = get_option('WAFEnabled');
44
+ $WAFLevel = get_option('WAF');
45
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
+ if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
+ add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
+ $mo2f_scanner_parts = new mo2f_scanner_parts();
49
+ $mo2f_scanner_parts->file_cron_scan();
50
+
51
+ if($WAFEnabled == 1)
52
+ {
53
+ if($WAFLevel == 'PluginLevel')
54
+ {
55
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
+ }
58
+ }
59
+
60
+
61
+ $userIp = $moWpnsUtility->get_client_ip();
62
+ $userIp = sanitize_text_field( $userIp );
63
+ $mo_wpns_config = new MoWpnsHandler();
64
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
65
+ $isIpBlocked = false;
66
+ if(!$isWhitelisted){
67
+ $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
68
+ }
69
+ if($isIpBlocked){
70
+ include_once("mo-block.html");
71
+ exit;
72
+ }
73
+
74
+ $requested_uri = $_SERVER["REQUEST_URI"];
75
+ $option = false;
76
+ if (is_user_logged_in()) { //chr?
77
+ if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
+ wp_redirect(site_url());
79
+ die;
80
+ }
81
+ } else {
82
+ $option = get_option('mo_wpns_enable_rename_login_url');
83
+ }
84
+ if ($option) {
85
+ if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
+ wp_redirect($requested_uri);
88
+ die;
89
+ } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
+ wp_redirect($requested_uri);
92
+ die;
93
+ }
94
+
95
+ if (strpos($requested_uri, '/wp-login.php') !== false) {
96
+ wp_redirect(site_url());
97
+ }
98
+ else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
99
+ @require_once ABSPATH . 'wp-login.php';
100
+ die;
101
+ }
102
+ }
103
+
104
+ if(isset($_POST['option']))
105
+ {
106
+ switch($_POST['option'])
107
+ {
108
+ case "mo_wpns_change_password":
109
+ $this->handle_change_password(sanitize_text_field($_POST['username'])
110
+ ,sanitize_text_field($_POST['new_password']),sanitize_text_field($_POST['confirm_password']));
111
+ break;
112
+ }
113
+ }
114
+
115
+ }
116
+ function twofa_on_user_profile( $user ) {
117
+ global $mo2f_dirName;
118
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
119
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
120
+ }
121
+ }
122
+ function user_two_factor_options_update( $user ) {
123
+ global $mo2f_dirName;
124
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
125
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
126
+ }
127
+ }
128
+
129
+ function mo2f_IP_email_send()
130
+ {
131
+ global $moWpnsUtility, $Mo2fdbQueries;
132
+ $userIp = $moWpnsUtility->get_client_ip();
133
+ $userIp = sanitize_text_field( $userIp );
134
+ $user = wp_get_current_user();
135
+ $user_id = $user->ID;
136
+ $meta_key = 'mo2f_user_IP';
137
+ add_user_meta($user->ID, $meta_key,$userIp);
138
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID);
139
+ if (empty($email)) {
140
+ $email = $user->user_email;
141
+ }
142
+ $check_Ip = get_user_meta($user->ID,$meta_key)[0];
143
+
144
+ if ($check_Ip != $userIp)
145
+ {
146
+ $subject ="Alert: New IP Detected";
147
+ $message = mo_IP_template();
148
+ $headers=array('Content-Type: text/html; charset=UTF-8');
149
+ if(is_email($email))
150
+ {
151
+ wp_mail( $email,$subject,$message,$headers);
152
+ }
153
+ }
154
+ }
155
+
156
+ function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
157
+
158
+ if (empty($_POST['g-recaptcha-response'])) {
159
+ $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
160
+ }
161
+ }
162
+
163
+ //Function to Handle Change Password Form
164
+ function handle_change_password($username,$newpassword,$confirmpassword)
165
+ {
166
+ global $mo2f_dirName;
167
+ $user = get_user_by("login",$username);
168
+ $error = wp_authenticate_username_password($user,$username,$newpassword);
169
+
170
+ if(is_wp_error($error))
171
+ {
172
+ $this->mo_wpns_login_failed($username);
173
+ return $error;
174
+ }
175
+
176
+ if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
177
+ {
178
+ wp_set_auth_cookie($user->ID,false,false);
179
+ $this->mo_wpns_login_success($username);
180
+ wp_redirect(get_site_option('siteurl'),301);
181
+ }
182
+ }
183
+
184
+
185
+ //Function to Update User password
186
+ function update_strong_password($username,$newpassword,$confirmpassword)
187
+ {
188
+ global $mo2f_dirName;
189
+
190
+ if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
191
+ && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
192
+ {
193
+ $user = get_user_by("login",$username);
194
+ wp_set_password($newpassword,$user->ID);
195
+ return "success";
196
+ }
197
+ else
198
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
199
+ }
200
+
201
+
202
+ //Our custom logic for user authentication
203
+ function custom_authenticate($user, $username, $password)
204
+ {
205
+ global $moWpnsUtility;
206
+ $error = new WP_Error();
207
+
208
+ if(empty($username) && empty ($password))
209
+ return $error;
210
+
211
+ if(empty($username)) {
212
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
213
+ }
214
+ if(empty($password)) {
215
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
216
+ }
217
+
218
+ $user = wp_authenticate_username_password( $user, $username, $password );
219
+
220
+ if ( is_wp_error( $user ) ) {
221
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
222
+ return $user;
223
+ }
224
+ if(empty($error->errors))
225
+ {
226
+ $user = get_user_by("login",$username);
227
+
228
+ if($user)
229
+ {
230
+ $moCURL=new MocURL;
231
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
232
+ {
233
+ $captcha_version=get_option('mo_wpns_recaptcha_version');
234
+ if($captcha_version=='reCAPTCHA_v3')
235
+ $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
236
+ else if($captcha_version=='reCAPTCHA_v2')
237
+ $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
238
+
239
+ }
240
+ }
241
+
242
+ if(!empty($recaptchaError->errors))
243
+ $error = $recaptchaError;
244
+ if(empty($error->errors)){
245
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
246
+ {
247
+ $this->mo_wpns_login_success($username);
248
+ }
249
+ return $user;
250
+ }
251
+ }
252
+ else
253
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
254
+ return $error;
255
+
256
+ }
257
+
258
+
259
+
260
+
261
+ //Function to check user password
262
+ function check_password($user,$error,$password)
263
+ {
264
+ global $moWpnsUtility, $mo2f_dirName;
265
+ if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
266
+ {
267
+ if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
268
+ {
269
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
270
+ $this->mo_wpns_login_success($user->data->user_login);
271
+ return $user;
272
+ }
273
+ else
274
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
275
+ }
276
+ else
277
+ $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
278
+
279
+ return $error;
280
+ }
281
+
282
+
283
+ //Function to handle successful user login
284
+ function mo_wpns_login_success($username)
285
+ {
286
+ global $moWpnsUtility;
287
+ if(get_site_option('mo2f_mail_notify') == 'on')
288
+ {
289
+ $this->mo2f_IP_email_send();
290
+ }
291
+
292
+ $mo_wpns_config = new MoWpnsHandler();
293
+ $userIp = $moWpnsUtility->get_client_ip();
294
+ $userIp = sanitize_text_field( $userIp );
295
+ $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
296
+
297
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
298
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
299
+
300
+
301
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
302
+
303
+ if(isset($_POST['log']) && isset($_POST['pwd'])){
304
+ $username = sanitize_text_field($_POST['log']);
305
+ $pass = sanitize_text_field($_POST['pwd']);
306
+ $user = get_user_by('login',$username);
307
+
308
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
309
+ if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
310
+ if(!get_user_meta($user->ID,'password_strong?')){
311
+ update_user_meta($user->ID,'password_strong?', true);
312
+ $count = get_site_option('users_with_weak_pass');
313
+ $count = $count + 1;
314
+ update_site_option('users_with_weak_pass', $count);
315
+ }
316
+ }
317
+ else{
318
+ if(get_user_meta($user->ID,'password_strong?')){
319
+ $count = get_site_option('users_with_weak_pass');
320
+ $count = $count - 1;
321
+ update_site_option('users_with_weak_pass', $count);
322
+ }
323
+ delete_user_meta($user->ID,'password_strong?');
324
+ }
325
+
326
+
327
+ }
328
+
329
+ }
330
+ }
331
+
332
+
333
+ //Function to handle failed user login attempt
334
+ function mo_wpns_login_failed($username)
335
+ {
336
+ global $moWpnsUtility;
337
+ $userIp = $moWpnsUtility->get_client_ip();
338
+ $userIp = sanitize_text_field( $userIp );
339
+ if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
340
+ return;
341
+
342
+ $mo_wpns_config = new MoWpnsHandler();
343
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
344
+
345
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
346
+
347
+ if(!$isWhitelisted)
348
+ {
349
+
350
+
351
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
352
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
353
+
354
+ $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
355
+ $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
356
+
357
+ if($allowedLoginAttepts - $failedAttempts<=0)
358
+ $this->handle_login_attempt_exceeded($userIp);
359
+ else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
360
+ $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
361
+ }
362
+
363
+ }
364
+
365
+
366
+
367
+
368
+
369
+ //Function to show number of attempts remaining
370
+ function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
371
+ {
372
+ global $error;
373
+ $diff = $allowedLoginAttepts - $failedAttempts;
374
+ $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
375
+ }
376
+
377
+
378
+ //Function to handle login limit exceeded
379
+ function handle_login_attempt_exceeded($userIp)
380
+ {
381
+ global $moWpnsUtility, $mo2f_dirName;
382
+ $mo_wpns_config = new MoWpnsHandler();
383
+ $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
384
+ include_once("mo-block.html");
385
+ exit;
386
+
387
+ }
388
+
389
+ function setup_registration_closed($user){
390
+ global $Mo2fdbQueries;
391
+ if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
392
+ $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
393
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
394
+ $error = new WP_Error();
395
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
396
+ return $error;
397
+ } else {
398
+ if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
399
+ //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
400
+ delete_user_meta( $user->ID, 'register_account_popup' );
401
+
402
+ }
403
+ }
404
+ }
405
+ }
406
+
407
+ }
408
+ new LoginHandler;
 
 
 
 
 
 
handler/mo-block.html CHANGED
@@ -1,9 +1,9 @@
1
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
- <div>
3
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
- <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
5
- <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
6
- <div><h6 style="font-size: 21px;margin-left: 19em;margin-top: 7em;color: red;">Your IP has been blocked. Please Contact your Administrator.<h6></div>
7
- <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
8
- </div>
9
- </div>
1
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
+ <div>
3
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
+ <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
5
+ <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
6
+ <div><h6 style="font-size: 21px;margin-left: 19em;margin-top: 7em;color: red;">Your IP has been blocked. Please Contact your Administrator.<h6></div>
7
+ <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
8
+ </div>
9
+ </div>
handler/mo-waf-plugin.php CHANGED
@@ -1,410 +1,410 @@
1
- <?php
2
-
3
- $dir =dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
- $xssFile = $dir.'/signature/APXSS.php';
7
- $lfiFile = $dir.'/signature/APLFI.php';
8
- $configfilepath = explode('wp-content', $dir);
9
- $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
-
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
-
26
- global $wpdb;
27
- $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
31
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
34
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
35
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
36
- else if(isset($_SERVER['HTTP_FORWARDED']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
38
- else if(isset($_SERVER['REMOTE_ADDR']))
39
- $ipaddress = $_SERVER['REMOTE_ADDR'];
40
- else
41
- $ipaddress = 'UNKNOWN';
42
-
43
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
44
- $results = $wpdb->get_results($query);
45
-
46
- if(sizeof($results)!=0)
47
- {
48
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
49
- $results1 = $wpdb->get_results($query);
50
- if(sizeof($results1)!=0)
51
- {
52
- //IP whitelisted
53
- }
54
- else
55
- {
56
- header('HTTP/1.1 403 Forbidden');
57
- include_once("mo-block.html");
58
- exit;
59
- }
60
- }
61
- $dir_name = dirname(__FILE__);
62
- $dir_name1 = explode('wp-content', $dir_name);
63
- $dir_name = $dir_name1[0];
64
- $filepath = str_replace('\\', '/', $dir_name1[0]);
65
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
66
-
67
- if($missingFile==1)
68
- {
69
- if(!file_exists($fileName))
70
- {
71
- $file = fopen($fileName, "a+");
72
- $string = "<?php".PHP_EOL;
73
- $string .= '$SQL = '.get_option("SQLInjection").';'.PHP_EOL;
74
- $string .= '$XSS = '.get_option("XSSAttack").';'.PHP_EOL;
75
- $string .= '$RFI = '.get_option("RFIAttack").';'.PHP_EOL;
76
- $string .= '$LFI = '.get_option("LFIAttack").';'.PHP_EOL;
77
- $string .= '$RCE = '.get_option("RCEAttack").';'.PHP_EOL;
78
- $string .= '$RateLimiting = '.get_option("Rate_limiting").';'.PHP_EOL;
79
- $string .= '$RequestsPMin = '.get_option("Rate_request").';'.PHP_EOL;
80
-
81
- if(get_option('actionRateL') == 0)
82
- $string .= '$actionRateL = "ThrottleIP";'.PHP_EOL;
83
- else
84
- $string .= '$actionRateL = "BlockIP";'.PHP_EOL;
85
-
86
- $string .= '?>'.PHP_EOL;
87
- fwrite($file, $string);
88
- fclose($file);
89
-
90
- }
91
-
92
- }
93
- include_once($fileName);
94
-
95
-
96
- if($RateLimiting == 1)
97
- {
98
- $time = 60;
99
- $reqLimit = $RequestsPMin;
100
-
101
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
102
- $results = $wpdb->get_results($query);
103
-
104
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
105
- $results = $wpdb->get_results($query);
106
-
107
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
108
- $results = $wpdb->get_results($query);
109
-
110
- if($results[0]->count>=$reqLimit)
111
- {
112
- $action = $actionRateL;
113
- if($action == 'ThrottleIP')
114
- {
115
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
116
- $results = $wpdb->get_results($query);
117
- $current_time = time();
118
- if($results[0]->time < $current_time-60)
119
- {
120
- $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
121
- $results = $wpdb->get_results($query);
122
- }
123
- header('HTTP/1.1 403 Forbidden');
124
- include_once("mo-error.html");
125
- exit;
126
- }
127
- else
128
- {
129
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
130
- $results = $wpdb->get_results($query);
131
- $current_time = time();
132
- if($results[0]->time < $current_time-60)
133
- {
134
- $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
135
- $results = $wpdb->get_results($query);
136
- }
137
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
138
- $results1 = $wpdb->get_results($query);
139
- if(sizeof($results1)!=0)
140
- {
141
- //IP whitelisted
142
- }
143
- else
144
- {
145
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".current_time( 'timestamp' ).");";
146
- $results =$wpdb->get_results($query);
147
- }
148
- header('HTTP/1.1 403 Forbidden');
149
- include_once("mo-error.html");
150
- exit;
151
- }
152
- }
153
- }
154
- $attack = array();
155
- if($SQL==1)
156
- {
157
- array_push($attack,"SQL");
158
- }
159
- if($XSS==1)
160
- {
161
- array_push($attack,"XSS");
162
- }
163
- if($LFI==1)
164
- {
165
- array_push($attack,"LFI");
166
- }
167
-
168
- $attackC = $attack;
169
- $ParanoiaLevel = 1;
170
- $annomalyS = 0;
171
- $SQLScore = 0;
172
- $XSSScore = 0;
173
- $limitAttack = get_option('limitAttack');
174
-
175
-
176
- foreach ($attackC as $key1 => $value1) {
177
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
178
- {
179
- if(isset($regex[$value1][$lev]))
180
- {
181
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
182
- {
183
- foreach ($_REQUEST as $key => $value) {
184
- if($regex[$value1][$lev][$i] != "")
185
- {
186
- if(strpos($regex[$value1][$lev][$i], '/') == false)
187
- {
188
- if(is_string($value))
189
- {
190
-
191
- if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
192
- {
193
- $scoreValue = 0;
194
-
195
- $annomalyMS = $score[$value1][$lev][$i];
196
- if(strcmp($annomalyMS,"CRITICAL")==0)
197
- {
198
- $scoreValue = 5;
199
- }
200
-
201
- elseif(strcmp($annomalyMS,"WARNING")==0)
202
- {
203
- $scoreValue = 3;
204
- }
205
- elseif(strcmp($annomalyMS,"ERROR")==0)
206
- {
207
- $scoreValue = 4;
208
- }
209
- elseif(strcmp($annomalyMS,"NOTICE")==0)
210
- {
211
- $scoreValue =2;
212
- }
213
-
214
- if($value1 == "SQL")
215
- {
216
- $SQLScore += $scoreValue;
217
-
218
- }
219
- elseif ($value1 == "XSS")
220
- {
221
- $XSSScore += $scoreValue;
222
- }
223
- else
224
- {
225
- $annomalyS += $scoreValue;
226
- }
227
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
228
- {
229
- $value = htmlspecialchars($value);
230
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
231
- $results = $wpdb->get_results($query);
232
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
233
- $results = $wpdb->get_results($query);
234
- if($results[0]->count>$limitAttack)
235
- {
236
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
237
- $results = $wpdb->get_results($query);
238
- if(sizeof($results)!=0)
239
- {
240
- //IP whitelisted
241
- }
242
- else
243
- {
244
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
245
- $results =$wpdb->get_results($query);
246
- }
247
- }
248
- header('HTTP/1.1 403 Forbidden');
249
- include_once("mo-error.html");
250
- exit;
251
- }
252
-
253
- }
254
- }
255
- }
256
- else if (strpos($regex[$value1][$lev][$i], '#') == false) {
257
- if(is_string($value))
258
- {
259
-
260
- if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
261
- {
262
- $scoreValue = 0;
263
- $annomalyMS = $score[$value1][$lev][$i];
264
- if(strcmp($annomalyMS,"CRITICAL")==0)
265
- {
266
- $scoreValue = 5;
267
- }
268
-
269
- elseif(strcmp($annomalyMS,"WARNING")==0)
270
- {
271
- $scoreValue = 3;
272
- }
273
- elseif(strcmp($annomalyMS,"ERROR")==0)
274
- {
275
- $scoreValue = 4;
276
- }
277
- elseif(strcmp($annomalyMS,"NOTICE")==0)
278
- {
279
- $scoreValue =2;
280
- }
281
-
282
-
283
- if($value1 == "SQL")
284
- {
285
- $SQLScore += $scoreValue;
286
-
287
- }
288
- elseif ($value1 == "XSS")
289
- {
290
- $XSSScore += $scoreValue;
291
- }
292
- else
293
- {
294
- $annomalyS += $scoreValue;
295
- }
296
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
297
- {
298
- $value = htmlspecialchars($value);
299
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
300
- $results = $wpdb->get_results($query);
301
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
302
- $results = $wpdb->get_results($query);
303
-
304
- if($results[0]->count>$limitAttack)
305
- {
306
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
307
- $results = $wpdb->get_results($query);
308
- if(sizeof($results)!=0)
309
- {
310
- //IP whitelisted
311
- }
312
- else
313
- {
314
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
315
- $results =$wpdb->get_results($query);
316
- }
317
- }
318
- header('HTTP/1.1 403 Forbidden');
319
- include_once("mo-error.html");
320
- exit;
321
- }
322
- }
323
- }
324
- }
325
-
326
- elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
327
- if(is_string($value))
328
- {
329
-
330
- if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
331
- {
332
- $scoreValue = 0;
333
- $annomalyMS = $score[$value1][$lev][$i];
334
- if(strcmp($annomalyMS,"CRITICAL")==0)
335
- {
336
- $scoreValue = 5;
337
- }
338
-
339
- elseif(strcmp($annomalyMS,"WARNING")==0)
340
- {
341
- $scoreValue = 3;
342
- }
343
- elseif(strcmp($annomalyMS,"ERROR")==0)
344
- {
345
- $scoreValue = 4;
346
- }
347
- elseif(strcmp($annomalyMS,"NOTICE")==0)
348
- {
349
- $scoreValue =2;
350
- }
351
-
352
-
353
- if($value1 == "SQL")
354
- {
355
- $SQLScore += $scoreValue;
356
-
357
- }
358
- elseif ($value1 == "XSS")
359
- {
360
- $XSSScore += $scoreValue;
361
- }
362
- else
363
- {
364
- $annomalyS += $scoreValue;
365
- }
366
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
367
- {
368
- $value = htmlspecialchars($value);
369
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
370
- $results = $wpdb->get_results($query);
371
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
372
- $results = $wpdb->get_results($query);
373
-
374
- if($results[0]->count>$limitAttack)
375
- {
376
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
377
- $results = $wpdb->get_results($query);
378
- if(sizeof($results)!=0)
379
- {
380
- //IP whitelisted
381
- }
382
- else
383
- {
384
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
385
- $results =$wpdb->get_results($query);
386
- }
387
- }
388
- header('HTTP/1.1 403 Forbidden');
389
- include_once("mo-error.html");
390
- exit;
391
- }
392
- }
393
- }
394
-
395
- }
396
-
397
- }
398
- }
399
-
400
- }
401
- }
402
-
403
- }
404
- }
405
-
406
-
407
-
408
-
409
-
410
  ?>
1
+ <?php
2
+
3
+ $dir =dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
+ $xssFile = $dir.'/signature/APXSS.php';
7
+ $lfiFile = $dir.'/signature/APLFI.php';
8
+ $configfilepath = explode('wp-content', $dir);
9
+ $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
+
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+
26
+ global $wpdb;
27
+ $ipaddress = '';
28
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
29
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
31
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
32
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
33
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
34
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
35
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
36
+ else if(isset($_SERVER['HTTP_FORWARDED']))
37
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
38
+ else if(isset($_SERVER['REMOTE_ADDR']))
39
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
40
+ else
41
+ $ipaddress = 'UNKNOWN';
42
+
43
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
44
+ $results = $wpdb->get_results($query);
45
+
46
+ if(sizeof($results)!=0)
47
+ {
48
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
49
+ $results1 = $wpdb->get_results($query);
50
+ if(sizeof($results1)!=0)
51
+ {
52
+ //IP whitelisted
53
+ }
54
+ else
55
+ {
56
+ header('HTTP/1.1 403 Forbidden');
57
+ include_once("mo-block.html");
58
+ exit;
59
+ }
60
+ }
61
+ $dir_name = dirname(__FILE__);
62
+ $dir_name1 = explode('wp-content', $dir_name);
63
+ $dir_name = $dir_name1[0];
64
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
65
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
66
+
67
+ if($missingFile==1)
68
+ {
69
+ if(!file_exists($fileName))
70
+ {
71
+ $file = fopen($fileName, "a+");
72
+ $string = "<?php".PHP_EOL;
73
+ $string .= '$SQL = '.get_option("SQLInjection").';'.PHP_EOL;
74
+ $string .= '$XSS = '.get_option("XSSAttack").';'.PHP_EOL;
75
+ $string .= '$RFI = '.get_option("RFIAttack").';'.PHP_EOL;
76
+ $string .= '$LFI = '.get_option("LFIAttack").';'.PHP_EOL;
77
+ $string .= '$RCE = '.get_option("RCEAttack").';'.PHP_EOL;
78
+ $string .= '$RateLimiting = '.get_option("Rate_limiting").';'.PHP_EOL;
79
+ $string .= '$RequestsPMin = '.get_option("Rate_request").';'.PHP_EOL;
80
+
81
+ if(get_option('actionRateL') == 0)
82
+ $string .= '$actionRateL = "ThrottleIP";'.PHP_EOL;
83
+ else
84
+ $string .= '$actionRateL = "BlockIP";'.PHP_EOL;
85
+
86
+ $string .= '?>'.PHP_EOL;
87
+ fwrite($file, $string);
88
+ fclose($file);
89
+
90
+ }
91
+
92
+ }
93
+ include_once($fileName);
94
+
95
+
96
+ if($RateLimiting == 1)
97
+ {
98
+ $time = 60;
99
+ $reqLimit = $RequestsPMin;
100
+
101
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
102
+ $results = $wpdb->get_results($query);
103
+
104
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
105
+ $results = $wpdb->get_results($query);
106
+
107
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
108
+ $results = $wpdb->get_results($query);
109
+
110
+ if($results[0]->count>=$reqLimit)
111
+ {
112
+ $action = $actionRateL;
113
+ if($action == 'ThrottleIP')
114
+ {
115
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
116
+ $results = $wpdb->get_results($query);
117
+ $current_time = time();
118
+ if($results[0]->time < $current_time-60)
119
+ {
120
+ $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
121
+ $results = $wpdb->get_results($query);
122
+ }
123
+ header('HTTP/1.1 403 Forbidden');
124
+ include_once("mo-error.html");
125
+ exit;
126
+ }
127
+ else
128
+ {
129
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
130
+ $results = $wpdb->get_results($query);
131
+ $current_time = time();
132
+ if($results[0]->time < $current_time-60)
133
+ {
134
+ $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
135
+ $results = $wpdb->get_results($query);
136
+ }
137
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
138
+ $results1 = $wpdb->get_results($query);
139
+ if(sizeof($results1)!=0)
140
+ {
141
+ //IP whitelisted
142
+ }
143
+ else
144
+ {
145
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".current_time( 'timestamp' ).");";
146
+ $results =$wpdb->get_results($query);
147
+ }
148
+ header('HTTP/1.1 403 Forbidden');
149
+ include_once("mo-error.html");
150
+ exit;
151
+ }
152
+ }
153
+ }
154
+ $attack = array();
155
+ if($SQL==1)
156
+ {
157
+ array_push($attack,"SQL");
158
+ }
159
+ if($XSS==1)
160
+ {
161
+ array_push($attack,"XSS");
162
+ }
163
+ if($LFI==1)
164
+ {
165
+ array_push($attack,"LFI");
166
+ }
167
+
168
+ $attackC = $attack;
169
+ $ParanoiaLevel = 1;
170
+ $annomalyS = 0;
171
+ $SQLScore = 0;
172
+ $XSSScore = 0;
173
+ $limitAttack = get_option('limitAttack');
174
+
175
+
176
+ foreach ($attackC as $key1 => $value1) {
177
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
178
+ {
179
+ if(isset($regex[$value1][$lev]))
180
+ {
181
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
182
+ {
183
+ foreach ($_REQUEST as $key => $value) {
184
+ if($regex[$value1][$lev][$i] != "")
185
+ {
186
+ if(strpos($regex[$value1][$lev][$i], '/') == false)
187
+ {
188
+ if(is_string($value))
189
+ {
190
+
191
+ if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
192
+ {
193
+ $scoreValue = 0;
194
+
195
+ $annomalyMS = $score[$value1][$lev][$i];
196
+ if(strcmp($annomalyMS,"CRITICAL")==0)
197
+ {
198
+ $scoreValue = 5;
199
+ }
200
+
201
+ elseif(strcmp($annomalyMS,"WARNING")==0)
202
+ {
203
+ $scoreValue = 3;
204
+ }
205
+ elseif(strcmp($annomalyMS,"ERROR")==0)
206
+ {
207
+ $scoreValue = 4;
208
+ }
209
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
210
+ {
211
+ $scoreValue =2;
212
+ }
213
+
214
+ if($value1 == "SQL")
215
+ {
216
+ $SQLScore += $scoreValue;
217
+
218
+ }
219
+ elseif ($value1 == "XSS")
220
+ {
221
+ $XSSScore += $scoreValue;
222
+ }
223
+ else
224
+ {
225
+ $annomalyS += $scoreValue;
226
+ }
227
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
228
+ {
229
+ $value = htmlspecialchars($value);
230
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
231
+ $results = $wpdb->get_results($query);
232
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
233
+ $results = $wpdb->get_results($query);
234
+ if($results[0]->count>$limitAttack)
235
+ {
236
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
237
+ $results = $wpdb->get_results($query);
238
+ if(sizeof($results)!=0)
239
+ {
240
+ //IP whitelisted
241
+ }
242
+ else
243
+ {
244
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
245
+ $results =$wpdb->get_results($query);
246
+ }
247
+ }
248
+ header('HTTP/1.1 403 Forbidden');
249
+ include_once("mo-error.html");
250
+ exit;
251
+ }
252
+
253
+ }
254
+ }
255
+ }
256
+ else if (strpos($regex[$value1][$lev][$i], '#') == false) {
257
+ if(is_string($value))
258
+ {
259
+
260
+ if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
261
+ {
262
+ $scoreValue = 0;
263
+ $annomalyMS = $score[$value1][$lev][$i];
264
+ if(strcmp($annomalyMS,"CRITICAL")==0)
265
+ {
266
+ $scoreValue = 5;
267
+ }
268
+
269
+ elseif(strcmp($annomalyMS,"WARNING")==0)
270
+ {
271
+ $scoreValue = 3;
272
+ }
273
+ elseif(strcmp($annomalyMS,"ERROR")==0)
274
+ {
275
+ $scoreValue = 4;
276
+ }
277
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
278
+ {
279
+ $scoreValue =2;
280
+ }
281
+
282
+
283
+ if($value1 == "SQL")
284
+ {
285
+ $SQLScore += $scoreValue;
286
+
287
+ }
288
+ elseif ($value1 == "XSS")
289
+ {
290
+ $XSSScore += $scoreValue;
291
+ }
292
+ else
293
+ {
294
+ $annomalyS += $scoreValue;
295
+ }
296
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
297
+ {
298
+ $value = htmlspecialchars($value);
299
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
300
+ $results = $wpdb->get_results($query);
301
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
302
+ $results = $wpdb->get_results($query);
303
+
304
+ if($results[0]->count>$limitAttack)
305
+ {
306
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
307
+ $results = $wpdb->get_results($query);
308
+ if(sizeof($results)!=0)
309
+ {
310
+ //IP whitelisted
311
+ }
312
+ else
313
+ {
314
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
315
+ $results =$wpdb->get_results($query);
316
+ }
317
+ }
318
+ header('HTTP/1.1 403 Forbidden');
319
+ include_once("mo-error.html");
320
+ exit;
321
+ }
322
+ }
323
+ }
324
+ }
325
+
326
+ elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
327
+ if(is_string($value))
328
+ {
329
+
330
+ if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
331
+ {
332
+ $scoreValue = 0;
333
+ $annomalyMS = $score[$value1][$lev][$i];
334
+ if(strcmp($annomalyMS,"CRITICAL")==0)
335
+ {
336
+ $scoreValue = 5;
337
+ }
338
+
339
+ elseif(strcmp($annomalyMS,"WARNING")==0)
340
+ {
341
+ $scoreValue = 3;
342
+ }
343
+ elseif(strcmp($annomalyMS,"ERROR")==0)
344
+ {
345
+ $scoreValue = 4;
346
+ }
347
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
348
+ {
349
+ $scoreValue =2;
350
+ }
351
+
352
+
353
+ if($value1 == "SQL")
354
+ {
355
+ $SQLScore += $scoreValue;
356
+
357
+ }
358
+ elseif ($value1 == "XSS")
359
+ {
360
+ $XSSScore += $scoreValue;
361
+ }
362
+ else
363
+ {
364
+ $annomalyS += $scoreValue;
365
+ }
366
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
367
+ {
368
+ $value = htmlspecialchars($value);
369
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
370
+ $results = $wpdb->get_results($query);
371
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
372
+ $results = $wpdb->get_results($query);
373
+
374
+ if($results[0]->count>$limitAttack)
375
+ {
376
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
377
+ $results = $wpdb->get_results($query);
378
+ if(sizeof($results)!=0)
379
+ {
380
+ //IP whitelisted
381
+ }
382
+ else
383
+ {
384
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
385
+ $results =$wpdb->get_results($query);
386
+ }
387
+ }
388
+ header('HTTP/1.1 403 Forbidden');
389
+ include_once("mo-error.html");
390
+ exit;
391
+ }
392
+ }
393
+ }
394
+
395
+ }
396
+
397
+ }
398
+ }
399
+
400
+ }
401
+ }
402
+
403
+ }
404
+ }
405
+
406
+
407
+
408
+
409
+
410
  ?>
handler/realtime_ip_block_free.php CHANGED
@@ -1,52 +1,52 @@
1
- <?php
2
- /**
3
- *
4
- */
5
- class MO2F_realtime_free
6
- {
7
-
8
- function __construct()
9
- {
10
- add_filter( 'cron_schedules', array($this,'mo_2fa_realtime_blocking_int'));
11
- add_action( 'mo2f_realtime_ip_block_free_hook', array($this,'mo2f_realtime_ip_block_free') );
12
-
13
- }
14
- function mo2f_realtime_ip_block_free()
15
- {
16
- global $wpnsDbQueries;
17
- $results = $wpnsDbQueries->get_blocked_ips_realtime();
18
-
19
- $ip_addresses = array();
20
- $mo2f_added_ips = get_site_option('mo2f_added_ips_realtime');
21
- $sizeofResults = sizeof($results);
22
-
23
- $mo2f_added_ips = explode(',', $mo2f_added_ips);
24
-
25
- for($i = 0;$i<$sizeofResults;$i++)
26
- {
27
- if($results[$i]->ip_address != '::1' and $results[$i]->ip_address != '127.0.0.1' and rest_is_ip_address($results[$i]->ip_address))
28
- {
29
- if(!in_array($results[$i]->ip_address, $mo2f_added_ips))
30
- {
31
- array_push($ip_addresses,$results[$i]->ip_address);
32
- }
33
- }
34
- }
35
-
36
-
37
- add_to_blacklist($ip_addresses,get_site_option('siteurl'));
38
-
39
- }
40
- function mo_2fa_realtime_blocking_int()
41
- {
42
- $mo2f_cron_hours = 7200;
43
- $schedules['mo2f_realtime_ipblock_free'] = array(
44
- 'interval' => $mo2f_cron_hours,
45
- 'display' => esc_html__( 'Cron Activated' ),
46
- );
47
- return $schedules;
48
- }
49
- }
50
- new MO2F_realtime_free;
51
-
52
  ?>
1
+ <?php
2
+ /**
3
+ *
4
+ */
5
+ class MO2F_realtime_free
6
+ {
7
+
8
+ function __construct()
9
+ {
10
+ add_filter( 'cron_schedules', array($this,'mo_2fa_realtime_blocking_int'));
11
+ add_action( 'mo2f_realtime_ip_block_free_hook', array($this,'mo2f_realtime_ip_block_free') );
12
+
13
+ }
14
+ function mo2f_realtime_ip_block_free()
15
+ {
16
+ global $wpnsDbQueries;
17
+ $results = $wpnsDbQueries->get_blocked_ips_realtime();
18
+
19
+ $ip_addresses = array();
20
+ $mo2f_added_ips = get_site_option('mo2f_added_ips_realtime');
21
+ $sizeofResults = sizeof($results);
22
+
23
+ $mo2f_added_ips = explode(',', $mo2f_added_ips);
24
+
25
+ for($i = 0;$i<$sizeofResults;$i++)
26
+ {
27
+ if($results[$i]->ip_address != '::1' and $results[$i]->ip_address != '127.0.0.1' and rest_is_ip_address($results[$i]->ip_address))
28
+ {
29
+ if(!in_array($results[$i]->ip_address, $mo2f_added_ips))
30
+ {
31
+ array_push($ip_addresses,$results[$i]->ip_address);
32
+ }
33
+ }
34
+ }
35
+
36
+
37
+ add_to_blacklist($ip_addresses,get_site_option('siteurl'));
38
+
39
+ }
40
+ function mo_2fa_realtime_blocking_int()
41
+ {
42
+ $mo2f_cron_hours = 7200;
43
+ $schedules['mo2f_realtime_ipblock_free'] = array(
44
+ 'interval' => $mo2f_cron_hours,
45
+ 'display' => esc_html__( 'Cron Activated' ),
46
+ );
47
+ return $schedules;
48
+ }
49
+ }
50
+ new MO2F_realtime_free;
51
+
52
  ?>
handler/recaptcha.php CHANGED
@@ -24,6 +24,7 @@
24
  if(array_key_exists('g-recaptcha-response',$_POST))
25
  {
26
  $userIp = $moWpnsUtility->get_client_ip();
 
27
  $mocURL = new MocURL;
28
  $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
29
  $content = json_decode($response, true);
@@ -41,6 +42,7 @@
41
  if(array_key_exists('g-recaptcha-response',$_REQUEST))
42
  {
43
  $userIp = $moWpnsUtility->get_client_ip();
 
44
  $mocURL = new MocURL;
45
 
46
  $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
@@ -134,6 +136,7 @@
134
  {
135
  global $moWpnsUtility;
136
  $userIp = $moWpnsUtility->get_client_ip();
 
137
  $mocURL = new MocURL;
138
  $response = $mocURL->validate_recaptcha($userIp,$response);
139
  $content = json_decode($response, true);
@@ -145,6 +148,7 @@
145
  {
146
  global $moWpnsUtility;
147
  $userIp = $moWpnsUtility->get_client_ip();
 
148
  $mocURL = new MocURL;
149
  $response = $mocURL->get_Captcha_v3($response);
150
  $content = json_decode($response, true);
24
  if(array_key_exists('g-recaptcha-response',$_POST))
25
  {
26
  $userIp = $moWpnsUtility->get_client_ip();
27
+ $userIp = sanitize_text_field( $userIp );
28
  $mocURL = new MocURL;
29
  $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
30
  $content = json_decode($response, true);
42
  if(array_key_exists('g-recaptcha-response',$_REQUEST))
43
  {
44
  $userIp = $moWpnsUtility->get_client_ip();
45
+ $userIp = sanitize_text_field( $userIp );
46
  $mocURL = new MocURL;
47
 
48
  $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
136
  {
137
  global $moWpnsUtility;
138
  $userIp = $moWpnsUtility->get_client_ip();
139
+ $userIp = sanitize_text_field( $userIp );
140
  $mocURL = new MocURL;
141
  $response = $mocURL->validate_recaptcha($userIp,$response);
142
  $content = json_decode($response, true);
148
  {
149
  global $moWpnsUtility;
150
  $userIp = $moWpnsUtility->get_client_ip();
151
+ $userIp = sanitize_text_field( $userIp );
152
  $mocURL = new MocURL;
153
  $response = $mocURL->get_Captcha_v3($response);
154
  $content = json_decode($response, true);
handler/twofa/encryption.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
- /**
3
- * @package miniOrange
4
- * @author miniOrange Security Software Pvt. Ltd.
5
- * @license GNU/GPLv3
6
- * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
- *
8
- *
9
- * This file is part of miniOrange Gauth plugin.
10
- */
11
-
12
- class mo2f_GAuth_AESEncryption {
13
- /**
14
- * @param string $data - the key=value pairs separated with &
15
- * @return string
16
- */
17
- public static function encrypt_data_ga($data, $key) {
18
- $plaintext = $data;
19
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
- $iv = openssl_random_pseudo_bytes($ivlen);
21
- $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
- $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
- $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
- return $ciphertext;
25
- }
26
-
27
-
28
- /**
29
- * @param string $data - crypt response from Sagepay
30
- * @return string
31
- */
32
- public static function decrypt_data($data, $key) {
33
- $c = base64_decode($data);
34
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
- $iv = substr($c, 0, $ivlen);
36
- $hmac = substr($c, $ivlen, $sha2len=32);
37
- $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
- $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
- $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
-
41
-
42
- return $original_plaintext;
43
- }
44
-
45
- }
46
  ?>
1
+ <?php
2
+ /**
3
+ * @package miniOrange
4
+ * @author miniOrange Security Software Pvt. Ltd.
5
+ * @license GNU/GPLv3
6
+ * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
+ *
8
+ *
9
+ * This file is part of miniOrange Gauth plugin.
10
+ */
11
+
12
+ class mo2f_GAuth_AESEncryption {
13
+ /**
14
+ * @param string $data - the key=value pairs separated with &
15
+ * @return string
16
+ */
17
+ public static function encrypt_data_ga($data, $key) {
18
+ $plaintext = $data;
19
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
+ $iv = openssl_random_pseudo_bytes($ivlen);
21
+ $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
+ $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
+ $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
+ return $ciphertext;
25
+ }
26
+
27
+
28
+ /**
29
+ * @param string $data - crypt response from Sagepay
30
+ * @return string
31
+ */
32
+ public static function decrypt_data($data, $key) {
33
+ $c = base64_decode($data);
34
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
+ $iv = substr($c, 0, $ivlen);
36
+ $hmac = substr($c, $ivlen, $sha2len=32);
37
+ $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
+ $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
+ $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
+
41
+
42
+ return $original_plaintext;
43
+ }
44
+
45
+ }
46
  ?>
handler/twofa/gaonprem.php CHANGED
@@ -1,253 +1,251 @@
1
- <?php
2
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'encryption.php';
3
- class Google_auth_onpremise{
4
- protected $_codeLength = 6;
5
- function __construct(){
6
-
7
- }
8
-
9
- function mo_GAuth_get_details($setupWizard = false)
10
- {
11
-
12
- $user=wp_get_current_user();
13
- $user_id=$user->ID;
14
-
15
- if(isset($_POST) && isset($_POST['mo2f_session_id'])){
16
- $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
17
- }else{
18
- $session_id_encrypt = MO2f_Utility::random_str(20);
19
- }
20
- $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
21
- if(!$secret_ga){
22
- $secret_ga = $this->createSecret();
23
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $secret_ga);
24
- }
25
-
26
-
27
- $issuer=get_option('mo2f_google_appname', 'miniOrangeAu');
28
- $email=$user->user_email;
29
- $otpcode=$this->getCode($secret_ga);
30
- $url=$this->geturl($secret_ga ,$issuer,$email);
31
- if(!$setupWizard)
32
- {
33
- echo '<div class="mo2f_table_layout">';
34
- mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
35
- echo '</div>';
36
- }
37
- else
38
- {
39
- mo2f_configure_google_authenticator_setupWizard($secret_ga ,$url,$otpcode, $session_id_encrypt);
40
- }
41
- exit;
42
-
43
- }
44
-
45
- function mo_GAuth_set_secret($user_id,$secret){
46
- global $Mo2fdbQueries;
47
- $key=$this->random_str(8);
48
- update_user_meta( $user_id, 'mo2f_get_auth_rnd_string', $key);
49
- $secret=mo2f_GAuth_AESEncryption::encrypt_data_ga($secret,$key);
50
- update_user_meta( $user_id, 'mo2f_gauth_key', $secret);
51
- }
52
-
53
- function mo_GAuth_get_secret($user_id){
54
- global $Mo2fdbQueries;
55
- $key=get_user_meta( $user_id, 'mo2f_get_auth_rnd_string', true);
56
- $secret=get_user_meta( $user_id, 'mo2f_gauth_key', true);
57
- $secret=mo2f_GAuth_AESEncryption::decrypt_data($secret,$key);
58
-
59
- return $secret;
60
- }
61
-
62
- function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
63
- {
64
- $randomString = '';
65
- $charactersLength = strlen($keyspace);
66
- for ($i = 0; $i < $length; $i++) {
67
- $randomString .= $keyspace[rand(0, $charactersLength - 1)];
68
- }
69
- return $randomString;
70
-
71
- }
72
-
73
-
74
-
75
-
76
- function createSecret($secretLength = 16)
77
- {
78
- $validChars = $this->_getBase32LookupTable();
79
-
80
- // Valid secret lengths are 80 to 640 bits
81
- if ($secretLength < 16 || $secretLength > 128) {
82
- throw new Exception('Bad secret length');
83
- }
84
- $secret = '';
85
- $rnd = false;
86
- if (function_exists('random_bytes')) {
87
- $rnd = random_bytes($secretLength);
88
- } elseif (function_exists('openssl_random_pseudo_bytes')) {
89
- $rnd = openssl_random_pseudo_bytes($secretLength, $cryptoStrong);
90
- if (!$cryptoStrong) {
91
- $rnd = false;
92
- }
93
- }
94
- if ($rnd !== false) {
95
- for ($i = 0; $i < $secretLength; ++$i) {
96
- $secret .= $validChars[ord($rnd[$i]) & 31];
97
- }
98
- } else {
99
- throw new Exception('No source of secure random');
100
- }
101
-
102
- return $secret;
103
- }
104
-
105
- function _getBase32LookupTable()
106
- {
107
- return array(
108
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
109
- 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
110
- 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
111
- 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
112
- '=', // padding char
113
- );
114
- }
115
-
116
- function verifyCode($secret, $code,$discrepancy = 3, $currentTimeSlice = null)
117
- {
118
- global $Mo2fdbQueries;
119
- $response=array("status"=>'false');
120
- if ($currentTimeSlice === null) {
121
- $currentTimeSlice = floor(time() / 30);
122
- }
123
-
124
- if (strlen($code) != 6) {
125
- return json_encode($response);
126
- }
127
- for ($i = -$discrepancy; $i <= $discrepancy; ++$i) {
128
- $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
129
- if ($this->timingSafeEquals($calculatedCode, $code)) {
130
- update_option('mo2f_time_slice', $i);
131
- $response['status']='SUCCESS';
132
- return json_encode($response);
133
- }
134
- }
135
- return json_encode($response);
136
- }
137
-
138
- function geturl($secret,$issuer,$email){
139
- // id can be email or name
140
- $url="otpauth://totp/";
141
-
142
- $url.=$email."?secret=".$secret."&issuer=".$issuer;
143
- return $url;
144
-
145
- //aksjdbdzcaasd?secret=4RNWQWBQH4JDPABP&issuer=miniOrange/competits";
146
-
147
- }
148
-
149
- function timingSafeEquals($safeString, $userString)
150
- {
151
- if (function_exists('hash_equals')) {
152
- return hash_equals($safeString, $userString);
153
- }
154
- $safeLen = strlen($safeString);
155
- $userLen = strlen($userString);
156
-
157
- if ($userLen != $safeLen) {
158
- return false;
159
- }
160
-
161
- $result = 0;
162
-
163
- for ($i = 0; $i < $userLen; ++$i) {
164
- $result |= (ord($safeString[$i]) ^ ord($userString[$i]));
165
- }
166
-
167
- // They are only identical strings if $result is exactly 0...
168
- return $result === 0;
169
- }
170
-
171
- function getCode($secret, $timeSlice = null)
172
- {
173
- if ($timeSlice === null) {
174
- $timeSlice = floor(time() / 30);
175
- }
176
-
177
- $secretkey = $this->_base32Decode($secret);
178
- // Pack time into binary string
179
- $time = chr(0).chr(0).chr(0).chr(0). pack('N*', $timeSlice);
180
- // Hash it with users secret key
181
- $hm = hash_hmac('SHA1', $time, $secretkey, true);
182
-
183
- // Use last nipple of result as index/offset
184
- $offset = ord(substr($hm, -1)) & 0x0F;
185
-
186
- // grab 4 bytes of the result
187
- $hashpart = substr($hm, $offset, 4);
188
- // Unpak binary value
189
- $value = unpack('N', $hashpart);
190
- $value = $value[1];
191
- // Only 32 bits
192
- $value = $value & 0x7FFFFFFF;
193
- $modulo = pow(10, $this->_codeLength);
194
- return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
195
- }
196
-
197
- function _base32Decode($secret)
198
- {
199
- if (empty($secret)) {
200
- return '';
201
- }
202
- $base32chars = $this->_getBase32LookupTable();
203
- $base32charsFlipped = array_flip($base32chars);
204
-
205
- $paddingCharCount = substr_count($secret, $base32chars[32]);
206
- $allowedValues = array(6, 4, 3, 1, 0);
207
- if (!in_array($paddingCharCount, $allowedValues)) {
208
- return false;
209
- }
210
-
211
-
212
- for ($i = 0; $i < 4; ++$i) {
213
- if ($paddingCharCount == $allowedValues[$i] &&
214
- substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) {
215
- return false;
216
- }
217
- }
218
- $secret = str_replace('=', '', $secret);
219
- $secret = str_split($secret);
220
- $binaryString = '';
221
- for ($i = 0; $i < count($secret); $i = $i + 8) {
222
- $x = '';
223
- if (!in_array($secret[$i], $base32chars)) {
224
- return false;
225
- }
226
- for ($j = 0; $j < 8; ++$j) {
227
-
228
- $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
229
- }
230
- $eightBits = str_split($x, 8);
231
- for ($z = 0; $z < count($eightBits); ++$z) {
232
- $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y : '';
233
-
234
- }
235
- }
236
-
237
- return $binaryString;
238
- }
239
-
240
- public static function mo2f_GAuth_get_option($option,$val=null){
241
- if(is_multisite()){
242
-
243
- $val=get_site_option($option,$val);
244
-
245
- }else{
246
- $val=get_option($option,$val);
247
- }
248
-
249
- return $val;
250
-
251
- }
252
- }
253
  ?>
1
+ <?php
2
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'encryption.php';
3
+ class Google_auth_onpremise{
4
+ protected $_codeLength = 6;
5
+ function __construct(){
6
+
7
+ }
8
+
9
+ function mo_GAuth_get_details($setupWizard = false)
10
+ {
11
+
12
+ $user=wp_get_current_user();
13
+ $user_id=$user->ID;
14
+
15
+ if(isset($_POST) && isset($_POST['mo2f_session_id'])){
16
+ $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
17
+ }else{
18
+ $session_id_encrypt = MO2f_Utility::random_str(20);
19
+ }
20
+ $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
21
+ if(!$secret_ga){
22
+ $secret_ga = $this->createSecret();
23
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $secret_ga);
24
+ }
25
+
26
+
27
+ $issuer=get_option('mo2f_google_appname', 'miniOrangeAu');
28
+ $email=$user->user_email;
29
+ $otpcode=$this->getCode($secret_ga);
30
+ $url=$this->geturl($secret_ga ,$issuer,$email);
31
+ if(!$setupWizard)
32
+ {
33
+ echo '<div class="mo2f_table_layout">';
34
+ mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
35
+ echo '</div>';
36
+ }
37
+ else
38
+ {
39
+ mo2f_configure_google_authenticator_setupWizard($secret_ga ,$url,$otpcode, $session_id_encrypt);
40
+ }
41
+ }
42
+
43
+ function mo_GAuth_set_secret($user_id,$secret){
44
+ global $Mo2fdbQueries;
45
+ $key=$this->random_str(8);
46
+ update_user_meta( $user_id, 'mo2f_get_auth_rnd_string', $key);
47
+ $secret=mo2f_GAuth_AESEncryption::encrypt_data_ga($secret,$key);
48
+ update_user_meta( $user_id, 'mo2f_gauth_key', $secret);
49
+ }
50
+
51
+ function mo_GAuth_get_secret($user_id){
52
+ global $Mo2fdbQueries;
53
+ $key=get_user_meta( $user_id, 'mo2f_get_auth_rnd_string', true);
54
+ $secret=get_user_meta( $user_id, 'mo2f_gauth_key', true);
55
+ $secret=mo2f_GAuth_AESEncryption::decrypt_data($secret,$key);
56
+
57
+ return $secret;
58
+ }
59
+
60
+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
61
+ {
62
+ $randomString = '';
63
+ $charactersLength = strlen($keyspace);
64
+ for ($i = 0; $i < $length; $i++) {
65
+ $randomString .= $keyspace[rand(0, $charactersLength - 1)];
66
+ }
67
+ return $randomString;
68
+
69
+ }
70
+
71
+
72
+
73
+
74
+ function createSecret($secretLength = 16)
75
+ {
76
+ $validChars = $this->_getBase32LookupTable();
77
+
78
+ // Valid secret lengths are 80 to 640 bits
79
+ if ($secretLength < 16 || $secretLength > 128) {
80
+ throw new Exception('Bad secret length');
81
+ }
82
+ $secret = '';
83
+ $rnd = false;
84
+ if (function_exists('random_bytes')) {
85
+ $rnd = random_bytes($secretLength);
86
+ } elseif (function_exists('openssl_random_pseudo_bytes')) {
87
+ $rnd = openssl_random_pseudo_bytes($secretLength, $cryptoStrong);
88
+ if (!$cryptoStrong) {
89
+ $rnd = false;
90
+ }
91
+ }
92
+ if ($rnd !== false) {
93
+ for ($i = 0; $i < $secretLength; ++$i) {
94
+ $secret .= $validChars[ord($rnd[$i]) & 31];
95
+ }
96
+ } else {
97
+ throw new Exception('No source of secure random');
98
+ }
99
+
100
+ return $secret;
101
+ }
102
+
103
+ function _getBase32LookupTable()
104
+ {
105
+ return array(
106
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
107
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
108
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
109
+ 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
110
+ '=', // padding char
111
+ );
112
+ }
113
+
114
+ function verifyCode($secret, $code,$discrepancy = 3, $currentTimeSlice = null)
115
+ {
116
+ global $Mo2fdbQueries;
117
+ $response=array("status"=>'false');
118
+ if ($currentTimeSlice === null) {
119
+ $currentTimeSlice = floor(time() / 30);
120
+ }
121
+
122
+ if (strlen($code) != 6) {
123
+ return json_encode($response);
124
+ }
125
+ for ($i = -$discrepancy; $i <= $discrepancy; ++$i) {
126
+ $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
127
+ if ($this->timingSafeEquals($calculatedCode, $code)) {
128
+ update_option('mo2f_time_slice', $i);
129
+ $response['status']='SUCCESS';
130
+ return json_encode($response);
131
+ }
132
+ }
133
+ return json_encode($response);
134
+ }
135
+
136
+ function geturl($secret,$issuer,$email){
137
+ // id can be email or name
138
+ $url="otpauth://totp/";
139
+
140
+ $url.=$email."?secret=".$secret."&issuer=".$issuer;
141
+ return $url;
142
+
143
+ //aksjdbdzcaasd?secret=4RNWQWBQH4JDPABP&issuer=miniOrange/competits";
144
+
145
+ }
146
+
147
+ function timingSafeEquals($safeString, $userString)
148
+ {
149
+ if (function_exists('hash_equals')) {
150
+ return hash_equals($safeString, $userString);
151
+ }
152
+ $safeLen = strlen($safeString);
153
+ $userLen = strlen($userString);
154
+
155
+ if ($userLen != $safeLen) {
156
+ return false;
157
+ }
158
+
159
+ $result = 0;
160
+
161
+ for ($i = 0; $i < $userLen; ++$i) {
162
+ $result |= (ord($safeString[$i]) ^ ord($userString[$i]));
163
+ }
164
+
165
+ // They are only identical strings if $result is exactly 0...
166
+ return $result === 0;
167
+ }
168
+
169
+ function getCode($secret, $timeSlice = null)
170
+ {
171
+ if ($timeSlice === null) {
172
+ $timeSlice = floor(time() / 30);
173
+ }
174
+
175
+ $secretkey = $this->_base32Decode($secret);
176
+ // Pack time into binary string
177
+ $time = chr(0).chr(0).chr(0).chr(0). pack('N*', $timeSlice);
178
+ // Hash it with users secret key
179
+ $hm = hash_hmac('SHA1', $time, $secretkey, true);
180
+
181
+ // Use last nipple of result as index/offset
182
+ $offset = ord(substr($hm, -1)) & 0x0F;
183
+
184
+ // grab 4 bytes of the result
185
+ $hashpart = substr($hm, $offset, 4);
186
+ // Unpak binary value
187
+ $value = unpack('N', $hashpart);
188
+ $value = $value[1];
189
+ // Only 32 bits
190
+ $value = $value & 0x7FFFFFFF;
191
+ $modulo = pow(10, $this->_codeLength);
192
+ return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
193
+ }
194
+
195
+ function _base32Decode($secret)
196
+ {
197
+ if (empty($secret)) {
198
+ return '';
199
+ }
200
+ $base32chars = $this->_getBase32LookupTable();
201
+ $base32charsFlipped = array_flip($base32chars);
202
+
203
+ $paddingCharCount = substr_count($secret, $base32chars[32]);
204
+ $allowedValues = array(6, 4, 3, 1, 0);
205
+ if (!in_array($paddingCharCount, $allowedValues)) {
206
+ return false;
207
+ }
208
+
209
+
210
+ for ($i = 0; $i < 4; ++$i) {
211
+ if ($paddingCharCount == $allowedValues[$i] &&
212
+ substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) {
213
+ return false;
214
+ }
215
+ }
216
+ $secret = str_replace('=', '', $secret);
217
+ $secret = str_split($secret);
218
+ $binaryString = '';
219
+ for ($i = 0; $i < count($secret); $i = $i + 8) {
220
+ $x = '';
221
+ if (!in_array($secret[$i], $base32chars)) {
222
+ return false;
223
+ }
224
+ for ($j = 0; $j < 8; ++$j) {
225
+
226
+ $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
227
+ }
228
+ $eightBits = str_split($x, 8);
229
+ for ($z = 0; $z < count($eightBits); ++$z) {
230
+ $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y : '';
231
+
232
+ }
233
+ }
234
+
235
+ return $binaryString;
236
+ }
237
+
238
+ public static function mo2f_GAuth_get_option($option,$val=null){
239
+ if(is_multisite()){
240
+
241
+ $val=get_site_option($option,$val);
242
+
243
+ }else{
244
+ $val=get_option($option,$val);
245
+ }
246
+
247
+ return $val;
248
+
249
+ }
250
+ }
 
 
251
  ?>
handler/twofa/two_fa_login.php CHANGED
@@ -1,403 +1,403 @@
1
- <?Php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
- class Miniorange_Mobile_Login {
27
-
28
- function mo2fa_default_login( $user, $username, $password ) {
29
-
30
- global $Mo2fdbQueries;
31
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
- if ( is_wp_error( $currentuser ) ) {
33
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
- wp_send_json_success($data);
36
- }
37
- else{
38
- return $currentuser;
39
- }
40
- } else {
41
- if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
- {
43
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
- $handleSecondFactor = new Miniorange_Password_2Factor_Login();
47
- if(is_null($session_id)) {
48
- $session_id = $handleSecondFactor->create_session();
49
- }
50
-
51
- $key = get_option('mo2f_customer_token');
52
- $otp_token = '';
53
- $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
54
-
55
- }
56
- $this->miniorange_login_start_session();
57
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
58
- $session_id=$pass2fa_login_session->create_session();
59
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
60
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
61
- if ( $mo2f_configured_2FA_method ) {
62
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
63
- $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
64
- if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
65
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
66
- $this->mo_auth_show_error_message();
67
- $this->mo2f_redirectto_wp_login();
68
- $error = new WP_Error();
69
- return $error;
70
- } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
71
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
72
- }
73
- } else { //plugin is not activated for non-admin then logged him in
74
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
75
- }
76
- }
77
- }
78
-
79
- public function miniorange_login_start_session() {
80
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
81
- session_start();
82
- }
83
- }
84
-
85
- function mo_auth_show_error_message($value = null) {
86
- remove_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
87
- add_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
88
- }
89
-
90
- function mo2f_redirectto_wp_login() {
91
- global $Mo2fdbQueries;
92
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
93
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
94
- if(is_null($session_id)) {
95
- $session_id=$pass2fa_login_session->create_session();
96
- }
97
- remove_action( 'login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login' ) );
98
- add_action( 'login_dequeue_scripts', array( $this, 'mo_2_factor_show_login' ) );
99
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
100
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' );
101
- } else {
102
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM' );
103
- }
104
- }
105
-
106
- function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
107
- $user_id = $user->ID;
108
- wp_set_current_user( $user_id, $user->user_login );
109
- $this->remove_current_activity($session_id);
110
- wp_set_auth_cookie( $user_id, true );
111
- do_action( 'wp_login', $user->user_login, $user );
112
- redirect_user_to( $user, $redirect_to );
113
- exit;
114
- }
115
-
116
- function remove_current_activity($session_id) {
117
- global $Mo2fdbQueries;
118
- $session_variables = array(
119
- 'mo2f_current_user_id',
120
- 'mo2f_1stfactor_status',
121
- 'mo_2factor_login_status',
122
- 'mo2f-login-qrCode',
123
- 'mo2f_transactionId',
124
- 'mo2f_login_message',
125
- 'mo2f_rba_status',
126
- 'mo_2_factor_kba_questions',
127
- 'mo2f_show_qr_code',
128
- 'mo2f_google_auth',
129
- 'mo2f_authy_keys'
130
- );
131
-
132
- $cookie_variables = array(
133
- 'mo2f_current_user_id',
134
- 'mo2f_1stfactor_status',
135
- 'mo_2factor_login_status',
136
- 'mo2f-login-qrCode',
137
- 'mo2f_transactionId',
138
- 'mo2f_login_message',
139
- 'mo2f_rba_status_status',
140
- 'mo2f_rba_status_sessionUuid',
141
- 'mo2f_rba_status_decision_flag',
142
- 'kba_question1',
143
- 'kba_question2',
144
- 'mo2f_show_qr_code',
145
- 'mo2f_google_auth',
146
- 'mo2f_authy_keys'
147
- );
148
-
149
- $temp_table_variables = array(
150
- 'session_id',
151
- 'mo2f_current_user_id',
152
- 'mo2f_login_message',
153
- 'mo2f_1stfactor_status',
154
- 'mo2f_transactionId',
155
- 'mo_2_factor_kba_questions',
156
- 'mo2f_rba_status',
157
- 'ts_created'
158
- );
159
-
160
- MO2f_Utility::unset_session_variables( $session_variables );
161
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
162
- MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
163
- }
164
-
165
- function custom_login_enqueue_scripts() {
166
- wp_enqueue_script( 'jquery' );
167
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
168
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
169
- wp_enqueue_style( 'bootstrap_script', $bootstrappath );
170
- wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__ ))) );
171
- }
172
-
173
- function mo_2_factor_hide_login() {
174
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
175
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
176
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
177
- $hidepath = str_replace('/handler/includes/css', '/includes/css', $hidepath);
178
-
179
- wp_register_style( 'hide-login', $hidepath );
180
- wp_register_style( 'bootstrap', $bootstrappath );
181
- wp_enqueue_style( 'hide-login' );
182
- wp_enqueue_style( 'bootstrap' );
183
-
184
- }
185
-
186
- function mo_auth_success_message() {
187
- $message = isset($_SESSION['mo2f_login_message']) ? $_SESSION['mo2f_login_message'] : '';
188
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
189
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
190
- //if the php session folder has insufficient permissions, cookies to be used
191
-
192
-
193
- if($message == '')
194
- {
195
- $message = 'Please login into your account using password.';
196
- }
197
-
198
- return "<div> <p class='message'>" . $message . "</p></div>";
199
- }
200
-
201
- function mo_auth_error_message() {
202
- $id = "login_error1";
203
- //if the php session folder has insufficient permissions, cookies to be used
204
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
205
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
206
- //if the php session folder has insufficient permissions, cookies to be used
207
- if($message=='')
208
- {
209
- $message = 'Invalid Username';
210
- }
211
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
212
- { //test
213
- $message = 'Invalid Username or recaptcha';
214
- }
215
- return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
216
- }
217
-
218
- function mo_auth_show_success_message() {
219
- remove_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
220
- add_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
221
- }
222
-
223
- function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
224
- global $Mo2fdbQueries;
225
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']): null;
226
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
227
-
228
- if(is_null($session_id_encrypt)) {
229
- $session_id_encrypt=$pass2fa_login_session->create_session();
230
- }
231
-
232
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
233
- //if the php session folder has insufficient permissions, cookies to be used
234
- $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' ,$session_id_encrypt);
235
-
236
- if(MO2F_IS_ONPREM)
237
- {
238
- $userName = isset($_POST['mo2fa_username']) ? sanitize_text_field($_POST['mo2fa_username']) : '';
239
-
240
- if(!empty($userName))
241
- {
242
- $user = get_user_by('login',$userName);
243
- if($user)
244
- {
245
- //$currentMethod = get_user_meta($user->ID, 'currentMethod', true);
246
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
247
- if($currentMethod == 'None' or $currentMethod == '')
248
- $login_status_phone_enable = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
249
- }
250
- }
251
- }
252
- if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_login_nonce']), 'miniorange-2-factor-login-nonce' ) ) {
253
- $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
- $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
- $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
256
- $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
- ?>
258
- <script>
259
- jQuery('#user_login').val(<?php echo "'" . $mo2f_user_login . "'"; ?>);
260
- </script><?php
261
- } else {
262
- $this->mo_2_factor_show_login();
263
- $this->mo_2_factor_show_wp_login_form();
264
- }
265
- } else { //Login with phone is alogin with default login form
266
- $this->mo_2_factor_show_login();
267
- $this->mo_2_factor_show_wp_login_form();
268
- }
269
-
270
- }
271
-
272
- function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
273
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ ))) );
274
- wp_enqueue_style( 'show-login' );
275
- }
276
-
277
-
278
- // login form fields
279
-
280
- function mo_2_factor_show_wp_login_form_when_phonelogin_enabled() {
281
- ?>
282
- <script>
283
- var content = ' <a href="javascript:void(0)" id="backto_mo" onClick="mo2fa_backtomologin()" style="float:right">← Back</a>';
284
- jQuery('#login').append(content);
285
-
286
- function mo2fa_backtomologin() {
287
- jQuery('#mo2f_backto_mo_loginform').submit();
288
- }
289
- </script>
290
- <?php
291
- }
292
-
293
- function mo_2_factor_show_login() {
294
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
295
-
296
- $showpath = plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ )));
297
-
298
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
299
- wp_register_style( 'show-login', $hidepath );
300
- } else {
301
- wp_register_style( 'show-login', $showpath );
302
- }
303
- wp_enqueue_style( 'show-login' );
304
- }
305
-
306
- function mo_2_factor_show_wp_login_form() {
307
- $mo2f_enable_login_with_2nd_factor = get_option( 'mo2f_enable_login_with_2nd_factor' );
308
-
309
-
310
- ?>
311
- <div class="mo2f-login-container">
312
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?>
313
- <div style="position: relative" class="or-container">
314
- <div class="login_with_2factor_inner_div"></div>
315
- <h2 class="login_with_2factor_h2"><?php echo mo2f_lt( 'or' ); ?></h2>
316
- </div>
317
- <?php } ?>
318
-
319
- <br>
320
- <div class="mo2f-button-container" id="mo2f_button_container">
321
- <input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true"
322
- placeholder="<?php echo mo2f_lt( 'Username' ); ?>"/>
323
- <p>
324
-
325
- <input type="button" name="miniorange_login_submit" style="width:100% !important;"
326
- onclick="mouserloginsubmit();" id="miniorange_login_submit"
327
- class="button button-primary button-large"
328
- value="<?php echo mo2f_lt( 'Login with 2nd factor' ); ?>"/>
329
- </p>
330
- <br><br><br>
331
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?><br><br><?php } ?>
332
- </div>
333
- </div>
334
-
335
- <script>
336
- jQuery(window).scrollTop(jQuery('#mo2f_button_container').offset().top);
337
-
338
- function mouserloginsubmit() {
339
- var username = jQuery('#mo2fa_usernamekey').val();
340
- var recap = jQuery('#g-recaptcha-response').val();
341
- if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
342
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
343
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[1].value = recap;
344
-
345
- jQuery('#mo2fa-g-recaptcha-response-form').submit();
346
- }
347
- }
348
-
349
- jQuery('#mo2fa_usernamekey').keypress(function (e) {
350
- if (e.which == 13) {//Enter key pressed
351
- e.preventDefault();
352
- var username = jQuery('#mo2fa_usernamekey').val();
353
- if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
354
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
355
- jQuery('#mo2fa-g-recaptcha-response-form').submit();
356
- }
357
- }
358
-
359
- });
360
- </script>
361
- <?php
362
- }
363
-
364
- function miniorange_login_footer_form() {
365
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
366
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
367
- if(is_null($session_id_encrypt)) {
368
- $session_id_encrypt=$pass2fa_login_session->create_session();
369
- }
370
-
371
- ?>
372
- <input type="hidden" name="miniorange_login_nonce"
373
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
375
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
- <input type="hidden" id="sessids" name="session_id"
378
- value="<?php echo $session_id_encrypt; ?>"/>
379
- </form>
380
- <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
- <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
- <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
- <input type="hidden" name="miniorange_login_nonce"
384
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
- <input type="hidden" id="sessid" name="session_id"
386
- value="<?php echo $session_id_encrypt; ?>"/>
387
- </form>
388
- <script>
389
- jQuery(document).ready(function () {
390
- var session_ids="<?php echo $session_id_encrypt; ?>";
391
- if (document.getElementById('loginform') != null) {
392
- jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
- jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
-
395
- }
396
- });
397
- </script>
398
- <?php
399
-
400
- }
401
- }
402
-
403
  ?>
1
+ <?Php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
+ class Miniorange_Mobile_Login {
27
+
28
+ function mo2fa_default_login( $user, $username, $password ) {
29
+
30
+ global $Mo2fdbQueries;
31
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
+ if ( is_wp_error( $currentuser ) ) {
33
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
+ wp_send_json_success($data);
36
+ }
37
+ else{
38
+ return $currentuser;
39
+ }
40
+ } else {
41
+ if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
+ {
43
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
+ $handleSecondFactor = new Miniorange_Password_2Factor_Login();
47
+ if(is_null($session_id)) {
48
+ $session_id = $handleSecondFactor->create_session();
49
+ }
50
+
51
+ $key = get_option('mo2f_customer_token');
52
+ $otp_token = '';
53
+ $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
54
+
55
+ }
56
+ $this->miniorange_login_start_session();
57
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
58
+ $session_id=$pass2fa_login_session->create_session();
59
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
60
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
61
+ if ( $mo2f_configured_2FA_method ) {
62
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
63
+ $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
64
+ if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
65
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
66
+ $this->mo_auth_show_error_message();
67
+ $this->mo2f_redirectto_wp_login();
68
+ $error = new WP_Error();
69
+ return $error;
70
+ } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
71
+ $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
72
+ }
73
+ } else { //plugin is not activated for non-admin then logged him in
74
+ $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
75
+ }
76
+ }
77
+ }
78
+
79
+ public function miniorange_login_start_session() {
80
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
81
+ session_start();
82
+ }
83
+ }
84
+
85
+ function mo_auth_show_error_message($value = null) {
86
+ remove_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
87
+ add_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
88
+ }
89
+
90
+ function mo2f_redirectto_wp_login() {
91
+ global $Mo2fdbQueries;
92
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
93
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
94
+ if(is_null($session_id)) {
95
+ $session_id=$pass2fa_login_session->create_session();
96
+ }
97
+ remove_action( 'login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login' ) );
98
+ add_action( 'login_dequeue_scripts', array( $this, 'mo_2_factor_show_login' ) );
99
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
100
+ MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' );
101
+ } else {
102
+ MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM' );
103
+ }
104
+ }
105
+
106
+ function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
107
+ $user_id = $user->ID;
108
+ wp_set_current_user( $user_id, $user->user_login );
109
+ $this->remove_current_activity($session_id);
110
+ wp_set_auth_cookie( $user_id, true );
111
+ do_action( 'wp_login', $user->user_login, $user );
112
+ redirect_user_to( $user, $redirect_to );
113
+ exit;
114
+ }
115
+
116
+ function remove_current_activity($session_id) {
117
+ global $Mo2fdbQueries;
118
+ $session_variables = array(
119
+ 'mo2f_current_user_id',
120
+ 'mo2f_1stfactor_status',
121
+ 'mo_2factor_login_status',
122
+ 'mo2f-login-qrCode',
123
+ 'mo2f_transactionId',
124
+ 'mo2f_login_message',
125
+ 'mo2f_rba_status',
126
+ 'mo_2_factor_kba_questions',
127
+ 'mo2f_show_qr_code',
128
+ 'mo2f_google_auth',
129
+ 'mo2f_authy_keys'
130
+ );
131
+
132
+ $cookie_variables = array(
133
+ 'mo2f_current_user_id',
134
+ 'mo2f_1stfactor_status',
135
+ 'mo_2factor_login_status',
136
+ 'mo2f-login-qrCode',
137
+ 'mo2f_transactionId',
138
+ 'mo2f_login_message',
139
+ 'mo2f_rba_status_status',
140
+ 'mo2f_rba_status_sessionUuid',
141
+ 'mo2f_rba_status_decision_flag',
142
+ 'kba_question1',
143
+ 'kba_question2',
144
+ 'mo2f_show_qr_code',
145
+ 'mo2f_google_auth',
146
+ 'mo2f_authy_keys'
147
+ );
148
+
149
+ $temp_table_variables = array(
150
+ 'session_id',
151
+ 'mo2f_current_user_id',
152
+ 'mo2f_login_message',
153
+ 'mo2f_1stfactor_status',
154
+ 'mo2f_transactionId',
155
+ 'mo_2_factor_kba_questions',
156
+ 'mo2f_rba_status',
157
+ 'ts_created'
158
+ );
159
+
160
+ MO2f_Utility::unset_session_variables( $session_variables );
161
+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
162
+ MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
163
+ }
164
+
165
+ function custom_login_enqueue_scripts() {
166
+ wp_enqueue_script( 'jquery' );
167
+ $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
168
+ $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
169
+ wp_enqueue_style( 'bootstrap_script', $bootstrappath );
170
+ wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__ ))) );
171
+ }
172
+
173
+ function mo_2_factor_hide_login() {
174
+ $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
175
+ $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
176
+ $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
177
+ $hidepath = str_replace('/handler/includes/css', '/includes/css', $hidepath);
178
+
179
+ wp_register_style( 'hide-login', $hidepath );
180
+ wp_register_style( 'bootstrap', $bootstrappath );
181
+ wp_enqueue_style( 'hide-login' );
182
+ wp_enqueue_style( 'bootstrap' );
183
+
184
+ }
185
+
186
+ function mo_auth_success_message() {
187
+ $message = isset($_SESSION['mo2f_login_message']) ? $_SESSION['mo2f_login_message'] : '';
188
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
189
+ $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
190
+ //if the php session folder has insufficient permissions, cookies to be used
191
+
192
+
193
+ if($message == '')
194
+ {
195
+ $message = 'Please login into your account using password.';
196
+ }
197
+
198
+ return "<div> <p class='message'>" . $message . "</p></div>";
199
+ }
200
+
201
+ function mo_auth_error_message() {
202
+ $id = "login_error1";
203
+ //if the php session folder has insufficient permissions, cookies to be used
204
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
205
+ $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
206
+ //if the php session folder has insufficient permissions, cookies to be used
207
+ if($message=='')
208
+ {
209
+ $message = 'Invalid Username';
210
+ }
211
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
212
+ { //test
213
+ $message = 'Invalid Username or recaptcha';
214
+ }
215
+ return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
216
+ }
217
+
218
+ function mo_auth_show_success_message() {
219
+ remove_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
220
+ add_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
221
+ }
222
+
223
+ function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
224
+ global $Mo2fdbQueries;
225
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']): null;
226
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
227
+
228
+ if(is_null($session_id_encrypt)) {
229
+ $session_id_encrypt=$pass2fa_login_session->create_session();
230
+ }
231
+
232
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
233
+ //if the php session folder has insufficient permissions, cookies to be used
234
+ $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' ,$session_id_encrypt);
235
+
236
+ if(MO2F_IS_ONPREM)
237
+ {
238
+ $userName = isset($_POST['mo2fa_username']) ? sanitize_text_field($_POST['mo2fa_username']) : '';
239
+
240
+ if(!empty($userName))
241
+ {
242
+ $user = get_user_by('login',$userName);
243
+ if($user)
244
+ {
245
+ //$currentMethod = get_user_meta($user->ID, 'currentMethod', true);
246
+ $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
247
+ if($currentMethod == 'None' or $currentMethod == '')
248
+ $login_status_phone_enable = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
249
+ }
250
+ }
251
+ }
252
+ if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_login_nonce']), 'miniorange-2-factor-login-nonce' ) ) {
253
+ $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
+ $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
+ $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
256
+ $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
+ ?>
258
+ <script>
259
+ jQuery('#user_login').val(<?php echo "'" . $mo2f_user_login . "'"; ?>);
260
+ </script><?php
261
+ } else {
262
+ $this->mo_2_factor_show_login();
263
+ $this->mo_2_factor_show_wp_login_form();
264
+ }
265
+ } else { //Login with phone is alogin with default login form
266
+ $this->mo_2_factor_show_login();
267
+ $this->mo_2_factor_show_wp_login_form();
268
+ }
269
+
270
+ }
271
+
272
+ function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
273
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ ))) );
274
+ wp_enqueue_style( 'show-login' );
275
+ }
276
+
277
+
278
+ // login form fields
279
+
280
+ function mo_2_factor_show_wp_login_form_when_phonelogin_enabled() {
281
+ ?>
282
+ <script>
283
+ var content = ' <a href="javascript:void(0)" id="backto_mo" onClick="mo2fa_backtomologin()" style="float:right">← Back</a>';
284
+ jQuery('#login').append(content);
285
+
286
+ function mo2fa_backtomologin() {
287
+ jQuery('#mo2f_backto_mo_loginform').submit();
288
+ }
289
+ </script>
290
+ <?php
291
+ }
292
+
293
+ function mo_2_factor_show_login() {
294
+ $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
295
+
296
+ $showpath = plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ )));
297
+
298
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
299
+ wp_register_style( 'show-login', $hidepath );
300
+ } else {
301
+ wp_register_style( 'show-login', $showpath );
302
+ }
303
+ wp_enqueue_style( 'show-login' );
304
+ }
305
+
306
+ function mo_2_factor_show_wp_login_form() {
307
+ $mo2f_enable_login_with_2nd_factor = get_option( 'mo2f_enable_login_with_2nd_factor' );
308
+
309
+
310
+ ?>
311
+ <div class="mo2f-login-container">
312
+ <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?>
313
+ <div style="position: relative" class="or-container">
314
+ <div class="login_with_2factor_inner_div"></div>
315
+ <h2 class="login_with_2factor_h2"><?php echo mo2f_lt( 'or' ); ?></h2>
316
+ </div>
317
+ <?php } ?>
318
+
319
+ <br>
320
+ <div class="mo2f-button-container" id="mo2f_button_container">
321
+ <input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true"
322
+ placeholder="<?php echo mo2f_lt( 'Username' ); ?>"/>
323
+ <p>
324
+
325
+ <input type="button" name="miniorange_login_submit" style="width:100% !important;"
326
+ onclick="mouserloginsubmit();" id="miniorange_login_submit"
327
+ class="button button-primary button-large"
328
+ value="<?php echo mo2f_lt( 'Login with 2nd factor' ); ?>"/>
329
+ </p>
330
+ <br><br><br>
331
+ <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?><br><br><?php } ?>
332
+ </div>
333
+ </div>
334
+
335
+ <script>
336
+ jQuery(window).scrollTop(jQuery('#mo2f_button_container').offset().top);
337
+
338
+ function mouserloginsubmit() {
339
+ var username = jQuery('#mo2fa_usernamekey').val();
340
+ var recap = jQuery('#g-recaptcha-response').val();
341
+ if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
342
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
343
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[1].value = recap;
344
+
345
+ jQuery('#mo2fa-g-recaptcha-response-form').submit();
346
+ }
347
+ }
348
+
349
+ jQuery('#mo2fa_usernamekey').keypress(function (e) {
350
+ if (e.which == 13) {//Enter key pressed
351
+ e.preventDefault();
352
+ var username = jQuery('#mo2fa_usernamekey').val();
353
+ if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
354
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
355
+ jQuery('#mo2fa-g-recaptcha-response-form').submit();
356
+ }
357
+ }
358
+
359
+ });
360
+ </script>
361
+ <?php
362
+ }
363
+
364
+ function miniorange_login_footer_form() {
365
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
366
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
367
+ if(is_null($session_id_encrypt)) {
368
+ $session_id_encrypt=$pass2fa_login_session->create_session();
369
+ }
370
+
371
+ ?>
372
+ <input type="hidden" name="miniorange_login_nonce"
373
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
375
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
+ <input type="hidden" id="sessids" name="session_id"
378
+ value="<?php echo $session_id_encrypt; ?>"/>
379
+ </form>
380
+ <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
+ <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
+ <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
+ <input type="hidden" name="miniorange_login_nonce"
384
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
+ <input type="hidden" id="sessid" name="session_id"
386
+ value="<?php echo $session_id_encrypt; ?>"/>
387
+ </form>
388
+ <script>
389
+ jQuery(document).ready(function () {
390
+ var session_ids="<?php echo $session_id_encrypt; ?>";
391
+ if (document.getElementById('loginform') != null) {
392
+ jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
+ jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
+
395
+ }
396
+ });
397
+ </script>
398
+ <?php
399
+
400
+ }
401
+ }
402
+
403
  ?>
handler/twofa/two_fa_settings.php CHANGED
@@ -1,5061 +1,5068 @@
1
- <?php
2
- include 'two_fa_pass2login.php';
3
- include_once 'two_fa_get_details.php';
4
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_setup_notification.php';
5
- include 'class_miniorange_2fa_strong_password.php';
6
-
7
- class Miniorange_Authentication {
8
-
9
- private $defaultCustomerKey = "16555";
10
- private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
11
-
12
- function __construct() {
13
- add_action( 'admin_init', array( $this, 'miniorange_auth_save_settings' ) );
14
- add_action( 'plugins_loaded', array( $this, 'mo2f_update_db_check' ) );
15
-
16
- global $wp_roles;
17
- if ( ! isset( $wp_roles ) ) {
18
- $wp_roles = new WP_Roles();
19
- }
20
-
21
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option') == 1 ) {
22
- $mo2f_rba_attributes = new Miniorange_Rba_Attributes();
23
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
24
- $mo2f_2factor_setup = new Two_Factor_Setup();
25
- add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
26
- //for shortcode addon
27
- $mo2f_ns_config = new MoWpnsUtility();
28
- add_action( 'login_form', array( $pass2fa_login, 'mo_2_factor_pass2login_show_wp_login_form' ),10 );
29
-
30
- //strong password file
31
- $mo2f_strong_password = new class_miniorange_2fa_strong_password();
32
-
33
- if($mo2f_ns_config->hasLoginCookie())
34
- {
35
- add_action('user_profile_update_errors', array( $mo2f_strong_password, 'validatePassword'), 0, 3 );
36
- add_action( 'woocommerce_save_account_details_errors', array( $mo2f_strong_password, 'woocommerce_password_edit_account' ),1,2 );
37
- }
38
- add_filter( 'woocommerce_process_registration_errors', array($mo2f_strong_password,'woocommerce_password_protection'),1,4);
39
- add_filter( 'woocommerce_registration_errors', array($mo2f_strong_password,'woocommerce_password_registration_protection'),1,3);
40
- add_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', [ $this, 'disable_admin_bar' ] );
41
-
42
- add_filter( 'mo2f_shortcode_rba_gauth', array( $mo2f_rba_attributes, 'mo2f_validate_google_auth' ), 10, 3 );
43
- add_filter( 'mo2f_shortcode_kba', array( $mo2f_2factor_setup, 'register_kba_details' ), 10, 7 );
44
- add_filter( 'mo2f_update_info', array( $mo2f_2factor_setup, 'mo2f_update_userinfo' ), 10, 5 );
45
- add_action( 'mo2f_shortcode_form_fields', array(
46
- $pass2fa_login,
47
- 'miniorange_pass2login_form_fields'
48
- ), 10, 5 );
49
-
50
- add_action( 'delete_user', array( $this, 'mo2f_delete_user' ) );
51
-
52
- add_filter( 'mo2f_gauth_service', array( $mo2f_rba_attributes, 'mo2f_google_auth_service' ), 10, 1 );
53
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) { //password + 2nd factor enabled
54
- if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
55
-
56
- remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
57
-
58
- add_filter( 'authenticate', array( $pass2fa_login, 'mo2f_check_username_password' ), 99999, 4 );
59
- add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
60
- add_action( 'login_form', array(
61
- $pass2fa_login,
62
- 'mo_2_factor_pass2login_show_wp_login_form'
63
- ), 10 );
64
-
65
- if ( get_option( 'mo2f_remember_device' ) ) {
66
- add_action( 'login_footer', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ) );
67
- add_action( 'woocommerce_before_customer_login_form', array(
68
- $pass2fa_login,
69
- 'miniorange_pass2login_footer_form'
70
- ) );
71
- }
72
- add_action( 'login_enqueue_scripts', array(
73
- $pass2fa_login,
74
- 'mo_2_factor_enable_jquery_default_login'
75
- ) );
76
-
77
- if(get_site_option('mo2f_woocommerce_login_prompt')){
78
- add_action( 'woocommerce_login_form', array(
79
- $pass2fa_login,
80
- 'mo_2_factor_pass2login_show_wp_login_form'
81
- ) );
82
- }
83
- else if(!get_site_option('mo2f_woocommerce_login_prompt') && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option') ) {
84
- add_action('woocommerce_login_form_end' ,array(
85
- $pass2fa_login,
86
- 'mo_2_factor_pass2login_woocommerce'
87
- ) );
88
- }
89
- add_action( 'wp_enqueue_scripts', array(
90
- $pass2fa_login,
91
- 'mo_2_factor_enable_jquery_default_login'
92
- ) );
93
-
94
- //Actions for other plugins to use miniOrange 2FA plugin
95
- add_action( 'miniorange_pre_authenticate_user_login', array(
96
- $pass2fa_login,
97
- 'mo2f_check_username_password'
98
- ), 1, 4 );
99
- add_action( 'miniorange_post_authenticate_user_login', array(
100
- $pass2fa_login,
101
- 'miniorange_initiate_2nd_factor'
102
- ), 1, 3 );
103
- add_action( 'miniorange_collect_attributes_for_authenticated_user', array(
104
- $pass2fa_login,
105
- 'mo2f_collect_device_attributes_for_authenticated_user'
106
- ), 1, 2 );
107
-
108
- }
109
-
110
- } else { //login with phone enabled
111
-
112
- if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
113
-
114
- $mobile_login = new Miniorange_Mobile_Login();
115
- add_action( 'login_form', array( $mobile_login, 'miniorange_login_form_fields' ), 99999,10 );
116
- add_action( 'login_footer', array( $mobile_login, 'miniorange_login_footer_form' ) );
117
-
118
- remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
119
- add_filter( 'authenticate', array( $mobile_login, 'mo2fa_default_login' ), 99999, 3 );
120
- add_action( 'login_enqueue_scripts', array( $mobile_login, 'custom_login_enqueue_scripts' ) );
121
- }
122
- }
123
- }
124
- }
125
-
126
- function define_global() {
127
- global $Mo2fdbQueries;
128
- $Mo2fdbQueries = new Mo2fDB();
129
- }
130
-
131
- function mo2f_delete_user($user_id){
132
- global $Mo2fdbQueries;
133
- delete_user_meta($user_id,'mo2f_kba_challenge');
134
- delete_user_meta($user_id,'mo2f_2FA_method_to_configure');
135
- delete_user_meta($user_id,'Security Questions');
136
- delete_user_meta($user_id,'mo2f_chat_id');
137
- $Mo2fdbQueries->delete_user_details( $user_id);
138
- delete_user_meta($user_id,'mo2f_2FA_method_to_test');
139
- }
140
-
141
- function mo2f_update_db_check() {
142
-
143
- $userid = wp_get_current_user()->ID;
144
- add_option('mo2f_onprem_admin' , $userid );
145
- if(is_multisite()){
146
- add_site_option('mo2fa_superadmin',1);
147
- }
148
- // Deciding on On-Premise solution
149
- $is_NC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
150
- $is_NNC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
151
- // Old users
152
- if ( get_option( 'mo2f_customerKey' ) && ! $is_NC )
153
- add_option( 'is_onprem', 0 );
154
-
155
- //new users using cloud
156
- if(get_option( 'mo2f_customerKey' ) && $is_NC && $is_NNC)
157
- add_option( 'is_onprem', 0 );
158
-
159
- if(get_option( 'mo2f_app_secret' ) && $is_NC && $is_NNC){
160
- add_option( 'is_onprem', 0 );
161
- }else{
162
- add_option( 'is_onprem', 1 );
163
-
164
- }
165
- if(get_option('mo2f_network_features',"not_exits")=="not_exits"){
166
- do_action('mo2f_network_create_db');
167
- update_option('mo2f_network_features',1);
168
- }
169
- if(get_option('mo2f_encryption_key',"not_exits")=="not_exits"){
170
- $get_encryption_key = MO2f_Utility::random_str(16);
171
- update_option('mo2f_encryption_key',$get_encryption_key);
172
-
173
- }
174
- global $Mo2fdbQueries;
175
- $user_id = get_option( 'mo2f_miniorange_admin' );
176
- $current_db_version = get_option( 'mo2f_dbversion' );
177
-
178
- if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
179
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
180
- $Mo2fdbQueries->generate_tables();
181
-
182
- }
183
- if(MO2F_IS_ONPREM){
184
- $twofactordb = new Mo2fDB;
185
- $userSync = get_site_option('mo2f_user_sync');
186
- if($userSync<1){
187
- update_site_option('mo2f_user_sync',1);
188
- $twofactordb->get_all_onprem_userids();
189
- }
190
- }
191
-
192
- if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
193
-
194
- if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option')) {
195
- update_option( 'mo2f_is_NC', 0 );
196
- }
197
-
198
- $check_if_user_column_exists = false;
199
-
200
- if ( $user_id && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
201
- $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
202
- if ( $does_table_exist ) {
203
- $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
204
- }
205
- if ( ! $check_if_user_column_exists ) {
206
- $Mo2fdbQueries->generate_tables();
207
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
208
-
209
- add_option( 'mo2f_phone', get_option( 'user_phone' ) );
210
- add_option( 'mo2f_enable_login_with_2nd_factor', get_option( 'mo2f_show_loginwith_phone' ) );
211
- add_option( 'mo2f_remember_device', get_option( 'mo2f_deviceid_enabled' ) );
212
- add_option( 'mo2f_transactionId', get_option( 'mo2f-login-transactionId' ) );
213
- add_option( 'mo2f_is_NC', 0 );
214
- $phone = get_user_meta( $user_id, 'mo2f_user_phone', true );
215
- $user_phone = $phone ? $phone : get_user_meta( $user_id, 'mo2f_phone', true );
216
-
217
- $Mo2fdbQueries->update_user_details( $user_id,
218
- array(
219
- 'mo2f_GoogleAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_google_authentication_status', true ),
220
- 'mo2f_SecurityQuestions_config_status' => get_user_meta( $user_id, 'mo2f_kba_registration_status', true ),
221
- 'mo2f_EmailVerification_config_status' => true,
222
- 'mo2f_AuthyAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_authy_authentication_status', true ),
223
- 'mo2f_user_email' => get_user_meta( $user_id, 'mo_2factor_map_id_with_email', true ),
224
- 'mo2f_user_phone' => $user_phone,
225
- 'user_registration_with_miniorange' => get_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange', true ),
226
- 'mobile_registration_status' => get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ),
227
- 'mo2f_configured_2FA_method' => get_user_meta( $user_id, 'mo2f_selected_2factor_method', true ),
228
- 'mo_2factor_user_registration_status' => get_user_meta( $user_id, 'mo_2factor_user_registration_status', true )
229
- ) );
230
-
231
- if ( get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ) ) {
232
- $Mo2fdbQueries->update_user_details( $user_id,
233
- array(
234
- 'mo2f_miniOrangeSoftToken_config_status' => true,
235
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
236
- 'mo2f_miniOrangePushNotification_config_status' => true
237
- ) );
238
- }
239
-
240
- if ( get_user_meta( $user_id, 'mo2f_otp_registration_status', true ) ) {
241
- $Mo2fdbQueries->update_user_details( $user_id,
242
- array(
243
- 'mo2f_OTPOverSMS_config_status' => true
244
- ) );
245
- }
246
-
247
- $mo2f_external_app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true ) == 'AUTHY 2-FACTOR AUTHENTICATION' ?
248
- 'Authy Authenticator' : 'Google Authenticator';
249
-
250
- update_user_meta( $user_id, 'mo2f_external_app_type', $mo2f_external_app_type );
251
-
252
- delete_option( 'mo2f_show_loginwith_phone' );
253
- delete_option( 'mo2f_deviceid_enabled' );
254
- delete_option( 'mo2f-login-transactionId' );
255
- delete_user_meta( $user_id, 'mo2f_google_authentication_status' );
256
- delete_user_meta( $user_id, 'mo2f_kba_registration_status' );
257
- delete_user_meta( $user_id, 'mo2f_email_verification_status' );
258
- delete_user_meta( $user_id, 'mo2f_authy_authentication_status' );
259
- delete_user_meta( $user_id, 'mo_2factor_map_id_with_email' );
260
- delete_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange' );
261
- delete_user_meta( $user_id, 'mo2f_mobile_registration_status' );
262
- delete_user_meta( $user_id, 'mo2f_otp_registration_status' );
263
- delete_user_meta( $user_id, 'mo2f_selected_2factor_method' );
264
- delete_user_meta( $user_id, 'mo2f_configure_test_option' );
265
- delete_user_meta( $user_id, 'mo_2factor_user_registration_status' );
266
-
267
- update_option( 'mo2f_existing_user_values_updated', 1 );
268
-
269
- }
270
- }
271
- }
272
-
273
- if ( $user_id && ! get_option( 'mo2f_login_option_updated' ) ) {
274
-
275
- $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
276
- if ( $does_table_exist ) {
277
- $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
278
- if ( $check_if_user_column_exists ) {
279
- $selected_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
280
-
281
- update_option( 'mo2f_login_option_updated', 1 );
282
- }
283
- }
284
-
285
- }
286
-
287
-
288
- }
289
-
290
-
291
- function feedback_request() {
292
- display_feedback_form();
293
- }
294
- public function disable_admin_bar() {
295
-
296
- global $wp_admin_bar;
297
- $wp_admin_bar = ''; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
298
- }
299
- function get_customer_SMS_transactions() {
300
-
301
- if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && MoWpnsUtility::get_mo2f_db_option('mo2f_show_sms_transaction_message', 'get_option') ) {
302
- if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
303
- $customer = new Customer_Setup();
304
-
305
- $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
306
-
307
- update_option( 'mo2f_set_transactions', 1 );
308
- if ( ! array_key_exists( 'smsRemaining', $content ) ) {
309
- $smsRemaining = 0;
310
- } else {
311
- $smsRemaining = $content['smsRemaining'];
312
-
313
- if ( $smsRemaining == null ) {
314
- $smsRemaining = 0;
315
- }
316
- }
317
- update_option( 'mo2f_number_of_transactions', $smsRemaining );
318
- } else {
319
- $smsRemaining = MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option');
320
- }
321
-
322
- $this->display_customer_transactions( $smsRemaining );
323
- }
324
- }
325
-
326
- function display_customer_transactions( $content ) {
327
- echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>' . mo2f_lt( 'miniOrange 2-Factor Plugin:' ) . '</b> ' . mo2f_lt( 'You have' ) . ' <b style="color:red">' . $content . ' ' . mo2f_lt( 'SMS transactions' ) . ' </b>' . mo2f_lt( 'remaining' ) . '<input type="submit" name="submit" value="' . mo2f_lt( 'Check Transactions' ) . ' " class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
328
- }
329
-
330
- function prompt_user_to_setup_two_factor() {
331
- global $Mo2fdbQueries;
332
- $user = wp_get_current_user();
333
- $selected_2_Factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
334
- if ( $selected_2_Factor_method == 'NONE' ) {
335
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option') || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
336
- echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
337
- '<a href="admin.php?page=mo_2fa_two_fa">' . mo2f_lt( ' Click here' ) . '</a>' . mo2f_lt( ' to set it up.' ) .
338
- '<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
339
- }
340
- }
341
- }
342
-
343
-
344
- function mo_auth_success_message() {
345
- $message = get_option( 'mo2f_message' ); ?>
346
- <script>
347
- jQuery(document).ready(function () {
348
- var message = "<?php echo $message; ?>";
349
- jQuery('#messages').append("<div style='padding:5px;'><div class='error notice is-dismissible mo2f_error_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 99999;background-color: bisque;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
350
- });
351
- </script>
352
- <?php
353
- }
354
-
355
- function mo_auth_error_message() {
356
- $message = get_option( 'mo2f_message' ); ?>
357
-
358
- <script>
359
- jQuery(document).ready(function () {
360
- var message = "<?php echo $message; ?>";
361
- jQuery('#messages').append("<div style='padding:5px;'><div class='updated notice is-dismissible mo2f_success_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 9999;background-color: #bcffb4;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
362
- });
363
- </script>
364
- <?php
365
-
366
- }
367
-
368
- function miniorange_auth_menu() {
369
- global $user;
370
- $user = wp_get_current_user();
371
- $roles = $user->roles;
372
- $miniorange_role = array_shift( $roles );
373
-
374
- $is_plugin_activated = MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option');
375
- $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $user->ID ? true : false;
376
- $is_2fa_enabled_for_users = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option');
377
- $can_current_user_manage_options = current_user_can( 'manage_options' );
378
- $admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
379
- ? true : false;
380
-
381
- if(MO2F_IS_ONPREM)
382
- {
383
- $can_current_user_manage_options = true; // changes by prdp
384
- $is_customer_admin = true;
385
- }
386
- if ( $admin_registration_status ) {
387
- if ( $can_current_user_manage_options && $is_customer_admin ) {
388
- $mo2fa_hook_page = $this->hookpages();
389
- }
390
- } else if ( $can_current_user_manage_options ) {
391
- $mo2fa_hook_page = $this->hookpages();
392
- }
393
-
394
-
395
- }
396
-
397
- function hookpages() {
398
- $url = explode('handler',plugin_dir_url(__FILE__));
399
- if(get_site_option('mo2f_enable_custom_icon')!=1)
400
- $iconurl = $url[0] . '/includes/images/miniorange_icon.png';
401
- else
402
- $iconurl = site_url(). '/wp-content/uploads/miniorange/plugin_icon.png';
403
- $menu_slug = 'miniOrange_2_factor_settings';
404
- add_menu_page( 'miniOrange 2 Factor Auth', MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
405
- }
406
-
407
- function mo_auth_login_options() {
408
- global $user;
409
- $user = wp_get_current_user();
410
- update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
411
- mo_2_factor_register( $user );
412
- }
413
-
414
- function mo_2_factor_enable_frontend_style() {
415
- wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url( 'includes/css/front_end_login.css?version='.MO2F_VERSION.'', __FILE__ ) );
416
- wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
417
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
418
- wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
419
- wp_enqueue_style( 'mo2f_login_popup_style', plugins_url( "includes/css/mo2f_login_popup_ui.css?version=".MO2F_VERSION."", __FILE__ ) );
420
- }
421
-
422
- function plugin_settings_style( $mo2fa_hook_page ) {
423
-
424
- if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
425
- return;
426
- }
427
-
428
- wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url( 'includes/css/style_settings.css?version='.MO2F_VERSION.'', __FILE__ ) );
429
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
430
- wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
431
- wp_enqueue_style( 'bootstrap_style_ass', plugins_url( 'includes/css/bootstrap-tour-standalone.css?version='.MO2F_VERSION.'', __FILE__ ) );
432
- wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
433
- wp_enqueue_style( 'mo2f_ns_admin_settings_datatable_style', plugins_url('includes/css/jquery.dataTables.min.css', __FILE__));
434
- }
435
-
436
- function plugin_settings_script( $mo2fa_hook_page ) {
437
- if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
438
- return;
439
- }
440
- wp_enqueue_script( 'jquery' );
441
- wp_enqueue_script( 'mo_2_factor_admin_settings_phone_script', plugins_url( 'includes/js/phone.js', __FILE__ ) );
442
- wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', __FILE__ ) );
443
- wp_enqueue_script( 'bootstrap_script_hehe', plugins_url( 'includes/js/bootstrap-tour-standalone.min.js', __FILE__ ) );
444
- wp_enqueue_script( 'mo2f_ns_admin_datatable_script', plugins_url('includes/js/jquery.dataTables.min.js', __FILE__ ), array('jquery'));
445
-
446
- }
447
- public function setup_wizard_header() {
448
- ?>
449
- <!DOCTYPE html>
450
- <html <?php language_attributes(); ?>>
451
- <head>
452
- <meta name="viewport" content="width=device-width"/>
453
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
454
- <title><?php esc_html_e( 'miniOrange 2-factor Setup Wizard', 'miniorange 2-factor-authentication' ); ?></title>
455
- <?php do_action( 'admin_print_styles' ); ?>
456
- <?php do_action( 'admin_print_scripts' ); ?>
457
- <?php do_action( 'admin_head' ); ?>
458
- </head>
459
- <body class="mo2f-setup-setup-wizard">
460
- <?php
461
- }
462
-
463
- /**
464
- * Outputs the content of the current step.
465
- *
466
- * @since 2.6.0
467
- */
468
-
469
- private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $footer = '' ) {
470
-
471
- $contact_url = 'https://wordpress.org/plugins/miniorange-2-factor-authentication/';
472
- echo '<head>';
473
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
474
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
475
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/js/phone.js", dirname(dirname(__FILE__ ))).'"></script>';
476
-
477
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
478
- // echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/twofa_style_settings.css', dirname(dirname(__FILE__))). '" />';
479
- // echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
480
-
481
-
482
- echo '</head>';
483
-
484
-
485
- ?>
486
- <style type="text/css">
487
- #mo2f-setup-wizard-settings-area {
488
- visibility: hidden;
489
- animation: loadWpMOTFASettingsNoJSView 0s 2s forwards;
490
- }
491
-
492
- @keyframes loadWpMOTFASettingsNoJSView{
493
- to { visibility: visible; }
494
- }
495
-
496
- body {
497
- background: #F1F1F1;
498
- font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
499
- margin: 0;
500
- }
501
-
502
- #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header {
503
- text-align: center;
504
- border-top: 4px solid #E27730;
505
- }
506
-
507
- #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header h1 {
508
- margin: 0;
509
- }
510
-
511
- #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
512
- display: inline-block;
513
- width: 320px;
514
- margin-top: 10px;
515
- padding: 0 10px;
516
- }
517
-
518
-
519
- #mo2f-setup-wizard-settings-area .mo2f-setup-logo img {
520
- width: 100%;
521
- height: 100%;
522
- }
523
-
524
- #mo2f-setup-settings-error-loading-area {
525
- box-sizing: border-box;
526
- max-width: 90%;
527
- width: auto;
528
- margin: 0 auto;
529
- background: #fff;
530
- border: 1px solid #DDDDDD;
531
- border-radius: 6px;
532
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
533
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
534
- padding: 20px 30px;
535
- }
536
- #mo2f-setup-settings-error-loading-area2 {
537
- box-sizing: border-box;
538
- max-width: 90%;
539
- width: auto;
540
- margin: 0 auto;
541
- background: #fff;
542
- border: 1px solid #DDDDDD;
543
- border-radius: 6px;
544
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
545
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
546
- padding: 20px 30px;
547
- }
548
- #mo2f-setup-settings-error-loading-area3 {
549
- box-sizing: border-box;
550
- max-width: 90%;
551
- width: auto;
552
- margin: 0 auto;
553
- background: #fff;
554
- border: 1px solid #DDDDDD;
555
- border-radius: 6px;
556
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
557
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
558
- padding: 20px 30px;
559
- }
560
- #mo2f-setup-settings-error-loading-area4 {
561
- box-sizing: border-box;
562
- max-width: 90%;
563
- width: auto;
564
- margin: 0 auto;
565
- background: #fff;
566
- border: 1px solid #DDDDDD;
567
- border-radius: 6px;
568
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
569
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
570
- padding: 20px 30px;
571
- }
572
- #mo2f-setup-settings-error-loading-area1 {
573
- box-sizing: border-box;
574
- max-width: 90%;
575
- width: auto;
576
- margin: 0 auto;
577
- background: #fff;
578
- border: 1px solid #DDDDDD;
579
- border-radius: 6px;
580
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
581
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
582
- padding: 20px 30px;
583
- }
584
- #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
585
- text-align: center;
586
- margin-top: 20px;
587
- font-size: 14px;
588
- }
589
-
590
- #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer a {
591
- color: #999999;
592
- }
593
-
594
- #mo2f-setup-error-js h3 {
595
- font-size: 24px;
596
- font-weight: 500;
597
- line-height: 23px;
598
- margin: 0 0 15px;
599
- color: #444444;
600
- }
601
-
602
- #mo2f-setup-error-js p.info,
603
- #mo2f-setup-error-js ul.info {
604
- color: #777777;
605
- font-size: 16px;
606
- line-height: 23px;
607
- margin: 0 0 10px;
608
- }
609
-
610
- #mo2f-setup-error-js ul.info {
611
- margin: -10px 0 20px;
612
- }
613
- .mo2f-input-radios-with-icons label {
614
- width: 90%;
615
- height: 40px;
616
- color: #444;
617
- border: 1px solid #ddd;
618
- background: #fff;
619
- border-radius: 3px;
620
- font-size: 16px;
621
- display: block;
622
- margin-bottom: 20px;
623
- padding: 24px 9px 9px 9px;
624
- cursor: pointer
625
- }
626
-
627
- .mo2f-input-radios-with-icons label:hover {
628
- border: 1px solid #999;
629
- -webkit-box-shadow: 0 0 0 1px #999;
630
- box-shadow: 0 0 0 1px #999
631
- }
632
-
633
- .mo2f-styled-radio {
634
- width: 32px;
635
- height: 32px;
636
- position: relative;
637
- display: inline-block;
638
- border-radius: 50%;
639
- background-color: #e6e6e6
640
- float: left;
641
- margin-top: -4px;
642
- }
643
- .mo_wpns_table_textbox {
644
- width:100%;
645
- height:30px;
646
- }
647
-
648
- #mo2f-setup-error-js a.button {
649
- display: inline-block;
650
- background-color: #E27730;
651
- color: #ffffff;
652
- line-height: 22px;
653
- font-size: 16px;
654
- padding: 14px 30px;
655
- font-weight: 500;
656
- border-radius: 3px;
657
- border: none;
658
- cursor: pointer;
659
- text-decoration: none;
660
- margin-top: 7px;
661
- }
662
-
663
- #mo2f-setup-error-js a.button:hover {
664
- background-color: #c45e1b;
665
- }
666
-
667
- #mo2f-setup-error-js .medium-bold {
668
- font-weight: 500;
669
- }
670
-
671
- #mo2f-setup-nojs-error-message > div {
672
- border: 1px solid #DDDDDD;
673
- border-left: 4px solid #DC3232;
674
- color: #777777;
675
- font-size: 14px;
676
- padding: 18px 18px 18px 21px;
677
- font-weight: 300;
678
- text-align: left;
679
- }
680
- table {
681
- table-layout: fixed ;
682
- width: 100% ;
683
- }
684
- td {
685
- width: 48% ;
686
- }
687
- @media (min-width: 782px) {
688
- #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
689
- margin-top: 50px;
690
- padding: 0;
691
- }
692
-
693
- #mo2f-setup-settings-error-loading-area {
694
- width: 650px;
695
- margin-top: 40px;
696
- padding: 52px 67px 49px;
697
- }
698
- #mo2f-setup-settings-error-loading-area1 {
699
- width: 650px;
700
- margin-top: 40px;
701
- padding: 52px 67px 49px;
702
- }
703
- #mo2f-setup-settings-error-loading-area2 {
704
- width: 650px;
705
- margin-top: 40px;
706
- padding: 52px 67px 49px;
707
- }
708
- #mo2f-setup-settings-error-loading-area3 {
709
- width: 650px;
710
- margin-top: 40px;
711
- padding: 52px 67px 49px;
712
- }
713
- #mo2f-setup-settings-error-loading-area4 {
714
- width: 650px;
715
- margin-top: 40px;
716
- padding: 52px 67px 49px;
717
- }
718
- .mo2f-styled-radio {
719
- width: 32px;
720
- height: 32px;
721
- position: relative;
722
- display: inline-block;
723
- border-radius: 50%;
724
- background-color: #e6e6e6;
725
- float: left;
726
- margin-top: -4px;
727
- }
728
-
729
- #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
730
- margin-top: 50px;
731
- }
732
-
733
- #mo2f-setup-error-js p.info {
734
- margin: 0 0 20px;
735
- }
736
- .mo2f-setup-button.mo2f-setup-button-large {
737
- line-height: 22px;
738
- font-size: 18px;
739
- padding: 19px 39px
740
- }
741
- .mo2f-setup-button.mo2f-setup-button-large {
742
- line-height: 22px;
743
- font-size: 18px;
744
- padding: 19px 39px;
745
- }
746
- .mo2f-styled-radio-text {
747
- margin-left: 10px
748
- }
749
- .mo2f-setup-button.mo2f-setup-button-main:hover {
750
- background-color: #c45e1b;
751
- }
752
- .mo2f-setup-button.mo2f-setup-button-main {
753
- background-color: #e27730;
754
- color: #fff;
755
- font-weight: 500;
756
- }
757
- .mo2f-setup-wizard-timeline {
758
- -webkit-box-align: center;
759
- -ms-flex-align: center;
760
- align-items: center;
761
- display: -webkit-box;
762
- display: -ms-flexbox;
763
- display: flex;
764
- margin: 41px auto 0;
765
- max-width: 650px;
766
- padding: 0 20px
767
- }
768
-
769
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line {
770
- background: #ddd;
771
- height: 2px;
772
- margin: 0 6px;
773
- width: 100%
774
- }
775
-
776
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line.mo2f-setup-wizard-timeline-line-active {
777
- background: #6aa08b
778
- }
779
-
780
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step {
781
- border: none;
782
- background-color: #b6b6b6;
783
- border-radius: 50%;
784
- -ms-flex-negative: 0;
785
- flex-shrink: 0;
786
- height: 16px;
787
- width: 16px
788
- }
789
-
790
- .mo2f-setup-wizard-step-footer {
791
- display: block;
792
- text-align: center;
793
- min-height: 110px;
794
- padding: 0 20px;
795
- margin-top: 30px
796
- }
797
- .popup_text
798
- {
799
- color:black;
800
- margin-top: 2%;
801
- font-weight: 600;
802
- font-size: 12px !important;
803
- }
804
- .overlay{
805
- position: fixed;
806
- top: 0;
807
- left: 0;
808
- right: 0;
809
- bottom: 0;
810
- width: 100%;
811
- height: 100%;
812
- background: #000;
813
- opacity: .5;
814
- z-index: 0;
815
- }
816
- .overlay_success {
817
- width: min-content;
818
- height: 40px;
819
- float: left;
820
- z-index: 1;
821
- top: 0;
822
- right: 0;
823
- text-align: center;
824
- margin-bottom: 4%
825
- background-color:#bcffb4 !important ;
826
- /* overflow-x: hidden; */
827
- background: #b1ffb1;
828
- border-left: 4px solid #46b450;
829
- }
830
- .overlay_error {
831
- width: min-content;
832
- height: min-content;
833
- padding-bottom: 1%;
834
- float: left;
835
- z-index: 1;
836
- top: 0;
837
- right: 0;
838
- margin-bottom: 4%;
839
- text-align: center;
840
- background-color:bisque !important ;
841
- /* overflow-x: hidden; */
842
- border-left: 4px solid red;
843
- }
844
-
845
- .mo2f-setup-wizard-step-footer a {
846
- font-size: 14px;
847
- display: block;
848
- color: #999;
849
- margin: 20px 0
850
- }
851
-
852
- .mo2f-setup-wizard-step-footer a:active,
853
- .mo2f-setup-wizard-step-footer a:hover {
854
- color: #777;
855
- text-decoration: underline
856
- }
857
-
858
-
859
- .mo2f-button.mo2f-button-main {
860
- background-color: #e27730;
861
- color: #fff;
862
- font-weight: 500;
863
- -webkit-box-flex: 11;
864
- -ms-flex: 11;
865
- flex: 11;
866
- padding: 12px 25px;
867
- font-size: 16px;
868
- }
869
-
870
- .mo2f-button.mo2f-button-main:focus,
871
- .mo2f-button.mo2f-button-main:hover {
872
- background-color: #c45e1b
873
- }
874
-
875
- .mo2f-button.mo2f-button-main:disabled {
876
- opacity: .65;
877
- cursor: not-allowed;
878
- background-color: #e27730;
879
- -webkit-box-flex: 11;
880
- -ms-flex: 11;
881
- flex: 11;
882
- margin-right: 30px
883
- }
884
-
885
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step .icon {
886
- display: none
887
- }
888
-
889
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-active,
890
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed {
891
- background-color: #6aa08b;
892
- position: relative
893
- }
894
-
895
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed {
896
- background-color: #d83638;
897
- position: relative
898
- }
899
-
900
- .mo2f-step-show{
901
- margin: 0 0 16px;
902
- font-size: 14px;
903
- line-height: 18px;
904
- color: #b6b6b6;
905
- }
906
- .mo2f_table_textbox {
907
- width: 200px;
908
- height: 20px !important;
909
- font-size: 14px !important;
910
- }
911
- .mo2f_table_textbox_phone {
912
- width: 200px;
913
- height: 40px !important;
914
- font-size: 14px !important;
915
- }
916
- .mo2f_kba_ques {
917
- width: 394px !important;
918
- border-radius: 4px !important;
919
- height: 40px !important;
920
- font-size: 14px !important;
921
- }
922
-
923
- .mo2f_kba_tb_data {
924
- padding-left: 15px;
925
- }
926
-
927
- .mo2f_kba_table {
928
- padding: 0 10px;
929
- width: 100%;
930
- }
931
- .mo2f_kba_body {
932
- border: hidden !important;
933
- }
934
-
935
-
936
- .mo2f_table_textbox_KBA {
937
- width: 200px;
938
- height: 40px !important;
939
- font-size: 14px !important;
940
- }
941
-
942
-
943
- .mo2f_kba_header {
944
- font-weight: bold;
945
- }
946
-
947
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed .icon-success,
948
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed .icon-failed {
949
- color: #fff;
950
- display: block;
951
- position: absolute;
952
- left: 3px;
953
- top: 3px
954
- }
955
- .mo2f-setup-wizard-step-footer {
956
- display: -webkit-box;
957
- display: -ms-flexbox;
958
- display: flex;
959
- -webkit-box-pack: justify;
960
- -ms-flex-pack: justify;
961
- justify-content: space-between;
962
- -webkit-box-align: center;
963
- -ms-flex-align: center;
964
- align-items: center;
965
- padding: 0;
966
- margin-top: 0
967
- }
968
- .mo2f_blur {
969
- filter: blur(5px);
970
- -webkit-filter: blur(5px);
971
- -moz-filter: blur(5px);
972
- -o-filter: blur(5px);
973
- -ms-filter: blur(5px);
974
- }
975
- .mo2f_loader {
976
- border: 16px solid #b9acac;
977
- border-radius: 50%;
978
- border-top: 16px solid #fb540b;
979
- width: 50px;
980
- height: 50px;
981
- -webkit-animation: spin 2s linear infinite; /* Safari */
982
- animation: spin 2s linear infinite;
983
- position: fixed;
984
- left: 50%;
985
- top: 50%;
986
- z-index: 100;
987
- }
988
-
989
- /* Safari */
990
- @-webkit-keyframes spin {
991
- 0% { -webkit-transform: rotate(0deg); }
992
- 100% { -webkit-transform: rotate(360deg); }
993
- }
994
-
995
- @keyframes spin {
996
- 0% { transform: rotate(0deg); }
997
- 100% { transform: rotate(360deg); }
998
- }
999
- .mo2f-setup-wizard-step-footer-buttons {
1000
- margin-bottom: 0;
1001
- }
1002
- .mo2f-setup-wizard-step-footer-buttons button {
1003
- margin-bottom: 0;
1004
- margin-right: 15px;
1005
- width: inherit
1006
- }
1007
- .miniorange_button
1008
- {
1009
- background:#00A0D2!important;
1010
- border-color:#0073AA!important;
1011
- box-shadow:0 1px 0 rgba(120,200,230,.5) inset,0 1px 0 rgba(0,0,0,.15)!important;
1012
- color:#FFF!important;
1013
- text-decoration:none!important;
1014
- cursor:pointer!important;
1015
- border-width:1px!important;
1016
- border-style:solid!important;
1017
- border-radius:3px!important;
1018
- white-space:nowrap!important;
1019
- box-sizing:border-box!important;
1020
- line-height:28px!important;
1021
- padding:0 12px!important;
1022
- font-size:13px!important;
1023
- }
1024
-
1025
-
1026
- .mo2f_IR_phone_OTP{
1027
- font-size:15px;
1028
- width:150px !important;
1029
- color:#212F3C;
1030
- border:none;
1031
- display:block;
1032
- border-bottom-style: solid;
1033
- border-width: 2px;
1034
- border-color:#D0D3D4;
1035
- border-radius:0px;
1036
- outline:none;
1037
- padding:5px;
1038
-
1039
- }
1040
- .mo2f-setup-wizard-step-footer-buttons button:last-child {
1041
- margin-right: 0
1042
- }
1043
- a .text-with-arrow-left .icon {
1044
- margin-right: 10px
1045
- }
1046
-
1047
- a .text-with-arrow {
1048
- display: -webkit-box;
1049
- display: -ms-flexbox;
1050
- display: flex;
1051
- -webkit-box-pack: center;
1052
- -ms-flex-pack: center;
1053
- justify-content: center
1054
- }
1055
-
1056
- }
1057
- </style>
1058
- <!--[if IE]>
1059
- <style>
1060
- #mo2f-setup-wizard-settings-area{
1061
- visibility: visible !important;
1062
- }
1063
- </style>
1064
-
1065
- <![endif]-->
1066
- <div class="mo2f_loader" id="mo2f_loader" style="display: none;"></div>
1067
-
1068
- <div id="mo2f-setup-wizard-settings-area" class="mo2f-setup-wizard-settings-area wpms-container">
1069
- <header class="mo2f-setup-wizard-header">
1070
- <h1 >
1071
- <div>
1072
- <img width="70px" height="auto" src="<?php echo plugin_dir_url(dirname(dirname(__FILE__))) . 'includes/images/miniorange_logo.png'; ?>" alt="<?php esc_attr_e( 'miniOrange 2-factor Logo', 'miniorange-2-factor-authentication' ); ?>" >
1073
- <p> miniOrange 2-factor authentication Setup</p>
1074
- </div>
1075
- </h1>
1076
- </header>
1077
- <div id="mo2f-setup-settings-error-loading-area-container">
1078
- <div id="mo2f-setup-settings-error-loading-area">
1079
- <div>
1080
- <div id="mo2f-setup-error-js">
1081
- <h3 style="text-align:center;font-size:xx-large;"> Welcome to the 2FA Setup Wizard! </h3>
1082
- <br>
1083
- <p class="subtitle" style="text-align:center;" > This setup guide will take you through all the steps you need to follow to enable the two-factor authentication for your website.</p>
1084
-
1085
- <br><br>
1086
- <button type="button" style="text-align:center;display: flex;margin: auto;" class="mo2f-setup-button mo2f-setup-button-main mo2f-setup-button-large" id ='mo2f_get_started' target="_blank" class="button" rel="noopener noreferrer"> <?php esc_html_e("Let's Get Started", 'mo2f-setup'); ?></button>
1087
-
1088
- <br><br><br>
1089
- <div style="text-align:center;display: flex;margin: auto;flex-direction: column;">
1090
- <a href="<?php echo esc_url( $contact_url ); ?>" target="_blank" rel="noopener noreferrer">
1091
- <?php esc_html_e( 'Facing issues? Contact Us', 'mo2f-setup' ); ?>
1092
- </a>
1093
- </div>
1094
- </div>
1095
- </div>
1096
- </div>
1097
- <div class="mo2f-setup-error-footer">
1098
- <?php echo wp_kses_post( $footer ); ?>
1099
- </div>
1100
- </div>
1101
- <div id = "mo2f_methods_setup_wizard">
1102
- <div class="mo2f-setup-wizard-timeline">
1103
-
1104
- <div class="mo2f-setup-wizard-timeline-step mo2f-setup-wizard-timeline-step-active" id="mo2f-setup-wizard-step1"></div>
1105
- <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line1"></div>
1106
- <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step2"> </div>
1107
- <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line2"></div>
1108
- <div class="mo2f-setup-wizard-timeline-step"id="mo2f-setup-wizard-step3"> </div>
1109
- <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line3"></div>
1110
- <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step4"> </div>
1111
-
1112
- </div>
1113
- <div id="mo2f-setup-settings-error-loading-area1" style="width: 900px">
1114
-
1115
- <p class="mo2f-step-show"> Step 1 of 4</p>
1116
- <h3 style="text-align:center;font-size:xx-large;"> Select the Authentication method you want to configure </h3>
1117
- <br>
1118
- <div class="mo2f-input-radios-with-icons">
1119
- <table>
1120
- <tr>
1121
- <td>
1122
- <label title="<?php echo __('You have to enter 6 digits code generated by google Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1123
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1124
- <span class="mo2f-styled-radio-text"> Google Authenticator</span>
1125
- </label>
1126
- </td>
1127
- <td>
1128
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
1129
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over SMS" />
1130
- <span class="mo2f-styled-radio-text">
1131
- <?php echo __('OTP Over SMS (Registration required)', 'miniorange-2-factor-authentication'); ?>
1132
- </span>
1133
- </label></td>
1134
- </tr>
1135
- <tr>
1136
- <td>
1137
-
1138
- <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
1139
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Email" />
1140
- <span class="mo2f-styled-radio-text">
1141
- <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
1142
- </span>
1143
- </label>
1144
- </td>
1145
-
1146
- <td>
1147
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
1148
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Security Questions" />
1149
- <span class="mo2f-styled-radio-text">
1150
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
1151
- </span>
1152
- </label>
1153
- </td>
1154
- </tr>
1155
- <tr>
1156
- <td>
1157
-
1158
- <label title="<?php echo __('You have to enter 6 digits code generated by Microsoft Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1159
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1160
- <span class="mo2f-styled-radio-text">
1161
- <?php echo __('Microsoft Authenticator', 'miniorange-2-factor-authentication'); ?>
1162
- </span>
1163
- </label>
1164
- </td>
1165
- <td>
1166
- <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1167
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1168
- <span class="mo2f-styled-radio-text">
1169
- <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
1170
- </span>
1171
- </label>
1172
- </td></tr>
1173
- <tr><td>
1174
-
1175
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1176
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Duo Authenticator" />
1177
- <span class="mo2f-styled-radio-text">
1178
- <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
1179
- </span>
1180
- </label>
1181
- </td>
1182
- <td>
1183
- <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
1184
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Telegram" />
1185
- <span class="mo2f-styled-radio-text">
1186
- <?php echo __('OTP Over Telegram', 'miniorange-2-factor-authentication'); ?>
1187
- </span>
1188
- </label>
1189
- </td>
1190
- </table>
1191
- </div>
1192
-
1193
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>>>
1194
- <br />
1195
-
1196
-
1197
- <div class="mo2f-setup-wizard-step-footer">
1198
- <a href="#previousStep1"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1199
- <div class="mo2f-setup-wizard-step-footer-buttons">
1200
- <input type="button" name="mo2f_next_step1" id="mo2f_next_step1" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1201
-
1202
- </div>
1203
- </div>
1204
- </div>
1205
-
1206
-
1207
-
1208
-
1209
-
1210
- <div id="mo2f-setup-settings-error-loading-area2" style="width: 900px; display: none;">
1211
- <p class="mo2f-step-show"> Step 2 of 4</p>
1212
-
1213
- <h3 style="text-align:center;font-size: xx-large;"> Register with miniOrange </h3>
1214
-
1215
- <form name="f" id="mo2f_registration_form" method="post" action="">
1216
- <input type="hidden" name="option" value="mo_wpns_register_customer" />
1217
- <div class="mo2f_table_layout">
1218
- <div style="margin-bottom:30px;">
1219
- <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1220
- <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Seems like email is already registered. Please click on already login buton</p></div>
1221
- <p> Please enter a valid email id that you have access to and password of your choice.</p>
1222
- <table class="mo_wpns_settings_table">
1223
- <tr>
1224
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1225
- <td><input class="mo_wpns_table_textbox" type="email" id="mo2f_email" name="email"
1226
- required placeholder="person@example.com" /></td>
1227
- </tr>
1228
-
1229
- <tr>
1230
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1231
- <td><input class="mo_wpns_table_textbox" required id= "mo2f_password" type="password"
1232
- name="password" placeholder="Choose your password (Min. length 6)" /></td>
1233
- </tr>
1234
- <tr>
1235
- <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1236
- <td><input class="mo_wpns_table_textbox" id= "mo2f_confirmPassword" required type="password"
1237
- name="confirmPassword" placeholder="Confirm your password" /></td>
1238
- </tr>
1239
- <tr>
1240
- <td>&nbsp;</td>
1241
- <td><br>
1242
- <a href="#mo2f_account_exist">Already have an account?</a>
1243
-
1244
- </tr>
1245
- </table>
1246
- </div>
1247
- </div>
1248
- </form>
1249
- <form name="f" id="mo2f_login_form" style="display: none;" method="post" action="">
1250
- <input type="hidden" name="option" value="mo_wpns_verify_customer" />
1251
- <div class="mo2f_table_layout">
1252
- <div style="margin-bottom:30px;">
1253
- <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1254
- <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Invalid Credentials</p></div>
1255
-
1256
- <p>Please enter your miniOrange email and password.<a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1257
- <table class="mo_wpns_settings_table">
1258
- <tr>
1259
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1260
- <td><input class="mo_wpns_table_textbox" type="email" id="mo2f_email_login" name="email"
1261
- required placeholder="person@example.com" /></td>
1262
- </tr>
1263
- <tr>
1264
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1265
- <td><input class="mo_wpns_table_textbox" required id= "mo2f_password_login" type="password"
1266
- name="password" placeholder="Enter your miniOrange password" /></td>
1267
- </tr>
1268
- <tr>
1269
- <td>&nbsp;</td>
1270
- <td><br>
1271
- <a href="#mo2f_register_new_account">Go Back to Registration Page</a>
1272
-
1273
- </tr>
1274
-
1275
- </table>
1276
- </div>
1277
- </div>
1278
- </form>
1279
-
1280
-
1281
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>>>
1282
- <br/>
1283
-
1284
-
1285
- <div class="mo2f-setup-wizard-step-footer">
1286
- <a href="#previousStep2"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1287
- <div class="mo2f-setup-wizard-step-footer-buttons">
1288
- <input type="button" name="mo2f_next_step2" id="mo2f_next_step2" class="mo2f-button mo2f-button-main" value="Create Account and continue" />
1289
-
1290
- </div>
1291
- </div>
1292
-
1293
-
1294
- </div>
1295
-
1296
- <div id="mo2f-setup-settings-error-loading-area3" style="width: 900px; display: none;">
1297
- <p class="mo2f-step-show"> Step 3 of 4</p>
1298
-
1299
- <h3 style="text-align:center;font-size: xx-large;"> Configure 2-factor authentication </h3>
1300
- <br>
1301
-
1302
- <div class="overlay_success" style="width:760px; display: none;" id= "mo2f_success_block_configuration">
1303
- <p class ="popup_text" id="mo2f_configure_success_message" >An OTP has been sent to the below email.</p>
1304
- <br><br></div>
1305
-
1306
- <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block_configuration">
1307
- <p class ="popup_text" id="mo2f_configure_Error_message" style="color: red;" >Invalid OTP</p>
1308
- </div>
1309
- <br><br>
1310
-
1311
- <div id="mo2f_main_content"> </div>
1312
-
1313
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>>>
1314
- <br/>
1315
-
1316
-
1317
-
1318
- <div class="mo2f-setup-wizard-step-footer">
1319
- <a href="#previousStep3"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1320
- <div class="mo2f-setup-wizard-step-footer-buttons">
1321
- <input type="button" name="mo2f_next_step3" id="mo2f_next_step3" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1322
-
1323
- </div>
1324
- </div>
1325
-
1326
-
1327
- </div>
1328
-
1329
- <div id="mo2f-setup-settings-error-loading-area4" style="width: 900px; display: none;">
1330
- <p class="mo2f-step-show"> Step 4 of 4</p>
1331
- <div style="text-align: center;">
1332
- <h3 style="text-align:center;font-size: xx-large;"> Congratulations! </h3>
1333
- <br>
1334
- You have successfully configured the two-factor authentication.
1335
- <br><br><br>
1336
- <input type="button" name="mo2f_next_step4" id="mo2f_next_step4" class="mo2f-button mo2f-button-main" value="Advance Settings" />
1337
-
1338
- </div>
1339
- </div>
1340
-
1341
- </div>
1342
-
1343
-
1344
- </div>
1345
- </div>
1346
-
1347
-
1348
-
1349
- <script type="text/javascript">
1350
-
1351
- jQuery('#mo2f_next_step4').click(function(e){
1352
- localStorage.setItem("last_tab", 'unlimittedUser_2fa');
1353
- window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1354
-
1355
- });
1356
-
1357
-
1358
- jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1359
- jQuery("#mo2f_get_started").click(function(e){
1360
- jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'none');
1361
- jQuery('#mo2f_methods_setup_wizard').css('display', 'block');
1362
-
1363
- });
1364
-
1365
- jQuery('a[href="#previousStep3"]').click(function(e){
1366
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1367
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1368
-
1369
- var selected_2FA_method = '';
1370
- var ele = document.getElementsByName('mo2f_selected_2factor_method');
1371
- for(i = 0; i < ele.length; i++) {
1372
- if(ele[i].checked)
1373
- selected_2FA_method = ele[i].value;
1374
- }
1375
- if(selected_2FA_method =='OTP Over SMS')
1376
- {
1377
- document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1378
- document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "block";
1379
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1380
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1381
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1382
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1383
- }
1384
- else
1385
- {
1386
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1387
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1388
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1389
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1390
- var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1391
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1392
- var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1393
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1394
- document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1395
- document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1396
-
1397
- }
1398
- });
1399
-
1400
- jQuery('a[href="#previousStep2"]').click(function(e){
1401
- document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1402
- document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1403
- var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1404
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1405
- var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1406
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1407
-
1408
- });
1409
-
1410
- jQuery('a[href="#previousStep1"]').click(function(e){
1411
- jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'block');
1412
- jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1413
-
1414
- });
1415
-
1416
- jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1417
- document.getElementById('mo2f_registration_form').style.display = "none";
1418
- document.getElementById('mo2f_login_form').style.display = "block";
1419
- document.getElementById('mo2f_next_step2').value = 'Login and Continue';
1420
- });
1421
-
1422
- jQuery('a[href=\"#mo2f_register_new_account\"]').click(function (e) {
1423
- document.getElementById('mo2f_registration_form').style.display = "block";
1424
- document.getElementById('mo2f_login_form').style.display = "none";
1425
- document.getElementById('mo2f_next_step2').value = 'Create Account and Continue';
1426
- });
1427
-
1428
- jQuery('#mo2f_next_step3').click(function(e){
1429
- document.getElementById('mo2f_loader').style.display = "block";
1430
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1431
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1432
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1433
-
1434
- var selected_2FA_method = '';
1435
- var ele = document.getElementsByName('mo2f_selected_2factor_method');
1436
- for(i = 0; i < ele.length; i++) {
1437
- if(ele[i].checked)
1438
- selected_2FA_method = ele[i].value;
1439
- }
1440
- var data ='';
1441
- if(selected_2FA_method == 'Google Authenticator')
1442
- {
1443
- data= { 'action':'mo_two_factor_ajax',
1444
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_GA_setup_wizard',
1445
- 'mo2f_google_auth_code' : jQuery('#mo2f_google_auth_code').val(),
1446
- 'mo2f_session_id' : jQuery('#mo2f_session_id').val()
1447
- };
1448
-
1449
- }
1450
- else if (selected_2FA_method =='OTP Over SMS')
1451
- {
1452
- data= { 'action':'mo_two_factor_ajax',
1453
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverSMS_setup_wizard',
1454
- 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1455
- };
1456
-
1457
- }
1458
- else if(selected_2FA_method == 'OTP Over Email')
1459
- {
1460
- data= { 'action':'mo_two_factor_ajax',
1461
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverEmail_setup_wizard',
1462
- 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1463
- };
1464
-
1465
- }
1466
- else if(selected_2FA_method == 'Security Questions')
1467
- {
1468
- data= { 'action':'mo_two_factor_ajax',
1469
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_KBA_setup_wizard',
1470
- 'mo2f_kbaquestion_1' : jQuery('#mo2f_kbaquestion_1').val(),
1471
- 'mo2f_kbaquestion_2' : jQuery('#mo2f_kbaquestion_2').val(),
1472
- 'mo2f_kbaquestion_3' : jQuery('#mo2f_kbaquestion_3').val(),
1473
- 'mo2f_kba_ans1' : jQuery('#mo2f_kba_ans1').val(),
1474
- 'mo2f_kba_ans2' : jQuery('#mo2f_kba_ans2').val(),
1475
- 'mo2f_kba_ans3' : jQuery('#mo2f_kba_ans3').val()
1476
- };
1477
-
1478
- }
1479
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1480
- jQuery.post(ajax_url, data, function(response){
1481
- document.getElementById('mo2f_loader').style.display = "none";
1482
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1483
-
1484
- if(response =='SUCCESS')
1485
- {
1486
- var lineElement = document.getElementById("mo2f-setup-wizard-line3");
1487
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1488
- var stepElement = document.getElementById("mo2f-setup-wizard-step4");
1489
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1490
- document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1491
- jQuery('#mo2f-setup-settings-error-loading-area4').css('display','block');
1492
-
1493
- }
1494
- else
1495
- {
1496
- document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1497
- document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1498
- }
1499
- });
1500
-
1501
- });
1502
-
1503
- jQuery("#mo2f_next_step2").click(function(e){
1504
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1505
- document.getElementById('mo2f_loader').style.display = "block";
1506
- document.getElementById('mo2f_Error_block').style.display = "none";
1507
- document.getElementById('mo2f_next_step2').disabled = true;
1508
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1509
- var email = jQuery("#mo2f_email").val();
1510
- var password = jQuery("#mo2f_password").val();
1511
- if(jQuery("#mo2f_next_step2").val() == 'Login and Continue')
1512
- {
1513
- email = jQuery("#mo2f_email_login").val();
1514
- password = jQuery("#mo2f_password_login").val();
1515
- }
1516
- var data= { 'action':'mo_two_factor_ajax',
1517
- 'mo_2f_two_factor_ajax' : 'mo_wpns_register_verify_customer',
1518
- 'email': email,
1519
- 'password':password,
1520
- 'confirmPassword' : jQuery("#mo2f_confirmPassword").val(),
1521
- 'Login and Continue' : jQuery("#mo2f_next_step2").val()
1522
- };
1523
-
1524
- jQuery.post(ajax_url, data, function(response){
1525
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1526
-
1527
- document.getElementById('mo2f_next_step2').disabled = false;
1528
- if(response == 'SUCCESS')
1529
- {
1530
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1531
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1532
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1533
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1534
- document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1535
- jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1536
-
1537
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1538
- var data= { 'action':'mo_two_factor_ajax',
1539
- 'mo_2f_two_factor_ajax' : 'mo_2fa_configure_OTPOverSMS_setup_wizard'
1540
- };
1541
- jQuery.post(ajax_url, data, function(response){
1542
-
1543
- document.getElementById('mo2f_loader').style.display = "none";
1544
- document.getElementById('mo2f_main_content').innerHTML = response;
1545
- jQuery("#phone").intlTelInput();
1546
-
1547
- jQuery('#mo2f_send_otp').click(function(e){
1548
- document.getElementById('mo2f_loader').style.display = "block";
1549
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1550
-
1551
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1552
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1553
-
1554
- var data = { 'action':'mo_two_factor_ajax',
1555
- 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1556
- 'phone' : jQuery('#phone').val(),
1557
- 'selected_2FA_method' : 'SMS'
1558
- };
1559
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1560
- jQuery.post(ajax_url, data, function(response){
1561
- document.getElementById('mo2f_loader').style.display = "none";
1562
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1563
-
1564
- if(response == 'SUCCESS')
1565
- {
1566
- $message = 'An OTP has been sent to the below phone number. Please enter the OTP to set the 2FA';
1567
- document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1568
- document.getElementById('mo2f_success_block_configuration').style.display = "block";
1569
-
1570
- }
1571
- else
1572
- {
1573
- document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1574
- document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1575
-
1576
- }
1577
- });
1578
-
1579
- });
1580
-
1581
- });
1582
- }
1583
- else
1584
- {
1585
- document.getElementById('mo2f_loader').style.display = "none";
1586
- document.getElementById('mo2f_Error_message').innerHTML = response;
1587
- document.getElementById('mo2f_Error_block').style.display = "block";
1588
- }
1589
-
1590
- });
1591
-
1592
- });
1593
-
1594
- jQuery("#mo2f_next_step1").click(function(e){
1595
- var ele = document.getElementsByName('mo2f_selected_2factor_method');
1596
- var selected_2FA_method = '';
1597
- for(i = 0; i < ele.length; i++) {
1598
- if(ele[i].checked)
1599
- selected_2FA_method = ele[i].value;
1600
- }
1601
-
1602
- if(selected_2FA_method == '')
1603
- {
1604
- return '';
1605
- }
1606
-
1607
- document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "none";
1608
- var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1609
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1610
- var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1611
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1612
-
1613
- if(selected_2FA_method !="OTP Over SMS" && selected_2FA_method != '')
1614
- {
1615
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1616
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1617
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1618
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1619
- jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1620
-
1621
- document.getElementById('mo2f_loader').style.display = "block";
1622
-
1623
- var mo2f_setup_call = "";
1624
- if(selected_2FA_method == "Google Authenticator")
1625
- {
1626
- mo2f_setup_call = "mo_2fa_configure_GA_setup_wizard";
1627
- }
1628
- else if(selected_2FA_method =="OTP Over Email")
1629
- {
1630
- mo2f_setup_call ="mo_2fa_configure_OTPOverEmail_setup_wizard";
1631
- }
1632
- else if (selected_2FA_method == "Security Questions")
1633
- {
1634
- mo2f_setup_call = "mo_2fa_configure_KBA_setup_wizard";
1635
- }
1636
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1637
- var data= { 'action':'mo_two_factor_ajax',
1638
- 'mo_2f_two_factor_ajax' : mo2f_setup_call
1639
- };
1640
- jQuery.post(ajax_url, data, function(response){
1641
- document.getElementById('mo2f_loader').style.display = "none";
1642
- document.getElementById('mo2f_main_content').innerHTML = response;
1643
-
1644
- if(selected_2FA_method == 'Google Authenticator')
1645
- {
1646
- jQuery('.mo2f_gauth').qrcode({
1647
- 'render': 'image',
1648
- size: 175,
1649
- 'text': jQuery('.mo2f_gauth').data('qrcode')
1650
- });
1651
- jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(e){
1652
- var element = document.getElementById('mo2f_scanbarcode_a');
1653
- if(element.style.display === 'none')
1654
- element.style.display = 'block';
1655
-
1656
- else
1657
- element.style.display = "none";
1658
- });
1659
-
1660
- }
1661
- else if(selected_2FA_method =='OTP Over Email')
1662
- {
1663
- jQuery('#mo2f_send_otp').click(function(e){
1664
- document.getElementById('mo2f_loader').style.display = "block";
1665
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1666
-
1667
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1668
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1669
-
1670
- var data = { 'action':'mo_two_factor_ajax',
1671
- 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1672
- 'phone' : jQuery('#phone').val(),
1673
- 'mo2f_session_id' : jQuery('#mo2f_session_id').val(),
1674
- 'selected_2FA_method' : 'OTP Over Email'
1675
- };
1676
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1677
- jQuery.post(ajax_url, data, function(response){
1678
- document.getElementById('mo2f_loader').style.display = "none";
1679
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1680
-
1681
- if(response == 'SUCCESS')
1682
- {
1683
- $message = 'An OTP has been sent to the below email please enter the OTP to set the 2FA';
1684
- document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1685
- document.getElementById('mo2f_success_block_configuration').style.display = "block";
1686
-
1687
- }
1688
- else
1689
- {
1690
- document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1691
- document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1692
-
1693
- }
1694
- });
1695
-
1696
- });
1697
- }
1698
- else if (selected_2FA_method =='Security Questions')
1699
- {
1700
-
1701
- var mo_option_to_hide1;
1702
- //hidden element in dropdown list 2
1703
- var mo_option_to_hide2;
1704
-
1705
- jQuery('#mo2f_kbaquestion_1').change(function(){
1706
- list = 1;
1707
- var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1708
- //if an element is currently hidden, unhide it
1709
- if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1710
- mo_option_to_hide1.style.display = 'block';
1711
- } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1712
- mo_option_to_hide2.style.display = 'block';
1713
- }
1714
- //select the element to hide and then hide it
1715
- if (list == 1) {
1716
- if (list_selected != 0) {
1717
- mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
1718
- mo_option_to_hide2.style.display = 'none';
1719
- }
1720
- }
1721
- });
1722
- jQuery('#mo2f_kbaquestion_2').change(function(){
1723
- list = 2;
1724
- var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1725
- //if an element is currently hidden, unhide it
1726
- if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1727
- mo_option_to_hide1.style.display = 'block';
1728
- } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1729
- mo_option_to_hide2.style.display = 'block';
1730
- }
1731
- //select the element to hide and then hide it
1732
- if (list == 2) {
1733
- if (list_selected != 0) {
1734
- mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
1735
- mo_option_to_hide1.style.display = 'none';
1736
- }
1737
- }
1738
- });
1739
-
1740
- }
1741
- });
1742
-
1743
-
1744
- }
1745
- else if(selected_2FA_method == 'OTP Over SMS')
1746
- {
1747
- jQuery('#mo2f-setup-settings-error-loading-area2').css('display','block');
1748
- }
1749
-
1750
-
1751
- });
1752
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
1753
-
1754
-
1755
- localStorage.setItem("last_tab", 'setup_2fa');
1756
- var selectedMethod = jQuery(this).val();
1757
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1758
- var nonce = "<?php echo wp_create_nonce( 'miniorange-select-method-setup-wizard' ); ?>";
1759
-
1760
- if(selectedMethod == 'Duo Authenticator' || selectedMethod =='OTP Over Telegram')
1761
- {
1762
- var data= { 'action':'mo_two_factor_ajax',
1763
- 'mo_2f_two_factor_ajax' : 'select_method_setup_wizard',
1764
- 'mo2f_method': selectedMethod,
1765
- 'nonce': nonce };
1766
-
1767
- jQuery.post(ajax_url, data, function(response){
1768
- window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1769
- });
1770
- }
1771
-
1772
- });
1773
-
1774
- jQuery('a[href="#skiptwofactor"]').click(function(e){
1775
- localStorage.setItem("last_tab", 'setup_2fa');
1776
- window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1777
- });
1778
-
1779
-
1780
- </script>
1781
- <?php
1782
- }
1783
-
1784
- /**
1785
- * Attempt to catch the js error preventing the Vue app from loading and displaying that message for better support.
1786
- *
1787
- * @since 2.6.0
1788
- */
1789
- private function settings_inline_js() {
1790
- ?>
1791
- <script type="text/javascript">
1792
- window.onerror = function myErrorHandler( errorMsg, url, lineNumber ) {
1793
- /* Don't try to put error in container that no longer exists post-vue loading */
1794
- var message_container = document.getElementById( 'mo2f-setup-nojs-error-message' );
1795
- if ( ! message_container ) {
1796
- return false;
1797
- }
1798
- var message = document.getElementById( 'mo2f-setup-alert-message' );
1799
- message.innerHTML = errorMsg;
1800
- message_container.style.display = 'block';
1801
- return false;
1802
- }
1803
- </script>
1804
- <?php
1805
- }
1806
-
1807
-
1808
- public function setup_wizard_content() {
1809
- $admin_url = is_network_admin() ? network_admin_url() : admin_url();
1810
-
1811
- $this->settings_error_page( 'mo2f-setup-vue-setup-wizard', '<a href="' . $admin_url . '">' . esc_html__( 'Go back to the Dashboard', 'mo2f-setup' ) . '</a>' );
1812
- $this->settings_inline_js();
1813
- }
1814
-
1815
- /**
1816
- * Outputs the simplified footer used for the Setup Wizard.
1817
- *
1818
- * @since 2.6.0
1819
- */
1820
- public function setup_wizard_footer() {
1821
- ?>
1822
- <?php wp_print_scripts( 'mo2f-setup-vue-script' ); ?>
1823
- </body>
1824
- </html>
1825
- <?php
1826
- }
1827
-
1828
-
1829
- function miniorange_auth_save_settings() {
1830
- if (get_site_option('mo2f_plugin_redirect')) {
1831
- delete_site_option('mo2f_plugin_redirect');
1832
-
1833
- do_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', $this );
1834
- wp_enqueue_script('jquery');
1835
- wp_enqueue_script('wp-mo2f-setup-wizard',plugins_url( 'includes/js/setup-wizard-2fa.js', dirname(dirname(__FILE__))));
1836
-
1837
- wp_localize_script(
1838
- 'wp-mo2f-setup-wizard',
1839
- 'mo2f_setup_wizard',[
1840
- 'ajax_url' => admin_url( 'admin-ajax.php' ),
1841
- 'plugin_url' => get_site_option('siteurl'),
1842
- 'nonce' => wp_create_nonce( 'mo2f-setup-wizard-nonce' )]
1843
- );
1844
- $this->setup_wizard_header();
1845
- $this->setup_wizard_content();
1846
- $this->setup_wizard_footer();
1847
- exit;
1848
- }
1849
- if ( array_key_exists( 'page', $_REQUEST ) && $_REQUEST['page'] == 'mo_2fa_two_fa' ) {
1850
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1851
- if(session_status() != PHP_SESSION_DISABLED )
1852
- session_start();
1853
- }
1854
- }
1855
-
1856
- global $user;
1857
- global $Mo2fdbQueries;
1858
- $defaultCustomerKey = $this->defaultCustomerKey;
1859
- $defaultApiKey = $this->defaultApiKey;
1860
-
1861
- $user = wp_get_current_user();
1862
- $user_id = $user->ID;
1863
-
1864
- if ( current_user_can( 'manage_options' ) ) {
1865
-
1866
- if(strlen(get_option('mo2f_encryption_key'))>17){
1867
- $get_encryption_key = MO2f_Utility::random_str(16);
1868
- update_option('mo2f_encryption_key',$get_encryption_key);
1869
- }
1870
-
1871
- if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_deactivate_account" ) {
1872
- $nonce = $_POST['mo_auth_deactivate_account_nonce'];
1873
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-deactivate-account-nonce' ) ) {
1874
- $error = new WP_Error();
1875
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1876
-
1877
- return $error;
1878
- } else {
1879
- $url = admin_url( 'plugins.php' );
1880
- wp_redirect( $url );
1881
- }
1882
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_remove_account" ) {
1883
- $nonce = $_POST['mo_auth_remove_account_nonce'];
1884
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-remove-account-nonce' ) ) {
1885
- $error = new WP_Error();
1886
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1887
- return $error;
1888
- } else {
1889
- update_option( 'mo2f_register_with_another_email', 1 );
1890
- $this->mo_auth_deactivate();
1891
- }
1892
- }else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_skiplogin'){
1893
- $nonce = $_POST['mo2f_skiplogin_nonce'];
1894
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skiplogin-failed-nonce' ) ) {
1895
- $error = new WP_Error();
1896
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1897
- return $error;
1898
- } else {
1899
- update_option('mo2f_tour_started',2);
1900
- }
1901
- }else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_userlogout'){
1902
- $nonce = $_POST['mo2f_userlogout_nonce'];
1903
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-userlogout-failed-nonce' ) ) {
1904
- $error = new WP_Error();
1905
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1906
- return $error;
1907
- } else {
1908
- update_option('mo2f_tour_started',2);
1909
- wp_logout();
1910
- wp_redirect(admin_url());
1911
- }
1912
- }else if(isset($_POST['option']) and $_POST['option'] == 'restart_plugin_tour'){
1913
- $nonce = $_POST['_wpnonce'];
1914
- if ( ! wp_verify_nonce( $nonce, 'restart_plugin_tour' ) ) {
1915
- $error = new WP_Error();
1916
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1917
- return $error;
1918
- } else {
1919
- $page = isset($_POST['page'])? $_POST['page'] : '';
1920
- $page = sanitize_text_field($page);
1921
- update_option('mo2f_two_factor_tour',0);
1922
- update_option('mo2f_tour_firewall',0);
1923
- update_option('mo2f_tour_loginSpam',0);
1924
- update_option('mo2f_tour_backup',0);
1925
- update_option('mo2f_tour_malware_scan',0);
1926
- update_option('mo2f_tour_advance_blocking',0);
1927
- switch ($_REQUEST['page']) {
1928
- case 'mo_2fa_two_fa':
1929
- update_option('mo2f_two_factor_tour',1);
1930
- break;
1931
- case 'mo_2fa_waf':
1932
- update_option('mo2f_tour_firewall',1);
1933
- break;
1934
- case 'mo_2fa_login_and_spam':
1935
- update_option('mo2f_tour_loginSpam',1);
1936
- break;
1937
- case 'mo_2fa_backup':
1938
- update_option('mo2f_tour_backup',1);
1939
- break;
1940
- case 'mo_2fa_malwarescan':
1941
- update_option('mo2f_tour_malware_scan',1);
1942
- break;
1943
- case 'mo_2fa_advancedblocking':
1944
- update_option('mo2f_tour_advance_blocking',1);
1945
- break;
1946
- }
1947
- if($page != '')
1948
- {
1949
- $url = get_option('siteurl').'/wp-admin/admin.php?page='.$page;
1950
- wp_redirect($url);
1951
- exit;
1952
- }
1953
- $redirect=explode('&',htmlentities($_SERVER['REQUEST_URI']))[0];
1954
- header("Location: ".$redirect);
1955
- return;
1956
- }
1957
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_save_proxy_settings" ) {
1958
- $nonce = $_POST['mo2f_save_proxy_settings_nonce'];
1959
- if ( ! wp_verify_nonce( $nonce, 'mo2f-save-proxy-settings-nonce' ) ) {
1960
- $error = new WP_Error();
1961
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1962
- return $error;
1963
- } else {
1964
- $proxyHost = $_POST['proxyHost'];
1965
- $portNumber = $_POST['portNumber'];
1966
- $proxyUsername = $_POST['proxyUsername'];
1967
- $proxyPassword = $_POST['proxyPass'];
1968
-
1969
- update_option( 'mo2f_proxy_host', $proxyHost );
1970
- update_option( 'mo2f_port_number', $portNumber );
1971
- update_option( 'mo2f_proxy_username', $proxyUsername );
1972
- update_option( 'mo2f_proxy_password', $proxyPassword );
1973
- update_option( 'mo2f_message', 'Proxy settings saved successfully.' );
1974
- $this->mo_auth_show_success_message();
1975
- }
1976
-
1977
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_register_customer" ) { //register the admin to miniOrange
1978
- //miniorange_register_customer_nonce
1979
- $nonce = $_POST['miniorange_register_customer_nonce'];
1980
- if ( ! wp_verify_nonce( $nonce, 'miniorange-register-customer-nonce' ) ) {
1981
- $error = new WP_Error();
1982
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1983
-
1984
- return $error;
1985
- } else {
1986
- //validate and sanitize
1987
- $email = '';
1988
- $password = '';
1989
- $confirmPassword = '';
1990
- $is_registration = get_user_meta( $user->ID, 'mo2f_email_otp_count', true );
1991
-
1992
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['confirmPassword'] ) ) {
1993
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
1994
-
1995
- return;
1996
- } else if ( strlen( $_POST['password'] ) < 6 || strlen( $_POST['confirmPassword'] ) < 6 ) {
1997
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "MIN_PASS_LENGTH" ) );
1998
-
1999
- } else {
2000
- $email = sanitize_email( $_POST['email'] );
2001
- $password = sanitize_text_field( $_POST['password'] );
2002
- $confirmPassword = sanitize_text_field( $_POST['confirmPassword'] );
2003
-
2004
- $email = strtolower( $email );
2005
-
2006
- $pattern = '/^[(\w)*(\!\@\#\$\%\^\&\*\.\-\_)*]+$/';
2007
-
2008
- if(preg_match($pattern,$password)){
2009
- if ( strcmp( $password, $confirmPassword ) == 0 ) {
2010
- update_option( 'mo2f_email', $email );
2011
-
2012
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2013
- update_option( 'mo2f_password', stripslashes( $password ) );
2014
- $customer = new Customer_Setup();
2015
- $customerKey = json_decode( $customer->check_customer(), true );
2016
-
2017
- if ( strcasecmp( $customerKey['status'], 'CUSTOMER_NOT_FOUND' ) == 0 ) {
2018
- if ( $customerKey['status'] == 'ERROR' ) {
2019
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $customerKey['message'] ) );
2020
- } else {
2021
- $this->mo2f_create_customer( $user );
2022
- delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2023
- delete_user_meta( $user->ID, 'register_account_popup' );
2024
- if(get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure'))
2025
- update_user_meta( $user->ID, 'configure_2FA', 1 );
2026
-
2027
- }
2028
- } else { //customer already exists, redirect him to login page
2029
-
2030
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_ALREADY_EXISTS" ) );
2031
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
2032
-
2033
- }
2034
-
2035
- } else {
2036
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PASSWORDS_MISMATCH" ) );
2037
- $this->mo_auth_show_error_message();
2038
- }
2039
- }
2040
- else{
2041
- update_option( 'mo2f_message', "Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*-_) should be present." );
2042
- $this->mo_auth_show_error_message();
2043
- }
2044
- }
2045
- }
2046
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_verify_customer" ) { //register the admin to miniOrange if already exist
2047
-
2048
- $nonce = $_POST['miniorange_verify_customer_nonce'];
2049
-
2050
- if ( ! wp_verify_nonce( $nonce, 'miniorange-verify-customer-nonce' ) ) {
2051
- $error = new WP_Error();
2052
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2053
-
2054
- return $error;
2055
- } else {
2056
-
2057
- //validation and sanitization
2058
- $email = '';
2059
- $password = '';
2060
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2061
-
2062
-
2063
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) ) {
2064
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2065
- $this->mo_auth_show_error_message();
2066
-
2067
- return;
2068
- } else {
2069
- $email = sanitize_email( $_POST['email'] );
2070
- $password = sanitize_text_field( $_POST['password'] );
2071
- }
2072
-
2073
- update_option( 'mo2f_email', $email );
2074
- update_option( 'mo2f_password', stripslashes( $password ) );
2075
- $customer = new Customer_Setup();
2076
- $content = $customer->get_customer_key();
2077
- $customerKey = json_decode( $content, true );
2078
-
2079
- if ( json_last_error() == JSON_ERROR_NONE ) {
2080
- if ( is_array( $customerKey ) && array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
2081
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
2082
- $this->mo_auth_show_error_message();
2083
- } else if ( is_array( $customerKey ) ) {
2084
- if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
2085
- update_option( 'mo2f_customerKey', $customerKey['id'] );
2086
- update_option( 'mo2f_api_key', $customerKey['apiKey'] );
2087
- update_option( 'mo2f_customer_token', $customerKey['token'] );
2088
- update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
2089
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
2090
- update_option( 'mo2f_miniorange_admin', $user->ID );
2091
-
2092
- $mo2f_emailVerification_config_status = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ? true : false;
2093
-
2094
- delete_option( 'mo2f_password' );
2095
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
2096
-
2097
- $Mo2fdbQueries->update_user_details( $user->ID, array(
2098
- 'mo2f_EmailVerification_config_status' => $mo2f_emailVerification_config_status,
2099
- 'mo2f_user_email' => get_option( 'mo2f_email' ),
2100
- 'user_registration_with_miniorange' => 'SUCCESS',
2101
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
2102
- 'mo2f_2factor_enable_2fa_byusers' => 1,
2103
- ) );
2104
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
2105
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2106
- $configured_2FA_method = 'NONE';
2107
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2108
- $enduser = new Two_Factor_Setup();
2109
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $user_email ), true );
2110
-
2111
- $mo2f_second_factor = 'NONE';
2112
- if ( json_last_error() == JSON_ERROR_NONE ) {
2113
- if ( $userinfo['status'] == 'SUCCESS' ) {
2114
- $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
2115
-
2116
- }
2117
- }
2118
- if ( $mo2f_second_factor != 'NONE' ) {
2119
- $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
2120
-
2121
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
2122
-
2123
- $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
2124
- $Mo2fdbQueries->update_user_details( $user->ID, array(
2125
- 'mo2f_configured_2FA_method' => $configured_2FA_method,
2126
- 'mo2f_' . $auth_method_abr . '_config_status' => true
2127
- ) );
2128
-
2129
- } else {
2130
- if ( in_array( $configured_2FA_method, array(
2131
- 'Email Verification',
2132
- 'Authy Authenticator',
2133
- 'OTP over SMS'
2134
- ) ) ) {
2135
- $enduser->mo2f_update_userinfo( $user_email, 'NONE', null, '', true );
2136
- }
2137
- }
2138
-
2139
-
2140
- }
2141
-
2142
- $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
2143
- if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
2144
- $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '.';
2145
- }
2146
- $mo2f_message .= ' ' . '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
2147
-
2148
- delete_user_meta( $user->ID, 'register_account_popup' );
2149
-
2150
- $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
2151
- if ( ! empty( $mo2f_customer_selected_plan ) ) {
2152
- delete_option( 'mo2f_customer_selected_plan' );
2153
- header( 'Location: admin.php?page=mo_2fa_upgrade' );
2154
- } else if ( $mo2f_second_factor == 'NONE' ) {
2155
- update_user_meta( $user->ID, 'configure_2FA', 1 );
2156
- }
2157
-
2158
- update_option( 'mo2f_message', $mo2f_message );
2159
- $this->mo_auth_show_success_message();
2160
- } else {
2161
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
2162
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
2163
- update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
2164
- $this->mo_auth_show_error_message();
2165
- }
2166
-
2167
- }
2168
- } else {
2169
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
2170
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
2171
- update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
2172
- $this->mo_auth_show_error_message();
2173
- }
2174
-
2175
- delete_option( 'mo2f_password' );
2176
- }
2177
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_phone_verification' ) { //at registration time
2178
- $phone = sanitize_text_field( $_POST['phone_number'] );
2179
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $phone ) );
2180
-
2181
- $phone = str_replace( ' ', '', $phone );
2182
- $auth_type = 'SMS';
2183
- $customer = new Customer_Setup();
2184
-
2185
- $send_otp_response = json_decode( $customer->send_otp_token( $phone, $auth_type, $defaultCustomerKey, $defaultApiKey ), true );
2186
-
2187
- if ( strcasecmp( $send_otp_response['status'], 'SUCCESS' ) == 0 ) {
2188
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2189
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2190
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $send_otp_response['txId'] );
2191
-
2192
- if ( get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) ) {
2193
- update_option( 'mo2f_message', 'Another One Time Passcode has been sent <b>( ' . get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) . ' )</b> for verification to ' . $phone );
2194
- update_user_meta( $user->ID, 'mo2f_sms_otp_count', get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) + 1 );
2195
- } else {
2196
- update_option( 'mo2f_message', 'One Time Passcode has been sent for verification to ' . $phone );
2197
- update_user_meta( $user->ID, 'mo2f_sms_otp_count', 1 );
2198
- }
2199
-
2200
- $this->mo_auth_show_success_message();
2201
- } else {
2202
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SENDING_SMS" ) );
2203
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2204
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2205
- $this->mo_auth_show_error_message();
2206
- }
2207
-
2208
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_resend_otp" ) { //resend OTP over email for admin
2209
-
2210
- $nonce = $_POST['mo_2factor_resend_otp_nonce'];
2211
-
2212
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-otp-nonce' ) ) {
2213
- $error = new WP_Error();
2214
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2215
-
2216
- return $error;
2217
- } else {
2218
- $customer = new Customer_Setup();
2219
- $content = json_decode( $customer->send_otp_token( get_option( 'mo2f_email' ), 'EMAIL', $defaultCustomerKey, $defaultApiKey ), true );
2220
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2221
- if ( get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) ) {
2222
- update_user_meta( $user->ID, 'mo2f_email_otp_count', get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) + 1 );
2223
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "RESENT_OTP" ) . ' <b>( ' . get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) . ' )</b> to <b>' . ( get_option( 'mo2f_email' ) ) . '</b> ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2224
- } else {
2225
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . '<b> ' . ( get_option( 'mo2f_email' ) ) . ' </b>' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2226
- update_user_meta( $user->ID, 'mo2f_email_otp_count', 1 );
2227
- }
2228
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2229
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2230
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2231
- $this->mo_auth_show_success_message();
2232
- } else {
2233
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
2234
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2235
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2236
- $this->mo_auth_show_error_message();
2237
- }
2238
- }
2239
-
2240
-
2241
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_dismiss_notice_option" ) {
2242
- update_option( 'mo2f_bug_fix_done', 1 );
2243
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_validate_otp" ) { //validate OTP over email for admin
2244
-
2245
- $nonce = $_POST['mo_2factor_validate_otp_nonce'];
2246
-
2247
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-otp-nonce' ) ) {
2248
- $error = new WP_Error();
2249
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2250
-
2251
- return $error;
2252
- } else {
2253
- //validation and sanitization
2254
- $otp_token = '';
2255
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2256
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2257
- $this->mo_auth_show_error_message();
2258
-
2259
- return;
2260
- } else {
2261
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2262
- }
2263
-
2264
- $customer = new Customer_Setup();
2265
-
2266
- $transactionId = get_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', true );
2267
-
2268
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $transactionId, $otp_token, $defaultCustomerKey, $defaultApiKey ), true );
2269
-
2270
- if ( $content['status'] == 'ERROR' ) {
2271
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2272
-
2273
- } else {
2274
-
2275
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
2276
- $this->mo2f_create_customer( $user );
2277
- delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2278
- delete_user_meta( $user->ID, 'register_account_popup' );
2279
- update_user_meta( $user->ID, 'configure_2FA', 1 );
2280
- } else { // OTP Validation failed.
2281
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2282
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_OTP_DELIVERED_FAILURE' ) );
2283
-
2284
- }
2285
- }
2286
- }
2287
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_validate_user_otp" ) { //validate OTP over email for additional admin
2288
-
2289
- //validation and sanitization
2290
- $nonce = $_POST['mo_2factor_validate_user_otp_nonce'];
2291
-
2292
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-user-otp-nonce' ) ) {
2293
- $error = new WP_Error();
2294
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2295
-
2296
- return $error;
2297
- } else {
2298
- $otp_token = '';
2299
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2300
- update_option( 'mo2f_message', 'All the fields are required. Please enter valid entries.' );
2301
- $this->mo_auth_show_error_message();
2302
-
2303
- return;
2304
- } else {
2305
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2306
- }
2307
-
2308
- $user_email = get_user_meta( $user->ID, 'user_email', true );
2309
-
2310
- $customer = new Customer_Setup();
2311
- $mo2f_transactionId = isset( $_SESSION['mo2f_transactionId'] ) && ! empty( $_SESSION['mo2f_transactionId'] ) ? $_SESSION['mo2f_transactionId'] : get_option( 'mo2f_transactionId' );
2312
-
2313
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', '', $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2314
-
2315
- if ( $content['status'] == 'ERROR' ) {
2316
- update_option( 'mo2f_message', $content['message'] );
2317
- $this->mo_auth_show_error_message();
2318
- } else {
2319
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated and generate QRCode
2320
- $this->mo2f_create_user( $user, $user_email );
2321
- delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2322
- } else {
2323
- update_option( 'mo2f_message', 'Invalid OTP. Please try again.' );
2324
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_OTP_DELIVERED_FAILURE' ) );
2325
- $this->mo_auth_show_error_message();
2326
- }
2327
- }
2328
-
2329
- }
2330
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_send_query" ) { //Help me or support
2331
- $nonce = $_POST['mo_2factor_send_query_nonce'];
2332
-
2333
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-send-query-nonce' ) ) {
2334
- $error = new WP_Error();
2335
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2336
-
2337
- return $error;
2338
- } else {
2339
-
2340
- $query = '';
2341
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['EMAIL_MANDATORY'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['query'] ) ) {
2342
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_MANDATORY" ) );
2343
- $this->mo_auth_show_error_message();
2344
-
2345
- return;
2346
- } else {
2347
- $query = sanitize_text_field( $_POST['query'] );
2348
- $email = sanitize_text_field( $_POST['EMAIL_MANDATORY'] );
2349
- $phone = sanitize_text_field( $_POST['query_phone'] );
2350
- $contact_us = new Customer_Setup();
2351
- $submited = json_decode( $contact_us->submit_contact_us( $email, $phone, $query ), true );
2352
- if ( json_last_error() == JSON_ERROR_NONE ) {
2353
- if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) {
2354
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $submited['message'] ) );
2355
- $this->mo_auth_show_error_message();
2356
- } else {
2357
- if ( $submited == false ) {
2358
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SUBMITTING_QUERY" ) );
2359
- $this->mo_auth_show_error_message();
2360
- } else {
2361
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "QUERY_SUBMITTED_SUCCESSFULLY" ) );
2362
- $this->mo_auth_show_success_message();
2363
- }
2364
- }
2365
- }
2366
-
2367
- }
2368
- }
2369
- }
2370
-
2371
- else if(isset( $_POST['option'] ) and $_POST['option'] == 'woocommerce_disable_login_prompt' ){
2372
- if(isset($_POST['woocommerce_login_prompt'])){
2373
- update_site_option('mo2f_woocommerce_login_prompt' , true);
2374
- }
2375
- else{
2376
- update_site_option('mo2f_woocommerce_login_prompt' , false);
2377
- }
2378
- }
2379
-
2380
- else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_auth_advanced_options_save' ) {
2381
- update_option( 'mo2f_message', 'Your settings are saved successfully.' );
2382
- $this->mo_auth_show_success_message();
2383
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_auth_login_settings_save' ) {
2384
- $nonce = $_POST['mo_auth_login_settings_save_nonce'];
2385
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-login-settings-save-nonce' ) ) {
2386
- $error = new WP_Error();
2387
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2388
- return $error;
2389
- } else {
2390
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
2391
- if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM ) {
2392
-
2393
- if($_POST['mo2f_login_option'] == 0 && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option')){
2394
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "LOGIN_WITH_2ND_FACTOR" ) );
2395
- $this->mo_auth_show_error_message();
2396
- }else{
2397
- update_option( 'mo2f_login_option', isset( $_POST['mo2f_login_option'] ) ? $_POST['mo2f_login_option'] : 0 );
2398
- update_option( 'mo2f_remember_device', isset( $_POST['mo2f_remember_device'] ) ? $_POST['mo2f_remember_device'] : 0 );
2399
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') == 0 ) {
2400
- update_option( 'mo2f_remember_device', 0 );
2401
- }
2402
- if(isset($_POST['mo2f_enable_login_with_2nd_factor']))
2403
- {
2404
- update_option('mo2f_login_option',1);
2405
- }
2406
- update_option( 'mo2f_enable_forgotphone', isset( $_POST['mo2f_forgotphone'] ) ? $_POST['mo2f_forgotphone'] : 0 );
2407
- update_option( 'mo2f_enable_login_with_2nd_factor', isset( $_POST['mo2f_login_with_username_and_2factor'] ) ? $_POST['mo2f_login_with_username_and_2factor'] : 0 );
2408
- update_option( 'mo2f_enable_xmlrpc', isset( $_POST['mo2f_enable_xmlrpc'] ) ? $_POST['mo2f_enable_xmlrpc'] : 0 );
2409
- if ( get_option( 'mo2f_remember_device' ) && ! get_option( 'mo2f_app_secret' ) ) {
2410
- $get_app_secret = new Miniorange_Rba_Attributes();
2411
- $rba_response = json_decode( $get_app_secret->mo2f_get_app_secret(), true ); //fetch app secret
2412
- if ( json_last_error() == JSON_ERROR_NONE ) {
2413
- if ( $rba_response['status'] == 'SUCCESS' ) {
2414
- update_option( 'mo2f_app_secret', $rba_response['appSecret'] );
2415
- } else {
2416
- update_option( 'mo2f_remember_device', 0 );
2417
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_SETTINGS" ) );
2418
- $this->mo_auth_show_error_message();
2419
- }
2420
- } else {
2421
- update_option( 'mo2f_remember_device', 0 );
2422
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_SETTINGS" ) );
2423
- $this->mo_auth_show_error_message();
2424
- }
2425
- }
2426
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "SETTINGS_SAVED" ) );
2427
- $this->mo_auth_show_success_message();
2428
- }
2429
-
2430
- } else {
2431
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQUEST" ) );
2432
- $this->mo_auth_show_error_message();
2433
- }
2434
- }
2435
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
2436
- $customer = new Customer_Setup();
2437
- $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
2438
- if ( ! array_key_exists( 'smsRemaining', $content ) ) {
2439
- $smsRemaining = 0;
2440
- } else {
2441
- $smsRemaining = $content['smsRemaining'];
2442
- if ( $smsRemaining == null ) {
2443
- $smsRemaining = 0;
2444
- }
2445
- }
2446
- update_option( 'mo2f_number_of_transactions', $smsRemaining );
2447
- }
2448
-
2449
-
2450
- }
2451
-
2452
- if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_fix_database_error' ) {
2453
- $nonce = $_POST['mo2f_fix_database_error_nonce'];
2454
-
2455
- if ( ! wp_verify_nonce( $nonce, 'mo2f-fix-database-error-nonce' ) ) {
2456
- $error = new WP_Error();
2457
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2458
-
2459
- return $error;
2460
- } else {
2461
- global $Mo2fdbQueries;
2462
-
2463
- $Mo2fdbQueries->database_table_issue();
2464
-
2465
- }
2466
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
2467
- $nonce = $_POST['mo2f_registration_closed_nonce'];
2468
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
2469
- $error = new WP_Error();
2470
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2471
- return $error;
2472
- } else {
2473
- delete_user_meta( $user->ID, 'register_account_popup' );
2474
- $mo2f_message = 'Please set up the second-factor by clicking on Configure button.';
2475
- update_option( 'mo2f_message', $mo2f_message );
2476
- $this->mo_auth_show_success_message();
2477
- }
2478
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_goto_verifycustomer" ) {
2479
- $nonce = $_POST['mo2f_goto_verifycustomer_nonce'];
2480
- if ( ! wp_verify_nonce( $nonce, 'mo2f-goto-verifycustomer-nonce' ) ) {
2481
- $error = new WP_Error();
2482
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2483
- return $error;
2484
- } else {
2485
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2486
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_YOUR_EMAIL_PASSWORD" ) );
2487
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
2488
- }
2489
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_gobackto_registration_page' ) { //back to registration page for admin
2490
- $nonce = $_POST['mo_2factor_gobackto_registration_page_nonce'];
2491
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-gobackto-registration-page-nonce' ) ) {
2492
- $error = new WP_Error();
2493
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2494
- return $error;
2495
- } else {
2496
- delete_option( 'mo2f_email' );
2497
- delete_option( 'mo2f_password' );
2498
- update_option( 'mo2f_message', "" );
2499
-
2500
- MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
2501
- delete_option( 'mo2f_transactionId' );
2502
- delete_user_meta( $user->ID, 'mo2f_sms_otp_count' );
2503
- delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
2504
- delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
2505
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'REGISTRATION_STARTED' ) );
2506
- }
2507
-
2508
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_skip_feedback' ) {
2509
-
2510
- $nonce = $_POST['mo2f_skip_feedback_nonce'];
2511
-
2512
- if ( ! wp_verify_nonce( $nonce, 'mo2f-skip-feedback-nonce' ) ) {
2513
- $error = new WP_Error();
2514
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2515
-
2516
- return $error;
2517
- } else {
2518
- deactivate_plugins( '/miniorange-2-factor-authentication/miniorange_2_factor_settings.php' );
2519
- }
2520
-
2521
- }else if ( isset( $_POST['mo2f_feedback'] ) and $_POST['mo2f_feedback'] == 'mo2f_feedback' ) {
2522
-
2523
- $nonce = $_POST['mo2f_feedback_nonce'];
2524
-
2525
- if ( ! wp_verify_nonce( $nonce, 'mo2f-feedback-nonce' ) ) {
2526
- $error = new WP_Error();
2527
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2528
-
2529
- return $error;
2530
- } else {
2531
- $reasons_not_to_worry_about = array( "Upgrading to Standard / Premium", "Temporary deactivation - Testing" );
2532
-
2533
- $message = 'Plugin Deactivated:';
2534
-
2535
- if ( isset( $_POST['deactivate_plugin'] ) ) {
2536
- if ( $_POST['query_feedback'] == '' and $_POST['deactivate_plugin'] == 'Other Reasons:' ) {
2537
- // feedback add
2538
- update_option( 'mo2f_message', 'Please let us know the reason for deactivation so that we improve the user experience.' );
2539
- } else {
2540
-
2541
- if ( ! in_array( $_POST['deactivate_plugin'], $reasons_not_to_worry_about ) ) {
2542
-
2543
- $message .= $_POST['deactivate_plugin'];
2544
-
2545
- if ( $_POST['query_feedback'] != '' ) {
2546
- $message .= ':' . $_POST['query_feedback'];
2547
- }
2548
-
2549
-
2550
- if($_POST['deactivate_plugin'] == "Conflicts with other plugins"){
2551
- $plugin_selected = $_POST['plugin_selected'];
2552
- $plugin = MO2f_Utility::get_plugin_name_by_identifier($plugin_selected);
2553
-
2554
- $message .= ", Plugin selected - " . $plugin . ".";
2555
- }
2556
-
2557
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2558
- if ( $email == '' ) {
2559
- $email = $user->user_email;
2560
- }
2561
-
2562
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );;
2563
-
2564
- $contact_us = new Customer_Setup();
2565
- $submited = json_decode( $contact_us->send_email_alert( $email, $phone, $message ), true );
2566
-
2567
- if ( json_last_error() == JSON_ERROR_NONE ) {
2568
- if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) {
2569
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $submited['message'] ) );
2570
- $this->mo_auth_show_error_message();
2571
- } else {
2572
- if ( $submited == false ) {
2573
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SUBMITTING_QUERY" ) );
2574
- $this->mo_auth_show_error_message();
2575
- } else {
2576
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "QUERY_SUBMITTED_SUCCESSFULLY" ) );
2577
- $this->mo_auth_show_success_message();
2578
- }
2579
- }
2580
- }
2581
- }
2582
-
2583
- deactivate_plugins( '/miniorange-2-factor-authentication/miniorange_2_factor_settings.php' );
2584
-
2585
- }
2586
-
2587
- } else {
2588
- update_option( 'mo2f_message', 'Please Select one of the reasons if your reason isnot mention please select Other Reasons' );
2589
-
2590
- }
2591
- }
2592
-
2593
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_resend_user_otp" ) { //resend OTP over email for additional admin and non-admin user
2594
-
2595
- $nonce = $_POST['mo_2factor_resend_user_otp_nonce'];
2596
-
2597
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-user-otp-nonce' ) ) {
2598
- $error = new WP_Error();
2599
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2600
-
2601
- return $error;
2602
- } else {
2603
- $customer = new Customer_Setup();
2604
- $content = json_decode( $customer->send_otp_token( get_user_meta( $user->ID, 'user_email', true ), 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2605
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2606
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( get_user_meta( $user->ID, 'user_email', true ) ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2607
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2608
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2609
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2610
- $this->mo_auth_show_success_message();
2611
- } else {
2612
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
2613
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2614
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2615
- $this->mo_auth_show_error_message();
2616
-
2617
- }
2618
- }
2619
-
2620
- }else if ( isset( $_POST['option'] ) and ( $_POST['option'] == "mo2f_configure_miniorange_authenticator_validate" || $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete' ) ) { //mobile registration successfully complete for all users
2621
-
2622
- $nonce = $_POST['mo2f_configure_miniorange_authenticator_validate_nonce'];
2623
-
2624
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-miniorange-authenticator-validate-nonce' ) ) {
2625
- $error = new WP_Error();
2626
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2627
-
2628
- return $error;
2629
- } else {
2630
- delete_option( 'mo2f_transactionId' );
2631
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
2632
- MO2f_Utility::unset_session_variables( $session_variables );
2633
-
2634
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2635
- $TwoFA_method_to_configure = sanitize_text_field($_POST['mo2f_method']);
2636
- $enduser = new Two_Factor_Setup();
2637
- $current_method = MO2f_Utility::mo2f_decode_2_factor( $TwoFA_method_to_configure, "server" );
2638
-
2639
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, null, null, null ), true );
2640
-
2641
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2642
- if ( $response['status'] == 'ERROR' ) {
2643
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
2644
-
2645
- $this->mo_auth_show_error_message();
2646
-
2647
-
2648
- } else if ( $response['status'] == 'SUCCESS' ) {
2649
-
2650
- $selectedMethod = $TwoFA_method_to_configure;
2651
-
2652
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
2653
-
2654
-
2655
- $Mo2fdbQueries->update_user_details( $user->ID, array(
2656
- 'mo2f_configured_2FA_method' => $selectedMethod,
2657
- 'mobile_registration_status' => true,
2658
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
2659
- 'mo2f_miniOrangeSoftToken_config_status' => true,
2660
- 'mo2f_miniOrangePushNotification_config_status' => true,
2661
- 'user_registration_with_miniorange' => 'SUCCESS',
2662
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
2663
- ) );
2664
-
2665
- delete_user_meta( $user->ID, 'configure_2FA' );
2666
- //update_user_meta( $user->ID, 'currentMethod' , $selectedMethod);
2667
- mo2f_display_test_2fa_notification($user);
2668
-
2669
- } else {
2670
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
2671
- $this->mo_auth_show_error_message();
2672
- }
2673
-
2674
- } else {
2675
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2676
- $this->mo_auth_show_error_message();
2677
- }
2678
- }
2679
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_success' ) { // mobile registration for all users(common)
2680
-
2681
- $nonce = $_POST['mo2f_mobile_authenticate_success_nonce'];
2682
-
2683
- if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-success-nonce' ) ) {
2684
- $error = new WP_Error();
2685
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2686
-
2687
- return $error;
2688
- } else {
2689
-
2690
- if ( current_user_can( 'manage_options' ) ) {
2691
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2692
- } else {
2693
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2694
- }
2695
-
2696
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
2697
- MO2f_Utility::unset_session_variables( $session_variables );
2698
-
2699
- delete_user_meta( $user->ID, 'test_2FA' );
2700
- $this->mo_auth_show_success_message();
2701
- }
2702
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_error' ) { //mobile registration failed for all users(common)
2703
- $nonce = $_POST['mo2f_mobile_authenticate_error_nonce'];
2704
-
2705
- if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-error-nonce' ) ) {
2706
- $error = new WP_Error();
2707
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2708
-
2709
- return $error;
2710
- } else {
2711
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "AUTHENTICATION_FAILED" ) );
2712
- MO2f_Utility::unset_session_variables( 'mo2f_show_qr_code' );
2713
- $this->mo_auth_show_error_message();
2714
- }
2715
-
2716
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_setting_configuration" ) // redirect to setings page
2717
- {
2718
-
2719
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS' ) );
2720
-
2721
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_refresh_mobile_qrcode" ) { // refrsh Qrcode for all users
2722
-
2723
- $nonce = $_POST['mo_auth_refresh_mobile_qrcode_nonce'];
2724
-
2725
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-refresh-mobile-qrcode-nonce' ) ) {
2726
- $error = new WP_Error();
2727
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2728
-
2729
- return $error;
2730
- } else {
2731
- $session_id = sanitize_text_field($_POST['mo2f_session_id']);
2732
- $twofactor_transactions = new Mo2fDB;
2733
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
2734
-
2735
- if($exceeded){
2736
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
2737
- $this->mo_auth_show_error_message();
2738
- return;
2739
- }
2740
-
2741
- $mo_2factor_user_registration_status = get_option( 'mo_2factor_user_registration_status');
2742
- if ( in_array( $mo_2factor_user_registration_status, array(
2743
- 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR',
2744
- 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION',
2745
- 'MO_2_FACTOR_PLUGIN_SETTINGS'
2746
- ) ) ) {
2747
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2748
- $this->mo2f_get_qr_code_for_mobile( $email, $user->ID, $session_id );
2749
-
2750
- } else {
2751
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "REGISTER_WITH_MO" ) );
2752
- $this->mo_auth_show_error_message();
2753
-
2754
- }
2755
- }
2756
- }else if ( isset( $_POST['mo2fa_register_to_upgrade_nonce'] ) ) { //registration with miniOrange for upgrading
2757
- $nonce = $_POST['mo2fa_register_to_upgrade_nonce'];
2758
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-user-reg-to-upgrade-nonce' ) ) {
2759
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2760
- } else {
2761
- $requestOrigin = $_POST['requestOrigin'];
2762
- update_option( 'mo2f_customer_selected_plan', $requestOrigin );
2763
- header( 'Location: admin.php?page=mo_2fa_account' );
2764
-
2765
- }
2766
- }else if ( isset( $_POST['miniorange_get_started'] ) && isset( $_POST['miniorange_user_reg_nonce'] ) ) { //registration with miniOrange for additional admin and non-admin
2767
- $nonce = $_POST['miniorange_user_reg_nonce'];
2768
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2769
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-user-reg-nonce' ) ) {
2770
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2771
- } else {
2772
- $email = '';
2773
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo_useremail'] ) ) {
2774
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_EMAILID" ) );
2775
-
2776
- return;
2777
- } else {
2778
- $email = sanitize_email( $_POST['mo_useremail'] );
2779
- }
2780
-
2781
- if ( ! MO2f_Utility::check_if_email_is_already_registered( $email ) ) {
2782
- update_user_meta( $user->ID, 'user_email', $email );
2783
-
2784
- $enduser = new Two_Factor_Setup();
2785
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
2786
-
2787
- if ( json_last_error() == JSON_ERROR_NONE ) {
2788
- if ( $check_user['status'] == 'ERROR' ) {
2789
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
2790
- $this->mo_auth_show_error_message();
2791
-
2792
- return;
2793
- } else if ( strcasecmp( $check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER' ) == 0 ) {
2794
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_IN_USE" ) );
2795
- $this->mo_auth_show_error_message();
2796
-
2797
- return;
2798
- } else if ( strcasecmp( $check_user['status'], 'USER_FOUND' ) == 0 || strcasecmp( $check_user['status'], 'USER_NOT_FOUND' ) == 0 ) {
2799
-
2800
-
2801
- $enduser = new Customer_Setup();
2802
- $content = json_decode( $enduser->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2803
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2804
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2805
- $_SESSION['mo2f_transactionId'] = $content['txId'];
2806
- update_option( 'mo2f_transactionId', $content['txId'] );
2807
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2808
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2809
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2810
- $this->mo_auth_show_success_message();
2811
- } else {
2812
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2813
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2814
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_OVER_EMAIL" ) );
2815
- $this->mo_auth_show_error_message();
2816
- }
2817
-
2818
-
2819
- }
2820
- }
2821
- } else {
2822
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_IN_USE" ) );
2823
- $this->mo_auth_show_error_message();
2824
- }
2825
- }
2826
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_backto_user_registration' ) { //back to registration page for additional admin and non-admin
2827
- $nonce = $_POST['mo_2factor_backto_user_registration_nonce'];
2828
-
2829
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-backto-user-registration-nonce' ) ) {
2830
- $error = new WP_Error();
2831
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2832
-
2833
- return $error;
2834
- } else {
2835
- delete_user_meta( $user->ID, 'user_email' );
2836
- $Mo2fdbQueries->delete_user_details( $user->ID );
2837
- MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
2838
- delete_option( 'mo2f_transactionId' );
2839
- }
2840
-
2841
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_soft_token' ) { // validate Soft Token during test for all users
2842
-
2843
- $nonce = $_POST['mo2f_validate_soft_token_nonce'];
2844
-
2845
-
2846
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-soft-token-nonce' ) ) {
2847
- $error = new WP_Error();
2848
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2849
-
2850
- return $error;
2851
- } else {
2852
- $otp_token = '';
2853
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2854
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
2855
- $this->mo_auth_show_error_message();
2856
-
2857
- return;
2858
- } else {
2859
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2860
- }
2861
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2862
- $customer = new Customer_Setup();
2863
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2864
- if ( $content['status'] == 'ERROR' ) {
2865
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2866
- $this->mo_auth_show_error_message();
2867
- } else {
2868
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated and generate QRCode
2869
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2870
-
2871
- delete_user_meta( $user->ID, 'test_2FA' );
2872
- $this->mo_auth_show_success_message();
2873
-
2874
-
2875
- } else { // OTP Validation failed.
2876
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2877
- $this->mo_auth_show_error_message();
2878
-
2879
- }
2880
- }
2881
- }
2882
- }
2883
-
2884
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_Telegram' ) { //validate otp over Telegram
2885
-
2886
- $nonce = $_POST['mo2f_validate_otp_over_Telegram_nonce'];
2887
-
2888
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-Telegram-nonce' ) ) {
2889
- $error = new WP_Error();
2890
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2891
-
2892
- return $error;
2893
- } else {
2894
-
2895
- $otp = sanitize_text_field($_POST['otp_token']);
2896
- $otpToken = get_user_meta($user->ID,'mo2f_otp_token',true);
2897
-
2898
- $time = get_user_meta($user->ID,'mo2f_telegram_time',true);
2899
- $accepted_time = time()-300;
2900
- $time = (int)$time;
2901
- global $Mo2fdbQueries;
2902
- if($otp == $otpToken)
2903
- {
2904
- if($accepted_time<$time){
2905
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2906
- delete_user_meta( $user->ID, 'test_2FA' );
2907
- delete_user_meta($user->ID,'mo2f_telegram_time');
2908
-
2909
- $this->mo_auth_show_success_message();
2910
-
2911
- }
2912
- else
2913
- {
2914
- update_option( 'mo2f_message', 'OTP has been expired please initiate another transaction for verification' );
2915
- delete_user_meta( $user->ID, 'test_2FA' );
2916
- $this->mo_auth_show_error_message();
2917
-
2918
- }
2919
- }
2920
- else
2921
- {
2922
- update_option( 'mo2f_message', 'Wrong OTP Please try again.' );
2923
- $this->mo_auth_show_error_message();
2924
-
2925
- }
2926
- }
2927
- }
2928
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_sms' ) { //validate otp over sms and phone call during test for all users
2929
-
2930
- $nonce = $_POST['mo2f_validate_otp_over_sms_nonce'];
2931
-
2932
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-sms-nonce' ) ) {
2933
- $error = new WP_Error();
2934
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2935
-
2936
- return $error;
2937
- } else {
2938
- $otp_token = '';
2939
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2940
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
2941
- $this->mo_auth_show_error_message();
2942
-
2943
- return;
2944
- } else {
2945
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2946
- }
2947
- $mo2f_transactionId = get_user_meta($user->ID, 'mo2f_transactionId', true);
2948
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2949
- $selected_2_2factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2950
- $customer = new Customer_Setup();
2951
- $content = json_decode( $customer->validate_otp_token($selected_2_2factor_method , $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2952
-
2953
- if ( $content['status'] == 'ERROR' ) {
2954
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2955
- $this->mo_auth_show_error_message();
2956
- } else {
2957
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
2958
- if ( current_user_can( 'manage_options' ) ) {
2959
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2960
- } else {
2961
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( "COMPLETED_TEST" ) );
2962
- }
2963
-
2964
- delete_user_meta( $user->ID, 'test_2FA' );
2965
- $this->mo_auth_show_success_message();
2966
-
2967
- } else {
2968
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2969
- $this->mo_auth_show_error_message();
2970
- }
2971
-
2972
- }
2973
- }
2974
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_out_of_band_success' ) {
2975
- $nonce = $_POST['mo2f_out_of_band_success_nonce'];
2976
-
2977
- if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-success-nonce' ) ) {
2978
- $error = new WP_Error();
2979
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2980
-
2981
- return $error;
2982
- } else {
2983
- $show = 1;
2984
- if(MO2F_IS_ONPREM )
2985
- {
2986
- $txid = isset($_POST['TxidEmail'])? $_POST['TxidEmail']:null;
2987
- $status = get_option($txid);
2988
- if($status != '')
2989
- {
2990
- if($status != 1)
2991
- {
2992
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_VER_REQ" ));
2993
- $show = 0;
2994
- $this->mo_auth_show_error_message();
2995
-
2996
- }
2997
- }
2998
- }
2999
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
3000
- if(MO2F_IS_ONPREM and $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL')
3001
- $mo2f_configured_2FA_method = 'Email Verification';
3002
-
3003
- $mo2f_EmailVerification_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_EmailVerification_config_status', $user->ID );
3004
- if ( ! current_user_can( 'manage_options' ) && $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL' ) {
3005
- if ( $mo2f_EmailVerification_config_status ) {
3006
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3007
- } else {
3008
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3009
- $enduser = new Two_Factor_Setup();
3010
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $mo2f_configured_2FA_method, null, null, null ), true );
3011
- update_option( 'mo2f_message', '<b> ' . Mo2fConstants:: langTranslate( "EMAIL_VERFI" ) . '</b> ' . Mo2fConstants:: langTranslate( "SET_AS_2ND_FACTOR" ) );
3012
- }
3013
- } else {
3014
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3015
- }
3016
- delete_user_meta( $user->ID, 'test_2FA' );
3017
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3018
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3019
- 'mo2f_EmailVerification_config_status' => true
3020
- ) );
3021
- if($show)
3022
- $this->mo_auth_show_success_message();
3023
- }
3024
-
3025
-
3026
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_out_of_band_error' ) { //push and out of band email denied
3027
- $nonce = $_POST['mo2f_out_of_band_error_nonce'];
3028
-
3029
- if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-error-nonce' ) ) {
3030
- $error = new WP_Error();
3031
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3032
-
3033
- return $error;
3034
- } else {
3035
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "DENIED_REQUEST" ) );
3036
- delete_user_meta( $user->ID, 'test_2FA' );
3037
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3038
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3039
- 'mo2f_EmailVerification_config_status' => true
3040
- ) );
3041
- $this->mo_auth_show_error_message();
3042
- }
3043
-
3044
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_duo_authenticator_success_form' ) {
3045
- $nonce = $_POST['mo2f_duo_authenticator_success_nonce'];
3046
-
3047
- if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-success-nonce' ) ) {
3048
- $error = new WP_Error();
3049
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3050
-
3051
- return $error;
3052
- }else{
3053
-
3054
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3055
-
3056
- delete_user_meta( $user->ID, 'test_2FA' );
3057
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3058
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3059
- 'mo2f_DuoAuthenticator_config_status' => true
3060
- ) );
3061
-
3062
- $this->mo_auth_show_success_message();
3063
-
3064
- }
3065
- }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_duo_authenticator_error' ) { //push and out of band email denied
3066
- $nonce = $_POST['mo2f_duo_authentcator_error_nonce'];
3067
-
3068
- if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-error-nonce' ) ) {
3069
- $error = new WP_Error();
3070
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3071
-
3072
- return $error;
3073
- } else {
3074
- global $Mo2fdbQueries;
3075
-
3076
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "DENIED_DUO_REQUEST" ) );
3077
- delete_user_meta( $user->ID, 'test_2FA' );
3078
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3079
- 'mobile_registration_status' =>false,
3080
- ) );
3081
- $this->mo_auth_show_error_message();
3082
- }
3083
-
3084
- }
3085
- else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_google_authy_test' ) {
3086
-
3087
- $nonce = sanitize_text_field($_POST['mo2f_validate_google_authy_test_nonce']);
3088
-
3089
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-google-authy-test-nonce' ) ) {
3090
- $error = new WP_Error();
3091
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3092
-
3093
- return $error;
3094
- } else {
3095
- $otp_token = '';
3096
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3097
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
3098
- $this->mo_auth_show_error_message();
3099
-
3100
- return;
3101
- } else {
3102
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3103
- }
3104
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3105
-
3106
- $customer = new Customer_Setup();
3107
- $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $email, null, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3108
- if ( json_last_error() == JSON_ERROR_NONE ) {
3109
-
3110
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
3111
-
3112
- if ( current_user_can( 'manage_options' ) ) {
3113
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3114
- } else {
3115
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3116
- }
3117
-
3118
- delete_user_meta( $user->ID, 'test_2FA' );
3119
- $this->mo_auth_show_success_message();
3120
-
3121
-
3122
- } else { // OTP Validation failed.
3123
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3124
- $this->mo_auth_show_error_message();
3125
-
3126
- }
3127
- } else {
3128
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
3129
- $this->mo_auth_show_error_message();
3130
-
3131
- }
3132
- }
3133
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_email' ) {
3134
- $nonce = $_POST['mo2f_validate_otp_over_email_test_nonce'];
3135
-
3136
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-email-test-nonce' ) ) {
3137
- $error = new WP_Error();
3138
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3139
-
3140
- return $error;
3141
- } else {
3142
- $otp_token = '';
3143
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3144
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
3145
- $this->mo_auth_show_error_message();
3146
-
3147
- return;
3148
- } else {
3149
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3150
- }
3151
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3152
-
3153
- $customer = new Customer_Setup();
3154
-
3155
- $mo2f_transactionId = get_user_meta($user->ID, 'mo2f_transactionId', true);
3156
- $content = json_decode( $customer->validate_otp_token( 'OTP_OVER_EMAIL', $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3157
- if ( json_last_error() == JSON_ERROR_NONE ) {
3158
-
3159
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
3160
-
3161
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3162
- delete_user_meta( $user->ID, 'configure_2FA');
3163
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Email','mo2f_OTPOverEmail_config_status'=>true ) );
3164
- delete_user_meta( $user->ID, 'test_2FA' );
3165
- $this->mo_auth_show_success_message();
3166
-
3167
-
3168
- } else { // OTP Validation failed.
3169
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3170
- $this->mo_auth_show_error_message();
3171
-
3172
- }
3173
- } else {
3174
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
3175
- $this->mo_auth_show_error_message();
3176
-
3177
- }
3178
- }
3179
- }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_google_appname' ) {
3180
- $nonce = sanitize_text_field($_POST['mo2f_google_appname_nonce']);
3181
-
3182
- if ( ! wp_verify_nonce( $nonce, 'mo2f-google-appname-nonce' ) ) {
3183
- $error = new WP_Error();
3184
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3185
-
3186
- return $error;
3187
- } else {
3188
-
3189
- update_option('mo2f_google_appname',((isset($_POST['mo2f_google_auth_appname']) && $_POST['mo2f_google_auth_appname']!='') ? sanitize_text_field($_POST['mo2f_google_auth_appname']) : 'miniOrangeAu'));
3190
- }
3191
-
3192
- }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_configure_google_authenticator_validate' ) {
3193
- $nonce = sanitize_text_field($_POST['mo2f_configure_google_authenticator_validate_nonce']);
3194
-
3195
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-google-authenticator-validate-nonce' ) ) {
3196
- $error = new WP_Error();
3197
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3198
-
3199
- return $error;
3200
- } else {
3201
- $otpToken = sanitize_text_field($_POST['google_token']);
3202
- $ga_secret = isset( $_POST['google_auth_secret'] ) ? sanitize_text_field($_POST['google_auth_secret']) : null;
3203
-
3204
- if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
3205
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3206
- $twofactor_transactions = new Mo2fDB;
3207
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3208
-
3209
- if($exceeded){
3210
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3211
- $this->mo_auth_show_error_message();
3212
- return;
3213
- }
3214
- $google_auth = new Miniorange_Rba_Attributes();
3215
- $google_response = json_decode( $google_auth->mo2f_validate_google_auth( $email, $otpToken, $ga_secret ), true );
3216
-
3217
- if ( json_last_error() == JSON_ERROR_NONE ) {
3218
- if ( $google_response['status'] == 'SUCCESS' ) {
3219
- $enduser = new Two_Factor_Setup();
3220
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, "GOOGLE AUTHENTICATOR", null, null, null ), true );
3221
- if ( json_last_error() == JSON_ERROR_NONE ) {
3222
-
3223
- if ( $response['status'] == 'SUCCESS' ) {
3224
-
3225
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3226
-
3227
- delete_user_meta( $user->ID, 'configure_2FA' );
3228
-
3229
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3230
- 'mo2f_GoogleAuthenticator_config_status' => true,
3231
- 'mo2f_AuthyAuthenticator_config_status' => false,
3232
- 'mo2f_configured_2FA_method' => "Google Authenticator",
3233
- 'user_registration_with_miniorange' => 'SUCCESS',
3234
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3235
- ) );
3236
-
3237
- update_user_meta( $user->ID, 'mo2f_external_app_type', "Google Authenticator" );
3238
- mo2f_display_test_2fa_notification($user);
3239
- delete_user_meta($user->ID, 'mo2f_google_auth');
3240
-
3241
- } else {
3242
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3243
- $this->mo_auth_show_error_message();
3244
-
3245
- }
3246
- } else {
3247
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3248
- $this->mo_auth_show_error_message();
3249
-
3250
- }
3251
- } else {
3252
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) . '<br>3.' . Mo2fConstants::langTranslate( "SERVER_TIME_SYNC" ));
3253
- $this->mo_auth_show_error_message();
3254
-
3255
- }
3256
- } else {
3257
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_USER" ) );
3258
- $this->mo_auth_show_error_message();
3259
-
3260
- }
3261
- } else {
3262
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
3263
- $this->mo_auth_show_error_message();
3264
-
3265
- }
3266
- }
3267
- }else if(isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_configure_duo_authenticator_validate_nonce'){
3268
-
3269
- $nonce = sanitize_text_field($_POST['mo2f_configure_duo_authenticator_validate_nonce']);
3270
-
3271
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator-validate-nonce' ) ) {
3272
- $error = new WP_Error();
3273
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3274
-
3275
- return $error;
3276
- }else{
3277
-
3278
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3279
-
3280
- delete_user_meta( $user->ID, 'configure_2FA' );
3281
- delete_user_meta($user->ID,'user_not_enroll');
3282
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3283
- 'mo2f_DuoAuthenticator_config_status' => true,
3284
-
3285
- 'mo2f_configured_2FA_method' => "Duo Authenticator",
3286
- 'user_registration_with_miniorange' => 'SUCCESS',
3287
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3288
- ) );
3289
-
3290
- update_user_meta( $user->ID, 'mo2f_external_app_type', "Duo Authenticator" );
3291
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "VALIDATE_DUO" ) );
3292
- $this->mo_auth_show_success_message();
3293
- }
3294
-
3295
- }
3296
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator' ) {
3297
- $nonce = $_POST['mo2f_configure_authy_authenticator_nonce'];
3298
-
3299
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-nonce' ) ) {
3300
- $error = new WP_Error();
3301
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3302
-
3303
- return $error;
3304
- } else {
3305
- $authy = new Miniorange_Rba_Attributes();
3306
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3307
- $authy_response = json_decode( $authy->mo2f_google_auth_service( $user_email ), true );
3308
- if ( json_last_error() == JSON_ERROR_NONE ) {
3309
- if ( $authy_response['status'] == 'SUCCESS' ) {
3310
- $mo2f_authy_keys = array();
3311
- $mo2f_authy_keys['authy_qrCode'] = $authy_response['qrCodeData'];
3312
- $mo2f_authy_keys['mo2f_authy_secret'] = $authy_response['secret'];
3313
- $_SESSION['mo2f_authy_keys'] = $mo2f_authy_keys;
3314
- } else {
3315
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
3316
- $this->mo_auth_show_error_message();
3317
- }
3318
- } else {
3319
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
3320
- $this->mo_auth_show_error_message();
3321
- }
3322
- }
3323
- }else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator_validate' ) {
3324
- $nonce = $_POST['mo2f_configure_authy_authenticator_validate_nonce'];
3325
-
3326
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-validate-nonce' ) ) {
3327
- $error = new WP_Error();
3328
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3329
-
3330
- return $error;
3331
- } else {
3332
- $otpToken = $_POST['mo2f_authy_token'];
3333
- $authy_secret = isset( $_POST['mo2f_authy_secret'] ) ? $_POST['mo2f_authy_secret'] : null;
3334
- if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
3335
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3336
- $authy_auth = new Miniorange_Rba_Attributes();
3337
- $authy_response = json_decode( $authy_auth->mo2f_validate_google_auth( $email, $otpToken, $authy_secret ), true );
3338
- if ( json_last_error() == JSON_ERROR_NONE ) {
3339
- if ( $authy_response['status'] == 'SUCCESS' ) {
3340
- $enduser = new Two_Factor_Setup();
3341
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, 'GOOGLE AUTHENTICATOR', null, null, null ), true );
3342
- if ( json_last_error() == JSON_ERROR_NONE ) {
3343
-
3344
- if ( $response['status'] == 'SUCCESS' ) {
3345
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3346
- 'mo2f_GoogleAuthenticator_config_status' => false,
3347
- 'mo2f_AuthyAuthenticator_config_status' => true,
3348
- 'mo2f_configured_2FA_method' => "Authy Authenticator",
3349
- 'user_registration_with_miniorange' => 'SUCCESS',
3350
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3351
- ) );
3352
- update_user_meta( $user->ID, 'mo2f_external_app_type', "Authy Authenticator" );
3353
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3354
- delete_user_meta( $user->ID, 'configure_2FA' );
3355
-
3356
- mo2f_display_test_2fa_notification($user);
3357
-
3358
- } else {
3359
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3360
- $this->mo_auth_show_error_message();
3361
- }
3362
- } else {
3363
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3364
- $this->mo_auth_show_error_message();
3365
- }
3366
- } else {
3367
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) );
3368
- $this->mo_auth_show_error_message();
3369
- }
3370
- } else {
3371
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_USER" ) );
3372
- $this->mo_auth_show_error_message();
3373
- }
3374
- } else {
3375
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
3376
- $this->mo_auth_show_error_message();
3377
- }
3378
- }
3379
- }
3380
- else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_kba' ) {
3381
- $nonce = sanitize_text_field($_POST['mo2f_save_kba_nonce']);
3382
- if ( ! wp_verify_nonce( $nonce, 'mo2f-save-kba-nonce' ) ) {
3383
- $error = new WP_Error();
3384
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3385
-
3386
- return $error;
3387
- }
3388
- $twofactor_transactions = new Mo2fDB;
3389
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3390
- if($exceeded){
3391
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3392
- $this->mo_auth_show_error_message();
3393
- return;
3394
- }
3395
-
3396
- $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
3397
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
3398
- $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
3399
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
3400
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
3401
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
3402
-
3403
- if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
3404
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3405
- $this->mo_auth_show_error_message();
3406
- return;
3407
- }
3408
-
3409
- if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
3410
- update_option( 'mo2f_message', 'The questions you select must be unique.' );
3411
- $this->mo_auth_show_error_message();
3412
- return;
3413
- }
3414
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
3415
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
3416
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
3417
-
3418
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
3419
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
3420
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
3421
-
3422
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3423
- $kba_registration = new Two_Factor_Setup();
3424
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
3425
- if ( json_last_error() == JSON_ERROR_NONE ) {
3426
- if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
3427
- if ( isset( $_POST['mobile_kba_option'] ) && $_POST['mobile_kba_option'] == 'mo2f_request_for_kba_as_emailbackup' ) {
3428
- MO2f_Utility::unset_session_variables( 'mo2f_mobile_support' );
3429
-
3430
- delete_user_meta( $user->ID, 'configure_2FA' );
3431
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3432
-
3433
- $message = mo2f_lt( 'Your KBA as alternate 2 factor is configured successfully.' );
3434
- update_option( 'mo2f_message', $message );
3435
- $this->mo_auth_show_success_message();
3436
-
3437
- } else {
3438
- $enduser = new Two_Factor_Setup();
3439
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
3440
- if ( json_last_error() == JSON_ERROR_NONE ) {
3441
- if ( $response['status'] == 'ERROR' ) {
3442
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
3443
- $this->mo_auth_show_error_message();
3444
-
3445
- } else if ( $response['status'] == 'SUCCESS' ) {
3446
- delete_user_meta( $user->ID, 'configure_2FA' );
3447
-
3448
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3449
- 'mo2f_SecurityQuestions_config_status' => true,
3450
- 'mo2f_configured_2FA_method' => "Security Questions",
3451
- 'mo_2factor_user_registration_status' => "MO_2_FACTOR_PLUGIN_SETTINGS"
3452
- ) );
3453
- // $this->mo_auth_show_success_message();
3454
- mo2f_display_test_2fa_notification($user);
3455
-
3456
- }else {
3457
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3458
- $this->mo_auth_show_error_message();
3459
-
3460
- }
3461
- } else {
3462
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3463
- $this->mo_auth_show_error_message();
3464
-
3465
- }
3466
- }
3467
- } else {
3468
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
3469
- $this->mo_auth_show_error_message();
3470
-
3471
-
3472
- return;
3473
- }
3474
- } else {
3475
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
3476
- $this->mo_auth_show_error_message();
3477
-
3478
-
3479
- return;
3480
- }
3481
-
3482
-
3483
- }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_kba_details' ) {
3484
- $nonce = sanitize_text_field($_POST['mo2f_validate_kba_details_nonce']);
3485
-
3486
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-kba-details-nonce' ) ) {
3487
- $error = new WP_Error();
3488
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3489
-
3490
- return $error;
3491
- } else {
3492
- $kba_ans_1 = '';
3493
- $kba_ans_2 = '';
3494
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) ) {
3495
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3496
- $this->mo_auth_show_error_message();
3497
-
3498
- return;
3499
- } else {
3500
- $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
3501
- $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
3502
- }
3503
- //if the php session folder has insufficient permissions, temporary options to be used
3504
- $kba_questions = get_user_meta($user->ID, 'mo_2_factor_kba_questions', true);
3505
-
3506
- $kbaAns = array();
3507
- if(!MO2F_IS_ONPREM){
3508
- $kbaAns[0] = $kba_questions[0]['question'];
3509
- $kbaAns[1] = $kba_ans_1;
3510
- $kbaAns[2] = $kba_questions[1]['question'];
3511
- $kbaAns[3] = $kba_ans_2;
3512
- }
3513
- //if the php session folder has insufficient permissions, temporary options to be used
3514
- $mo2f_transactionId = get_option('mo2f_transactionId');
3515
- $kba_validate = new Customer_Setup();
3516
- $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_transactionId, $kbaAns, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3517
- if ( json_last_error() == JSON_ERROR_NONE ) {
3518
- if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
3519
- delete_option('mo2f_transactionId');
3520
- delete_option('kba_questions');
3521
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3522
- delete_user_meta( $user->ID, 'test_2FA' );
3523
- $this->mo_auth_show_success_message();
3524
- } else { // KBA Validation failed.
3525
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ANSWERS" ) );
3526
- $this->mo_auth_show_error_message();
3527
-
3528
- }
3529
- }
3530
- }
3531
- }
3532
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_send_otp' ) { // sendin otp for configuring OTP over Telegram
3533
-
3534
- $nonce = $_POST['mo2f_configure_otp_over_Telegram_send_otp_nonce'];
3535
-
3536
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-send-otp-nonce' ) ) {
3537
- $error = new WP_Error();
3538
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3539
-
3540
- return $error;
3541
- } else {
3542
- $chatID = sanitize_text_field( $_POST['verify_chatID'] );
3543
-
3544
- if ( MO2f_Utility::mo2f_check_empty_or_null( $chatID ) ) {
3545
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3546
- $this->mo_auth_show_error_message();
3547
-
3548
- return;
3549
- }
3550
-
3551
- $chatID = str_replace( ' ', '', $chatID );
3552
- $user = wp_get_current_user();
3553
-
3554
- update_user_meta($user->ID, 'mo2f_temp_chatID', $chatID );
3555
- $customer = new Customer_Setup();
3556
- $currentMethod = "OTP Over Telegram";
3557
-
3558
- $otpToken = '';
3559
- for($i=1;$i<7;$i++)
3560
- {
3561
- $otpToken .= rand(0,9);
3562
- }
3563
- update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
3564
- update_user_meta($user->ID,'mo2f_telegram_time',time());
3565
-
3566
- $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
3567
- $postdata = array( 'mo2f_otp_token' => $otpToken,
3568
- 'mo2f_chatid' => $chatID
3569
- );
3570
-
3571
- $handle = curl_init();
3572
-
3573
- curl_setopt_array($handle,
3574
- array(
3575
- CURLOPT_URL => $url,
3576
- CURLOPT_POST => true,
3577
- CURLOPT_POSTFIELDS => $postdata,
3578
- CURLOPT_RETURNTRANSFER => true,
3579
- CURLOPT_SSL_VERIFYHOST => FALSE,
3580
- CURLOPT_SSL_VERIFYPEER => FALSE,
3581
- )
3582
- );
3583
-
3584
- $data = curl_exec($handle);
3585
-
3586
-
3587
- curl_close($handle);
3588
- if($data == 'SUCCESS')
3589
- {
3590
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . 'your telegram number.' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
3591
- $this->mo_auth_show_success_message();
3592
- }
3593
- else
3594
- {
3595
- update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
3596
- $this->mo_auth_show_error_message();
3597
-
3598
- }
3599
-
3600
- }
3601
- }
3602
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_send_otp' ) { // sendin otp for configuring OTP over SMS
3603
-
3604
- $nonce = $_POST['mo2f_configure_otp_over_sms_send_otp_nonce'];
3605
-
3606
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-send-otp-nonce' ) ) {
3607
- $error = new WP_Error();
3608
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3609
-
3610
- return $error;
3611
- } else {
3612
- $phone = sanitize_text_field( $_POST['verify_phone'] );
3613
-
3614
- if ( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ) {
3615
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3616
- $this->mo_auth_show_error_message();
3617
-
3618
- return;
3619
- }
3620
-
3621
- $phone = str_replace( ' ', '', $phone );
3622
- $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
3623
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'user_phone', $phone);
3624
- update_option( 'user_phone_temp', $phone );
3625
- $customer = new Customer_Setup();
3626
- $currentMethod = "SMS";
3627
-
3628
- $content = json_decode( $customer->send_otp_token( $phone, $currentMethod, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3629
-
3630
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate otp token */
3631
- if ( $content['status'] == 'ERROR' ) {
3632
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
3633
- $this->mo_auth_show_error_message();
3634
- } else if ( $content['status'] == 'SUCCESS' ) {
3635
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_transactionId', $content['txId']);
3636
-
3637
-
3638
- update_option( 'mo2f_transactionId', $content['txId'] );
3639
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
3640
- update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
3641
- $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
3642
- if($mo2f_sms>0)
3643
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
3644
-
3645
- $this->mo_auth_show_success_message();
3646
- } else {
3647
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
3648
- $this->mo_auth_show_error_message();
3649
- }
3650
-
3651
- } else {
3652
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3653
- $this->mo_auth_show_error_message();
3654
- }
3655
- }
3656
- }
3657
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_validate' ) {
3658
- $nonce = $_POST['mo2f_configure_otp_over_Telegram_validate_nonce'];
3659
-
3660
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-validate-nonce' ) ) {
3661
- $error = new WP_Error();
3662
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3663
-
3664
- return $error;
3665
- } else {
3666
-
3667
- $twofactor_transactions = new Mo2fDB;
3668
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3669
-
3670
- if($exceeded){
3671
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3672
- $this->mo_auth_show_error_message();
3673
- return;
3674
- }
3675
- $otp_token = '';
3676
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3677
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3678
- $this->mo_auth_show_error_message();
3679
-
3680
- return;
3681
- } else {
3682
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3683
- }
3684
-
3685
- $otp = get_user_meta($user->ID,'mo2f_otp_token',true);
3686
- $time = get_user_meta($user->ID,'mo2f_telegram_time',true);
3687
- $accepted_time = time()-300;
3688
- $time = (int)$time;
3689
- global $Mo2fdbQueries;
3690
- if($otp == $otp_token)
3691
- {
3692
- if($accepted_time<$time){
3693
- if(MO2F_IS_ONPREM)
3694
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
3695
- 'mo2f_OTPOverTelegram_config_status' => true,
3696
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3697
- ) );
3698
- else
3699
- { $Mo2fdbQueries->update_user_details( $user->ID, array(
3700
- 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
3701
- 'mo2f_OTPOverTelegram_config_status' => true,
3702
- 'user_registration_with_miniorange' => 'SUCCESS',
3703
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3704
- ) );
3705
- }
3706
- delete_user_meta( $user->ID, 'configure_2FA' );
3707
- update_user_meta( $user->ID, 'mo2f_chat_id',get_user_meta($user->ID,'mo2f_temp_chatID',true));
3708
-
3709
- delete_user_meta( $user->ID, 'mo2f_temp_chatID' );
3710
-
3711
- delete_user_meta( $user->ID, 'mo2f_otp_token');
3712
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3713
- mo2f_display_test_2fa_notification($user);
3714
- update_option( 'mo2f_message','OTP Over Telegram is set as the second-factor. Enjoy the unlimited service.');
3715
- $this->mo_auth_show_success_message();
3716
- delete_user_meta($user->ID,'mo2f_telegram_time');
3717
- }
3718
- else
3719
- {
3720
- update_option( 'mo2f_message','OTP has been expired please reinitiate another transaction.');
3721
- $this->mo_auth_show_error_message();
3722
- delete_user_meta($user->ID,'mo2f_telegram_time');
3723
- }
3724
- }
3725
- else
3726
- {
3727
- update_option( 'mo2f_message','Invalid OTP. Please try again.');
3728
- $this->mo_auth_show_error_message();
3729
- }
3730
-
3731
- }}
3732
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_validate' ) {
3733
- $nonce = $_POST['mo2f_configure_otp_over_sms_validate_nonce'];
3734
-
3735
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-validate-nonce' ) ) {
3736
- $error = new WP_Error();
3737
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3738
-
3739
- return $error;
3740
- } else {
3741
-
3742
- $twofactor_transactions = new Mo2fDB;
3743
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3744
-
3745
- if($exceeded){
3746
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3747
- $this->mo_auth_show_error_message();
3748
- return;
3749
- }
3750
- $otp_token = '';
3751
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3752
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3753
- $this->mo_auth_show_error_message();
3754
-
3755
- return;
3756
- } else {
3757
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3758
- $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
3759
- }
3760
- $mo2f_transactionId = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_transactionId' );
3761
-
3762
- $user_phone = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'user_phone' );
3763
- $mo2f_configured_2FA_method = get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', true );
3764
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
3765
- $customer = new Customer_Setup();
3766
- $content = json_decode( $customer->validate_otp_token( $mo2f_configured_2FA_method, null, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3767
-
3768
- if ( $content['status'] == 'ERROR' ) {
3769
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
3770
-
3771
- } else if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
3772
- if ( $phone && strlen( $phone ) >= 4 ) {
3773
- if ( $user_phone != $phone ) {
3774
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mobile_registration_status' => false ) );
3775
-
3776
- }
3777
- }
3778
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3779
-
3780
- $enduser = new Two_Factor_Setup();
3781
- $TwoFA_method_to_configure = get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', true );
3782
- $current_method = MO2f_Utility::mo2f_decode_2_factor( $TwoFA_method_to_configure, "server" );
3783
- $response = array();
3784
- if(MO2F_IS_ONPREM) {
3785
- $response['status'] = 'SUCCESS';
3786
- if ( $current_method == 'SMS' ) {
3787
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over SMS' ) );
3788
- // update_user_meta($user->ID,'currentMethod','OTP Over SMS');
3789
- } else {
3790
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $current_method ) );//why is this needed?
3791
- // update_user_meta( $user->ID, 'currentMethod', $current_method );
3792
-
3793
- }
3794
- }
3795
- else
3796
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $user_phone, null, null ), true );
3797
-
3798
- if ( json_last_error() == JSON_ERROR_NONE ) {
3799
-
3800
- if ( $response['status'] == 'ERROR' ) {
3801
- MO2f_Utility::unset_session_variables( 'user_phone' );
3802
- delete_option( 'user_phone_temp' );
3803
-
3804
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
3805
- $this->mo_auth_show_error_message();
3806
- } else if ( $response['status'] == 'SUCCESS' ) {
3807
-
3808
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3809
- 'mo2f_configured_2FA_method' => 'OTP Over SMS',
3810
- 'mo2f_OTPOverSMS_config_status' => true,
3811
- 'user_registration_with_miniorange' => 'SUCCESS',
3812
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3813
- 'mo2f_user_phone' => $user_phone
3814
- ) );
3815
-
3816
- delete_user_meta( $user->ID, 'configure_2FA' );
3817
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3818
-
3819
-
3820
- MO2f_Utility::unset_session_variables( 'user_phone' );
3821
- delete_option( 'user_phone_temp' );
3822
-
3823
- mo2f_display_test_2fa_notification($user);
3824
- } else {
3825
- MO2f_Utility::unset_session_variables( 'user_phone' );
3826
- delete_option( 'user_phone_temp' );
3827
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3828
- $this->mo_auth_show_error_message();
3829
- }
3830
- } else {
3831
- MO2f_Utility::unset_session_variables( 'user_phone' );
3832
- delete_option( 'user_phone_temp' );
3833
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3834
- $this->mo_auth_show_error_message();
3835
- }
3836
-
3837
- } else { // OTP Validation failed.
3838
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3839
- $this->mo_auth_show_error_message();
3840
- }
3841
- }
3842
-
3843
- }else if(isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_duo_authenticator'){
3844
-
3845
- $nonce = $_POST['mo2f_configure_duo_authenticator_nonce'];
3846
-
3847
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator' ) ) {
3848
- $error = new WP_Error();
3849
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3850
-
3851
- return $error;
3852
- } else {
3853
- if($_POST['ikey'] == '' || $_POST['skey'] == '' || $_POST['apihostname'] == '' ){
3854
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Some field is missing, please fill all required details." ) );
3855
- $this->mo_auth_show_error_message();
3856
- return;
3857
- }else{
3858
- update_site_option('mo2f_d_integration_key',isset($_POST['ikey'])? sanitize_text_field($_POST['ikey']):'');
3859
- update_site_option('mo2f_d_secret_key',isset($_POST['skey'])? sanitize_text_field($_POST['skey']):'');
3860
- update_site_option('mo2f_d_api_hostname',isset($_POST['apihostname'])? sanitize_text_field($_POST['apihostname']):'');
3861
-
3862
- $ikey = sanitize_text_field($_POST['ikey']);
3863
- $skey = sanitize_text_field($_POST['skey']);
3864
- $host = sanitize_text_field($_POST['apihostname']);
3865
-
3866
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
3867
-
3868
-
3869
- $duo_up_response = ping($skey,$ikey,$host);
3870
-
3871
- if($duo_up_response['response']['stat'] == 'OK'){
3872
-
3873
- $duo_check_credentials = check($skey, $ikey, $host);
3874
-
3875
- if($duo_check_credentials['response']['stat'] == 'OK'){
3876
-
3877
-
3878
- }else{
3879
-
3880
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Not the valid credential, please enter valid keys" ) );
3881
- $this->mo_auth_show_error_message();
3882
- return;
3883
- }
3884
-
3885
- }else{
3886
-
3887
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Duo server is not responding right now, please try after some time" ) );
3888
- $this->mo_auth_show_error_message();
3889
- return;
3890
- }
3891
- update_site_option('duo_credentials_save_successfully',1);
3892
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Setting saved successfully." ) );
3893
- $this->mo_auth_show_success_message();
3894
- return;
3895
- }
3896
- }
3897
- }else if(isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_duo_authenticator_abc'){
3898
-
3899
- $nonce = $_POST['mo2f_configure_duo_authenticator_nonce'];
3900
-
3901
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator-nonce' ) ) {
3902
- $error = new WP_Error();
3903
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3904
-
3905
- return $error;
3906
- }else{
3907
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
3908
- $ikey = get_site_option('mo2f_d_integration_key');
3909
- $skey = get_site_option('mo2f_d_secret_key');
3910
- $host = get_site_option('mo2f_d_api_hostname');
3911
-
3912
- $user_email = $user->user_email;
3913
-
3914
- $duo_preauth = preauth( $user_email ,true, $skey, $ikey, $host);
3915
-
3916
-
3917
- if($duo_preauth['response']['stat'] == 'OK'){
3918
-
3919
- if(isset($duo_preauth['response']['response']['status_msg']) && $duo_preauth['response']['response']['status_msg'] == 'Account is active'){
3920
- update_user_meta( $user->ID , 'user_not_enroll', true );
3921
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "This user is already available on duo, please send push notification to setup push notification as two factor." ) );
3922
- $this->mo_auth_show_success_message();
3923
- return;
3924
- }else if(isset($duo_preauth['response']['response']['enroll_portal_url'])){
3925
-
3926
- $duo_enroll_url = $duo_preauth['response']['response']['enroll_portal_url'];
3927
- update_user_meta( $user->ID , 'user_not_enroll_on_duo_before', $duo_enroll_url );
3928
- update_user_meta( $user->ID , 'user_not_enroll', true );
3929
- }else{
3930
-
3931
-
3932
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Your account is inactive from duo side, please contact to your administrator." ) );
3933
- $this->mo_auth_show_error_message();
3934
- return;
3935
- }
3936
-
3937
- }else{
3938
-
3939
-
3940
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Invalid or missing parameters, or a user with this name already exists." ) );
3941
- $this->mo_auth_show_error_message();
3942
- return;
3943
-
3944
- }
3945
- }
3946
- }else if(isset( $_POST['option'] ) && $_POST['option'] == 'duo_mobile_send_push_notification_inside_plugin'){
3947
-
3948
- $nonce = $_POST['duo_mobile_send_push_notification_inside_plugin_nonce'];
3949
-
3950
- if ( ! wp_verify_nonce( $nonce, 'mo2f-send-duo-push-notification-inside-plugin-nonce' ) ) {
3951
- $error = new WP_Error();
3952
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3953
-
3954
- return $error;
3955
- }else{
3956
-
3957
- }
3958
-
3959
- }else if ( ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_free_plan_auth_methods' ) ) {// user clicks on Set 2-Factor method
3960
-
3961
- $nonce = sanitize_text_field($_POST['miniorange_save_form_auth_methods_nonce']);
3962
- if ( ! wp_verify_nonce( $nonce, 'miniorange-save-form-auth-methods-nonce' ) ) {
3963
- $error = new WP_Error();
3964
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3965
- return $error;
3966
- } else {
3967
- $configuredMethod = sanitize_text_field($_POST['mo2f_configured_2FA_method_free_plan']);
3968
- $selectedAction = sanitize_text_field($_POST['mo2f_selected_action_free_plan']);
3969
-
3970
- $cloud_methods = array('OTPOverSMS','miniOrangeQRCodeAuthentication','miniOrangePushNotification','miniOrangeSoftToken');
3971
-
3972
- if($configuredMethod == 'OTPOverSMS')
3973
- $configuredMethod = 'OTP Over SMS';
3974
-
3975
- //limit exceed check
3976
- $exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($user_id);
3977
-
3978
- if($exceeded){
3979
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3980
- $this->mo_auth_show_error_message();
3981
- return;
3982
- }
3983
- $selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
3984
- $selected_2FA_method = sanitize_text_field($selected_2FA_method);
3985
- $onprem_methods = array('Google Authenticator','Security Questions','OTPOverTelegram','DuoAuthenticator');
3986
- $Mo2fdbQueries->insert_user( $user->ID );
3987
- if(MO2F_IS_ONPREM && ! in_array($selected_2FA_method, $onprem_methods) ){
3988
- foreach ($cloud_methods as $cloud_method) {
3989
- $is_end_user_registered = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $cloud_method. '_config_status', $user->ID );
3990
- if(!is_null($is_end_user_registered) && $is_end_user_registered == 1)
3991
- break;
3992
- }
3993
- }else{
3994
- $is_end_user_registered = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange', $user->ID ) ;
3995
- }
3996
- $is_customer_registered= false;
3997
-
3998
- if(!MO2F_IS_ONPREM or $configuredMethod == 'miniOrangeSoftToken' or $configuredMethod == 'miniOrangeQRCodeAuthentication' or $configuredMethod == 'miniOrangePushNotification' or $configuredMethod == 'OTPOverSMS' or $configuredMethod == 'OTP Over SMS')
3999
- $is_customer_registered = get_option('mo2f_api_key') ? true : false;
4000
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4001
- if(!isset($email) or is_null($email) or $email == '')
4002
- {
4003
- $email = $user->user_email;
4004
- }
4005
- $is_end_user_registered = $is_end_user_registered ? $is_end_user_registered : false;
4006
- $allowed = false;
4007
- if(get_option('mo2f_miniorange_admin'))
4008
- $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
4009
-
4010
- if($is_customer_registered && !$is_end_user_registered and !$allowed){
4011
- $enduser = new Two_Factor_Setup();
4012
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
4013
- if(json_last_error() == JSON_ERROR_NONE){
4014
- if($check_user['status'] == 'ERROR'){
4015
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
4016
- $this->mo_auth_show_error_message();
4017
- return;
4018
- }
4019
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
4020
-
4021
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4022
- 'user_registration_with_miniorange' =>'SUCCESS',
4023
- 'mo2f_user_email' =>$email
4024
- ) );
4025
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
4026
-
4027
- }
4028
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
4029
-
4030
- $content = json_decode($enduser->mo_create_user($user,$email), true);
4031
- if(json_last_error() == JSON_ERROR_NONE) {
4032
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
4033
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
4034
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4035
- 'user_registration_with_miniorange' =>'SUCCESS',
4036
- 'mo2f_user_email' =>$email
4037
- ) );
4038
-
4039
- }
4040
- }
4041
-
4042
-
4043
- }
4044
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
4045
- $mo2fa_login_message = __('The email associated with your account is already registered in miniOrange. Please Choose another email or contact miniOrange.','miniorange-2-factor-authentication');
4046
- update_option('mo2f_message',$mo2fa_login_message);
4047
- $this->mo_auth_show_error_message();
4048
- }
4049
-
4050
- }
4051
-
4052
- }
4053
-
4054
- update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
4055
- if(MO2F_IS_ONPREM)
4056
- {
4057
- if($selected_2FA_method == 'EmailVerification')
4058
- $selected_2FA_method = 'Email Verification';
4059
- if($selected_2FA_method == 'OTPOverEmail')
4060
- $selected_2FA_method = 'OTP Over Email';
4061
- if($selected_2FA_method == 'OTPOverSMS')
4062
- $selected_2FA_method = 'OTP Over SMS';
4063
- if($selected_2FA_method == 'OTPOverTelegram')
4064
- $selected_2FA_method = 'OTP Over Telegram';
4065
- if($selected_2FA_method == 'DuoAuthenticator')
4066
- $selected_2FA_method = 'Duo Authenticator';
4067
- }
4068
- if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification' or $selected_2FA_method == 'OTP Over Telegram' or $selected_2FA_method == 'Duo Authenticator' ))
4069
- $is_customer_registered = 1;
4070
-
4071
- if ( $is_customer_registered ) {
4072
- $selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
4073
- $selected_2FA_method = sanitize_text_field($selected_2FA_method);
4074
- $selected_action = isset( $_POST['mo2f_selected_action_free_plan'] ) ? $_POST['mo2f_selected_action_free_plan'] : $_POST['mo2f_selected_action_standard_plan'];
4075
- $selected_action = sanitize_text_field($selected_action);
4076
- $user_phone = '';
4077
- if ( isset( $_SESSION['user_phone'] ) ) {
4078
- $user_phone = $_SESSION['user_phone'] != 'false' ? $_SESSION['user_phone'] : $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
4079
- }
4080
-
4081
- // set it as his 2-factor in the WP database and server
4082
- $enduser = new Customer_Setup();
4083
- if($selected_2FA_method == 'OTPOverTelegram')
4084
- $selected_2FA_method = 'OTP Over Telegram';
4085
- if($selected_2FA_method == 'DuoAuthenticator')
4086
- $selected_2FA_method = 'Duo Authenticator';
4087
- if ( $selected_action == "select2factor" ) {
4088
-
4089
- if ( $selected_2FA_method == 'OTP Over SMS' && $user_phone == 'false' ) {
4090
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PHONE_NOT_CONFIGURED" ) );
4091
- $this->mo_auth_show_error_message();
4092
- } else {
4093
- // update in the Wordpress DB
4094
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4095
- $customer_key = get_option( 'mo2f_customerKey' );
4096
- $api_key = get_option( 'mo2f_api_key' );
4097
- $customer = new Customer_Setup();
4098
- $cloud_method1 = array('miniOrange QR Code Authentication','miniOrange Push Notification','miniOrange Soft Token');
4099
-
4100
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
4101
-
4102
- // update the server
4103
- if(!MO2F_IS_ONPREM)
4104
- $this->mo2f_save_2_factor_method( $user, $selected_2FA_method );
4105
- if ( in_array( $selected_2FA_method, array(
4106
- "miniOrange QR Code Authentication",
4107
- "miniOrange Soft Token",
4108
- "miniOrange Push Notification",
4109
- "Google Authenticator",
4110
- "Security Questions",
4111
- "Authy Authenticator",
4112
- "Email Verification",
4113
- "OTP Over SMS",
4114
- "OTP Over Email",
4115
- "OTP Over SMS and Email",
4116
- "Hardware Token"
4117
- ) ) ) {
4118
-
4119
- } else {
4120
- update_site_option('mo2f_enable_2fa_prompt_on_login_page', 0 );
4121
- }
4122
-
4123
- }
4124
- } else if ( $selected_action == "configure2factor" ) {
4125
-
4126
- //show configuration form of respective Two Factor method
4127
- update_user_meta( $user->ID, 'configure_2FA', 1 );
4128
- update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
4129
- }
4130
-
4131
- } else {
4132
- update_option("mo_2factor_user_registration_status","REGISTRATION_STARTED" );
4133
- update_user_meta( $user->ID, 'register_account_popup', 1 );
4134
- update_option( 'mo2f_message', '' );
4135
-
4136
- }
4137
- }
4138
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_for_users_option' ) {
4139
- $nonce = $_POST['mo2f_enable_2FA_for_users_option_nonce'];
4140
-
4141
- if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-for-users-option-nonce' ) ) {
4142
- $error = new WP_Error();
4143
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4144
-
4145
- return $error;
4146
- } else {
4147
- update_option( 'mo2f_enable_2fa_for_users', isset( $_POST['mo2f_enable_2fa_for_users'] ) ? $_POST['mo2f_enable_2fa_for_users'] : 0 );
4148
- }
4149
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_disable_proxy_setup_option' ) {
4150
- $nonce = $_POST['mo2f_disable_proxy_setup_option_nonce'];
4151
-
4152
- if ( ! wp_verify_nonce( $nonce, 'mo2f-disable-proxy-setup-option-nonce' ) ) {
4153
- $error = new WP_Error();
4154
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4155
-
4156
- return $error;
4157
- } else {
4158
- delete_option( 'mo2f_proxy_host' );
4159
- delete_option( 'mo2f_port_number' );
4160
- delete_option( 'mo2f_proxy_username' );
4161
- delete_option( 'mo2f_proxy_password' );
4162
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Proxy Configurations Reset." ) );
4163
- $this->mo_auth_show_success_message();
4164
- }
4165
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_option' ) {
4166
- $nonce = $_POST['mo2f_enable_2FA_option_nonce'];
4167
-
4168
- if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-option-nonce' ) ) {
4169
- $error = new WP_Error();
4170
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4171
-
4172
- return $error;
4173
- } else {
4174
- update_option( 'mo2f_enable_2fa', isset( $_POST['mo2f_enable_2fa'] ) ? $_POST['mo2f_enable_2fa'] : 0 );
4175
- }
4176
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo_2factor_test_authentication_method' ) {
4177
- //network security feature
4178
- $nonce = $_POST['mo_2factor_test_authentication_method_nonce'];
4179
-
4180
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-test-authentication-method-nonce' ) ) {
4181
- $error = new WP_Error();
4182
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4183
-
4184
- return $error;
4185
- } else {
4186
- update_user_meta( $user->ID, 'test_2FA', 1 );
4187
-
4188
-
4189
- $selected_2FA_method = $_POST['mo2f_configured_2FA_method_test'];
4190
- $selected_2FA_method_server = MO2f_Utility::mo2f_decode_2_factor( $selected_2FA_method, "server" );
4191
- $customer = new Customer_Setup();
4192
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4193
- $customer_key = get_option( 'mo2f_customerKey' );
4194
- $api_key = get_option( 'mo2f_api_key' );
4195
-
4196
- if ( $selected_2FA_method == 'Security Questions' ) {
4197
-
4198
-
4199
- $response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method_server, $customer_key, $api_key ), true );
4200
-
4201
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate KBA Questions*/
4202
- if ( $response['status'] == 'SUCCESS' ) {
4203
- update_option( 'mo2f_transactionId', $response['txId'] );
4204
- $questions = array();
4205
-
4206
- $questions[0] = $response['questions'][0];
4207
- $questions[1] = $response['questions'][1];
4208
- update_user_meta($user->ID, 'mo_2_factor_kba_questions', $questions);
4209
-
4210
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ANSWER_SECURITY_QUESTIONS" ) );
4211
- $this->mo_auth_show_success_message();
4212
-
4213
- } else if ( $response['status'] == 'ERROR' ) {
4214
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_FETCHING_QUESTIONS" ) );
4215
- $this->mo_auth_show_error_message();
4216
-
4217
- }
4218
- } else {
4219
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_FETCHING_QUESTIONS" ) );
4220
- $this->mo_auth_show_error_message();
4221
-
4222
- }
4223
-
4224
-
4225
- } else if ( $selected_2FA_method == 'miniOrange Push Notification' ) {
4226
- $response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method_server, $customer_key, $api_key ), true );
4227
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
4228
- if ( $response['status'] == 'ERROR' ) {
4229
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4230
- $this->mo_auth_show_error_message();
4231
-
4232
- } else {
4233
- if ( $response['status'] == 'SUCCESS' ) {
4234
- update_user_meta($user->ID, 'mo2f_transactionId', $response['txId']);
4235
- update_user_meta($user->ID, 'mo2f_show_qr_code', 'MO_2_FACTOR_SHOW_QR_CODE');
4236
-
4237
-
4238
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PUSH_NOTIFICATION_SENT" ) );
4239
- $this->mo_auth_show_success_message();
4240
-
4241
- } else {
4242
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
4243
- MO2f_Utility::unset_session_variables( $session_variables );
4244
-
4245
- delete_option( 'mo2f_transactionId' );
4246
- update_option( 'mo2f_message', 'An error occurred while processing your request. Please Try again.' );
4247
- $this->mo_auth_show_error_message();
4248
-
4249
- }
4250
- }
4251
- } else {
4252
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4253
- $this->mo_auth_show_error_message();
4254
-
4255
- }
4256
- }
4257
- else if($selected_2FA_method =='OTP Over Telegram')
4258
- {
4259
-
4260
- $user = wp_get_current_user();
4261
- $chatID = get_user_meta($user->ID,'mo2f_chat_id',true);
4262
- $otpToken = '';
4263
- for($i=1;$i<7;$i++)
4264
- {
4265
- $otpToken .= rand(0,9);
4266
- }
4267
-
4268
- update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
4269
- update_user_meta($user->ID,'mo2f_telegram_time',time());
4270
-
4271
- $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
4272
- $postdata = array( 'mo2f_otp_token' => $otpToken,
4273
- 'mo2f_chatid' => $chatID
4274
- );
4275
-
4276
- $handle = curl_init();
4277
-
4278
- curl_setopt_array($handle,
4279
- array(
4280
- CURLOPT_URL => $url,
4281
- CURLOPT_POST => true,
4282
- CURLOPT_POSTFIELDS => $postdata,
4283
- CURLOPT_RETURNTRANSFER => true,
4284
- CURLOPT_SSL_VERIFYHOST => FALSE,
4285
- CURLOPT_SSL_VERIFYPEER => FALSE,
4286
-
4287
- )
4288
- );
4289
-
4290
- $data = curl_exec($handle);
4291
- curl_close($handle);
4292
- if($data == 'SUCCESS')
4293
- {
4294
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . 'your telegram number.' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
4295
- $this->mo_auth_show_success_message();
4296
- }
4297
- else
4298
- {
4299
- update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
4300
- $this->mo_auth_show_error_message();
4301
-
4302
- }
4303
- }
4304
- else if ( $selected_2FA_method == 'OTP Over SMS' || $selected_2FA_method == 'OTP Over Email') {
4305
-
4306
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
4307
- $check = 1;
4308
- if($selected_2FA_method == 'OTP Over Email')
4309
- {
4310
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4311
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
4312
- {
4313
- update_site_option("bGltaXRSZWFjaGVk",1);
4314
- $check = 0;
4315
-
4316
- }
4317
-
4318
- }
4319
-
4320
- if($check == 1)
4321
- $response = json_decode( $customer->send_otp_token( $phone, $selected_2FA_method_server, $customer_key, $api_key ), true );
4322
- else
4323
- $response['status'] = 'FAILED';
4324
- if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0 ) {
4325
- if($selected_2FA_method == 'OTP Over Email')
4326
- {
4327
- $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
4328
- if($cmVtYWluaW5nT1RQ>0)
4329
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
4330
- }
4331
- else if($selected_2FA_method == 'OTP Over SMS')
4332
- {
4333
- $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
4334
- if($mo2f_sms>0)
4335
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
4336
-
4337
- }
4338
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
4339
- update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
4340
- update_user_meta($user->ID, 'mo2f_transactionId', $response['txId']);
4341
- update_option( 'mo2f_transactionId', $response['txId'] );
4342
- $this->mo_auth_show_success_message();
4343
-
4344
- } else {
4345
- if(!MO2F_IS_ONPREM or $selected_2FA_method == 'OTP Over SMS')
4346
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP" ) );
4347
- else
4348
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_ONPREM" ) );
4349
-
4350
- $this->mo_auth_show_error_message();
4351
-
4352
- }
4353
- } else if ( $selected_2FA_method == 'miniOrange QR Code Authentication' ) {
4354
- $response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method_server, $customer_key, $api_key ), true );
4355
-
4356
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
4357
-
4358
- if ( $response['status'] == 'ERROR' ) {
4359
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4360
- $this->mo_auth_show_error_message();
4361
-
4362
- } else {
4363
- if ( $response['status'] == 'SUCCESS' ) {
4364
- update_user_meta($user->ID, 'mo2f_qrCode', $response['qrCode']);
4365
- update_user_meta($user->ID, 'mo2f_transactionId', $response['txId']);
4366
- update_user_meta($user->ID, 'mo2f_show_qr_code', 'MO_2_FACTOR_SHOW_QR_CODE');
4367
-
4368
-
4369
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "SCAN_QR_CODE" ) );
4370
- $this->mo_auth_show_success_message();
4371
-
4372
- } else {
4373
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4374
- $this->mo_auth_show_error_message();
4375
-
4376
- }
4377
- }
4378
- } else {
4379
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4380
- $this->mo_auth_show_error_message();
4381
-
4382
- }
4383
- } else if ( $selected_2FA_method == 'Email Verification' ) {
4384
- $this->miniorange_email_verification_call( $user );
4385
- }
4386
- else if($selected_2FA_method == 'Duo Authenticator'){
4387
-
4388
- }
4389
-
4390
-
4391
- update_user_meta( $user->ID, 'mo2f_2FA_method_to_test', $selected_2FA_method );
4392
- }
4393
-
4394
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_go_back' ) {
4395
- $nonce = $_POST['mo2f_go_back_nonce'];
4396
-
4397
- if ( ! wp_verify_nonce( $nonce, 'mo2f-go-back-nonce' ) ) {
4398
- $error = new WP_Error();
4399
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4400
-
4401
- return $error;
4402
- } else {
4403
- $session_variables = array(
4404
- 'mo2f_qrCode',
4405
- 'mo2f_transactionId',
4406
- 'mo2f_show_qr_code',
4407
- 'user_phone',
4408
- 'mo2f_google_auth',
4409
- 'mo2f_mobile_support',
4410
- 'mo2f_authy_keys'
4411
- );
4412
- MO2f_Utility::unset_session_variables( $session_variables );
4413
- delete_option( 'mo2f_transactionId' );
4414
- delete_option( 'user_phone_temp' );
4415
-
4416
- delete_user_meta( $user->ID, 'test_2FA' );
4417
- delete_user_meta( $user->ID, 'configure_2FA' );
4418
-
4419
- }
4420
- }
4421
- else if(isset($_POST['option']) && $_POST['option'] == 'mo2f_reset_duo_configuration'){
4422
- $nonce = sanitize_text_field($_POST['mo2f_duo_reset_configuration_nonce']);
4423
- if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-reset-configuration-nonce' ) ) {
4424
- $error = new WP_Error();
4425
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
4426
- return $error;
4427
- }else{
4428
- delete_site_option('duo_credentials_save_successfully');
4429
- delete_user_meta($user->ID,'user_not_enroll');
4430
- delete_site_option('mo2f_d_integration_key');
4431
- delete_site_option('mo2f_d_secret_key');
4432
- delete_site_option('mo2f_d_api_hostname');
4433
- update_option( 'mo2f_message', Mo2fConstants::langTranslate("RESET_DUO_CONFIGURATON"));
4434
- $this->mo_auth_show_success_message();
4435
- }
4436
- }
4437
-
4438
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_2factor_generate_backup_codes' ) {
4439
- $nonce = sanitize_text_field($_POST['mo_2factor_generate_backup_codes_nonce']);
4440
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-generate-backup-codes-nonce' ) ) {
4441
- $error = new WP_Error();
4442
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
4443
- return $error;
4444
- }else {
4445
- MO2f_Utility::mo2f_mail_and_download_codes();
4446
- }
4447
- }
4448
-
4449
- }
4450
-
4451
- function mo_auth_deactivate() {
4452
- global $Mo2fdbQueries;
4453
- $mo2f_register_with_another_email = get_option( 'mo2f_register_with_another_email' );
4454
- $is_EC = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ? 1 : 0;
4455
- $is_NNC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option') ? 1 : 0;
4456
-
4457
- if ( $mo2f_register_with_another_email || $is_EC || $is_NNC ) {
4458
- update_option( 'mo2f_register_with_another_email', 0 );
4459
- $users = get_users( array() );
4460
- $this->mo2f_delete_user_details( $users );
4461
- $url = admin_url( 'plugins.php' );
4462
- wp_redirect( $url );
4463
- }
4464
- }
4465
-
4466
- function mo2f_delete_user_details( $users ) {
4467
- global $Mo2fdbQueries;
4468
- foreach ( $users as $user ) {
4469
- $Mo2fdbQueries->delete_user_details( $user->ID );
4470
- delete_user_meta( $user->ID, 'phone_verification_status' );
4471
- delete_user_meta( $user->ID, 'test_2FA' );
4472
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
4473
- delete_user_meta( $user->ID, 'configure_2FA' );
4474
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_test' );
4475
- delete_user_meta( $user->ID, 'mo2f_phone' );
4476
- delete_user_meta( $user->ID, 'register_account_popup' );
4477
- }
4478
-
4479
- }
4480
- function mo2f_show_email_page($email )
4481
- {
4482
- ?>
4483
- <div id="EnterEmailCloudVerification" class="modal">
4484
- <!-- Modal content -->
4485
- <div class="modal-content">
4486
- <div class="modal-header">
4487
- <h3 class="modal-title" style="text-align: center; font-size: 20px; color: #20b2aa">Email Address for miniOrange</h3><span id="closeEnterEmailCloud" class="modal-span-close">X</span>
4488
- </div>
4489
- <div class="modal-body" style="height: auto">
4490
- <h2><i>Enter your Email:&nbsp;&nbsp;&nbsp; <input type ='email' id='emailEnteredCloud' name='emailEnteredCloud' size= '40' required value="<?php echo $email;?>"/></i></h2>
4491
- </div>
4492
- <div class="modal-footer">
4493
- <button type="button" class="button button-primary button-large modal-button" id="save_entered_email_cloud">Save</button>
4494
- </div>
4495
- </div>
4496
- </div>
4497
-
4498
-
4499
- <script type="text/javascript">
4500
-
4501
- jQuery('#EnterEmailCloudVerification').css('display', 'block');
4502
-
4503
- jQuery('#closeEnterEmailCloud').click(function(){
4504
- jQuery('#EnterEmailCloudVerification').css('display', 'none');
4505
-
4506
- });
4507
-
4508
-
4509
- </script>
4510
-
4511
- <?php
4512
-
4513
-
4514
- }
4515
-
4516
- function mo2f_delete_mo_options() {
4517
- delete_option( 'mo2f_email' );
4518
- delete_option( 'mo2f_dbversion' );
4519
- delete_option( 'mo2f_host_name' );
4520
- delete_option( 'user_phone' );
4521
- delete_option( 'mo2f_miniorange_admin');
4522
- //delete_option( 'mo2f_customerKey' );
4523
- delete_option( 'mo2f_api_key' );
4524
- delete_option( 'mo2f_customer_token' );
4525
- delete_option( 'mo_2factor_admin_registration_status' );
4526
- delete_option( 'mo2f_number_of_transactions' );
4527
- delete_option( 'mo2f_set_transactions' );
4528
- delete_option( 'mo2f_show_sms_transaction_message' );
4529
- delete_option( 'mo_app_password' );
4530
- delete_option( 'mo2f_login_option' );
4531
- delete_option( 'mo2f_remember_device' );
4532
- delete_option( 'mo2f_enable_forgotphone' );
4533
- delete_option( 'mo2f_enable_login_with_2nd_factor' );
4534
- delete_option( 'mo2f_enable_xmlrpc' );
4535
- delete_option( 'mo2f_register_with_another_email' );
4536
- delete_option( 'mo2f_proxy_host' );
4537
- delete_option( 'mo2f_port_number' );
4538
- delete_option( 'mo2f_proxy_username' );
4539
- delete_option( 'mo2f_proxy_password' );
4540
- delete_option( 'mo2f_customer_selected_plan' );
4541
- delete_option( 'mo2f_ns_whitelist_ip' );
4542
- delete_option( 'mo2f_enable_brute_force' );
4543
- delete_option( 'mo2f_show_remaining_attempts' );
4544
- delete_option( 'mo2f_ns_blocked_ip' );
4545
- delete_option( 'mo2f_allwed_login_attempts' );
4546
- delete_option( 'mo2f_time_of_blocking_type' );
4547
- delete_option( 'mo2f_network_features' );
4548
-
4549
- }
4550
-
4551
- function mo_auth_show_success_message() {
4552
- do_action('wpns_show_message', get_option( 'mo2f_message' ), 'SUCCESS');
4553
- }
4554
-
4555
- function mo2f_create_customer( $user ) {
4556
- global $Mo2fdbQueries;
4557
- delete_user_meta( $user->ID, 'mo2f_sms_otp_count' );
4558
- delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
4559
- $customer = new Customer_Setup();
4560
- $customerKey = json_decode( $customer->create_customer(), true );
4561
-
4562
- if ( $customerKey['status'] == 'ERROR' ) {
4563
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $customerKey['message'] ) );
4564
- $this->mo_auth_show_error_message();
4565
- } else {
4566
- if ( strcasecmp( $customerKey['status'], 'CUSTOMER_USERNAME_ALREADY_EXISTS' ) == 0 ) { //admin already exists in miniOrange
4567
- $content = $customer->get_customer_key();
4568
- $customerKey = json_decode( $content, true );
4569
-
4570
- if ( json_last_error() == JSON_ERROR_NONE ) {
4571
- if ( array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
4572
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
4573
- $this->mo_auth_show_error_message();
4574
- } else {
4575
- if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
4576
- update_option( 'mo2f_customerKey', $customerKey['id'] );
4577
- update_option( 'mo2f_api_key', $customerKey['apiKey'] );
4578
- update_option( 'mo2f_customer_token', $customerKey['token'] );
4579
- update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
4580
- update_option( 'mo2f_miniorange_admin', $user->ID );
4581
- delete_option( 'mo2f_password' );
4582
- $email = get_option( 'mo2f_email' );
4583
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4584
- 'mo2f_EmailVerification_config_status' => true,
4585
- 'user_registration_with_miniorange' => 'SUCCESS',
4586
- 'mo2f_user_email' => $email,
4587
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
4588
- ) );
4589
-
4590
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
4591
- $enduser = new Two_Factor_Setup();
4592
- $enduser->mo2f_update_userinfo( $email, 'OUT OF BAND EMAIL', null, 'API_2FA', true );
4593
-
4594
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" ) . ' <b>' . Mo2fConstants:: langTranslate( "EMAIL_VERFI" ) . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . ' <a href=\"admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" ) );
4595
- $this->mo_auth_show_success_message();
4596
- } else {
4597
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_CREATE_ACC_OTP" ) );
4598
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
4599
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
4600
- $this->mo_auth_show_error_message();
4601
- }
4602
-
4603
- }
4604
-
4605
- } else {
4606
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
4607
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
4608
- update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
4609
- $this->mo_auth_show_error_message();
4610
- }
4611
-
4612
-
4613
- } else {
4614
- if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
4615
- update_option( 'mo2f_customerKey', $customerKey['id'] );
4616
- update_option( 'mo2f_api_key', $customerKey['apiKey'] );
4617
- update_option( 'mo2f_customer_token', $customerKey['token'] );
4618
- update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
4619
- update_option( 'mo2f_miniorange_admin', $user->ID );
4620
- delete_option( 'mo2f_password' );
4621
-
4622
- $email = get_option( 'mo2f_email' );
4623
-
4624
- update_option( 'mo2f_is_NC', 1 );
4625
- update_option( 'mo2f_is_NNC', 1 );
4626
-
4627
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_CREATED" ) );
4628
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
4629
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4630
- 'mo2f_2factor_enable_2fa_byusers' => 1,
4631
- 'user_registration_with_miniorange' => 'SUCCESS',
4632
- 'mo2f_configured_2FA_method' => 'NONE',
4633
- 'mo2f_user_email' => $email,
4634
- 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status
4635
- ) );
4636
-
4637
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
4638
-
4639
- $enduser = new Two_Factor_Setup();
4640
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, 'API_2FA', true );
4641
-
4642
- $this->mo_auth_show_success_message();
4643
-
4644
- $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
4645
- if ( ! empty( $mo2f_customer_selected_plan ) ) {
4646
- delete_option( 'mo2f_customer_selected_plan' );
4647
- header( 'Location: admin.php?page=mo_2fa_upgrade' );
4648
- } else {
4649
- header( 'Location: admin.php?page=mo_2fa_two_fa' );
4650
- }
4651
-
4652
- } else {
4653
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_CREATE_ACC_OTP" ) );
4654
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
4655
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
4656
- $this->mo_auth_show_error_message();
4657
- }
4658
-
4659
-
4660
- }
4661
- }
4662
- }
4663
-
4664
- public static function mo2f_get_GA_parameters($user){
4665
- global $Mo2fdbQueries;
4666
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4667
- $google_auth = new Miniorange_Rba_Attributes();
4668
- $gauth_name= get_option('mo2f_google_appname');
4669
- $gauth_name = $gauth_name ? $gauth_name : 'miniOrangeAu';
4670
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email,$gauth_name ), true );
4671
- if ( json_last_error() == JSON_ERROR_NONE ) {
4672
- if ( $google_response['status'] == 'SUCCESS' ) {
4673
- $mo2f_google_auth = array();
4674
- $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
4675
- $mo2f_google_auth['ga_secret'] = $google_response['secret'];
4676
- update_user_meta($user->ID, 'mo2f_google_auth', $mo2f_google_auth);
4677
- }else {
4678
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4679
- do_action('mo_auth_show_error_message');
4680
- }
4681
- }else {
4682
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4683
- do_action('mo_auth_show_error_message');
4684
-
4685
- }
4686
- }
4687
-
4688
- function mo_auth_show_error_message() {
4689
- do_action('wpns_show_message', get_option( 'mo2f_message' ), 'ERROR');
4690
- }
4691
-
4692
- function mo2f_create_user( $user, $email ) {
4693
- global $Mo2fdbQueries;
4694
- $email = strtolower( $email );
4695
- $enduser = new Two_Factor_Setup();
4696
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
4697
-
4698
- if ( json_last_error() == JSON_ERROR_NONE ) {
4699
- if ( $check_user['status'] == 'ERROR' ) {
4700
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
4701
- $this->mo_auth_show_error_message();
4702
- } else {
4703
- if ( strcasecmp( $check_user['status'], 'USER_FOUND' ) == 0 ) {
4704
-
4705
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4706
- 'user_registration_with_miniorange' => 'SUCCESS',
4707
- 'mo2f_user_email' => $email,
4708
- 'mo2f_configured_2FA_method' => 'NONE',
4709
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
4710
- ) );
4711
-
4712
-
4713
- delete_user_meta( $user->ID, 'user_email' );
4714
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, 'API_2FA', true );
4715
- $message = Mo2fConstants:: langTranslate( "REGISTRATION_SUCCESS" );
4716
- update_option( 'mo2f_message', $message );
4717
- $this->mo_auth_show_success_message();
4718
- header( 'Location: admin.php?page=mo_2fa_two_fa' );
4719
-
4720
- } else if ( strcasecmp( $check_user['status'], 'USER_NOT_FOUND' ) == 0 ) {
4721
- $content = json_decode( $enduser->mo_create_user( $user, $email ), true );
4722
- if ( json_last_error() == JSON_ERROR_NONE ) {
4723
- if ( $content['status'] == 'ERROR' ) {
4724
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
4725
- $this->mo_auth_show_error_message();
4726
- } else {
4727
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
4728
- delete_user_meta( $user->ID, 'user_email' );
4729
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4730
- 'user_registration_with_miniorange' => 'SUCCESS',
4731
- 'mo2f_user_email' => $email,
4732
- 'mo2f_configured_2FA_method' => 'NONE',
4733
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
4734
- ) );
4735
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, 'API_2FA', true );
4736
- $message = Mo2fConstants:: langTranslate( "REGISTRATION_SUCCESS" );
4737
- update_option( 'mo2f_message', $message );
4738
- $this->mo_auth_show_success_message();
4739
- header( 'Location: admin.php?page=mo_2fa_two_fa' );
4740
-
4741
- } else {
4742
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4743
- $this->mo_auth_show_error_message();
4744
- }
4745
- }
4746
- } else {
4747
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4748
- $this->mo_auth_show_error_message();
4749
- }
4750
- } else {
4751
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4752
- $this->mo_auth_show_error_message();
4753
- }
4754
- }
4755
- } else {
4756
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4757
- $this->mo_auth_show_error_message();
4758
- }
4759
- }
4760
-
4761
- function mo2f_get_qr_code_for_mobile( $email, $id, $session_id = null ) {
4762
-
4763
- $registerMobile = new Two_Factor_Setup();
4764
- $content = $registerMobile->register_mobile( $email );
4765
-
4766
- $response = json_decode( $content, true );
4767
- if ( json_last_error() == JSON_ERROR_NONE ) {
4768
- if ( $response['status'] == 'ERROR' ) {
4769
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4770
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
4771
- MO2f_Utility::unset_session_variables( $session_variables );
4772
- delete_option( 'mo2f_transactionId' );
4773
- $this->mo_auth_show_error_message();
4774
-
4775
- } else {
4776
- if ( $response['status'] == 'IN_PROGRESS' ) {
4777
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( "SCAN_QR_CODE" ) );
4778
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_qrCode', $response['qrCode']);
4779
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
4780
- update_user_meta($id, 'mo2f_transactionId', $response['txId']);
4781
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_show_qr_code', 'MO_2_FACTOR_SHOW_QR_CODE');
4782
-
4783
-
4784
- $this->mo_auth_show_success_message();
4785
- } else {
4786
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4787
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
4788
- MO2f_Utility::unset_session_variables( $session_variables );
4789
- delete_option( 'mo2f_transactionId' );
4790
- $this->mo_auth_show_error_message();
4791
- }
4792
- }
4793
- }
4794
- }
4795
-
4796
- function mo2f_save_2_factor_method( $user, $mo2f_configured_2FA_method ) {
4797
- global $Mo2fdbQueries;
4798
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4799
- $enduser = new Two_Factor_Setup();
4800
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
4801
- $current_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_configured_2FA_method, "server" );
4802
-
4803
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $phone, null, null ), true );
4804
- if ( json_last_error() == JSON_ERROR_NONE ) {
4805
- if ( $response['status'] == 'ERROR' ) {
4806
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4807
- $this->mo_auth_show_error_message();
4808
- } else if ( $response['status'] == 'SUCCESS' ) {
4809
- $configured_2fa_method = '';
4810
- if($mo2f_configured_2FA_method =='')
4811
- $configured_2fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
4812
- else
4813
- $configured_2fa_method = $mo2f_configured_2FA_method;
4814
- if ( in_array( $configured_2fa_method, array( "Google Authenticator", "Authy Authenticator" ) ) ) {
4815
- update_user_meta( $user->ID, 'mo2f_external_app_type', $configured_2fa_method );
4816
- }
4817
-
4818
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4819
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
4820
- ) );
4821
- delete_user_meta( $user->ID, 'configure_2FA' );
4822
-
4823
- if($configured_2fa_method == 'OTP Over Email' or $configured_2fa_method=='OTP Over SMS')
4824
- {
4825
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA_otp" ) );
4826
- }
4827
- else
4828
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA" ) );
4829
-
4830
-
4831
- $this->mo_auth_show_success_message();
4832
- } else {
4833
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4834
- $this->mo_auth_show_error_message();
4835
- }
4836
- } else {
4837
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4838
- $this->mo_auth_show_error_message();
4839
- }
4840
- }
4841
-
4842
- function miniorange_email_verification_call( $current_user ) {
4843
- global $Mo2fdbQueries;
4844
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
4845
-
4846
- if(MO2F_IS_ONPREM)
4847
- {
4848
-
4849
- $challengeMobile = new Customer_Setup();
4850
- $is_flow_driven_setup = ! ( get_user_meta( $current_user->ID, 'current_modal', true ) ) ? 0 : 1;
4851
-
4852
- $subject = '2-Factor Authentication(Email verification)';
4853
- $headers = array('Content-Type: text/html; charset=UTF-8');
4854
- $txid = '';
4855
- $otpToken = '';
4856
- $otpTokenD = '';
4857
- for($i=1;$i<7;$i++)
4858
- {
4859
- $otpToken .= rand(0,9);
4860
- $txid .= rand(100,999);
4861
- $otpTokenD .= rand(0,9);
4862
- }
4863
- $otpTokenH = hash('sha512',$otpToken);
4864
- $otpTokenDH = hash('sha512', $otpTokenD);
4865
-
4866
-
4867
- update_user_meta($current_user->ID, 'mo2f_transactionId', $txid);
4868
- update_user_meta($current_user->ID, 'otpToken', $otpToken);
4869
-
4870
-
4871
- $userID = hash('sha512',$current_user->ID);
4872
- update_site_option($userID,$otpTokenH);
4873
- update_site_option($txid,3);
4874
- $userIDd = $userID . 'D';
4875
- update_site_option($userIDd,$otpTokenDH);
4876
- $url = get_site_option('siteurl').'/wp-login.php?'; //login page can change
4877
- $message = '<table cellpadding="25" style="margin:0px auto">
4878
- <tbody>
4879
- <td>
4880
- <td>
4881
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
4882
- <tbody>
4883
- <td>
4884
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
4885
- </tr>
4886
- </tbody>
4887
- </table>
4888
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
4889
- <tbody>
4890
- <td>
4891
- <td>
4892
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
4893
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
4894
- <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
4895
- <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
4896
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
4897
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
4898
- </div></div></td>
4899
- </tr>
4900
- </tbody>
4901
- </table>
4902
- </td>
4903
- </tr>
4904
- </tbody>
4905
- </table>';
4906
- $result = wp_mail($email,$subject,$message,$headers);
4907
- if($result){
4908
- $time = "time".$txid;
4909
- $currentTimeInMillis = round(microtime(true) * 1000);
4910
- update_site_option($time,$currentTimeInMillis);
4911
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
4912
-
4913
- }else{
4914
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
4915
- $this->mo_auth_show_error_message();
4916
- }
4917
-
4918
- }
4919
- else
4920
- {
4921
- global $Mo2fdbQueries;
4922
- $challengeMobile = new Customer_Setup();
4923
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
4924
- $content = $challengeMobile->send_otp_token( $email, 'OUT OF BAND EMAIL', $this->defaultCustomerKey, $this->defaultApiKey );
4925
- $response = json_decode( $content, true );
4926
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate out of band email */
4927
- if ( $response['status'] == 'ERROR' ) {
4928
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4929
- $this->mo_auth_show_error_message();
4930
- } else {
4931
- if ( $response['status'] == 'SUCCESS' ) {
4932
- update_user_meta($current_user->ID, 'mo2f_transactionId', $response['txId']);
4933
-
4934
-
4935
- update_option( 'mo2f_transactionId', $response['txId'] );
4936
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "VERIFICATION_EMAIL_SENT" ) . '<b> ' . $email . '</b>. ' . Mo2fConstants:: langTranslate( "ACCEPT_LINK_TO_VERIFY_EMAIL" ) );
4937
- $this->mo_auth_show_success_message();
4938
- } else {
4939
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4940
- $this->mo_auth_show_error_message();
4941
- }
4942
- }
4943
- } else {
4944
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4945
- $this->mo_auth_show_error_message();
4946
- }
4947
- }
4948
- }
4949
- static function low_otp_alert( $auth_type) {
4950
- global $Mo2fdbQueries;
4951
- $email = get_option('mo2f_email')?get_option('mo2f_email'):get_option('admin_email');
4952
- if(MO2F_IS_ONPREM)
4953
- {
4954
- $count=0;
4955
- if($auth_type =="email"){
4956
- $subject = 'Two Factor Authentication(Low Email Alert)';
4957
- $count = get_site_option('cmVtYWluaW5nT1RQ')-1; //database value is updated after function call
4958
- $string = 'Email';
4959
- }
4960
- else if($auth_type =="sms"){
4961
- $subject = 'Two Factor Authentication(Low SMS Alert)';
4962
- $count = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1; //database value is updated after function call
4963
- $string = 'SMS';
4964
- }
4965
- $admin_url = network_site_url();
4966
- $url = explode('/wp-admin/admin.php?page=mo_2fa_upgrade', $admin_url);
4967
- $headers = array('Content-Type: text/html; charset=UTF-8');
4968
- $headers[] = 'Cc: 2fasupport <2fasupport@xecurify.com>';
4969
- $message = '<table cellpadding="25" style="margin:0px auto">
4970
- <tbody>
4971
- <td>
4972
- <td>
4973
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
4974
- <tbody>
4975
- <td>
4976
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
4977
- </tr>
4978
- </tbody>
4979
- </table>
4980
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
4981
- <tbody>
4982
- <td>
4983
- <td>
4984
- <p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
4985
- <p style="margin-top:0;margin-bottom:20px"> You are going to exhaust all your '.$string.'. You have only <b>'.$count.'</b> '.$string.' remaining. You can recharge or add '.$string.' to your account: <a href='.MoWpnsConstants::rechargeLink.'>Recharge</a></p>
4986
- <p style="margin-top:0;margin-bottom:10px">After Recharge you can continue using your current plan. To know more about our plans you can also visit our site: <a href='.$url[0].'/wp-admin/admin.php?page=mo_2fa_upgrade>2FA Plans</a>.</p>
4987
- <p style="margin-top:0;margin-bottom:10px">If you do not wish to recharge, we advise you to <a href='.$url[0].'/wp-admin/admin.php?page=mo_2fa_two_fa>change the 2FA method</a> before you have no '.$string.' left. In case you get locked out, please use this guide to gain access: <a href='.MoWpnsConstants::OnPremiseLockedOut.'>Guide link</a></p>
4988
- <p style="margin-top:0;margin-bottom:20px">For more information, you can contact us directly at 2fasupport@xecurify.com.</p>
4989
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
4990
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
4991
- </div></div></td>
4992
- </tr>
4993
- </tbody>
4994
- </table>
4995
- </td>
4996
- </tr>
4997
- </tbody>
4998
- </table>';
4999
- $result = wp_mail($email,$subject,$message,$headers);
5000
- if($result){
5001
- $currentTimeInMillis = round(microtime(true) * 1000);
5002
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
5003
-
5004
- }
5005
-
5006
- }
5007
-
5008
- }
5009
- function mo_auth_activate() {
5010
- error_log(' miniOrange Two Factor Plugin Activated');
5011
-
5012
- $get_encryption_key = MO2f_Utility::random_str(16);
5013
- update_option('mo2f_encryption_key',$get_encryption_key);
5014
-
5015
- if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
5016
- update_option( 'mo2f_is_NC', 0 );
5017
- } else {
5018
- update_option( 'mo2f_is_NC', 1 );
5019
- update_option( 'mo2f_is_NNC', 1 );
5020
- }
5021
-
5022
- do_action('mo2f_network_create_db');
5023
-
5024
- update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
5025
- update_option('mo2f_data_storage',null);
5026
- global $Mo2fdbQueries;
5027
- $Mo2fdbQueries->mo_plugin_activate();
5028
-
5029
-
5030
- }
5031
-
5032
- function mo_get_2fa_shorcode( $atts ) {
5033
- if ( ! is_user_logged_in() && mo2f_is_customer_registered() ) {
5034
- $mo2f_shorcode = new MO2F_ShortCode();
5035
- $html = $mo2f_shorcode->mo2FAFormShortCode( $atts );
5036
-
5037
- return $html;
5038
- }
5039
- }
5040
-
5041
- function mo_get_login_form_shortcode( $atts ) {
5042
- if ( ! is_user_logged_in() && mo2f_is_customer_registered() ) {
5043
- $mo2f_shorcode = new MO2F_ShortCode();
5044
- $html = $mo2f_shorcode->mo2FALoginFormShortCode( $atts );
5045
-
5046
- return $html;
5047
- }
5048
- }
5049
- }
5050
-
5051
- function mo2f_is_customer_registered() {
5052
- $email = get_option( 'mo2f_email' );
5053
- $customerKey = get_option( 'mo2f_customerKey' );
5054
- if ( ! $email || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
5055
- return 0;
5056
- } else {
5057
- return 1;
5058
- }
5059
- }
5060
- new Miniorange_Authentication;
1
+ <?php
2
+ include 'two_fa_pass2login.php';
3
+ include_once 'two_fa_get_details.php';
4
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_setup_notification.php';
5
+ include 'class_miniorange_2fa_strong_password.php';
6
+
7
+ class Miniorange_Authentication {
8
+
9
+ private $defaultCustomerKey = "16555";
10
+ private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
11
+
12
+ function __construct() {
13
+ add_action( 'admin_init', array( $this, 'miniorange_auth_save_settings' ) );
14
+ add_action( 'plugins_loaded', array( $this, 'mo2f_update_db_check' ) );
15
+
16
+ global $wp_roles;
17
+ if ( ! isset( $wp_roles ) ) {
18
+ $wp_roles = new WP_Roles();
19
+ }
20
+
21
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option') == 1 ) {
22
+ $mo2f_rba_attributes = new Miniorange_Rba_Attributes();
23
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
24
+ $mo2f_2factor_setup = new Two_Factor_Setup();
25
+ add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
26
+ //for shortcode addon
27
+ $mo2f_ns_config = new MoWpnsUtility();
28
+ add_action( 'login_form', array( $pass2fa_login, 'mo_2_factor_pass2login_show_wp_login_form' ),10 );
29
+
30
+ //strong password file
31
+ $mo2f_strong_password = new class_miniorange_2fa_strong_password();
32
+
33
+ if($mo2f_ns_config->hasLoginCookie())
34
+ {
35
+ add_action('user_profile_update_errors', array( $mo2f_strong_password, 'validatePassword'), 0, 3 );
36
+ add_action( 'woocommerce_save_account_details_errors', array( $mo2f_strong_password, 'woocommerce_password_edit_account' ),1,2 );
37
+ }
38
+ add_filter( 'woocommerce_process_registration_errors', array($mo2f_strong_password,'woocommerce_password_protection'),1,4);
39
+ add_filter( 'woocommerce_registration_errors', array($mo2f_strong_password,'woocommerce_password_registration_protection'),1,3);
40
+ add_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', [ $this, 'disable_admin_bar' ] );
41
+
42
+ add_filter( 'mo2f_shortcode_rba_gauth', array( $mo2f_rba_attributes, 'mo2f_validate_google_auth' ), 10, 3 );
43
+ add_filter( 'mo2f_shortcode_kba', array( $mo2f_2factor_setup, 'register_kba_details' ), 10, 7 );
44
+ add_filter( 'mo2f_update_info', array( $mo2f_2factor_setup, 'mo2f_update_userinfo' ), 10, 5 );
45
+ add_action( 'mo2f_shortcode_form_fields', array(
46
+ $pass2fa_login,
47
+ 'miniorange_pass2login_form_fields'
48
+ ), 10, 5 );
49
+
50
+ add_action( 'delete_user', array( $this, 'mo2f_delete_user' ) );
51
+
52
+ add_filter( 'mo2f_gauth_service', array( $mo2f_rba_attributes, 'mo2f_google_auth_service' ), 10, 1 );
53
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) { //password + 2nd factor enabled
54
+ if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
55
+
56
+ remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
57
+
58
+ add_filter( 'authenticate', array( $pass2fa_login, 'mo2f_check_username_password' ), 99999, 4 );
59
+ add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
60
+ add_action( 'login_form', array(
61
+ $pass2fa_login,
62
+ 'mo_2_factor_pass2login_show_wp_login_form'
63
+ ), 10 );
64
+
65
+ if ( get_option( 'mo2f_remember_device' ) ) {
66
+ add_action( 'login_footer', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ) );
67
+ add_action( 'woocommerce_before_customer_login_form', array(
68
+ $pass2fa_login,
69
+ 'miniorange_pass2login_footer_form'
70
+ ) );
71
+ }
72
+ add_action( 'login_enqueue_scripts', array(
73
+ $pass2fa_login,
74
+ 'mo_2_factor_enable_jquery_default_login'
75
+ ) );
76
+
77
+ if(get_site_option('mo2f_woocommerce_login_prompt')){
78
+ add_action( 'woocommerce_login_form', array(
79
+ $pass2fa_login,
80
+ 'mo_2_factor_pass2login_show_wp_login_form'
81
+ ) );
82
+ }
83
+ else if(!get_site_option('mo2f_woocommerce_login_prompt') && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option') ) {
84
+ add_action('woocommerce_login_form_end' ,array(
85
+ $pass2fa_login,
86
+ 'mo_2_factor_pass2login_woocommerce'
87
+ ) );
88
+ }
89
+ add_action( 'wp_enqueue_scripts', array(
90
+ $pass2fa_login,
91
+ 'mo_2_factor_enable_jquery_default_login'
92
+ ) );
93
+
94
+ //Actions for other plugins to use miniOrange 2FA plugin
95
+ add_action( 'miniorange_pre_authenticate_user_login', array(
96
+ $pass2fa_login,
97
+ 'mo2f_check_username_password'
98
+ ), 1, 4 );
99
+ add_action( 'miniorange_post_authenticate_user_login', array(
100
+ $pass2fa_login,
101
+ 'miniorange_initiate_2nd_factor'
102
+ ), 1, 3 );
103
+ add_action( 'miniorange_collect_attributes_for_authenticated_user', array(
104
+ $pass2fa_login,
105
+ 'mo2f_collect_device_attributes_for_authenticated_user'
106
+ ), 1, 2 );
107
+
108
+ }
109
+
110
+ } else { //login with phone enabled
111
+
112
+ if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
113
+
114
+ $mobile_login = new Miniorange_Mobile_Login();
115
+ add_action( 'login_form', array( $mobile_login, 'miniorange_login_form_fields' ), 99999,10 );
116
+ add_action( 'login_footer', array( $mobile_login, 'miniorange_login_footer_form' ) );
117
+
118
+ remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
119
+ add_filter( 'authenticate', array( $mobile_login, 'mo2fa_default_login' ), 99999, 3 );
120
+ add_action( 'login_enqueue_scripts', array( $mobile_login, 'custom_login_enqueue_scripts' ) );
121
+ }
122
+ }
123
+ }
124
+ }
125
+
126
+ function define_global() {
127
+ global $Mo2fdbQueries;
128
+ $Mo2fdbQueries = new Mo2fDB();
129
+ }
130
+
131
+ function mo2f_delete_user($user_id){
132
+ global $Mo2fdbQueries;
133
+ delete_user_meta($user_id,'mo2f_kba_challenge');
134
+ delete_user_meta($user_id,'mo2f_2FA_method_to_configure');
135
+ delete_user_meta($user_id,'Security Questions');
136
+ delete_user_meta($user_id,'mo2f_chat_id');
137
+ $Mo2fdbQueries->delete_user_details( $user_id);
138
+ delete_user_meta($user_id,'mo2f_2FA_method_to_test');
139
+ }
140
+
141
+ function mo2f_update_db_check() {
142
+
143
+ $userid = wp_get_current_user()->ID;
144
+ add_option('mo2f_onprem_admin' , $userid );
145
+ if(is_multisite()){
146
+ add_site_option('mo2fa_superadmin',1);
147
+ }
148
+ // Deciding on On-Premise solution
149
+ $is_NC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
150
+ $is_NNC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
151
+ // Old users
152
+ if ( get_option( 'mo2f_customerKey' ) && ! $is_NC )
153
+ add_option( 'is_onprem', 0 );
154
+
155
+ //new users using cloud
156
+ if(get_option( 'mo2f_customerKey' ) && $is_NC && $is_NNC)
157
+ add_option( 'is_onprem', 0 );
158
+
159
+ if(get_option( 'mo2f_app_secret' ) && $is_NC && $is_NNC){
160
+ add_option( 'is_onprem', 0 );
161
+ }else{
162
+ add_option( 'is_onprem', 1 );
163
+
164
+ }
165
+ if(get_option('mo2f_network_features',"not_exits")=="not_exits"){
166
+ do_action('mo2f_network_create_db');
167
+ update_option('mo2f_network_features',1);
168
+ }
169
+ if(get_option('mo2f_encryption_key',"not_exits")=="not_exits"){
170
+ $get_encryption_key = MO2f_Utility::random_str(16);
171
+ update_option('mo2f_encryption_key',$get_encryption_key);
172
+
173
+ }
174
+ global $Mo2fdbQueries;
175
+ $user_id = get_option( 'mo2f_miniorange_admin' );
176
+ $current_db_version = get_option( 'mo2f_dbversion' );
177
+
178
+ if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
179
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
180
+ $Mo2fdbQueries->generate_tables();
181
+
182
+ }
183
+ if(MO2F_IS_ONPREM){
184
+ $twofactordb = new Mo2fDB;
185
+ $userSync = get_site_option('mo2f_user_sync');
186
+ if($userSync<1){
187
+ update_site_option('mo2f_user_sync',1);
188
+ $twofactordb->get_all_onprem_userids();
189
+ }
190
+ }
191
+
192
+ if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
193
+
194
+ if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option')) {
195
+ update_option( 'mo2f_is_NC', 0 );
196
+ }
197
+
198
+ $check_if_user_column_exists = false;
199
+
200
+ if ( $user_id && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
201
+ $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
202
+ if ( $does_table_exist ) {
203
+ $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
204
+ }
205
+ if ( ! $check_if_user_column_exists ) {
206
+ $Mo2fdbQueries->generate_tables();
207
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
208
+
209
+ add_option( 'mo2f_phone', get_option( 'user_phone' ) );
210
+ add_option( 'mo2f_enable_login_with_2nd_factor', get_option( 'mo2f_show_loginwith_phone' ) );
211
+ add_option( 'mo2f_remember_device', get_option( 'mo2f_deviceid_enabled' ) );
212
+ add_option( 'mo2f_transactionId', get_option( 'mo2f-login-transactionId' ) );
213
+ add_option( 'mo2f_is_NC', 0 );
214
+ $phone = get_user_meta( $user_id, 'mo2f_user_phone', true );
215
+ $user_phone = $phone ? $phone : get_user_meta( $user_id, 'mo2f_phone', true );
216
+
217
+ $Mo2fdbQueries->update_user_details( $user_id,
218
+ array(
219
+ 'mo2f_GoogleAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_google_authentication_status', true ),
220
+ 'mo2f_SecurityQuestions_config_status' => get_user_meta( $user_id, 'mo2f_kba_registration_status', true ),
221
+ 'mo2f_EmailVerification_config_status' => true,
222
+ 'mo2f_AuthyAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_authy_authentication_status', true ),
223
+ 'mo2f_user_email' => get_user_meta( $user_id, 'mo_2factor_map_id_with_email', true ),
224
+ 'mo2f_user_phone' => $user_phone,
225
+ 'user_registration_with_miniorange' => get_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange', true ),
226
+ 'mobile_registration_status' => get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ),
227
+ 'mo2f_configured_2FA_method' => get_user_meta( $user_id, 'mo2f_selected_2factor_method', true ),
228
+ 'mo_2factor_user_registration_status' => get_user_meta( $user_id, 'mo_2factor_user_registration_status', true )
229
+ ) );
230
+
231
+ if ( get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ) ) {
232
+ $Mo2fdbQueries->update_user_details( $user_id,
233
+ array(
234
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
235
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
236
+ 'mo2f_miniOrangePushNotification_config_status' => true
237
+ ) );
238
+ }
239
+
240
+ if ( get_user_meta( $user_id, 'mo2f_otp_registration_status', true ) ) {
241
+ $Mo2fdbQueries->update_user_details( $user_id,
242
+ array(
243
+ 'mo2f_OTPOverSMS_config_status' => true
244
+ ) );
245
+ }
246
+
247
+ $mo2f_external_app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true ) == 'AUTHY 2-FACTOR AUTHENTICATION' ?
248
+ 'Authy Authenticator' : 'Google Authenticator';
249
+
250
+ update_user_meta( $user_id, 'mo2f_external_app_type', $mo2f_external_app_type );
251
+
252
+ delete_option( 'mo2f_show_loginwith_phone' );
253
+ delete_option( 'mo2f_deviceid_enabled' );
254
+ delete_option( 'mo2f-login-transactionId' );
255
+ delete_user_meta( $user_id, 'mo2f_google_authentication_status' );
256
+ delete_user_meta( $user_id, 'mo2f_kba_registration_status' );
257
+ delete_user_meta( $user_id, 'mo2f_email_verification_status' );
258
+ delete_user_meta( $user_id, 'mo2f_authy_authentication_status' );
259
+ delete_user_meta( $user_id, 'mo_2factor_map_id_with_email' );
260
+ delete_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange' );
261
+ delete_user_meta( $user_id, 'mo2f_mobile_registration_status' );
262
+ delete_user_meta( $user_id, 'mo2f_otp_registration_status' );
263
+ delete_user_meta( $user_id, 'mo2f_selected_2factor_method' );
264
+ delete_user_meta( $user_id, 'mo2f_configure_test_option' );
265
+ delete_user_meta( $user_id, 'mo_2factor_user_registration_status' );
266
+
267
+ update_option( 'mo2f_existing_user_values_updated', 1 );
268
+
269
+ }
270
+ }
271
+ }
272
+
273
+ if ( $user_id && ! get_option( 'mo2f_login_option_updated' ) ) {
274
+
275
+ $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
276
+ if ( $does_table_exist ) {
277
+ $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
278
+ if ( $check_if_user_column_exists ) {
279
+ $selected_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
280
+
281
+ update_option( 'mo2f_login_option_updated', 1 );
282
+ }
283
+ }
284
+
285
+ }
286
+
287
+
288
+ }
289
+
290
+
291
+ function feedback_request() {
292
+ display_feedback_form();
293
+ }
294
+ public function disable_admin_bar() {
295
+
296
+ global $wp_admin_bar;
297
+ $wp_admin_bar = ''; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
298
+ }
299
+ function get_customer_SMS_transactions() {
300
+
301
+ if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && MoWpnsUtility::get_mo2f_db_option('mo2f_show_sms_transaction_message', 'get_option') ) {
302
+ if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
303
+ $customer = new Customer_Setup();
304
+
305
+ $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
306
+
307
+ update_option( 'mo2f_set_transactions', 1 );
308
+ if ( ! array_key_exists( 'smsRemaining', $content ) ) {
309
+ $smsRemaining = 0;
310
+ } else {
311
+ $smsRemaining = $content['smsRemaining'];
312
+
313
+ if ( $smsRemaining == null ) {
314
+ $smsRemaining = 0;
315
+ }
316
+ }
317
+ update_option( 'mo2f_number_of_transactions', $smsRemaining );
318
+ } else {
319
+ $smsRemaining = MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option');
320
+ }
321
+
322
+ $this->display_customer_transactions( $smsRemaining );
323
+ }
324
+ }
325
+
326
+ function display_customer_transactions( $content ) {
327
+ echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>' . mo2f_lt( 'miniOrange 2-Factor Plugin:' ) . '</b> ' . mo2f_lt( 'You have' ) . ' <b style="color:red">' . $content . ' ' . mo2f_lt( 'SMS transactions' ) . ' </b>' . mo2f_lt( 'remaining' ) . '<input type="submit" name="submit" value="' . mo2f_lt( 'Check Transactions' ) . ' " class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
328
+ }
329
+
330
+ function prompt_user_to_setup_two_factor() {
331
+ global $Mo2fdbQueries;
332
+ $user = wp_get_current_user();
333
+ $selected_2_Factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
334
+ if ( $selected_2_Factor_method == 'NONE' ) {
335
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option') || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
336
+ echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
337
+ '<a href="admin.php?page=mo_2fa_two_fa">' . mo2f_lt( ' Click here' ) . '</a>' . mo2f_lt( ' to set it up.' ) .
338
+ '<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
339
+ }
340
+ }
341
+ }
342
+
343
+
344
+ function mo_auth_success_message() {
345
+ $message = get_option( 'mo2f_message' ); ?>
346
+ <script>
347
+ jQuery(document).ready(function () {
348
+ var message = "<?php echo $message; ?>";
349
+ jQuery('#messages').append("<div style='padding:5px;'><div class='error notice is-dismissible mo2f_error_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 99999;background-color: bisque;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
350
+ });
351
+ </script>
352
+ <?php
353
+ }
354
+
355
+ function mo_auth_error_message() {
356
+ $message = get_option( 'mo2f_message' ); ?>
357
+
358
+ <script>
359
+ jQuery(document).ready(function () {
360
+ var message = "<?php echo $message; ?>";
361
+ jQuery('#messages').append("<div style='padding:5px;'><div class='updated notice is-dismissible mo2f_success_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 9999;background-color: #bcffb4;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
362
+ });
363
+ </script>
364
+ <?php
365
+
366
+ }
367
+
368
+ function miniorange_auth_menu() {
369
+ global $user;
370
+ $user = wp_get_current_user();
371
+ $roles = $user->roles;
372
+ $miniorange_role = array_shift( $roles );
373
+
374
+ $is_plugin_activated = MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option');
375
+ $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $user->ID ? true : false;
376
+ $is_2fa_enabled_for_users = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option');
377
+ $can_current_user_manage_options = current_user_can( 'manage_options' );
378
+ $admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
379
+ ? true : false;
380
+
381
+ if(MO2F_IS_ONPREM)
382
+ {
383
+ $can_current_user_manage_options = true; // changes by prdp
384
+ $is_customer_admin = true;
385
+ }
386
+ if ( $admin_registration_status ) {
387
+ if ( $can_current_user_manage_options && $is_customer_admin ) {
388
+ $mo2fa_hook_page = $this->hookpages();
389
+ }
390
+ } else if ( $can_current_user_manage_options ) {
391
+ $mo2fa_hook_page = $this->hookpages();
392
+ }
393
+
394
+
395
+ }
396
+
397
+ function hookpages() {
398
+ $url = explode('handler',plugin_dir_url(__FILE__));
399
+ if(get_site_option('mo2f_enable_custom_icon')!=1)
400
+ $iconurl = $url[0] . '/includes/images/miniorange_icon.png';
401
+ else
402
+ $iconurl = site_url(). '/wp-content/uploads/miniorange/plugin_icon.png';
403
+ $menu_slug = 'miniOrange_2_factor_settings';
404
+ add_menu_page( 'miniOrange 2 Factor Auth', MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
405
+ }
406
+
407
+ function mo_auth_login_options() {
408
+ global $user;
409
+ $user = wp_get_current_user();
410
+ update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
411
+ mo_2_factor_register( $user );
412
+ }
413
+
414
+ function mo_2_factor_enable_frontend_style() {
415
+ wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url( 'includes/css/front_end_login.css?version='.MO2F_VERSION.'', __FILE__ ) );
416
+ wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
417
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
418
+ wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
419
+ wp_enqueue_style( 'mo2f_login_popup_style', plugins_url( "includes/css/mo2f_login_popup_ui.css?version=".MO2F_VERSION."", __FILE__ ) );
420
+ }
421
+
422
+ function plugin_settings_style( $mo2fa_hook_page ) {
423
+
424
+ if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
425
+ return;
426
+ }
427
+
428
+ wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url( 'includes/css/style_settings.css?version='.MO2F_VERSION.'', __FILE__ ) );
429
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
430
+ wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
431
+ wp_enqueue_style( 'bootstrap_style_ass', plugins_url( 'includes/css/bootstrap-tour-standalone.css?version='.MO2F_VERSION.'', __FILE__ ) );
432
+ wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
433
+ wp_enqueue_style( 'mo2f_ns_admin_settings_datatable_style', plugins_url('includes/css/jquery.dataTables.min.css', __FILE__));
434
+ }
435
+
436
+ function plugin_settings_script( $mo2fa_hook_page ) {
437
+ if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
438
+ return;
439
+ }
440
+ wp_enqueue_script( 'jquery' );
441
+ wp_enqueue_script( 'mo_2_factor_admin_settings_phone_script', plugins_url( 'includes/js/phone.js', __FILE__ ) );
442
+ wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', __FILE__ ) );
443
+ wp_enqueue_script( 'bootstrap_script_hehe', plugins_url( 'includes/js/bootstrap-tour-standalone.min.js', __FILE__ ) );
444
+ wp_enqueue_script( 'mo2f_ns_admin_datatable_script', plugins_url('includes/js/jquery.dataTables.min.js', __FILE__ ), array('jquery'));
445
+
446
+ }
447
+ public function setup_wizard_header() {
448
+ ?>
449
+ <!DOCTYPE html>
450
+ <html <?php language_attributes(); ?>>
451
+ <head>
452
+ <meta name="viewport" content="width=device-width"/>
453
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
454
+ <title><?php esc_html_e( 'miniOrange 2-factor Setup Wizard', 'miniorange 2-factor-authentication' ); ?></title>
455
+ <?php do_action( 'admin_print_styles' ); ?>
456
+ <?php do_action( 'admin_print_scripts' ); ?>
457
+ <?php do_action( 'admin_head' ); ?>
458
+ </head>
459
+ <body class="mo2f-setup-setup-wizard">
460
+ <?php
461
+ }
462
+
463
+ /**
464
+ * Outputs the content of the current step.
465
+ *
466
+ * @since 2.6.0
467
+ */
468
+
469
+ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $footer = '' ) {
470
+
471
+ $contact_url = 'https://wordpress.org/plugins/miniorange-2-factor-authentication/';
472
+ echo '<head>';
473
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
474
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
475
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/js/phone.js", dirname(dirname(__FILE__ ))).'"></script>';
476
+
477
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
478
+ // echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/twofa_style_settings.css', dirname(dirname(__FILE__))). '" />';
479
+ // echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
480
+
481
+
482
+ echo '</head>';
483
+
484
+
485
+ ?>
486
+ <style type="text/css">
487
+ #mo2f-setup-wizard-settings-area {
488
+ visibility: hidden;
489
+ animation: loadWpMOTFASettingsNoJSView 0s 2s forwards;
490
+ }
491
+
492
+ @keyframes loadWpMOTFASettingsNoJSView{
493
+ to { visibility: visible; }
494
+ }
495
+
496
+ body {
497
+ background: #F1F1F1;
498
+ font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
499
+ margin: 0;
500
+ }
501
+
502
+ #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header {
503
+ text-align: center;
504
+ border-top: 4px solid #E27730;
505
+ }
506
+
507
+ #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header h1 {
508
+ margin: 0;
509
+ }
510
+
511
+ #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
512
+ display: inline-block;
513
+ width: 320px;
514
+ margin-top: 10px;
515
+ padding: 0 10px;
516
+ }
517
+
518
+
519
+ #mo2f-setup-wizard-settings-area .mo2f-setup-logo img {
520
+ width: 100%;
521
+ height: 100%;
522
+ }
523
+
524
+ #mo2f-setup-settings-error-loading-area {
525
+ box-sizing: border-box;
526
+ max-width: 90%;
527
+ width: auto;
528
+ margin: 0 auto;
529
+ background: #fff;
530
+ border: 1px solid #DDDDDD;
531
+ border-radius: 6px;
532
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
533
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
534
+ padding: 20px 30px;
535
+ }
536
+ #mo2f-setup-settings-error-loading-area2 {
537
+ box-sizing: border-box;
538
+ max-width: 90%;
539
+ width: auto;
540
+ margin: 0 auto;
541
+ background: #fff;
542
+ border: 1px solid #DDDDDD;
543
+ border-radius: 6px;
544
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
545
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
546
+ padding: 20px 30px;
547
+ }
548
+ #mo2f-setup-settings-error-loading-area3 {
549
+ box-sizing: border-box;
550
+ max-width: 90%;
551
+ width: auto;
552
+ margin: 0 auto;
553
+ background: #fff;
554
+ border: 1px solid #DDDDDD;
555
+ border-radius: 6px;
556
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
557
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
558
+ padding: 20px 30px;
559
+ }
560
+ #mo2f-setup-settings-error-loading-area4 {
561
+ box-sizing: border-box;
562
+ max-width: 90%;
563
+ width: auto;
564
+ margin: 0 auto;
565
+ background: #fff;
566
+ border: 1px solid #DDDDDD;
567
+ border-radius: 6px;
568
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
569
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
570
+ padding: 20px 30px;
571
+ }
572
+ #mo2f-setup-settings-error-loading-area1 {
573
+ box-sizing: border-box;
574
+ max-width: 90%;
575
+ width: auto;
576
+ margin: 0 auto;
577
+ background: #fff;
578
+ border: 1px solid #DDDDDD;
579
+ border-radius: 6px;
580
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
581
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
582
+ padding: 20px 30px;
583
+ }
584
+ #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
585
+ text-align: center;
586
+ margin-top: 20px;
587
+ font-size: 14px;
588
+ }
589
+
590
+ #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer a {
591
+ color: #999999;
592
+ }
593
+
594
+ #mo2f-setup-error-js h3 {
595
+ font-size: 24px;
596
+ font-weight: 500;
597
+ line-height: 23px;
598
+ margin: 0 0 15px;
599
+ color: #444444;
600
+ }
601
+
602
+ #mo2f-setup-error-js p.info,
603
+ #mo2f-setup-error-js ul.info {
604
+ color: #777777;
605
+ font-size: 16px;
606
+ line-height: 23px;
607
+ margin: 0 0 10px;
608
+ }
609
+
610
+ #mo2f-setup-error-js ul.info {
611
+ margin: -10px 0 20px;
612
+ }
613
+ .mo2f-input-radios-with-icons label {
614
+ width: 90%;
615
+ height: 40px;
616
+ color: #444;
617
+ border: 1px solid #ddd;
618
+ background: #fff;
619
+ border-radius: 3px;
620
+ font-size: 16px;
621
+ display: block;
622
+ margin-bottom: 20px;
623
+ padding: 24px 9px 9px 9px;
624
+ cursor: pointer
625
+ }
626
+
627
+ .mo2f-input-radios-with-icons label:hover {
628
+ border: 1px solid #999;
629
+ -webkit-box-shadow: 0 0 0 1px #999;
630
+ box-shadow: 0 0 0 1px #999
631
+ }
632
+
633
+ .mo2f-styled-radio {
634
+ width: 32px;
635
+ height: 32px;
636
+ position: relative;
637
+ display: inline-block;
638
+ border-radius: 50%;
639
+ background-color: #e6e6e6
640
+ float: left;
641
+ margin-top: -4px;
642
+ }
643
+ .mo_wpns_table_textbox {
644
+ width:100%;
645
+ height:30px;
646
+ }
647
+
648
+ #mo2f-setup-error-js a.button {
649
+ display: inline-block;
650
+ background-color: #E27730;
651
+ color: #ffffff;
652
+ line-height: 22px;
653
+ font-size: 16px;
654
+ padding: 14px 30px;
655
+ font-weight: 500;
656
+ border-radius: 3px;
657
+ border: none;
658
+ cursor: pointer;
659
+ text-decoration: none;
660
+ margin-top: 7px;
661
+ }
662
+
663
+ #mo2f-setup-error-js a.button:hover {
664
+ background-color: #c45e1b;
665
+ }
666
+
667
+ #mo2f-setup-error-js .medium-bold {
668
+ font-weight: 500;
669
+ }
670
+
671
+ #mo2f-setup-nojs-error-message > div {
672
+ border: 1px solid #DDDDDD;
673
+ border-left: 4px solid #DC3232;
674
+ color: #777777;
675
+ font-size: 14px;
676
+ padding: 18px 18px 18px 21px;
677
+ font-weight: 300;
678
+ text-align: left;
679
+ }
680
+ table {
681
+ table-layout: fixed ;
682
+ width: 100% ;
683
+ }
684
+ td {
685
+ width: 48% ;
686
+ }
687
+ @media (min-width: 782px) {
688
+ #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
689
+ margin-top: 50px;
690
+ padding: 0;
691
+ }
692
+
693
+ #mo2f-setup-settings-error-loading-area {
694
+ width: 650px;
695
+ margin-top: 40px;
696
+ padding: 52px 67px 49px;
697
+ }
698
+ #mo2f-setup-settings-error-loading-area1 {
699
+ width: 650px;
700
+ margin-top: 40px;
701
+ padding: 52px 67px 49px;
702
+ }
703
+ #mo2f-setup-settings-error-loading-area2 {
704
+ width: 650px;
705
+ margin-top: 40px;
706
+ padding: 52px 67px 49px;
707
+ }
708
+ #mo2f-setup-settings-error-loading-area3 {
709
+ width: 650px;
710
+ margin-top: 40px;
711
+ padding: 52px 67px 49px;
712
+ }
713
+ #mo2f-setup-settings-error-loading-area4 {
714
+ width: 650px;
715
+ margin-top: 40px;
716
+ padding: 52px 67px 49px;
717
+ }
718
+ .mo2f-styled-radio {
719
+ width: 32px;
720
+ height: 32px;
721
+ position: relative;
722
+ display: inline-block;
723
+ border-radius: 50%;
724
+ background-color: #e6e6e6;
725
+ float: left;
726
+ margin-top: -4px;
727
+ }
728
+
729
+ #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
730
+ margin-top: 50px;
731
+ }
732
+
733
+ #mo2f-setup-error-js p.info {
734
+ margin: 0 0 20px;
735
+ }
736
+ .mo2f-setup-button.mo2f-setup-button-large {
737
+ line-height: 22px;
738
+ font-size: 18px;
739
+ padding: 19px 39px
740
+ }
741
+ .mo2f-setup-button.mo2f-setup-button-large {
742
+ line-height: 22px;
743
+ font-size: 18px;
744
+ padding: 19px 39px;
745
+ }
746
+ .mo2f-styled-radio-text {
747
+ margin-left: 10px
748
+ }
749
+ .mo2f-setup-button.mo2f-setup-button-main:hover {
750
+ background-color: #c45e1b;
751
+ }
752
+ .mo2f-setup-button.mo2f-setup-button-main {
753
+ background-color: #e27730;
754
+ color: #fff;
755
+ font-weight: 500;
756
+ }
757
+ .mo2f-setup-wizard-timeline {
758
+ -webkit-box-align: center;
759
+ -ms-flex-align: center;
760
+ align-items: center;
761
+ display: -webkit-box;
762
+ display: -ms-flexbox;
763
+ display: flex;
764
+ margin: 41px auto 0;
765
+ max-width: 650px;
766
+ padding: 0 20px
767
+ }
768
+
769
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line {
770
+ background: #ddd;
771
+ height: 2px;
772
+ margin: 0 6px;
773
+ width: 100%
774
+ }
775
+
776
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line.mo2f-setup-wizard-timeline-line-active {
777
+ background: #6aa08b
778
+ }
779
+
780
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step {
781
+ border: none;
782
+ background-color: #b6b6b6;
783
+ border-radius: 50%;
784
+ -ms-flex-negative: 0;
785
+ flex-shrink: 0;
786
+ height: 16px;
787
+ width: 16px
788
+ }
789
+
790
+ .mo2f-setup-wizard-step-footer {
791
+ display: block;
792
+ text-align: center;
793
+ min-height: 110px;
794
+ padding: 0 20px;
795
+ margin-top: 30px
796
+ }
797
+ .popup_text
798
+ {
799
+ color:black;
800
+ margin-top: 2%;
801
+ font-weight: 600;
802
+ font-size: 12px !important;
803
+ }
804
+ .overlay{
805
+ position: fixed;
806
+ top: 0;
807
+ left: 0;
808
+ right: 0;
809
+ bottom: 0;
810
+ width: 100%;
811
+ height: 100%;
812
+ background: #000;
813
+ opacity: .5;
814
+ z-index: 0;
815
+ }
816
+ .overlay_success {
817
+ width: min-content;
818
+ height: 40px;
819
+ float: left;
820
+ z-index: 1;
821
+ top: 0;
822
+ right: 0;
823
+ text-align: center;
824
+ margin-bottom: 4%
825
+ background-color:#bcffb4 !important ;
826
+ /* overflow-x: hidden; */
827
+ background: #b1ffb1;
828
+ border-left: 4px solid #46b450;
829
+ }
830
+ .overlay_error {
831
+ width: min-content;
832
+ height: min-content;
833
+ padding-bottom: 1%;
834
+ float: left;
835
+ z-index: 1;
836
+ top: 0;
837
+ right: 0;
838
+ margin-bottom: 4%;
839
+ text-align: center;
840
+ background-color:bisque !important ;
841
+ /* overflow-x: hidden; */
842
+ border-left: 4px solid red;
843
+ }
844
+
845
+ .mo2f-setup-wizard-step-footer a {
846
+ font-size: 14px;
847
+ display: block;
848
+ color: #999;
849
+ margin: 20px 0
850
+ }
851
+
852
+ .mo2f-setup-wizard-step-footer a:active,
853
+ .mo2f-setup-wizard-step-footer a:hover {
854
+ color: #777;
855
+ text-decoration: underline
856
+ }
857
+
858
+
859
+ .mo2f-button.mo2f-button-main {
860
+ background-color: #e27730;
861
+ color: #fff;
862
+ font-weight: 500;
863
+ -webkit-box-flex: 11;
864
+ -ms-flex: 11;
865
+ flex: 11;
866
+ padding: 12px 25px;
867
+ font-size: 16px;
868
+ }
869
+
870
+ .mo2f-button.mo2f-button-main:focus,
871
+ .mo2f-button.mo2f-button-main:hover {
872
+ background-color: #c45e1b
873
+ }
874
+
875
+ .mo2f-button.mo2f-button-main:disabled {
876
+ opacity: .65;
877
+ cursor: not-allowed;
878
+ background-color: #e27730;
879
+ -webkit-box-flex: 11;
880
+ -ms-flex: 11;
881
+ flex: 11;
882
+ margin-right: 30px
883
+ }
884
+
885
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step .icon {
886
+ display: none
887
+ }
888
+
889
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-active,
890
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed {
891
+ background-color: #6aa08b;
892
+ position: relative
893
+ }
894
+
895
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed {
896
+ background-color: #d83638;
897
+ position: relative
898
+ }
899
+
900
+ .mo2f-step-show{
901
+ margin: 0 0 16px;
902
+ font-size: 14px;
903
+ line-height: 18px;
904
+ color: #b6b6b6;
905
+ }
906
+ .mo2f_table_textbox {
907
+ width: 200px;
908
+ height: 20px !important;
909
+ font-size: 14px !important;
910
+ }
911
+ .mo2f_table_textbox_phone {
912
+ width: 200px;
913
+ height: 40px !important;
914
+ font-size: 14px !important;
915
+ }
916
+ .mo2f_kba_ques {
917
+ width: 394px !important;
918
+ border-radius: 4px !important;
919
+ height: 40px !important;
920
+ font-size: 14px !important;
921
+ }
922
+
923
+ .mo2f_kba_tb_data {
924
+ padding-left: 15px;
925
+ }
926
+
927
+ .mo2f_kba_table {
928
+ padding: 0 10px;
929
+ width: 100%;
930
+ }
931
+ .mo2f_kba_body {
932
+ border: hidden !important;
933
+ }
934
+
935
+
936
+ .mo2f_table_textbox_KBA {
937
+ width: 200px;
938
+ height: 40px !important;
939
+ font-size: 14px !important;
940
+ }
941
+
942
+
943
+ .mo2f_kba_header {
944
+ font-weight: bold;
945
+ }
946
+
947
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed .icon-success,
948
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed .icon-failed {
949
+ color: #fff;
950
+ display: block;
951
+ position: absolute;
952
+ left: 3px;
953
+ top: 3px
954
+ }
955
+ .mo2f-setup-wizard-step-footer {
956
+ display: -webkit-box;
957
+ display: -ms-flexbox;
958
+ display: flex;
959
+ -webkit-box-pack: justify;
960
+ -ms-flex-pack: justify;
961
+ justify-content: space-between;
962
+ -webkit-box-align: center;
963
+ -ms-flex-align: center;
964
+ align-items: center;
965
+ padding: 0;
966
+ margin-top: 0
967
+ }
968
+ .mo2f_blur {
969
+ filter: blur(5px);
970
+ -webkit-filter: blur(5px);
971
+ -moz-filter: blur(5px);
972
+ -o-filter: blur(5px);
973
+ -ms-filter: blur(5px);
974
+ }
975
+ .mo2f_loader {
976
+ border: 16px solid #b9acac;
977
+ border-radius: 50%;
978
+ border-top: 16px solid #fb540b;
979
+ width: 50px;
980
+ height: 50px;
981
+ -webkit-animation: spin 2s linear infinite; /* Safari */
982
+ animation: spin 2s linear infinite;
983
+ position: fixed;
984
+ left: 50%;
985
+ top: 50%;
986
+ z-index: 100;
987
+ }
988
+
989
+ /* Safari */
990
+ @-webkit-keyframes spin {
991
+ 0% { -webkit-transform: rotate(0deg); }
992
+ 100% { -webkit-transform: rotate(360deg); }
993
+ }
994
+
995
+ @keyframes spin {
996
+ 0% { transform: rotate(0deg); }
997
+ 100% { transform: rotate(360deg); }
998
+ }
999
+ .mo2f-setup-wizard-step-footer-buttons {
1000
+ margin-bottom: 0;
1001
+ }
1002
+ .mo2f-setup-wizard-step-footer-buttons button {
1003
+ margin-bottom: 0;
1004
+ margin-right: 15px;
1005
+ width: inherit
1006
+ }
1007
+ .miniorange_button
1008
+ {
1009
+ background:#00A0D2!important;
1010
+ border-color:#0073AA!important;
1011
+ box-shadow:0 1px 0 rgba(120,200,230,.5) inset,0 1px 0 rgba(0,0,0,.15)!important;
1012
+ color:#FFF!important;
1013
+ text-decoration:none!important;
1014
+ cursor:pointer!important;
1015
+ border-width:1px!important;
1016
+ border-style:solid!important;
1017
+ border-radius:3px!important;
1018
+ white-space:nowrap!important;
1019
+ box-sizing:border-box!important;
1020
+ line-height:28px!important;
1021
+ padding:0 12px!important;
1022
+ font-size:13px!important;
1023
+ }
1024
+
1025
+
1026
+ .mo2f_IR_phone_OTP{
1027
+ font-size:15px;
1028
+ width:150px !important;
1029
+ color:#212F3C;
1030
+ border:none;
1031
+ display:block;
1032
+ border-bottom-style: solid;
1033
+ border-width: 2px;
1034
+ border-color:#D0D3D4;
1035
+ border-radius:0px;
1036
+ outline:none;
1037
+ padding:5px;
1038
+
1039
+ }
1040
+ .mo2f-setup-wizard-step-footer-buttons button:last-child {
1041
+ margin-right: 0
1042
+ }
1043
+ a .text-with-arrow-left .icon {
1044
+ margin-right: 10px
1045
+ }
1046
+
1047
+ a .text-with-arrow {
1048
+ display: -webkit-box;
1049
+ display: -ms-flexbox;
1050
+ display: flex;
1051
+ -webkit-box-pack: center;
1052
+ -ms-flex-pack: center;
1053
+ justify-content: center
1054
+ }
1055
+
1056
+ }
1057
+ </style>
1058
+ <!--[if IE]>
1059
+ <style>
1060
+ #mo2f-setup-wizard-settings-area{
1061
+ visibility: visible !important;
1062
+ }
1063
+ </style>
1064
+
1065
+ <![endif]-->
1066
+ <div class="mo2f_loader" id="mo2f_loader" style="display: none;"></div>
1067
+
1068
+ <div id="mo2f-setup-wizard-settings-area" class="mo2f-setup-wizard-settings-area wpms-container">
1069
+ <header class="mo2f-setup-wizard-header">
1070
+ <h1 >
1071
+ <div>
1072
+ <img width="70px" height="auto" src="<?php echo plugin_dir_url(dirname(dirname(__FILE__))) . 'includes/images/miniorange_logo.png'; ?>" alt="<?php esc_attr_e( 'miniOrange 2-factor Logo', 'miniorange-2-factor-authentication' ); ?>" >
1073
+ <p> miniOrange 2-factor authentication Setup</p>
1074
+ </div>
1075
+ </h1>
1076
+ </header>
1077
+ <div id="mo2f-setup-settings-error-loading-area-container">
1078
+ <div id="mo2f-setup-settings-error-loading-area">
1079
+ <div>
1080
+ <div id="mo2f-setup-error-js">
1081
+ <p class="subtitle" style="text-align:center;" > This setup guide will take you through all the steps you need to follow to enable the two-factor authentication for your website.</p>
1082
+
1083
+ <br><br>
1084
+ <button type="button" style="text-align:center;display: flex;margin: auto;" class="mo2f-setup-button mo2f-setup-button-main mo2f-setup-button-large" id ='mo2f_get_started' target="_blank" class="button" rel="noopener noreferrer"> <?php esc_html_e("Let's Get Started", 'mo2f-setup'); ?></button>
1085
+
1086
+ <br><br>
1087
+ <div style="text-align:center;display: flex;margin: auto;flex-direction: column;">
1088
+ <a href="<?php echo esc_url( $contact_url ); ?>" target="_blank" rel="noopener noreferrer">
1089
+ <?php esc_html_e( 'Facing issues? Contact Us', 'mo2f-setup' ); ?>
1090
+ </a>
1091
+ </div>
1092
+ </div>
1093
+ </div>
1094
+ </div>
1095
+ <div class="mo2f-setup-error-footer">
1096
+ <?php echo wp_kses_post( $footer ); ?>
1097
+ </div>
1098
+ </div>
1099
+ <div id = "mo2f_methods_setup_wizard">
1100
+ <div class="mo2f-setup-wizard-timeline">
1101
+
1102
+ <div class="mo2f-setup-wizard-timeline-step mo2f-setup-wizard-timeline-step-active" id="mo2f-setup-wizard-step1"></div>
1103
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line1"></div>
1104
+ <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step2"> </div>
1105
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line2"></div>
1106
+ <div class="mo2f-setup-wizard-timeline-step"id="mo2f-setup-wizard-step3"> </div>
1107
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line3"></div>
1108
+ <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step4"> </div>
1109
+
1110
+ </div>
1111
+ <div id="mo2f-setup-settings-error-loading-area1" style="width: 900px">
1112
+
1113
+ <p class="mo2f-step-show"> Step 1 of 4</p>
1114
+ <h3 style="text-align:center;font-size:xx-large;"> Select the Authentication method you want to configure </h3>
1115
+ <br>
1116
+ <div class="mo2f-input-radios-with-icons">
1117
+ <table>
1118
+ <tr>
1119
+ <td>
1120
+ <label title="<?php echo __('You have to enter 6 digits code generated by google Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1121
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1122
+ <span class="mo2f-styled-radio-text"> Google Authenticator</span>
1123
+ </label>
1124
+ </td>
1125
+ <td>
1126
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
1127
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over SMS" />
1128
+ <span class="mo2f-styled-radio-text">
1129
+ <?php echo __('OTP Over SMS (Registration required)', 'miniorange-2-factor-authentication'); ?>
1130
+ </span>
1131
+ </label></td>
1132
+ </tr>
1133
+ <tr>
1134
+ <td>
1135
+
1136
+ <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
1137
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Email" />
1138
+ <span class="mo2f-styled-radio-text">
1139
+ <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
1140
+ </span>
1141
+ </label>
1142
+ </td>
1143
+
1144
+ <td>
1145
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
1146
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Security Questions" />
1147
+ <span class="mo2f-styled-radio-text">
1148
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
1149
+ </span>
1150
+ </label>
1151
+ </td>
1152
+ </tr>
1153
+ <tr>
1154
+ <td>
1155
+
1156
+ <label title="<?php echo __('You have to enter 6 digits code generated by Microsoft Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1157
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1158
+ <span class="mo2f-styled-radio-text">
1159
+ <?php echo __('Microsoft Authenticator', 'miniorange-2-factor-authentication'); ?>
1160
+ </span>
1161
+ </label>
1162
+ </td>
1163
+ <td>
1164
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1165
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1166
+ <span class="mo2f-styled-radio-text">
1167
+ <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
1168
+ </span>
1169
+ </label>
1170
+ </td></tr>
1171
+ <tr><td>
1172
+
1173
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1174
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Duo Authenticator" />
1175
+ <span class="mo2f-styled-radio-text">
1176
+ <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
1177
+ </span>
1178
+ </label>
1179
+ </td>
1180
+ <td>
1181
+ <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
1182
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Telegram" />
1183
+ <span class="mo2f-styled-radio-text">
1184
+ <?php echo __('OTP Over Telegram', 'miniorange-2-factor-authentication'); ?>
1185
+ </span>
1186
+ </label>
1187
+ </td>
1188
+ </table>
1189
+ </div>
1190
+
1191
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1192
+ <br />
1193
+
1194
+
1195
+ <div class="mo2f-setup-wizard-step-footer">
1196
+ <a href="#previousStep1"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1197
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1198
+ <input type="button" name="mo2f_next_step1" id="mo2f_next_step1" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1199
+
1200
+ </div>
1201
+ </div>
1202
+ </div>
1203
+
1204
+
1205
+
1206
+
1207
+
1208
+ <div id="mo2f-setup-settings-error-loading-area2" style="width: 900px; display: none;">
1209
+ <p class="mo2f-step-show"> Step 2 of 4</p>
1210
+
1211
+ <h4 style="text-align:center;font-size: xx-large;"> Register with miniOrange </h4>
1212
+
1213
+ <form name="f" id="mo2f_registration_form" method="post" action="">
1214
+ <input type="hidden" name="option" value="mo_wpns_register_customer" />
1215
+ <div class="mo2f_table_layout">
1216
+ <div style="margin-bottom:30px;">
1217
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1218
+ <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Seems like email is already registered. Please click on 'Already have an account'</p></div>
1219
+ <p> Please enter a valid email id that you have access to and select a password</p>
1220
+ <table class="mo_wpns_settings_table">
1221
+ <tr>
1222
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1223
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" type="email" id="mo2f_email" name="email"
1224
+ required placeholder="person@example.com" /></td>
1225
+ </tr>
1226
+
1227
+ <tr>
1228
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1229
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" required id= "mo2f_password" type="password"
1230
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
1231
+ </tr>
1232
+ <tr>
1233
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1234
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" id= "mo2f_confirmPassword" required type="password"
1235
+ name="confirmPassword" placeholder="Confirm your password" /></td>
1236
+ </tr>
1237
+ <tr>
1238
+ <td>&nbsp;</td>
1239
+ <td><br>
1240
+ <a href="#mo2f_account_exist">Already have an account?</a>
1241
+
1242
+ </tr>
1243
+ </table>
1244
+ </div>
1245
+ </div>
1246
+ </form>
1247
+ <form name="f" id="mo2f_login_form" style="display: none;" method="post" action="">
1248
+ <input type="hidden" name="option" value="mo_wpns_verify_customer" />
1249
+ <div class="mo2f_table_layout">
1250
+ <div style="margin-bottom:30px;">
1251
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1252
+ <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Invalid Credentials</p></div>
1253
+
1254
+ <p>Please enter your miniOrange email and password. <a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1255
+ <table class="mo_wpns_settings_table">
1256
+ <tr>
1257
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1258
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" type="email" id="mo2f_email_login" name="email"
1259
+ required placeholder="person@example.com" /></td>
1260
+ </tr>
1261
+ <tr>
1262
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1263
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" required id= "mo2f_password_login" type="password"
1264
+ name="password" placeholder="Enter your miniOrange password" /></td>
1265
+ </tr>
1266
+ <tr>
1267
+ <td>&nbsp;</td>
1268
+ <td><br>
1269
+ <a href="#mo2f_register_new_account">Go Back to Registration Page</a>
1270
+
1271
+ </tr>
1272
+
1273
+ </table>
1274
+ </div>
1275
+ </div>
1276
+ </form>
1277
+
1278
+
1279
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1280
+ <br/>
1281
+
1282
+
1283
+ <div class="mo2f-setup-wizard-step-footer">
1284
+ <a href="#previousStep2"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1285
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1286
+ <input type="button" name="mo2f_next_step2" id="mo2f_next_step2" class="mo2f-button mo2f-button-main" value="Create Account and continue" />
1287
+
1288
+ </div>
1289
+ </div>
1290
+
1291
+
1292
+ </div>
1293
+
1294
+ <div id="mo2f-setup-settings-error-loading-area3" style="width: 900px; display: none;">
1295
+ <p class="mo2f-step-show"> Step 3 of 4</p>
1296
+
1297
+ <h3 style="text-align:center;font-size: xx-large;" id="mo2f_setup_method_title"> Configure 2-factor authentication </h3>
1298
+
1299
+ <div class="overlay_success" style="width:760px; display: none;" id= "mo2f_success_block_configuration">
1300
+ <p class ="popup_text" id="mo2f_configure_success_message" >An OTP has been sent to the below email.</p>
1301
+ <br><br></div>
1302
+
1303
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block_configuration">
1304
+ <p class ="popup_text" id="mo2f_configure_Error_message" style="color: red;" >Invalid OTP</p>
1305
+ </div>
1306
+ <div id="mo2f_main_content"> </div>
1307
+
1308
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1309
+ <br/>
1310
+
1311
+
1312
+
1313
+ <div class="mo2f-setup-wizard-step-footer">
1314
+ <a href="#previousStep3"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1315
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1316
+ <input type="button" name="mo2f_next_step3" id="mo2f_next_step3" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1317
+
1318
+ </div>
1319
+ </div>
1320
+
1321
+
1322
+ </div>
1323
+
1324
+ <div id="mo2f-setup-settings-error-loading-area4" style="width: 900px; display: none;">
1325
+ <p class="mo2f-step-show"> Step 4 of 4</p>
1326
+ <div style="text-align: center;">
1327
+ <h3 style="text-align:center;font-size: xx-large;"> Congratulations! </h3>
1328
+ <br>
1329
+ You have successfully configured the two-factor authentication.
1330
+ <br><br><br>
1331
+ <input type="button" name="mo2f_next_step4" id="mo2f_next_step4" class="mo2f-button mo2f-button-main" value="Advance Settings" />
1332
+
1333
+ </div>
1334
+ </div>
1335
+
1336
+ </div>
1337
+
1338
+
1339
+ </div>
1340
+ </div>
1341
+
1342
+
1343
+
1344
+ <script type="text/javascript">
1345
+
1346
+ var selected_2FA_method = '';
1347
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1348
+ for(i = 0; i < ele.length; i++) {
1349
+ if(ele[i].checked)
1350
+ selected_2FA_method = ele[i].value;
1351
+ }
1352
+ jQuery("#mo2f_setup_method_title").text(selected_2FA_method);
1353
+
1354
+ jQuery('#mo2f_next_step4').click(function(e){
1355
+ localStorage.setItem("last_tab", 'unlimittedUser_2fa');
1356
+ window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1357
+
1358
+ });
1359
+
1360
+
1361
+ jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1362
+ jQuery("#mo2f_get_started").click(function(e){
1363
+ jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'none');
1364
+ jQuery('#mo2f_methods_setup_wizard').css('display', 'block');
1365
+
1366
+ });
1367
+
1368
+ jQuery('a[href="#previousStep3"]').click(function(e){
1369
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1370
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1371
+
1372
+ var selected_2FA_method = '';
1373
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1374
+ for(i = 0; i < ele.length; i++) {
1375
+ if(ele[i].checked)
1376
+ selected_2FA_method = ele[i].value;
1377
+ }
1378
+ if(selected_2FA_method =='OTP Over SMS')
1379
+ {
1380
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1381
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "block";
1382
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1383
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1384
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1385
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1386
+ }
1387
+ else
1388
+ {
1389
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1390
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1391
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1392
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1393
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1394
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1395
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1396
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1397
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1398
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1399
+
1400
+ }
1401
+ });
1402
+
1403
+ jQuery('a[href="#previousStep2"]').click(function(e){
1404
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1405
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1406
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1407
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1408
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1409
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1410
+
1411
+ });
1412
+
1413
+ jQuery('a[href="#previousStep1"]').click(function(e){
1414
+ jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'block');
1415
+ jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1416
+
1417
+ });
1418
+
1419
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1420
+ document.getElementById('mo2f_registration_form').style.display = "none";
1421
+ document.getElementById('mo2f_login_form').style.display = "block";
1422
+ document.getElementById('mo2f_next_step2').value = 'Login and Continue';
1423
+ });
1424
+
1425
+ jQuery('a[href=\"#mo2f_register_new_account\"]').click(function (e) {
1426
+ document.getElementById('mo2f_registration_form').style.display = "block";
1427
+ document.getElementById('mo2f_login_form').style.display = "none";
1428
+ document.getElementById('mo2f_next_step2').value = 'Create Account and Continue';
1429
+ });
1430
+
1431
+ jQuery('#mo2f_next_step3').click(function(e){
1432
+ document.getElementById('mo2f_loader').style.display = "block";
1433
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1434
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1435
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1436
+
1437
+ var selected_2FA_method = '';
1438
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1439
+ for(i = 0; i < ele.length; i++) {
1440
+ if(ele[i].checked)
1441
+ selected_2FA_method = ele[i].value;
1442
+ }
1443
+ var data ='';
1444
+ if(selected_2FA_method == 'Google Authenticator')
1445
+ {
1446
+ data= { 'action':'mo_two_factor_ajax',
1447
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_GA_setup_wizard',
1448
+ 'mo2f_google_auth_code' : jQuery('#mo2f_google_auth_code').val(),
1449
+ 'mo2f_session_id' : jQuery('#mo2f_session_id').val()
1450
+ };
1451
+
1452
+ }
1453
+ else if (selected_2FA_method =='OTP Over SMS')
1454
+ {
1455
+ data= { 'action':'mo_two_factor_ajax',
1456
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverSMS_setup_wizard',
1457
+ 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1458
+ };
1459
+
1460
+ }
1461
+ else if(selected_2FA_method == 'OTP Over Email')
1462
+ {
1463
+ data= { 'action':'mo_two_factor_ajax',
1464
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverEmail_setup_wizard',
1465
+ 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1466
+ };
1467
+
1468
+ }
1469
+ else if(selected_2FA_method == 'Security Questions')
1470
+ {
1471
+ data= { 'action':'mo_two_factor_ajax',
1472
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_KBA_setup_wizard',
1473
+ 'mo2f_kbaquestion_1' : jQuery('#mo2f_kbaquestion_1').val(),
1474
+ 'mo2f_kbaquestion_2' : jQuery('#mo2f_kbaquestion_2').val(),
1475
+ 'mo2f_kbaquestion_3' : jQuery('#mo2f_kbaquestion_3').val(),
1476
+ 'mo2f_kba_ans1' : jQuery('#mo2f_kba_ans1').val(),
1477
+ 'mo2f_kba_ans2' : jQuery('#mo2f_kba_ans2').val(),
1478
+ 'mo2f_kba_ans3' : jQuery('#mo2f_kba_ans3').val()
1479
+ };
1480
+
1481
+ }
1482
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1483
+ jQuery.post(ajax_url, data, function(response){
1484
+ document.getElementById('mo2f_loader').style.display = "none";
1485
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1486
+
1487
+ if(response =='SUCCESS')
1488
+ {
1489
+ var lineElement = document.getElementById("mo2f-setup-wizard-line3");
1490
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1491
+ var stepElement = document.getElementById("mo2f-setup-wizard-step4");
1492
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1493
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1494
+ jQuery('#mo2f-setup-settings-error-loading-area4').css('display','block');
1495
+
1496
+ }
1497
+ else
1498
+ {
1499
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1500
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1501
+ }
1502
+ });
1503
+
1504
+ });
1505
+
1506
+ jQuery("#mo2f_next_step2").click(function(e){
1507
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1508
+ document.getElementById('mo2f_loader').style.display = "block";
1509
+ document.getElementById('mo2f_Error_block').style.display = "none";
1510
+ document.getElementById('mo2f_next_step2').disabled = true;
1511
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1512
+ var email = jQuery("#mo2f_email").val();
1513
+ var password = jQuery("#mo2f_password").val();
1514
+ if(jQuery("#mo2f_next_step2").val() == 'Login and Continue')
1515
+ {
1516
+ email = jQuery("#mo2f_email_login").val();
1517
+ password = jQuery("#mo2f_password_login").val();
1518
+ }
1519
+ var data= { 'action':'mo_two_factor_ajax',
1520
+ 'mo_2f_two_factor_ajax' : 'mo_wpns_register_verify_customer',
1521
+ 'email': email,
1522
+ 'password':password,
1523
+ 'confirmPassword' : jQuery("#mo2f_confirmPassword").val(),
1524
+ 'Login and Continue' : jQuery("#mo2f_next_step2").val()
1525
+ };
1526
+
1527
+ jQuery.post(ajax_url, data, function(response){
1528
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1529
+
1530
+ document.getElementById('mo2f_next_step2').disabled = false;
1531
+ if(response == 'SUCCESS')
1532
+ {
1533
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1534
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1535
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1536
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1537
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1538
+ jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1539
+
1540
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1541
+ var data= { 'action':'mo_two_factor_ajax',
1542
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_configure_OTPOverSMS_setup_wizard'
1543
+ };
1544
+ jQuery.post(ajax_url, data, function(response){
1545
+
1546
+ document.getElementById('mo2f_loader').style.display = "none";
1547
+ document.getElementById('mo2f_main_content').innerHTML = response;
1548
+ jQuery("#phone").intlTelInput();
1549
+
1550
+ jQuery('#mo2f_send_otp').click(function(e){
1551
+ document.getElementById('mo2f_loader').style.display = "block";
1552
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1553
+
1554
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1555
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1556
+
1557
+ var data = { 'action':'mo_two_factor_ajax',
1558
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1559
+ 'phone' : jQuery('#phone').val(),
1560
+ 'selected_2FA_method' : 'SMS'
1561
+ };
1562
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1563
+ jQuery.post(ajax_url, data, function(response){
1564
+ document.getElementById('mo2f_loader').style.display = "none";
1565
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1566
+
1567
+ if(response == 'SUCCESS')
1568
+ {
1569
+ $message = 'An OTP has been sent to the below phone number. Please enter the OTP to set the 2FA';
1570
+ document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1571
+ document.getElementById('mo2f_success_block_configuration').style.display = "block";
1572
+
1573
+ }
1574
+ else
1575
+ {
1576
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1577
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1578
+
1579
+ }
1580
+ });
1581
+
1582
+ });
1583
+
1584
+ });
1585
+ }
1586
+ else
1587
+ {
1588
+ document.getElementById('mo2f_loader').style.display = "none";
1589
+ document.getElementById('mo2f_Error_message').innerHTML = response;
1590
+ document.getElementById('mo2f_Error_block').style.display = "block";
1591
+ }
1592
+
1593
+ });
1594
+
1595
+ });
1596
+
1597
+ jQuery("#mo2f_next_step1").click(function(e){
1598
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1599
+ var selected_2FA_method = '';
1600
+ for(i = 0; i < ele.length; i++) {
1601
+ if(ele[i].checked)
1602
+ selected_2FA_method = ele[i].value;
1603
+ }
1604
+ var configMessage = 'Configure '+selected_2FA_method;
1605
+ jQuery("#mo2f_setup_method_title").text(configMessage);
1606
+
1607
+ if(selected_2FA_method == '')
1608
+ {
1609
+ return '';
1610
+ }
1611
+
1612
+
1613
+
1614
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "none";
1615
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1616
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1617
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1618
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1619
+
1620
+ if(selected_2FA_method !="OTP Over SMS" && selected_2FA_method != '')
1621
+ {
1622
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1623
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1624
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1625
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1626
+ jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1627
+
1628
+ document.getElementById('mo2f_loader').style.display = "block";
1629
+
1630
+ var mo2f_setup_call = "";
1631
+ if(selected_2FA_method == "Google Authenticator")
1632
+ {
1633
+ mo2f_setup_call = "mo_2fa_configure_GA_setup_wizard";
1634
+ }
1635
+ else if(selected_2FA_method =="OTP Over Email")
1636
+ {
1637
+ mo2f_setup_call ="mo_2fa_configure_OTPOverEmail_setup_wizard";
1638
+ }
1639
+ else if (selected_2FA_method == "Security Questions")
1640
+ {
1641
+ mo2f_setup_call = "mo_2fa_configure_KBA_setup_wizard";
1642
+ }
1643
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1644
+ var data= { 'action':'mo_two_factor_ajax',
1645
+ 'mo_2f_two_factor_ajax' : mo2f_setup_call
1646
+ };
1647
+ jQuery.post(ajax_url, data, function(response){
1648
+ document.getElementById('mo2f_loader').style.display = "none";
1649
+ document.getElementById('mo2f_main_content').innerHTML = response;
1650
+
1651
+ if(selected_2FA_method == 'Google Authenticator')
1652
+ {
1653
+ jQuery('.mo2f_gauth').qrcode({
1654
+ 'render': 'image',
1655
+ size: 175,
1656
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
1657
+ });
1658
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(e){
1659
+ var element = document.getElementById('mo2f_scanbarcode_a');
1660
+ if(element.style.display === 'none')
1661
+ element.style.display = 'block';
1662
+
1663
+ else
1664
+ element.style.display = "none";
1665
+ });
1666
+
1667
+ }
1668
+ else if(selected_2FA_method =='OTP Over Email')
1669
+ {
1670
+ jQuery('#mo2f_send_otp').click(function(e){
1671
+ document.getElementById('mo2f_loader').style.display = "block";
1672
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1673
+
1674
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1675
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1676
+
1677
+ var data = { 'action':'mo_two_factor_ajax',
1678
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1679
+ 'phone' : jQuery('#phone').val(),
1680
+ 'mo2f_session_id' : jQuery('#mo2f_session_id').val(),
1681
+ 'selected_2FA_method' : 'OTP Over Email'
1682
+ };
1683
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1684
+ jQuery.post(ajax_url, data, function(response){
1685
+ document.getElementById('mo2f_loader').style.display = "none";
1686
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1687
+
1688
+ if(response == 'SUCCESS')
1689
+ {
1690
+ $message = 'An OTP has been sent to the below email please enter the OTP to set the 2FA';
1691
+ document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1692
+ document.getElementById('mo2f_success_block_configuration').style.display = "block";
1693
+
1694
+ }
1695
+ else
1696
+ {
1697
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1698
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1699
+
1700
+ }
1701
+ });
1702
+
1703
+ });
1704
+ }
1705
+ else if (selected_2FA_method =='Security Questions')
1706
+ {
1707
+
1708
+ var mo_option_to_hide1;
1709
+ //hidden element in dropdown list 2
1710
+ var mo_option_to_hide2;
1711
+
1712
+ jQuery('#mo2f_kbaquestion_1').change(function(){
1713
+ list = 1;
1714
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1715
+ //if an element is currently hidden, unhide it
1716
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1717
+ mo_option_to_hide1.style.display = 'block';
1718
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1719
+ mo_option_to_hide2.style.display = 'block';
1720
+ }
1721
+ //select the element to hide and then hide it
1722
+ if (list == 1) {
1723
+ if (list_selected != 0) {
1724
+ mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
1725
+ mo_option_to_hide2.style.display = 'none';
1726
+ }
1727
+ }
1728
+ });
1729
+ jQuery('#mo2f_kbaquestion_2').change(function(){
1730
+ list = 2;
1731
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1732
+ //if an element is currently hidden, unhide it
1733
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1734
+ mo_option_to_hide1.style.display = 'block';
1735
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1736
+ mo_option_to_hide2.style.display = 'block';
1737
+ }
1738
+ //select the element to hide and then hide it
1739
+ if (list == 2) {
1740
+ if (list_selected != 0) {
1741
+ mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
1742
+ mo_option_to_hide1.style.display = 'none';
1743
+ }
1744
+ }
1745
+ });
1746
+
1747
+ }
1748
+ });
1749
+
1750
+
1751
+ }
1752
+ else if(selected_2FA_method == 'OTP Over SMS')
1753
+ {
1754
+ jQuery('#mo2f-setup-settings-error-loading-area2').css('display','block');
1755
+ }
1756
+
1757
+
1758
+ });
1759
+ jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
1760
+
1761
+
1762
+ localStorage.setItem("last_tab", 'setup_2fa');
1763
+ var selectedMethod = jQuery(this).val();
1764
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1765
+ var nonce = "<?php echo wp_create_nonce( 'miniorange-select-method-setup-wizard' ); ?>";
1766
+
1767
+ if(selectedMethod == 'Duo Authenticator' || selectedMethod =='OTP Over Telegram')
1768
+ {
1769
+ var data= { 'action':'mo_two_factor_ajax',
1770
+ 'mo_2f_two_factor_ajax' : 'select_method_setup_wizard',
1771
+ 'mo2f_method': selectedMethod,
1772
+ 'nonce': nonce };
1773
+
1774
+ jQuery.post(ajax_url, data, function(response){
1775
+ window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1776
+ });
1777
+ }
1778
+
1779
+ });
1780
+
1781
+ jQuery('a[href="#skiptwofactor"]').click(function(e){
1782
+ localStorage.setItem("last_tab", 'setup_2fa');
1783
+ window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1784
+ });
1785
+
1786
+
1787
+ </script>
1788
+ <?php
1789
+ }
1790
+
1791
+ /**
1792
+ * Attempt to catch the js error preventing the Vue app from loading and displaying that message for better support.
1793
+ *
1794
+ * @since 2.6.0
1795
+ */
1796
+ private function settings_inline_js() {
1797
+ ?>
1798
+ <script type="text/javascript">
1799
+ window.onerror = function myErrorHandler( errorMsg, url, lineNumber ) {
1800
+ /* Don't try to put error in container that no longer exists post-vue loading */
1801
+ var message_container = document.getElementById( 'mo2f-setup-nojs-error-message' );
1802
+ if ( ! message_container ) {
1803
+ return false;
1804
+ }
1805
+ var message = document.getElementById( 'mo2f-setup-alert-message' );
1806
+ message.innerHTML = errorMsg;
1807
+ message_container.style.display = 'block';
1808
+ return false;
1809
+ }
1810
+ </script>
1811
+ <?php
1812
+ }
1813
+
1814
+
1815
+ public function setup_wizard_content() {
1816
+ $admin_url = is_network_admin() ? network_admin_url() : admin_url();
1817
+
1818
+ $this->settings_error_page( 'mo2f-setup-vue-setup-wizard', '<a href="' . $admin_url . '">' . esc_html__( 'Go back to the Dashboard', 'mo2f-setup' ) . '</a>' );
1819
+ $this->settings_inline_js();
1820
+ }
1821
+
1822
+ /**
1823
+ * Outputs the simplified footer used for the Setup Wizard.
1824
+ *
1825
+ * @since 2.6.0
1826
+ */
1827
+ public function setup_wizard_footer() {
1828
+ ?>
1829
+ <?php wp_print_scripts( 'mo2f-setup-vue-script' ); ?>
1830
+ </body>
1831
+ </html>
1832
+ <?php
1833
+ }
1834
+
1835
+
1836
+ function miniorange_auth_save_settings() {
1837
+ if (get_site_option('mo2f_plugin_redirect')) {
1838
+ delete_site_option('mo2f_plugin_redirect');
1839
+
1840
+ do_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', $this );
1841
+ wp_enqueue_script('jquery');
1842
+ wp_enqueue_script('wp-mo2f-setup-wizard',plugins_url( 'includes/js/setup-wizard-2fa.js', dirname(dirname(__FILE__))));
1843
+
1844
+ wp_localize_script(
1845
+ 'wp-mo2f-setup-wizard',
1846
+ 'mo2f_setup_wizard',[
1847
+ 'ajax_url' => admin_url( 'admin-ajax.php' ),
1848
+ 'plugin_url' => get_site_option('siteurl'),
1849
+ 'nonce' => wp_create_nonce( 'mo2f-setup-wizard-nonce' )]
1850
+ );
1851
+ $this->setup_wizard_header();
1852
+ $this->setup_wizard_content();
1853
+ $this->setup_wizard_footer();
1854
+ exit;
1855
+ }
1856
+ if ( array_key_exists( 'page', $_REQUEST ) && $_REQUEST['page'] == 'mo_2fa_two_fa' ) {
1857
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1858
+ if(session_status() != PHP_SESSION_DISABLED )
1859
+ session_start();
1860
+ }
1861
+ }
1862
+
1863
+ global $user;
1864
+ global $Mo2fdbQueries;
1865
+ $defaultCustomerKey = $this->defaultCustomerKey;
1866
+ $defaultApiKey = $this->defaultApiKey;
1867
+
1868
+ $user = wp_get_current_user();
1869
+ $user_id = $user->ID;
1870
+
1871
+ if ( current_user_can( 'manage_options' ) ) {
1872
+
1873
+ if(strlen(get_option('mo2f_encryption_key'))>17){
1874
+ $get_encryption_key = MO2f_Utility::random_str(16);
1875
+ update_option('mo2f_encryption_key',$get_encryption_key);
1876
+ }
1877
+
1878
+ if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_deactivate_account" ) {
1879
+ $nonce = $_POST['mo_auth_deactivate_account_nonce'];
1880
+ if ( ! wp_verify_nonce( $nonce, 'mo-auth-deactivate-account-nonce' ) ) {
1881
+ $error = new WP_Error();
1882
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1883
+
1884
+ return $error;
1885
+ } else {
1886
+ $url = admin_url( 'plugins.php' );
1887
+ wp_redirect( $url );
1888
+ }
1889
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_remove_account" ) {
1890
+ $nonce = $_POST['mo_auth_remove_account_nonce'];
1891
+ if ( ! wp_verify_nonce( $nonce, 'mo-auth-remove-account-nonce' ) ) {
1892
+ $error = new WP_Error();
1893
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1894
+ return $error;
1895
+ } else {
1896
+ update_option( 'mo2f_register_with_another_email', 1 );
1897
+ $this->mo_auth_deactivate();
1898
+ }
1899
+ }else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_skiplogin'){
1900
+ $nonce = $_POST['mo2f_skiplogin_nonce'];
1901
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skiplogin-failed-nonce' ) ) {
1902
+ $error = new WP_Error();
1903
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1904
+ return $error;
1905
+ } else {
1906
+ update_option('mo2f_tour_started',2);
1907
+ }
1908
+ }else if(isset($_POST['option']) and $_POST['option'] == 'mo2f_userlogout'){
1909
+ $nonce = $_POST['mo2f_userlogout_nonce'];
1910
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-userlogout-failed-nonce' ) ) {
1911
+ $error = new WP_Error();
1912
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1913
+ return $error;
1914
+ } else {
1915
+ update_option('mo2f_tour_started',2);
1916
+ wp_logout();
1917
+ wp_redirect(admin_url());
1918
+ }
1919
+ }else if(isset($_POST['option']) and $_POST['option'] == 'restart_plugin_tour'){
1920
+ $nonce = $_POST['_wpnonce'];
1921
+ if ( ! wp_verify_nonce( $nonce, 'restart_plugin_tour' ) ) {
1922
+ $error = new WP_Error();
1923
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1924
+ return $error;
1925
+ } else {
1926
+ $page = isset($_POST['page'])? $_POST['page'] : '';
1927
+ $page = sanitize_text_field($page);
1928
+ update_option('mo2f_two_factor_tour',0);
1929
+ update_option('mo2f_tour_firewall',0);
1930
+ update_option('mo2f_tour_loginSpam',0);
1931
+ update_option('mo2f_tour_backup',0);
1932
+ update_option('mo2f_tour_malware_scan',0);
1933
+ update_option('mo2f_tour_advance_blocking',0);
1934
+ switch ($_REQUEST['page']) {
1935
+ case 'mo_2fa_two_fa':
1936
+ update_option('mo2f_two_factor_tour',1);
1937
+ break;
1938
+ case 'mo_2fa_waf':
1939
+ update_option('mo2f_tour_firewall',1);
1940
+ break;
1941
+ case 'mo_2fa_login_and_spam':
1942
+ update_option('mo2f_tour_loginSpam',1);
1943
+ break;
1944
+ case 'mo_2fa_backup':
1945
+ update_option('mo2f_tour_backup',1);
1946
+ break;
1947
+ case 'mo_2fa_malwarescan':
1948
+ update_option('mo2f_tour_malware_scan',1);
1949
+ break;
1950
+ case 'mo_2fa_advancedblocking':
1951
+ update_option('mo2f_tour_advance_blocking',1);
1952
+ break;
1953
+ }
1954
+ if($page != '')
1955
+ {
1956
+ $url = get_option('siteurl').'/wp-admin/admin.php?page='.$page;
1957
+ wp_redirect($url);
1958
+ exit;
1959
+ }
1960
+ $redirect=explode('&',htmlentities($_SERVER['REQUEST_URI']))[0];
1961
+ header("Location: ".$redirect);
1962
+ return;
1963
+ }
1964
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_save_proxy_settings" ) {
1965
+ $nonce = $_POST['mo2f_save_proxy_settings_nonce'];
1966
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-save-proxy-settings-nonce' ) ) {
1967
+ $error = new WP_Error();
1968
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1969
+ return $error;
1970
+ } else {
1971
+ $proxyHost = $_POST['proxyHost'];
1972
+ $portNumber = $_POST['portNumber'];
1973
+ $proxyUsername = $_POST['proxyUsername'];
1974
+ $proxyPassword = $_POST['proxyPass'];
1975
+
1976
+ update_option( 'mo2f_proxy_host', $proxyHost );
1977
+ update_option( 'mo2f_port_number', $portNumber );
1978
+ update_option( 'mo2f_proxy_username', $proxyUsername );
1979
+ update_option( 'mo2f_proxy_password', $proxyPassword );
1980
+ update_option( 'mo2f_message', 'Proxy settings saved successfully.' );
1981
+ $this->mo_auth_show_success_message();
1982
+ }
1983
+
1984
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_register_customer" ) { //register the admin to miniOrange
1985
+ //miniorange_register_customer_nonce
1986
+ $nonce = $_POST['miniorange_register_customer_nonce'];
1987
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-register-customer-nonce' ) ) {
1988
+ $error = new WP_Error();
1989
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1990
+
1991
+ return $error;
1992
+ } else {
1993
+ //validate and sanitize
1994
+ $email = '';
1995
+ $password = '';
1996
+ $confirmPassword = '';
1997
+ $is_registration = get_user_meta( $user->ID, 'mo2f_email_otp_count', true );
1998
+
1999
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['confirmPassword'] ) ) {
2000
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2001
+
2002
+ return;
2003
+ } else if ( strlen( $_POST['password'] ) < 6 || strlen( $_POST['confirmPassword'] ) < 6 ) {
2004
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "MIN_PASS_LENGTH" ) );
2005
+
2006
+ } else {
2007
+ $email = sanitize_email( $_POST['email'] );
2008
+ $password = sanitize_text_field( $_POST['password'] );
2009
+ $confirmPassword = sanitize_text_field( $_POST['confirmPassword'] );
2010
+
2011
+ $email = strtolower( $email );
2012
+
2013
+ $pattern = '/^[(\w)*(\!\@\#\$\%\^\&\*\.\-\_)*]+$/';
2014
+
2015
+ if(preg_match($pattern,$password)){
2016
+ if ( strcmp( $password, $confirmPassword ) == 0 ) {
2017
+ update_option( 'mo2f_email', $email );
2018
+
2019
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2020
+ update_option( 'mo2f_password', stripslashes( $password ) );
2021
+ $customer = new Customer_Setup();
2022
+ $customerKey = json_decode( $customer->check_customer(), true );
2023
+
2024
+ if ( strcasecmp( $customerKey['status'], 'CUSTOMER_NOT_FOUND' ) == 0 ) {
2025
+ if ( $customerKey['status'] == 'ERROR' ) {
2026
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $customerKey['message'] ) );
2027
+ } else {
2028
+ $this->mo2f_create_customer( $user );
2029
+ delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2030
+ delete_user_meta( $user->ID, 'register_account_popup' );
2031
+ if(get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure'))
2032
+ update_user_meta( $user->ID, 'configure_2FA', 1 );
2033
+
2034
+ }
2035
+ } else { //customer already exists, redirect him to login page
2036
+
2037
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_ALREADY_EXISTS" ) );
2038
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
2039
+
2040
+ }
2041
+
2042
+ } else {
2043
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PASSWORDS_MISMATCH" ) );
2044
+ $this->mo_auth_show_error_message();
2045
+ }
2046
+ }
2047
+ else{
2048
+ update_option( 'mo2f_message', "Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*-_) should be present." );
2049
+ $this->mo_auth_show_error_message();
2050
+ }
2051
+ }
2052
+ }
2053
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_verify_customer" ) { //register the admin to miniOrange if already exist
2054
+
2055
+ $nonce = $_POST['miniorange_verify_customer_nonce'];
2056
+
2057
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-verify-customer-nonce' ) ) {
2058
+ $error = new WP_Error();
2059
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2060
+
2061
+ return $error;
2062
+ } else {
2063
+
2064
+ //validation and sanitization
2065
+ $email = '';
2066
+ $password = '';
2067
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2068
+
2069
+
2070
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) ) {
2071
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2072
+ $this->mo_auth_show_error_message();
2073
+
2074
+ return;
2075
+ } else {
2076
+ $email = sanitize_email( $_POST['email'] );
2077
+ $password = sanitize_text_field( $_POST['password'] );
2078
+ }
2079
+
2080
+ update_option( 'mo2f_email', $email );
2081
+ update_option( 'mo2f_password', stripslashes( $password ) );
2082
+ $customer = new Customer_Setup();
2083
+ $content = $customer->get_customer_key();
2084
+ $customerKey = json_decode( $content, true );
2085
+
2086
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2087
+ if ( is_array( $customerKey ) && array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
2088
+ update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
2089
+ $this->mo_auth_show_error_message();
2090
+ } else if ( is_array( $customerKey ) ) {
2091
+ if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
2092
+ update_option( 'mo2f_customerKey', $customerKey['id'] );
2093
+ update_option( 'mo2f_api_key', $customerKey['apiKey'] );
2094
+ update_option( 'mo2f_customer_token', $customerKey['token'] );
2095
+ update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
2096
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
2097
+ update_option( 'mo2f_miniorange_admin', $user->ID );
2098
+
2099
+ $mo2f_emailVerification_config_status = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ? true : false;
2100
+
2101
+ delete_option( 'mo2f_password' );
2102
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
2103
+
2104
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
2105
+ 'mo2f_EmailVerification_config_status' => $mo2f_emailVerification_config_status,
2106
+ 'mo2f_user_email' => get_option( 'mo2f_email' ),
2107
+ 'user_registration_with_miniorange' => 'SUCCESS',
2108
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
2109
+ 'mo2f_2factor_enable_2fa_byusers' => 1,
2110
+ ) );
2111
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
2112
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2113
+ $configured_2FA_method = 'NONE';
2114
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2115
+ $enduser = new Two_Factor_Setup();
2116
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $user_email ), true );
2117
+
2118
+ $mo2f_second_factor = 'NONE';
2119
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2120
+ if ( $userinfo['status'] == 'SUCCESS' ) {
2121
+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
2122
+
2123
+ }
2124
+ }
2125
+ if ( $mo2f_second_factor != 'NONE' ) {
2126
+ $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
2127
+
2128
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
2129
+
2130
+ $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
2131
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
2132
+ 'mo2f_configured_2FA_method' => $configured_2FA_method,
2133
+ 'mo2f_' . $auth_method_abr . '_config_status' => true
2134
+ ) );
2135
+
2136
+ } else {
2137
+ if ( in_array( $configured_2FA_method, array(
2138
+ 'Email Verification',
2139
+ 'Authy Authenticator',
2140
+ 'OTP over SMS'
2141
+ ) ) ) {
2142
+ $enduser->mo2f_update_userinfo( $user_email, 'NONE', null, '', true );
2143
+ }
2144
+ }
2145
+
2146
+
2147
+ }
2148
+
2149
+ $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
2150
+ if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
2151
+ $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '.';
2152
+ }
2153
+ $mo2f_message .= ' ' . '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
2154
+
2155
+ delete_user_meta( $user->ID, 'register_account_popup' );
2156
+
2157
+ $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
2158
+ if ( ! empty( $mo2f_customer_selected_plan ) ) {
2159
+ delete_option( 'mo2f_customer_selected_plan' );
2160
+ header( 'Location: admin.php?page=mo_2fa_upgrade' );
2161
+ } else if ( $mo2f_second_factor == 'NONE' ) {
2162
+ update_user_meta( $user->ID, 'configure_2FA', 1 );
2163
+ }
2164
+
2165
+ update_option( 'mo2f_message', $mo2f_message );
2166
+ $this->mo_auth_show_success_message();
2167
+ } else {
2168
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
2169
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
2170
+ update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
2171
+ $this->mo_auth_show_error_message();
2172
+ }
2173
+
2174
+ }
2175
+ } else {
2176
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
2177
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
2178
+ update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
2179
+ $this->mo_auth_show_error_message();
2180
+ }
2181
+
2182
+ delete_option( 'mo2f_password' );
2183
+ }
2184
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_phone_verification' ) { //at registration time
2185
+ $phone = sanitize_text_field( $_POST['phone_number'] );
2186
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $phone ) );
2187
+
2188
+ $phone = str_replace( ' ', '', $phone );
2189
+ $auth_type = 'SMS';
2190
+ $customer = new Customer_Setup();
2191
+
2192
+ $send_otp_response = json_decode( $customer->send_otp_token( $phone, $auth_type, $defaultCustomerKey, $defaultApiKey ), true );
2193
+
2194
+ if ( strcasecmp( $send_otp_response['status'], 'SUCCESS' ) == 0 ) {
2195
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2196
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2197
+ update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $send_otp_response['txId'] );
2198
+
2199
+ if ( get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) ) {
2200
+ update_option( 'mo2f_message', 'Another One Time Passcode has been sent <b>( ' . get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) . ' )</b> for verification to ' . $phone );
2201
+ update_user_meta( $user->ID, 'mo2f_sms_otp_count', get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) + 1 );
2202
+ } else {
2203
+ update_option( 'mo2f_message', 'One Time Passcode has been sent for verification to ' . $phone );
2204
+ update_user_meta( $user->ID, 'mo2f_sms_otp_count', 1 );
2205
+ }
2206
+
2207
+ $this->mo_auth_show_success_message();
2208
+ } else {
2209
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SENDING_SMS" ) );
2210
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2211
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2212
+ $this->mo_auth_show_error_message();
2213
+ }
2214
+
2215
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_resend_otp" ) { //resend OTP over email for admin
2216
+
2217
+ $nonce = $_POST['mo_2factor_resend_otp_nonce'];
2218
+
2219
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-otp-nonce' ) ) {
2220
+ $error = new WP_Error();
2221
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2222
+
2223
+ return $error;
2224
+ } else {
2225
+ $customer = new Customer_Setup();
2226
+ $content = json_decode( $customer->send_otp_token( get_option( 'mo2f_email' ), 'EMAIL', $defaultCustomerKey, $defaultApiKey ), true );
2227
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2228
+ if ( get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) ) {
2229
+ update_user_meta( $user->ID, 'mo2f_email_otp_count', get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) + 1 );
2230
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "RESENT_OTP" ) . ' <b>( ' . get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) . ' )</b> to <b>' . ( get_option( 'mo2f_email' ) ) . '</b> ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2231
+ } else {
2232
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . '<b> ' . ( get_option( 'mo2f_email' ) ) . ' </b>' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2233
+ update_user_meta( $user->ID, 'mo2f_email_otp_count', 1 );
2234
+ }
2235
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2236
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2237
+ update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2238
+ $this->mo_auth_show_success_message();
2239
+ } else {
2240
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
2241
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2242
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2243
+ $this->mo_auth_show_error_message();
2244
+ }
2245
+ }
2246
+
2247
+
2248
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_dismiss_notice_option" ) {
2249
+ update_option( 'mo2f_bug_fix_done', 1 );
2250
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_validate_otp" ) { //validate OTP over email for admin
2251
+
2252
+ $nonce = $_POST['mo_2factor_validate_otp_nonce'];
2253
+
2254
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-otp-nonce' ) ) {
2255
+ $error = new WP_Error();
2256
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2257
+
2258
+ return $error;
2259
+ } else {
2260
+ //validation and sanitization
2261
+ $otp_token = '';
2262
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2263
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2264
+ $this->mo_auth_show_error_message();
2265
+
2266
+ return;
2267
+ } else {
2268
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
2269
+ }
2270
+
2271
+ $customer = new Customer_Setup();
2272
+
2273
+ $transactionId = get_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', true );
2274
+
2275
+ $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $transactionId, $otp_token, $defaultCustomerKey, $defaultApiKey ), true );
2276
+
2277
+ if ( $content['status'] == 'ERROR' ) {
2278
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2279
+
2280
+ } else {
2281
+
2282
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
2283
+ $this->mo2f_create_customer( $user );
2284
+ delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2285
+ delete_user_meta( $user->ID, 'register_account_popup' );
2286
+ update_user_meta( $user->ID, 'configure_2FA', 1 );
2287
+ } else { // OTP Validation failed.
2288
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2289
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_OTP_DELIVERED_FAILURE' ) );
2290
+
2291
+ }
2292
+ }
2293
+ }
2294
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_validate_user_otp" ) { //validate OTP over email for additional admin
2295
+
2296
+ //validation and sanitization
2297
+ $nonce = $_POST['mo_2factor_validate_user_otp_nonce'];
2298
+
2299
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-user-otp-nonce' ) ) {
2300
+ $error = new WP_Error();
2301
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2302
+
2303
+ return $error;
2304
+ } else {
2305
+ $otp_token = '';
2306
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2307
+ update_option( 'mo2f_message', 'All the fields are required. Please enter valid entries.' );
2308
+ $this->mo_auth_show_error_message();
2309
+
2310
+ return;
2311
+ } else {
2312
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
2313
+ }
2314
+
2315
+ $user_email = get_user_meta( $user->ID, 'user_email', true );
2316
+
2317
+ $customer = new Customer_Setup();
2318
+ $mo2f_transactionId = isset( $_SESSION['mo2f_transactionId'] ) && ! empty( $_SESSION['mo2f_transactionId'] ) ? $_SESSION['mo2f_transactionId'] : get_option( 'mo2f_transactionId' );
2319
+
2320
+ $content = json_decode( $customer->validate_otp_token( 'EMAIL', '', $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2321
+
2322
+ if ( $content['status'] == 'ERROR' ) {
2323
+ update_option( 'mo2f_message', $content['message'] );
2324
+ $this->mo_auth_show_error_message();
2325
+ } else {
2326
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated and generate QRCode
2327
+ $this->mo2f_create_user( $user, $user_email );
2328
+ delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2329
+ } else {
2330
+ update_option( 'mo2f_message', 'Invalid OTP. Please try again.' );
2331
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_OTP_DELIVERED_FAILURE' ) );
2332
+ $this->mo_auth_show_error_message();
2333
+ }
2334
+ }
2335
+
2336
+ }
2337
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_send_query" ) { //Help me or support
2338
+ $nonce = $_POST['mo_2factor_send_query_nonce'];
2339
+
2340
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-send-query-nonce' ) ) {
2341
+ $error = new WP_Error();
2342
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2343
+
2344
+ return $error;
2345
+ } else {
2346
+
2347
+ $query = '';
2348
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['EMAIL_MANDATORY'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['query'] ) ) {
2349
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_MANDATORY" ) );
2350
+ $this->mo_auth_show_error_message();
2351
+
2352
+ return;
2353
+ } else {
2354
+ $query = sanitize_text_field( $_POST['query'] );
2355
+ $email = sanitize_text_field( $_POST['EMAIL_MANDATORY'] );
2356
+ $phone = sanitize_text_field( $_POST['query_phone'] );
2357
+ $contact_us = new Customer_Setup();
2358
+ $submited = json_decode( $contact_us->submit_contact_us( $email, $phone, $query ), true );
2359
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2360
+ if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) {
2361
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $submited['message'] ) );
2362
+ $this->mo_auth_show_error_message();
2363
+ } else {
2364
+ if ( $submited == false ) {
2365
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SUBMITTING_QUERY" ) );
2366
+ $this->mo_auth_show_error_message();
2367
+ } else {
2368
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "QUERY_SUBMITTED_SUCCESSFULLY" ) );
2369
+ $this->mo_auth_show_success_message();
2370
+ }
2371
+ }
2372
+ }
2373
+
2374
+ }
2375
+ }
2376
+ }
2377
+
2378
+ else if(isset( $_POST['option'] ) and $_POST['option'] == 'woocommerce_disable_login_prompt' ){
2379
+ if(isset($_POST['woocommerce_login_prompt'])){
2380
+ update_site_option('mo2f_woocommerce_login_prompt' , true);
2381
+ }
2382
+ else{
2383
+ update_site_option('mo2f_woocommerce_login_prompt' , false);
2384
+ }
2385
+ }
2386
+
2387
+ else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_auth_advanced_options_save' ) {
2388
+ update_option( 'mo2f_message', 'Your settings are saved successfully.' );
2389
+ $this->mo_auth_show_success_message();
2390
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_auth_login_settings_save' ) {
2391
+ $nonce = $_POST['mo_auth_login_settings_save_nonce'];
2392
+ if ( ! wp_verify_nonce( $nonce, 'mo-auth-login-settings-save-nonce' ) ) {
2393
+ $error = new WP_Error();
2394
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2395
+ return $error;
2396
+ } else {
2397
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
2398
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM ) {
2399
+
2400
+ if($_POST['mo2f_login_option'] == 0 && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option')){
2401
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "LOGIN_WITH_2ND_FACTOR" ) );
2402
+ $this->mo_auth_show_error_message();
2403
+ }else{
2404
+ update_option( 'mo2f_login_option', isset( $_POST['mo2f_login_option'] ) ? $_POST['mo2f_login_option'] : 0 );
2405
+ update_option( 'mo2f_remember_device', isset( $_POST['mo2f_remember_device'] ) ? $_POST['mo2f_remember_device'] : 0 );
2406
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') == 0 ) {
2407
+ update_option( 'mo2f_remember_device', 0 );
2408
+ }
2409
+ if(isset($_POST['mo2f_enable_login_with_2nd_factor']))
2410
+ {
2411
+ update_option('mo2f_login_option',1);
2412
+ }
2413
+ update_option( 'mo2f_enable_forgotphone', isset( $_POST['mo2f_forgotphone'] ) ? $_POST['mo2f_forgotphone'] : 0 );
2414
+ update_option( 'mo2f_enable_login_with_2nd_factor', isset( $_POST['mo2f_login_with_username_and_2factor'] ) ? $_POST['mo2f_login_with_username_and_2factor'] : 0 );
2415
+ update_option( 'mo2f_enable_xmlrpc', isset( $_POST['mo2f_enable_xmlrpc'] ) ? $_POST['mo2f_enable_xmlrpc'] : 0 );
2416
+ if ( get_option( 'mo2f_remember_device' ) && ! get_option( 'mo2f_app_secret' ) ) {
2417
+ $get_app_secret = new Miniorange_Rba_Attributes();
2418
+ $rba_response = json_decode( $get_app_secret->mo2f_get_app_secret(), true ); //fetch app secret
2419
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2420
+ if ( $rba_response['status'] == 'SUCCESS' ) {
2421
+ update_option( 'mo2f_app_secret', $rba_response['appSecret'] );
2422
+ } else {
2423
+ update_option( 'mo2f_remember_device', 0 );
2424
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_SETTINGS" ) );
2425
+ $this->mo_auth_show_error_message();
2426
+ }
2427
+ } else {
2428
+ update_option( 'mo2f_remember_device', 0 );
2429
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_SETTINGS" ) );
2430
+ $this->mo_auth_show_error_message();
2431
+ }
2432
+ }
2433
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "SETTINGS_SAVED" ) );
2434
+ $this->mo_auth_show_success_message();
2435
+ }
2436
+
2437
+ } else {
2438
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQUEST" ) );
2439
+ $this->mo_auth_show_error_message();
2440
+ }
2441
+ }
2442
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_sync_sms_transactions" ) {
2443
+ $customer = new Customer_Setup();
2444
+ $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
2445
+ if ( ! array_key_exists( 'smsRemaining', $content ) ) {
2446
+ $smsRemaining = 0;
2447
+ } else {
2448
+ $smsRemaining = $content['smsRemaining'];
2449
+ if ( $smsRemaining == null ) {
2450
+ $smsRemaining = 0;
2451
+ }
2452
+ }
2453
+ update_option( 'mo2f_number_of_transactions', $smsRemaining );
2454
+ }
2455
+
2456
+
2457
+ }
2458
+
2459
+ if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_fix_database_error' ) {
2460
+ $nonce = $_POST['mo2f_fix_database_error_nonce'];
2461
+
2462
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-fix-database-error-nonce' ) ) {
2463
+ $error = new WP_Error();
2464
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2465
+
2466
+ return $error;
2467
+ } else {
2468
+ global $Mo2fdbQueries;
2469
+
2470
+ $Mo2fdbQueries->database_table_issue();
2471
+
2472
+ }
2473
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
2474
+ $nonce = $_POST['mo2f_registration_closed_nonce'];
2475
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
2476
+ $error = new WP_Error();
2477
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2478
+ return $error;
2479
+ } else {
2480
+ delete_user_meta( $user->ID, 'register_account_popup' );
2481
+ $mo2f_message = 'Please set up the second-factor by clicking on Configure button.';
2482
+ update_option( 'mo2f_message', $mo2f_message );
2483
+ $this->mo_auth_show_success_message();
2484
+ }
2485
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo2f_goto_verifycustomer" ) {
2486
+ $nonce = $_POST['mo2f_goto_verifycustomer_nonce'];
2487
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-goto-verifycustomer-nonce' ) ) {
2488
+ $error = new WP_Error();
2489
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2490
+ return $error;
2491
+ } else {
2492
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2493
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_YOUR_EMAIL_PASSWORD" ) );
2494
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
2495
+ }
2496
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_gobackto_registration_page' ) { //back to registration page for admin
2497
+ $nonce = $_POST['mo_2factor_gobackto_registration_page_nonce'];
2498
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-gobackto-registration-page-nonce' ) ) {
2499
+ $error = new WP_Error();
2500
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2501
+ return $error;
2502
+ } else {
2503
+ delete_option( 'mo2f_email' );
2504
+ delete_option( 'mo2f_password' );
2505
+ update_option( 'mo2f_message', "" );
2506
+
2507
+ MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
2508
+ delete_option( 'mo2f_transactionId' );
2509
+ delete_user_meta( $user->ID, 'mo2f_sms_otp_count' );
2510
+ delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
2511
+ delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
2512
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'REGISTRATION_STARTED' ) );
2513
+ }
2514
+
2515
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_skip_feedback' ) {
2516
+
2517
+ $nonce = $_POST['mo2f_skip_feedback_nonce'];
2518
+
2519
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-skip-feedback-nonce' ) ) {
2520
+ $error = new WP_Error();
2521
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2522
+
2523
+ return $error;
2524
+ } else {
2525
+ deactivate_plugins( '/miniorange-2-factor-authentication/miniorange_2_factor_settings.php' );
2526
+ }
2527
+
2528
+ }else if ( isset( $_POST['mo2f_feedback'] ) and $_POST['mo2f_feedback'] == 'mo2f_feedback' ) {
2529
+
2530
+ $nonce = $_POST['mo2f_feedback_nonce'];
2531
+
2532
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-feedback-nonce' ) ) {
2533
+ $error = new WP_Error();
2534
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2535
+
2536
+ return $error;
2537
+ } else {
2538
+ $reasons_not_to_worry_about = array( "Upgrading to Standard / Premium", "Temporary deactivation - Testing" );
2539
+
2540
+ $message = 'Plugin Deactivated:';
2541
+
2542
+ if ( isset( $_POST['deactivate_plugin'] ) ) {
2543
+ if ( $_POST['query_feedback'] == '' and $_POST['deactivate_plugin'] == 'Other Reasons:' ) {
2544
+ // feedback add
2545
+ update_option( 'mo2f_message', 'Please let us know the reason for deactivation so that we improve the user experience.' );
2546
+ } else {
2547
+
2548
+ if ( ! in_array( $_POST['deactivate_plugin'], $reasons_not_to_worry_about ) ) {
2549
+
2550
+ $message .= $_POST['deactivate_plugin'];
2551
+
2552
+ if ( $_POST['query_feedback'] != '' ) {
2553
+ $message .= ':' . $_POST['query_feedback'];
2554
+ }
2555
+
2556
+
2557
+ if($_POST['deactivate_plugin'] == "Conflicts with other plugins"){
2558
+ $plugin_selected = $_POST['plugin_selected'];
2559
+ $plugin = MO2f_Utility::get_plugin_name_by_identifier($plugin_selected);
2560
+
2561
+ $message .= ", Plugin selected - " . $plugin . ".";
2562
+ }
2563
+
2564
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2565
+ if ( $email == '' ) {
2566
+ $email = $user->user_email;
2567
+ }
2568
+
2569
+ $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );;
2570
+
2571
+ $contact_us = new Customer_Setup();
2572
+ $submited = json_decode( $contact_us->send_email_alert( $email, $phone, $message ), true );
2573
+
2574
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2575
+ if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) {
2576
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $submited['message'] ) );
2577
+ $this->mo_auth_show_error_message();
2578
+ } else {
2579
+ if ( $submited == false ) {
2580
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SUBMITTING_QUERY" ) );
2581
+ $this->mo_auth_show_error_message();
2582
+ } else {
2583
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "QUERY_SUBMITTED_SUCCESSFULLY" ) );
2584
+ $this->mo_auth_show_success_message();
2585
+ }
2586
+ }
2587
+ }
2588
+ }
2589
+
2590
+ deactivate_plugins( '/miniorange-2-factor-authentication/miniorange_2_factor_settings.php' );
2591
+
2592
+ }
2593
+
2594
+ } else {
2595
+ update_option( 'mo2f_message', 'Please Select one of the reasons if your reason isnot mention please select Other Reasons' );
2596
+
2597
+ }
2598
+ }
2599
+
2600
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_2factor_resend_user_otp" ) { //resend OTP over email for additional admin and non-admin user
2601
+
2602
+ $nonce = $_POST['mo_2factor_resend_user_otp_nonce'];
2603
+
2604
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-user-otp-nonce' ) ) {
2605
+ $error = new WP_Error();
2606
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2607
+
2608
+ return $error;
2609
+ } else {
2610
+ $customer = new Customer_Setup();
2611
+ $content = json_decode( $customer->send_otp_token( get_user_meta( $user->ID, 'user_email', true ), 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2612
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2613
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( get_user_meta( $user->ID, 'user_email', true ) ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2614
+ update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2615
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2616
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2617
+ $this->mo_auth_show_success_message();
2618
+ } else {
2619
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
2620
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2621
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2622
+ $this->mo_auth_show_error_message();
2623
+
2624
+ }
2625
+ }
2626
+
2627
+ }else if ( isset( $_POST['option'] ) and ( $_POST['option'] == "mo2f_configure_miniorange_authenticator_validate" || $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete' ) ) { //mobile registration successfully complete for all users
2628
+
2629
+ $nonce = $_POST['mo2f_configure_miniorange_authenticator_validate_nonce'];
2630
+
2631
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-miniorange-authenticator-validate-nonce' ) ) {
2632
+ $error = new WP_Error();
2633
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2634
+
2635
+ return $error;
2636
+ } else {
2637
+ delete_option( 'mo2f_transactionId' );
2638
+ $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
2639
+ MO2f_Utility::unset_session_variables( $session_variables );
2640
+
2641
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2642
+ $TwoFA_method_to_configure = sanitize_text_field($_POST['mo2f_method']);
2643
+ $enduser = new Two_Factor_Setup();
2644
+ $current_method = MO2f_Utility::mo2f_decode_2_factor( $TwoFA_method_to_configure, "server" );
2645
+
2646
+ $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, null, null, null ), true );
2647
+
2648
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2649
+ if ( $response['status'] == 'ERROR' ) {
2650
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
2651
+
2652
+ $this->mo_auth_show_error_message();
2653
+
2654
+
2655
+ } else if ( $response['status'] == 'SUCCESS' ) {
2656
+
2657
+ $selectedMethod = $TwoFA_method_to_configure;
2658
+
2659
+ delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
2660
+
2661
+
2662
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
2663
+ 'mo2f_configured_2FA_method' => $selectedMethod,
2664
+ 'mobile_registration_status' => true,
2665
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
2666
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
2667
+ 'mo2f_miniOrangePushNotification_config_status' => true,
2668
+ 'user_registration_with_miniorange' => 'SUCCESS',
2669
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
2670
+ ) );
2671
+
2672
+ delete_user_meta( $user->ID, 'configure_2FA' );
2673
+ //update_user_meta( $user->ID, 'currentMethod' , $selectedMethod);
2674
+ mo2f_display_test_2fa_notification($user);
2675
+
2676
+ } else {
2677
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
2678
+ $this->mo_auth_show_error_message();
2679
+ }
2680
+
2681
+ } else {
2682
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2683
+ $this->mo_auth_show_error_message();
2684
+ }
2685
+ }
2686
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_success' ) { // mobile registration for all users(common)
2687
+
2688
+ $nonce = $_POST['mo2f_mobile_authenticate_success_nonce'];
2689
+
2690
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-success-nonce' ) ) {
2691
+ $error = new WP_Error();
2692
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2693
+
2694
+ return $error;
2695
+ } else {
2696
+
2697
+ if ( current_user_can( 'manage_options' ) ) {
2698
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2699
+ } else {
2700
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2701
+ }
2702
+
2703
+ $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
2704
+ MO2f_Utility::unset_session_variables( $session_variables );
2705
+
2706
+ delete_user_meta( $user->ID, 'test_2FA' );
2707
+ $this->mo_auth_show_success_message();
2708
+ }
2709
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_mobile_authenticate_error' ) { //mobile registration failed for all users(common)
2710
+ $nonce = $_POST['mo2f_mobile_authenticate_error_nonce'];
2711
+
2712
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-error-nonce' ) ) {
2713
+ $error = new WP_Error();
2714
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2715
+
2716
+ return $error;
2717
+ } else {
2718
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "AUTHENTICATION_FAILED" ) );
2719
+ MO2f_Utility::unset_session_variables( 'mo2f_show_qr_code' );
2720
+ $this->mo_auth_show_error_message();
2721
+ }
2722
+
2723
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_setting_configuration" ) // redirect to setings page
2724
+ {
2725
+
2726
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS' ) );
2727
+
2728
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == "mo_auth_refresh_mobile_qrcode" ) { // refrsh Qrcode for all users
2729
+
2730
+ $nonce = $_POST['mo_auth_refresh_mobile_qrcode_nonce'];
2731
+
2732
+ if ( ! wp_verify_nonce( $nonce, 'mo-auth-refresh-mobile-qrcode-nonce' ) ) {
2733
+ $error = new WP_Error();
2734
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2735
+
2736
+ return $error;
2737
+ } else {
2738
+ $session_id = sanitize_text_field($_POST['mo2f_session_id']);
2739
+ $twofactor_transactions = new Mo2fDB;
2740
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
2741
+
2742
+ if($exceeded){
2743
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
2744
+ $this->mo_auth_show_error_message();
2745
+ return;
2746
+ }
2747
+
2748
+ $mo_2factor_user_registration_status = get_option( 'mo_2factor_user_registration_status');
2749
+ if ( in_array( $mo_2factor_user_registration_status, array(
2750
+ 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR',
2751
+ 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION',
2752
+ 'MO_2_FACTOR_PLUGIN_SETTINGS'
2753
+ ) ) ) {
2754
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2755
+ $this->mo2f_get_qr_code_for_mobile( $email, $user->ID, $session_id );
2756
+
2757
+ } else {
2758
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "REGISTER_WITH_MO" ) );
2759
+ $this->mo_auth_show_error_message();
2760
+
2761
+ }
2762
+ }
2763
+ }else if ( isset( $_POST['mo2fa_register_to_upgrade_nonce'] ) ) { //registration with miniOrange for upgrading
2764
+ $nonce = $_POST['mo2fa_register_to_upgrade_nonce'];
2765
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-user-reg-to-upgrade-nonce' ) ) {
2766
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2767
+ } else {
2768
+ $requestOrigin = $_POST['requestOrigin'];
2769
+ update_option( 'mo2f_customer_selected_plan', $requestOrigin );
2770
+ header( 'Location: admin.php?page=mo_2fa_account' );
2771
+
2772
+ }
2773
+ }else if ( isset( $_POST['miniorange_get_started'] ) && isset( $_POST['miniorange_user_reg_nonce'] ) ) { //registration with miniOrange for additional admin and non-admin
2774
+ $nonce = $_POST['miniorange_user_reg_nonce'];
2775
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2776
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-user-reg-nonce' ) ) {
2777
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2778
+ } else {
2779
+ $email = '';
2780
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo_useremail'] ) ) {
2781
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_EMAILID" ) );
2782
+
2783
+ return;
2784
+ } else {
2785
+ $email = sanitize_email( $_POST['mo_useremail'] );
2786
+ }
2787
+
2788
+ if ( ! MO2f_Utility::check_if_email_is_already_registered( $email ) ) {
2789
+ update_user_meta( $user->ID, 'user_email', $email );
2790
+
2791
+ $enduser = new Two_Factor_Setup();
2792
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
2793
+
2794
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2795
+ if ( $check_user['status'] == 'ERROR' ) {
2796
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
2797
+ $this->mo_auth_show_error_message();
2798
+
2799
+ return;
2800
+ } else if ( strcasecmp( $check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER' ) == 0 ) {
2801
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_IN_USE" ) );
2802
+ $this->mo_auth_show_error_message();
2803
+
2804
+ return;
2805
+ } else if ( strcasecmp( $check_user['status'], 'USER_FOUND' ) == 0 || strcasecmp( $check_user['status'], 'USER_NOT_FOUND' ) == 0 ) {
2806
+
2807
+
2808
+ $enduser = new Customer_Setup();
2809
+ $content = json_decode( $enduser->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2810
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2811
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2812
+ $_SESSION['mo2f_transactionId'] = $content['txId'];
2813
+ update_option( 'mo2f_transactionId', $content['txId'] );
2814
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2815
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2816
+ update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2817
+ $this->mo_auth_show_success_message();
2818
+ } else {
2819
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2820
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2821
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_OVER_EMAIL" ) );
2822
+ $this->mo_auth_show_error_message();
2823
+ }
2824
+
2825
+
2826
+ }
2827
+ }
2828
+ } else {
2829
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_IN_USE" ) );
2830
+ $this->mo_auth_show_error_message();
2831
+ }
2832
+ }
2833
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo_2factor_backto_user_registration' ) { //back to registration page for additional admin and non-admin
2834
+ $nonce = $_POST['mo_2factor_backto_user_registration_nonce'];
2835
+
2836
+ if ( ! wp_verify_nonce( $nonce, 'mo-2factor-backto-user-registration-nonce' ) ) {
2837
+ $error = new WP_Error();
2838
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2839
+
2840
+ return $error;
2841
+ } else {
2842
+ delete_user_meta( $user->ID, 'user_email' );
2843
+ $Mo2fdbQueries->delete_user_details( $user->ID );
2844
+ MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
2845
+ delete_option( 'mo2f_transactionId' );
2846
+ }
2847
+
2848
+ }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_soft_token' ) { // validate Soft Token during test for all users
2849
+
2850
+ $nonce = $_POST['mo2f_validate_soft_token_nonce'];
2851
+
2852
+
2853
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-soft-token-nonce' ) ) {
2854
+ $error = new WP_Error();
2855
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2856
+
2857
+ return $error;
2858
+ } else {
2859
+ $otp_token = '';
2860
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2861
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
2862
+ $this->mo_auth_show_error_message();
2863
+
2864
+ return;
2865
+ } else {
2866
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
2867
+ }
2868
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2869
+ $customer = new Customer_Setup();
2870
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2871
+ if ( $content['status'] == 'ERROR' ) {
2872
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2873
+ $this->mo_auth_show_error_message();
2874
+ } else {
2875
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated and generate QRCode
2876
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2877
+
2878
+ delete_user_meta( $user->ID, 'test_2FA' );
2879
+ $this->mo_auth_show_success_message();
2880
+
2881
+
2882
+ } else { // OTP Validation failed.
2883
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2884
+ $this->mo_auth_show_error_message();
2885
+
2886
+ }
2887
+ }
2888
+ }
2889
+ }
2890
+
2891
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_Telegram' ) { //validate otp over Telegram
2892
+
2893
+ $nonce = $_POST['mo2f_validate_otp_over_Telegram_nonce'];
2894
+
2895
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-Telegram-nonce' ) ) {
2896
+ $error = new WP_Error();
2897
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2898
+
2899
+ return $error;
2900
+ } else {
2901
+
2902
+ $otp = sanitize_text_field($_POST['otp_token']);
2903
+ $otpToken = get_user_meta($user->ID,'mo2f_otp_token',true);
2904
+
2905
+ $time = get_user_meta($user->ID,'mo2f_telegram_time',true);
2906
+ $accepted_time = time()-300;
2907
+ $time = (int)$time;
2908
+ global $Mo2fdbQueries;
2909
+ if($otp == $otpToken)
2910
+ {
2911
+ if($accepted_time<$time){
2912
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2913
+ delete_user_meta( $user->ID, 'test_2FA' );
2914
+ delete_user_meta($user->ID,'mo2f_telegram_time');
2915
+
2916
+ $this->mo_auth_show_success_message();
2917
+
2918
+ }
2919
+ else
2920
+ {
2921
+ update_option( 'mo2f_message', 'OTP has been expired please initiate another transaction for verification' );
2922
+ delete_user_meta( $user->ID, 'test_2FA' );
2923
+ $this->mo_auth_show_error_message();
2924
+
2925
+ }
2926
+ }
2927
+ else
2928
+ {
2929
+ update_option( 'mo2f_message', 'Wrong OTP Please try again.' );
2930
+ $this->mo_auth_show_error_message();
2931
+
2932
+ }
2933
+ }
2934
+ }
2935
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_sms' ) { //validate otp over sms and phone call during test for all users
2936
+
2937
+ $nonce = $_POST['mo2f_validate_otp_over_sms_nonce'];
2938
+
2939
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-sms-nonce' ) ) {
2940
+ $error = new WP_Error();
2941
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2942
+
2943
+ return $error;
2944
+ } else {
2945
+ $otp_token = '';
2946
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2947
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
2948
+ $this->mo_auth_show_error_message();
2949
+
2950
+ return;
2951
+ } else {
2952
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
2953
+ }
2954
+ $mo2f_transactionId = get_user_meta($user->ID, 'mo2f_transactionId', true);
2955
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2956
+ $selected_2_2factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2957
+ $customer = new Customer_Setup();
2958
+ $content = json_decode( $customer->validate_otp_token($selected_2_2factor_method , $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2959
+
2960
+ if ( $content['status'] == 'ERROR' ) {
2961
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2962
+ $this->mo_auth_show_error_message();
2963
+ } else {
2964
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
2965
+ if ( current_user_can( 'manage_options' ) ) {
2966
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2967
+ } else {
2968
+ update_option( 'mo2f_message', Mo2fConstants::langTranslate( "COMPLETED_TEST" ) );
2969
+ }
2970
+
2971
+ delete_user_meta( $user->ID, 'test_2FA' );
2972
+ $this->mo_auth_show_success_message();
2973
+
2974
+ } else {
2975
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2976
+ $this->mo_auth_show_error_message();
2977
+ }
2978
+
2979
+ }
2980
+ }
2981
+ }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_out_of_band_success' ) {
2982
+ $nonce = $_POST['mo2f_out_of_band_success_nonce'];
2983
+
2984
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-success-nonce' ) ) {
2985
+ $error = new WP_Error();
2986
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2987
+
2988
+ return $error;
2989
+ } else {
2990
+ $show = 1;
2991
+ if(MO2F_IS_ONPREM )
2992
+ {
2993
+ $txid = isset($_POST['TxidEmail'])? $_POST['TxidEmail']:null;
2994
+ $status = get_option($txid);
2995
+ if($status != '')
2996
+ {
2997
+ if($status != 1)
2998
+ {
2999
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_VER_REQ" ));
3000
+ $show = 0;
3001
+ $this->mo_auth_show_error_message();
3002
+
3003
+ }
3004
+ }
3005
+ }
3006
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
3007
+ if(MO2F_IS_ONPREM and $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL')
3008
+ $mo2f_configured_2FA_method = 'Email Verification';
3009
+
3010
+ $mo2f_EmailVerification_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_EmailVerification_config_status', $user->ID );
3011
+ if ( ! current_user_can( 'manage_options' ) && $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL' ) {
3012
+ if ( $mo2f_EmailVerification_config_status ) {
3013
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3014
+ } else {
3015
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3016
+ $enduser = new Two_Factor_Setup();
3017
+ $response = json_decode( $enduser->mo2f_update_userinfo( $email, $mo2f_configured_2FA_method, null, null, null ), true );
3018
+ update_option( 'mo2f_message', '<b> ' . Mo2fConstants:: langTranslate( "EMAIL_VERFI" ) . '</b> ' . Mo2fConstants:: langTranslate( "SET_AS_2ND_FACTOR" ) );
3019
+ }
3020
+ } else {
3021
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3022
+ }
3023
+ delete_user_meta( $user->ID, 'test_2FA' );
3024
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3025
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3026
+ 'mo2f_EmailVerification_config_status' => true
3027
+ ) );
3028
+ if($show)
3029
+ $this->mo_auth_show_success_message();
3030
+ }
3031
+
3032
+
3033
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_out_of_band_error' ) { //push and out of band email denied
3034
+ $nonce = $_POST['mo2f_out_of_band_error_nonce'];
3035
+
3036
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-error-nonce' ) ) {
3037
+ $error = new WP_Error();
3038
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3039
+
3040
+ return $error;
3041
+ } else {
3042
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "DENIED_REQUEST" ) );
3043
+ delete_user_meta( $user->ID, 'test_2FA' );
3044
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3045
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3046
+ 'mo2f_EmailVerification_config_status' => true
3047
+ ) );
3048
+ $this->mo_auth_show_error_message();
3049
+ }
3050
+
3051
+ }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_duo_authenticator_success_form' ) {
3052
+ $nonce = $_POST['mo2f_duo_authenticator_success_nonce'];
3053
+
3054
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-success-nonce' ) ) {
3055
+ $error = new WP_Error();
3056
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3057
+
3058
+ return $error;
3059
+ }else{
3060
+
3061
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3062
+
3063
+ delete_user_meta( $user->ID, 'test_2FA' );
3064
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3065
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3066
+ 'mo2f_DuoAuthenticator_config_status' => true
3067
+ ) );
3068
+
3069
+ $this->mo_auth_show_success_message();
3070
+
3071
+ }
3072
+ }else if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_duo_authenticator_error' ) { //push and out of band email denied
3073
+ $nonce = $_POST['mo2f_duo_authentcator_error_nonce'];
3074
+
3075
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-error-nonce' ) ) {
3076
+ $error = new WP_Error();
3077
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3078
+
3079
+ return $error;
3080
+ } else {
3081
+ global $Mo2fdbQueries;
3082
+
3083
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "DENIED_DUO_REQUEST" ) );
3084
+ delete_user_meta( $user->ID, 'test_2FA' );
3085
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3086
+ 'mobile_registration_status' =>false,
3087
+ ) );
3088
+ $this->mo_auth_show_error_message();
3089
+ }
3090
+
3091
+ }
3092
+ else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_google_authy_test' ) {
3093
+
3094
+ $nonce = sanitize_text_field($_POST['mo2f_validate_google_authy_test_nonce']);
3095
+
3096
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-google-authy-test-nonce' ) ) {
3097
+ $error = new WP_Error();
3098
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3099
+
3100
+ return $error;
3101
+ } else {
3102
+ $otp_token = '';
3103
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3104
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
3105
+ $this->mo_auth_show_error_message();
3106
+
3107
+ return;
3108
+ } else {
3109
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
3110
+ }
3111
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3112
+
3113
+ $customer = new Customer_Setup();
3114
+ $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $email, null, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3115
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3116
+
3117
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
3118
+
3119
+ if ( current_user_can( 'manage_options' ) ) {
3120
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3121
+ } else {
3122
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3123
+ }
3124
+
3125
+ delete_user_meta( $user->ID, 'test_2FA' );
3126
+ $this->mo_auth_show_success_message();
3127
+
3128
+
3129
+ } else { // OTP Validation failed.
3130
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3131
+ $this->mo_auth_show_error_message();
3132
+
3133
+ }
3134
+ } else {
3135
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
3136
+ $this->mo_auth_show_error_message();
3137
+
3138
+ }
3139
+ }
3140
+ }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_email' ) {
3141
+ $nonce = $_POST['mo2f_validate_otp_over_email_test_nonce'];
3142
+
3143
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-email-test-nonce' ) ) {
3144
+ $error = new WP_Error();
3145
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3146
+
3147
+ return $error;
3148
+ } else {
3149
+ $otp_token = '';
3150
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3151
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
3152
+ $this->mo_auth_show_error_message();
3153
+
3154
+ return;
3155
+ } else {
3156
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
3157
+ }
3158
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3159
+
3160
+ $customer = new Customer_Setup();
3161
+
3162
+ $mo2f_transactionId = get_user_meta($user->ID, 'mo2f_transactionId', true);
3163
+ $content = json_decode( $customer->validate_otp_token( 'OTP_OVER_EMAIL', $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3164
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3165
+
3166
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
3167
+
3168
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3169
+ delete_user_meta( $user->ID, 'configure_2FA');
3170
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Email','mo2f_OTPOverEmail_config_status'=>true ) );
3171
+ delete_user_meta( $user->ID, 'test_2FA' );
3172
+ $this->mo_auth_show_success_message();
3173
+
3174
+
3175
+ } else { // OTP Validation failed.
3176
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3177
+ $this->mo_auth_show_error_message();
3178
+
3179
+ }
3180
+ } else {
3181
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
3182
+ $this->mo_auth_show_error_message();
3183
+
3184
+ }
3185
+ }
3186
+ }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_google_appname' ) {
3187
+ $nonce = sanitize_text_field($_POST['mo2f_google_appname_nonce']);
3188
+
3189
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-google-appname-nonce' ) ) {
3190
+ $error = new WP_Error();
3191
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3192
+
3193
+ return $error;
3194
+ } else {
3195
+
3196
+ update_option('mo2f_google_appname',((isset($_POST['mo2f_google_auth_appname']) && $_POST['mo2f_google_auth_appname']!='') ? sanitize_text_field($_POST['mo2f_google_auth_appname']) : 'miniOrangeAu'));
3197
+ }
3198
+
3199
+ }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_configure_google_authenticator_validate' ) {
3200
+ $nonce = sanitize_text_field($_POST['mo2f_configure_google_authenticator_validate_nonce']);
3201
+
3202
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-google-authenticator-validate-nonce' ) ) {
3203
+ $error = new WP_Error();
3204
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3205
+
3206
+ return $error;
3207
+ } else {
3208
+ $otpToken = sanitize_text_field($_POST['google_token']);
3209
+ $ga_secret = isset( $_POST['google_auth_secret'] ) ? sanitize_text_field($_POST['google_auth_secret']) : null;
3210
+
3211
+ if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
3212
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3213
+ $twofactor_transactions = new Mo2fDB;
3214
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3215
+
3216
+ if($exceeded){
3217
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3218
+ $this->mo_auth_show_error_message();
3219
+ return;
3220
+ }
3221
+ $google_auth = new Miniorange_Rba_Attributes();
3222
+ $google_response = json_decode( $google_auth->mo2f_validate_google_auth( $email, $otpToken, $ga_secret ), true );
3223
+
3224
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3225
+ if ( $google_response['status'] == 'SUCCESS' ) {
3226
+ $enduser = new Two_Factor_Setup();
3227
+ $response = json_decode( $enduser->mo2f_update_userinfo( $email, "GOOGLE AUTHENTICATOR", null, null, null ), true );
3228
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3229
+
3230
+ if ( $response['status'] == 'SUCCESS' ) {
3231
+
3232
+ delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3233
+
3234
+ delete_user_meta( $user->ID, 'configure_2FA' );
3235
+
3236
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3237
+ 'mo2f_GoogleAuthenticator_config_status' => true,
3238
+ 'mo2f_AuthyAuthenticator_config_status' => false,
3239
+ 'mo2f_configured_2FA_method' => "Google Authenticator",
3240
+ 'user_registration_with_miniorange' => 'SUCCESS',
3241
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3242
+ ) );
3243
+
3244
+ update_user_meta( $user->ID, 'mo2f_external_app_type', "Google Authenticator" );
3245
+ mo2f_display_test_2fa_notification($user);
3246
+ delete_user_meta($user->ID, 'mo2f_google_auth');
3247
+
3248
+ } else {
3249
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3250
+ $this->mo_auth_show_error_message();
3251
+
3252
+ }
3253
+ } else {
3254
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3255
+ $this->mo_auth_show_error_message();
3256
+
3257
+ }
3258
+ } else {
3259
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) . '<br>3.' . Mo2fConstants::langTranslate( "SERVER_TIME_SYNC" ));
3260
+ $this->mo_auth_show_error_message();
3261
+
3262
+ }
3263
+ } else {
3264
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_USER" ) );
3265
+ $this->mo_auth_show_error_message();
3266
+
3267
+ }
3268
+ } else {
3269
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
3270
+ $this->mo_auth_show_error_message();
3271
+
3272
+ }
3273
+ }
3274
+ }else if(isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_configure_duo_authenticator_validate_nonce'){
3275
+
3276
+ $nonce = sanitize_text_field($_POST['mo2f_configure_duo_authenticator_validate_nonce']);
3277
+
3278
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator-validate-nonce' ) ) {
3279
+ $error = new WP_Error();
3280
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3281
+
3282
+ return $error;
3283
+ }else{
3284
+
3285
+ delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3286
+
3287
+ delete_user_meta( $user->ID, 'configure_2FA' );
3288
+ delete_user_meta($user->ID,'user_not_enroll');
3289
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3290
+ 'mo2f_DuoAuthenticator_config_status' => true,
3291
+
3292
+ 'mo2f_configured_2FA_method' => "Duo Authenticator",
3293
+ 'user_registration_with_miniorange' => 'SUCCESS',
3294
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3295
+ ) );
3296
+
3297
+ update_user_meta( $user->ID, 'mo2f_external_app_type', "Duo Authenticator" );
3298
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "VALIDATE_DUO" ) );
3299
+ $this->mo_auth_show_success_message();
3300
+ }
3301
+
3302
+ }
3303
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator' ) {
3304
+ $nonce = $_POST['mo2f_configure_authy_authenticator_nonce'];
3305
+
3306
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-nonce' ) ) {
3307
+ $error = new WP_Error();
3308
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3309
+
3310
+ return $error;
3311
+ } else {
3312
+ $authy = new Miniorange_Rba_Attributes();
3313
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3314
+ $authy_response = json_decode( $authy->mo2f_google_auth_service( $user_email ), true );
3315
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3316
+ if ( $authy_response['status'] == 'SUCCESS' ) {
3317
+ $mo2f_authy_keys = array();
3318
+ $mo2f_authy_keys['authy_qrCode'] = $authy_response['qrCodeData'];
3319
+ $mo2f_authy_keys['mo2f_authy_secret'] = $authy_response['secret'];
3320
+ $_SESSION['mo2f_authy_keys'] = $mo2f_authy_keys;
3321
+ } else {
3322
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
3323
+ $this->mo_auth_show_error_message();
3324
+ }
3325
+ } else {
3326
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
3327
+ $this->mo_auth_show_error_message();
3328
+ }
3329
+ }
3330
+ }else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator_validate' ) {
3331
+ $nonce = $_POST['mo2f_configure_authy_authenticator_validate_nonce'];
3332
+
3333
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-validate-nonce' ) ) {
3334
+ $error = new WP_Error();
3335
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3336
+
3337
+ return $error;
3338
+ } else {
3339
+ $otpToken = $_POST['mo2f_authy_token'];
3340
+ $authy_secret = isset( $_POST['mo2f_authy_secret'] ) ? $_POST['mo2f_authy_secret'] : null;
3341
+ if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
3342
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3343
+ $authy_auth = new Miniorange_Rba_Attributes();
3344
+ $authy_response = json_decode( $authy_auth->mo2f_validate_google_auth( $email, $otpToken, $authy_secret ), true );
3345
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3346
+ if ( $authy_response['status'] == 'SUCCESS' ) {
3347
+ $enduser = new Two_Factor_Setup();
3348
+ $response = json_decode( $enduser->mo2f_update_userinfo( $email, 'GOOGLE AUTHENTICATOR', null, null, null ), true );
3349
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3350
+
3351
+ if ( $response['status'] == 'SUCCESS' ) {
3352
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3353
+ 'mo2f_GoogleAuthenticator_config_status' => false,
3354
+ 'mo2f_AuthyAuthenticator_config_status' => true,
3355
+ 'mo2f_configured_2FA_method' => "Authy Authenticator",
3356
+ 'user_registration_with_miniorange' => 'SUCCESS',
3357
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3358
+ ) );
3359
+ update_user_meta( $user->ID, 'mo2f_external_app_type', "Authy Authenticator" );
3360
+ delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3361
+ delete_user_meta( $user->ID, 'configure_2FA' );
3362
+
3363
+ mo2f_display_test_2fa_notification($user);
3364
+
3365
+ } else {
3366
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3367
+ $this->mo_auth_show_error_message();
3368
+ }
3369
+ } else {
3370
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3371
+ $this->mo_auth_show_error_message();
3372
+ }
3373
+ } else {
3374
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) );
3375
+ $this->mo_auth_show_error_message();
3376
+ }
3377
+ } else {
3378
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_USER" ) );
3379
+ $this->mo_auth_show_error_message();
3380
+ }
3381
+ } else {
3382
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
3383
+ $this->mo_auth_show_error_message();
3384
+ }
3385
+ }
3386
+ }
3387
+ else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_kba' ) {
3388
+ $nonce = sanitize_text_field($_POST['mo2f_save_kba_nonce']);
3389
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-save-kba-nonce' ) ) {
3390
+ $error = new WP_Error();
3391
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3392
+
3393
+ return $error;
3394
+ }
3395
+ $twofactor_transactions = new Mo2fDB;
3396
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3397
+ if($exceeded){
3398
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3399
+ $this->mo_auth_show_error_message();
3400
+ return;
3401
+ }
3402
+
3403
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
3404
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
3405
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
3406
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
3407
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
3408
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
3409
+
3410
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
3411
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3412
+ $this->mo_auth_show_error_message();
3413
+ return;
3414
+ }
3415
+
3416
+ if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
3417
+ update_option( 'mo2f_message', 'The questions you select must be unique.' );
3418
+ $this->mo_auth_show_error_message();
3419
+ return;
3420
+ }
3421
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
3422
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
3423
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
3424
+
3425
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
3426
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
3427
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
3428
+
3429
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3430
+ $kba_registration = new Two_Factor_Setup();
3431
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
3432
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3433
+ if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
3434
+ if ( isset( $_POST['mobile_kba_option'] ) && $_POST['mobile_kba_option'] == 'mo2f_request_for_kba_as_emailbackup' ) {
3435
+ MO2f_Utility::unset_session_variables( 'mo2f_mobile_support' );
3436
+
3437
+ delete_user_meta( $user->ID, 'configure_2FA' );
3438
+ delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3439
+
3440
+ $message = mo2f_lt( 'Your KBA as alternate 2 factor is configured successfully.' );
3441
+ update_option( 'mo2f_message', $message );
3442
+ $this->mo_auth_show_success_message();
3443
+
3444
+ } else {
3445
+ $enduser = new Two_Factor_Setup();
3446
+ $response = json_decode( $enduser->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
3447
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3448
+ if ( $response['status'] == 'ERROR' ) {
3449
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
3450
+ $this->mo_auth_show_error_message();
3451
+
3452
+ } else if ( $response['status'] == 'SUCCESS' ) {
3453
+ delete_user_meta( $user->ID, 'configure_2FA' );
3454
+
3455
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3456
+ 'mo2f_SecurityQuestions_config_status' => true,
3457
+ 'mo2f_configured_2FA_method' => "Security Questions",
3458
+ 'mo_2factor_user_registration_status' => "MO_2_FACTOR_PLUGIN_SETTINGS"
3459
+ ) );
3460
+ // $this->mo_auth_show_success_message();
3461
+ mo2f_display_test_2fa_notification($user);
3462
+
3463
+ }else {
3464
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3465
+ $this->mo_auth_show_error_message();
3466
+
3467
+ }
3468
+ } else {
3469
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3470
+ $this->mo_auth_show_error_message();
3471
+
3472
+ }
3473
+ }
3474
+ } else {
3475
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
3476
+ $this->mo_auth_show_error_message();
3477
+
3478
+
3479
+ return;
3480
+ }
3481
+ } else {
3482
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
3483
+ $this->mo_auth_show_error_message();
3484
+
3485
+
3486
+ return;
3487
+ }
3488
+
3489
+
3490
+ }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_kba_details' ) {
3491
+ $nonce = sanitize_text_field($_POST['mo2f_validate_kba_details_nonce']);
3492
+
3493
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-kba-details-nonce' ) ) {
3494
+ $error = new WP_Error();
3495
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3496
+
3497
+ return $error;
3498
+ } else {
3499
+ $kba_ans_1 = '';
3500
+ $kba_ans_2 = '';
3501
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) ) {
3502
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3503
+ $this->mo_auth_show_error_message();
3504
+
3505
+ return;
3506
+ } else {
3507
+ $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
3508
+ $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
3509
+ }
3510
+ //if the php session folder has insufficient permissions, temporary options to be used
3511
+ $kba_questions = get_user_meta($user->ID, 'mo_2_factor_kba_questions', true);
3512
+
3513
+ $kbaAns = array();
3514
+ if(!MO2F_IS_ONPREM){
3515
+ $kbaAns[0] = $kba_questions[0]['question'];
3516
+ $kbaAns[1] = $kba_ans_1;
3517
+ $kbaAns[2] = $kba_questions[1]['question'];
3518
+ $kbaAns[3] = $kba_ans_2;
3519
+ }
3520
+ //if the php session folder has insufficient permissions, temporary options to be used
3521
+ $mo2f_transactionId = get_option('mo2f_transactionId');
3522
+ $kba_validate = new Customer_Setup();
3523
+ $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_transactionId, $kbaAns, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3524
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3525
+ if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
3526
+ delete_option('mo2f_transactionId');
3527
+ delete_option('kba_questions');
3528
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3529
+ delete_user_meta( $user->ID, 'test_2FA' );
3530
+ $this->mo_auth_show_success_message();
3531
+ } else { // KBA Validation failed.
3532
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ANSWERS" ) );
3533
+ $this->mo_auth_show_error_message();
3534
+
3535
+ }
3536
+ }
3537
+ }
3538
+ }
3539
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_send_otp' ) { // sendin otp for configuring OTP over Telegram
3540
+
3541
+ $nonce = $_POST['mo2f_configure_otp_over_Telegram_send_otp_nonce'];
3542
+
3543
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-send-otp-nonce' ) ) {
3544
+ $error = new WP_Error();
3545
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3546
+
3547
+ return $error;
3548
+ } else {
3549
+ $chatID = sanitize_text_field( $_POST['verify_chatID'] );
3550
+
3551
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $chatID ) ) {
3552
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3553
+ $this->mo_auth_show_error_message();
3554
+
3555
+ return;
3556
+ }
3557
+
3558
+ $chatID = str_replace( ' ', '', $chatID );
3559
+ $user = wp_get_current_user();
3560
+
3561
+ update_user_meta($user->ID, 'mo2f_temp_chatID', $chatID );
3562
+ $customer = new Customer_Setup();
3563
+ $currentMethod = "OTP Over Telegram";
3564
+
3565
+ $otpToken = '';
3566
+ for($i=1;$i<7;$i++)
3567
+ {
3568
+ $otpToken .= rand(0,9);
3569
+ }
3570
+ update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
3571
+ update_user_meta($user->ID,'mo2f_telegram_time',time());
3572
+
3573
+ $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
3574
+ $postdata = array( 'mo2f_otp_token' => $otpToken,
3575
+ 'mo2f_chatid' => $chatID
3576
+ );
3577
+
3578
+ $handle = curl_init();
3579
+
3580
+ curl_setopt_array($handle,
3581
+ array(
3582
+ CURLOPT_URL => $url,
3583
+ CURLOPT_POST => true,
3584
+ CURLOPT_POSTFIELDS => $postdata,
3585
+ CURLOPT_RETURNTRANSFER => true,
3586
+ CURLOPT_SSL_VERIFYHOST => FALSE,
3587
+ CURLOPT_SSL_VERIFYPEER => FALSE,
3588
+ )
3589
+ );
3590
+
3591
+ $data = curl_exec($handle);
3592
+
3593
+
3594
+ curl_close($handle);
3595
+ if($data == 'SUCCESS')
3596
+ {
3597
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . 'your telegram number.' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
3598
+ $this->mo_auth_show_success_message();
3599
+ }
3600
+ else
3601
+ {
3602
+ update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
3603
+ $this->mo_auth_show_error_message();
3604
+
3605
+ }
3606
+
3607
+ }
3608
+ }
3609
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_send_otp' ) { // sendin otp for configuring OTP over SMS
3610
+
3611
+ $nonce = $_POST['mo2f_configure_otp_over_sms_send_otp_nonce'];
3612
+
3613
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-send-otp-nonce' ) ) {
3614
+ $error = new WP_Error();
3615
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3616
+
3617
+ return $error;
3618
+ } else {
3619
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
3620
+
3621
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ) {
3622
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3623
+ $this->mo_auth_show_error_message();
3624
+
3625
+ return;
3626
+ }
3627
+
3628
+ $phone = str_replace( ' ', '', $phone );
3629
+ $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
3630
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'user_phone', $phone);
3631
+ update_option( 'user_phone_temp', $phone );
3632
+ $customer = new Customer_Setup();
3633
+ $currentMethod = "SMS";
3634
+
3635
+ $content = json_decode( $customer->send_otp_token( $phone, $currentMethod, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3636
+
3637
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate otp token */
3638
+ if ( $content['status'] == 'ERROR' ) {
3639
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
3640
+ $this->mo_auth_show_error_message();
3641
+ } else if ( $content['status'] == 'SUCCESS' ) {
3642
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_transactionId', $content['txId']);
3643
+
3644
+
3645
+ update_option( 'mo2f_transactionId', $content['txId'] );
3646
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
3647
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
3648
+ $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
3649
+ if($mo2f_sms>0)
3650
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
3651
+
3652
+ $this->mo_auth_show_success_message();
3653
+ } else {
3654
+ update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
3655
+ $this->mo_auth_show_error_message();
3656
+ }
3657
+
3658
+ } else {
3659
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3660
+ $this->mo_auth_show_error_message();
3661
+ }
3662
+ }
3663
+ }
3664
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_validate' ) {
3665
+ $nonce = $_POST['mo2f_configure_otp_over_Telegram_validate_nonce'];
3666
+
3667
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-validate-nonce' ) ) {
3668
+ $error = new WP_Error();
3669
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3670
+
3671
+ return $error;
3672
+ } else {
3673
+
3674
+ $twofactor_transactions = new Mo2fDB;
3675
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3676
+
3677
+ if($exceeded){
3678
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3679
+ $this->mo_auth_show_error_message();
3680
+ return;
3681
+ }
3682
+ $otp_token = '';
3683
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3684
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3685
+ $this->mo_auth_show_error_message();
3686
+
3687
+ return;
3688
+ } else {
3689
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
3690
+ }
3691
+
3692
+ $otp = get_user_meta($user->ID,'mo2f_otp_token',true);
3693
+ $time = get_user_meta($user->ID,'mo2f_telegram_time',true);
3694
+ $accepted_time = time()-300;
3695
+ $time = (int)$time;
3696
+ global $Mo2fdbQueries;
3697
+ if($otp == $otp_token)
3698
+ {
3699
+ if($accepted_time<$time){
3700
+ if(MO2F_IS_ONPREM)
3701
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
3702
+ 'mo2f_OTPOverTelegram_config_status' => true,
3703
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3704
+ ) );
3705
+ else
3706
+ { $Mo2fdbQueries->update_user_details( $user->ID, array(
3707
+ 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
3708
+ 'mo2f_OTPOverTelegram_config_status' => true,
3709
+ 'user_registration_with_miniorange' => 'SUCCESS',
3710
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3711
+ ) );
3712
+ }
3713
+ delete_user_meta( $user->ID, 'configure_2FA' );
3714
+ update_user_meta( $user->ID, 'mo2f_chat_id',get_user_meta($user->ID,'mo2f_temp_chatID',true));
3715
+
3716
+ delete_user_meta( $user->ID, 'mo2f_temp_chatID' );
3717
+
3718
+ delete_user_meta( $user->ID, 'mo2f_otp_token');
3719
+ delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3720
+ mo2f_display_test_2fa_notification($user);
3721
+ update_option( 'mo2f_message','OTP Over Telegram is set as the second-factor. Enjoy the unlimited service.');
3722
+ $this->mo_auth_show_success_message();
3723
+ delete_user_meta($user->ID,'mo2f_telegram_time');
3724
+ }
3725
+ else
3726
+ {
3727
+ update_option( 'mo2f_message','OTP has been expired please reinitiate another transaction.');
3728
+ $this->mo_auth_show_error_message();
3729
+ delete_user_meta($user->ID,'mo2f_telegram_time');
3730
+ }
3731
+ }
3732
+ else
3733
+ {
3734
+ update_option( 'mo2f_message','Invalid OTP. Please try again.');
3735
+ $this->mo_auth_show_error_message();
3736
+ }
3737
+
3738
+ }}
3739
+ else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_validate' ) {
3740
+ $nonce = $_POST['mo2f_configure_otp_over_sms_validate_nonce'];
3741
+
3742
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-validate-nonce' ) ) {
3743
+ $error = new WP_Error();
3744
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3745
+
3746
+ return $error;
3747
+ } else {
3748
+
3749
+ $twofactor_transactions = new Mo2fDB;
3750
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3751
+
3752
+ if($exceeded){
3753
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3754
+ $this->mo_auth_show_error_message();
3755
+ return;
3756
+ }
3757
+ $otp_token = '';
3758
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3759
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3760
+ $this->mo_auth_show_error_message();
3761
+
3762
+ return;
3763
+ } else {
3764
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
3765
+ $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
3766
+ }
3767
+ $mo2f_transactionId = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_transactionId' );
3768
+
3769
+ $user_phone = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'user_phone' );
3770
+ $mo2f_configured_2FA_method = get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', true );
3771
+ $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
3772
+ $customer = new Customer_Setup();
3773
+ $content = json_decode( $customer->validate_otp_token( $mo2f_configured_2FA_method, null, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3774
+
3775
+ if ( $content['status'] == 'ERROR' ) {
3776
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
3777
+
3778
+ } else if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
3779
+ if ( $phone && strlen( $phone ) >= 4 ) {
3780
+ if ( $user_phone != $phone ) {
3781
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mobile_registration_status' => false ) );
3782
+
3783
+ }
3784
+ }
3785
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3786
+
3787
+ $enduser = new Two_Factor_Setup();
3788
+ $TwoFA_method_to_configure = get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', true );
3789
+ $current_method = MO2f_Utility::mo2f_decode_2_factor( $TwoFA_method_to_configure, "server" );
3790
+ $response = array();
3791
+ if(MO2F_IS_ONPREM) {
3792
+ $response['status'] = 'SUCCESS';
3793
+ if ( $current_method == 'SMS' ) {
3794
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over SMS' ) );
3795
+ // update_user_meta($user->ID,'currentMethod','OTP Over SMS');
3796
+ } else {
3797
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $current_method ) );//why is this needed?
3798
+ // update_user_meta( $user->ID, 'currentMethod', $current_method );
3799
+
3800
+ }
3801
+ }
3802
+ else
3803
+ $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $user_phone, null, null ), true );
3804
+
3805
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3806
+
3807
+ if ( $response['status'] == 'ERROR' ) {
3808
+ MO2f_Utility::unset_session_variables( 'user_phone' );
3809
+ delete_option( 'user_phone_temp' );
3810
+
3811
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
3812
+ $this->mo_auth_show_error_message();
3813
+ } else if ( $response['status'] == 'SUCCESS' ) {
3814
+
3815
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
3816
+ 'mo2f_configured_2FA_method' => 'OTP Over SMS',
3817
+ 'mo2f_OTPOverSMS_config_status' => true,
3818
+ 'user_registration_with_miniorange' => 'SUCCESS',
3819
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3820
+ 'mo2f_user_phone' => $user_phone
3821
+ ) );
3822
+
3823
+ delete_user_meta( $user->ID, 'configure_2FA' );
3824
+ delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3825
+
3826
+
3827
+ MO2f_Utility::unset_session_variables( 'user_phone' );
3828
+ delete_option( 'user_phone_temp' );
3829
+
3830
+ mo2f_display_test_2fa_notification($user);
3831
+ } else {
3832
+ MO2f_Utility::unset_session_variables( 'user_phone' );
3833
+ delete_option( 'user_phone_temp' );
3834
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3835
+ $this->mo_auth_show_error_message();
3836
+ }
3837
+ } else {
3838
+ MO2f_Utility::unset_session_variables( 'user_phone' );
3839
+ delete_option( 'user_phone_temp' );
3840
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3841
+ $this->mo_auth_show_error_message();
3842
+ }
3843
+
3844
+ } else { // OTP Validation failed.
3845
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3846
+ $this->mo_auth_show_error_message();
3847
+ }
3848
+ }
3849
+
3850
+ }else if(isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_duo_authenticator'){
3851
+
3852
+ $nonce = $_POST['mo2f_configure_duo_authenticator_nonce'];
3853
+
3854
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator' ) ) {
3855
+ $error = new WP_Error();
3856
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3857
+
3858
+ return $error;
3859
+ } else {
3860
+ if($_POST['ikey'] == '' || $_POST['skey'] == '' || $_POST['apihostname'] == '' ){
3861
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Some field is missing, please fill all required details." ) );
3862
+ $this->mo_auth_show_error_message();
3863
+ return;
3864
+ }else{
3865
+ update_site_option('mo2f_d_integration_key',isset($_POST['ikey'])? sanitize_text_field($_POST['ikey']):'');
3866
+ update_site_option('mo2f_d_secret_key',isset($_POST['skey'])? sanitize_text_field($_POST['skey']):'');
3867
+ update_site_option('mo2f_d_api_hostname',isset($_POST['apihostname'])? sanitize_text_field($_POST['apihostname']):'');
3868
+
3869
+ $ikey = sanitize_text_field($_POST['ikey']);
3870
+ $skey = sanitize_text_field($_POST['skey']);
3871
+ $host = sanitize_text_field($_POST['apihostname']);
3872
+
3873
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
3874
+
3875
+
3876
+ $duo_up_response = ping($skey,$ikey,$host);
3877
+
3878
+ if($duo_up_response['response']['stat'] == 'OK'){
3879
+
3880
+ $duo_check_credentials = check($skey, $ikey, $host);
3881
+
3882
+ if($duo_check_credentials['response']['stat'] == 'OK'){
3883
+
3884
+
3885
+ }else{
3886
+
3887
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Not the valid credential, please enter valid keys" ) );
3888
+ $this->mo_auth_show_error_message();
3889
+ return;
3890
+ }
3891
+
3892
+ }else{
3893
+
3894
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Duo server is not responding right now, please try after some time" ) );
3895
+ $this->mo_auth_show_error_message();
3896
+ return;
3897
+ }
3898
+ update_site_option('duo_credentials_save_successfully',1);
3899
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Setting saved successfully." ) );
3900
+ $this->mo_auth_show_success_message();
3901
+ return;
3902
+ }
3903
+ }
3904
+ }else if(isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_duo_authenticator_abc'){
3905
+
3906
+ $nonce = $_POST['mo2f_configure_duo_authenticator_nonce'];
3907
+
3908
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator-nonce' ) ) {
3909
+ $error = new WP_Error();
3910
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3911
+
3912
+ return $error;
3913
+ }else{
3914
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
3915
+ $ikey = get_site_option('mo2f_d_integration_key');
3916
+ $skey = get_site_option('mo2f_d_secret_key');
3917
+ $host = get_site_option('mo2f_d_api_hostname');
3918
+
3919
+ $user_email = $user->user_email;
3920
+
3921
+ $duo_preauth = preauth( $user_email ,true, $skey, $ikey, $host);
3922
+
3923
+
3924
+ if($duo_preauth['response']['stat'] == 'OK'){
3925
+
3926
+ if(isset($duo_preauth['response']['response']['status_msg']) && $duo_preauth['response']['response']['status_msg'] == 'Account is active'){
3927
+ update_user_meta( $user->ID , 'user_not_enroll', true );
3928
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "This user is already available on duo, please send push notification to setup push notification as two factor." ) );
3929
+ $this->mo_auth_show_success_message();
3930
+ return;
3931
+ }else if(isset($duo_preauth['response']['response']['enroll_portal_url'])){
3932
+
3933
+ $duo_enroll_url = $duo_preauth['response']['response']['enroll_portal_url'];
3934
+ update_user_meta( $user->ID , 'user_not_enroll_on_duo_before', $duo_enroll_url );
3935
+ update_user_meta( $user->ID , 'user_not_enroll', true );
3936
+ }else{
3937
+
3938
+
3939
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Your account is inactive from duo side, please contact to your administrator." ) );
3940
+ $this->mo_auth_show_error_message();
3941
+ return;
3942
+ }
3943
+
3944
+ }else{
3945
+
3946
+
3947
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Invalid or missing parameters, or a user with this name already exists." ) );
3948
+ $this->mo_auth_show_error_message();
3949
+ return;
3950
+
3951
+ }
3952
+ }
3953
+ }else if(isset( $_POST['option'] ) && $_POST['option'] == 'duo_mobile_send_push_notification_inside_plugin'){
3954
+
3955
+ $nonce = $_POST['duo_mobile_send_push_notification_inside_plugin_nonce'];
3956
+
3957
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-send-duo-push-notification-inside-plugin-nonce' ) ) {
3958
+ $error = new WP_Error();
3959
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3960
+
3961
+ return $error;
3962
+ }else{
3963
+
3964
+ }
3965
+
3966
+ }else if ( ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_free_plan_auth_methods' ) ) {// user clicks on Set 2-Factor method
3967
+
3968
+ $nonce = sanitize_text_field($_POST['miniorange_save_form_auth_methods_nonce']);
3969
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-save-form-auth-methods-nonce' ) ) {
3970
+ $error = new WP_Error();
3971
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3972
+ return $error;
3973
+ } else {
3974
+ $configuredMethod = sanitize_text_field($_POST['mo2f_configured_2FA_method_free_plan']);
3975
+ $selectedAction = sanitize_text_field($_POST['mo2f_selected_action_free_plan']);
3976
+
3977
+ $cloud_methods = array('OTPOverSMS','miniOrangeQRCodeAuthentication','miniOrangePushNotification','miniOrangeSoftToken');
3978
+
3979
+ if($configuredMethod == 'OTPOverSMS')
3980
+ $configuredMethod = 'OTP Over SMS';
3981
+
3982
+ //limit exceed check
3983
+ $exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($user_id);
3984
+
3985
+ if($exceeded){
3986
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3987
+ $this->mo_auth_show_error_message();
3988
+ return;
3989
+ }
3990
+ $selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
3991
+ $selected_2FA_method = sanitize_text_field($selected_2FA_method);
3992
+ $onprem_methods = array('Google Authenticator','Security Questions','OTPOverTelegram','DuoAuthenticator');
3993
+ $Mo2fdbQueries->insert_user( $user->ID );
3994
+ if(MO2F_IS_ONPREM && ! in_array($selected_2FA_method, $onprem_methods) ){
3995
+ foreach ($cloud_methods as $cloud_method) {
3996
+ $is_end_user_registered = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $cloud_method. '_config_status', $user->ID );
3997
+ if(!is_null($is_end_user_registered) && $is_end_user_registered == 1)
3998
+ break;
3999
+ }
4000
+ }else{
4001
+ $is_end_user_registered = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange', $user->ID ) ;
4002
+ }
4003
+ $is_customer_registered= false;
4004
+
4005
+ if(!MO2F_IS_ONPREM or $configuredMethod == 'miniOrangeSoftToken' or $configuredMethod == 'miniOrangeQRCodeAuthentication' or $configuredMethod == 'miniOrangePushNotification' or $configuredMethod == 'OTPOverSMS' or $configuredMethod == 'OTP Over SMS')
4006
+ $is_customer_registered = get_option('mo2f_api_key') ? true : false;
4007
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4008
+ if(!isset($email) or is_null($email) or $email == '')
4009
+ {
4010
+ $email = $user->user_email;
4011
+ }
4012
+ $is_end_user_registered = $is_end_user_registered ? $is_end_user_registered : false;
4013
+ $allowed = false;
4014
+ if(get_option('mo2f_miniorange_admin'))
4015
+ $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
4016
+
4017
+ if($is_customer_registered && !$is_end_user_registered and !$allowed){
4018
+ $enduser = new Two_Factor_Setup();
4019
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
4020
+ if(json_last_error() == JSON_ERROR_NONE){
4021
+ if($check_user['status'] == 'ERROR'){
4022
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
4023
+ $this->mo_auth_show_error_message();
4024
+ return;
4025
+ }
4026
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
4027
+
4028
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
4029
+ 'user_registration_with_miniorange' =>'SUCCESS',
4030
+ 'mo2f_user_email' =>$email
4031
+ ) );
4032
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
4033
+
4034
+ }
4035
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
4036
+
4037
+ $content = json_decode($enduser->mo_create_user($user,$email), true);
4038
+ if(json_last_error() == JSON_ERROR_NONE) {
4039
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
4040
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
4041
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
4042
+ 'user_registration_with_miniorange' =>'SUCCESS',
4043
+ 'mo2f_user_email' =>$email
4044
+ ) );
4045
+
4046
+ }
4047
+ }
4048
+
4049
+
4050
+ }
4051
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
4052
+ $mo2fa_login_message = __('The email associated with your account is already registered in miniOrange. Please Choose another email or contact miniOrange.','miniorange-2-factor-authentication');
4053
+ update_option('mo2f_message',$mo2fa_login_message);
4054
+ $this->mo_auth_show_error_message();
4055
+ }
4056
+
4057
+ }
4058
+
4059
+ }
4060
+
4061
+ update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
4062
+ if(MO2F_IS_ONPREM)
4063
+ {
4064
+ if($selected_2FA_method == 'EmailVerification')
4065
+ $selected_2FA_method = 'Email Verification';
4066
+ if($selected_2FA_method == 'OTPOverEmail')
4067
+ $selected_2FA_method = 'OTP Over Email';
4068
+ if($selected_2FA_method == 'OTPOverSMS')
4069
+ $selected_2FA_method = 'OTP Over SMS';
4070
+ if($selected_2FA_method == 'OTPOverTelegram')
4071
+ $selected_2FA_method = 'OTP Over Telegram';
4072
+ if($selected_2FA_method == 'DuoAuthenticator')
4073
+ $selected_2FA_method = 'Duo Authenticator';
4074
+ }
4075
+ if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification' or $selected_2FA_method == 'OTP Over Telegram' or $selected_2FA_method == 'Duo Authenticator' ))
4076
+ $is_customer_registered = 1;
4077
+
4078
+ if ( $is_customer_registered ) {
4079
+ $selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
4080
+ $selected_2FA_method = sanitize_text_field($selected_2FA_method);
4081
+ $selected_action = isset( $_POST['mo2f_selected_action_free_plan'] ) ? $_POST['mo2f_selected_action_free_plan'] : $_POST['mo2f_selected_action_standard_plan'];
4082
+ $selected_action = sanitize_text_field($selected_action);
4083
+ $user_phone = '';
4084
+ if ( isset( $_SESSION['user_phone'] ) ) {
4085
+ $user_phone = $_SESSION['user_phone'] != 'false' ? $_SESSION['user_phone'] : $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
4086
+ }
4087
+
4088
+ // set it as his 2-factor in the WP database and server
4089
+ $enduser = new Customer_Setup();
4090
+ if($selected_2FA_method == 'OTPOverTelegram')
4091
+ $selected_2FA_method = 'OTP Over Telegram';
4092
+ if($selected_2FA_method == 'DuoAuthenticator')
4093
+ $selected_2FA_method = 'Duo Authenticator';
4094
+ if ( $selected_action == "select2factor" ) {
4095
+
4096
+ if ( $selected_2FA_method == 'OTP Over SMS' && $user_phone == 'false' ) {
4097
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PHONE_NOT_CONFIGURED" ) );
4098
+ $this->mo_auth_show_error_message();
4099
+ } else {
4100
+ // update in the Wordpress DB
4101
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4102
+ $customer_key = get_option( 'mo2f_customerKey' );
4103
+ $api_key = get_option( 'mo2f_api_key' );
4104
+ $customer = new Customer_Setup();
4105
+ $cloud_method1 = array('miniOrange QR Code Authentication','miniOrange Push Notification','miniOrange Soft Token');
4106
+
4107
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
4108
+
4109
+ // update the server
4110
+ if(!MO2F_IS_ONPREM)
4111
+ $this->mo2f_save_2_factor_method( $user, $selected_2FA_method );
4112
+ if ( in_array( $selected_2FA_method, array(
4113
+ "miniOrange QR Code Authentication",
4114
+ "miniOrange Soft Token",
4115
+ "miniOrange Push Notification",
4116
+ "Google Authenticator",
4117
+ "Security Questions",
4118
+ "Authy Authenticator",
4119
+ "Email Verification",
4120
+ "OTP Over SMS",
4121
+ "OTP Over Email",
4122
+ "OTP Over SMS and Email",
4123
+ "Hardware Token"
4124
+ ) ) ) {
4125
+
4126
+ } else {
4127
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page', 0 );
4128
+ }
4129
+
4130
+ }
4131
+ } else if ( $select