Google Authenticator – WordPress Two Factor Authentication (2FA) -

Version Description

Google Authenticator - Two factor Authentication (2FA, OTP) :
Backup Code as a cloud service

Release Info

Developer	twofactorauthentication
Plugin	Google Authenticator – WordPress Two Factor Authentication (2FA)
Version	5.4.42
Comparing to
See all releases

Code changes from version 5.4.41 to 5.4.42

Files changed (11) hide show

api/class-customer-common-setup.php +63 -0
controllers/twofa/mo2fa_common_login.php +28 -7
handler/twofa/two_fa_constants.php +13 -0
handler/twofa/two_fa_pass2login.php +79 -29
handler/twofa/two_fa_settings.php +20 -2
handler/twofa/two_fa_utility.php +19 -18
miniorange_2_factor_settings.php +3 -3
readme.txt +21 -13
views/twofa/setup/setup_google_authenticator_onpremise.php +13 -5
views/twofa/setup_twofa.php +2 -1
views/twofa/two_fa.php +3 -3

api/class-customer-common-setup.php CHANGED Viewed

@@ -301,6 +301,69 @@ class Customer_Cloud_Setup  {
             		return $content;
+            	}
             	function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
             		$content='';


301	return $content;
302	}
303
304	+ public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
305	+
306	+
307	+ $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
308	+
309	+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
310	+
311	+ $postdata = array('mo2f_email'=> $mo2f_user_email,
312	+ 'mo2f_domain' =>$site_url,
313	+ 'headers'=>$headers['header'],
314	+ 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
315	+
316	+ $handle = curl_init();
317	+
318	+ curl_setopt_array($handle,
319	+ array(
320	+ CURLOPT_URL => $url,
321	+ CURLOPT_POST => true,
322	+ CURLOPT_POSTFIELDS => $postdata,
323	+ CURLOPT_RETURNTRANSFER => true,
324	+ CURLOPT_SSL_VERIFYHOST => FALSE,
325	+ CURLOPT_SSL_VERIFYPEER => FALSE,
326	+ )
327	+ );
328	+
329	+ $data = curl_exec($handle);
330	+
331	+ curl_close($handle);
332	+ return $data;
333	+
334	+ }
335	+
336	+ public function mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email){
337	+ $url = 'https://sitestats.xecurify.com/backupcodeservice/backup_code_validation.php';
338	+
339	+ $site_url = site_url();
340	+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
341	+
342	+ $postdata = array('mo2f_otp_token' => $mo2f_backup_code,
343	+ 'mo2f_user_email'=> $mo2f_user_email,
344	+ 'headers'=>$headers['header'],
345	+ 'mo2f_site_url' => $site_url);
346	+
347	+ $handle = curl_init();
348	+
349	+ curl_setopt_array($handle,
350	+ array(
351	+ CURLOPT_URL => $url,
352	+ CURLOPT_POST => true,
353	+ CURLOPT_POSTFIELDS => $postdata,
354	+ CURLOPT_RETURNTRANSFER => true,
355	+ CURLOPT_SSL_VERIFYHOST => FALSE,
356	+ CURLOPT_SSL_VERIFYPEER => FALSE,
357	+ )
358	+ );
359	+
360	+ $data = curl_exec($handle);
361	+
362	+ curl_close($handle);
363	+
364	+ return $data;
365	+ }
366	+
367
368	function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
369	$content='';

controllers/twofa/mo2fa_common_login.php CHANGED Viewed

	@@ -1434,16 +1434,25 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1434	delete_user_meta($id, 'chqwetcsdvnvd');
1435	$result = true;
1436	}else{
1437	- $~~codes~~ = ~~MO2f_Utility::mo_2f_generate_backup_codes~~();
1438	- $codes_hash = MO2f_Utility::mo2f_get_codes_hash($codes);
1439	- update_user_meta($id,'mo2f_backup_codes', $codes_hash);
1440	- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1441	if(empty($mo2f_user_email)){
1442	$currentuser = get_user_by( 'id', $id );
1443	$mo2f_user_email = $currentuser->user_email;
1444	}
1445	- $~~result~~ = ~~MO2f_Utility::mo2f_email_backup_codes~~(~~$codes, $mo2f_user_email~~);





1446	update_user_meta($id, 'mo_backup_code_generated', 1);







1447	}
1448	update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1449	?>
	@@ -1474,6 +1483,7 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1474	<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
1475	<?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1476	</div>

1477	<div class="mo2f_modal-body center">
1478
1479
	@@ -1489,13 +1499,13 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1489	<div style="display: inline-flex;width: 350px; ">
1490	<div id="clipboard" style="border: solid;width: 55%;float: left;">
1491	<?php
1492	- for ($x = 0; $x < 5; $x++) {
1493	$str = $codes[$x];
1494	echo("<br>".$str." <br>");
1495	}
1496
1497	$str1="";
1498	- for ($x = 0; $x < 5; $x++) {
1499	$str = $codes[$x];
1500	$str1.=$str;
1501	if($x != 4){
	@@ -1528,6 +1538,17 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1528	<?php
1529	mo2f_customize_logo() ?>
1530	</div>











1531	</div>
1532	</div>
1533	</div>


1434	delete_user_meta($id, 'chqwetcsdvnvd');
1435	$result = true;
1436	}else{
1437	+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );



1438	if(empty($mo2f_user_email)){
1439	$currentuser = get_user_by( 'id', $id );
1440	$mo2f_user_email = $currentuser->user_email;
1441	}
1442	+ $generate_backup_code = new Customer_Cloud_Setup();
1443	+ $codes = $generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
1444	+
1445	+ if($codes != 'DBConnectionIssue' && $codes != 'UnableToFetchData' && $codes != 'UserLimitReached' && $codes != 'ERROR' && $codes != 'LimitReached' && $codes != 'AllUsed' && $codes != 'invalid_request' ){
1446	+ $codes = explode(' ', $codes);
1447	+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1448	update_user_meta($id, 'mo_backup_code_generated', 1);
1449	+ $code_generated = 'code_generation_successful';
1450	+ }else{
1451	+ $code_generated = 'code_generation_failed';
1452	+ update_user_meta($id, 'error_during_code_generation',$codes);
1453	+ }
1454	+
1455	+
1456	}
1457	update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1458	?>

1483	<h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">×</span></button>
1484	<?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1485	</div>
1486	+ <?php if($code_generated == 'code_generation_successful') { ?>
1487	<div class="mo2f_modal-body center">
1488
1489

1499	<div style="display: inline-flex;width: 350px; ">
1500	<div id="clipboard" style="border: solid;width: 55%;float: left;">
1501	<?php
1502	+ for ($x = 0; $x < sizeof($codes); $x++) {
1503	$str = $codes[$x];
1504	echo("<br>".$str." <br>");
1505	}
1506
1507	$str1="";
1508	+ for ($x = 0; $x < sizeof($codes); $x++) {
1509	$str = $codes[$x];
1510	$str1.=$str;
1511	if($x != 4){

1538	<?php
1539	mo2f_customize_logo() ?>
1540	</div>
1541	+ <?php } else { ?>
1542	+ <div style="text-align:center;">
1543	+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1544	+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1545	+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1546	+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1547	+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1548	+ <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1549	+ </form>
1550	+ </div>
1551	+ <?php } ?>
1552	</div>
1553	</div>
1554	</div>

handler/twofa/two_fa_constants.php CHANGED Viewed

@@ -273,6 +273,19 @@ class Mo2fConstants {
             			case 'ANSWER_SECURITY_QUESTIONS':
             				Return mo2f_lt( 'Please answer the following security questions.' );
             				break;
             			case 'RESET_DUO_CONFIGURATON':
             				Return mo2f_lt( 'Your Duo configuration has been reset successfully.' );
             				break;


273	case 'ANSWER_SECURITY_QUESTIONS':
274	Return mo2f_lt( 'Please answer the following security questions.' );
275	break;
276	+
277	+ case 'BACKUP_CODE_LIMIT_REACH':
278	+ Return mo2f_lt( 'You have already downloaded the backup codes for this domain.' );
279	+ break;
280	+ case 'BACKUP_CODE_DOMAIN_LIMIT_REACH':
281	+ Return mo2f_lt( 'User Limit is reached for your domain.' );
282	+ break;
283	+ case 'BACKUP_CODE_INVALID_REQUEST':
284	+ Return mo2f_lt( 'Invalid request.' );
285	+ break;
286	+ case 'USED_ALL_BACKUP_CODES':
287	+ Return mo2f_lt( 'You have used all of the backup codes' );
288	+ break;
289	case 'RESET_DUO_CONFIGURATON':
290	Return mo2f_lt( 'Your Duo configuration has been reset successfully.' );
291	break;

handler/twofa/two_fa_pass2login.php CHANGED Viewed

@@ -174,40 +174,67 @@ class Miniorange_Password_2Factor_Login {
+            				}
             				$backup_codes=get_user_meta($currentuser_id,'mo2f_backup_codes',true);
             				$mo2f_backup_code= sanitize_text_field($POSTED[ 'mo2f_backup_code' ]);
-            -
            				$mo2f_backup_code=md5($mo2f_backup_code);
-            -
            				if(!empty($backup_codes)){
             					if(in_array($mo2f_backup_code,$backup_codes)){
             						foreach ($backup_codes as $key => $value) {
             							if($value==$mo2f_backup_code){
             								unset($backup_codes[$key]);
             								update_user_meta($currentuser_id,'mo2f_backup_codes', $backup_codes);
+            							}
+            						}
-            -
-            -
            						if(sizeof($backup_codes) <= 2){
-            -
            							$codes_remaining = sizeof($backup_codes);
-            -
            							$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser_id );
-            -
            							if(empty($mo2f_user_email)){
-            -
            								$currentuser = get_user_by( 'id', $currentuser_id );
-            -
            								$mo2f_user_email = $currentuser->user_email;
-            -
            							}
-            -
            							$subject 	= '2-Factor Authentication(Backup Codes)';
-            -
            							$headers 	= array('Content-Type: text/html; charset=UTF-8');
-            -
            							$message	= MO2f_Utility::get_codes_warning_email_content($codes_remaining);
-            -
            							$result 	= wp_mail($mo2f_user_email,$subject,$message,$headers);
+            						}
-            -
            						$this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
-            -
            					}else{
-            -
            						$mo2fa_login_message = __('The codes you have provided are either expired or incorrect.','miniorange-2-factor-authentication');
-            -
            						$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
-            -
            						$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
-            -
            					}
-            -
            				}else{
-            -
            				$mo2fa_login_message = __('There are no codes left.','miniorange-2-factor-authentication');
-            -
            						$mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
-            -
            						$this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
-            -
            				}
             			}else{
             				$this->remove_current_activity($session_id_encrypt);
             				return new WP_Error('invalid_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') . '</strong>: ' . __('Please try again..', 'miniorange-2-factor-authentication'));
@@ -227,18 +254,41 @@ class Miniorange_Password_2Factor_Login {
             			$redirect_to = esc_url_raw($_POST['redirect_to']);
             			$session_id = sanitize_text_field($_POST['session_id']);
             			$id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
-            -
-            -
            			$codes=MO2f_Utility::mo_2f_generate_backup_codes();
             	        $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
             	        $str1="";
-            -
            	        for ($x = 0; $x < 5; $x++) {
             		        $str = $codes[$x];
             		        $str1.=$str;
             		        if($x != 4){
             		        	$str1.=',';
+            		        }
+            	        }
-            -
            	        update_user_meta($id,'mo2f_backup_codes', $codes_hash);
             	        $key = get_option( 'mo2f_encryption_key' );
             	        $codes_encrypt = MO2f_Utility::encrypt_data($str1, $key);
             	        update_user_meta($id,'chqwetcsdvnvd', $codes_encrypt);


174	}
175	$backup_codes=get_user_meta($currentuser_id,'mo2f_backup_codes',true);
176	$mo2f_backup_code= sanitize_text_field($POSTED[ 'mo2f_backup_code' ]);
177	+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser_id );
178	+
179	+ if(!empty($backup_codes)){
180	+ $mo2f_backup_code = md5($mo2f_backup_code);
181	if(in_array($mo2f_backup_code,$backup_codes)){
182	foreach ($backup_codes as $key => $value) {
183	if($value==$mo2f_backup_code){
184	unset($backup_codes[$key]);
185	update_user_meta($currentuser_id,'mo2f_backup_codes', $backup_codes);
186	+ $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
187	}
188	}
189	+ }else{
190	+ $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
191	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
192	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);








193	}
194	+ }else{
195	+
196	+ if(isset($mo2f_backup_code)){
197	+ $generate_backup_code = new Customer_Cloud_Setup();
198	+ $data = $generate_backup_code->mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email);
199	+
200	+ if( $data == 'success'){
201	+ $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
202	+ }else if($data == 'error_in_validation'){
203	+ $mo2fa_login_message = __('Error occurred while validating the backup codes.','miniorange-2-factor-authentication');
204	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
205	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
206	+ }else if($data == 'used_code'){
207	+ $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
208	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
209	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
210	+ }else if($data == 'total_code_used'){
211	+ $mo2fa_login_message = __('You have used all the backup codes. Please contact <a herf="mailto:2fasupport@xecurify.com">2fasupport@xecurify.com</a>','miniorange-2-factor-authentication');
212	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
213	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
214	+ }else if($data == 'backup_code_not_generated'){
215	+ $mo2fa_login_message = __('Backup code has not generated for you.','miniorange-2-factor-authentication');
216	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
217	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
218	+ }else if($data == 'DBConnectionerror'){
219	+ $mo2fa_login_message = __('Error occurred while establising connection.','miniorange-2-factor-authentication');
220	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
221	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
222	+
223	+ }else if($data == 'missingparameter'){
224	+ $mo2fa_login_message = __('Some parameters are missing while validating backup codes.');
225	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
226	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
227	+ }
228	+
229	+
230	+ }else{
231	+ $mo2fa_login_message = __('Please enter backup code.','miniorange-2-factor-authentication');
232	+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
233	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
234	+ }
235	+ }
236	+
237











238	}else{
239	$this->remove_current_activity($session_id_encrypt);
240	return new WP_Error('invalid_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') . '</strong>: ' . __('Please try again..', 'miniorange-2-factor-authentication'));

254	$redirect_to = esc_url_raw($_POST['redirect_to']);
255	$session_id = sanitize_text_field($_POST['session_id']);
256	$id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
257	+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
258	+ if(empty($mo2f_user_email)){
259	+ $currentuser = get_user_by( 'id', $id );
260	+ $mo2f_user_email = $currentuser->user_email;
261	+ }
262	+ $generate_backup_code = new Customer_Cloud_Setup();
263	+ $codes=$generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
264	+ if($codes == 'AllUsed'){
265	+ $mo2fa_login_message = "You have already used all the backup codes for this user and domain.";
266	+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
267	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
268	+ }else if($codes == 'UserLimitReached') {
269	+ $mo2fa_login_message = "Backup code generation limit has reached for this domain.";
270	+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
271	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
272	+ }else if($codes == 'LimitReached'){
273	+ $mo2fa_login_message = "backup code generation limit has reached for this user.";
274	+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
275	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
276	+ }else if($codes == 'invalid_request'){
277	+ $mo2fa_login_message = "Invalid request.";
278	+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
279	+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
280	+ }
281	+ $codes = explode(' ', $codes);
282	$codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
283	$str1="";
284	+ for ($x = 0; $x < sizeof($codes); $x++) {
285	$str = $codes[$x];
286	$str1.=$str;
287	if($x != 4){
288	$str1.=',';
289	}
290	}
291	+
292	$key = get_option( 'mo2f_encryption_key' );
293	$codes_encrypt = MO2f_Utility::encrypt_data($str1, $key);
294	update_user_meta($id,'chqwetcsdvnvd', $codes_encrypt);

handler/twofa/two_fa_settings.php CHANGED Viewed

	@@ -1354,7 +1354,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
1354	jQuery('#mo2f_next_step4').click(function(e){
1355	localStorage.setItem("last_tab", 'unlimittedUser_2fa');
1356	window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1357	-
1358	});
1359
1360
	@@ -4449,7 +4449,25 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
4449	$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
4450	return $error;
4451	}else {
4452	- MO2f_Utility::mo2f_mail_and_download_codes();


















4453	}
4454	}
4455


1354	jQuery('#mo2f_next_step4').click(function(e){
1355	localStorage.setItem("last_tab", 'unlimittedUser_2fa');
1356	window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1357	+
1358	});
1359
1360

4449	$error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
4450	return $error;
4451	}else {
4452	+ $codes = MO2f_Utility::mo2f_mail_and_download_codes();
4453	+
4454	+ if($codes == 'LimitReached' \|\| $codes == 'UserLimitReached' \|\| $codes == 'AllUsed' \|\| $codes == 'invalid_request'){
4455	+ $id = get_current_user_id();
4456	+ update_user_meta($id, 'mo_backup_code_generated', 1);
4457	+ update_user_meta($id, 'mo_backup_code_downloaded', 1);
4458	+ if($codes == 'AllUsed'){
4459	+ update_option( 'mo2f_message', Mo2fConstants::langTranslate("USED_ALL_BACKUP_CODES"));
4460	+ }else if($codes == 'LimitReached'){
4461	+ update_option( 'mo2f_message', Mo2fConstants::langTranslate("BACKUP_CODE_LIMIT_REACH"));
4462	+ }else if($codes == 'UserLimitReached'){
4463	+ update_option( 'mo2f_message', Mo2fConstants::langTranslate("BACKUP_CODE_DOMAIN_LIMIT_REACH"));
4464	+ }else if($codes == 'invalid_request'){
4465	+ update_user_meta($id, 'mo_backup_code_generated', 0);
4466	+ update_user_meta($id, 'mo_backup_code_downloaded', 0);
4467	+ update_option( 'mo2f_message', Mo2fConstants::langTranslate("BACKUP_CODE_INVALID_REQUEST"));
4468	+ }
4469	+ $this->mo_auth_show_error_message();
4470	+ }
4471	}
4472	}
4473

handler/twofa/two_fa_utility.php CHANGED Viewed

	@@ -645,8 +645,12 @@ class MO2f_Utility {
645	<p style="margin-top:0;margin-bottom:10px">You initiated a transaction from <b>WordPress 2 Factor Authentication Plugin</b>:</p>
646	<p style="margin-top:0;margin-bottom:10px">Your backup codes are:-
647	<table cellspacing="10">
648	- <tr~~><td~~>'~~.$codes[0].'</td><td>'.$codes[1].'</td><td>'.$codes[2].'</td><td>'.$codes[3].'</td><td>'.$codes[4].'</td>~~
649	- ~~</table></p>~~




650	<p style="margin-top:0;margin-bottom:10px">Please use this carefully as each code can only be used once. Please do not share these codes with anyone.</p>
651	<p style="margin-top:0;margin-bottom:10px">Also, we would highly recommend you to reconfigure your two-factor after logging in.</p>
652	<p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
	@@ -693,18 +697,9 @@ class MO2f_Utility {
693	return $message;
694	}
695
696	- public static function mo_2f_generate_backup_codes(){
697	- $codes=array();
698	- for ($x = 0; $x < 5; $x++) {
699	- $str = MO2f_Utility::random_str(10);
700	- array_push($codes,$str);
701	- }
702	- return $codes;
703	- }
704	-
705	public static function mo2f_get_codes_hash($codes){
706	$codes_hash=array();
707	- for ($x = 0; $x < 5; $x++) {
708	$str = $codes[$x];
709	array_push($codes_hash,md5($str));
710	}
	@@ -723,8 +718,8 @@ class MO2f_Utility {
723	update_user_meta($id, 'mo_backup_code_downloaded', 1);
724	header('Content-Disposition: attachment; filename=miniOrange2-factor-BackupCodes.txt');
725	echo "Two Factor Backup Codes:".PHP_EOL.PHP_EOL;
726	- echo "These are the codes ~~which~~ can be used ~~incase~~ you lose your phone or cannot access your email. Please reconfigure ~~you~~ authentication method after login.".PHP_EOL."Please use this carefully as each code can only be used once. Please do not share these codes with anyone.".PHP_EOL.PHP_EOL;
727	- for ($x = 0; $x < 5; $x++){
728	$str1= $codes[$x];
729	echo(($x+1).". ".$str1." ");
730	}
	@@ -746,19 +741,25 @@ class MO2f_Utility {
746
747
748	public static function mo2f_mail_and_download_codes(){
749	- global $Mo2fdbQueries;
750	- ~~$codes=MO2f_Utility::mo_2f_generate_backup_codes();~~
751	- $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
752	$id = get_current_user_id();
753	$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
754	if(empty($mo2f_user_email)){
755	$currentuser = get_user_by( 'id', $id );
756	$mo2f_user_email = $currentuser->user_email;
757	}








758	$result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
759	update_user_meta($id, 'mo_backup_code_generated', 1);
760	update_user_meta($id, 'mo_backup_code_downloaded', 1);
761	- update_user_meta($id,'mo2f_backup_codes', $codes_hash);
762	MO2f_Utility::mo2f_download_backup_codes($id, $codes);
763	}
764


645	<p style="margin-top:0;margin-bottom:10px">You initiated a transaction from <b>WordPress 2 Factor Authentication Plugin</b>:</p>
646	<p style="margin-top:0;margin-bottom:10px">Your backup codes are:-
647	<table cellspacing="10">
648	+ <tr>';
649	+ for ($x = 0; $x < sizeof($codes); $x++) {
650	+ $message = $message.'<td>'.$codes[$x].'</td>';
651	+
652	+ }
653	+ $message = $message.'</table></p>
654	<p style="margin-top:0;margin-bottom:10px">Please use this carefully as each code can only be used once. Please do not share these codes with anyone.</p>
655	<p style="margin-top:0;margin-bottom:10px">Also, we would highly recommend you to reconfigure your two-factor after logging in.</p>
656	<p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>

697	return $message;
698	}
699









700	public static function mo2f_get_codes_hash($codes){
701	$codes_hash=array();
702	+ for ($x = 0; $x < sizeof($codes); $x++) {
703	$str = $codes[$x];
704	array_push($codes_hash,md5($str));
705	}

718	update_user_meta($id, 'mo_backup_code_downloaded', 1);
719	header('Content-Disposition: attachment; filename=miniOrange2-factor-BackupCodes.txt');
720	echo "Two Factor Backup Codes:".PHP_EOL.PHP_EOL;
721	+ echo "These are the codes that can be used in case you lose your phone or cannot access your email. Please reconfigure your authentication method after login.".PHP_EOL."Please use this carefully as each code can only be used once. Please do not share these codes with anyone..".PHP_EOL.PHP_EOL;
722	+ for ($x = 0; $x < sizeof($codes); $x++){
723	$str1= $codes[$x];
724	echo(($x+1).". ".$str1." ");
725	}

741
742
743	public static function mo2f_mail_and_download_codes(){
744	+ global $Mo2fdbQueries;
745	+

746	$id = get_current_user_id();
747	$mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
748	if(empty($mo2f_user_email)){
749	$currentuser = get_user_by( 'id', $id );
750	$mo2f_user_email = $currentuser->user_email;
751	}
752	+ $generate_backup_code = new Customer_Cloud_Setup();
753	+ $codes=$generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
754	+
755	+ if($codes == 'LimitReached'\|\| $codes == 'UserLimitReached' \|\| $codes == 'AllUsed' \|\| $codes == 'invalid_request')
756	+ return $codes;
757	+
758	+ $codes = explode(' ', $codes);
759	+ $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
760	$result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
761	update_user_meta($id, 'mo_backup_code_generated', 1);
762	update_user_meta($id, 'mo_backup_code_downloaded', 1);

763	MO2f_Utility::mo2f_download_backup_codes($id, $codes);
764	}
765

miniorange_2_factor_settings.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: https://miniorange.com
5	* Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6	- * Version: 5.4.41
7	* Author: miniOrange
8	* Author URI: https://miniorange.com
9	* Text Domain: miniorange-2-factor-authentication
	@@ -14,8 +14,8 @@
14	require dirname(__FILE__).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'email-IPaddress.php';
15
16	define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17	- define( 'MO2F_VERSION', '5.4.41' );
18	- define('MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
19	define( 'MO2F_TEST_MODE', false );
20	define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
21


3	* Plugin Name: miniOrange 2 Factor Authentication
4	* Plugin URI: https://miniorange.com
5	* Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6	+ * Version: 5.4.42
7	* Author: miniOrange
8	* Author URI: https://miniorange.com
9	* Text Domain: miniorange-2-factor-authentication

14	require dirname(__FILE__).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'email-IPaddress.php';
15
16	define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17	+ define( 'MO2F_VERSION', '5.4.42' );
18	+ define( 'MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
19	define( 'MO2F_TEST_MODE', false );
20	define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
21

readme.txt CHANGED Viewed

	@@ -6,7 +6,7 @@ Donate link: https://miniorange.com/
6	Requires at least: 3.0.1
7	Tested up to: 5.8
8	Requires PHP: 5.3.0
9	- Stable tag: 5.4.41
10	License: GPLv2 or later
11	License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
	@@ -27,7 +27,7 @@ Users will receive an OTP at the time of registration/log in which will be used
27
28
29	= Sync same 2-factor authentication for multiple websites with the same google authenticator OTP using multi-factor authentication =
30	- You would not need to configure Google Authenticator and other Two Factor Authentication ( 2FA ) methods from the second site onward. You just need to log in with a miniOrange account and your 2FA~~/TFA~~ will automatically get set. This is available for Google Authenticator, Duo Authenticator, Microsoft Authenticator, Security Questions, LastPass Authenticator, Authy Authenticator, miniOrange methods, OTP Over SMS, OTP Over Email. It is supported only if you are using our cloud services of 2 Factor.
31
32	== Plugin Integrations and Support for all methods of two factor authentication ( 2fa ) like Google Authenticator ==
33	* [Woocommerce](https://wordpress.org/plugins/woocommerce/)
	@@ -69,7 +69,7 @@ The premium plugin supports any third-party custom SMS Gateway. If you don't hav
69	Others not listed gateway can be tested on our site, Test your Gateway: [Custom Gateway](https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/admin/customer/smsconfig)
70
71	= [google authenticator - Two step verification/ 2 Factor Authentication/ 2FA] FREE Plugin Features =
72	- * Simplified & easy user interface to set up Google Authenticator and other Two-Factor Authentication ( 2FA~~/TFA~~ ) methods.
73	* [Google Authenticator](https://plugins.miniorange.com/2-factor-authentication-for-wordpress) - Two Factor Authentication (2FA) for 3 User forever FREE!
74	* Variety of Two Factor Authentication Methods: Any App supporting TOTP algorithms like Google Authenticator, Authy Authenticator, LastPass Authenticator, Microsoft Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) are supported in the plugin for multi factor authentication.
75	* Includes Language Translation Support. Supports a wide variety of languages for all methods of 2 factor like Google Authenticator
	@@ -78,10 +78,10 @@ Others not listed gateway can be tested on our site, Test your Gateway: [Custom
78	* Two Factor Authentication (2FA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token.
79	* Brute force attack prevention & IP Blocking along with two factor authentication.
80	* Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
81	- * User login Monitoring with and without two-factor authentication(2FA~~/TFA~~)
82	* RCP Login and Registration Support with all login 2 factor methods like Google Authenticator, OTP Over SMS, QR code Authentication, login with Email for Login.
83	* OTP Verification of Ultimate Member Registration form with methods like OTP Over SMS and Email, QR code Authentication.
84	- * Recovery codes in case you are locked out for all Two Factor Authentication (2FA/TFA) methods like Google Authenticator, ~~OTP Over~~ SMS ~~and OTP Over Email~~.
85	* Supports multi factor authentication for methods such as Google authenticator, OTP over Email, OTP over SMS, QR code authentication and many more.
86	* Mobile verification - two step verification (2FA) using a user's mobile phone with authentication method like google authenticator, QR code authentication, etc.
87
	@@ -95,7 +95,7 @@ Others not listed gateway can be tested on our site, Test your Gateway: [Custom
95	* Unlimited Email transactions: Unlimited Email transactions with your SMTP server.
96	* Backup Method: KBA(Security Questions), OTP Over Email, Backup codes For all Two Factor Authentication ( TFA ) methods like Google Authenticator, etc.
97	* Multisite compatible for all WordPress 2FA methods.
98	- * Two Factor Authentication ( TFA/2FA ) for Custom login forms like User Pro, login with ajax, Theme my login, etc with all authentication methods like Google Authenticator, mobile Verification with SMS, ~~OTP verification via email~~ etc.
99	* User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
100	* Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
101	* Role based 2 Factor - Different 2 factor like Google Authenticator, OTP Over SMS and Email, Authy Authenticator, etc based on your role [Guide](https://docs.miniorange.com/documentation/specific-set-authentication-methods-based-role)*
	@@ -140,23 +140,23 @@ Others not listed gateway can be tested on our site, Test your Gateway: [Custom
140	* Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
141	* Brute force attack prevention, IP Blocking & User login Monitoring.
142	* File protection & strong password
143	- * Monitoring current Google Authenticator and other two factor authentication (~~Two~~ Factor) method of all the users in the plugin.
144
145	== PASSWORDLESS LOGIN ( login without password ) for all two factor methods like google authenticator ==
146	- Passwordless login (Login without password) is a new way of login in which you and your users can login without entering the password. The login can be done by username and 2 factor or only username which can be decided based on the user role. If a role is not allowed for passwordless login they will login with password and username. miniOrange supports many two factor authentication methods for passwordless login. You can use google authenticator, webauthn, fingerprint login, OTP over SMS, and email for login without password.
147
148	= WebAuthn (FIDO2) Passwordless login ( Login without password by using FIDO 2 WebAuthn ) =
149	WebAuthn is a browser-based API that allows for web applications to simplify and secure user authentication by using registered devices (phones, laptops, etc) as factors. It uses public key cryptography to protect users from advanced phishing attacks. It will allow you to provide your users an option for usernameless login. With the help of webauthn your users can login with fingerprint, FaceID, TouchID, etc.
150
151	= Device restriction with webauthn ( FIDO 2 )=
152	- Webauthn allows you to restrict the number of devices per user. You can allow a user any number of devices they can use to login to your website. Webauthn also covers passwordless and usernameless login in which your users can login from the allowed device without password and username. ~~Device restriction allows you to prevent account sharing even if WordPress credentials are shared.~~
153
154
155	= Session restriction and Device restriction using two factor authentication =
156	Two factor authentication plugin allows you to restrict the number of devices as well as number of active sessions for a particular user. Session restriction and device restriction allows you to stop account sharing with multiple devices as well. Session restriction stops users from logging in or maintaining multiple sessions on the same laptop also, but in case of device restriction you can control the number of devices a user can use for accessing the website. In this way both session restriction and device restriction can help control user access to an account.
157
158	== Multi factor authentication ( 2FA / MFA ) ==
159	- You can configure multiple WordPress 2FA methods like google authenticator, OTP over Email, OTP over SMS, etc and choose which method you want to login to your website from a list of configured methods. Multi factor authentication is helpful for cases such as when you do not have your phone and cannot access your TOTP app for login. You can then use other ~~two factor~~ methods like OTP over Email to login.
160
161
162	== login without password with webauthn and two step verification ( 2FA / MFA ) ==
	@@ -205,7 +205,7 @@ Adding to this, you can also use the same account on multiple applications and y
205
206	* RBA & Trusted Devices Management Add-on Features for two factor authentication ( 2FA )
207	* Remember Device to skip the two factor authentication ( 2 Factor ) from the trusted devices.
208	- * Set Device Limit for the users to login ~~along with two factor~~
209	* IP Restriction: Limit users to login from specific IPs
210	* Personalization Add-on Features to customize your two factor authentication pages
211	* Custom UI of Two Factor Authentication (2FA) pop-ups
	@@ -297,7 +297,7 @@ Please check your PHP version. The plugin is supported in PHP version 5.3.0 or a
297
298	= I did not receive OTP while trying to register with miniOrange. What should I do? =
299
300	- The OTP is sent to the email address with which you have registered with miniOrange. If you can't see the ~~OTP sent via~~ email from miniOrange in your emails, please make sure to check your SPAM folder. If you don't see an email even in the SPAM folder, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.
301
302	= I want to configure the 2nd factor by Google Authenticator. =
303
	@@ -393,7 +393,7 @@ miniOrange authentication service has 15+ authentication methods. One time passc
393
394	== Screenshots ==
395
396	- 1. Google Authenticator (2FA) - Setup different 2 Factor methods ~~/ 2 step verification~~
397	2. Google Authenticator (2FA) - Test 2 factor configured
398	3. Google Authenticator (2FA) - 2 Factor Authentication methods available
399	4. Google Authenticator (2FA) - Google Authenticator login
	@@ -404,6 +404,10 @@ miniOrange authentication service has 15+ authentication methods. One time passc
404
405	== Changelog ==
406




407	= 5.4.41 =
408	* Google Authenticator - Two factor Authentication (2FA, OTP) :
409	* Minor UI Changes and Bug Fixes
	@@ -1061,6 +1065,10 @@ More descriptive setup messages and UI changes.
1061
1062	== Upgrade Notice ==
1063




1064	= 5.4.41 =
1065	* Google Authenticator - Two factor Authentication (2FA, OTP) :
1066	* Minor UI Changes and Bug Fixes


6	Requires at least: 3.0.1
7	Tested up to: 5.8
8	Requires PHP: 5.3.0
9	+ Stable tag: 5.4.42
10	License: GPLv2 or later
11	License URI: http://www.gnu.org/licenses/gpl-2.0.html
12

27
28
29	= Sync same 2-factor authentication for multiple websites with the same google authenticator OTP using multi-factor authentication =
30	+ You would not need to configure Google Authenticator and other Two Factor Authentication ( 2FA ) methods from the second site onward. You just need to log in with a miniOrange account and your 2FA will automatically get set. This is available for Google Authenticator, Duo Authenticator, Microsoft Authenticator, Security Questions, LastPass Authenticator, Authy Authenticator, miniOrange methods, OTP Over SMS, OTP Over Email. It is supported only if you are using our cloud services of 2 Factor.
31
32	== Plugin Integrations and Support for all methods of two factor authentication ( 2fa ) like Google Authenticator ==
33	* [Woocommerce](https://wordpress.org/plugins/woocommerce/)

69	Others not listed gateway can be tested on our site, Test your Gateway: [Custom Gateway](https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/admin/customer/smsconfig)
70
71	= [google authenticator - Two step verification/ 2 Factor Authentication/ 2FA] FREE Plugin Features =
72	+ * Simplified & easy user interface to set up Google Authenticator and other Two-Factor Authentication ( 2FA ) methods.
73	* [Google Authenticator](https://plugins.miniorange.com/2-factor-authentication-for-wordpress) - Two Factor Authentication (2FA) for 3 User forever FREE!
74	* Variety of Two Factor Authentication Methods: Any App supporting TOTP algorithms like Google Authenticator, Authy Authenticator, LastPass Authenticator, Microsoft Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) are supported in the plugin for multi factor authentication.
75	* Includes Language Translation Support. Supports a wide variety of languages for all methods of 2 factor like Google Authenticator

78	* Two Factor Authentication (2FA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token.
79	* Brute force attack prevention & IP Blocking along with two factor authentication.
80	* Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
81	+ * User login Monitoring with and without two-factor authentication(2FA)
82	* RCP Login and Registration Support with all login 2 factor methods like Google Authenticator, OTP Over SMS, QR code Authentication, login with Email for Login.
83	* OTP Verification of Ultimate Member Registration form with methods like OTP Over SMS and Email, QR code Authentication.
84	+ * Recovery codes in case you are locked out for all Two Factor Authentication (2FA/TFA) methods like Google Authenticator, SMS verification.
85	* Supports multi factor authentication for methods such as Google authenticator, OTP over Email, OTP over SMS, QR code authentication and many more.
86	* Mobile verification - two step verification (2FA) using a user's mobile phone with authentication method like google authenticator, QR code authentication, etc.
87

95	* Unlimited Email transactions: Unlimited Email transactions with your SMTP server.
96	* Backup Method: KBA(Security Questions), OTP Over Email, Backup codes For all Two Factor Authentication ( TFA ) methods like Google Authenticator, etc.
97	* Multisite compatible for all WordPress 2FA methods.
98	+ * Two Factor Authentication ( TFA/2FA ) for Custom login forms like User Pro, login with ajax, Theme my login, etc with all authentication methods like Google Authenticator, mobile Verification with SMS, etc.
99	* User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
100	* Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
101	* Role based 2 Factor - Different 2 factor like Google Authenticator, OTP Over SMS and Email, Authy Authenticator, etc based on your role [Guide](https://docs.miniorange.com/documentation/specific-set-authentication-methods-based-role)*

140	* Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
141	* Brute force attack prevention, IP Blocking & User login Monitoring.
142	* File protection & strong password
143	+ * Monitoring current Google Authenticator and other two factor authentication (2 Factor) method of all the users in the plugin.
144
145	== PASSWORDLESS LOGIN ( login without password ) for all two factor methods like google authenticator ==
146	+ Passwordless login (Login without password) is a new way of login in which you and your users can login without entering the password. The login can be done by username and 2 factor or only username which can be decided based on the user role. If a role is not allowed for passwordless login they will login with password and username. miniOrange supports many two factor authentication methods for passwordless login. You can use google authenticator, webauthn, fingerprint login, OTP over SMS, and email for login without a password.
147
148	= WebAuthn (FIDO2) Passwordless login ( Login without password by using FIDO 2 WebAuthn ) =
149	WebAuthn is a browser-based API that allows for web applications to simplify and secure user authentication by using registered devices (phones, laptops, etc) as factors. It uses public key cryptography to protect users from advanced phishing attacks. It will allow you to provide your users an option for usernameless login. With the help of webauthn your users can login with fingerprint, FaceID, TouchID, etc.
150
151	= Device restriction with webauthn ( FIDO 2 )=
152	+ Webauthn allows you to restrict the number of devices per user. You can allow a user any number of devices they can use to login to your website. Webauthn also covers passwordless and usernameless login in which your users can login from the allowed device without password and username.
153
154
155	= Session restriction and Device restriction using two factor authentication =
156	Two factor authentication plugin allows you to restrict the number of devices as well as number of active sessions for a particular user. Session restriction and device restriction allows you to stop account sharing with multiple devices as well. Session restriction stops users from logging in or maintaining multiple sessions on the same laptop also, but in case of device restriction you can control the number of devices a user can use for accessing the website. In this way both session restriction and device restriction can help control user access to an account.
157
158	== Multi factor authentication ( 2FA / MFA ) ==
159	+ You can configure multiple WordPress 2FA methods like google authenticator, OTP over Email, OTP over SMS, etc and choose which method you want to login to your website from a list of configured methods. Multi factor authentication is helpful for cases such as when you do not have your phone and cannot access your TOTP app for login. You can then use other methods like OTP over Email to login.
160
161
162	== login without password with webauthn and two step verification ( 2FA / MFA ) ==

205
206	* RBA & Trusted Devices Management Add-on Features for two factor authentication ( 2FA )
207	* Remember Device to skip the two factor authentication ( 2 Factor ) from the trusted devices.
208	+ * Set Device Limit for the users to login
209	* IP Restriction: Limit users to login from specific IPs
210	* Personalization Add-on Features to customize your two factor authentication pages
211	* Custom UI of Two Factor Authentication (2FA) pop-ups

297
298	= I did not receive OTP while trying to register with miniOrange. What should I do? =
299
300	+ The OTP is sent to the email address with which you have registered with miniOrange. If you can't see the email from miniOrange in your emails, please make sure to check your SPAM folder. If you don't see an email even in the SPAM folder, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.
301
302	= I want to configure the 2nd factor by Google Authenticator. =
303

393
394	== Screenshots ==
395
396	+ 1. Google Authenticator (2FA) - Setup different 2 Factor methods
397	2. Google Authenticator (2FA) - Test 2 factor configured
398	3. Google Authenticator (2FA) - 2 Factor Authentication methods available
399	4. Google Authenticator (2FA) - Google Authenticator login

404
405	== Changelog ==
406
407	+ = 5.4.42 =
408	+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
409	+ * Backup Code as a cloud service
410	+
411	= 5.4.41 =
412	* Google Authenticator - Two factor Authentication (2FA, OTP) :
413	* Minor UI Changes and Bug Fixes

1065
1066	== Upgrade Notice ==
1067
1068	+ = 5.4.42 =
1069	+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
1070	+ * Backup Code as a cloud service
1071	+
1072	= 5.4.41 =
1073	* Google Authenticator - Two factor Authentication (2FA, OTP) :
1074	* Minor UI Changes and Bug Fixes

views/twofa/setup/setup_google_authenticator_onpremise.php CHANGED Viewed

	@@ -3,7 +3,17 @@
3	function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode, $session_id_encrypt)
4	{
5	$gauth_name = $_SERVER['SERVER_NAME'];
6	- echo "<b><h3>1. Please scan the QR code below</h3></b>";










7	?>
8	<div style="margin-left:40px;">
9	<ol>
	@@ -62,14 +72,12 @@ function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode,
62	<li><?php echo mo2f_lt( 'Tap Add.' ); ?></li>
63	</ol>
64	</div>
65	- <br>
66	</div>
67	- <br>
68
69	<div id="mo2f_entergoogle_auth_code">
70
71	- <b><h3>2. Enter the generated ~~code:~~ <input class ='~~mo2f_table_textbox~~' type="~~number~~" id="mo2f_google_auth_code" name="mo2f_google_auth_code" placeholder="Enter OTP" /> </h3></b>
72	- <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
73
74	</div>
75	<script type="text/javascript">


3	function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode, $session_id_encrypt)
4	{
5	$gauth_name = $_SERVER['SERVER_NAME'];
6	+ echo "<b><h3>1. Please scan the QR code below in your Authenticator App</h3></b>
7	+ <table>
8	+ <tbody>
9	+ <tr><td><li>Google Authenticator</li> </td>
10	+ <td> <li>Microsoft Authenticator</li> </td></tr>
11	+ <tr><td colspan='2'> <li> Authy Authenticator and other popular TOTP Authenticators</li></td></tr>
12	+
13	+
14	+ </tbody>
15	+ </table>
16	+ ";
17	?>
18	<div style="margin-left:40px;">
19	<ol>

72	<li><?php echo mo2f_lt( 'Tap Add.' ); ?></li>
73	</ol>
74	</div>

75	</div>

76
77	<div id="mo2f_entergoogle_auth_code">
78
79	+ <b><h3>2. Enter the code generated in your Authenticator app <input style="padding: 5px" class ='mo_input_text_box_size' type="text" id="mo2f_google_auth_code" name="mo2f_google_auth_code" placeholder="Enter OTP" /> </h3></b>
80	+ <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo $session_id_encrypt ?>">
81
82	</div>
83	<script type="text/javascript">

views/twofa/setup_twofa.php CHANGED Viewed

	@@ -186,7 +186,8 @@
186
187	<div class="test_auth_button">
188	<?php
189	- ~~if(!(get_user_meta($user->ID, 'mo_backup_code_generated', true) \|\| ($backup_codes_remaining == 5 && !get_user_meta($user->ID, 'mo_backup_code_downloaded', true))) && $mo2f_two_fa_method != ''){~~

190	?>
191	<button class="btn btn-primary btn-large" id="mo_2f_generate_codes">Download backup codes
192	</button>


186
187	<div class="test_auth_button">
188	<?php
189	+
190	+ if($mo2f_two_fa_method != '' and (!get_user_meta( $user->ID, 'mo_backup_code_generated', true) and !get_user_meta( $user->ID, 'mo_backup_code_downloaded', true))){
191	?>
192	<button class="btn btn-primary btn-large" id="mo_2f_generate_codes">Download backup codes
193	</button>

views/twofa/two_fa.php CHANGED Viewed

	@@ -60,6 +60,8 @@ else
60	<?php include_once $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup_twofa.php'; ?>
61	</div>
62


63	<div class="mo2f_table_layout" id="rba_2fa_div">
64	<?php
65	if ( get_option( 'mo2f_rba_installed' ) )
	@@ -105,9 +107,7 @@ else
105	</div>
106
107	<div class="mo2f_support_flex">
108	- <?php
109	- if(current_user_can('administrator')){
110	- include $controller . 'support.php';
111	}
112	?>
113	</div>


60	<?php include_once $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup_twofa.php'; ?>
61	</div>
62
63	+ <?php
64	+ if(current_user_can('administrator')){?>
65	<div class="mo2f_table_layout" id="rba_2fa_div">
66	<?php
67	if ( get_option( 'mo2f_rba_installed' ) )

107	</div>
108
109	<div class="mo2f_support_flex">
110	+ <?php include $controller . 'support.php';


111	}
112	?>
113	</div>

Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.42

Version Description

Release Info

Code changes from version 5.4.41 to 5.4.42